RENAME env to config

cmd/ztsfc_http_pep/main.go

@@ -6,7 +6,7 @@ import (
 	"net/http"
 
 	"github.com/sirupsen/logrus"
-	"github.com/vs-uulm/ztsfc_http_pep/internal/app/env"
+	"github.com/vs-uulm/ztsfc_http_pep/internal/app/config"
 	confInit "github.com/vs-uulm/ztsfc_http_pep/internal/app/init"
 	"github.com/vs-uulm/ztsfc_http_pep/internal/app/logwriter"
 	"github.com/vs-uulm/ztsfc_http_pep/internal/app/proxies"
@@ -33,16 +33,16 @@ func init() {
 	sysLogger := logwriter.LW.Logger.WithFields(logrus.Fields{"type": "system"})
 
 	// Loading all config parameter from config file defined in "confFilePath"
-	err := env.LoadConfig(confFilePath, sysLogger)
+	err := config.LoadConfig(confFilePath, sysLogger)
 	if err != nil {
 		sysLogger.Fatalf("Loading logger configuration from %s - ERROR: %v", confFilePath, err)
 	} else {
 		sysLogger.Debugf("Loading logger configuration from %s - OK", confFilePath)
 	}
 
 	// Create Certificate Pools for the CA certificates used by the PEP
-	env.Config.CAcertPoolPepAcceptsFromExt = x509.NewCertPool()
-	env.Config.CAcertPoolPepAcceptsFromInt = x509.NewCertPool()
+	config.Config.CAcertPoolPepAcceptsFromExt = x509.NewCertPool()
+	config.Config.CAcertPoolPepAcceptsFromInt = x509.NewCertPool()
 
 	// Preload diverse parameters from config
 	// (One function for each section in config.yml)
@@ -57,8 +57,8 @@ func init() {
 
 	// Init Reverse Proxies used for the modules
 	// Basic_auth_proxy currently not needed since BasicAuth is performed as part of the PEP
-	proxies.PdpClientPool = proxies.NewClientPool(env.Config.Pdp.PdpClientPoolSize, env.Config.Pdp.X509KeyPairShownByPepToPdp)
-	proxies.SfpLogicClientPool = proxies.NewClientPool(env.Config.SfpLogic.SfplClientPoolSize, env.Config.SfpLogic.X509KeyPairShownByPepToSfpl)
+	proxies.PdpClientPool = proxies.NewClientPool(config.Config.Pdp.PdpClientPoolSize, config.Config.Pdp.X509KeyPairShownByPepToPdp)
+	proxies.SfpLogicClientPool = proxies.NewClientPool(config.Config.SfpLogic.SfplClientPoolSize, config.Config.SfpLogic.X509KeyPairShownByPepToSfpl)
 }
 
 func main() {

internal/app/authorization/authorization.go

@@ -9,7 +9,7 @@ import (
 	"net/http"
 	"strconv"
 
-	"github.com/vs-uulm/ztsfc_http_pep/internal/app/env"
+	"github.com/vs-uulm/ztsfc_http_pep/internal/app/config"
 	"github.com/vs-uulm/ztsfc_http_pep/internal/app/logwriter"
 	"github.com/vs-uulm/ztsfc_http_pep/internal/app/metadata"
 	"github.com/vs-uulm/ztsfc_http_pep/internal/app/proxies"
@@ -37,7 +37,7 @@ func PerformAuthorization(clientReq *http.Request, cpm *metadata.CpMetadata) err
 
 	// send request to correct address and API endpoint
 	// @author:marie
-	req, err := http.NewRequest("GET", env.Config.Pdp.TargetPdpAddr+requestEndpoint, nil)
+	req, err := http.NewRequest("GET", config.Config.Pdp.TargetPdpAddr+requestEndpoint, nil)
 	if err != nil { // @author:marie catch error
 		return err
 	}

internal/app/basic_auth/basic_auth.go

@@ -14,7 +14,7 @@ import (
 	"github.com/dgrijalva/jwt-go"
 	"github.com/jtblin/go-ldap-client"
 	"github.com/sirupsen/logrus"
-	"github.com/vs-uulm/ztsfc_http_pep/internal/app/env"
+	"github.com/vs-uulm/ztsfc_http_pep/internal/app/config"
 	"github.com/vs-uulm/ztsfc_http_pep/internal/app/metadata"
 )
 
