config changes

Gopkg.toml

 [[constraint]]
-  branch = "master"
+  branch = "392-fixing-configuration-issues-with-vault-and-default-values"
   name = "code.vereign.com/code/viam-apis"
 
 [[override]]

Makefile

@@ -3,6 +3,9 @@ PKG := "code.vereign.com/code/key-storage-agent"
 SERVER_PKG_BUILD := "${PKG}"
 PKG_LIST := $(shell go list ${PKG}/... | grep -v /vendor/)
 VER := $(CI_COMMIT_REF_NAME).$(CI_COMMIT_SHA)
+ifeq ($(VER),.)
+VER := $(shell git rev-parse --abbrev-ref HEAD)
+endif
 
 .PHONY: all api server
 

config.yaml.sample

@@ -2,62 +2,41 @@
 
 # You can use this sample YAML file to configure your installation
 
-# Connection Information
-dataStorageUrl: localhost:7777
-grpcListenAddress: localhost:7877
-restListenAddress: localhost:7878
+# Connection information for this agent
+listenAddress: :7878
+grpcListenAddress: :7877
 
 # VIAM Variables
-viamUUID: viam-system
-viamSession: viam-session
+systemAuthentication:
+  viamUUID: viam-system
+  viamSession: viam-user
+
+# Connection information for other Vereign services
+dataStorageAgentURL: data-storage-agent:7777
+entitiesManagementAgentURL: entities-management-agent:7779
 
 # Maximum Message Size (in megabytes)
-maxMessageSize: 64
-
-# Certification Access Method
-# 1 = Certificate Folder and Files
-# 2 = Vault Integration
-#certificationMethod: 1
-certificationMethod: 2
-
-# Certification URL
-# For Method 1: Can be anything (will be ignored)
-# For Method 2: IP address and port number of Vault server
-#certificationURL: localhost
-certificationURL: http://10.6.10.119:8200
-
-# Certification Token
-# For Method 1: Can be anything (will be ignored)
-# For Method 2: Vault authentication token
-#certificationToken: .
-certificationToken: YOUR_VAULT_TOKEN
-
-# Certification Path
-# For Method 1: The full path of the folder where the certificate and private key files are stored
-# For Method 2: Base mount path for certificate secrets
-#certificationPath: /home/ocengiz/Documents/Vereign/03-Codebase/cert
-certificationPath: /developers/data/devteam/cert
-
-# Certification Files
-# For Method 1: The name of the files for certification
-# For Method 2: The name of the secret keys on Vault
-#certificationCertFile: localhost.crt
-certificationCertFile: certificateKey
-#certificationKeyFile: localhost.key
-certificationKeyFile: privateKey
-#certificationCaCertFile: ca.crt
-certificationCaCertFile: caCertificateKey
-#certificationVereignCertFile: vereign_ca.cer
-certificationVereignCertFile: vereignCaCertificateKey
-#certificationVereignKeyFile: Not used anymore, its functionality is moved to vaultEncryptionKeyFile
+maxMessageSize: 32
+
+# Certification related configuration
+certification:
+  # The full path of the folder where the certificate and private key files are stored
+  path: "/home/ocengiz/Documents/Vereign/03-Codebase/cert"
+  # The name of the files for certification
+  certificateFile: "localhost.crt"
+  privateKeyFile: "localhost.key"
+  caCertificateFile: "ca.crt"
+  encryptionCertificateFile: localhost.crt
+  encryptionPrivateKeyFile: localhost.key
+  vereignCertificateFile: ca.crt
+
+# Prometheus settings
+prometeusListenAddress: :2112
+
+replaceKey: false
+
+# prefixes for env
+metricEnvPrefix: gospodinbodurov
+
 #possible levels: trace, info, debug, warn, error, fatal, panic
-globalLogLevel: debug
-
-# Until vereign root cert expires, these values will copy the values of certificationVereign(Cert|Key)File.
-# When the root cert is changed, the new root will be set in certificationVereign(Cert|Key)File,
-# while here will continue to be the old root
-vaultEncryptionURL: http://10.6.16.32:8200
-vaultEncryptionToken: YOUR_VAULT_TOKEN
-vaultEncryptionPath: /developers/data/devteam/cert
-vaultEncryptionCertFile: encryptionCert
-vaultEncryptionKeyFile: encryptionKey
+globalLogLevel: info
\ No newline at end of file

config/configs.go

 package config
 
 import (
-	"bytes"
-	"code.vereign.com/code/viam-apis/clientutils"
-	"code.vereign.com/code/viam-apis/errors"
 	"crypto"
 	"crypto/x509"
+	"io/ioutil"
 	"os"
 	"path/filepath"
+	"reflect"
 	"strings"
 
+	"code.vereign.com/code/viam-apis/clientutils"
+	"code.vereign.com/code/viam-apis/errors"
+
 	"code.vereign.com/code/viam-apis/log"
 
 	"code.vereign.com/code/viam-apis/authentication"
@@ -23,76 +25,58 @@ var SystemAuth = &authentication.Authentication{
 	Session: "undefined",
 }
 
