Renaming configuration options

93b450d7 · Sietse Ringers · c78cf2cd · 93b450d7 · 93b450d7 · 93b450d7
Commit 93b450d7 authored Jan 13, 2019 by Sietse Ringers
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -324,12 +324,12 @@
  source = "github.com/sietseringers/pflag"

 [[projects]]
-  branch = "fix-isset"
-  digest = "1:f94a7aac3422a2ab6d6c86fd7e75ebf772784b2467c872e2d2ba0ce060ebf2ec"
+  branch = "add-file-key-replacer"
+  digest = "1:27bd3e1223a9cb2b08955a6e9b279b9711c2fa3515d9b97bf03318b222fc1d52"
  name = "github.com/spf13/viper"
  packages = ["."]
  pruneopts = "UT"
-  revision = "6c2a373fcd610e9ebefba8d50efb954706ec2f44"
+  revision = "554683669b21cf5dc84d6ee1a81de1f605a28ff8"
  source = "github.com/sietseringers/viper"

 [[projects]]

--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -51,7 +51,7 @@
 [[constraint]]
  name = "github.com/spf13/viper"
  source = "github.com/sietseringers/viper"
-  branch = "fix-isset"
+  branch = "add-file-key-replacer"

 [[override]]
  name = "github.com/spf13/pflag"

--- a/server/api.go
+++ b/server/api.go
@@ -25,15 +25,15 @@ type Configuration struct {
 	// irma_configuration. If not given, this will be popupated using IrmaConfigurationPath.
 	IrmaConfiguration *irma.Configuration `json:"-"`
 	// Path to schemes to parse (only used if IrmaConfiguration is not given)
-	IrmaConfigurationPath string `json:"irmaconf" mapstructure:"irmaconf"`
+	IrmaConfigurationPath string `json:"schemes_path" mapstructure:"schemes_path"`
 	// Path to writable dir to write cache to (only used if IrmaConfiguration is not given)
-	CachePath string `json:"cachepath" mapstructure:"cachepath"`
+	CachePath string `json:"cache_path" mapstructure:"cache_path"`
 	// Whether or not to download default IRMA schemes if the specified irma_configuration is empty
-	DownloadDefaultSchemes bool `json:"downloadschemes" mapstructure:"downloadschemes"`
+	DownloadDefaultSchemes bool `json:"download_schemes" mapstructure:"download_schemes"`
 	// Update all schemes every x minutes (0 to disable)
-	SchemeUpdateInterval int `json:"schemeupdate" mapstructure:"schemeupdate"`
+	SchemeUpdateInterval int `json:"schemes_update" mapstructure:"schemes_update"`
 	// Path to issuer private keys to parse
-	IssuerPrivateKeysPath string `json:"privatekeys" mapstructure:"privatekeys"`
+	IssuerPrivateKeysPath string `json:"privkeys" mapstructure:"privkeys"`
 	// Issuer private keys
 	IssuerPrivateKeys map[irma.IssuerIdentifier]*gabi.PrivateKey `json:"-"`
 	// URL at which the IRMA app can reach this server during sessions

--- a/server/irmaserver/conf.go
+++ b/server/irmaserver/conf.go
@@ -24,41 +24,41 @@ type Configuration struct {
 	// Whether or not incoming session requests should be authenticated. If false, anyone
 	// can submit session requests. If true, the request is first authenticated against the
 	// server configuration before the server accepts it.
-	DisableRequestorAuthentication bool `json:"noauth" mapstructure:"noauth"`
+	DisableRequestorAuthentication bool `json:"no_auth" mapstructure:"no_auth"`