@@ -26,7 +26,7 @@ func UserSessionIsValid(req *http.Request, cpm *metadata.CpMetadata) bool {
 	ss := jwtCookie.Value
 
 	token, err := jwt.Parse(ss, func(token *jwt.Token) (interface{}, error) {
-		return env.Config.BasicAuth.Session.JwtPubKey, nil
+		return config.Config.BasicAuth.Session.JwtPubKey, nil
 	})
 
 	if err != nil {
@@ -88,8 +88,8 @@ func performPasswdAuth(w http.ResponseWriter, req *http.Request) bool {
 		}
 
 		// Create JWT
-		//env.Config.BasicAuth.Session.MySigningKey := parseRsaiPrivateKeyFromPemStr("./basic_auth/jwt_test_priv.pem")
-		ss := createJWToken(env.Config.BasicAuth.Session.MySigningKey, username)
+		//config.Config.BasicAuth.Session.MySigningKey := parseRsaiPrivateKeyFromPemStr("./basic_auth/jwt_test_priv.pem")
+		ss := createJWToken(config.Config.BasicAuth.Session.MySigningKey, username)
 
 		ztsfcCookie := http.Cookie{
 			Name:   "ztsfc_session",
@@ -226,15 +226,15 @@ func userIsInLDAP(userName, password string) bool {
 	// @author:marie
 
 	client := &ldap.LDAPClient{
-		Base:         env.Config.Ldap.Base,
-		Host:         env.Config.Ldap.Host,
-		Port:         env.Config.Ldap.Port,
-		UseSSL:       env.Config.Ldap.UseSSL,
-		BindDN:       env.Config.Ldap.BindDN,
-		BindPassword: env.Config.Ldap.BindPassword,
-		UserFilter:   env.Config.Ldap.UserFilter,
-		GroupFilter:  env.Config.Ldap.GroupFilter,
-		Attributes:   env.Config.Ldap.Attributes,
+		Base:         config.Config.Ldap.Base,
+		Host:         config.Config.Ldap.Host,
+		Port:         config.Config.Ldap.Port,
+		UseSSL:       config.Config.Ldap.UseSSL,
+		BindDN:       config.Config.Ldap.BindDN,
+		BindPassword: config.Config.Ldap.BindPassword,
+		UserFilter:   config.Config.Ldap.UserFilter,
+		GroupFilter:  config.Config.Ldap.GroupFilter,
+		Attributes:   config.Config.Ldap.Attributes,
 	}
 	// It is the responsibility of the caller to close the connection
 	defer client.Close()

internal/app/env/environment.go → internal/app/config/environment.go

@@ -1,5 +1,5 @@
 // Package env reads the config file and parses it to go data structures.
-package env
+package config
 
 import (
 	"crypto/rsa"

internal/app/init/init.go

@@ -12,14 +12,14 @@ import (
 
 	"github.com/sirupsen/logrus"
 	"github.com/vs-uulm/ztsfc_http_pep/internal/app/basic_auth"
-	"github.com/vs-uulm/ztsfc_http_pep/internal/app/env"
+	"github.com/vs-uulm/ztsfc_http_pep/internal/app/config"
 )
 
 func InitDefaultValues(sysLogger *logrus.Entry) {
 
 	// Initialize a DefaultPoolSize if its not set
-	if env.Config.Pep.DefaultPoolSize == 0 {
-		env.Config.Pep.DefaultPoolSize = 50
+	if config.Config.Pep.DefaultPoolSize == 0 {
+		config.Config.Pep.DefaultPoolSize = 50
 	}
 
 }
@@ -31,11 +31,11 @@ func InitPepParams(sysLogger *logrus.Entry) {
 	fields := ""
 
