feat: add feature to read config from env variables

soerenschneider · Mar 1, 2024 · e3680dd · e3680dd
1 parent 96f7f94
commit e3680dd
Show file tree

Hide file tree

Showing 7 changed files with 45 additions and 80 deletions.
diff --git a/acmevault-config.yaml b/acmevault-config.yaml
diff --git a/cmd/main.go b/cmd/main.go
@@ -22,7 +22,7 @@ import (
 func main() {
 	configPath := parseCli()
 	log.Info().Msgf("acmevault-server version %s, commit %s", internal.BuildVersion, internal.CommitHash)
-	conf, err := config.Read(configPath)
+	conf, err := config.GetConfig(configPath)
 	if err != nil {
 		log.Fatal().Err(err).Msgf("Could not load config")
 	}
@@ -36,7 +36,7 @@ func main() {
 }
 
 const (
-	envConfFile = "ACME_VAULT_CONFIG_FILE"
+	envConfFile = "ACMEVAULT_CONFIG_FILE"
 	cliConfFile = "config"
 	cliVersion  = "version"
 )

diff --git a/contrib/config.yaml b/contrib/config.yaml
@@ -5,6 +5,7 @@ domains:
       - domain4.tld
   - domain: domain2.tld
 email: my@email.tld
+acmeUrl: https://acme-staging-v02.api.letsencrypt.org/directory
 vault:
   authMethod: approle
   addr: https://vault:8200

diff --git a/go.mod b/go.mod
@@ -32,6 +32,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/sts v1.26.6 // indirect
 	github.com/aws/smithy-go v1.19.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/caarlos0/env/v10 v10.0.0 // indirect
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
 	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect

diff --git a/go.sum b/go.sum
@@ -30,6 +30,8 @@ github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
+github.com/caarlos0/env/v10 v10.0.0 h1:yIHUBZGsyqCnpTkbjk8asUlx6RFhhEs+h7TOBdgdzXA=
+github.com/caarlos0/env/v10 v10.0.0/go.mod h1:ZfulV76NvVPw3tm591U4SwL3Xx9ldzBP9aGxzeN7G18=
 github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
 github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=

diff --git a/internal/config/server.go b/internal/config/server.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/caarlos0/env/v10"
 	"gopkg.in/yaml.v3"
 )
 
@@ -16,14 +17,14 @@ var (
 )
 
 type AcmeVaultConfig struct {
-	Vault                VaultConfig     `yaml:"vault" validate:"required"`
-	AcmeEmail            string          `yaml:"email" validate:"required,email"`
-	AcmeUrl              string          `yaml:"acmeUrl" validate:"required,oneof=https://acme-v02.api.letsencrypt.org/directory https://acme-staging-v02.api.letsencrypt.org/directory"`
-	AcmeDnsProvider      string          `yaml:"acmeDnsProvider"`
-	AcmeCustomDnsServers []string        `yaml:"acmeCustomDnsServers,omitempty" validate:"dive,ip"`
-	IntervalSeconds      int             `yaml:"intervalSeconds" validate:"min=3600,max=86400"`
+	Vault                VaultConfig     `yaml:"vault" envPrefix:"VAULT_" validate:"required"`
+	AcmeEmail            string          `yaml:"email" env:"ACME_EMAIL" validate:"required,email"`
+	AcmeUrl              string          `yaml:"acmeUrl" env:"ACME_URL" validate:"required,oneof=https://acme-v02.api.letsencrypt.org/directory https://acme-staging-v02.api.letsencrypt.org/directory"`
+	AcmeDnsProvider      string          `yaml:"acmeDnsProvider" env:"ACME_DNS_PROVIDER"`
+	AcmeCustomDnsServers []string        `yaml:"acmeCustomDnsServers,omitempty" env:"ACME_CUSTOM_DNS_SERVERS" validate:"dive,ip"`
+	IntervalSeconds      int             `yaml:"intervalSeconds" env:"INTERVAL_SECONDS" validate:"min=3600,max=86400"`
 	Domains              []DomainsConfig `yaml:"domains" validate:"required,dive"`
-	MetricsAddr          string          `yaml:"metricsAddr" validate:"omitempty,tcp_addr"`
+	MetricsAddr          string          `yaml:"metricsAddr" env:"METRICS_ADDR" validate:"omitempty,tcp_addr"`
 }
 
 type DomainsConfig struct {
@@ -52,7 +53,7 @@ func getDefaultConfig() AcmeVaultConfig {
 	}
 }
 
