Commit 93b450d7 authored by Sietse Ringers's avatar Sietse Ringers
Browse files

Renaming configuration options

parent c78cf2cd
...@@ -324,12 +324,12 @@ ...@@ -324,12 +324,12 @@
source = "github.com/sietseringers/pflag" source = "github.com/sietseringers/pflag"
[[projects]] [[projects]]
branch = "fix-isset" branch = "add-file-key-replacer"
digest = "1:f94a7aac3422a2ab6d6c86fd7e75ebf772784b2467c872e2d2ba0ce060ebf2ec" digest = "1:27bd3e1223a9cb2b08955a6e9b279b9711c2fa3515d9b97bf03318b222fc1d52"
name = "github.com/spf13/viper" name = "github.com/spf13/viper"
packages = ["."] packages = ["."]
pruneopts = "UT" pruneopts = "UT"
revision = "6c2a373fcd610e9ebefba8d50efb954706ec2f44" revision = "554683669b21cf5dc84d6ee1a81de1f605a28ff8"
source = "github.com/sietseringers/viper" source = "github.com/sietseringers/viper"
[[projects]] [[projects]]
......
...@@ -51,7 +51,7 @@ ...@@ -51,7 +51,7 @@
[[constraint]] [[constraint]]
name = "github.com/spf13/viper" name = "github.com/spf13/viper"
source = "github.com/sietseringers/viper" source = "github.com/sietseringers/viper"
branch = "fix-isset" branch = "add-file-key-replacer"
[[override]] [[override]]
name = "github.com/spf13/pflag" name = "github.com/spf13/pflag"
......
...@@ -25,15 +25,15 @@ type Configuration struct { ...@@ -25,15 +25,15 @@ type Configuration struct {
// irma_configuration. If not given, this will be popupated using IrmaConfigurationPath. // irma_configuration. If not given, this will be popupated using IrmaConfigurationPath.
IrmaConfiguration *irma.Configuration `json:"-"` IrmaConfiguration *irma.Configuration `json:"-"`
// Path to schemes to parse (only used if IrmaConfiguration is not given) // Path to schemes to parse (only used if IrmaConfiguration is not given)
IrmaConfigurationPath string `json:"irmaconf" mapstructure:"irmaconf"` IrmaConfigurationPath string `json:"schemes_path" mapstructure:"schemes_path"`
// Path to writable dir to write cache to (only used if IrmaConfiguration is not given) // Path to writable dir to write cache to (only used if IrmaConfiguration is not given)
CachePath string `json:"cachepath" mapstructure:"cachepath"` CachePath string `json:"cache_path" mapstructure:"cache_path"`
// Whether or not to download default IRMA schemes if the specified irma_configuration is empty // Whether or not to download default IRMA schemes if the specified irma_configuration is empty
DownloadDefaultSchemes bool `json:"downloadschemes" mapstructure:"downloadschemes"` DownloadDefaultSchemes bool `json:"download_schemes" mapstructure:"download_schemes"`
// Update all schemes every x minutes (0 to disable) // Update all schemes every x minutes (0 to disable)
SchemeUpdateInterval int `json:"schemeupdate" mapstructure:"schemeupdate"` SchemeUpdateInterval int `json:"schemes_update" mapstructure:"schemes_update"`
// Path to issuer private keys to parse // Path to issuer private keys to parse
IssuerPrivateKeysPath string `json:"privatekeys" mapstructure:"privatekeys"` IssuerPrivateKeysPath string `json:"privkeys" mapstructure:"privkeys"`
// Issuer private keys // Issuer private keys
IssuerPrivateKeys map[irma.IssuerIdentifier]*gabi.PrivateKey `json:"-"` IssuerPrivateKeys map[irma.IssuerIdentifier]*gabi.PrivateKey `json:"-"`
// URL at which the IRMA app can reach this server during sessions // URL at which the IRMA app can reach this server during sessions
......
...@@ -24,41 +24,41 @@ type Configuration struct { ...@@ -24,41 +24,41 @@ type Configuration struct {
// Whether or not incoming session requests should be authenticated. If false, anyone // Whether or not incoming session requests should be authenticated. If false, anyone
// can submit session requests. If true, the request is first authenticated against the // can submit session requests. If true, the request is first authenticated against the
// server configuration before the server accepts it. // server configuration before the server accepts it.