 	// TODO: Check if the field make sense as well!
-	if env.Config.Pep.ListenAddr == "" {
+	if config.Config.Pep.ListenAddr == "" {
 		fields += "listen_addr,"
 	}
 
-	if env.Config.Pep.CertsPepAcceptsWhenShownByClients == nil {
+	if config.Config.Pep.CertsPepAcceptsWhenShownByClients == nil {
 		fields += "certs_pep_accepts_when_shown_by_clients,"
 	}
 
@@ -45,8 +45,8 @@ func InitPepParams(sysLogger *logrus.Entry) {
 	}
 
 	// Read CA certs used for signing client certs and are accepted by the PEP
-	for _, acceptedClientCert := range env.Config.Pep.CertsPepAcceptsWhenShownByClients {
-		loadCACertificate(sysLogger, acceptedClientCert, "client", env.Config.CAcertPoolPepAcceptsFromExt)
+	for _, acceptedClientCert := range config.Config.Pep.CertsPepAcceptsWhenShownByClients {
+		loadCACertificate(sysLogger, acceptedClientCert, "client", config.Config.CAcertPoolPepAcceptsFromExt)
 	}
 }
 
@@ -58,25 +58,25 @@ func initSession(sysLogger *logrus.Entry) {
 	section := "session"
 	fields := ""
 
-	if env.Config.BasicAuth.Session.Path_to_jwt_pub_key == "" {
+	if config.Config.BasicAuth.Session.Path_to_jwt_pub_key == "" {
 		fields += "path_to_jwt_pub_key,"
 	} else {
-		sysLogger.Debugf("JWT Public Key is searched for here: %s", env.Config.BasicAuth.Session.Path_to_jwt_pub_key)
+		sysLogger.Debugf("JWT Public Key is searched for here: %s", config.Config.BasicAuth.Session.Path_to_jwt_pub_key)
 	}
 
-	if env.Config.BasicAuth.Session.Path_to_jwt_signing_key == "" {
+	if config.Config.BasicAuth.Session.Path_to_jwt_signing_key == "" {
 		fields += "path_to_jwt_signing_key,"
 	} else {
-		sysLogger.Debugf("JWT Signing Key is searched for here: %s", env.Config.BasicAuth.Session.Path_to_jwt_signing_key)
+		sysLogger.Debugf("JWT Signing Key is searched for here: %s", config.Config.BasicAuth.Session.Path_to_jwt_signing_key)
 	}
 
 	if fields != "" {
 		fields = strings.TrimSuffix(fields, ",")
 		handleFatalf(sysLogger, section, fields)
 	}
 
-	env.Config.BasicAuth.Session.JwtPubKey = basic_auth.ParseRsaPublicKeyFromPemStr(sysLogger, env.Config.BasicAuth.Session.Path_to_jwt_pub_key)
-	env.Config.BasicAuth.Session.MySigningKey = basic_auth.ParseRsaPrivateKeyFromPemStr(sysLogger, env.Config.BasicAuth.Session.Path_to_jwt_signing_key)
+	config.Config.BasicAuth.Session.JwtPubKey = basic_auth.ParseRsaPublicKeyFromPemStr(sysLogger, config.Config.BasicAuth.Session.Path_to_jwt_pub_key)
+	config.Config.BasicAuth.Session.MySigningKey = basic_auth.ParseRsaPrivateKeyFromPemStr(sysLogger, config.Config.BasicAuth.Session.Path_to_jwt_signing_key)
 }
 
 // Function initializes the 'ldap' section of the config file.
@@ -92,22 +92,22 @@ func InitPdpParams(sysLogger *logrus.Entry) {
 	fields := ""
 
 	// TODO: Check if the field make sense as well!
-	if env.Config.Pdp.TargetPdpAddr == "" {
+	if config.Config.Pdp.TargetPdpAddr == "" {
 		fields += "target_pdp_addr,"
 	}
 
 	// TODO: Check if the field make sense as well!
-	if env.Config.Pdp.CertShownByPepToPdp == "" {
+	if config.Config.Pdp.CertShownByPepToPdp == "" {
 		fields += "cert_shown_by_pep_to_pdp,"
 	}
 