-var CertificationMethod string
-var P PEMReader
-var CertificatePEM []byte
-var PrivateKeyPEM []byte
-var CaCertificatePEM []byte
-var VereignCaCertificatePEM []byte
-
-var EncryptionCert *x509.Certificate
-var EncryptionKey crypto.Signer
-
-var ReplaceKey bool
-
-var MaxMessageSize int
-
-var GrpcListenAddress string
-var RestListenAddress string
-var DataStorageUrl string
-var EntitiesManagerUrl string
-var CertDir string
-var GlobalLogLevel string
-
-var PrometeusListenAddress string
-var MetricEnvPrefix string
-
-func SetConfigValues(configFile, etcdURL string) error {
-	// Set Default Values For Config Variables
-
-	// Vereign API Related
-	viper.SetDefault("grpcListenAddress", ":7877")
-	viper.SetDefault("restListenAddress", ":7878")
-	viper.SetDefault("dataStorageUrl", "data-storage-agent:7777")
-	viper.SetDefault("entitiesManagerUrl", "entities-management-agent:7779")
-
-	viper.SetDefault("replaceKey", false)
-
-	viper.SetDefault("viamUUID", "viam-system")
-	viper.SetDefault("viamSession", "viam-session")
-
-	viper.SetDefault("maxMessageSize", 64)
-
-	// Certification Related
-	// File System Defaults
-	viper.SetDefault("certificationMethod", "1")
-	viper.SetDefault("certificationURL", ".")
-	viper.SetDefault("certificationToken", ".")
-	viper.SetDefault("certificationPath", "cert")
-	viper.SetDefault("certificationCertFile", "server.crt")
-	viper.SetDefault("certificationKeyFile", "server.key")
-	viper.SetDefault("certificationCaCertFile", "ca.crt")
-	viper.SetDefault("certificationVereignCertFile", "vereign_ca.cer")
-	viper.SetDefault("globalLogLevel", "info")
-
-	/*
-			// Vault Defaults
-			viper.SetDefault("certificationMethod", "2")
-			viper.SetDefault("certificationURL", "http://10.6.10.119:8200")
-			viper.SetDefault("certificationToken", "")
-			viper.SetDefault("certificationPath", "/developers/data/devteam/cert")
-		    viper.SetDefault("certificationCertFile", "certificateKey")
-			viper.SetDefault("certificationKeyFile", "privateKey")
-			viper.SetDefault("certificationCaCertFile", "caCertificateKey")
-			viper.SetDefault("certificationVereignCertFile", "vereignCaCertificateKey")
-	*/
-
-	// Encryption/Decryption Related
-	viper.SetDefault("vaultEncryptionURL", "")
-	viper.SetDefault("vaultEncryptionToken", "")
-	viper.SetDefault("vaultEncryptionPath", "")
-	viper.SetDefault("vaultEncryptionCertFile", "encryptionCert")
-	viper.SetDefault("vaultEncryptionKeyFile", "encryptionKey")
+const tagValidation = "validation"
+
+type Configuration struct {
+	ListenAddress        string `validation:"optional" yaml:"listenAddress"`
+	GrpcListenAddress    string `validation:"optional" yaml:"grpcListenAddress"`
+	SystemAuthentication struct {
+		UUID    string `validation:"optional" yaml:"viamUUID"`
+		Session string `validation:"optional" yaml:"viamSession"`
+	} `validation:"optional" yaml:"systemAuthentication"`
+	DataStorageAgentURL        string `validation:"optional" yaml:"dataStorageAgentURL"`
+	EntitiesManagementAgentURL string `validation:"optional" yaml:"entitiesManagementAgentURL"`
+	MaxMessageSize             int    `validation:"optional" yaml:"maxMessageSize"`
+	Certification              struct {
+		Path                      string              `validation:"required" yaml:"path"`
+		CertificateFile           string              `validation:"required" yaml:"certificateFile"`
+		CertificatePEM            []byte              `validation:"calculated" yaml:"certificatePEM"`
+		PrivateKeyFile            string              `validation:"required" yaml:"privateKeyFile"`
+		PrivateKeyPEM             []byte              `validation:"calculated" yaml:"privateKeyPEM"`
+		CaCertificateFile         string              `validation:"required" yaml:"caCertificateFile"`
+		CaCertificatePEM          []byte              `validation:"calculated" yaml:"caCertificatePEM"`
+		EncryptionCertificateFile string              `validation:"required" yaml:"encryptionCertificateFile"`
+		EncryptionCertificatePEM  []byte              `validation:"calculated" yaml:"encryptionCertificatePEM"`
+		EncryptionCertificate     []*x509.Certificate `validation:"calculated" yaml:"encryptionCertificate"`
+		EncryptionPrivateKeyFile  string              `validation:"required" yaml:"encryptionPrivateKeyFile"`
+		EncryptionPrivateKeyPEM   []byte              `validation:"calculated" yaml:"encryptionPrivateKeyPEM"`
+		EncryptionPrivateKey      crypto.Signer       `validation:"calculated" yaml:"encryptionPrivateKey"`
+		VereignCertificateFile    string              `validation:"required" yaml:"vereignCertificateFile"`
+		VereignCertificatePEM     []byte              `validation:"calculated" yaml:"vereignCertificatePEM"`
+	} `validation:"required" yaml:"certification"`
+	PrometeusListenAddress  string `validation:"optional" yaml:"prometeusListenAddress"`
+	MetricEnvironmentPrefix string `validation:"optional" yaml:"metricEnvironmentPrefix"`
+	ReplaceKey              bool   `validation:"optional" yaml:"replaceKey"`
+	GlobalLogLevel          string `validation:"optional" yaml:"globalLogLevel"`
+}
+
+var Config Configuration
+
+// SetConfigValues Sets Values For Config Variable
+func SetConfigValues(configFile, etcdURL string) {
+	// Set default values for configuration variable
+	// NOTE: Only for 'validation:"optional"' fields
+	Config.ListenAddress = ":7878"
+	Config.GrpcListenAddress = ":7877"
+	Config.SystemAuthentication.UUID = "viam-system"
+	Config.SystemAuthentication.Session = "viam-session"
+	Config.DataStorageAgentURL = "data-storage-agent:7777"
+	Config.EntitiesManagementAgentURL = "entities-management-agent:7779"
+	Config.MaxMessageSize = 64
+	Config.PrometeusListenAddress = ":2112"
+	Config.MetricEnvironmentPrefix = "staging_data_storage_agent"
+	Config.ReplaceKey = false
+	Config.GlobalLogLevel = "info"
 
