anchore · spiffcs · Mar 20, 2023 · Mar 2, 2023 · Mar 20, 2023 · Mar 20, 2023
diff --git a/internal/config/application.go b/internal/config/application.go
@@ -3,6 +3,7 @@ package config
 import (
 	"errors"
 	"fmt"
+	"os"
 	"path"
 	"reflect"
 	"sort"
@@ -208,6 +209,7 @@ func (cfg Application) String() string {
 	return string(appaStr)
 }
 
+// nolint:funlen
 func loadConfig(v *viper.Viper, configPath string) error {
 	var err error
 	// use explicitly the given user config
@@ -223,13 +225,26 @@ func loadConfig(v *viper.Viper, configPath string) error {
 
 	// start searching for valid configs in order...
 	// 1. look for .<appname>.yaml (in the current directory)
+	confFilePath := "." + internal.ApplicationName
+
+	// TODO: Remove this before v1.0.0
+	// See syft #1634
 	v.AddConfigPath(".")
-	v.SetConfigName("." + internal.ApplicationName)
-	if err = v.ReadInConfig(); err == nil {
-		v.Set("config", v.ConfigFileUsed())
-		return nil
-	} else if !errors.As(err, &viper.ConfigFileNotFoundError{}) {
-		return fmt.Errorf("unable to parse config=%q: %w", v.ConfigFileUsed(), err)
+	v.SetConfigName(confFilePath)
+
+	// check if config.yaml exists in the current directory
+	// DEPRECATED: this will be removed in v1.0.0
+	if _, err := os.Stat("config.yaml"); err == nil {
+		log.Warn("DEPRECATED: ./config.yaml as a configuration file is deprecated and will be removed as an option in v1.0.0, please rename to .syft.yaml")
+	}
+
+	if _, err := os.Stat(confFilePath + ".yaml"); err == nil {
+		if err = v.ReadInConfig(); err == nil {
+			v.Set("config", v.ConfigFileUsed())
+			return nil
+		} else if !errors.As(err, &viper.ConfigFileNotFoundError{}) {
+			return fmt.Errorf("unable to parse config=%q: %w", v.ConfigFileUsed(), err)
+		}
 	}
 
 	// 2. look for .<appname>/config.yaml (in the current directory)
@@ -255,12 +270,14 @@ func loadConfig(v *viper.Viper, configPath string) error {
 		}
 	}
 
-	// 4. look for <appname>/config.yaml in xdg locations (starting with xdg home config dir, then moving upwards)
-	v.AddConfigPath(path.Join(xdg.ConfigHome, internal.ApplicationName))
+	// 4. look for .<appname>/config.yaml in xdg locations (starting with xdg home config dir, then moving upwards)
+
+	v.SetConfigName("config")
+	configPath = path.Join(xdg.ConfigHome, "."+internal.ApplicationName)
+	v.AddConfigPath(configPath)
 	for _, dir := range xdg.ConfigDirs {
-		v.AddConfigPath(path.Join(dir, internal.ApplicationName))
+		v.AddConfigPath(path.Join(dir, "."+internal.ApplicationName))
 	}
-	v.SetConfigName("config")
 	if err = v.ReadInConfig(); err == nil {
 		v.Set("config", v.ConfigFileUsed())
 		return nil

