Add env variable support for configuration

auth_server/authn/ext_auth.go

@@ -27,8 +27,8 @@ import (
 )
 
 type ExtAuthConfig struct {
-	Command string   `yaml:"command"`
-	Args    []string `yaml:"args"`
+	Command string   `mapstructure:"command"`
+	Args    []string `mapstructure:"args"`
 }
 
 type ExtAuthStatus int

auth_server/authn/github_auth.go

@@ -32,21 +32,21 @@ import (
 )
 
 type GitHubAuthConfig struct {
-	Organization     string                `yaml:"organization,omitempty"`
-	ClientId         string                `yaml:"client_id,omitempty"`
-	ClientSecret     string                `yaml:"client_secret,omitempty"`
-	ClientSecretFile string                `yaml:"client_secret_file,omitempty"`
-	TokenDB          string                `yaml:"token_db,omitempty"`
-	GCSTokenDB       *GitHubGCSStoreConfig `yaml:"gcs_token_db,omitempty"`
-	HTTPTimeout      time.Duration         `yaml:"http_timeout,omitempty"`
-	RevalidateAfter  time.Duration         `yaml:"revalidate_after,omitempty"`
-	GithubWebUri     string                `yaml:"github_web_uri,omitempty"`
-	GithubApiUri     string                `yaml:"github_api_uri,omitempty"`
+	Organization     string                `mapstructure:"organization,omitempty"`
+	ClientId         string                `mapstructure:"clientid,omitempty"`
+	ClientSecret     string                `mapstructure:"clientsecret,omitempty"`
+	ClientSecretFile string                `mapstructure:"clientsecret_file,omitempty"`
+	TokenDB          string                `mapstructure:"tokendb,omitempty"`
+	GCSTokenDB       *GitHubGCSStoreConfig `mapstructure:"gcstokendb,omitempty"`
+	HTTPTimeout      time.Duration         `mapstructure:"httptimeout,omitempty"`
+	RevalidateAfter  time.Duration         `mapstructure:"revalidateafter,omitempty"`
+	GithubWebUri     string                `mapstructure:"githubweburi,omitempty"`
+	GithubApiUri     string                `mapstructure:"githubapiuri,omitempty"`
 }
 
 type GitHubGCSStoreConfig struct {
-	Bucket           string `yaml:"bucket,omitempty"`
-	ClientSecretFile string `yaml:"client_secret_file,omitempty"`
+	Bucket           string `mapstructure:"bucket,omitempty"`
+	ClientSecretFile string `mapstructure:"clientsecretfile,omitempty"`
 }
 
 type GitHubAuthRequest struct {

auth_server/authn/google_auth.go

@@ -31,12 +31,12 @@ import (
 )
 
 type GoogleAuthConfig struct {
-	Domain           string `yaml:"domain,omitempty"`
-	ClientId         string `yaml:"client_id,omitempty"`
-	ClientSecret     string `yaml:"client_secret,omitempty"`
-	ClientSecretFile string `yaml:"client_secret_file,omitempty"`
-	TokenDB          string `yaml:"token_db,omitempty"`
-	HTTPTimeout      int    `yaml:"http_timeout,omitempty"`
+	Domain           string `mapstructure:"domain,omitempty"`
+	ClientId         string `mapstructure:"clientid,omitempty"`
+	ClientSecret     string `mapstructure:"clientsecret,omitempty"`
+	ClientSecretFile string `mapstructure:"clientsecretfile,omitempty"`
+	TokenDB          string `mapstructure:"tokendb,omitempty"`
+	HTTPTimeout      int    `mapstructure:"httptimeout,omitempty"`
 }
 
 type GoogleAuthRequest struct {

auth_server/authn/ldap_auth.go

@@ -24,21 +24,21 @@ import (
 	"io/ioutil"
 	"strings"
 