 	// Address to listen at
-	ListenAddress string `json:"listenaddr" mapstructure:"listenaddr"`
+	ListenAddress string `json:"listen_addr" mapstructure:"listen_addr"`
 	// Port to listen at
 	Port int `json:"port" mapstructure:"port"`
 	// TLS configuration
-	TlsCertificate     string `json:"tlscertificate" mapstructure:"tlscertificate"`
-	TlsCertificateFile string `json:"tlscertificatefile" mapstructure:"tlscertificatefile"`
-	TlsPrivateKey      string `json:"tlsprivatekey" mapstructure:"tlsprivatekey"`
-	TlsPrivateKeyFile  string `json:"tlsprivatekeyfile" mapstructure:"tlsprivatekeyfile"`
+	TlsCertificate     string `json:"tls_cert" mapstructure:"tls_cert"`
+	TlsCertificateFile string `json:"tls_cert_file" mapstructure:"tls_cert_file"`
+	TlsPrivateKey      string `json:"tls_privkey" mapstructure:"tls_privkey"`
+	TlsPrivateKeyFile  string `json:"tls_privkey_file" mapstructure:"tls_privkey_file"`

 	// If specified, start a separate server for the IRMA app at his port
-	ClientPort int `json:"clientport" mapstructure:"clientport"`
+	ClientPort int `json:"client_port" mapstructure:"client_port"`
 	// If clientport is specified, the server for the IRMA app listens at this address
-	ClientListenAddress string `json:"clientlistenaddr" mapstructure:"clientlistenaddr"`
+	ClientListenAddress string `json:"client_listen_addr" mapstructure:"client_listen_addr"`
 	// TLS configuration for irmaclient HTTP API
-	ClientTlsCertificate     string `json:"clienttlscertificate" mapstructure:"clienttlscertificate"`
-	ClientTlsCertificateFile string `json:"clienttlscertificatefile" mapstructure:"clienttlscertificatefile"`
-	ClientTlsPrivateKey      string `json:"clienttlsprivatekey" mapstructure:"clienttlsprivatekey"`
-	ClientTlsPrivateKeyFile  string `json:"clienttlsprivatekeyfile" mapstructure:"clienttlsprivatekeyfile"`
+	ClientTlsCertificate     string `json:"client_tls_cert" mapstructure:"client_tls_cert"`
+	ClientTlsCertificateFile string `json:"client_tls_cert_file" mapstructure:"client_tls_cert_file"`
+	ClientTlsPrivateKey      string `json:"client_tls_privkey" mapstructure:"client_tls_privkey"`
+	ClientTlsPrivateKeyFile  string `json:"client_tls_privkey_file" mapstructure:"client_tls_privkey_file"`

 	// Requestor-specific permission and authentication configuration
 	RequestorsString string               `json:"-" mapstructure:"requestors"`
 	Requestors       map[string]Requestor `json:"requestors"`

 	// Used in the "iss" field of result JWTs from /result-jwt and /getproof
-	JwtIssuer string `json:"jwtissuer" mapstructure:"jwtissuer"`
+	JwtIssuer string `json:"jwt_issuer" mapstructure:"jwt_issuer"`

 	// Private key to sign result JWTs with. If absent, /result-jwt and /getproof are disabled.
-	JwtPrivateKey     string `json:"jwtprivatekey" mapstructure:"jwtprivatekey"`
-	JwtPrivateKeyFile string `json:"jwtprivatekeyfile" mapstructure:"jwtprivatekeyfile"`
+	JwtPrivateKey     string `json:"jwt_privkey" mapstructure:"jwt_privkey"`
+	JwtPrivateKeyFile string `json:"jwt_privkey_file" mapstructure:"jwt_privkey_file"`

 	// Max age in seconds of a session request JWT (using iat field)
-	MaxRequestAge int `json:"maxrequestage" mapstructure:"maxrequestage"`
+	MaxRequestAge int `json:"max_request_age" mapstructure:"max_request_age"`

 	Verbose int  `json:"verbose" mapstructure:"verbose"`
 	Quiet   bool `json:"quiet" mapstructure:"quiet"`
@@ -68,9 +68,9 @@ type Configuration struct {

 // Permissions specify which attributes or credential a requestor may verify or issue.
 type Permissions struct {
-	Disclosing []string `json:"disclose" mapstructure:"disclose"`
-	Signing    []string `json:"sign" mapstructure:"sign"`
-	Issuing    []string `json:"issue" mapstructure:"issue"`
+	Disclosing []string `json:"disclose_perms" mapstructure:"disclose_perms"`
+	Signing    []string `json:"sign_perms" mapstructure:"sign_perms"`
+	Issuing    []string `json:"issue_perms" mapstructure:"issue_perms"`
 }