 	// TODO: Check if the field make sense as well!
-	if env.Config.Pdp.PrivkeyForCertShownByPepToPdp == "" {
+	if config.Config.Pdp.PrivkeyForCertShownByPepToPdp == "" {
 		fields += "privkey_for_cert_shown_by_pep_to_pdp,"
 	}
 
 	// TODO: Check if the field make sense as well!
-	if env.Config.Pdp.CertPepAcceptsShownByPdp == "" {
+	if config.Config.Pdp.CertPepAcceptsShownByPdp == "" {
 		fields += "cert_pep_accepts_shown_by_pdp,"
 	}
 
@@ -117,15 +117,15 @@ func InitPdpParams(sysLogger *logrus.Entry) {
 	}
 
 	// Preload X509KeyPair and write it to env
-	env.Config.Pdp.X509KeyPairShownByPepToPdp = loadX509KeyPair(sysLogger, env.Config.Pdp.CertShownByPepToPdp, env.Config.Pdp.PrivkeyForCertShownByPepToPdp, "PDP", "")
+	config.Config.Pdp.X509KeyPairShownByPepToPdp = loadX509KeyPair(sysLogger, config.Config.Pdp.CertShownByPepToPdp, config.Config.Pdp.PrivkeyForCertShownByPepToPdp, "PDP", "")
 
 	// Preload CA certificate and append it to cert pool
-	loadCACertificate(sysLogger, env.Config.Pdp.CertPepAcceptsShownByPdp, "PDP", env.Config.CAcertPoolPepAcceptsFromInt)
+	loadCACertificate(sysLogger, config.Config.Pdp.CertPepAcceptsShownByPdp, "PDP", config.Config.CAcertPoolPepAcceptsFromInt)
 
 	// Use default pool size as pdp pool size if necessary
-	if env.Config.Pdp.PdpClientPoolSize == 0 {
-		env.Config.Pdp.PdpClientPoolSize = env.Config.Pep.DefaultPoolSize
-		sysLogger.Debugf("PDP client pool size set to default pool size (%d)", env.Config.Pep.DefaultPoolSize)
+	if config.Config.Pdp.PdpClientPoolSize == 0 {
+		config.Config.Pdp.PdpClientPoolSize = config.Config.Pep.DefaultPoolSize
+		sysLogger.Debugf("PDP client pool size set to default pool size (%d)", config.Config.Pep.DefaultPoolSize)
 	}
 }
 
@@ -136,22 +136,22 @@ func InitSfplParams(sysLogger *logrus.Entry) {
 	fields := ""
 
 	// TODO: Check if the field make sense as well!
-	if env.Config.SfpLogic.TargetSfplAddr == "" {
+	if config.Config.SfpLogic.TargetSfplAddr == "" {
 		fields += "target_sfpl_addr,"
 	}
 
 	// TODO: Check if the field make sense as well!
-	if env.Config.SfpLogic.CertShownByPepToSfpl == "" {
+	if config.Config.SfpLogic.CertShownByPepToSfpl == "" {
 		fields += "cert_shown_by_pep_to_sfpl,"
 	}
 
 	// TODO: Check if the field make sense as well!
-	if env.Config.SfpLogic.PrivkeyForCertShownByPepToSfpl == "" {
+	if config.Config.SfpLogic.PrivkeyForCertShownByPepToSfpl == "" {
 		fields += "privkey_for_cert_shown_by_pep_to_sfpl,"
 	}
 
 	// TODO: Check if the field make sense as well!
-	if env.Config.SfpLogic.CertPepAcceptsShownBySfpl == "" {
+	if config.Config.SfpLogic.CertPepAcceptsShownBySfpl == "" {
 		fields += "cert_pep_accepts_shown_by_sfpl,"
 	}
 
