1 files changed, 37 insertions, 55 deletions
diff --git a/app/config.go b/app/config.go
index 6565863..b8c8d51 100644
--- a/app/config.go
+++ b/app/config.go
@@ -1,12 +1,7 @@
 package app
 import (
-        "log"
        "time"
-        "code.crute.us/mcrute/golib/cli"
-        "code.crute.us/mcrute/golib/vault"
-        "github.com/spf13/cobra"
 )
 type GitHubOauthCreds struct {
@@ -15,56 +10,43 @@ type GitHubOauthCreds struct {
 }
 type Config struct {
-        Bind                  []string
+        Bind                  []string      `flag:"bind" flag-scope:"web" flag-help:"Addresses and ports to bind http server"`
-        BindTLS               []string
+        Debug                 bool          `flag:"debug" flag-help:"Enable debug mode"`
-        Debug                 bool
+        MongoDbUri            string        `flag:"mongodb-uri" flag-help:"URI for connection to mongodb"`
-        TemplateGlob          string
+        LogFile               string        `flag:"log-file" flag-scope:"web" flag-help:"Log file for combined host logs"`
-        TemplatePath          string
+        TrustedIPRanges       []string      `flag:"trusted-ip-ranges" flag-scope:"web" flag-help:"Comma separated list of IP ranges for trusted XFF proxies"`
-        MongoDbUri            string
+        Hostnames             []string      `flag:"hostname" flag-scope:"web" flag-help:"Hostname this server serves (can be specified multiple times)"`
-        MongodbVaultPath      string
+        DisableBackgroundJobs bool          `flag:"disable-bg-jobs" flag-help:"Disable background jobs and only serve web pages"`
-        LogFile               string
+        RateLimit             time.Duration `flag:"rate-limit" flag-help:"Number seconds between requests for credential resources"`
-        TLSCacheDir           string
+        RateLimitBurst        int           `flag:"rate-limit-burst" flag-help:"Number of burst requests allowed to credential endpoints"`
-        TrustedIPRanges       []string
+        IssuerEndpoint        string        `flag:"issuer-endpoint" flag-help:"Oauth issuer endpoint"`
-        ManagementIPRanges    []string
+        JWTAudience           string        `flag:"jwt-audience" flag-help:"Audience for issued JWTs"`
-        Hostnames             []string
+        AuthCookieDuration    time.Duration `flag:"auth-cookie-duration" flag-help:"Expiration duration of the auth cookies"`
-        DisableBackgroundJobs bool
+        GitHubOauthCreds      string        `flag:"github-oauth-vault-path" flag-help:"Vault material name for GitHub auth credentials"`
-        RateLimit             time.Duration
+        DNSApiKeyVaultPath    string        `flag:"dns-api-vault-path" flag-help:"Vault material for DNS API key"`
-        RateLimitBurst        int
+        AutocertEmail         string        `flag:"autocert-email" flag-scope:"web" flag-help:"Autocert notification email"`
-        IssuerEndpoint        string
+        AutocertHost          string        `flag:"autocert-host" flag-scope:"web" flag-help:"Autocert service url"`
-        JWTAudience           string
+        NetboxHost            string        `flag:"netbox-host" flag-scope:"web" flag-help:"Netbox service url"`
-        AuthCookieDuration    time.Duration
+        NetboxApiKeyVaultPath string        `flag:"netbox-api-vault-path" flag-scope:"web" flag-help:"Vault material path for Netbox API key"`
-        GitHubOauthCreds      *GitHubOauthCreds
 }
-func NewConfigFromCmd(cmd *cobra.Command) Config {
+var DefaultConfig = &Config{
-        f := cli.TolerantPflagSet{cmd.Flags()}
+        Bind:                  []string{":8169"},
+        Debug:                 false,
-        var githubOauth GitHubOauthCreds
+        MongoDbUri:            "cloud-id-broker-prod-dynamic@mongodb.sea4.crute.me/cloud-id-broker-prod",