 	// Read Config File
 	if configFile != "" {
@@ -113,123 +97,128 @@ func SetConfigValues(configFile, etcdURL string) error {
 		}
 	}
 
-	// Print all config values to log file
-	log.Printf("All Settings From Config:")
-	as := viper.AllSettings()
-	for key, _ := range as {
-		log.Printf("%s => %s", key, viper.GetString(key))
-	}
+	// Read Config File
+	if configFile != "" {
+		configName := strings.Split(filepath.Base(configFile), ".")[0]
+		configDir := filepath.Dir(configFile)
+		viper.SetConfigName(configName)
+		viper.AddConfigPath(configDir)
+		if err := viper.ReadInConfig(); err != nil {
+			errors.LogFormat(err, "can't read config, will use default values")
+		}
+	} else {
+		log.Printf("requesting config at "+etcdURL, "/"+os.Getenv("ENV_NAME")+"/"+os.Getenv("CI_PROJECT_NAME")+".json")
+		viper.AddRemoteProvider("etcd", etcdURL, "/"+os.Getenv("ENV_NAME")+"/"+os.Getenv("CI_PROJECT_NAME")+".json")
+		viper.SetConfigType("json")
 
-	CertificationMethod = viper.GetString("certificationMethod")
-	if CertificationMethod == "1" {
-		// Read From File System
-		P = FilePEMReader{certificationURL: viper.GetString("certificationURL"),
-			certificationToken:           viper.GetString("certificationToken"),
-			certificationPath:            viper.GetString("certificationPath"),
-			certificationCertFile:        viper.GetString("certificationCertFile"),
-			certificationKeyFile:         viper.GetString("certificationKeyFile"),
-			certificationCaCertFile:      viper.GetString("certificationCaCertFile"),
-			certificationVereignCertFile: viper.GetString("certificationVereignCertFile")}
-	} else if CertificationMethod == "2" {
-		// Read From Vault
-		P = VaultPEMReader{certificationURL: viper.GetString("certificationURL"),
-			certificationToken:           viper.GetString("certificationToken"),
-			certificationPath:            viper.GetString("certificationPath"),
-			certificationCertFile:        viper.GetString("certificationCertFile"),
-			certificationKeyFile:         viper.GetString("certificationKeyFile"),
-			certificationCaCertFile:      viper.GetString("certificationCaCertFile"),
-			certificationVereignCertFile: viper.GetString("certificationVereignCertFile")}
+		if err := viper.ReadRemoteConfig(); err != nil {
+			errors.LogFormat(err, "can't read config, will use default values")
+		}
 	}
 
-	// Encryption/Decryption Related
-	if viper.GetString("vaultEncryptionURL") == "" ||
-		viper.GetString("vaultEncryptionToken") == "" ||
-		viper.GetString("vaultEncryptionPath") == "" ||
-		viper.GetString("vaultEncryptionCertFile") == "" ||
-		viper.GetString("vaultEncryptionKeyFile") == "" {
-		log.Error("Some config values for encryption/decryption are missing!")
-		return errors.NewFormat("Some config values for encryption/decryption are missing!")
-	}
-	encryptionCertPEM, err := ReadEncryptionPEMFromVault(
-		viper.GetString("vaultEncryptionURL"),
-		viper.GetString("vaultEncryptionToken"),
-		viper.GetString("vaultEncryptionPath"),
-		viper.GetString("vaultEncryptionCertFile"))
-	if err != nil {
-		errors.LogFormat(err, "Vault Err")
-		return err
-	}
-	encryptionKeyPEM, err := ReadEncryptionPEMFromVault(
-		viper.GetString("vaultEncryptionURL"),
-		viper.GetString("vaultEncryptionToken"),
-		viper.GetString("vaultEncryptionPath"),
-		viper.GetString("vaultEncryptionKeyFile"))
-	if err != nil {
-		errors.LogFormat(err, "Vault Err")
-		return err
-	}
-	var encryptionCerts []*x509.Certificate
-	encryptionCerts, EncryptionKey, err = clientutils.LoadCertAndKey(encryptionCertPEM, encryptionKeyPEM)
-	if err != nil {
-		errors.LogFormat(err, "Load Err")
-		return err
-	}
-	if len(encryptionCerts) != 1 {
-		log.Errorf("%d certs found in vaultEncryptionCertFile, 1 expected", len(encryptionCerts))
-		return err
-	}
-	EncryptionCert = encryptionCerts[0]
-	keyPub, err := x509.MarshalPKIXPublicKey(EncryptionKey.Public())
-	if err != nil {
-		return err
-	}
-	certPub, err := x509.MarshalPKIXPublicKey(EncryptionCert.PublicKey)
+	err := viper.Unmarshal(&Config)
 	if err != nil {
-		return err
-	}
-	if !bytes.Equal(keyPub, certPub) {
-		return errors.New("Encryption certificate public key does not correspond to encryption private key")
+		log.Printf("unable to decode into config struct, %v", err)
 	}
+}
 
