configs.go

package config

import (
	"bytes"
	"code.vereign.com/code/viam-apis/clientutils"
	"code.vereign.com/code/viam-apis/errors"
	"crypto"
	"crypto/x509"
	"os"
	"path/filepath"
	"strings"

	"code.vereign.com/code/viam-apis/log"

	"code.vereign.com/code/viam-apis/authentication"
	"github.com/spf13/viper"

	_ "github.com/spf13/viper/remote"
)

var SystemAuth = &authentication.Authentication{
	Uuid:    "undefined",
	Session: "undefined",
}

var CertificationMethod string
var P PEMReader
var CertificatePEM []byte
var PrivateKeyPEM []byte
var CaCertificatePEM []byte
var VereignCaCertificatePEM []byte

var EncryptionCert *x509.Certificate
var EncryptionKey crypto.Signer

var ReplaceKey bool

var MaxMessageSize int

var GrpcListenAddress string
var RestListenAddress string
var DataStorageUrl string
var EntitiesManagerUrl string
var CertDir string
var GlobalLogLevel string

var PrometeusListenAddress string
var MetricEnvPrefix string

func SetConfigValues(configFile, etcdURL string) error {
	// Set Default Values For Config Variables

	// Vereign API Related
	viper.SetDefault("grpcListenAddress", ":7877")
	viper.SetDefault("restListenAddress", ":7878")
	viper.SetDefault("dataStorageUrl", "data-storage-agent:7777")
	viper.SetDefault("entitiesManagerUrl", "entities-management-agent:7779")

	viper.SetDefault("replaceKey", false)

	viper.SetDefault("viamUUID", "viam-system")
	viper.SetDefault("viamSession", "viam-session")

	viper.SetDefault("maxMessageSize", 64)

	// Certification Related
	// File System Defaults
	viper.SetDefault("certificationMethod", "1")
	viper.SetDefault("certificationURL", ".")
	viper.SetDefault("certificationToken", ".")
	viper.SetDefault("certificationPath", "cert")
	viper.SetDefault("certificationCertFile", "server.crt")
	viper.SetDefault("certificationKeyFile", "server.key")
	viper.SetDefault("certificationCaCertFile", "ca.crt")
	viper.SetDefault("certificationVereignCertFile", "vereign_ca.cer")
	viper.SetDefault("globalLogLevel", "info")

	/*
			// Vault Defaults
			viper.SetDefault("certificationMethod", "2")
			viper.SetDefault("certificationURL", "http://10.6.10.119:8200")
			viper.SetDefault("certificationToken", "")
			viper.SetDefault("certificationPath", "/developers/data/devteam/cert")
		    viper.SetDefault("certificationCertFile", "certificateKey")
			viper.SetDefault("certificationKeyFile", "privateKey")
			viper.SetDefault("certificationCaCertFile", "caCertificateKey")
			viper.SetDefault("certificationVereignCertFile", "vereignCaCertificateKey")
	*/

	// Encryption/Decryption Related
	viper.SetDefault("vaultEncryptionURL", "")
	viper.SetDefault("vaultEncryptionToken", "")
	viper.SetDefault("vaultEncryptionPath", "")
	viper.SetDefault("vaultEncryptionCertFile", "encryptionCert")
	viper.SetDefault("vaultEncryptionKeyFile", "encryptionKey")

	// Read Config File
	if configFile != "" {
		configName := strings.Split(filepath.Base(configFile), ".")[0]
		configDir := filepath.Dir(configFile)
		viper.SetConfigName(configName)
		viper.AddConfigPath(configDir)
		if err := viper.ReadInConfig(); err != nil {
			log.Printf("can't read config: %v, will use default values", err)
		}
	} else {
		log.Printf("requesting config at "+etcdURL, "/"+os.Getenv("ENV_NAME")+"/"+os.Getenv("CI_PROJECT_NAME")+".json")
		viper.AddRemoteProvider("etcd", etcdURL, "/"+os.Getenv("ENV_NAME")+"/"+os.Getenv("CI_PROJECT_NAME")+".json")
		viper.SetConfigType("json")

		if err := viper.ReadRemoteConfig(); err != nil {
			log.Printf("can't read config: %v, will use default values", err)
		}
	}

	// Print all config values to log file
	log.Printf("All Settings From Config:")
	as := viper.AllSettings()
	for key, _ := range as {
		log.Printf("%s => %s", key, viper.GetString(key))
	}