DisableRequestorAuthentication bool `json:"noauth" mapstructure:"noauth"` DisableRequestorAuthentication bool `json:"no_auth" mapstructure:"no_auth"`
// Address to listen at // Address to listen at
ListenAddress string `json:"listenaddr" mapstructure:"listenaddr"` ListenAddress string `json:"listen_addr" mapstructure:"listen_addr"`
// Port to listen at // Port to listen at
Port int `json:"port" mapstructure:"port"` Port int `json:"port" mapstructure:"port"`
// TLS configuration // TLS configuration
TlsCertificate string `json:"tlscertificate" mapstructure:"tlscertificate"` TlsCertificate string `json:"tls_cert" mapstructure:"tls_cert"`
TlsCertificateFile string `json:"tlscertificatefile" mapstructure:"tlscertificatefile"` TlsCertificateFile string `json:"tls_cert_file" mapstructure:"tls_cert_file"`
TlsPrivateKey string `json:"tlsprivatekey" mapstructure:"tlsprivatekey"` TlsPrivateKey string `json:"tls_privkey" mapstructure:"tls_privkey"`
TlsPrivateKeyFile string `json:"tlsprivatekeyfile" mapstructure:"tlsprivatekeyfile"` TlsPrivateKeyFile string `json:"tls_privkey_file" mapstructure:"tls_privkey_file"`
// If specified, start a separate server for the IRMA app at his port // If specified, start a separate server for the IRMA app at his port
ClientPort int `json:"clientport" mapstructure:"clientport"` ClientPort int `json:"client_port" mapstructure:"client_port"`
// If clientport is specified, the server for the IRMA app listens at this address // If clientport is specified, the server for the IRMA app listens at this address
ClientListenAddress string `json:"clientlistenaddr" mapstructure:"clientlistenaddr"` ClientListenAddress string `json:"client_listen_addr" mapstructure:"client_listen_addr"`
// TLS configuration for irmaclient HTTP API // TLS configuration for irmaclient HTTP API
ClientTlsCertificate string `json:"clienttlscertificate" mapstructure:"clienttlscertificate"` ClientTlsCertificate string `json:"client_tls_cert" mapstructure:"client_tls_cert"`
ClientTlsCertificateFile string `json:"clienttlscertificatefile" mapstructure:"clienttlscertificatefile"` ClientTlsCertificateFile string `json:"client_tls_cert_file" mapstructure:"client_tls_cert_file"`
ClientTlsPrivateKey string `json:"clienttlsprivatekey" mapstructure:"clienttlsprivatekey"` ClientTlsPrivateKey string `json:"client_tls_privkey" mapstructure:"client_tls_privkey"`
ClientTlsPrivateKeyFile string `json:"clienttlsprivatekeyfile" mapstructure:"clienttlsprivatekeyfile"` ClientTlsPrivateKeyFile string `json:"client_tls_privkey_file" mapstructure:"client_tls_privkey_file"`
// Requestor-specific permission and authentication configuration // Requestor-specific permission and authentication configuration
RequestorsString string `json:"-" mapstructure:"requestors"` RequestorsString string `json:"-" mapstructure:"requestors"`
Requestors map[string]Requestor `json:"requestors"` Requestors map[string]Requestor `json:"requestors"`
// Used in the "iss" field of result JWTs from /result-jwt and /getproof // Used in the "iss" field of result JWTs from /result-jwt and /getproof
JwtIssuer string `json:"jwtissuer" mapstructure:"jwtissuer"` JwtIssuer string `json:"jwt_issuer" mapstructure:"jwt_issuer"`
// Private key to sign result JWTs with. If absent, /result-jwt and /getproof are disabled. // Private key to sign result JWTs with. If absent, /result-jwt and /getproof are disabled.
JwtPrivateKey string `json:"jwtprivatekey" mapstructure:"jwtprivatekey"` JwtPrivateKey string `json:"jwt_privkey" mapstructure:"jwt_privkey"`
JwtPrivateKeyFile string `json:"jwtprivatekeyfile" mapstructure:"jwtprivatekeyfile"` JwtPrivateKeyFile string `json:"jwt_privkey_file" mapstructure:"jwt_privkey_file"`
// Max age in seconds of a session request JWT (using iat field) // Max age in seconds of a session request JWT (using iat field)
MaxRequestAge int `json:"maxrequestage" mapstructure:"maxrequestage"` MaxRequestAge int `json:"max_request_age" mapstructure:"max_request_age"`
Verbose int `json:"verbose" mapstructure:"verbose"` Verbose int `json:"verbose" mapstructure:"verbose"`
Quiet bool `json:"quiet" mapstructure:"quiet"` Quiet bool `json:"quiet" mapstructure:"quiet"`
...@@ -68,9 +68,9 @@ type Configuration struct { ...@@ -68,9 +68,9 @@ type Configuration struct {
// Permissions specify which attributes or credential a requestor may verify or issue. // Permissions specify which attributes or credential a requestor may verify or issue.