@@ -161,15 +161,15 @@ func InitSfplParams(sysLogger *logrus.Entry) {
 	}
 
 	// Preload X509KeyPair and write it to env
-	env.Config.SfpLogic.X509KeyPairShownByPepToSfpl = loadX509KeyPair(sysLogger, env.Config.SfpLogic.CertShownByPepToSfpl, env.Config.SfpLogic.PrivkeyForCertShownByPepToSfpl, "SFP_logic", "")
+	config.Config.SfpLogic.X509KeyPairShownByPepToSfpl = loadX509KeyPair(sysLogger, config.Config.SfpLogic.CertShownByPepToSfpl, config.Config.SfpLogic.PrivkeyForCertShownByPepToSfpl, "SFP_logic", "")
 
 	// Preload CA certificate and append it to cert pool
-	loadCACertificate(sysLogger, env.Config.SfpLogic.CertPepAcceptsShownBySfpl, "SFP_logic", env.Config.CAcertPoolPepAcceptsFromInt)
+	loadCACertificate(sysLogger, config.Config.SfpLogic.CertPepAcceptsShownBySfpl, "SFP_logic", config.Config.CAcertPoolPepAcceptsFromInt)
 
 	// Use default pool size as sfpl pool size if necessary
-	if env.Config.SfpLogic.SfplClientPoolSize == 0 {
-		env.Config.SfpLogic.SfplClientPoolSize = env.Config.Pep.DefaultPoolSize
-		sysLogger.Debugf("SFPL client pool size set to default pool size (%d)", env.Config.Pep.DefaultPoolSize)
+	if config.Config.SfpLogic.SfplClientPoolSize == 0 {
+		config.Config.SfpLogic.SfplClientPoolSize = config.Config.Pep.DefaultPoolSize
+		sysLogger.Debugf("SFPL client pool size set to default pool size (%d)", config.Config.Pep.DefaultPoolSize)
 	}
 }
 
@@ -179,11 +179,11 @@ func InitSfplParams(sysLogger *logrus.Entry) {
 func InitServicePoolParams(sysLogger *logrus.Entry) {
 	var err error
 
-	if env.Config.ServicePool == nil {
+	if config.Config.ServicePool == nil {
 		sysLogger.Fatalf("Service Pool field 'service_pool' is empty. No Service is defined")
 	}
 
-	for serviceName, serviceConfig := range env.Config.ServicePool {
+	for serviceName, serviceConfig := range config.Config.ServicePool {
 		fields := ""
 
 		if serviceConfig == nil {
@@ -234,26 +234,26 @@ func InitServicePoolParams(sysLogger *logrus.Entry) {
 		}
 
 		// Preload X509KeyPairs shown by pep to client
-		env.Config.ServicePool[serviceName].X509KeyPairShownByPepToClient = loadX509KeyPair(sysLogger, serviceConfig.CertShownByPepToClientsMatchingSni, serviceConfig.PrivkeyForCertShownByPepToClient, "service "+serviceName, "external")
+		config.Config.ServicePool[serviceName].X509KeyPairShownByPepToClient = loadX509KeyPair(sysLogger, serviceConfig.CertShownByPepToClientsMatchingSni, serviceConfig.PrivkeyForCertShownByPepToClient, "service "+serviceName, "external")
 
 		// Preload X509KeyPairs shown by pep to service
-		env.Config.ServicePool[serviceName].X509KeyPairShownByPepToService = loadX509KeyPair(sysLogger, serviceConfig.CertShownByPepToService, serviceConfig.PrivkeyForCertShownByPepToService, "service "+serviceName, "internal")
+		config.Config.ServicePool[serviceName].X509KeyPairShownByPepToService = loadX509KeyPair(sysLogger, serviceConfig.CertShownByPepToService, serviceConfig.PrivkeyForCertShownByPepToService, "service "+serviceName, "internal")
 
 		// Preparse Service URL
-		env.Config.ServicePool[serviceName].TargetServiceUrl, err = url.Parse(serviceConfig.TargetServiceAddr)
+		config.Config.ServicePool[serviceName].TargetServiceUrl, err = url.Parse(serviceConfig.TargetServiceAddr)
 		if err != nil {
 			sysLogger.Fatalf("Critical Error when parsing target service URL for service %s: %v", serviceName, err)
 		} else {
 			sysLogger.Debugf("Target service URL for service %s was successfully parsed", serviceName)
 		}
 
