zot/pkg/api/config.go

package api

import (
	"github.com/anuvu/zot/errors"
	"github.com/getlantern/deepcopy"
	dspec "github.com/opencontainers/distribution-spec"
	"github.com/rs/zerolog"
)

//nolint (gochecknoglobals)
var Commit string

type StorageConfig struct {
	RootDirectory string
}

type TLSConfig struct {
	Cert   string
	Key    string
	CACert string
}

type AuthHTPasswd struct {
	Path string
}

type AuthConfig struct {
	FailDelay int
	HTPasswd  AuthHTPasswd
	LDAP      *LDAPConfig
}

type HTTPConfig struct {
	Address         string
	Port            string
	TLS             *TLSConfig
	Auth            *AuthConfig
	Realm           string
	AllowReadAccess bool `mapstructure:",omitempty"`
}

type LDAPConfig struct {
	Port          int
	Insecure      bool
	StartTLS      bool // if !Insecure, then StartTLS or LDAPs
	SkipVerify    bool
	SubtreeSearch bool
	Address       string
	BindDN        string
	BindPassword  string
	BaseDN        string
	UserAttribute string
	CACert        string
}

type LogConfig struct {
	Level  string
	Output string
}

type Config struct {
	Version string
	Commit  string
	Storage StorageConfig
	HTTP    HTTPConfig
	Log     *LogConfig
}

func NewConfig() *Config {
	return &Config{
		Version: dspec.Version,
		Commit:  Commit,
		HTTP:    HTTPConfig{Address: "127.0.0.1", Port: "8080"},
		Log:     &LogConfig{Level: "debug"},
	}
}

// Sanitize makes a sanitized copy of the config removing any secrets
func (c *Config) Sanitize() *Config {
	if c.HTTP.Auth != nil && c.HTTP.Auth.LDAP != nil && c.HTTP.Auth.LDAP.BindPassword != "" {
		s := &Config{}
		if err := deepcopy.Copy(s, c); err != nil {
			panic(err)
		}
		s.HTTP.Auth.LDAP = &LDAPConfig{}
		if err := deepcopy.Copy(s.HTTP.Auth.LDAP, c.HTTP.Auth.LDAP); err != nil {
			panic(err)
		}
		s.HTTP.Auth.LDAP.BindPassword = "******"
		return s
	}
	return c
}

func (c *Config) Validate(log zerolog.Logger) error {
	// LDAP configuration
	if c.HTTP.Auth != nil && c.HTTP.Auth.LDAP != nil {
		l := c.HTTP.Auth.LDAP
		if l.UserAttribute == "" {
			log.Error().Str("userAttribute", l.UserAttribute).Msg("invalid LDAP configuration")
			return errors.ErrLDAPConfig
		}
	}
	return nil
}
zot: initial commit 2019-06-20 18:36:40 -05:00			`package api`

			`import (`
auth: add LDAP support fixes #23 2019-08-15 11:34:54 -05:00			`"github.com/anuvu/zot/errors"`
			`"github.com/getlantern/deepcopy"`
zot: initial commit 2019-06-20 18:36:40 -05:00			`dspec "github.com/opencontainers/distribution-spec"`
auth: add LDAP support fixes #23 2019-08-15 11:34:54 -05:00			`"github.com/rs/zerolog"`
zot: initial commit 2019-06-20 18:36:40 -05:00			`)`

version: add commit id to binary during build 2019-09-16 13:01:59 -05:00			`//nolint (gochecknoglobals)`
			`var Commit string`

zot: initial commit 2019-06-20 18:36:40 -05:00			`type StorageConfig struct {`
			`RootDirectory string`
			`}`

			`type TLSConfig struct {`
			`Cert string`
			`Key string`
			`CACert string`
			`}`

			`type AuthHTPasswd struct {`
			`Path string`
			`}`

			`type AuthConfig struct {`
			`FailDelay int`
			`HTPasswd AuthHTPasswd`
auth: add LDAP support fixes #23 2019-08-15 11:34:54 -05:00			`LDAP *LDAPConfig`
zot: initial commit 2019-06-20 18:36:40 -05:00			`}`

			`type HTTPConfig struct {`
auth: allow for world-readable deployment mode 2019-08-28 16:05:16 -05:00			`Address string`
			`Port string`
auth: add LDAP support fixes #23 2019-08-15 11:34:54 -05:00			`TLS *TLSConfig`
			`Auth *AuthConfig`
auth: allow for world-readable deployment mode 2019-08-28 16:05:16 -05:00			`Realm string`
			AllowReadAccess bool `mapstructure:",omitempty"`
zot: initial commit 2019-06-20 18:36:40 -05:00			`}`

auth: add LDAP support fixes #23 2019-08-15 11:34:54 -05:00			`type LDAPConfig struct {`
			`Port int`
			`Insecure bool`
			`StartTLS bool // if !Insecure, then StartTLS or LDAPs`
			`SkipVerify bool`
			`SubtreeSearch bool`
			`Address string`
			`BindDN string`
			`BindPassword string`
			`BaseDN string`
			`UserAttribute string`
			`CACert string`
			`}`

zot: initial commit 2019-06-20 18:36:40 -05:00			`type LogConfig struct {`
			`Level string`
			`Output string`
			`}`

			`type Config struct {`
			`Version string`
version: add commit id to binary during build 2019-09-16 13:01:59 -05:00			`Commit string`
zot: initial commit 2019-06-20 18:36:40 -05:00			`Storage StorageConfig`
			`HTTP HTTPConfig`
auth: add LDAP support fixes #23 2019-08-15 11:34:54 -05:00			`Log *LogConfig`
zot: initial commit 2019-06-20 18:36:40 -05:00			`}`

			`func NewConfig() *Config {`
			`return &Config{`
			`Version: dspec.Version,`
version: add commit id to binary during build 2019-09-16 13:01:59 -05:00			`Commit: Commit,`
zot: initial commit 2019-06-20 18:36:40 -05:00			`HTTP: HTTPConfig{Address: "127.0.0.1", Port: "8080"},`
auth: add LDAP support fixes #23 2019-08-15 11:34:54 -05:00			`Log: &LogConfig{Level: "debug"},`
			`}`
			`}`

			`// Sanitize makes a sanitized copy of the config removing any secrets`
			`func (c Config) Sanitize() Config {`
			`if c.HTTP.Auth != nil && c.HTTP.Auth.LDAP != nil && c.HTTP.Auth.LDAP.BindPassword != "" {`
			`s := &Config{}`
			`if err := deepcopy.Copy(s, c); err != nil {`
			`panic(err)`
			`}`
			`s.HTTP.Auth.LDAP = &LDAPConfig{}`
			`if err := deepcopy.Copy(s.HTTP.Auth.LDAP, c.HTTP.Auth.LDAP); err != nil {`
			`panic(err)`
			`}`
			`s.HTTP.Auth.LDAP.BindPassword = "******"`
			`return s`
			`}`
			`return c`
			`}`

			`func (c *Config) Validate(log zerolog.Logger) error {`
			`// LDAP configuration`
			`if c.HTTP.Auth != nil && c.HTTP.Auth.LDAP != nil {`
			`l := c.HTTP.Auth.LDAP`
			`if l.UserAttribute == "" {`
			`log.Error().Str("userAttribute", l.UserAttribute).Msg("invalid LDAP configuration")`
			`return errors.ErrLDAPConfig`
			`}`
zot: initial commit 2019-06-20 18:36:40 -05:00			`}`
auth: add LDAP support fixes #23 2019-08-15 11:34:54 -05:00			`return nil`
zot: initial commit 2019-06-20 18:36:40 -05:00			`}`