fix: Load config file only in serve command (#365)

ory · Feb 19, 2020 · 68c8546 · 68c8546
1 parent bec6af0
commit 68c8546
Show file tree

Hide file tree

Showing 8 changed files with 67 additions and 46 deletions.
diff --git a/cmd/credentials.go b/cmd/credentials.go
@@ -20,7 +20,8 @@ import (
 
 // credentialsCmd represents the credentials command
 var credentialsCmd = &cobra.Command{
-	Use: "credentials",
+	Use:   "credentials",
+	Short: "Generate RSA, ECDSA, and other keys and output them as JSON Web Keys",
 }
 
 func init() {

diff --git a/cmd/credentials_generate.go b/cmd/credentials_generate.go
@@ -32,7 +32,9 @@ var credentialsGenerateCmd = &cobra.Command{
 	Short: "Generate a key for the specified algorithm",
 	Long: `Examples:
 
-$ oathkeeper credentials generate --alg RS256 > jwks.json`,
+$ oathkeeper credentials generate --alg ES256 > jwks.json
+$ oathkeeper credentials generate --alg RS256 > jwks.json
+$ oathkeeper credentials generate --alg RS256 --bits 4096 > jwks.json`,
 	Run: func(cmd *cobra.Command, args []string) {
 		key, err := jwksx.GenerateSigningKeys(
 			flagx.MustGetString(cmd, "kid"),

diff --git a/cmd/root.go b/cmd/root.go
@@ -29,14 +29,15 @@ import (
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 
-	"github.com/ory/gojsonschema"
+	_ "github.com/ory/jsonschema/v3/fileloader"
+	_ "github.com/ory/jsonschema/v3/httploader"
 
 	"github.com/ory/viper"
 	"github.com/ory/x/viperx"
-
-	"github.com/ory/x/logrusx"
 )
 
+var logger logrus.FieldLogger
+
 var schemas = packr.New("schemas", "../.schemas")
 
 // RootCmd represents the base command when called without any subcommands
@@ -54,44 +55,39 @@ func Execute() {
 	}
 }
 
-var logger *logrus.Logger
-
 func init() {
+	viperx.RegisterConfigFlag(RootCmd, "oathkeeper")
+}
+
+func watchAndValidateViper() {
+	logger = viperx.InitializeConfig("oathkeeper", "", logger)
+
 	schema, err := schemas.Find("config.schema.json")
 	if err != nil {
-		panic(err)
+		logger.WithError(err).Fatal("Unable to open configuration JSON Schema.")
 	}
 
-	cobra.OnInitialize(func() {
-		viperx.InitializeConfig("oathkeeper", "", nil)
-		logger = logrusx.New()
+	if err := viperx.Validate("config.schema.json", schema); err != nil {
+		viperx.LoggerWithValidationErrorFields(logger, err).
+			Fatal("The configuration is invalid and could not be loaded.")
+	}
 
-		if err := viperx.Validate(gojsonschema.NewBytesLoader(schema)); err != nil {
+	viperx.AddWatcher(func(event fsnotify.Event) error {
+		if err := viperx.Validate("config.schema.json", schema); err != nil {
 			viperx.LoggerWithValidationErrorFields(logger, err).
-				WithError(err).
-				Fatal("The configuration is invalid and could not be loaded.")
+				Error("The changed configuration is invalid and could not be loaded. Rolling back to the last working configuration revision. Please address the validation errors before restarting ORY Oathkeeper.")
+			return viperx.ErrRollbackConfigurationChanges
 		}
-
-		viperx.AddWatcher(func(event fsnotify.Event) error {
-			if err := viperx.Validate(gojsonschema.NewBytesLoader(schema)); err != nil {
-				viperx.LoggerWithValidationErrorFields(logger, err).
-					WithError(err).
-					Error("The changed configuration is invalid and could not be loaded. Rolling back to the last working configuration revision. Please address the validation errors before restarting ORY Oathkeeper.")
-				return viperx.ErrRollbackConfigurationChanges
-			}
-			return nil
-		})
-
-		viperx.WatchConfig(logger, &viperx.WatchOptions{
-			Immutables: []string{"serve", "profiling", "log"},
-			OnImmutableChange: func(key string) {
-				logger.
-					WithField("key", key).
-					WithField("reset_to", fmt.Sprintf("%v", viper.Get(key))).
-					Error("A configuration value marked as immutable has changed. Rolling back to the last working configuration revision. To reload the values please restart ORY Oathkeeper.")
-			},
-		})
+		return nil
 	})
 
