func getGlobalProject(v *viper.Viper) (*libcentrifugo.Project, bool) {
p := &libcentrifugo.Project{}
// TODO: the same as for structureFromConfig function
if v == nil {
if !viper.IsSet("project_name") || viper.GetString("project_name") == "" {
return nil, false
}
p.Name = libcentrifugo.ProjectKey(viper.GetString("project_name"))
p.Secret = viper.GetString("project_secret")
p.ConnLifetime = int64(viper.GetInt("project_connection_lifetime"))
p.Anonymous = viper.GetBool("project_anonymous")
p.Watch = viper.GetBool("project_watch")
p.Publish = viper.GetBool("project_publish")
p.JoinLeave = viper.GetBool("project_join_leave")
p.Presence = viper.GetBool("project_presence")
p.HistorySize = int64(viper.GetInt("project_history_size"))
p.HistoryLifetime = int64(viper.GetInt("project_history_lifetime"))
} else {
if !v.IsSet("project_name") || v.GetString("project_name") == "" {
return nil, false
}
p.Name = libcentrifugo.ProjectKey(v.GetString("project_name"))
p.Secret = v.GetString("project_secret")
p.ConnLifetime = int64(v.GetInt("project_connection_lifetime"))
p.Anonymous = v.GetBool("project_anonymous")
p.Watch = v.GetBool("project_watch")
p.Publish = v.GetBool("project_publish")
p.JoinLeave = v.GetBool("project_join_leave")
p.Presence = v.GetBool("project_presence")
p.HistorySize = int64(v.GetInt("project_history_size"))
p.HistoryLifetime = int64(v.GetInt("project_history_lifetime"))
}
var nl []libcentrifugo.Namespace
if v == nil {
viper.MarshalKey("project_namespaces", &nl)
} else {
v.MarshalKey("project_namespaces", &nl)
}
p.Namespaces = nl
return p, true
}
// getTransport returns an http.RoundTripper to be used for all http requests.
// It correctly handles the auth challenge/credentials required to interact
// with a notary server over both HTTP Basic Auth and the JWT auth implemented
// in the notary-server
// The readOnly flag indicates if the operation should be performed as an
// anonymous read only operation. If the command entered requires write
// permissions on the server, readOnly must be false
func getTransport(config *viper.Viper, gun string, readOnly bool) (http.RoundTripper, error) {
// Attempt to get a root CA from the config file. Nil is the host defaults.
rootCAFile := utils.GetPathRelativeToConfig(config, "remote_server.root_ca")
clientCert := utils.GetPathRelativeToConfig(config, "remote_server.tls_client_cert")
clientKey := utils.GetPathRelativeToConfig(config, "remote_server.tls_client_key")
insecureSkipVerify := false
if config.IsSet("remote_server.skipTLSVerify") {
insecureSkipVerify = config.GetBool("remote_server.skipTLSVerify")
}
if clientCert == "" && clientKey != "" || clientCert != "" && clientKey == "" {
return nil, fmt.Errorf("either pass both client key and cert, or neither")
}
tlsConfig, err := tlsconfig.Client(tlsconfig.Options{
CAFile: rootCAFile,
InsecureSkipVerify: insecureSkipVerify,
CertFile: clientCert,
KeyFile: clientKey,
})
if err != nil {
return nil, fmt.Errorf("unable to configure TLS: %s", err.Error())
}
base := &http.Transport{
Proxy: http.ProxyFromEnvironment,
Dial: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
DualStack: true,
}).Dial,
TLSHandshakeTimeout: 10 * time.Second,
TLSClientConfig: tlsConfig,
DisableKeepAlives: true,
}
trustServerURL := getRemoteTrustServer(config)
return tokenAuth(trustServerURL, base, gun, readOnly)
}
func getTransport(config *viper.Viper, gun string, readOnly bool) http.RoundTripper {
// Attempt to get a root CA from the config file. Nil is the host defaults.
