go.ligato.io/vpp-agent/v3@v3.5.0/cmd/agentctl/cli/config.go

go.ligato.io/vpp-agent/v3@v3.5.0/cmd/agentctl/cli/config.go (about)

     1  //  Copyright (c) 2019 Cisco and/or its affiliates.
     2  //
     3  //  Licensed under the Apache License, Version 2.0 (the "License");
     4  //  you may not use this file except in compliance with the License.
     5  //  You may obtain a copy of the License at:
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  //  Unless required by applicable law or agreed to in writing, software
    10  //  distributed under the License is distributed on an "AS IS" BASIS,
    11  //  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  //  See the License for the specific language governing permissions and
    13  //  limitations under the License.
    14  
    15  package cli
    16  
    17  import (
    18  	"encoding/json"
    19  	"fmt"
    20  	"strings"
    21  	"time"
    22  
    23  	"go.ligato.io/cn-infra/v2/logging"
    24  )
    25  
    26  // TLSConfig represents configuration for TLS.
    27  type TLSConfig struct {
    28  	Disabled   bool   `json:"disabled"`
    29  	CertFile   string `json:"cert-file"`
    30  	KeyFile    string `json:"key-file"`
    31  	CAFile     string `json:"ca-file"`
    32  	SkipVerify bool   `json:"skip-verify"`
    33  }
    34  
    35  // Config represents configuration for AgentCTL.
    36  type Config struct {
    37  	LigatoAPIVersion string        `json:"ligato-api-version"`
    38  	Host             string        `json:"host"`
    39  	ServiceLabel     string        `json:"service-label"`
    40  	GRPCPort         int           `json:"grpc-port"`
    41  	HTTPPort         int           `json:"http-port"`
    42  	HTTPBasicAuth    string        `json:"http-basic-auth"`
    43  	Timeout          time.Duration `json:"timeout"`
    44  	EtcdEndpoints    []string      `json:"etcd-endpoints"`
    45  	EtcdDialTimeout  time.Duration `json:"etcd-dial-timeout"`
    46  	InsecureTLS      bool          `json:"insecure-tls"`
    47  	GRPCSecure       *TLSConfig    `json:"grpc-tls"`
    48  	HTTPSecure       *TLSConfig    `json:"http-tls"`
    49  	KVDBSecure       *TLSConfig    `json:"kvdb-tls"`
    50  }
    51  
    52  // MakeConfig returns new Config with values from Viper.
    53  func MakeConfig() (*Config, error) {
    54  	// Prepare Viper.
    55  	viperSetConfigFile()
    56  	viperReadInConfig()
    57  
    58  	// Put configuration into "Config" struct.
    59  	cfg := new(Config)
    60  	if err := viperUnmarshal(cfg); err != nil {
    61  		return nil, err
    62  	}
    63  
    64  	// Values adjustment.
    65  	cfg.EtcdEndpoints = adjustEtcdEndpoints(cfg.EtcdEndpoints)
    66  	cfg.GRPCSecure = adjustSecurity("gRPC", cfg.InsecureTLS, cfg.GRPCSecure)
    67  	cfg.HTTPSecure = adjustSecurity("HTTP", cfg.InsecureTLS, cfg.HTTPSecure)
    68  	cfg.KVDBSecure = adjustSecurity("KVDB", cfg.InsecureTLS, cfg.KVDBSecure)
    69  
    70  	return cfg, nil
    71  }
    72  
    73  // DebugOutput returns Config as string to be used for debug output.
    74  func (c *Config) DebugOutput() string {
    75  	bConfig, err := json.MarshalIndent(c, "", " ")
    76  	if err != nil {
    77  		return fmt.Sprintf("error while marshaling config to json: %v", err)
    78  	}
    79  
    80  	return string(bConfig)
    81  }
    82  
    83  // ShouldUseSecureGRPC returns whether or not to use TLS for GRPC connection.
    84  func (c *Config) ShouldUseSecureGRPC() bool {
    85  	return c.GRPCSecure != nil && !c.GRPCSecure.Disabled
    86  }
    87  
    88  // ShouldUseSecureHTTP returns whether or not to use TLS for HTTP connection.
    89  func (c *Config) ShouldUseSecureHTTP() bool {
    90  	return c.HTTPSecure != nil && !c.HTTPSecure.Disabled
    91  }
    92  
    93  // ShouldUseSecureKVDB returns whether or not to use TLS for KVDB connection.
    94  func (c *Config) ShouldUseSecureKVDB() bool {
    95  	return c.KVDBSecure != nil && !c.KVDBSecure.Disabled
    96  }
    97  
    98  // adjustEtcdEndpoints adjusts etcd endpoints received from env variable.
    99  func adjustEtcdEndpoints(endpoints []string) []string {
   100  	if len(endpoints) != 1 {
   101  		return endpoints
   102  	}
   103  
   104  	if strings.Contains(endpoints[0], ",") {
   105  		return strings.Split(endpoints[0], ",")
   106  	}
   107  
   108  	return endpoints
   109  }
   110  
   111  // adjustSecurity adjusts TLS configuration to match "insecureTLS" option.
   112  func adjustSecurity(name string, insecureTLS bool, cfg *TLSConfig) *TLSConfig {
   113  	if !insecureTLS {
   114  		return cfg
   115  	}
   116  
   117  	// it is not an option to return empty config here,
   118  	// because if cert and key is set, then they will be
   119  	// used for TLS connection. "insecureTLS" means user
   120  	// wants TLS connection, but without verification of
   121  	// server's certificate.
   122  
   123  	if cfg == nil {
   124  		logging.Debugf("since insecure tls is used, "+
   125  			"%s tls config will be set to empty one", name)
   126  		cfg = &TLSConfig{}
   127  	}
   128  
   129  	if cfg.Disabled {
   130  		logging.Debugf("since %s tls connfig is disabled and insecure tls is used, "+
   131  			"%s tls config will be replaced with empty one", name)
   132  		cfg = &TLSConfig{}
   133  	}
   134  
   135  	if !cfg.SkipVerify {
   136  		logging.Debugf("since insecure tls is used, "+
   137  			"\"skip-verify\" will be changed to true for %s connection", name)
   138  		cfg.SkipVerify = true
   139  	}
   140  
   141  	return cfg
   142  }