Merge pull request #1 from grafeas/master

Merge master fork

.gitignore

@@ -12,3 +12,10 @@ cel/syntax.proto
 *.pb.go
 *.pb.gw.go
 protodeps/*
+ca.crt
+ca.key
+server.crt
+server.csr
+server.key
+server.p12
+server.pem

CHANGELOG.md

@@ -1,6 +1,11 @@
 This is the changelog of Grafeas server releases. For more information on
 versionining, see [versioning](docs/versioning.md) document.
 
+v0.1.1:
+  * Grafeas helm chart is compliant with stable requirements.
+  * Code cleanup.
+  * Added back `max_affected_version` to Vulnerability.
+
 v0.1.0:
   * Grafeas server implements v1beta1 Grafeas API.
   * Grafeas server can run:

docs/running_grafeas.md

@@ -119,7 +119,7 @@ openssl pkcs12 -in server.p12 -out server.pem -clcerts
 Now, `curl` the endpoint:
 
 ```bash
-curl -k --cert server.pem https://localhost:8080/v1beta1/projects`
+curl -k --cert server.pem https://localhost:8080/v1beta1/projects
 ```
 
 ### gRPC with a go client

go.mod

@@ -14,10 +14,10 @@ require (
 	github.com/grpc-ecosystem/grpc-gateway v1.9.6
 	github.com/lib/pq v1.2.0
 	github.com/rs/cors v1.7.0
+	github.com/spf13/viper v1.4.0
 	golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7
 	golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456 // indirect
 	golang.org/x/text v0.3.2 // indirect
 	google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55
 	google.golang.org/grpc v1.23.0
-	gopkg.in/yaml.v2 v2.2.2
 )

go/config/config.go

@@ -15,101 +15,126 @@
 package config
 
 import (
+	"bytes"
+	"encoding/json"
 	"errors"
+	"fmt"
 	"io/ioutil"
-	"log"
 
-	fernet "github.com/fernet/fernet-go"
-	"gopkg.in/yaml.v2"
+	"github.com/spf13/viper"
 )
 
 // file is the Grafeas configuration file.
 type file struct {
-	Grafeas *GrafeasConfig `yaml:"grafeas"`
+	Grafeas GrafeasConfig `mapstructure:"grafeas"`
+}
+
+// StorageConfiguration is a generic interface as its implementation is entirely storage-specific.
+type StorageConfiguration interface{}
+
+// GrafeasConfig is the top-level configuration object, containing generic config + storage-specific config.
+type GrafeasConfig struct {
+	API           *ServerConfig `mapstructure:"api"`
+	StorageType   string        `mapstructure:"storage_type"` // Natively supported storage types are "memstore" and "embedded"
+	StorageConfig *StorageConfiguration
 }
 
 // ServerConfig is the Grafeas server configuration.
 type ServerConfig struct {
-	Address            string   `yaml:"address"`              // Endpoint address, e.g. localhost:8080 or unix:///var/run/grafeas.sock
-	CertFile           string   `yaml:"certfile"`             // A PEM encoded certificate file
-	KeyFile            string   `yaml:"keyfile"`              // A PEM encoded private key file
-	CAFile             string   `yaml:"cafile"`               // A PEM encoded CA's certificate file
-	CORSAllowedOrigins []string `yaml:"cors_allowed_origins"` // Permitted CORS origins.
+	Address            string   `mapstructure:"address"`              // Endpoint address, e.g. localhost:8080 or unix:///var/run/grafeas.sock
+	CertFile           string   `mapstructure:"certfile"`             // A PEM encoded certificate file
+	KeyFile            string   `mapstructure:"keyfile"`              // A PEM encoded private key file
+	CAFile             string   `mapstructure:"cafile"`               // A PEM encoded CA's certificate file
+	CORSAllowedOrigins []string `mapstructure:"cors_allowed_origins"` // Permitted CORS origins.
 }
 
 // EmbeddedStoreConfig is the configuration for embedded store.
 type EmbeddedStoreConfig struct {
-	Path string `yaml:"path"` // Path is the folder path to storage files
+	Path string `mapstructure:"path"` // Path is the folder path to storage files
 }
 