diff --git a/internal/config/application_test.go b/internal/config/application_test.go
@@ -0,0 +1,114 @@
+package config
+
+import (
+	"github.com/adrg/xdg"
+	"github.com/spf13/viper"
+	"github.com/stretchr/testify/assert"
+	"os"
+	"path"
+	"testing"
+)
+
+// TODO: set negative case when config.yaml is no longer a valid option
+func TestApplicationConfig(t *testing.T) {
+	// config is picked up at desired configuration paths
+	// VALID: .syft.yaml, .syft/config.yaml, ~/.syft.yaml, <XDG_CONFIG_HOME>/syft/config.yaml
+	// DEPRECATED: .config.yaml is currently supported by
+	tests := []struct {
+		name       string
+		setup      func(t *testing.T) string
+		assertions func(t *testing.T, app *Application)
+	}{
+		{
+			name: "explicit config",
+			setup: func(t *testing.T) string {
+				return "./test-fixtures/.syft.yaml"
+			}, // no-op for explicit config
+			assertions: func(t *testing.T, app *Application) {
+				assert.Equal(t, "test-explicit-config", app.File)
+			},
+		},
+		{
+			name: "current working directory named config",
+			setup: func(t *testing.T) string {
+				err := os.Chdir("./test-fixtures/config-wd-file") // change application cwd to test-fixtures
+				if err != nil {
+					t.Fatalf("%s failed to change cwd: %+v", t.Name(), err)
+				}
+				return ""
+			},
+			assertions: func(t *testing.T, app *Application) {
+				assert.Equal(t, "test-wd-named-config", app.File)
+			},
+		},
+		{
+			name: "current working directory syft dir config",
+			setup: func(t *testing.T) string {
+				err := os.Chdir("./test-fixtures/config-dir-test") // change application cwd to test-fixtures
+				if err != nil {
+					t.Fatalf("%s failed to change cwd: %+v", t.Name(), err)
+				}
+				return ""
+			},
+			assertions: func(t *testing.T, app *Application) {
+				assert.Equal(t, "test-dir-config", app.File)
+			},
+		},
+		{
+			name: "home directory file config",
+			setup: func(t *testing.T) string {
+				// Because Setenv affects the whole process, it cannot be used in parallel tests or
+				// tests with parallel ancestors: see separate XDG test for consequence of this
+				t.Setenv("HOME", "./test-fixtures/config-home-test") // set HOME to testdata
+				return ""
+			},
+			assertions: func(t *testing.T, app *Application) {
+				assert.Equal(t, "test-home-config", app.File)
+			},
+		},
+	}
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			wd, err := os.Getwd()
+			if err != nil {
+				t.Fatalf("failed to get working directory: %+v", err)
+			}
+			defer os.Chdir(wd) // reset working directory after test
+			application := &Application{}
+			viperInstance := viper.New()
+
+			configPath := test.setup(t)
+			err = application.LoadAllValues(viperInstance, configPath)
+			if err != nil {
+				t.Fatalf("failed to load application config: %+v", err)
+			}
+			test.assertions(t, application)
+		})
+	}
+}
+
+// NOTE: this has to be separate for now because of t.Setenv behavior
+// if this was included in the above table test then HOMEDIR would always
+// be set; we would never fall through to the XDG case
+func TestApplication_LoadAllValues_XDG(t *testing.T) {
+	wd, err := os.Getwd()
+	if err != nil {
+		t.Fatalf("failed to get working directory: %+v", err)
+	}
+	defer os.Chdir(wd) // reset working directory after test
+	application := &Application{}
+	viperInstance := viper.New()
+
+	// NOTE: we need to temporarily unset HOME or we never reach the XDG_CONFIG_HOME check
+	t.Setenv("HOME", "/foo/bar")
+	configDir := path.Join(wd, "./test-fixtures/config-xdg-dir-test") // set HOME to testdata
+	t.Setenv("XDG_CONFIG_DIRS", configDir)
+	xdg.Reload()
+
+	err = application.LoadAllValues(viperInstance, "")
+	if err != nil {
+		t.Fatalf("failed to load application config: %+v", err)
+	}
+
+	assert.Equal(t, "test-home-XDG-config", application.File)
+}
diff --git a/internal/config/cataloger_options.go b/internal/config/cataloger_options.go
@@ -16,6 +16,7 @@ type catalogerOptions struct {
 
 func (cfg catalogerOptions) loadDefaultValues(v *viper.Viper) {
 	v.SetDefault("package.cataloger.enabled", true)
+	v.SetDefault("package.cataloger.scope", "squashed")
 }
 