 // Requestor contains all configuration (disclosure or verification permissions and authentication)
@@ -78,9 +78,9 @@ type Permissions struct {
 type Requestor struct {
 	Permissions `mapstructure:",squash"`

-	AuthenticationMethod  AuthenticationMethod `json:"authmethod" mapstructure:"authmethod"`
+	AuthenticationMethod  AuthenticationMethod `json:"auth_method" mapstructure:"auth_method"`
 	AuthenticationKey     string               `json:"key" mapstructure:"key"`
-	AuthenticationKeyFile string               `json:"keyfile" mapstructure:"keyfile"`
+	AuthenticationKeyFile string               `json:"key_file" mapstructure:"key_file"`
 }

 // CanIssue returns whether or not the specified requestor may issue the specified credentials.

--- a/server/irmaserver/irmad/main.go
+++ b/server/irmaserver/irmad/main.go
@@ -99,53 +99,53 @@ func setFlags(cmd *cobra.Command) error {
 	}

 	flags.StringP("config", "c", "", "Path to configuration file")
-	flags.StringP("irmaconf", "i", "", "path to irma_configuration")
-	flags.String("cachepath", cachepath, "Directory for writing cache files to")
-	flags.Uint("schemeupdate", 60, "Update IRMA schemes every x minutes (0 to disable)")
-	flags.Int("maxrequestage", 300, "Max age in seconds of a session request JWT")
+	flags.StringP("schemes-path", "i", "", "path to irma_configuration")
+	flags.String("cache-path", cachepath, "Directory for writing cache files to")
+	flags.Uint("schemes-update", 60, "Update IRMA schemes every x minutes (0 to disable)")
+	flags.Int("max-request-age", 300, "Max age in seconds of a session request JWT")
 	flags.StringP("url", "u", defaulturl, "External URL to server to which the IRMA client connects")

-	flags.StringP("listenaddr", "l", "0.0.0.0", "Address at which to listen")
+	flags.StringP("listen-addr", "l", "0.0.0.0", "Address at which to listen")
 	flags.IntP("port", "p", 8088, "Port at which to listen")
-	flags.Int("clientport", 0, "If specified, start a separate server for the IRMA app at his port")
-	flags.String("clientlistenaddr", "", "Address at which server for IRMA app listens")
-	flags.Lookup("listenaddr").Header = `Server address and port to listen on. If the client* configuration options are provided (see also the TLS flags)
+	flags.String("client-listen-addr", "", "Address at which server for IRMA app listens")
+	flags.Int("client-port", 0, "If specified, start a separate server for the IRMA app at his port")
+	flags.Lookup("listen-addr").Header = `Server address and port to listen on. If the client* configuration options are provided (see also the TLS flags)
 then the endpoints at /session for the requestor and /irma for the irmaclient (i.e. IRMA app) will listen on
 distinct network endpoints (e.g., localhost:1234/session and 0.0.0.0:5678/irma).`

-	flags.Bool("noauth", false, "Whether or not to authenticate requestors")
+	flags.Bool("no-auth", false, "Whether or not to authenticate requestors")
 	flags.String("requestors", "", "Requestor configuration (in JSON)")
-	flags.Lookup("noauth").Header = `Requestor authentication. If disabled, then anyone that can reach this server can submit requests to it.
+	flags.Lookup("no-auth").Header = `Requestor authentication. If disabled, then anyone that can reach this server can submit requests to it.
 If it is enabled, then requestor specific configuration must be provided.`