rootCAFile := config.GetString("remote_server.root_ca")
if rootCAFile != "" {
// If we haven't been given an Absolute path, we assume it's relative
// from the configuration directory (~/.notary by default)
if !filepath.IsAbs(rootCAFile) {
rootCAFile = filepath.Join(configPath, rootCAFile)
}
}
insecureSkipVerify := false
if config.IsSet("remote_server.skipTLSVerify") {
insecureSkipVerify = config.GetBool("remote_server.skipTLSVerify")
}
tlsConfig, err := utils.ConfigureClientTLS(&utils.ClientTLSOpts{
RootCAFile: rootCAFile,
InsecureSkipVerify: insecureSkipVerify,
})
if err != nil {
logrus.Fatal("Unable to configure TLS: ", err.Error())
}
base := &http.Transport{
Proxy: http.ProxyFromEnvironment,
Dial: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
DualStack: true,
}).Dial,
TLSHandshakeTimeout: 10 * time.Second,
TLSClientConfig: tlsConfig,
DisableKeepAlives: true,
}
return tokenAuth(config, base, gun, readOnly)
}
func SetDefaultConfigValues(v *viper.Viper, b *Bgp) error {
if v == nil {
v = viper.New()
}
defaultAfiSafi := func(typ AfiSafiType, enable bool) AfiSafi {
return AfiSafi{
AfiSafiName: typ,
Config: AfiSafiConfig{
AfiSafiName: typ,
Enabled: enable,
},
State: AfiSafiState{
AfiSafiName: typ,
},
}
}
if !v.IsSet("global.afi-safis") {
b.Global.AfiSafis = []AfiSafi{}
for k, _ := range AfiSafiTypeToIntMap {
b.Global.AfiSafis = append(b.Global.AfiSafis, defaultAfiSafi(k, true))
}
}
if b.Global.ListenConfig.Port == 0 {
b.Global.ListenConfig.Port = bgp.BGP_PORT
}
for idx, server := range b.Global.BmpServers {
if server.Config.Port == 0 {
server.Config.Port = bgp.BMP_DEFAULT_PORT
}
b.Global.BmpServers[idx] = server
}
if !v.IsSet("global.mpls-label-range.min-label") {
b.Global.MplsLabelRange.MinLabel = DEFAULT_MPLS_LABEL_MIN
}
if !v.IsSet("global.mpls-label-range.max-label") {
b.Global.MplsLabelRange.MaxLabel = DEFAULT_MPLS_LABEL_MAX
}
// yaml is decoded as []interface{}
// but toml is decoded as []map[string]interface{}.
// currently, viper can't hide this difference.
// handle the difference here.
extractArray := func(intf interface{}) ([]interface{}, error) {
if intf != nil {
list, ok := intf.([]interface{})
if ok {
return list, nil
}
l, ok := intf.([]map[string]interface{})
if !ok {
return nil, fmt.Errorf("invalid configuration: neither []interface{} nor []map[string]interface{}")
}
list = make([]interface{}, 0, len(l))
for _, m := range l {
list = append(list, m)
}
return list, nil
}
return nil, nil
}
list, err := extractArray(v.Get("neighbors"))
if err != nil {
return err
}
for idx, n := range b.Neighbors {
vv := viper.New()
if len(list) > idx {
vv.Set("neighbor", list[idx])
}
if !vv.IsSet("neighbor.timers.config.connect-retry") {
n.Timers.Config.ConnectRetry = float64(DEFAULT_CONNECT_RETRY)
}
if !vv.IsSet("neighbor.timers.config.hold-time") {
n.Timers.Config.HoldTime = float64(DEFAULT_HOLDTIME)
}
if !vv.IsSet("neighbor.timers.config.keepalive-interval") {
n.Timers.Config.KeepaliveInterval = n.Timers.Config.HoldTime / 3
}
if !vv.IsSet("neighbor.timers.config.idle-hold-time-after-reset") {
n.Timers.Config.IdleHoldTimeAfterReset = float64(DEFAULT_IDLE_HOLDTIME_AFTER_RESET)
}
if !vv.IsSet("neighbor.afi-safis") {
if ip := net.ParseIP(n.Config.NeighborAddress); ip.To4() != nil {
n.AfiSafis = []AfiSafi{defaultAfiSafi(AFI_SAFI_TYPE_IPV4_UNICAST, true)}
} else if ip.To16() != nil {
n.AfiSafis = []AfiSafi{defaultAfiSafi(AFI_SAFI_TYPE_IPV6_UNICAST, true)}
} else {
return fmt.Errorf("invalid neighbor address: %s", n.Config.NeighborAddress)
}
} else {
afs, err := extractArray(vv.Get("neighbor.afi-safis"))
if err != nil {
return err
}
for i, af := range n.AfiSafis {
vvv := viper.New()
if len(afs) > i {