-	GrpcListenAddress = viper.GetString("grpcListenAddress")
-	RestListenAddress = viper.GetString("restListenAddress")
-
-	DataStorageUrl = viper.GetString("dataStorageUrl")
-	EntitiesManagerUrl = viper.GetString("entitiesManagerUrl")
-
-	ReplaceKey = viper.GetBool("replaceKey")
-
-	SystemAuth.Uuid = viper.GetString("viamUUID")
-	SystemAuth.Session = viper.GetString("viamSession")
+// CheckConfigValues checks if there is any missing required fields in configuration
+func CheckConfigValues(configs interface{}) error {
+	structIterator := reflect.ValueOf(configs)
+	for i := 0; i < structIterator.NumField(); i++ {
+		field := structIterator.Type().Field(i).Name
+		val := structIterator.Field(i).Interface()
+		tR := structIterator.Type().Field(i).Tag.Get(tagValidation)
+		log.Printf("%v: %v", field, val)
+
+		if tR == "required" {
+			if structIterator.Field(i).Kind() == reflect.Struct {
+				if err := CheckConfigValues(structIterator.Field(i).Interface()); err != nil {
+					return err
+				}
+			}
+
+			if reflect.DeepEqual(val, reflect.Zero(structIterator.Field(i).Type()).Interface()) {
+				// Check if the field is zero-valued, meaning it won't be updated
+				return errors.NewFormat("Empty value for required field: %v", field)
+			}
+		} else if tR != "optional" && tR != "calculated" {
+			return errors.NewFormat("Wrong validation type for field: %v (Must be 'optional', 'required' or 'calculated')", field)
+		}
+	}
 
-	MaxMessageSize = viper.GetInt("maxMessageSize")
+	return nil
+}
 
-	PrometeusListenAddress = viper.GetString("prometeusListenAddress")
+// CalculateConfigValues calculates config values using provided configuraion
+func CalculateConfigValues() {
+	SystemAuth.Uuid = Config.SystemAuthentication.UUID
+	SystemAuth.Session = Config.SystemAuthentication.Session
 
-	MetricEnvPrefix = viper.GetString("metricEnvPrefix")
+	Config.Certification.CertificatePEM = getCertificatePEM()
+	Config.Certification.PrivateKeyPEM = getPrivateKeyPEM()
+	Config.Certification.CaCertificatePEM = getCaCertificatePEM()
+	Config.Certification.VereignCertificatePEM = getVereignCertificatePEM()
+	Config.Certification.EncryptionCertificatePEM = getEncryptionCertificatePEM()
+	Config.Certification.EncryptionPrivateKeyPEM = getEncryptionPrivateKeyPEM()
 
-	GlobalLogLevel = viper.GetString("globalLogLevel")
+	var err error
+	Config.Certification.EncryptionCertificate, Config.Certification.EncryptionPrivateKey, err = clientutils.LoadCertAndKey(Config.Certification.EncryptionCertificatePEM, Config.Certification.EncryptionPrivateKeyPEM)
+	if err != nil {
+		log.Printf("Load Err: %v", err)
+	}
+}
 
-	CertificatePEM = GetCertificatePEM()
-	PrivateKeyPEM = GetPrivateKeyPEM()
-	CaCertificatePEM = GetCaCertificatePEM()
-	VereignCaCertificatePEM = GetVereignCaCertificatePEM()
+func getCertificatePEM() []byte {
+	pem, err := ioutil.ReadFile(Config.Certification.Path + "/" + Config.Certification.CertificateFile)
+	if err != nil {
+		errors.Log(err)
+		return []byte("")
+	}
+	return pem
+}
 
-	return nil
+func getCaCertificatePEM() []byte {
+	pem, err := ioutil.ReadFile(Config.Certification.Path + "/" + Config.Certification.CaCertificateFile)
+	if err != nil {
+		errors.Log(err)
+		return []byte("")
+	}
+	return pem
 }
 
-func GetCertificatePEM() []byte {
-	return P.readCertificatePEM()
+func getPrivateKeyPEM() []byte {
+	pem, err := ioutil.ReadFile(Config.Certification.Path + "/" + Config.Certification.PrivateKeyFile)
+	if err != nil {
+		errors.Log(err)
+		return []byte("")
+	}
+	return pem
 }
 