type Permissions struct { type Permissions struct {
Disclosing []string `json:"disclose" mapstructure:"disclose"` Disclosing []string `json:"disclose_perms" mapstructure:"disclose_perms"`
Signing []string `json:"sign" mapstructure:"sign"` Signing []string `json:"sign_perms" mapstructure:"sign_perms"`
Issuing []string `json:"issue" mapstructure:"issue"` Issuing []string `json:"issue_perms" mapstructure:"issue_perms"`
} }
// Requestor contains all configuration (disclosure or verification permissions and authentication) // Requestor contains all configuration (disclosure or verification permissions and authentication)
...@@ -78,9 +78,9 @@ type Permissions struct { ...@@ -78,9 +78,9 @@ type Permissions struct {
type Requestor struct { type Requestor struct {
Permissions `mapstructure:",squash"` Permissions `mapstructure:",squash"`
AuthenticationMethod AuthenticationMethod `json:"authmethod" mapstructure:"authmethod"` AuthenticationMethod AuthenticationMethod `json:"auth_method" mapstructure:"auth_method"`
AuthenticationKey string `json:"key" mapstructure:"key"` AuthenticationKey string `json:"key" mapstructure:"key"`
AuthenticationKeyFile string `json:"keyfile" mapstructure:"keyfile"` AuthenticationKeyFile string `json:"key_file" mapstructure:"key_file"`
} }
// CanIssue returns whether or not the specified requestor may issue the specified credentials. // CanIssue returns whether or not the specified requestor may issue the specified credentials.
......
...@@ -99,53 +99,53 @@ func setFlags(cmd *cobra.Command) error { ...@@ -99,53 +99,53 @@ func setFlags(cmd *cobra.Command) error {
} }
flags.StringP("config", "c", "", "Path to configuration file") flags.StringP("config", "c", "", "Path to configuration file")
flags.StringP("irmaconf", "i", "", "path to irma_configuration") flags.StringP("schemes-path", "i", "", "path to irma_configuration")
flags.String("cachepath", cachepath, "Directory for writing cache files to") flags.String("cache-path", cachepath, "Directory for writing cache files to")
flags.Uint("schemeupdate", 60, "Update IRMA schemes every x minutes (0 to disable)") flags.Uint("schemes-update", 60, "Update IRMA schemes every x minutes (0 to disable)")
flags.Int("maxrequestage", 300, "Max age in seconds of a session request JWT") flags.Int("max-request-age", 300, "Max age in seconds of a session request JWT")
flags.StringP("url", "u", defaulturl, "External URL to server to which the IRMA client connects") flags.StringP("url", "u", defaulturl, "External URL to server to which the IRMA client connects")
flags.StringP("listenaddr", "l", "0.0.0.0", "Address at which to listen") flags.StringP("listen-addr", "l", "0.0.0.0", "Address at which to listen")
flags.IntP("port", "p", 8088, "Port at which to listen") flags.IntP("port", "p", 8088, "Port at which to listen")
flags.Int("clientport", 0, "If specified, start a separate server for the IRMA app at his port") flags.String("client-listen-addr", "", "Address at which server for IRMA app listens")
flags.String("clientlistenaddr", "", "Address at which server for IRMA app listens") flags.Int("client-port", 0, "If specified, start a separate server for the IRMA app at his port")
flags.Lookup("listenaddr").Header = `Server address and port to listen on. If the client* configuration options are provided (see also the TLS flags) flags.Lookup("listen-addr").Header = `Server address and port to listen on. If the client* configuration options are provided (see also the TLS flags)
then the endpoints at /session for the requestor and /irma for the irmaclient (i.e. IRMA app) will listen on then the endpoints at /session for the requestor and /irma for the irmaclient (i.e. IRMA app) will listen on
distinct network endpoints (e.g., localhost:1234/session and 0.0.0.0:5678/irma).` distinct network endpoints (e.g., localhost:1234/session and 0.0.0.0:5678/irma).`
flags.Bool("noauth", false, "Whether or not to authenticate requestors") flags.Bool("no-auth", false, "Whether or not to authenticate requestors")
flags.String("requestors", "", "Requestor configuration (in JSON)") flags.String("requestors", "", "Requestor configuration (in JSON)")
flags.Lookup("noauth").Header = `Requestor authentication. If disabled, then anyone that can reach this server can submit requests to it. flags.Lookup("no-auth").Header = `Requestor authentication. If disabled, then anyone that can reach this server can submit requests to it.
