0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2025-01-20 22:52:51 -05:00
zot/pkg/api/config.go

142 lines
2.8 KiB
Go
Raw Normal View History

2019-06-20 16:36:40 -07:00
package api
import (
"time"
2019-08-15 09:34:54 -07:00
"github.com/anuvu/zot/errors"
"github.com/anuvu/zot/pkg/log"
2019-08-15 09:34:54 -07:00
"github.com/getlantern/deepcopy"
2019-06-20 16:36:40 -07:00
dspec "github.com/opencontainers/distribution-spec"
)
// Commit ...
var Commit string //nolint: gochecknoglobals
const updateInterval = 24
2019-06-20 16:36:40 -07:00
type StorageConfig struct {
RootDirectory string
GC bool
Dedupe bool
2019-06-20 16:36:40 -07:00
}
type TLSConfig struct {
Cert string
Key string
CACert string
}
type AuthHTPasswd struct {
Path string
}
type AuthConfig struct {
FailDelay int
HTPasswd AuthHTPasswd
2019-08-15 09:34:54 -07:00
LDAP *LDAPConfig
Bearer *BearerConfig
}
type BearerConfig struct {
Realm string
Service string
Cert string
2019-06-20 16:36:40 -07:00
}
type HTTPConfig struct {
Address string
Port string
2019-08-15 09:34:54 -07:00
TLS *TLSConfig
Auth *AuthConfig
Realm string
AllowReadAccess bool `mapstructure:",omitempty"`
ReadOnly bool `mapstructure:",omitempty"`
2019-06-20 16:36:40 -07:00
}
2019-08-15 09:34:54 -07:00
type LDAPConfig struct {
Port int
Insecure bool
StartTLS bool // if !Insecure, then StartTLS or LDAPs
SkipVerify bool
SubtreeSearch bool
Address string
BindDN string
BindPassword string
BaseDN string
UserAttribute string
CACert string
}
2019-06-20 16:36:40 -07:00
type LogConfig struct {
Level string
Output string
}
type ExtensionConfig struct {
Search *SearchConfig
}
type SearchConfig struct {
// CVE search
CVE *CVEConfig
}
type CVEConfig struct {
UpdateInterval time.Duration // should be 2 hours or more, if not specified default be kept as 24 hours
}
2019-06-20 16:36:40 -07:00
type Config struct {
Version string
Commit string
Storage StorageConfig
HTTP HTTPConfig
Log *LogConfig
Extensions *ExtensionConfig
2019-06-20 16:36:40 -07:00
}
func NewConfig() *Config {
return &Config{
Version: dspec.Version,
Commit: Commit,
Storage: StorageConfig{GC: true, Dedupe: true},
HTTP: HTTPConfig{Address: "127.0.0.1", Port: "8080"},
Log: &LogConfig{Level: "debug"},
Extensions: &ExtensionConfig{&SearchConfig{CVE: &CVEConfig{UpdateInterval: updateInterval}}},
2019-08-15 09:34:54 -07:00
}
}
// Sanitize makes a sanitized copy of the config removing any secrets.
2019-08-15 09:34:54 -07:00
func (c *Config) Sanitize() *Config {
if c.HTTP.Auth != nil && c.HTTP.Auth.LDAP != nil && c.HTTP.Auth.LDAP.BindPassword != "" {
s := &Config{}
if err := deepcopy.Copy(s, c); err != nil {
panic(err)
}
2019-08-15 09:34:54 -07:00
s.HTTP.Auth.LDAP = &LDAPConfig{}
2019-08-15 09:34:54 -07:00
if err := deepcopy.Copy(s.HTTP.Auth.LDAP, c.HTTP.Auth.LDAP); err != nil {
panic(err)
}
2019-08-15 09:34:54 -07:00
s.HTTP.Auth.LDAP.BindPassword = "******"
2019-08-15 09:34:54 -07:00
return s
}
2019-08-15 09:34:54 -07:00
return c
}
func (c *Config) Validate(log log.Logger) error {
2019-08-15 09:34:54 -07:00
// LDAP configuration
if c.HTTP.Auth != nil && c.HTTP.Auth.LDAP != nil {
l := c.HTTP.Auth.LDAP
if l.UserAttribute == "" {
log.Error().Str("userAttribute", l.UserAttribute).Msg("invalid LDAP configuration")
return errors.ErrLDAPConfig
}
2019-06-20 16:36:40 -07:00
}
2019-08-15 09:34:54 -07:00
return nil
2019-06-20 16:36:40 -07:00
}