docs: update cli reference

sync up cli references

Signed-off-by: ldelossa <ldelossa@redhat.com>

Documentation/reference/config.md

@@ -20,13 +20,16 @@ $ clair -conf ./path/to/config.yaml -mode matcher
     "indexer": runs just the indexer node
     "matcher": runs just the matcher node
     "notifier": runs just the notifier node
-    "combo":	will run both indexer and matcher on the same node.
+    "combo": will run all services on the same node.
 -conf
     (also specified by CLAIR_CONF env variable)
     A file system path to Clair's config file
 ```
 
-The above example starts two Clair nodes using the same configuration. One will only run the indexing facilities while the other will only run the matching facilities.
+The above example starts two Clair nodes using the same configuration. 
+One will only run the indexing facilities while the other will only run the matching facilities.
+
+If running in "combo" mode you **must** supply the `indexer`, `matcher`, and `notifier` configuration blocks in the configuration.
 
 ## Config Reference
 
@@ -40,6 +43,7 @@ indexer:
     layer_scan_concurrency: 0
     migrations: false
     scanner: {}
+    airgap: false
 matcher:
     connstring: ""
     max_conn_pool: 0
@@ -48,6 +52,9 @@ matcher:
     period: ""
     disable_updaters: false
     update_retention: 2
+updaters:
+    sets: nil
+    config: nil
 notifier:
     connstring: ""
     migrations: false
@@ -59,7 +66,8 @@ notifier:
     webhook: null
     amqp: null
     stomp: null
-auth: {}
+auth: 
+  psk: nil
 trace:
     name: ""
     probability: null
@@ -71,7 +79,7 @@ trace:
             username: null
             password: null
         service_name: ""
-        tags: {}
+        tags: nil
         buffer_max: 0
 metrics:
     name: ""
@@ -225,6 +233,44 @@ Defaults to 10
 If a value of 0 is provided GC is disabled.
 ```
 
+### updaters: \<object\>
+
+```
+Updaters provides configuration for the Matcher's update manager.
+```
+
+#### &emsp;sets: []string
+```
+A list of string values informing the update manager which Updaters to run.
+
+If the value is nil the default set of Updaters will run:
+    "alpine"
+    "aws"
+    "debian"
+    "oracle"
+    "photon"
+    "pyupio"
+    "rhel"
+    "suse"
+    "ubuntu"
+
+If an empty list is provided zero updaters will run.
+```
+
+#### &emsp;config: {}
+```
+Provides configuration to specific updater sets.
+
+A map keyed by the name of the updater set name containing a sub-object which will be provided to the updater set's constructor. 
+
+A hypothetical  example:
+  config:
+    ubuntu:
+      security_tracker_url: http://security.url
+      ignore_distributions: 
+        - cosmic
+```
+
 ### notifier: \<object\>
 ```
 Notifier provides Clair Notifier node configuration

config/config.go

@@ -3,9 +3,6 @@ package config
 import (
 	"fmt"
 	"strings"
-
-	"github.com/quay/claircore/libvuln/driver"
-	"gopkg.in/yaml.v3"
 )
 
 // Clair Modes
@@ -53,55 +50,11 @@ type Config struct {
 	LogLevel string   `yaml:"log_level" json:"log_level"`
 	Indexer  Indexer  `yaml:"indexer" json:"indexer"`
 	Matcher  Matcher  `yaml:"matcher" json:"matcher"`
+	Updaters Updaters `yaml:"updaters,omitempty" json:"updaters,omitempty"`
 	Notifier Notifier `yaml:"notifier" json:"notifier"`
 	Auth     Auth     `yaml:"auth" json:"auth"`
 	Trace    Trace    `yaml:"trace" json:"trace"`
 	Metrics  Metrics  `yaml:"metrics" json:"metrics"`
-	Updaters Updaters `yaml:"updaters,omitempty" json:"updaters,omitempty"`
-}
-
-// Updaters configures updater behavior.
-type Updaters struct {
-	// A slice of strings representing which
-	// updaters will be used.
-	//
-	// If nil all default UpdaterSets will be used
-	//
-	// The following sets are supported by default:
-	// "alpine"
-	// "aws"
-	// "debian"
-	// "oracle"
-	// "photon"
-	// "pyupio"
-	// "rhel"
-	// "suse"
-	// "ubuntu"
-	Sets []string `yaml:"sets,omitempty" json:"sets,omitempty"`
-	// Config holds configuration blocks for UpdaterFactories and Updaters,
-	// keyed by name.
-	//
-	// These are defined by the updater implementation and can't be documented
-	// here. Improving the documentation for these is an open issue.
-	Config map[string]yaml.Node `yaml:"config" json:"config"`
-	// Filter is a regexp that disallows updaters that do not match from
-	// running.
-	Filter string `yaml:"filter" json:"filter"`
-}
-
-func (u *Updaters) FilterSets(m map[string]driver.UpdaterSetFactory) {
-	if u.Sets != nil {
-	Outer:
-		for k := range m {
-			for _, n := range u.Sets {
-				if k == n {
-					continue Outer
-				}
-			}
-			delete(m, k)
-		}
-	}
-	return
 }
 
 // Validate confirms the necessary values to support

config/updaters.go

@@ -0,0 +1,53 @@
+package config
+
+import (
+	"github.com/quay/claircore/libvuln/driver"
+	"gopkg.in/yaml.v3"
+)
+
+// Updaters configures updater behavior.
+type Updaters struct {
+	// A slice of strings representing which
+	// updaters will be used.
+	//
+	// If nil all default UpdaterSets will be used
+	//
+	// The following sets are supported by default:
+	// "alpine"
+	// "aws"
+	// "debian"
+	// "oracle"
+	// "photon"
+	// "pyupio"
+	// "rhel"
+	// "suse"
+	// "ubuntu"
+	Sets []string `yaml:"sets,omitempty" json:"sets,omitempty"`
+	// Config holds configuration blocks for UpdaterFactories and Updaters,
+	// keyed by name.
+	//
+	// These are defined by the updater implementation and can't be documented
+	// here. Improving the documentation for these is an open issue.
+	Config map[string]yaml.Node `yaml:"config" json:"config"`
+	// Filter is a regexp that disallows updaters that do not match from
+	// running.
+	// TODO(louis): this is only used in clairctl, should we keep this?
+	// it may offer an escape hatch for a particular updater name
+	// from running, vs disabling the updater set completely.
+	Filter string `yaml:"filter" json:"filter"`
+}
+
+func (u *Updaters) FilterSets(m map[string]driver.UpdaterSetFactory) {
+	if u.Sets != nil {
+	Outer:
+		for k := range m {
+			for _, n := range u.Sets {
+				if k == n {
+					continue Outer
+				}
+			}
+			delete(m, k)
+		}
+	}
+	return
+}