If it is enabled, then requestor specific configuration must be provided.` If it is enabled, then requestor specific configuration must be provided.`
flags.StringSlice("disclose", nil, "list of attributes that all requestors may verify (default *)") flags.StringSlice("disclose-perms", nil, "list of attributes that all requestors may verify (default *)")
flags.StringSlice("sign", nil, "list of attributes that all requestors may request in signatures (default *)") flags.StringSlice("sign-perms", nil, "list of attributes that all requestors may request in signatures (default *)")
flags.StringSlice("issue", nil, "list of attributes that all requestors may issue") flags.StringSlice("issue-perms", nil, "list of attributes that all requestors may issue")
flags.Lookup("disclose").Header = `Default requestor permissions. These apply to all requestors, in addition to any permissions a requestor may flags.Lookup("disclose-perms").Header = `Default requestor permissions. These apply to all requestors, in addition to any permissions a requestor may
have specifically. May contain wildcards. Separate multiple with comma. Example: irma-demo.*,pbdf.* have specifically. May contain wildcards. Separate multiple with comma. Example: irma-demo.*,pbdf.*
By default all requestors may use all attributes in disclosure and signature sessions. By default all requestors may use all attributes in disclosure and signature sessions.
Pass empty string to disable session type.` Pass empty string to disable session type.`
flags.StringP("privatekeys", "k", "", "path to IRMA private keys") flags.StringP("privkeys", "k", "", "path to IRMA private keys")
flags.Lookup("privatekeys").Header = `Path to a folder containing IRMA private keys, with filenames scheme.issuer.xml, e.g. irma-demo.MijnOverheid.xml. flags.Lookup("privkeys").Header = `Path to a folder containing IRMA private keys, with filenames scheme.issuer.xml, e.g. irma-demo.MijnOverheid.xml.
Private keys may also be stored in the scheme (e.g. irma-demo/MijnOverheid/PrivateKeys/0.xml).` Private keys may also be stored in the scheme (e.g. irma-demo/MijnOverheid/PrivateKeys/0.xml).`
flags.StringP("jwtissuer", "j", "irmaserver", "JWT issuer") flags.StringP("jwt-issuer", "j", "irmaserver", "JWT issuer")
flags.String("jwtprivatekey", "", "JWT private key") flags.String("jwt-privkey", "", "JWT private key")
flags.String("jwtprivatekeyfile", "", "Path to JWT private key") flags.String("jwt-privkeyfile", "", "Path to JWT private key")
flags.Lookup("jwtissuer").Header = `JWT configuration. Can be omitted but then endpoints that return signed JWTs are disabled. flags.Lookup("jwt-issuer").Header = `JWT configuration. Can be omitted but then endpoints that return signed JWTs are disabled.
All of the keys and certificates below are expected in PEM. Pass it either directly, or a path to it All of the keys and certificates below are expected in PEM. Pass it either directly, or a path to it
using the corresponding "-file" flag.` using the corresponding "-file" flag.`
flags.String("tlscertificate", "", "TLS certificate") flags.String("tls-cert", "", "TLS certificate")
flags.String("tlscertificatefile", "", "Path to TLS certificate ") flags.String("tls-cert-file", "", "Path to TLS certificate ")
flags.String("tlsprivatekey", "", "TLS private key") flags.String("tls-privkey", "", "TLS private key")
flags.String("tlsprivatekeyfile", "", "Path to TLS private key") flags.String("tls-privkey-file", "", "Path to TLS private key")
flags.String("clienttlscertificate", "", "TLS certificate for IRMA app server") flags.String("client-tls-cert", "", "TLS certificate for IRMA app server")
flags.String("clienttlscertificatefile", "", "Path to TLS certificate for IRMA app server") flags.String("client-tls-cert-file", "", "Path to TLS certificate for IRMA app server")
flags.String("clienttlsprivatekey", "", "TLS private key for IRMA app server") flags.String("client-tls-privkey", "", "TLS private key for IRMA app server")
flags.String("clienttlsprivatekeyfile", "", "Path to TLS private key for IRMA app server") flags.String("client-tls-privkey-file", "", "Path to TLS private key for IRMA app server")
flags.Lookup("tlscertificate").Header = "TLS configuration. Leave empty to disable TLS." flags.Lookup("tls-cert").Header = "TLS configuration. Leave empty to disable TLS."
