/
main.go
134 lines (110 loc) · 3.15 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
package main
import (
"crypto/tls"
"fmt"
"io/ioutil"
"log"
"net/http"
"os"
"cloud.google.com/go/pubsub"
"code.cloudfoundry.org/clock"
"code.cloudfoundry.org/lager"
flags "github.com/jessevdk/go-flags"
"github.com/robdimsdale/honeylager"
"github.com/tedsuo/ifrit"
"github.com/tedsuo/ifrit/grouper"
"github.com/tedsuo/ifrit/http_server"
"github.com/tedsuo/ifrit/sigmon"
"golang.org/x/net/context"
"cred-alert/config"
"cred-alert/crypto"
"cred-alert/ingestor"
"cred-alert/metrics"
"cred-alert/queue"
"cred-alert/revok"
)
func main() {
var cfg *config.IngestorConfig
var flagOpts config.IngestorOpts
logger := lager.NewLogger("revok-ingestor")
logger.RegisterSink(lager.NewWriterSink(os.Stdout, lager.INFO))
logger.Debug("starting")
_, err := flags.Parse(&flagOpts)
if err != nil {
os.Exit(1)
}
bs, err := ioutil.ReadFile(string(flagOpts.ConfigFile))
if err != nil {
logger.Error("failed-opening-config-file", err)
os.Exit(1)
}
cfg, err = config.LoadIngestorConfig(bs)
if err != nil {
logger.Error("failed-loading-config", err)
os.Exit(1)
}
errs := cfg.Validate()
if errs != nil {
for _, err := range errs {
fmt.Println(err.Error())
}
os.Exit(1)
}
if cfg.IsSentryConfigured() {
logger.RegisterSink(revok.NewSentrySink(cfg.Metrics.SentryDSN, cfg.Metrics.Environment))
}
if cfg.Metrics.HoneycombWriteKey != "" && cfg.Metrics.Environment != "" {
s := honeylager.NewSink(cfg.Metrics.HoneycombWriteKey, cfg.Metrics.Environment, lager.DEBUG)
defer s.Close()
logger.RegisterSink(s)
}
emitter := metrics.BuildEmitter(cfg.Metrics.DatadogAPIKey, cfg.Metrics.Environment)
pubSubClient, err := pubsub.NewClient(context.Background(), cfg.PubSub.ProjectName)
if err != nil {
logger.Fatal("failed", err)
os.Exit(1)
}
topic := pubSubClient.Topic(cfg.PubSub.Topic)
defer topic.Stop()
privateKey, err := crypto.ReadRSAPrivateKey(string(cfg.PubSub.PrivateKeyPath))
if err != nil {
logger.Fatal("failed", err)
os.Exit(1)
}
signer := crypto.NewRSASigner(privateKey)
enqueuer := queue.NewPubSubEnqueuer(logger, topic, signer)
in := ingestor.NewIngestor(enqueuer, emitter)
clk := clock.NewClock()
router := http.NewServeMux()
router.Handle("/webhook", ingestor.NewHandler(logger, in, clk, emitter, cfg.GitHub.WebhookSecretTokens))
router.Handle("/healthcheck", revok.NewObliviousHealthCheck())
certificate, err := config.LoadCertificateFromFiles(
cfg.Identity.CertificatePath,
cfg.Identity.PrivateKeyPath,
cfg.Identity.PrivateKeyPassphrase,
)
if err != nil {
log.Fatalln(err)
}
caCertPool, err := config.LoadCertificatePoolFromFiles(cfg.Identity.CACertificatePath)
if err != nil {
log.Fatalln(err)
}
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{certificate},
RootCAs: caCertPool,
}
apiServer := http_server.NewTLSServer(fmt.Sprintf(":%d", cfg.Port), router, tlsConfig)
members := []grouper.Member{
{"api", apiServer},
}
runner := sigmon.New(grouper.NewParallel(os.Interrupt, members))
serverLogger := logger.Session("server", lager.Data{
"port": cfg.Port,
})
serverLogger.Info("starting")
err = <-ifrit.Invoke(runner).Wait()
if err != nil {
serverLogger.Error("failed", err)
}
}