-	flags.StringSlice("disclose", nil, "list of attributes that all requestors may verify (default *)")
-	flags.StringSlice("sign", nil, "list of attributes that all requestors may request in signatures (default *)")
-	flags.StringSlice("issue", nil, "list of attributes that all requestors may issue")
-	flags.Lookup("disclose").Header = `Default requestor permissions. These apply to all requestors, in addition to any permissions a requestor may
+	flags.StringSlice("disclose-perms", nil, "list of attributes that all requestors may verify (default *)")
+	flags.StringSlice("sign-perms", nil, "list of attributes that all requestors may request in signatures (default *)")
+	flags.StringSlice("issue-perms", nil, "list of attributes that all requestors may issue")
+	flags.Lookup("disclose-perms").Header = `Default requestor permissions. These apply to all requestors, in addition to any permissions a requestor may
 have specifically. May contain wildcards. Separate multiple with comma. Example: irma-demo.*,pbdf.*
 By default all requestors may use all attributes in disclosure and signature sessions.
 Pass empty string to disable session type.`

-	flags.StringP("privatekeys", "k", "", "path to IRMA private keys")
-	flags.Lookup("privatekeys").Header = `Path to a folder containing IRMA private keys, with filenames scheme.issuer.xml, e.g. irma-demo.MijnOverheid.xml.
+	flags.StringP("privkeys", "k", "", "path to IRMA private keys")
+	flags.Lookup("privkeys").Header = `Path to a folder containing IRMA private keys, with filenames scheme.issuer.xml, e.g. irma-demo.MijnOverheid.xml.
 Private keys may also be stored in the scheme (e.g. irma-demo/MijnOverheid/PrivateKeys/0.xml).`

-	flags.StringP("jwtissuer", "j", "irmaserver", "JWT issuer")
-	flags.String("jwtprivatekey", "", "JWT private key")
-	flags.String("jwtprivatekeyfile", "", "Path to JWT private key")
-	flags.Lookup("jwtissuer").Header = `JWT configuration. Can be omitted but then endpoints that return signed JWTs are disabled.
+	flags.StringP("jwt-issuer", "j", "irmaserver", "JWT issuer")
+	flags.String("jwt-privkey", "", "JWT private key")
+	flags.String("jwt-privkeyfile", "", "Path to JWT private key")
+	flags.Lookup("jwt-issuer").Header = `JWT configuration. Can be omitted but then endpoints that return signed JWTs are disabled.
 All of the keys and certificates below are expected in PEM. Pass it either directly, or a path to it
 using the corresponding "-file" flag.`

-	flags.String("tlscertificate", "", "TLS certificate")
-	flags.String("tlscertificatefile", "", "Path to TLS certificate ")
-	flags.String("tlsprivatekey", "", "TLS private key")
-	flags.String("tlsprivatekeyfile", "", "Path to TLS private key")
-	flags.String("clienttlscertificate", "", "TLS certificate for IRMA app server")
-	flags.String("clienttlscertificatefile", "", "Path to TLS certificate for IRMA app server")
-	flags.String("clienttlsprivatekey", "", "TLS private key for IRMA app server")
-	flags.String("clienttlsprivatekeyfile", "", "Path to TLS private key for IRMA app server")
-	flags.Lookup("tlscertificate").Header = "TLS configuration. Leave empty to disable TLS."
+	flags.String("tls-cert", "", "TLS certificate")
+	flags.String("tls-cert-file", "", "Path to TLS certificate ")
+	flags.String("tls-privkey", "", "TLS private key")
+	flags.String("tls-privkey-file", "", "Path to TLS private key")
+	flags.String("client-tls-cert", "", "TLS certificate for IRMA app server")
+	flags.String("client-tls-cert-file", "", "Path to TLS certificate for IRMA app server")
+	flags.String("client-tls-privkey", "", "TLS private key for IRMA app server")
+	flags.String("client-tls-privkey-file", "", "Path to TLS private key for IRMA app server")
+	flags.Lookup("tls-cert").Header = "TLS configuration. Leave empty to disable TLS."