	CertificationMethod = viper.GetString("certificationMethod")
	if CertificationMethod == "1" {
		// Read From File System
		P = FilePEMReader{certificationURL: viper.GetString("certificationURL"),
			certificationToken:           viper.GetString("certificationToken"),
			certificationPath:            viper.GetString("certificationPath"),
			certificationCertFile:        viper.GetString("certificationCertFile"),
			certificationKeyFile:         viper.GetString("certificationKeyFile"),
			certificationCaCertFile:      viper.GetString("certificationCaCertFile"),
			certificationVereignCertFile: viper.GetString("certificationVereignCertFile")}
	} else if CertificationMethod == "2" {
		// Read From Vault
		P = VaultPEMReader{certificationURL: viper.GetString("certificationURL"),
			certificationToken:           viper.GetString("certificationToken"),
			certificationPath:            viper.GetString("certificationPath"),
			certificationCertFile:        viper.GetString("certificationCertFile"),
			certificationKeyFile:         viper.GetString("certificationKeyFile"),
			certificationCaCertFile:      viper.GetString("certificationCaCertFile"),
			certificationVereignCertFile: viper.GetString("certificationVereignCertFile")}
	}

	// Encryption/Decryption Related
	if viper.GetString("vaultEncryptionURL") == "" ||
		viper.GetString("vaultEncryptionToken") == "" ||
		viper.GetString("vaultEncryptionPath") == "" ||
		viper.GetString("vaultEncryptionCertFile") == "" ||
		viper.GetString("vaultEncryptionKeyFile") == "" {
		log.Error("Some config values for encryption/decryption are missing!")
		return errors.NewFormat("Some config values for encryption/decryption are missing!")
	}
	encryptionCertPEM, err := ReadEncryptionPEMFromVault(
		viper.GetString("vaultEncryptionURL"),
		viper.GetString("vaultEncryptionToken"),
		viper.GetString("vaultEncryptionPath"),
		viper.GetString("vaultEncryptionCertFile"))
	if err != nil {
		errors.LogFormat(err, "Vault Err")
		return err
	}
	encryptionKeyPEM, err := ReadEncryptionPEMFromVault(
		viper.GetString("vaultEncryptionURL"),
		viper.GetString("vaultEncryptionToken"),
		viper.GetString("vaultEncryptionPath"),
		viper.GetString("vaultEncryptionKeyFile"))
	if err != nil {
		errors.LogFormat(err, "Vault Err")
		return err
	}
	var encryptionCerts []*x509.Certificate
	encryptionCerts, EncryptionKey, err = clientutils.LoadCertAndKey(encryptionCertPEM, encryptionKeyPEM)
	if err != nil {
		errors.LogFormat(err, "Load Err")
		return err
	}
	if len(encryptionCerts) != 1 {
		log.Errorf("%d certs found in vaultEncryptionCertFile, 1 expected", len(encryptionCerts))
		return err
	}
	EncryptionCert = encryptionCerts[0]
	keyPub, err := x509.MarshalPKIXPublicKey(EncryptionKey.Public())
	if err != nil {
		return err
	}
	certPub, err := x509.MarshalPKIXPublicKey(EncryptionCert.PublicKey)
	if err != nil {
		return err
	}
	if !bytes.Equal(keyPub, certPub) {
		return errors.New("Encryption certificate public key does not correspond to encryption private key")
	}

	GrpcListenAddress = viper.GetString("grpcListenAddress")
	RestListenAddress = viper.GetString("restListenAddress")

	DataStorageUrl = viper.GetString("dataStorageUrl")
	EntitiesManagerUrl = viper.GetString("entitiesManagerUrl")

	ReplaceKey = viper.GetBool("replaceKey")

	SystemAuth.Uuid = viper.GetString("viamUUID")
	SystemAuth.Session = viper.GetString("viamSession")

	MaxMessageSize = viper.GetInt("maxMessageSize")

	PrometeusListenAddress = viper.GetString("prometeusListenAddress")

	MetricEnvPrefix = viper.GetString("metricEnvPrefix")

	GlobalLogLevel = viper.GetString("globalLogLevel")

	CertificatePEM = GetCertificatePEM()
	PrivateKeyPEM = GetPrivateKeyPEM()
	CaCertificatePEM = GetCaCertificatePEM()
	VereignCaCertificatePEM = GetVereignCaCertificatePEM()

	return nil
}

func GetCertificatePEM() []byte {
	return P.readCertificatePEM()
}

func GetPrivateKeyPEM() []byte {
	return P.readPrivateKeyPEM()
}

func GetCaCertificatePEM() []byte {
	return P.readCaCertificatePEM()
}

func GetVereignCaCertificatePEM() []byte {
	return P.readVereignCaCertificatePEM()
}