-func GetPrivateKeyPEM() []byte {
-	return P.readPrivateKeyPEM()
+func getVereignCertificatePEM() []byte {
+	pem, err := ioutil.ReadFile(Config.Certification.Path + "/" + Config.Certification.CaCertificateFile)
+	if err != nil {
+		errors.Log(err)
+		return []byte("")
+	}
+	return pem
 }
 
-func GetCaCertificatePEM() []byte {
-	return P.readCaCertificatePEM()
+func getEncryptionCertificatePEM() []byte {
+	pem, err := ioutil.ReadFile(Config.Certification.Path + "/" + Config.Certification.EncryptionCertificateFile)
+	if err != nil {
+		errors.Log(err)
+		return []byte("")
+	}
+	return pem
 }
 
-func GetVereignCaCertificatePEM() []byte {
-	return P.readVereignCaCertificatePEM()
+func getEncryptionPrivateKeyPEM() []byte {
+	pem, err := ioutil.ReadFile(Config.Certification.Path + "/" + Config.Certification.EncryptionPrivateKeyFile)
+	if err != nil {
+		errors.Log(err)
+		return []byte("")
+	}
+	return pem
 }

config/pem_reader.go

-package config
-
-import (
-	"code.vereign.com/code/viam-apis/errors"
-	"io/ioutil"
-
-	"code.vereign.com/code/viam-apis/log"
-
-	vc "github.com/hashicorp/vault/api"
-)
-
-type PEMReader interface {
-	readCertificatePEM() []byte
-	readPrivateKeyPEM() []byte
-	readCaCertificatePEM() []byte
-	readVereignCaCertificatePEM() []byte
-}
-
-type FilePEMReader struct {
-	certificationURL             string
-	certificationToken           string
-	certificationPath            string
-	certificationCertFile        string
-	certificationKeyFile         string
-	certificationCaCertFile      string
-	certificationVereignCertFile string
-}
-
-func (f FilePEMReader) readCertificatePEM() []byte {
-	pem, err := ioutil.ReadFile(f.certificationPath + "/" + f.certificationCertFile)
-	if err != nil {
-		log.Printf("Error: %v", err)
-		return []byte("")
-	}
-	return pem
-}
-
-func (f FilePEMReader) readPrivateKeyPEM() []byte {
-	pem, err := ioutil.ReadFile(f.certificationPath + "/" + f.certificationKeyFile)
-	if err != nil {
-		log.Printf("Error: %v", err)
-		return []byte("")
-	}
-	return pem
-}
-
-func (f FilePEMReader) readCaCertificatePEM() []byte {
-	pem, err := ioutil.ReadFile(f.certificationPath + "/" + f.certificationCaCertFile)
-	if err != nil {
-		log.Printf("Error: %v", err)
-		return []byte("")
-	}
-	return pem
-}
-
-func (f FilePEMReader) readVereignCaCertificatePEM() []byte {
-	pem, err := ioutil.ReadFile(f.certificationPath + "/" + f.certificationVereignCertFile)
-	if err != nil {
-		log.Printf("Error: %v", err)
-		return []byte("")
-	}
-	return pem
-}
-
-type VaultPEMReader struct {
-	certificationURL             string
-	certificationToken           string
-	certificationPath            string
-	certificationCertFile        string
-	certificationKeyFile         string
-	certificationCaCertFile      string
-	certificationVereignCertFile string
-}
-
-func (v VaultPEMReader) readCertificatePEM() []byte {
-	client, err := vc.NewClient(&vc.Config{
-		Address: v.certificationURL,
-	})
-
-	if err != nil {
-		log.Printf("Error: VAULT Can't create client, %s", err)
-	}
-
-	client.SetToken(v.certificationToken)
-
-	keyname := v.certificationPath
-	secretValues, err := client.Logical().Read(keyname)
-	if err != nil {
-		log.Printf("Error: VAULT Can't read value, %s", err)
-	}
-
-	pemMap := secretValues.Data["data"].(map[string]interface{})
-
-	for propName, propValue := range pemMap {
-		if propName == v.certificationCertFile {
-			return []byte(propValue.(string))
-		}
-	}
-	return []byte("")
-}
-
-func (v VaultPEMReader) readPrivateKeyPEM() []byte {
-	client, err := vc.NewClient(&vc.Config{
-		Address: v.certificationURL,
-	})
-
-	if err != nil {
-		log.Printf("Error: VAULT Can't create client, %s", err)
-	}
-
-	client.SetToken(v.certificationToken)
-
-	keyname := v.certificationPath
-	secretValues, err := client.Logical().Read(keyname)
-	if err != nil {
-		log.Printf("Error: VAULT Can't read value, %s", err)
-	}
-
-	pemMap := secretValues.Data["data"].(map[string]interface{})
-
-	for propName, propValue := range pemMap {
-		if propName == v.certificationKeyFile {
-			return []byte(propValue.(string))
-		}
-	}
-	return []byte("")
-}
-
-func (v VaultPEMReader) readCaCertificatePEM() []byte {
-	client, err := vc.NewClient(&vc.Config{
-		Address: v.certificationURL,
-	})
-
-	if err != nil {
-		log.Printf("Error: VAULT Can't create client, %s", err)
-	}
-
-	client.SetToken(v.certificationToken)
-
-	keyname := v.certificationPath
-	secretValues, err := client.Logical().Read(keyname)
-	if err != nil {
-		log.Printf("Error: VAULT Can't read value, %s", err)
-	}
-
-	pemMap := secretValues.Data["data"].(map[string]interface{})
-
-	for propName, propValue := range pemMap {
-		if propName == v.certificationCaCertFile {
-			return []byte(propValue.(string))
-		}
-	}
-	return []byte("")
-}
-
-func (v VaultPEMReader) readVereignCaCertificatePEM() []byte {
-	client, err := vc.NewClient(&vc.Config{
-		Address: v.certificationURL,
-	})
-
-	if err != nil {
-		log.Printf("Error: VAULT Can't create client, %s", err)
-	}
-
-	client.SetToken(v.certificationToken)
-
-	keyname := v.certificationPath
-	secretValues, err := client.Logical().Read(keyname)
-	if err != nil {
-		log.Printf("Error: VAULT Can't read value, %s", err)
-	}
-
-	pemMap := secretValues.Data["data"].(map[string]interface{})
-
-	for propName, propValue := range pemMap {
-		if propName == v.certificationVereignCertFile {
-			return []byte(propValue.(string))
-		}
-	}
-	return []byte("")
-}
-
-//copied from object storage agent
-func ReadEncryptionPEMFromVault(url, token, path, pemFile string) ([]byte, error) {
-	client, err := vc.NewClient(&vc.Config{
-		Address: url,
-	})
-
-	if err != nil {
-		errors.LogFormat(err, "VAULT Can't create client")
-		return nil, err
-	}
-
-	client.SetToken(token)
-
-	keyname := path
-	secretValues, err := client.Logical().Read(keyname)
-	if err != nil {
-		errors.LogFormat(err, "VAULT Can't read value")
-		return nil, err
-	}
-
-	pemMap := secretValues.Data["data"].(map[string]interface{})
-
-	for propName, propValue := range pemMap {
-		if propName == pemFile {
-			return []byte(propValue.(string)), nil
-		}
-	}
-	return []byte(""), nil
-}

