diff options
author | Mike Crute <mike@crute.us> | 2022-12-21 22:06:29 -0800 |
---|---|---|
committer | Mike Crute <mike@crute.us> | 2022-12-21 22:06:29 -0800 |
commit | ed1504c2826f6a5d406dd72e51f5a90b77ffea45 (patch) | |
tree | 159733ceaf63026d36c39117fff6159e6247bed7 /app | |
parent | e5629fb163c7cf303438afc5be6075299cfc6071 (diff) | |
download | cloud-identity-broker-ed1504c2826f6a5d406dd72e51f5a90b77ffea45.tar.bz2 cloud-identity-broker-ed1504c2826f6a5d406dd72e51f5a90b77ffea45.tar.xz cloud-identity-broker-ed1504c2826f6a5d406dd72e51f5a90b77ffea45.zip |
Upgrade to latest golib
Diffstat (limited to 'app')
-rw-r--r-- | app/config.go | 92 | ||||
-rw-r--r-- | app/middleware/server_header.go | 16 | ||||
-rw-r--r-- | app/models/account.go | 2 | ||||
-rw-r--r-- | app/models/user.go | 2 | ||||
-rw-r--r-- | app/urls.go | 1 |
5 files changed, 40 insertions, 73 deletions
diff --git a/app/config.go b/app/config.go index 6565863..b8c8d51 100644 --- a/app/config.go +++ b/app/config.go | |||
@@ -1,12 +1,7 @@ | |||
1 | package app | 1 | package app |
2 | 2 | ||
3 | import ( | 3 | import ( |
4 | "log" | ||
5 | "time" | 4 | "time" |
6 | |||
7 | "code.crute.us/mcrute/golib/cli" | ||
8 | "code.crute.us/mcrute/golib/vault" | ||
9 | "github.com/spf13/cobra" | ||
10 | ) | 5 | ) |
11 | 6 | ||
12 | type GitHubOauthCreds struct { | 7 | type GitHubOauthCreds struct { |
@@ -15,56 +10,43 @@ type GitHubOauthCreds struct { | |||
15 | } | 10 | } |
16 | 11 | ||
17 | type Config struct { | 12 | type Config struct { |
18 | Bind []string | 13 | Bind []string `flag:"bind" flag-scope:"web" flag-help:"Addresses and ports to bind http server"` |
19 | BindTLS []string | 14 | Debug bool `flag:"debug" flag-help:"Enable debug mode"` |
20 | Debug bool | 15 | MongoDbUri string `flag:"mongodb-uri" flag-help:"URI for connection to mongodb"` |
21 | TemplateGlob string | 16 | LogFile string `flag:"log-file" flag-scope:"web" flag-help:"Log file for combined host logs"` |
22 | TemplatePath string | 17 | TrustedIPRanges []string `flag:"trusted-ip-ranges" flag-scope:"web" flag-help:"Comma separated list of IP ranges for trusted XFF proxies"` |
23 | MongoDbUri string | 18 | Hostnames []string `flag:"hostname" flag-scope:"web" flag-help:"Hostname this server serves (can be specified multiple times)"` |
24 | MongodbVaultPath string | 19 | DisableBackgroundJobs bool `flag:"disable-bg-jobs" flag-help:"Disable background jobs and only serve web pages"` |
25 | LogFile string | 20 | RateLimit time.Duration `flag:"rate-limit" flag-help:"Number seconds between requests for credential resources"` |
26 | TLSCacheDir string | 21 | RateLimitBurst int `flag:"rate-limit-burst" flag-help:"Number of burst requests allowed to credential endpoints"` |
27 | TrustedIPRanges []string | 22 | IssuerEndpoint string `flag:"issuer-endpoint" flag-help:"Oauth issuer endpoint"` |