-        oauthPath := f.MayGetString("github-oauth-vault-path")
+        LogFile:               "",
-        err := vault.GetVaultKeyStruct(oauthPath, &githubOauth)
+        TrustedIPRanges:       []string{"172.19.0.0/22", "2602:803:4072::/48"},
-        if err != nil {
+        Hostnames:             []string{"aws-access.crute.me"},
-                log.Fatalf("Error getting %s from vault: %w", oauthPath, err)
+        DisableBackgroundJobs: false,
-        }
+        RateLimit:             30 * time.Second,
+        RateLimitBurst:        30,
-        return Config{
+        IssuerEndpoint:        "https://aws-access.crute.me",
-                Bind:                  f.MayGetStringSlice("bind"),
+        JWTAudience:           "aws-access",
-                BindTLS:               f.MayGetStringSlice("bind-tls"),
+        AuthCookieDuration:    24 * time.Hour,
-                Debug:                 f.MayGetBool("debug"),
+        GitHubOauthCreds:      "service/aws-access/github-oauth",
-                TemplateGlob:          f.MayGetString("template-glob"),
+        DNSApiKeyVaultPath:    "service/aws-access/dns-api-key",
-                TemplatePath:          f.MayGetString("template-path"),
+        AutocertEmail:         "letsencrypt-certs@pomonaconsulting.com",
-                MongoDbUri:            f.MayGetString("mongodb-uri"),
+        AutocertHost:          "https://dns-manage.crute.me/acmev2",
-                MongodbVaultPath:      f.MayGetString("mongodb-vault-path"),
+        NetboxHost:            "https://netbox.crute.me",
-                DisableBackgroundJobs: f.MayGetBool("disable-bg-jobs"),
+        NetboxApiKeyVaultPath: "infra/netbox-readonly",
-                TrustedIPRanges:       f.MayGetStringSlice("trusted-ip-ranges"),
-                ManagementIPRanges:    f.MayGetStringSlice("management-ip-ranges"),
-                Hostnames:             f.MayGetStringSlice("hostname"),
-                LogFile:               f.MayGetString("log-file"),
-                TLSCacheDir:           f.MayGetString("tls-cache-dir"),
-                RateLimit:             f.MayGetDuration("rate-limit"),
-                RateLimitBurst:        f.MayGetInt("rate-limit-burst"),
-                IssuerEndpoint:        f.MayGetString("issuer-endpoint"),
-                JWTAudience:           f.MayGetString("jwt-audience"),
-                AuthCookieDuration:    f.MayGetDuration("auth-cookie-duration"),
-                GitHubOauthCreds:      &githubOauth,
-        }
 }

diff --git a/app/config.go b/app/config.go index 6565863..b8c8d51 100644 --- a/app/config.go +++ b/app/config.go
@@ -1,12 +1,7 @@
1	package app	1	package app
2		2
3	import (	3	import (
4	"log"
5	"time"	4	"time"
6
7	"code.crute.us/mcrute/golib/cli"
8	"code.crute.us/mcrute/golib/vault"
9	"github.com/spf13/cobra"
10	)	5	)
11		6
12	type GitHubOauthCreds struct {	7	type GitHubOauthCreds struct {
@@ -15,56 +10,43 @@ type GitHubOauthCreds struct {
15	}	10	}
16		11
17	type Config struct {	12	type Config struct {
18	Bind []string	13	Bind []string `flag:"bind" flag-scope:"web" flag-help:"Addresses and ports to bind http server"`
19	BindTLS []string	14	Debug bool `flag:"debug" flag-help:"Enable debug mode"`
20	Debug bool	15	MongoDbUri string `flag:"mongodb-uri" flag-help:"URI for connection to mongodb"`
21	TemplateGlob string	16	LogFile string `flag:"log-file" flag-scope:"web" flag-help:"Log file for combined host logs"`
22	TemplatePath string	17	TrustedIPRanges []string `flag:"trusted-ip-ranges" flag-scope:"web" flag-help:"Comma separated list of IP ranges for trusted XFF proxies"`
23	MongoDbUri string	18	Hostnames []string `flag:"hostname" flag-scope:"web" flag-help:"Hostname this server serves (can be specified multiple times)"`