-	viperx.RegisterConfigFlag(RootCmd, "oathkeeper")
+	viperx.WatchConfig(logger, &viperx.WatchOptions{
+		Immutables: []string{"serve", "profiling", "log"},
+		OnImmutableChange: func(key string) {
+			logger.
+				WithField("key", key).
+				WithField("reset_to", fmt.Sprintf("%v", viper.Get(key))).
+				Error("A configuration value marked as immutable has changed. Rolling back to the last working configuration revision. To reload the values please restart ORY Oathkeeper.")
+		},
+	})
 }
diff --git a/cmd/serve.go b/cmd/serve.go
@@ -21,13 +21,13 @@
 package cmd
 
 import (
-	"github.com/ory/oathkeeper/cmd/server"
-	"github.com/ory/oathkeeper/x"
-
 	"github.com/ory/x/logrusx"
 	"github.com/ory/x/viperx"
 
 	"github.com/spf13/cobra"
+
+	"github.com/ory/oathkeeper/cmd/server"
+	"github.com/ory/oathkeeper/x"
 )
 
 var serveCmd = &cobra.Command{
@@ -42,7 +42,10 @@ on configuration options, open the configuration documentation:
 
 >> https://www.ory.sh/docs/oathkeeper/configuration <<
 `,
-	Run: server.RunServe(x.Version, x.Commit, x.Date),
+	Run: func(cmd *cobra.Command, args []string) {
+		watchAndValidateViper()
+		server.RunServe(x.Version, x.Commit, x.Date)(cmd, args)
+	},
 }
 
 func init() {

diff --git a/driver/configuration/provider_viper_public_test.go b/driver/configuration/provider_viper_public_test.go
@@ -12,12 +12,14 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/ory/gojsonschema"
 	"github.com/ory/x/urlx"
 	"github.com/ory/x/viperx"
 
 	"github.com/ory/viper"
 
+	_ "github.com/ory/jsonschema/v3/fileloader"
+	_ "github.com/ory/jsonschema/v3/httploader"
+
 	. "github.com/ory/oathkeeper/driver/configuration"
 	"github.com/ory/oathkeeper/pipeline/authn"
 	"github.com/ory/oathkeeper/pipeline/authz"
@@ -33,7 +35,7 @@ func TestPipelineConfig(t *testing.T) {
 		logrus.New(),
 	)
 
-	err := viperx.Validate(gojsonschema.NewReferenceLoader("file://../../.schemas/config.schema.json"))
+	err := viperx.ValidateFromURL("file://../../.schemas/config.schema.json")
 	if err != nil {
 		viperx.LoggerWithValidationErrorFields(logrus.New(), err).Error("unable to validate")
 	}
@@ -109,7 +111,7 @@ func BenchmarkPipelineConfig(b *testing.B) {
 		logrus.New(),
 	)
 
-	err := viperx.Validate(gojsonschema.NewReferenceLoader("file://../../.schemas/config.schema.json"))
+	err := viperx.ValidateFromURL("file://../../.schemas/config.schema.json")
 	if err != nil {
 		viperx.LoggerWithValidationErrorFields(logrus.New(), err).Error("unable to validate")
 	}
@@ -141,7 +143,7 @@ func BenchmarkPipelineEnabled(b *testing.B) {
 		logrus.New(),
 	)
 
-	err := viperx.Validate(gojsonschema.NewReferenceLoader("file://../../.schemas/config.schema.json"))
+	err := viperx.ValidateFromURL("file://../../.schemas/config.schema.json")
 	if err != nil {
 		viperx.LoggerWithValidationErrorFields(logrus.New(), err).Error("unable to validate")
 	}
@@ -164,7 +166,7 @@ func TestViperProvider(t *testing.T) {
 		logrus.New(),
 	)
 
