From 0a276a2c53a861e4cd520d4de58c094bf73a63da Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Fri, 20 Nov 2015 22:17:17 -0800 Subject: [PATCH] Factor out DBConfig --- cmd/config.go | 30 ++++++++++++++++++++---------- sa/database.go | 12 ++++++++++++ test/boulder-config.json | 14 +++++++------- 3 files changed, 39 insertions(+), 17 deletions(-) diff --git a/cmd/config.go b/cmd/config.go index deb2852c2..058f55e4d 100644 --- a/cmd/config.go +++ b/cmd/config.go @@ -66,8 +66,7 @@ type Config struct { SA struct { ServiceConfig - - DBConnect ConfigSecret + DBConfig MaxConcurrentRPCServerRequests int64 } @@ -93,7 +92,7 @@ type Config struct { Syslog SyslogConfig Revoker struct { - DBConnect string + DBConfig // The revoker isn't a long running service, so doesn't get a full // ServiceConfig, just an AMQPConfig. AMQP *AMQPConfig @@ -101,14 +100,13 @@ type Config struct { Mailer struct { ServiceConfig + DBConfig Server string Port string Username string Password string - DBConnect string - CertLimit int NagTimes []string // How much earlier (than configured nag intervals) to @@ -121,10 +119,12 @@ type Config struct { OCSPResponder struct { ServiceConfig + DBConfig // Source indicates the source of pre-signed OCSP responses to be used. It // can be a DBConnect string or a file URL. The file URL style is used // when responding from a static file for intermediates and roots. + // If DBConfig has non-empty fields, it takes precedence over this. Source string Path string @@ -166,9 +166,10 @@ type Config struct { } CertChecker struct { + DBConfig + Workers int ReportDirectoryPath string - DBConnect string } SubscriberAgreementURL string @@ -182,10 +183,19 @@ type ServiceConfig struct { AMQP *AMQPConfig } +type DBConfig struct { + DBConnect string + // A file containing a connect URL for the DB. + DBConnectFile string +} + // AMQPConfig describes how to connect to AMQP, and how to speak to each of the // RPC services we offer via AMQP. type AMQPConfig struct { - Server ConfigSecret + // A file containing a connect URL for the server. + ServerURLFile string + + Server string Insecure bool RA *RPCServerConfig VA *RPCServerConfig @@ -207,10 +217,10 @@ type AMQPConfig struct { // issued certificates. type CAConfig struct { ServiceConfig + DBConfig Profile string TestMode bool - DBConnect string SerialPrefix int Key KeyConfig // LifespanOCSP is how long OCSP responses are valid for; It should be longer @@ -232,7 +242,7 @@ type CAConfig struct { // database, what policies it should enforce, and what challenges // it should offer. type PAConfig struct { - DBConnect string + DBConfig EnforcePolicyWhitelist bool Challenges map[string]bool } @@ -295,7 +305,7 @@ type RPCServerConfig struct { // for the OCSP (and SCT) updater type OCSPUpdaterConfig struct { ServiceConfig - DBConnect string + DBConfig NewCertificateWindow ConfigDuration OldOCSPWindow ConfigDuration diff --git a/sa/database.go b/sa/database.go index c5afdadfe..5b4af8f33 100644 --- a/sa/database.go +++ b/sa/database.go @@ -14,10 +14,22 @@ import ( // Provide access to the MySQL driver _ "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/go-sql-driver/mysql" gorp "github.com/letsencrypt/boulder/Godeps/_workspace/src/gopkg.in/gorp.v1" + "github.com/letsencrypt/boulder/cmd" "github.com/letsencrypt/boulder/core" blog "github.com/letsencrypt/boulder/log" ) +func NewDbMapFromConfig(c cmd.DBConfig) (*gorp.DbMap, error) { + if c.DBConnectFile != "" { + url, err := ioutil.ReadFile(c.DBConnectFile) + if err != nil { + return nil, err + } + return NewDbMap(url) + } + return NewDbMap(c.DBConnect) +} + // NewDbMap creates the root gorp mapping object. Create one of these for each // database schema you wish to map. Each DbMap contains a list of mapped tables. // It automatically maps the tables for the primary parts of Boulder around the diff --git a/test/boulder-config.json b/test/boulder-config.json index ce3d339fc..1a5905792 100644 --- a/test/boulder-config.json +++ b/test/boulder-config.json @@ -21,7 +21,7 @@ "shutdownKillTimeout": "1m", "debugAddr": "localhost:8000", "amqp": { - "server": "secret:test/secrets/amqp", + "serverURLFile": "test/secrets/amqp", "insecure": true, "RA": { "server": "RA.server", @@ -111,7 +111,7 @@ }, "pa": { - "dbConnect": "secret:test/secrets/pa_dburl", + "dbConnectFile": "test/secrets/pa_dburl", "challenges": { "simpleHttp": true, "dvsni": true, @@ -147,7 +147,7 @@ }, "sa": { - "dbConnect": "secret:test/secrets/sa_dburl", + "dbConnectFile": "test/secrets/sa_dburl", "maxConcurrentRPCServerRequests": 16, "debugAddr": "localhost:8003", "amqp": { @@ -182,7 +182,7 @@ }, "revoker": { - "dbConnect": "secret:test/secrets/revoker_dburl", + "dbConnectFile": "test/secrets/revoker_dburl", "amqp": { "server": "secret:test/secrets/amqp", "insecure": true, @@ -208,7 +208,7 @@ }, "ocspUpdater": { - "dbConnect": "secret:test/secrets/ocsp_updater_dburl", + "dbConnectFile": "test/secrets/ocsp_updater_dburl", "newCertificateWindow": "1s", "oldOCSPWindow": "2s", "missingSCTWindow": "1m", @@ -253,7 +253,7 @@ "port": "25", "username": "cert-master@example.com", "password": "password", - "dbConnect": "secret:test/secrets/mailer_dburl", + "dbConnectFile": "test/secrets/mailer_dburl", "messageLimit": 0, "nagTimes": ["24h", "72h", "168h", "336h"], "nagCheckInterval": "24h", @@ -295,7 +295,7 @@ }, "certChecker": { - "dbConnect": "secret:test/secrets/cert_checker_dburl" + "dbConnectFile": "test/secrets/cert_checker_dburl" }, "subscriberAgreementURL": "http://127.0.0.1:4001/terms/v1"