24	MongodbVaultPath string	19	DisableBackgroundJobs bool `flag:"disable-bg-jobs" flag-help:"Disable background jobs and only serve web pages"`
25	LogFile string	20	RateLimit time.Duration `flag:"rate-limit" flag-help:"Number seconds between requests for credential resources"`
26	TLSCacheDir string	21	RateLimitBurst int `flag:"rate-limit-burst" flag-help:"Number of burst requests allowed to credential endpoints"`
27	TrustedIPRanges []string	22	IssuerEndpoint string `flag:"issuer-endpoint" flag-help:"Oauth issuer endpoint"`
28	ManagementIPRanges []string	23	JWTAudience string `flag:"jwt-audience" flag-help:"Audience for issued JWTs"`
29	Hostnames []string	24	AuthCookieDuration time.Duration `flag:"auth-cookie-duration" flag-help:"Expiration duration of the auth cookies"`
30	DisableBackgroundJobs bool	25	GitHubOauthCreds string `flag:"github-oauth-vault-path" flag-help:"Vault material name for GitHub auth credentials"`
31	RateLimit time.Duration	26	DNSApiKeyVaultPath string `flag:"dns-api-vault-path" flag-help:"Vault material for DNS API key"`
32	RateLimitBurst int	27	AutocertEmail string `flag:"autocert-email" flag-scope:"web" flag-help:"Autocert notification email"`
33	IssuerEndpoint string	28	AutocertHost string `flag:"autocert-host" flag-scope:"web" flag-help:"Autocert service url"`
34	JWTAudience string	29	NetboxHost string `flag:"netbox-host" flag-scope:"web" flag-help:"Netbox service url"`
35	AuthCookieDuration time.Duration	30	NetboxApiKeyVaultPath string `flag:"netbox-api-vault-path" flag-scope:"web" flag-help:"Vault material path for Netbox API key"`
36	GitHubOauthCreds *GitHubOauthCreds
37	}	31	}
38		32
39	func NewConfigFromCmd(cmd *cobra.Command) Config {	33	var DefaultConfig = &Config{
40	f := cli.TolerantPflagSet{cmd.Flags()}	34	Bind: []string{":8169"},
41		35	Debug: false,
42	var githubOauth GitHubOauthCreds	36	MongoDbUri: "cloud-id-broker-prod-dynamic@mongodb.sea4.crute.me/cloud-id-broker-prod",
43	oauthPath := f.MayGetString("github-oauth-vault-path")	37	LogFile: "",
44	err := vault.GetVaultKeyStruct(oauthPath, &githubOauth)	38	TrustedIPRanges: []string{"172.19.0.0/22", "2602:803:4072::/48"},
45	if err != nil {	39	Hostnames: []string{"aws-access.crute.me"},
46	log.Fatalf("Error getting %s from vault: %w", oauthPath, err)	40	DisableBackgroundJobs: false,
47	}	41	RateLimit: 30 * time.Second,
48		42	RateLimitBurst: 30,
49	return Config{	43	IssuerEndpoint: "https://aws-access.crute.me",
50	Bind: f.MayGetStringSlice("bind"),	44	JWTAudience: "aws-access",
51	BindTLS: f.MayGetStringSlice("bind-tls"),	45	AuthCookieDuration: 24 * time.Hour,
52	Debug: f.MayGetBool("debug"),	46	GitHubOauthCreds: "service/aws-access/github-oauth",
53	TemplateGlob: f.MayGetString("template-glob"),	47	DNSApiKeyVaultPath: "service/aws-access/dns-api-key",
54	TemplatePath: f.MayGetString("template-path"),	48	AutocertEmail: "letsencrypt-certs@pomonaconsulting.com",
55	MongoDbUri: f.MayGetString("mongodb-uri"),	49	AutocertHost: "https://dns-manage.crute.me/acmev2",
56	MongodbVaultPath: f.MayGetString("mongodb-vault-path"),	50	NetboxHost: "https://netbox.crute.me",
57	DisableBackgroundJobs: f.MayGetBool("disable-bg-jobs"),	51	NetboxApiKeyVaultPath: "infra/netbox-readonly",
58	TrustedIPRanges: f.MayGetStringSlice("trusted-ip-ranges"),
59	ManagementIPRanges: f.MayGetStringSlice("management-ip-ranges"),
60	Hostnames: f.MayGetStringSlice("hostname"),
61	LogFile: f.MayGetString("log-file"),
62	TLSCacheDir: f.MayGetString("tls-cache-dir"),
63	RateLimit: f.MayGetDuration("rate-limit"),
64	RateLimitBurst: f.MayGetInt("rate-limit-burst"),
65	IssuerEndpoint: f.MayGetString("issuer-endpoint"),
66	JWTAudience: f.MayGetString("jwt-audience"),
67	AuthCookieDuration: f.MayGetDuration("auth-cookie-duration"),
68	GitHubOauthCreds: &githubOauth,
69	}
70	}	52	}