+// TODO(#341) Move this to its own project
 // PgSQLConfig is the configuration for PostgreSQL store.
 type PgSQLConfig struct {
-	Host     string `yaml:"host"`
-	DbName   string `yaml:"dbname"`
-	User     string `yaml:"user"`
-	Password string `yaml:"password"`
+	Host     string `mapstructure:"host"`
+	DbName   string `mapstructure:"dbname"`
+	User     string `mapstructure:"user"`
+	Password string `mapstructure:"password"`
 	// Valid sslmodes: disable, allow, prefer, require, verify-ca, verify-full.
 	// See https://www.postgresql.org/docs/current/static/libpq-connect.html for details
-	SSLMode       string `yaml:"sslmode"`
-	PaginationKey string `yaml:"paginationkey"`
-}
-
-// GrafeasConfig is the global configuration for an instance of Grafeas.
-type GrafeasConfig struct {
-	API            *ServerConfig        `yaml:"api"`
-	StorageType    string               `yaml:"storage_type"` // Supported storage types are "memstore", "postgres" and "embedded"
-	PgSQLConfig    *PgSQLConfig         `yaml:"postgres"`
-	EmbeddedConfig *EmbeddedStoreConfig `yaml:"embedded"` // EmbeddedConfig is the embedded store config
+	SSLMode       string `mapstructure:"sslmode"`
+	PaginationKey string `mapstructure:"paginationkey"`
 }
 
 // defaultConfig is a configuration that can be used as a fallback value.
-func defaultConfig() *GrafeasConfig {
-	return &GrafeasConfig{
-		API: &ServerConfig{
-			Address:  "0.0.0.0:8080",
-			CertFile: "",
-			KeyFile:  "",
-			CAFile:   "",
-		},
-		StorageType: "memstore",
-		PgSQLConfig: &PgSQLConfig{},
-	}
-}
+var defaultConfig = []byte(`
+grafeas:
+  # Grafeas api server config
+  api:
+    # Endpoint address
+    address: "0.0.0.0:8080"
+    # PKI configuration (optional)
+    certfile:
+    keyfile:
+    cafile: 
+    # CORS configuration (optional)
+    cors_allowed_origins:
+      # - "http://example.net"
+  # Supported storage types are "memstore" and "embedded"
+  storage_type: "memstore"
+`)
 
 // LoadConfig creates a config from a YAML-file. If fileName is an empty
 // string a default config will be returned.
 func LoadConfig(fileName string) (*GrafeasConfig, error) {
-	if fileName == "" {
-		return defaultConfig(), nil
-	}
+	v := viper.New()
+	v.SetConfigType("yaml")
 
-	data, err := ioutil.ReadFile(fileName)
-	if err != nil {
+	var err error
+	data := defaultConfig
+	// now read from config fileName if required
+	if fileName != "" {
+		data, err = ioutil.ReadFile(fileName)
+		if err != nil {
+			return nil, err
+		}
+	}
+	if err = v.ReadConfig(bytes.NewBuffer(data)); err != nil {
 		return nil, err
 	}
 
-	var configFile file
-	if err := yaml.Unmarshal(data, &configFile); err != nil {
-		return nil, err
+	var config GrafeasConfig
+
+	// parse server config
+	serverCfg := ServerConfig{}
+	if err = v.UnmarshalKey("grafeas.api", &serverCfg); err != nil {
+		return nil, errors.New(fmt.Sprintf("Unable to decode into struct, %v", err))
 	}
-	config := configFile.Grafeas
-
-	if config.StorageType == "postgres" {
-		// Generate a pagination key if none is provided.
-		if config.PgSQLConfig.PaginationKey == "" {
-			log.Println("pagination key is empty, generating...")
-			var key fernet.Key
-			if err = key.Generate(); err != nil {
-				return nil, err
-			}
-			config.PgSQLConfig.PaginationKey = key.Encode()
-		} else {
-			_, err = fernet.DecodeKey(config.PgSQLConfig.PaginationKey)
-			if err != nil {
-				err = errors.New("Invalid Pagination key; must be 32-bit URL-safe base64")
-				return nil, err
-			}
-		}
+	config.API = &serverCfg
+
+	// parse storage type
+	config.StorageType = v.GetString("grafeas.storage_type")
+
+	// parse storage type-specific configuration into interface{}, which may be nil
+	genericConfig := v.Get(fmt.Sprintf("grafeas.%s", config.StorageType))
+
+	if config.StorageType != "memstore" && genericConfig != nil {
+		// convert interface{} into StorageConfiguration if it's not nil
+		storageConfiguration := genericConfig.(StorageConfiguration)
+		config.StorageConfig = &storageConfiguration
 	}
-	return config, nil
+
+	return &config, nil
+}
+
+// ConvertGenericConfigToSpecificType will attempt to copy generic configuration within source
+// to a target struct that represents the specific storage configuration, represented as an interface{}.
+// see config_test.go for example usage.
+func ConvertGenericConfigToSpecificType(source interface{}, target interface{}) error {
+	b, err := json.Marshal(source)
+	if err != nil {
+		return errors.New(fmt.Sprintf("Error parsing configuration, %v", err))
+	}
+
+	return json.Unmarshal(b, &target)
 }