Skip to content

Data types

A collection of simple data-types used within Bifröst. More complex ones are defined on their dedicated pages.

Authorized Keys

These are usually files in the home directory of each user, located at ~/.ssh/authorized_keys. These files are in the format: 

1
2
<key-type> <encoded-public-key>[ <comment>]
...

They contain SSH Public Keys.

Examples

1
2
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC80lm5FQbbyRUut6RwZJRbxTLO3W4f08ITDi9fA3+jx me@foo.tld
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIGYzqJpPf3shQVGo98xMdl5S4LJmWme3i+sPcYseRrKziAWWGc8xzLUGnRwVe5X5v7J+IaHZ0dpnelylbnDwEvQTX+8gZybcL8RpS6u5dKqmKTv12SqcucpGStQ3O0Ec3MnRKEeMoJXIdqIVxuXxC8863H42KzkBvDjZn4qasF8IOVpGSC4+i93bNKScN6epQYzKcPCmZSSAnZJPgih0y1Z6+yNOJd+6PAFXmhBOh7yU0Ypne9szj/6o3YrPuNUj762CZyjg7ivQI/DvxwnUA2X8dnb2pyD4CGrr6YduWMl2xqUEDerNVaPc+I63QR8gIUYYmAs5uQwrDI4U0aWpC7erLMsNRa8C+YUdX+rV2+lJWSH8/k2NGrT1FoG5PWHmZTIe4juKIlAArzDAE6shauM3j4b4YLhly6mySXxT9m+EPtcrZjdEg76/0FylFUH70dx0Wf7lt50cLQIoXCJVovp/w95J6FVMYACl1y/sbDzmirg2PQkqkrr3MZnNY88jI/OuyZYAHNIjMkbriaFIkFBK4epGhsIIpsArPS8ZGZTQNBrrYWF+pf8JvJ1NaoLP+JKUP/A7l1KsqCKK3sWIRY7u8n8McK0VQMig4duHHtZ+aUGhZd/+m19UG1gg7QPUffZQM0RIPWWcsklrmlvzBqVcxgHXkZOoFqzc9WyewWQ== me-legacy@foo.tld

Docker Pull Credentials

To pull from an OCI/Docker image registry there can be credentials required. In these cases usually they have to be provided in this format.

Bifröst accept them in the following formats:

  1. Base64 URL encoded JSON of format {"username":"<username>","password":"<password>"} or {"auth":"<base64 encoded auth token>"}
  2. JSON of format {"username":"<username>","password":"<password>"} or {"auth":"<base64 encoded auth token>"} ... which will be:
    1. base64 URL encoded by Bifröst. -> result will be as 1.
  3. A bare auth token ... which will be:
    1. base64 URL encoded,
    2. put into {"auth":"<encoded bare auth token>"} JSON and
    3. finally base64 URL encoded by Bifröst. -> result will be as 1.

DSA Restriction

Can be one of:

  • none
  • all
  • at-least-1024-bits
  • at-least-2048-bits
  • at-least-3072-bits

Duration

A duration of time of Go flavor. Examples: 300ms, 6s, 5m, 12h or combined 12h5m6s300ms.

ED25519 Restriction

Can be one of:

  • none
  • all
  • at-least-256-bits

ECDSA Restriction

Can be one of:

  • none
  • all
  • at-least-256-bits
  • at-least-384-bits
  • at-least-521-bits

Flow Name

Identifies flows. It has to fulfill the regular expression [a-z][a-z0-9]+.

File Mode

The permissions to access a file in octal notation. See Oracles documentation for more details.

File Path

A location of a file on the local file system. Like /foo/bar

Host

Represents a host(-name), which can be either an IPv4, IPv6 or DNS name.

Log Color Mode

Can be one of:

  • auto
  • always
  • never

Log Format

Can be one of:

  • text
  • json

Log Level

Can be one of:

  • TRACE
  • DEBUG
  • INFO
  • WARN
  • ERROR
  • FATAL

Net Address

Socket address in format [<Host>]:<port>.

Password

Represents an encoded or plain password that can be evaluated if it does match a requested one.

Password Type

Can be one of: * plain * bcrypt

Pull Policy

Can be one of: * ifAbsend * always

Regex

Regular expression of Go flavor. You can play around with it at regex.com.

RSA Restriction

Can be one of:

  • none
  • all
  • at-least-1024-bits
  • at-least-2048-bits
  • at-least-3072-bits
  • at-least-4096-bits

SSH Public Key

The public variant of an SSH keypair of a user.

Please refer to the good documentation at GitHub how to create SSH (public) keys.

URL

Represents a classical URL to reference resources (for example) in the internet, like https://bifroest.engity.org.