handler/generate_keypair.go

@@ -18,8 +18,6 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
 package handler
 
 import (
-	"code.vereign.com/code/key-storage-agent/config"
-	"code.vereign.com/code/viam-apis/errors"
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/rand"
@@ -28,6 +26,9 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 
+	"code.vereign.com/code/key-storage-agent/config"
+	"code.vereign.com/code/viam-apis/errors"
+
 	"code.vereign.com/code/viam-apis/log"
 
 	keyutils "code.vereign.com/code/key-storage-agent/utils"
@@ -72,7 +73,6 @@ func (s *KeyStorageServerImpl) GenerateKeyPair(ctx context.Context,
 		return nil, errors.WrapInternalFormat(err, "Could not store key %s", uuid+"/"+api.KeyType.String(api.KeyType_PRIVATE))
 	}
 
-
 	publicKey := &api.Key{Content: publicKeyBytes}
 	_, _, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_PUBLIC), publicKey)
 	if err != nil {
@@ -111,7 +111,7 @@ func (s *KeyStorageServerImpl) GenerateKeyPair(ctx context.Context,
 		return nil, errors.WrapInternalFormat(err, "Could not store key %s", uuid+"/"+api.KeyType.String(api.KeyType_NONCE))
 	}
 
-	generateKeyPairResponse := &api.GenerateKeyPairResponse{Uuid:uuid}
+	generateKeyPairResponse := &api.GenerateKeyPairResponse{Uuid: uuid}
 	return generateKeyPairResponse, nil
 }
 
@@ -160,7 +160,7 @@ func generateKeyPair(keySize int) ([]byte, []byte, error) {
 }
 
 func rsaEncryptWithServerKey(message []byte, label []byte) ([]byte, error) {
-	serverPublicKey := config.EncryptionCert.PublicKey.(*rsa.PublicKey)
+	serverPublicKey := config.Config.Certification.EncryptionCertificate[0].PublicKey.(*rsa.PublicKey)
 
 	encryptedMessageBytes, err := rsa.EncryptOAEP(sha256.New(), rand.Reader, serverPublicKey, message, label)
 	if err != nil {

handler/handler.go

@@ -18,10 +18,11 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
 package handler
 
 import (
-	"code.vereign.com/code/viam-apis/errors"
 	"encoding/base64"
 	"strings"
 
+	"code.vereign.com/code/viam-apis/errors"
+
 	"code.vereign.com/code/viam-apis/log"
 