-	"github.com/go-ldap/ldap"
 	"github.com/cesanta/glog"
+	"github.com/go-ldap/ldap"
 )
 
 type LDAPAuthConfig struct {
-	Addr                  string `yaml:"addr,omitempty"`
-	TLS                   string `yaml:"tls,omitempty"`
-	InsecureTLSSkipVerify bool   `yaml:"insecure_tls_skip_verify,omitempty"`
-	CACertificate         string `yaml:"ca_certificate,omitempty"`
-	Base                  string `yaml:"base,omitempty"`
-	Filter                string `yaml:"filter,omitempty"`
-	BindDN                string `yaml:"bind_dn,omitempty"`
-	BindPasswordFile      string `yaml:"bind_password_file,omitempty"`
-	GroupBaseDN           string `yaml:"group_base_dn,omitempty"`
-	GroupFilter           string `yaml:"group_filter,omitempty"`
+	Addr                  string `mapstructure:"addr,omitempty"`
+	TLS                   string `mapstructure:"tls,omitempty"`
+	InsecureTLSSkipVerify bool   `mapstructure:"insecuretlsskipverify,omitempty"`
+	CACertificate         string `mapstructure:"cacertificate,omitempty"`
+	Base                  string `mapstructure:"base,omitempty"`
+	Filter                string `mapstructure:"filter,omitempty"`
+	BindDN                string `mapstructure:"binddn,omitempty"`
+	BindPasswordFile      string `mapstructure:"bindpasswordfile,omitempty"`
+	GroupBaseDN           string `mapstructure:"groupbasedn,omitempty"`
+	GroupFilter           string `mapstructure:"groupfilter,omitempty"`
 }
 
 type LDAPAuth struct {

auth_server/authn/mongo_auth.go

@@ -30,8 +30,8 @@ import (
 )
 
 type MongoAuthConfig struct {
-	MongoConfig *mgo_session.Config `yaml:"dial_info,omitempty"`
-	Collection  string              `yaml:"collection,omitempty"`
+	MongoConfig *mgo_session.Config `mapstructure:"dialinfo,omitempty"`
+	Collection  string              `mapstructure:"collection,omitempty"`
 }
 
 type MongoAuth struct {

auth_server/authn/static_auth.go

@@ -18,12 +18,13 @@ package authn
 
 import (
 	"encoding/json"
+
 	"golang.org/x/crypto/bcrypt"
 )
 
 type Requirements struct {
-	Password *PasswordString `yaml:"password,omitempty" json:"password,omitempty"`
-	Labels   Labels          `yaml:"labels,omitempty" json:"labels,omitempty"`
+	Password *PasswordString `mapstructure:"password,omitempty" json:"password,omitempty"`
+	Labels   Labels          `mapstructure:"labels,omitempty" json:"labels,omitempty"`
 }
 
 type staticUsersAuth struct {

auth_server/authz/acl.go

@@ -18,18 +18,18 @@ import (
 type ACL []ACLEntry
 
 type ACLEntry struct {
-	Match   *MatchConditions `yaml:"match"`
-	Actions *[]string        `yaml:"actions,flow"`
-	Comment *string          `yaml:"comment,omitempty"`
+	Match   *MatchConditions `mapstructure:"match"`
+	Actions *[]string        `mapstructure:"actions,flow"`
+	Comment *string          `mapstructure:"comment,omitempty"`
 }
 
 type MatchConditions struct {
-	Account *string           `yaml:"account,omitempty" json:"account,omitempty"`
-	Type    *string           `yaml:"type,omitempty" json:"type,omitempty"`
-	Name    *string           `yaml:"name,omitempty" json:"name,omitempty"`
-	IP      *string           `yaml:"ip,omitempty" json:"ip,omitempty"`
-	Service *string           `yaml:"service,omitempty" json:"service,omitempty"`
-	Labels  map[string]string `yaml:"labels,omitempty" json:"labels,omitempty"`
+	Account *string           `mapstructure:"account,omitempty" json:"account,omitempty"`
+	Type    *string           `mapstructure:"type,omitempty" json:"type,omitempty"`
+	Name    *string           `mapstructure:"name,omitempty" json:"name,omitempty"`
+	IP      *string           `mapstructure:"ip,omitempty" json:"ip,omitempty"`
+	Service *string           `mapstructure:"service,omitempty" json:"service,omitempty"`
+	Labels  map[string]string `mapstructure:"labels,omitempty" json:"labels,omitempty"`
 }
 
