github.com/anuvu/zot@v1.3.4/pkg/api/config/config.go (about)

     1  package config
     2  
     3  import (
     4  	"fmt"
     5  
     6  	"github.com/anuvu/zot/errors"
     7  	extconf "github.com/anuvu/zot/pkg/extensions/config"
     8  	"github.com/anuvu/zot/pkg/log"
     9  	"github.com/getlantern/deepcopy"
    10  	distspec "github.com/opencontainers/distribution-spec/specs-go"
    11  	"github.com/spf13/viper"
    12  )
    13  
    14  var (
    15  	Commit     string // nolint: gochecknoglobals
    16  	BinaryType string // nolint: gochecknoglobals
    17  	GoVersion  string // nolint: gochecknoglobals
    18  )
    19  
    20  type StorageConfig struct {
    21  	RootDirectory string
    22  	GC            bool
    23  	Dedupe        bool
    24  	StorageDriver map[string]interface{} `mapstructure:",omitempty"`
    25  }
    26  
    27  type TLSConfig struct {
    28  	Cert   string
    29  	Key    string
    30  	CACert string
    31  }
    32  
    33  type AuthHTPasswd struct {
    34  	Path string
    35  }
    36  
    37  type AuthConfig struct {
    38  	FailDelay int
    39  	HTPasswd  AuthHTPasswd
    40  	LDAP      *LDAPConfig
    41  	Bearer    *BearerConfig
    42  }
    43  
    44  type BearerConfig struct {
    45  	Realm   string
    46  	Service string
    47  	Cert    string
    48  }
    49  
    50  type HTTPConfig struct {
    51  	Address          string
    52  	Port             string
    53  	TLS              *TLSConfig
    54  	Auth             *AuthConfig
    55  	RawAccessControl map[string]interface{} `mapstructure:"accessControl,omitempty"`
    56  	Realm            string
    57  	AllowReadAccess  bool `mapstructure:",omitempty"`
    58  	ReadOnly         bool `mapstructure:",omitempty"`
    59  }
    60  
    61  type LDAPConfig struct {
    62  	Port          int
    63  	Insecure      bool
    64  	StartTLS      bool // if !Insecure, then StartTLS or LDAPs
    65  	SkipVerify    bool
    66  	SubtreeSearch bool
    67  	Address       string
    68  	BindDN        string
    69  	BindPassword  string
    70  	BaseDN        string
    71  	UserAttribute string
    72  	CACert        string
    73  }
    74  
    75  type LogConfig struct {
    76  	Level  string
    77  	Output string
    78  	Audit  string
    79  }
    80  
    81  type GlobalStorageConfig struct {
    82  	RootDirectory string
    83  	Dedupe        bool
    84  	GC            bool
    85  	StorageDriver map[string]interface{} `mapstructure:",omitempty"`
    86  	SubPaths      map[string]StorageConfig
    87  }
    88  
    89  type AccessControlConfig struct {
    90  	Repositories Repositories
    91  	AdminPolicy  Policy
    92  }
    93  
    94  type Repositories map[string]PolicyGroup
    95  
    96  type PolicyGroup struct {
    97  	Policies      []Policy
    98  	DefaultPolicy []string
    99  }
   100  
   101  type Policy struct {
   102  	Users   []string
   103  	Actions []string
   104  }
   105  
   106  type Config struct {
   107  	Version       string
   108  	GoVersion     string
   109  	Commit        string
   110  	BinaryType    string
   111  	AccessControl *AccessControlConfig
   112  	Storage       GlobalStorageConfig
   113  	HTTP          HTTPConfig
   114  	Log           *LogConfig
   115  	Extensions    *extconf.ExtensionConfig
   116  }
   117  
   118  func New() *Config {
   119  	return &Config{
   120  		Version:    distspec.Version,
   121  		GoVersion:  GoVersion,
   122  		Commit:     Commit,
   123  		BinaryType: BinaryType,
   124  		Storage:    GlobalStorageConfig{GC: true, Dedupe: true},
   125  		HTTP:       HTTPConfig{Address: "127.0.0.1", Port: "8080"},
   126  		Log:        &LogConfig{Level: "debug"},
   127  	}
   128  }
   129  
   130  // Sanitize makes a sanitized copy of the config removing any secrets.
   131  func (c *Config) Sanitize() *Config {
   132  	s := &Config{}
   133  	if err := deepcopy.Copy(s, c); err != nil {
   134  		panic(err)
   135  	}
   136  
   137  	if c.HTTP.Auth != nil && c.HTTP.Auth.LDAP != nil && c.HTTP.Auth.LDAP.BindPassword != "" {
   138  		s.HTTP.Auth.LDAP = &LDAPConfig{}
   139  
   140  		if err := deepcopy.Copy(s.HTTP.Auth.LDAP, c.HTTP.Auth.LDAP); err != nil {
   141  			panic(err)
   142  		}
   143  
   144  		s.HTTP.Auth.LDAP.BindPassword = "******"
   145  	}
   146  
   147  	return s
   148  }
   149  
   150  func (c *Config) Validate(log log.Logger) error {
   151  	// LDAP configuration
   152  	if c.HTTP.Auth != nil && c.HTTP.Auth.LDAP != nil {
   153  		l := c.HTTP.Auth.LDAP
   154  		if l.UserAttribute == "" {
   155  			log.Error().Str("userAttribute", l.UserAttribute).Msg("invalid LDAP configuration")
   156  			return errors.ErrLDAPConfig
   157  		}
   158  	}
   159  
   160  	return nil
   161  }
   162  
   163  // LoadAccessControlConfig populates config.AccessControl struct with values from config.
   164  func (c *Config) LoadAccessControlConfig() error {
   165  	if c.HTTP.RawAccessControl == nil {
   166  		return nil
   167  	}
   168  
   169  	c.AccessControl = &AccessControlConfig{}
   170  	c.AccessControl.Repositories = make(map[string]PolicyGroup)
   171  
   172  	for k := range c.HTTP.RawAccessControl {
   173  		var policies []Policy
   174  
   175  		var policyGroup PolicyGroup
   176  
   177  		if k == "adminpolicy" {
   178  			adminPolicy := viper.GetStringMapStringSlice("http.accessControl.adminPolicy")
   179  			c.AccessControl.AdminPolicy.Actions = adminPolicy["actions"]
   180  			c.AccessControl.AdminPolicy.Users = adminPolicy["users"]
   181  
   182  			continue
   183  		}
   184  
   185  		err := viper.UnmarshalKey(fmt.Sprintf("http.accessControl.%s.policies", k), &policies)
   186  		if err != nil {
   187  			return err
   188  		}
   189  
   190  		defaultPolicy := viper.GetStringSlice(fmt.Sprintf("http.accessControl.%s.defaultPolicy", k))
   191  		policyGroup.Policies = policies
   192  		policyGroup.DefaultPolicy = defaultPolicy
   193  		c.AccessControl.Repositories[k] = policyGroup
   194  	}
   195  
   196  	return nil
   197  }