 		// Preload CA certificate and append it to cert pool
-		loadCACertificate(sysLogger, serviceConfig.CertPepAcceptsWhenShownByService, "service "+serviceName, env.Config.CAcertPoolPepAcceptsFromInt)
+		loadCACertificate(sysLogger, serviceConfig.CertPepAcceptsWhenShownByService, "service "+serviceName, config.Config.CAcertPoolPepAcceptsFromInt)
 
 		// Create a map to directly access service config by SNI
-		env.Config.ServiceSniMap = make(map[string]*env.ServiceT)
-		for _, service := range env.Config.ServicePool {
-			env.Config.ServiceSniMap[service.Sni] = service
+		config.Config.ServiceSniMap = make(map[string]*config.ServiceT)
+		for _, service := range config.Config.ServicePool {
+			config.Config.ServiceSniMap[service.Sni] = service
 		}
 	}
 }
@@ -263,11 +263,11 @@ func InitServicePoolParams(sysLogger *logrus.Entry) {
 func InitSfPoolParams(sysLogger *logrus.Entry) {
 	var err error
 
-	if env.Config.SfPool == nil {
+	if config.Config.SfPool == nil {
 		sysLogger.Debugf("Service Pool field 'sf_pool' is empty. No SF is defined")
 	}
 
-	for sfName, sfConfig := range env.Config.SfPool {
+	for sfName, sfConfig := range config.Config.SfPool {
 		fields := ""
 
 		// This case is TRUE if a SF section such as logger is completely empty; in this case sfConfig is a nil pointer
@@ -303,18 +303,18 @@ func InitSfPoolParams(sysLogger *logrus.Entry) {
 		}
 
 		// preload X509KeyPairs shown by pep to sf
-		env.Config.SfPool[sfName].X509KeyPairShownByPepToSf = loadX509KeyPair(sysLogger, sfConfig.CertShownByPepToSf, sfConfig.PrivkeyForCertShownByPepToSf, "service function "+sfName, "")
+		config.Config.SfPool[sfName].X509KeyPairShownByPepToSf = loadX509KeyPair(sysLogger, sfConfig.CertShownByPepToSf, sfConfig.PrivkeyForCertShownByPepToSf, "service function "+sfName, "")
 
 		// Preparse SF URL
-		env.Config.SfPool[sfName].TargetSfUrl, err = url.Parse(sfConfig.TargetSfAddr)
+		config.Config.SfPool[sfName].TargetSfUrl, err = url.Parse(sfConfig.TargetSfAddr)
 		if err != nil {
 			sysLogger.Fatalf("Critical Error when parsing target URL for service function %s: %v", sfName, err)
 		} else {
 			sysLogger.Debugf("Target URL for service function %s was successfully parsed", sfName)
 		}
 
 		// Preload CA certificate and append it to cert pool
-		loadCACertificate(sysLogger, sfConfig.CertPepAcceptsShownBySf, "service function "+sfName, env.Config.CAcertPoolPepAcceptsFromInt)
+		loadCACertificate(sysLogger, sfConfig.CertPepAcceptsShownBySf, "service function "+sfName, config.Config.CAcertPoolPepAcceptsFromInt)
 	}
 }
 

internal/app/proxies/proxies.go

@@ -4,7 +4,7 @@ import (
 	"crypto/tls"
 	"net/http"
 
-	"github.com/vs-uulm/ztsfc_http_pep/internal/app/env"
+	"github.com/vs-uulm/ztsfc_http_pep/internal/app/config"
 )
 
 var (
@@ -27,7 +27,7 @@ func NewClientPool(poolSize int, certShownByPEP tls.Certificate) []*http.Client
 				Certificates:       []tls.Certificate{certShownByPEP},
 				InsecureSkipVerify: true,
 				ClientAuth:         tls.RequireAndVerifyClientCert,
-				ClientCAs:          env.Config.CAcertPoolPepAcceptsFromInt,
+				ClientCAs:          config.Config.CAcertPoolPepAcceptsFromInt,
 			},
 		}
 		clientPool[i] = client