 type aclAuthorizer struct {

auth_server/authz/acl_mongo.go

@@ -3,13 +3,14 @@ package authz
 import (
 	"errors"
 	"fmt"
+	"io"
+	"sync"
+	"time"
+
 	"github.com/cesanta/docker_auth/auth_server/mgo_session"
 	"github.com/cesanta/glog"
 	"gopkg.in/mgo.v2"
 	"gopkg.in/mgo.v2/bson"
-	"io"
-	"sync"
-	"time"
 )
 
 type MongoACL []MongoACLEntry
@@ -20,9 +21,9 @@ type MongoACLEntry struct {
 }
 
 type ACLMongoConfig struct {
-	MongoConfig *mgo_session.Config `yaml:"dial_info,omitempty"`
-	Collection  string              `yaml:"collection,omitempty"`
-	CacheTTL    time.Duration       `yaml:"cache_ttl,omitempty"`
+	MongoConfig *mgo_session.Config `mapstructure:"dialinfo,omitempty"`
+	Collection  string              `mapstructure:"collection,omitempty"`
+	CacheTTL    time.Duration       `mapstructure:"cachettl,omitempty"`
 }
 
 type aclMongoAuthorizer struct {

auth_server/authz/ext_authz.go

@@ -27,8 +27,8 @@ import (
 )
 
 type ExtAuthzConfig struct {
-	Command string   `yaml:"command"`
-	Args    []string `yaml:"args"`
+	Command string   `mapstructure:"command"`
+	Args    []string `mapstructure:"args"`
 }
 
 type ExtAuthzStatus int

auth_server/main.go

@@ -37,6 +37,7 @@ import (
 
 type RestartableServer struct {
 	configFile string
+	envPrefix  string
 	hd         *httpdown.HTTP
 	authServer *server.AuthServer
 	hs         httpdown.Server
@@ -156,7 +157,7 @@ func (rs *RestartableServer) WatchConfig() {
 
 func (rs *RestartableServer) MaybeRestart() {
 	glog.Infof("Validating new config")
-	c, err := server.LoadConfig(rs.configFile)
+	c, err := server.LoadConfig(rs.configFile, rs.envPrefix)
 	if err != nil {
 		glog.Errorf("Failed to reload config (server not restarted): %s", err)
 		return
@@ -178,7 +179,13 @@ func main() {
 	if cf == "" {
 		glog.Exitf("Config file not specified")
 	}
-	c, err := server.LoadConfig(cf)
+
+	envPrefix := flag.Arg(1)
+	if envPrefix == "" {
+		envPrefix = "REGAUTH"
+	}
+
+	c, err := server.LoadConfig(cf, envPrefix)
 	if err != nil {
 		glog.Exitf("Failed to load config: %s", err)
 	}

auth_server/mgo_session/mgo_session.go

@@ -30,23 +30,23 @@ import (
 
 // Config stores how to connect to the MongoDB server and an optional password file
 type Config struct {
-	DialInfo     mgo.DialInfo `yaml:",inline"`
-	PasswordFile string       `yaml:"password_file,omitempty"`
-	EnableTLS    bool         `yaml:"enable_tls,omitempty"`
+	DialInfo     mgo.DialInfo `mapstructure:",squash"`
+	PasswordFile string       `mapstructure:"passwordfile,omitempty"`
+	EnableTLS    bool         `mapstructure:"enabletls,omitempty"`
 }
 
 // Validate ensures the most common fields inside the mgo.DialInfo portion of
 // a Config are set correctly as well as other fields inside the
 // Config itself.
 func (c *Config) Validate(configKey string) error {
 	if len(c.DialInfo.Addrs) == 0 {
-		return fmt.Errorf("At least one element in %s.dial_info.addrs is required", configKey)
+		return fmt.Errorf("At least one element in %s.dialinfo.addrs is required", configKey)
 	}
 	if c.DialInfo.Timeout == 0 {
 		c.DialInfo.Timeout = 10 * time.Second
 	}
 	if c.DialInfo.Database == "" {
-		return fmt.Errorf("%s.dial_info.database is required", configKey)
+		return fmt.Errorf("%s.dialinfo.database is required", configKey)
 	}
 	return nil
 }