flags.CountP("verbose", "v", "verbose (repeatable)") flags.CountP("verbose", "v", "verbose (repeatable)")
flags.BoolP("quiet", "q", false, "quiet") flags.BoolP("quiet", "q", false, "quiet")
...@@ -155,6 +155,9 @@ using the corresponding "-file" flag.` ...@@ -155,6 +155,9 @@ using the corresponding "-file" flag.`
} }
func configure(cmd *cobra.Command) error { func configure(cmd *cobra.Command) error {
dashReplacer := strings.NewReplacer("-", "_")
viper.SetEnvKeyReplacer(dashReplacer)
viper.SetFileKeyReplacer(dashReplacer)
viper.SetEnvPrefix("IRMASERVER") viper.SetEnvPrefix("IRMASERVER")
viper.AutomaticEnv() viper.AutomaticEnv()
if err := viper.BindPFlags(cmd.Flags()); err != nil { if err := viper.BindPFlags(cmd.Flags()); err != nil {
...@@ -196,39 +199,39 @@ func configure(cmd *cobra.Command) error { ...@@ -196,39 +199,39 @@ func configure(cmd *cobra.Command) error {
// Read configuration from flags and/or environmental variables // Read configuration from flags and/or environmental variables
conf = &irmaserver.Configuration{ conf = &irmaserver.Configuration{
Configuration: &server.Configuration{ Configuration: &server.Configuration{
IrmaConfigurationPath: viper.GetString("irmaconf"), IrmaConfigurationPath: viper.GetString("schemes-path"),
IssuerPrivateKeysPath: viper.GetString("privatekeys"), IssuerPrivateKeysPath: viper.GetString("privkeys"),
CachePath: viper.GetString("cachepath"), CachePath: viper.GetString("cache-path"),
URL: viper.GetString("url"), URL: viper.GetString("url"),
SchemeUpdateInterval: viper.GetInt("schemeupdate"), SchemeUpdateInterval: viper.GetInt("schemes-update"),
Logger: logger, Logger: logger,
}, },
Permissions: irmaserver.Permissions{ Permissions: irmaserver.Permissions{
Disclosing: handlePermission("disclose"), Disclosing: handlePermission("disclose-perms"),
Signing: handlePermission("sign"), Signing: handlePermission("sign-perms"),
Issuing: viper.GetStringSlice("issue"), Issuing: viper.GetStringSlice("issue-perms"),
}, },
ListenAddress: viper.GetString("listenaddr"), ListenAddress: viper.GetString("listen-addr"),
Port: viper.GetInt("port"), Port: viper.GetInt("port"),
ClientListenAddress: viper.GetString("clientlistenaddr"), ClientListenAddress: viper.GetString("client-listen-addr"),
ClientPort: viper.GetInt("clientport"), ClientPort: viper.GetInt("client-port"),
DisableRequestorAuthentication: viper.GetBool("noauth"), DisableRequestorAuthentication: viper.GetBool("no-auth"),
Requestors: make(map[string]irmaserver.Requestor), Requestors: make(map[string]irmaserver.Requestor),
JwtIssuer: viper.GetString("jwtissuer"), JwtIssuer: viper.GetString("jwt-issuer"),
JwtPrivateKey: viper.GetString("jwtprivatekey"), JwtPrivateKey: viper.GetString("jwt-privkey"),
JwtPrivateKeyFile: viper.GetString("jwtprivatekeyfile"), JwtPrivateKeyFile: viper.GetString("jwt-privkey-file"),
MaxRequestAge: viper.GetInt("maxrequestage"), MaxRequestAge: viper.GetInt("max-request-age"),
Verbose: viper.GetInt("verbose"), Verbose: viper.GetInt("verbose"),
Quiet: viper.GetBool("quiet"), Quiet: viper.GetBool("quiet"),
TlsCertificate: viper.GetString("tlscertificate"), TlsCertificate: viper.GetString("tls-cert"),
TlsCertificateFile: viper.GetString("tlscertificatefile"), TlsCertificateFile: viper.GetString("tls-cert-file"),
TlsPrivateKey: viper.GetString("tlsprivatekey"), TlsPrivateKey: viper.GetString("tls-privkey"),
TlsPrivateKeyFile: viper.GetString("tlsprivatekeyfile"), TlsPrivateKeyFile: viper.GetString("tls-privkey-file"),
ClientTlsCertificate: viper.GetString("clienttlscertificate"), ClientTlsCertificate: viper.GetString("client-tls-cert"),
ClientTlsCertificateFile: viper.GetString("clienttlscertificatefile"), ClientTlsCertificateFile: viper.GetString("client-tls-cert-file"),
ClientTlsPrivateKey: viper.GetString("clienttlsprivatekey"), ClientTlsPrivateKey: viper.GetString("client-tls-privkey"),
ClientTlsPrivateKeyFile: viper.GetString("clienttlsprivatekeyfile"), ClientTlsPrivateKeyFile: viper.GetString("client-tls-privkey-file"),
} }
// Handle requestors // Handle requestors
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment