Files
unkinben 00f5b4a246 initial commit: certmanager
migrate from python to golang
2026-03-24 19:38:24 +11:00

90 lines
2.4 KiB
Go

package config
import (
"fmt"
"os"
"path/filepath"
"gopkg.in/yaml.v3"
)
// AuthMethod selects how certmanager authenticates to Vault.
type AuthMethod string
const (
AuthMethodAppRole AuthMethod = "approle"
AuthMethodLDAP AuthMethod = "ldap"
AuthMethodKubernetes AuthMethod = "kubernetes"
AuthMethodToken AuthMethod = "token"
)
// Config is the top-level configuration structure.
type Config struct {
Vault VaultConfig `yaml:"vault"`
}
// VaultConfig holds Vault connection and auth parameters.
// Only the fields relevant to the chosen AuthMethod need to be populated.
type VaultConfig struct {
Addr string `yaml:"addr"`
AuthMethod AuthMethod `yaml:"auth_method"` // approle | ldap | kubernetes | token
MountPoint string `yaml:"mount_point"`
RoleName string `yaml:"role_name"`
OutputPath string `yaml:"output_path"`
// approle
ApprolePath string `yaml:"approle_path"`
RoleID string `yaml:"role_id"`
SecretID string `yaml:"secret_id"`
// ldap
LDAPPath string `yaml:"ldap_path"`
LDAPUsername string `yaml:"ldap_username"`
LDAPPassword string `yaml:"ldap_password"`
// kubernetes
KubernetesPath string `yaml:"kubernetes_path"`
KubernetesRole string `yaml:"kubernetes_role"`
KubernetesTokenFile string `yaml:"kubernetes_token_file"`
// token (static; useful for testing or bootstrap)
Token string `yaml:"token"`
}
// DefaultPath returns the XDG-compliant default config file path:
// $XDG_CONFIG_HOME/certmanager/config.yaml, falling back to
// $HOME/.config/certmanager/config.yaml.
func DefaultPath() string {
base := os.Getenv("XDG_CONFIG_HOME")
if base == "" {
home, err := os.UserHomeDir()
if err != nil {
return "config.yaml"
}
base = filepath.Join(home, ".config")
}
return filepath.Join(base, "certmanager", "config.yaml")
}
// Load reads and parses the config file at the given path.
func Load(path string) (*Config, error) {
f, err := os.Open(path)
if err != nil {
return nil, fmt.Errorf("open config %q: %w", path, err)
}
defer f.Close()
var cfg Config
if err := yaml.NewDecoder(f).Decode(&cfg); err != nil {
return nil, fmt.Errorf("parse config %q: %w", path, err)
}
// Default to approle for backwards-compatibility with the existing
// Python certmanager/sshsignhost config format.
if cfg.Vault.AuthMethod == "" {
cfg.Vault.AuthMethod = AuthMethodAppRole
}
return &cfg, nil
}