-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.go
208 lines (169 loc) · 6.43 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
package api
import (
"context"
"fmt"
"strings"
"github.com/nais/api/internal/fixtures"
"github.com/nais/api/internal/graph"
"github.com/nais/api/internal/k8s"
"github.com/sethvargo/go-envconfig"
)
type StaticCluster struct {
Name string
Host string
Token string
}
type k8sConfig struct {
Clusters []string `env:"KUBERNETES_CLUSTERS"`
StaticClusters []StaticCluster `env:"KUBERNETES_CLUSTERS_STATIC"`
}
func (k *k8sConfig) AllClusterNames() []string {
clusters := append([]string{}, k.Clusters...)
for _, c := range k.StaticClusters {
clusters = append(clusters, c.Name)
}
return clusters
}
func (k *k8sConfig) GraphClusterList() graph.ClusterList {
clusters := make(graph.ClusterList)
for _, cluster := range k.Clusters {
clusters[cluster] = graph.ClusterInfo{
GCP: true,
}
}
for _, staticCluster := range k.StaticClusters {
clusters[staticCluster.Name] = graph.ClusterInfo{}
}
return clusters
}
func (k *k8sConfig) PkgConfig() k8s.Config {
return k8s.Config{
Clusters: k.Clusters,
StaticClusters: func() []k8s.StaticCluster {
var clusters []k8s.StaticCluster
for _, c := range k.StaticClusters {
clusters = append(clusters, k8s.StaticCluster{
Name: c.Name,
Host: c.Host,
Token: c.Token,
})
}
return clusters
}(),
}
}
func (c *StaticCluster) EnvDecode(value string) error {
if value == "" {
return nil
}
parts := strings.Split(value, "|")
if len(parts) != 3 {
return fmt.Errorf(`invalid static cluster entry: %q. Must be on format "name|host|token"`, value)
}
name := strings.TrimSpace(parts[0])
if name == "" {
return fmt.Errorf("invalid static cluster entry: %q. Name must not be empty", value)
}
host := strings.TrimSpace(parts[1])
if host == "" {
return fmt.Errorf("invalid static cluster entry: %q. Host must not be empty", value)
}
token := strings.TrimSpace(parts[2])
if token == "" {
return fmt.Errorf("invalid static cluster entry: %q. Token must not be empty", value)
}
*c = StaticCluster{
Name: name,
Host: host,
Token: token,
}
return nil
}
type userSyncConfig struct {
// Enabled When set to true api will keep the user database in sync with the connected Google
// organization. The Google organization will be treated as the master.
Enabled bool `env:"USERSYNC_ENABLED"`
// RunsToPersist Number of runs to store for the userSync GraphQL query.
RunsToPersist int `env:"USERSYNC_RUNS_TO_PERSIST,default=5"`
// AdminGroupPrefix The prefix of the admin group email address.
AdminGroupPrefix string `env:"USERSYNC_ADMIN_GROUP_PREFIX,default=nais-admins"`
// Service account to impersonate during user sync
ServiceAccount string `env:"USERSYNC_SERVICE_ACCOUNT"`
// SubjectEmail The email address to impersonate during user sync. This is an email address of a user
// with the necessary permissions to read the Google organization.
SubjectEmail string `env:"USERSYNC_SUBJECT_EMAIL"`
}
// costConfig is the configuration for the cost service
type costConfig struct {
ImportEnabled bool `env:"COST_DATA_IMPORT_ENABLED"`
BigQueryProjectID string `env:"BIGQUERY_PROJECTID,default=*detect-project-id*"`
}
// dependencyTrackConfig is the configuration for the dependency track service
type dependencyTrackConfig struct {
Endpoint string `env:"DEPENDENCYTRACK_ENDPOINT,default=http://dependencytrack-backend:8080"`
Frontend string `env:"DEPENDENCYTRACK_FRONTEND"`
// TODO: change default value to something other than console
Username string `env:"DEPENDENCYTRACK_USERNAME,default=console"`
Password string `env:"DEPENDENCYTRACK_PASSWORD"`
// VulnerabilityMetricsImportEnabled is the configuration for the vulnerability metrics service
VulnerabilityMetricsImportEnabled bool `env:"VULNERABILITY_METRICS_IMPORT_ENABLED"`
}
// hookdConfig is the configuration for the hookd service
type hookdConfig struct {
Endpoint string `env:"HOOKD_ENDPOINT,default=http://hookd"`
PSK string `env:"HOOKD_PSK"`
}
type oAuthConfig struct {
// ClientID The ID of the OAuth 2.0 client to use for the OAuth login flow.
ClientID string `env:"OAUTH_CLIENT_ID"`
// ClientSecret The client secret to use for the OAuth login flow.
ClientSecret string `env:"OAUTH_CLIENT_SECRET"`
// RedirectURL The URL that Google will redirect back to after performing authentication.
RedirectURL string `env:"OAUTH_REDIRECT_URL"`
}
type unleashConfig struct {
// Namespace is the namespace where the Unleash servers are running
Namespace string `env:"UNLEASH_NAMESPACE,default=bifrost-unleash"`
}
type Config struct {
// Tenant is the active tenant
Tenant string `env:"TENANT,default=dev-nais"`
// TenantDomain The domain for the tenant.
TenantDomain string `env:"TENANT_DOMAIN,default=example.com"`
// GoogleManagementProjectID The ID of the NAIS management project in the tenant organization in GCP.
GoogleManagementProjectID string `env:"GOOGLE_MANAGEMENT_PROJECT_ID"`
// DatabaseConnectionString is the database DSN
DatabaseConnectionString string `env:"DATABASE_URL,default=postgres://api:api@127.0.0.1:3002/api?sslmode=disable"`
LogFormat string `env:"LOG_FORMAT,default=json"`
LogLevel string `env:"LOG_LEVEL,default=info"`
// StaticServiceAccounts A JSON-encoded value describing a set of service accounts to be created when the
// application starts. Refer to the README for the format.
StaticServiceAccounts fixtures.ServiceAccounts `env:"STATIC_SERVICE_ACCOUNTS"`
// ResourceUtilization is the configuration for the resource utilization service
ResourceUtilizationImportEnabled bool `env:"RESOURCE_UTILIZATION_IMPORT_ENABLED"`
// WithFakeKubernetes When set to true, the api will use a fake kubernetes client.
WithFakeClients bool `env:"WITH_FAKE_CLIENTS"`
// ListenAddress is host:port combination used by the http server
ListenAddress string `env:"LISTEN_ADDRESS,default=127.0.0.1:3000"`
// GRPCListenAddress is host:port combination used by the GRPC server
GRPCListenAddress string `env:"GRPC_LISTEN_ADDRESS,default=127.0.0.1:3001"`
K8s k8sConfig
UserSync userSyncConfig
Cost costConfig
DependencyTrack dependencyTrackConfig
Hookd hookdConfig
OAuth oAuthConfig
Unleash unleashConfig
}
// NewConfig creates a new configuration instance from environment variables
func NewConfig(ctx context.Context, lookuper envconfig.Lookuper) (*Config, error) {
cfg := &Config{}
err := envconfig.ProcessWith(ctx, &envconfig.Config{
Target: cfg,
Lookuper: lookuper,
})
if err != nil {
return nil, err
}
return cfg, nil
}