-	err := viperx.Validate(gojsonschema.NewReferenceLoader("file://../../.schemas/config.schema.json"))
+	err := viperx.ValidateFromURL("file://../../.schemas/config.schema.json")
 	if err != nil {
 		viperx.LoggerWithValidationErrorFields(logrus.New(), err).Error("unable to validate")
 	}

diff --git a/go.mod b/go.mod
@@ -36,10 +36,11 @@ require (
 	github.com/ory/gojsonschema v1.2.0
 	github.com/ory/graceful v0.1.1
 	github.com/ory/herodot v0.6.2
+	github.com/ory/jsonschema/v3 v3.0.1
 	github.com/ory/ladon v1.1.0
 	github.com/ory/sdk/swagutil v0.0.0-20200202121523-307941feee4b
 	github.com/ory/viper v1.5.7
-	github.com/ory/x v0.0.93
+	github.com/ory/x v0.0.95
 	github.com/pborman/uuid v1.2.0
 	github.com/pelletier/go-toml v1.6.0 // indirect
 	github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2
@@ -58,7 +59,7 @@ require (
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	golang.org/x/crypto v0.0.0-20200117160349-530e935923ad
 	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
-	golang.org/x/tools v0.0.0-20191224055732-dd894d0a8a40
+	golang.org/x/tools v0.0.0-20200203215610-ab391d50b528
 	gopkg.in/square/go-jose.v2 v2.3.1
 )
 