-func Read(path string) (AcmeVaultConfig, error) {
+func read(path string) (AcmeVaultConfig, error) {
 	conf := getDefaultConfig()
 	content, err := os.ReadFile(path)
 	if err != nil {
@@ -62,3 +63,20 @@ func Read(path string) (AcmeVaultConfig, error) {
 	err = yaml.Unmarshal(content, &conf)
 	return conf, err
 }
+
+func GetConfig(path string) (AcmeVaultConfig, error) {
+	conf, err := read(path)
+	if err != nil {
+		return AcmeVaultConfig{}, err
+	}
+
+	opts := env.Options{
+		Prefix: "ACMEVAULT_",
+	}
+
+	if err := env.ParseWithOptions(&conf, opts); err != nil {
+		return AcmeVaultConfig{}, err
+	}
+
+	return conf, nil
+}
diff --git a/internal/config/vault.go b/internal/config/vault.go
@@ -11,24 +11,24 @@ import (
 var validate = validator.New()
 
 type VaultConfig struct {
-	Addr       string `yaml:"addr" validate:"required,http_url"`
-	AuthMethod string `yaml:"authMethod" validate:"required,oneof=token approle kubernetes implicit"`
-	Token      string `yaml:"token" validate:"required_if=AuthMethod 'token'"`
+	Addr       string `yaml:"addr" env:"ADDR" validate:"required,http_url"`
+	AuthMethod string `yaml:"authMethod" env:"AUTH_METHOD" validate:"required,oneof=token approle kubernetes implicit"`
+	Token      string `yaml:"token" env:"TOKEN" validate:"required_if=AuthMethod 'token'"`
 
-	RoleId       string `yaml:"roleId" validate:"required_if=AuthMethod 'approle'"`
-	SecretId     string `yaml:"secretId" validate:"excluded_unless=SecretIdFile '',required_if=SecretIdFile '' AuthMethod 'approle'"`
-	SecretIdFile string `yaml:"secretIdFile" validate:"excluded_unless=SecretId '',required_if=SecretId '' AuthMethod 'approle'"`
+	RoleId       string `yaml:"roleId" env:"APPROLE_ROLE_ID" validate:"required_if=AuthMethod 'approle'"`
+	SecretId     string `yaml:"secretId" env:"APPROLE_SECRET_ID" validate:"excluded_unless=SecretIdFile '',required_if=SecretIdFile '' AuthMethod 'approle'"`
+	SecretIdFile string `yaml:"secretIdFile" env:"APPROLE_SECRET_ID_FILE" validate:"excluded_unless=SecretId '',required_if=SecretId '' AuthMethod 'approle'"`
 
-	K8sRoleId    string `yaml:"k8sRoleId" validate:"required_if=AuthMethod 'kubernetes'"`
-	K8sMountPath string `yaml:"k8sMountPath"`
+	K8sRoleId    string `yaml:"k8sRoleId" env:"K8S_ROLE_ID" validate:"required_if=AuthMethod 'kubernetes'"`
+	K8sMountPath string `yaml:"k8sMountPath" env:"K8S_MOUNT" `
 
-	PathPrefix       string `yaml:"pathPrefix" validate:"required,startsnotwith=/,startsnotwith=/secret,endsnotwith=/,ne=acmevault"`
-	DomainPathFormat string `yaml:"domainPathFormat" validate:"omitempty,containsrune=%"`
+	PathPrefix       string `yaml:"pathPrefix" env:"PATH_PREFIX" validate:"required,startsnotwith=/,startsnotwith=/secret,endsnotwith=/,ne=acmevault"`
+	DomainPathFormat string `yaml:"domainPathFormat" env:"DOMAIN_PATH_FORMAT" validate:"omitempty,containsrune=%"`
 
-	Kv2MountPath string `yaml:"kv2MountPath" validate:"required,endsnotwith=/,startsnotwith=/"`
+	Kv2MountPath string `yaml:"kv2MountPath" env:"KV2_MOUNT" validate:"required,endsnotwith=/,startsnotwith=/"`
 
-	AwsMountPath string `yaml:"awsMountPath" validate:"required,endsnotwith=/,startsnotwith=/"`
-	AwsRole      string `yaml:"awsRole" validate:"required"`
+	AwsMountPath string `yaml:"awsMountPath" env:"AWS_MOUNT" validate:"required,endsnotwith=/,startsnotwith=/"`
+	AwsRole      string `yaml:"awsRole" env:"AWS_ROLE" validate:"required"`
 }
 
 func (conf *VaultConfig) Print() {