 	"code.vereign.com/code/viam-apis/clientutils"
@@ -40,12 +41,12 @@ const (
 
 // Server represents the gRPC server
 type KeyStorageServerImpl struct {
-	DataStorageUrl       string
-	CertPEM              []byte
-	KeyPEM               []byte
-	CaCertPEM            []byte
-	VereignCertPEM       []byte
-	MaxMessageSize       int
+	DataStorageUrl string
+	CertPEM        []byte
+	KeyPEM         []byte
+	CaCertPEM      []byte
+	VereignCertPEM []byte
+	MaxMessageSize int
 }
 
 var version = "undefined"
@@ -72,8 +73,6 @@ func (s *KeyStorageServerImpl) GetKey(ctx context.Context, in *api.GetKeyRequest
 	client := keyutils.CreateDataStorageClient(auth)
 	defer client.CloseClient()
 
-
-
 	if in.KeyType == api.KeyType_CERTIFICATE && in.Uuid == "root" {
 		key := &api.Key{}
 		/*data, err := ioutil.ReadFile(s.VereignCertFilePath)
@@ -88,7 +87,7 @@ func (s *KeyStorageServerImpl) GetKey(ctx context.Context, in *api.GetKeyRequest
 		key.Content = s.VereignCertPEM
 		key.Revoked = false
 
-		getKeyResponse := &api.GetKeyResponse{Key:key}
+		getKeyResponse := &api.GetKeyResponse{Key: key}
 		return getKeyResponse, nil
 	}
 
@@ -109,7 +108,7 @@ func (s *KeyStorageServerImpl) GetKey(ctx context.Context, in *api.GetKeyRequest
 		return nil, errors.NewUser("No such key " + in.Uuid)
 	}
 
-	getKeyResponse := &api.GetKeyResponse{Key:key}
+	getKeyResponse := &api.GetKeyResponse{Key: key}
 	return getKeyResponse, nil
 }
 
@@ -129,7 +128,7 @@ func (s *KeyStorageServerImpl) SetKey(ctx context.Context, in *api.SetKeyRequest
 
 	key := &api.Key{}
 
-	if config.ReplaceKey == false {
+	if config.Config.ReplaceKey == false {
 		_, _, err := client.GetData("keys", in.Uuid+"/"+api.KeyType.String(in.KeyType), key)
 		if err != nil {
 			log.Printf("grpc call GetData to DataStorage failed: %s", err)
@@ -191,7 +190,7 @@ func (s *KeyStorageServerImpl) ReserveKeyUUID(ctx context.Context, in *api.Reser
 		return nil, errors.WrapInternalFormat(err, "Could not store key %s", uuid+"/"+api.KeyType.String(api.KeyType_CERTIFICATE))
 	}
 
-	reserveKeyUUIDResponse := &api.ReserveKeyUUIDResponse{Uuid:uuid}
+	reserveKeyUUIDResponse := &api.ReserveKeyUUIDResponse{Uuid: uuid}
 	return reserveKeyUUIDResponse, nil
 }
 

main.go

@@ -18,7 +18,6 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
 package main
 
 import (
-	"code.vereign.com/code/viam-apis/errors"
 	"flag"
 
 	"code.vereign.com/code/viam-apis/log"
@@ -40,22 +39,28 @@ func main() {
 		return
 	}
 
-	err := config.SetConfigValues(*configFile, *etcdURL)
+	log.Printf("Setting configuration values...")
+	config.SetConfigValues(*configFile, *etcdURL)
+
+	log.Printf("Checking configuration values...")
+	err := config.CheckConfigValues(config.Config)
 	if err != nil {
-		errors.LogFormat(err, "Can not set config values")
-		return
+		log.Fatalf("Exiting due to wrong configuration: %s", err)
 	}
 
-	grpcAddress := config.GrpcListenAddress
-	restAddress := config.RestListenAddress
-	dataStorageAddress := config.DataStorageUrl
-	certPem := config.CertificatePEM
-	keyPem := config.PrivateKeyPEM
-	caCertPem := config.CaCertificatePEM
-	vereignCaCertificatePem := config.VereignCaCertificatePEM
+	log.Printf("Calculating configuration values...")
+	config.CalculateConfigValues()
+
+	grpcAddress := config.Config.GrpcListenAddress
+	restAddress := config.Config.ListenAddress
+	dataStorageAddress := config.Config.DataStorageAgentURL
+	certPem := config.Config.Certification.CertificatePEM
+	keyPem := config.Config.Certification.PrivateKeyPEM
+	caCertPem := config.Config.Certification.CaCertificatePEM
+	vereignCaCertificatePem := config.Config.Certification.VereignCertificatePEM
 
-	maxMessageSize := config.MaxMessageSize
-	log.SetConfiguration(config.GlobalLogLevel)
+	maxMessageSize := config.Config.MaxMessageSize
+	log.SetConfiguration(config.Config.GlobalLogLevel)
 
 	// fire the gRPC server in a goroutine
 	go func() {

run.sh

@@ -17,7 +17,7 @@ fi
 
 PATH=$PATH:/usr/local/bin
 
-nohup $GOPATH/src/code.vereign.com/code/key-storage-agent/bin/server --cert-dir $GOPATH/src/code.vereign.com/code/key-storage-agent/cert > $HOME/key-storage-agent.log 2>&1 &
+nohup $GOPATH/src/code.vereign.com/code/key-storage-agent/bin/server -config-file config.yaml > $HOME/key-storage-agent.log 2>&1 &
 
 echo $! > "${PIDFILE}"
 chmod 644 "${PIDFILE}"

server/server.go

@@ -121,14 +121,14 @@ func unaryInterceptor(ctx context.Context, req interface{}, info *grpc.UnaryServ
 }
 
 func createQueryTime(funcName string) prometheus.Summary {
-	if config.PrometeusListenAddress != "" {
+	if config.Config.PrometeusListenAddress != "" {
 		endPointName := strings.Replace(funcName, "/", "_", -1)
 		endPointName = strings.Replace(endPointName, ".", "_", -1)
 
 		metricName := endPointName + "_grpc_request_duration_seconds"
 