diff --git a/go.sum b/go.sum
@@ -556,6 +556,8 @@ github.com/ory/graceful v0.1.1 h1:zx+8tDObLPrG+7Tc8jKYlXsqWnLtOQA1IZ/FAAKHMXU=
 github.com/ory/graceful v0.1.1/go.mod h1:zqu70l95WrKHF4AZ6tXHvAqAvpY6M7g6ttaAVcMm7KU=
 github.com/ory/herodot v0.6.2 h1:zOb5MsuMn7AH9/Ewc/EK83yqcNViK1m1l3C2UuP3RcA=
 github.com/ory/herodot v0.6.2/go.mod h1:3BOneqcyBsVybCPAJoi92KN2BpJHcmDqAMcAAaJiJow=
+github.com/ory/jsonschema/v3 v3.0.1 h1:xzV7w2rt/Qn+jvh71joIXNKKOCqqNyTlaIxdxU0IQJc=
+github.com/ory/jsonschema/v3 v3.0.1/go.mod h1:jgLHekkFk0uiGdEWGleC+tOm6JSSP8cbf17PnBuGXlw=
 github.com/ory/ladon v1.0.1/go.mod h1:1VhCA2mBtaMhRUS6VS0d9qrNVDQnFXqSRb5D0NvQUPY=
 github.com/ory/ladon v1.1.0 h1:6tgazU2J3Z3odPs1f0qn729kRXCAtlJROliuWUHedV0=
 github.com/ory/ladon v1.1.0/go.mod h1:25bNc/Glx/8xCH7MbItDxjvviAmFQ+aYxb1V1SE5wlg=
@@ -575,6 +577,8 @@ github.com/ory/x v0.0.91 h1:4sySRGI1dExt3FpvXcnenpagoM6oQeEvboQ53/tcY9g=
 github.com/ory/x v0.0.91/go.mod h1:lfcTaGXpTZs7IEQAW00r9EtTCOxD//SiP5uWtNiz31g=
 github.com/ory/x v0.0.93 h1:lZG4tjrkJ8cxI85463kD7Cq8h1YxZcPVzCkFcu2WXXI=
 github.com/ory/x v0.0.93/go.mod h1:lfcTaGXpTZs7IEQAW00r9EtTCOxD//SiP5uWtNiz31g=
+github.com/ory/x v0.0.95 h1:DBPmINrK39lL0NThrg6iSIV22aTEU44ehHVvRDk5tc4=
+github.com/ory/x v0.0.95/go.mod h1:GJqcabA37FeilLiFIdgN69si/RPnKWPZEzo8K7RTmRo=
 github.com/parnurzeal/gorequest v0.2.15/go.mod h1:3Kh2QUMJoqw3icWAecsyzkpY7UzRfDhbRdTjtNwNiUE=
 github.com/pborman/uuid v1.2.0 h1:J7Q5mO4ysT1dv8hyrUGHb9+ooztCXu1D8MY8DZYsu3g=
 github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
@@ -619,6 +623,8 @@ github.com/santhosh-tekuri/jsonschema/v2 v2.1.0/go.mod h1:yzJzKUGV4RbWqWIBBP4wSO
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/segmentio/analytics-go v3.0.1+incompatible h1:W7T3ieNQjPFMb+SE8SAVYo6mPkKK/Y37wYdiNf5lCVg=
 github.com/segmentio/analytics-go v3.0.1+incompatible/go.mod h1:C7CYBtQWk4vRk2RyLu0qOcbHJ18E3F1HV2C/8JvKN48=
+github.com/segmentio/analytics-go v3.1.0+incompatible h1:IyiOfUgQFVHvsykKKbdI7ZsH374uv3/DfZUo9+G0Z80=
+github.com/segmentio/analytics-go v3.1.0+incompatible/go.mod h1:C7CYBtQWk4vRk2RyLu0qOcbHJ18E3F1HV2C/8JvKN48=
 github.com/segmentio/backo-go v0.0.0-20160424052352-204274ad699c h1:rsRTAcCR5CeNLkvgBVSjQoDGRRt6kggsE6XYBqCv2KQ=
 github.com/segmentio/backo-go v0.0.0-20160424052352-204274ad699c/go.mod h1:kJ9mm9YmoWSkk+oQ+5Cj8DEoRCX2JT6As4kEtIIOp1M=
 github.com/serenize/snaker v0.0.0-20171204205717-a683aaf2d516/go.mod h1:Yow6lPLSAXx2ifx470yD/nUe22Dv5vBvxK/UK9UUTVs=
@@ -703,7 +709,9 @@ github.com/toqueteos/webbrowser v1.2.0 h1:tVP/gpK69Fx+qMJKsLE7TD8LuGWPnEV71wBN9r
 github.com/toqueteos/webbrowser v1.2.0/go.mod h1:XWoZq4cyp9WeUeak7w7LXRUQf1F1ATJMir8RTqb4ayM=
 github.com/uber-go/atomic v1.3.2/go.mod h1:/Ct5t2lcmbJ4OSe/waGBoaVvVqtO0bmtfVNex1PFV8g=
 github.com/uber/jaeger-client-go v2.15.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
+github.com/uber/jaeger-client-go v2.22.1+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
 github.com/uber/jaeger-lib v1.5.0/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
+github.com/uber/jaeger-lib v2.2.0+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
 github.com/unrolled/secure v0.0.0-20180918153822-f340ee86eb8b/go.mod h1:mnPT77IAdsi/kV7+Es7y+pXALeV3h7G6dQF6mNYjcLA=
@@ -726,6 +734,7 @@ go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.1/go.mod h1:Ap50jQcDJrx6rB6VgeeFPtuPIf3wMRvRfrfYDO6+BmA=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.uber.org/atomic v1.5.1/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -761,6 +770,8 @@ golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvx
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -886,8 +897,12 @@ golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgw
 golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190711191110-9a621aea19f8/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI=
 golang.org/x/tools v0.0.0-20191026034945-b2104f82a97d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191224055732-dd894d0a8a40 h1:UyP2XDSgSc8ldYCxAK735zQxeH3Gd81sK7Iy7AoaVxk=
 golang.org/x/tools v0.0.0-20191224055732-dd894d0a8a40/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200203215610-ab391d50b528 h1:iINh7uA444sE+iZXG/dsGMWccpjX751evDOE4UvDiaA=
+golang.org/x/tools v0.0.0-20200203215610-ab391d50b528/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=

diff --git a/rule/engine_regexp.go b/rule/engine_regexp.go
@@ -4,6 +4,7 @@ import (
 	"hash/crc64"
 
 	"github.com/dlclark/regexp2"
+
 	"github.com/ory/ladon/compiler"
 )