josh/Vetting
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
017c3c38fed6a0acf8873a12a7992d71a9514b42
Vetting/internal/config/config.go
T
josh 8367ec2a9f
CI / Lint + build + test (push) Successful in 1m36s
Details
Release / detect (push) Successful in 5s
Details
Release / build-live-image (push) Has been skipped
Details
Release / bundle (push) Successful in 49s
Details
docs: comprehensive documentation expansion 
Add 4 new doc files (configuration reference, development guide, API
reference with full request/response schemas, database schema), expand
the README with a feature list and how-it-works walkthrough, fix
missing Firmware and Burn stages in architecture.md and test-suite.md,
add threshold engine and host-mode agent sections, and add godoc
comments to 11 packages and 6 model types.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-23 18:37:26 -04:00

164 lines
5.1 KiB
Go
Raw Blame History

// Package config loads the orchestrator's YAML configuration file and
// exposes typed structs for every config block. The ProfileRegistry
// (quick/deep/soak) is built during Load from the vetting: and
// profiles: top-level blocks.
package config
import (
"fmt"
"os"
"path/filepath"
"gopkg.in/yaml.v3"
)
type Config struct {
Server Server `yaml:"server"`
Database Database `yaml:"database"`
Artifacts Artifacts `yaml:"artifacts"`
Logs Logs `yaml:"logs"`
Dispatcher Dispatcher `yaml:"dispatcher"`
Janitor Janitor `yaml:"janitor"`
PXE PXE `yaml:"pxe"`
Network Network `yaml:"network"`
Agent Agent `yaml:"agent"`
Notifiers []Notifier `yaml:"notifiers"`
Routes []Route `yaml:"routes"`
// Profiles holds the Phase-1 quick/deep/soak registry (stage order,
// threshold defaults, per-profile stage timeouts + probe knobs).
// Populated from the `vetting:` and `profiles:` top-level blocks
// during Load. Nil is never returned — Load installs a default
// registry when those blocks are absent.
Profiles *ProfileRegistry `yaml:"-"`
}
type Server struct {
Bind string `yaml:"bind"`
PublicURL string `yaml:"public_url"` // user-visible base URL, e.g. https://vetting.lan:8443; used in notification click-throughs
TLS TLS `yaml:"tls"`
}
type TLS struct {
Enabled bool `yaml:"enabled"`
CertFile string `yaml:"cert_file"`
KeyFile string `yaml:"key_file"`
}
type Database struct {
Path string `yaml:"path"`
}
type Artifacts struct {
Dir string `yaml:"dir"`
RetentionDays int `yaml:"retention_days"` // 0 = keep forever
}
type Logs struct {
Dir string `yaml:"dir"`
RetentionDays int `yaml:"retention_days"` // 0 = keep forever
}
type Janitor struct {
IntervalMinutes int `yaml:"interval_minutes"` // 0 = 60
}
type Dispatcher struct {
MaxConcurrentRuns int `yaml:"max_concurrent_runs"`
}
type Network struct {
IperfPort int `yaml:"iperf_port"`
}
// PXE / Notifier / Route are declared up front so the config file is
// forward-compatible across phases. Phase 1 does not act on these.
type PXE struct {
Enabled bool `yaml:"enabled"`
Interface string `yaml:"interface"`
Subnet string `yaml:"subnet"` // LAN CIDR, e.g. "192.168.1.0/24"; dnsmasq runs in proxy-DHCP mode scoped to this subnet
OrchestratorURL string `yaml:"orchestrator_url"`
TFTPRoot string `yaml:"tftp_root"` // holds ipxe.efi + undionly.kpxe
LiveDir string `yaml:"live_dir"` // holds vmlinuz + initrd.img; served at /live
}
// Agent holds settings related to the host-mode vetting-agent binary
// that operators install on their hosts. AssetDir is served at
// /assets/*, which is where the quick-register script downloads
// `vetting-agent-linux-amd64` from.
type Agent struct {
AssetDir string `yaml:"asset_dir"` // directory containing vetting-agent-linux-amd64; "" disables /assets
}
type Notifier struct {
Name string `yaml:"name"`
Type string `yaml:"type"`
Topic string `yaml:"topic,omitempty"`
Server string `yaml:"server,omitempty"`
WebhookURL string `yaml:"webhook_url,omitempty"`
SMTP SMTP `yaml:"smtp,omitempty"`
}
type SMTP struct {
Host string `yaml:"host,omitempty"`
Port int `yaml:"port,omitempty"`
From string `yaml:"from,omitempty"`
To []string `yaml:"to,omitempty"`
}
type Route struct {
MatchKind []string `yaml:"match_kind"`
MatchSeverity []string `yaml:"match_severity,omitempty"`
Notifier string `yaml:"notifier"`
}
func Load(path string) (*Config, error) {
b, err := os.ReadFile(path)
if err != nil {
return nil, fmt.Errorf("read config: %w", err)
}
var c Config
if err := yaml.Unmarshal(b, &c); err != nil {
return nil, fmt.Errorf("parse config: %w", err)
}
// The `vetting:` + `profiles:` blocks live alongside the existing
// fields but we decode them into the raw shape because YAML
// durations arrive as strings. Reusing the same byte buffer is
// safe: yaml.Unmarshal is happy to ignore keys the target doesn't
// know about.
var rawProfiles rawProfilesBlock
if err := yaml.Unmarshal(b, &rawProfiles); err != nil {
return nil, fmt.Errorf("parse profiles: %w", err)
}
reg, err := buildProfileRegistry(rawProfiles)
if err != nil {
return nil, fmt.Errorf("profiles: %w", err)
}
c.Profiles = reg
if c.Server.Bind == "" {
c.Server.Bind = "127.0.0.1:8080"
}
if c.Database.Path == "" {
c.Database.Path = "./var/vetting.db"
}
if c.Artifacts.Dir == "" {
c.Artifacts.Dir = "./var/artifacts"
}
if c.Logs.Dir == "" {
c.Logs.Dir = "./var/logs"
}
if c.Dispatcher.MaxConcurrentRuns == 0 {
c.Dispatcher.MaxConcurrentRuns = 3
}
// Default the agent asset dir alongside the database file so upgrades
// from configs predating the agent.asset_dir field pick up a sensible
// location automatically — install.sh creates exactly this directory
// and drops vetting-agent-linux-amd64 into it, so /assets/* serves
// without the operator having to touch vetting.yaml.
if c.Agent.AssetDir == "" {
c.Agent.AssetDir = filepath.Join(filepath.Dir(c.Database.Path), "assets")
}
return &c, nil
}
Reference in New Issue View Git Blame Copy Permalink