-		if config.MetricEnvPrefix != "" {
-			metricName = config.MetricEnvPrefix + "_" + metricName
+		if config.Config.MetricEnvironmentPrefix != "" {
+			metricName = config.Config.MetricEnvironmentPrefix + "_" + metricName
 		}
 
 		mutex.Lock()
@@ -139,7 +139,7 @@ func createQueryTime(funcName string) prometheus.Summary {
 		if ok == false {
 			queryTime = prometheus.NewSummary(prometheus.SummaryOpts{
 				Name: metricName,
-				Help: "grpc request duration seconds of /" + funcName + " for " + config.MetricEnvPrefix + " env",
+				Help: "grpc request duration seconds of /" + funcName + " for " + config.Config.MetricEnvironmentPrefix + " env",
 			})
 
 			// init metrics
@@ -168,12 +168,12 @@ func StartGRPCServer(address string, certPEM, privateKeyPEM, caCertPEM, vereignC
 
 	// create a server instance
 	s := handler.KeyStorageServerImpl{
-		DataStorageUrl:       dataStorageAddress,
-		CertPEM:              certPEM,
-		KeyPEM:               privateKeyPEM,
-		CaCertPEM:            caCertPEM,
-		VereignCertPEM:       vereignCertPEM,
-		MaxMessageSize:       maxMessageSize,
+		DataStorageUrl: dataStorageAddress,
+		CertPEM:        certPEM,
+		KeyPEM:         privateKeyPEM,
+		CaCertPEM:      caCertPEM,
+		VereignCertPEM: vereignCertPEM,
+		MaxMessageSize: maxMessageSize,
 	}
 
 	// Load the certificates from PEM Strings
@@ -206,7 +206,7 @@ func StartGRPCServer(address string, certPEM, privateKeyPEM, caCertPEM, vereignC
 	opts := []grpc.ServerOption{
 		grpc.Creds(creds),
 		grpc.UnaryInterceptor(unaryInterceptor),
-		grpc.MaxRecvMsgSize(config.MaxMessageSize * 1024 * 1024),
+		grpc.MaxRecvMsgSize(config.Config.MaxMessageSize * 1024 * 1024),
 	}
 
 	// create a gRPC server object
@@ -260,12 +260,12 @@ func StartRESTServer(address, grpcAddress string, certPEM []byte) error {
 }
 
 func StartPrometheusServer() error {
-	if config.PrometeusListenAddress != "" {
+	if config.Config.PrometeusListenAddress != "" {
 		// start prometheus
 		promHandler := http.NewServeMux()
 		promHandler.Handle("/metrics", promhttp.Handler())
 		log.Println("Starting prometheus...")
-		err := http.ListenAndServe(config.PrometeusListenAddress, promHandler)
+		err := http.ListenAndServe(config.Config.PrometeusListenAddress, promHandler)
 
 		if err != nil {
 			return err

utils/utils.go

@@ -18,12 +18,13 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
 package utils
 
 import (
-	"code.vereign.com/code/viam-apis/errors"
 	"crypto/rand"
 	"crypto/x509"
 	"fmt"
 	"io"
 
+	"code.vereign.com/code/viam-apis/errors"
+
 	"code.vereign.com/code/viam-apis/log"
 
 	"encoding/pem"
@@ -155,11 +156,11 @@ func GetKey(client *client.DataStorageClientImpl, uuid string, keyType api.KeyTy
 }
 
 func CreateDataStorageClient(auth *authentication.Authentication) *dsclient.DataStorageClientImpl {
-	return clientutils.CreateDataStorageClient(auth, config.DataStorageUrl, config.CertificatePEM,
-		config.PrivateKeyPEM, config.CaCertificatePEM, config.MaxMessageSize)
+	return clientutils.CreateDataStorageClient(auth, config.Config.DataStorageAgentURL, config.Config.Certification.CertificatePEM,
+		config.Config.Certification.PrivateKeyPEM, config.Config.Certification.CaCertificatePEM, config.Config.MaxMessageSize)
 }
 
 func CreateEntitiesManagementClient(auth *authentication.Authentication) *emclient.EntitiesManagerClientImpl {
-	return clientutils.CreateEntitiesManagementClient(auth, config.EntitiesManagerUrl, config.CertificatePEM,
-		config.PrivateKeyPEM, config.CaCertificatePEM, config.MaxMessageSize)
+	return clientutils.CreateEntitiesManagementClient(auth, config.Config.EntitiesManagementAgentURL, config.Config.Certification.CertificatePEM,
+		config.Config.Certification.PrivateKeyPEM, config.Config.Certification.CaCertificatePEM, config.Config.MaxMessageSize)
 }