28 | ManagementIPRanges []string | 23 | JWTAudience string `flag:"jwt-audience" flag-help:"Audience for issued JWTs"` |
29 | Hostnames []string | 24 | AuthCookieDuration time.Duration `flag:"auth-cookie-duration" flag-help:"Expiration duration of the auth cookies"` |
30 | DisableBackgroundJobs bool | 25 | GitHubOauthCreds string `flag:"github-oauth-vault-path" flag-help:"Vault material name for GitHub auth credentials"` |
31 | RateLimit time.Duration | 26 | DNSApiKeyVaultPath string `flag:"dns-api-vault-path" flag-help:"Vault material for DNS API key"` |
32 | RateLimitBurst int | 27 | AutocertEmail string `flag:"autocert-email" flag-scope:"web" flag-help:"Autocert notification email"` |
33 | IssuerEndpoint string | 28 | AutocertHost string `flag:"autocert-host" flag-scope:"web" flag-help:"Autocert service url"` |
34 | JWTAudience string | 29 | NetboxHost string `flag:"netbox-host" flag-scope:"web" flag-help:"Netbox service url"` |
35 | AuthCookieDuration time.Duration | 30 | NetboxApiKeyVaultPath string `flag:"netbox-api-vault-path" flag-scope:"web" flag-help:"Vault material path for Netbox API key"` |
36 | GitHubOauthCreds *GitHubOauthCreds | ||
37 | } | 31 | } |
38 | 32 | ||
39 | func NewConfigFromCmd(cmd *cobra.Command) Config { | 33 | var DefaultConfig = &Config{ |
40 | f := cli.TolerantPflagSet{cmd.Flags()} | 34 | Bind: []string{":8169"}, |
41 | 35 | Debug: false, | |
42 | var githubOauth GitHubOauthCreds | 36 | MongoDbUri: "cloud-id-broker-prod-dynamic@mongodb.sea4.crute.me/cloud-id-broker-prod", |
43 | oauthPath := f.MayGetString("github-oauth-vault-path") | 37 | LogFile: "", |
44 | err := vault.GetVaultKeyStruct(oauthPath, &githubOauth) | 38 | TrustedIPRanges: []string{"172.19.0.0/22", "2602:803:4072::/48"}, |
45 | if err != nil { | 39 | Hostnames: []string{"aws-access.crute.me"}, |
46 | log.Fatalf("Error getting %s from vault: %w", oauthPath, err) | 40 | DisableBackgroundJobs: false, |
47 | } | 41 | RateLimit: 30 * time.Second, |
48 | 42 | RateLimitBurst: 30, | |
49 | return Config{ | 43 | IssuerEndpoint: "https://aws-access.crute.me", |
50 | Bind: f.MayGetStringSlice("bind"), | 44 | JWTAudience: "aws-access", |
51 | BindTLS: f.MayGetStringSlice("bind-tls"), | 45 | AuthCookieDuration: 24 * time.Hour, |
52 | Debug: f.MayGetBool("debug"), | 46 | GitHubOauthCreds: "service/aws-access/github-oauth", |
53 | TemplateGlob: f.MayGetString("template-glob"), | 47 | DNSApiKeyVaultPath: "service/aws-access/dns-api-key", |
54 | TemplatePath: f.MayGetString("template-path"), | 48 | AutocertEmail: "letsencrypt-certs@pomonaconsulting.com", |
55 | MongoDbUri: f.MayGetString("mongodb-uri"), | 49 | AutocertHost: "https://dns-manage.crute.me/acmev2", |
56 | MongodbVaultPath: f.MayGetString("mongodb-vault-path"), | 50 | NetboxHost: "https://netbox.crute.me", |
57 | DisableBackgroundJobs: f.MayGetBool("disable-bg-jobs"), | 51 | NetboxApiKeyVaultPath: "infra/netbox-readonly", |