 	flags.CountP("verbose", "v", "verbose (repeatable)")
 	flags.BoolP("quiet", "q", false, "quiet")
@@ -155,6 +155,9 @@ using the corresponding "-file" flag.`
 }

 func configure(cmd *cobra.Command) error {
+	dashReplacer := strings.NewReplacer("-", "_")
+	viper.SetEnvKeyReplacer(dashReplacer)
+	viper.SetFileKeyReplacer(dashReplacer)
 	viper.SetEnvPrefix("IRMASERVER")
 	viper.AutomaticEnv()
 	if err := viper.BindPFlags(cmd.Flags()); err != nil {
@@ -196,39 +199,39 @@ func configure(cmd *cobra.Command) error {
 	// Read configuration from flags and/or environmental variables
 	conf = &irmaserver.Configuration{
 		Configuration: &server.Configuration{
-			IrmaConfigurationPath: viper.GetString("irmaconf"),
-			IssuerPrivateKeysPath: viper.GetString("privatekeys"),
-			CachePath:             viper.GetString("cachepath"),
+			IrmaConfigurationPath: viper.GetString("schemes-path"),
+			IssuerPrivateKeysPath: viper.GetString("privkeys"),
+			CachePath:             viper.GetString("cache-path"),
 			URL:                   viper.GetString("url"),
-			SchemeUpdateInterval:  viper.GetInt("schemeupdate"),
+			SchemeUpdateInterval:  viper.GetInt("schemes-update"),
 			Logger:                logger,
 		},
 		Permissions: irmaserver.Permissions{
-			Disclosing: handlePermission("disclose"),
-			Signing:    handlePermission("sign"),
-			Issuing:    viper.GetStringSlice("issue"),
+			Disclosing: handlePermission("disclose-perms"),
+			Signing:    handlePermission("sign-perms"),
+			Issuing:    viper.GetStringSlice("issue-perms"),
 		},
-		ListenAddress:                  viper.GetString("listenaddr"),
+		ListenAddress:                  viper.GetString("listen-addr"),
 		Port:                           viper.GetInt("port"),
-		ClientListenAddress:            viper.GetString("clientlistenaddr"),
-		ClientPort:                     viper.GetInt("clientport"),
-		DisableRequestorAuthentication: viper.GetBool("noauth"),
+		ClientListenAddress:            viper.GetString("client-listen-addr"),
+		ClientPort:                     viper.GetInt("client-port"),
+		DisableRequestorAuthentication: viper.GetBool("no-auth"),
 		Requestors:                     make(map[string]irmaserver.Requestor),
-		JwtIssuer:                      viper.GetString("jwtissuer"),
-		JwtPrivateKey:                  viper.GetString("jwtprivatekey"),
-		JwtPrivateKeyFile:              viper.GetString("jwtprivatekeyfile"),
-		MaxRequestAge:                  viper.GetInt("maxrequestage"),
+		JwtIssuer:                      viper.GetString("jwt-issuer"),
+		JwtPrivateKey:                  viper.GetString("jwt-privkey"),
+		JwtPrivateKeyFile:              viper.GetString("jwt-privkey-file"),
+		MaxRequestAge:                  viper.GetInt("max-request-age"),
 		Verbose:                        viper.GetInt("verbose"),
 		Quiet:                          viper.GetBool("quiet"),

-		TlsCertificate:           viper.GetString("tlscertificate"),
-		TlsCertificateFile:       viper.GetString("tlscertificatefile"),
-		TlsPrivateKey:            viper.GetString("tlsprivatekey"),
-		TlsPrivateKeyFile:        viper.GetString("tlsprivatekeyfile"),
-		ClientTlsCertificate:     viper.GetString("clienttlscertificate"),
-		ClientTlsCertificateFile: viper.GetString("clienttlscertificatefile"),
-		ClientTlsPrivateKey:      viper.GetString("clienttlsprivatekey"),
-		ClientTlsPrivateKeyFile:  viper.GetString("clienttlsprivatekeyfile"),
+		TlsCertificate:           viper.GetString("tls-cert"),
+		TlsCertificateFile:       viper.GetString("tls-cert-file"),
+		TlsPrivateKey:            viper.GetString("tls-privkey"),
+		TlsPrivateKeyFile:        viper.GetString("tls-privkey-file"),
+		ClientTlsCertificate:     viper.GetString("client-tls-cert"),
+		ClientTlsCertificateFile: viper.GetString("client-tls-cert-file"),
+		ClientTlsPrivateKey:      viper.GetString("client-tls-privkey"),
+		ClientTlsPrivateKeyFile:  viper.GetString("client-tls-privkey-file"),
 	}

 	// Handle requestors