 func (cfg *catalogerOptions) parseConfigValues() error {

diff --git a/internal/config/test-fixtures/.syft.yaml b/internal/config/test-fixtures/.syft.yaml
@@ -0,0 +1,25 @@
+output: "table"
+
+# suppress all output (except for the SBOM report)
+# same as -q ; SYFT_QUIET env var
+quiet: false
+
+# same as --file; write output report to a file (default is to write to stdout)
+file: "test-explicit-config"
+
+# enable/disable checking for application updates on startup
+# same as SYFT_CHECK_FOR_APP_UPDATE env var
+check-for-app-update: true
+
+log:
+  # use structured logging
+  # same as SYFT_LOG_STRUCTURED env var
+  structured: false
+
+  # the log level; note: detailed logging suppress the ETUI
+  # same as SYFT_LOG_LEVEL env var
+  level: "error"
+
+  # location to write the log file (default is not to have a log file)
+  # same as SYFT_LOG_FILE env var
+  file: ""
diff --git a/internal/config/test-fixtures/config-dir-test/.syft/config.yaml b/internal/config/test-fixtures/config-dir-test/.syft/config.yaml
@@ -0,0 +1,25 @@
+output: "table"
+
+# suppress all output (except for the SBOM report)
+# same as -q ; SYFT_QUIET env var
+quiet: false
+
+# same as --file; write output report to a file (default is to write to stdout)
+file: "test-dir-config"
+
+# enable/disable checking for application updates on startup
+# same as SYFT_CHECK_FOR_APP_UPDATE env var
+check-for-app-update: true
+
+log:
+  # use structured logging
+  # same as SYFT_LOG_STRUCTURED env var
+  structured: false
+
+  # the log level; note: detailed logging suppress the ETUI
+  # same as SYFT_LOG_LEVEL env var
+  level: "error"
+
+  # location to write the log file (default is not to have a log file)
+  # same as SYFT_LOG_FILE env var
+  file: ""
diff --git a/internal/config/test-fixtures/config-home-test/.syft.yaml b/internal/config/test-fixtures/config-home-test/.syft.yaml
@@ -0,0 +1,25 @@
+output: "table"
+
+# suppress all output (except for the SBOM report)
+# same as -q ; SYFT_QUIET env var
+quiet: false
+
+# same as --file; write output report to a file (default is to write to stdout)
+file: "test-home-config"
+
+# enable/disable checking for application updates on startup
+# same as SYFT_CHECK_FOR_APP_UPDATE env var
+check-for-app-update: true
+
+log:
+  # use structured logging
+  # same as SYFT_LOG_STRUCTURED env var
+  structured: false
+
+  # the log level; note: detailed logging suppress the ETUI
+  # same as SYFT_LOG_LEVEL env var
+  level: "error"
+
+  # location to write the log file (default is not to have a log file)
+  # same as SYFT_LOG_FILE env var
+  file: ""
diff --git a/internal/config/test-fixtures/config-wd-file/.syft.yaml b/internal/config/test-fixtures/config-wd-file/.syft.yaml
@@ -0,0 +1,25 @@
+output: "table"
+
+# suppress all output (except for the SBOM report)
+# same as -q ; SYFT_QUIET env var
+quiet: false
+
+# same as --file; write output report to a file (default is to write to stdout)
+file: "test-wd-named-config"
+
+# enable/disable checking for application updates on startup
+# same as SYFT_CHECK_FOR_APP_UPDATE env var
+check-for-app-update: true
+
+log:
+  # use structured logging
+  # same as SYFT_LOG_STRUCTURED env var
+  structured: false
+
+  # the log level; note: detailed logging suppress the ETUI
+  # same as SYFT_LOG_LEVEL env var
+  level: "error"
+
+  # location to write the log file (default is not to have a log file)
+  # same as SYFT_LOG_FILE env var
+  file: ""
diff --git a/internal/config/test-fixtures/config-xdg-dir-test/.syft/config.yaml b/internal/config/test-fixtures/config-xdg-dir-test/.syft/config.yaml
@@ -0,0 +1,25 @@
+output: "table"
+
+# suppress all output (except for the SBOM report)
+# same as -q ; SYFT_QUIET env var
+quiet: false
+
+# same as --file; write output report to a file (default is to write to stdout)
+file: "test-home-XDG-config"
+
+# enable/disable checking for application updates on startup
+# same as SYFT_CHECK_FOR_APP_UPDATE env var
+check-for-app-update: true
+
+log:
+  # use structured logging
+  # same as SYFT_LOG_STRUCTURED env var
+  structured: false
+
+  # the log level; note: detailed logging suppress the ETUI
+  # same as SYFT_LOG_LEVEL env var
+  level: "error"
+
+  # location to write the log file (default is not to have a log file)
+  # same as SYFT_LOG_FILE env var
+  file: ""