58 | TrustedIPRanges: f.MayGetStringSlice("trusted-ip-ranges"), | ||
59 | ManagementIPRanges: f.MayGetStringSlice("management-ip-ranges"), | ||
60 | Hostnames: f.MayGetStringSlice("hostname"), | ||
61 | LogFile: f.MayGetString("log-file"), | ||
62 | TLSCacheDir: f.MayGetString("tls-cache-dir"), | ||
63 | RateLimit: f.MayGetDuration("rate-limit"), | ||
64 | RateLimitBurst: f.MayGetInt("rate-limit-burst"), | ||
65 | IssuerEndpoint: f.MayGetString("issuer-endpoint"), | ||
66 | JWTAudience: f.MayGetString("jwt-audience"), | ||
67 | AuthCookieDuration: f.MayGetDuration("auth-cookie-duration"), | ||
68 | GitHubOauthCreds: &githubOauth, | ||
69 | } | ||
70 | } | 52 | } |
diff --git a/app/middleware/server_header.go b/app/middleware/server_header.go deleted file mode 100644 index 7ccbbda..0000000 --- a/app/middleware/server_header.go +++ /dev/null | |||
@@ -1,16 +0,0 @@ | |||
1 | package middleware | ||
2 | |||
3 | import ( | ||
4 | "fmt" | ||
5 | |||
6 | "github.com/labstack/echo/v4" | ||
7 | ) | ||
8 | |||
9 | func AddServerHeader(version string) echo.MiddlewareFunc { | ||
10 | return func(next echo.HandlerFunc) echo.HandlerFunc { | ||
11 | return func(c echo.Context) error { | ||
12 | c.Response().Header().Add("Server", fmt.Sprintf("cloud-identity-broker/%s", version)) | ||
13 | return next(c) | ||
14 | } | ||
15 | } | ||
16 | } | ||
diff --git a/app/models/account.go b/app/models/account.go index 61b144d..af29c3e 100644 --- a/app/models/account.go +++ b/app/models/account.go | |||
@@ -4,7 +4,7 @@ import ( | |||
4 | "context" | 4 | "context" |
5 | "time" | 5 | "time" |
6 | 6 | ||
7 | "code.crute.us/mcrute/golib/db/mongodb" | 7 | "code.crute.us/mcrute/golib/db/mongodb/v2" |
8 | "go.mongodb.org/mongo-driver/bson" | 8 | "go.mongodb.org/mongo-driver/bson" |
9 | "go.mongodb.org/mongo-driver/bson/primitive" | 9 | "go.mongodb.org/mongo-driver/bson/primitive" |
10 | ) | 10 | ) |
diff --git a/app/models/user.go b/app/models/user.go index eb0ccbf..516c376 100644 --- a/app/models/user.go +++ b/app/models/user.go | |||
@@ -4,7 +4,7 @@ import ( | |||
4 | "context" | 4 | "context" |
5 | "time" | 5 | "time" |
6 | 6 | ||
7 | "code.crute.us/mcrute/golib/db/mongodb" | 7 | "code.crute.us/mcrute/golib/db/mongodb/v2" |
8 | "go.mongodb.org/mongo-driver/bson" | 8 | "go.mongodb.org/mongo-driver/bson" |
9 | "go.mongodb.org/mongo-driver/bson/primitive" | 9 | "go.mongodb.org/mongo-driver/bson/primitive" |
10 | "golang.org/x/oauth2" | 10 | "golang.org/x/oauth2" |
diff --git a/app/urls.go b/app/urls.go index 8cceb37..5e2465b 100644 --- a/app/urls.go +++ b/app/urls.go | |||
@@ -2,6 +2,7 @@ package app | |||
2 | 2 | ||
3 | import ( | 3 | import ( |
4 | glecho "code.crute.us/mcrute/golib/echo" | 4 | glecho "code.crute.us/mcrute/golib/echo" |
5 | |||
5 | "github.com/labstack/echo/v4" | 6 | "github.com/labstack/echo/v4" |
6 | ) | 7 | ) |
7 | 8 | ||