vvv.Set("afi-safi", afs[i])
}
af.Config.AfiSafiName = af.AfiSafiName
af.State.AfiSafiName = af.AfiSafiName
if !vvv.IsSet("afi-safi.config") {
af.Config.Enabled = true
}
n.AfiSafis[i] = af
}
}
if !vv.IsSet("neighbor.config.peer-type") {
if n.Config.PeerAs != b.Global.Config.As {
n.Config.PeerType = PEER_TYPE_EXTERNAL
} else {
n.Config.PeerType = PEER_TYPE_INTERNAL
}
}
b.Neighbors[idx] = n
}
for _, r := range b.RpkiServers {
if r.Config.Port == 0 {
r.Config.Port = bgp.RPKI_DEFAULT_PORT
}
}
return nil
}
func setDefaultNeighborConfigValuesWithViper(v *viper.Viper, n *Neighbor, asn uint32) error {
if v == nil {
v = viper.New()
}
if n.Config.LocalAs == 0 {
n.Config.LocalAs = asn
}
if n.Config.PeerAs != n.Config.LocalAs {
n.Config.PeerType = PEER_TYPE_EXTERNAL
} else {
n.Config.PeerType = PEER_TYPE_INTERNAL
}
if !v.IsSet("neighbor.timers.config.connect-retry") && n.Timers.Config.ConnectRetry == 0 {
n.Timers.Config.ConnectRetry = float64(DEFAULT_CONNECT_RETRY)
}
if !v.IsSet("neighbor.timers.config.hold-time") && n.Timers.Config.HoldTime == 0 {
n.Timers.Config.HoldTime = float64(DEFAULT_HOLDTIME)
}
if !v.IsSet("neighbor.timers.config.keepalive-interval") && n.Timers.Config.KeepaliveInterval == 0 {
n.Timers.Config.KeepaliveInterval = n.Timers.Config.HoldTime / 3
}
if !v.IsSet("neighbor.timers.config.idle-hold-time-after-reset") && n.Timers.Config.IdleHoldTimeAfterReset == 0 {
n.Timers.Config.IdleHoldTimeAfterReset = float64(DEFAULT_IDLE_HOLDTIME_AFTER_RESET)
}
if n.Config.NeighborInterface != "" {
addr, err := GetIPv6LinkLocalNeighborAddress(n.Config.NeighborInterface)
if err != nil {
return err
}
n.Config.NeighborAddress = addr
}
if n.Transport.Config.LocalAddress == "" {
if n.Config.NeighborAddress == "" {
return fmt.Errorf("no neighbor address/interface specified")
}
ipAddr, err := net.ResolveIPAddr("ip", n.Config.NeighborAddress)
if err != nil {
return err
}
localAddress := "0.0.0.0"
if ipAddr.IP.To4() == nil {
localAddress = "::"
if ipAddr.Zone != "" {
localAddress, err = getIPv6LinkLocalAddress(ipAddr.Zone)
if err != nil {
return err
}
}
}
n.Transport.Config.LocalAddress = localAddress
}
if len(n.AfiSafis) == 0 {
if ipAddr, err := net.ResolveIPAddr("ip", n.Config.NeighborAddress); err != nil {
return fmt.Errorf("invalid neighbor address: %s", n.Config.NeighborAddress)
} else if ipAddr.IP.To4() != nil {
n.AfiSafis = []AfiSafi{defaultAfiSafi(AFI_SAFI_TYPE_IPV4_UNICAST, true)}
} else {
n.AfiSafis = []AfiSafi{defaultAfiSafi(AFI_SAFI_TYPE_IPV6_UNICAST, true)}
}
} else {
afs, err := extractArray(v.Get("neighbor.afi-safis"))
if err != nil {
return err
}
for i, af := range n.AfiSafis {
vv := viper.New()
if len(afs) > i {
vv.Set("afi-safi", afs[i])
}
af.State.AfiSafiName = af.Config.AfiSafiName
if !vv.IsSet("afi-safi.config") {
af.Config.Enabled = true
}
n.AfiSafis[i] = af
}
}
n.State.Description = n.Config.Description
n.State.AdminDown = n.Config.AdminDown
if n.GracefulRestart.Config.Enabled {
if !v.IsSet("neighbor.graceful-restart.config.restart-time") && n.GracefulRestart.Config.RestartTime == 0 {
// RFC 4724 4. Operation
// A suggested default for the Restart Time is a value less than or
// equal to the HOLDTIME carried in the OPEN.
n.GracefulRestart.Config.RestartTime = uint16(n.Timers.Config.HoldTime)
}
if !v.IsSet("neighbor.graceful-restart.config.deferral-time") && n.GracefulRestart.Config.DeferralTime == 0 {
// RFC 4724 4.1. Procedures for the Restarting Speaker
// The value of this timer should be large
// enough, so as to provide all the peers of the Restarting Speaker with
// enough time to send all the routes to the Restarting Speaker
n.GracefulRestart.Config.DeferralTime = uint16(360)
}
}
return nil
}