git » gofer » commit 7af09bc

Add cue schema to validate configurations

author Alberto Bertogli
2020-06-09 01:38:54 UTC
committer Alberto Bertogli
2020-06-09 01:38:54 UTC
parent b43a9d82354d0d2391b5d45c35c75dbc3848cae3

Add cue schema to validate configurations

Makefile +6 -2
etc/gofer.schema.cue +57 -0
etc/gofer.yaml +116 -0
gofer.yaml.example +0 -33
gofer_test.go +1 -1
test/01-be.yaml +1 -1

diff --git a/Makefile b/Makefile
index 23ae91f..332bb80 100644
--- a/Makefile
+++ b/Makefile
@@ -16,8 +16,12 @@ gofer:
 		-X blitiri.com.ar/go/gofer/debug.SourceDateTs=${SOURCE_DATE_EPOCH} \
 		" ${GOFLAGS}
 
-test:
+vet: etc/gofer.yaml test/01-be.yaml test/01-fe.yaml
+	go vet ./...
+	cue vet etc/gofer.schema.cue $^
+
+test: vet
 	go test ./...
 	setsid -w ./test/test.sh
 
-.PHONY: gofer test
+.PHONY: gofer vet test
diff --git a/etc/gofer.schema.cue b/etc/gofer.schema.cue
new file mode 100644
index 0000000..8bb1fb3
--- /dev/null
+++ b/etc/gofer.schema.cue
@@ -0,0 +1,57 @@
+// This is a cue file with the schema for the gofer configuration file.
+// It can be used to validate that the configuration file is reasonable and
+// well formed.
+//
+// Example:
+//   cue vet /etc/gofer.schema.cue /etc/gofer.yaml
+
+control_addr?: string
+
+reqlog?:
+	[string]: close({
+		file:     string
+		bufsize?: number
+		format?:  string
+	})
+
+http?:
+	[string]: close(_http)
+
+https?:
+	[string]: close(_http & {
+		certs: string
+	})
+
+_http: {
+	dir?: [string]: string
+
+	static?: [string]: string
+
+	proxy?: [string]: string
+
+	redirect?: [string]: string
+
+	cgi?: [string]: string
+
+	auth?: [string]: string
+
+	setheader?: [string]: [string]: string
+
+	diropts?: [string]: #diropts
+
+	reqlog?: [string]: string
+}
+
+#diropts:: {
+	listing?: [string]: bool
+
+	exclude?: [string]
+}
+
+raw?:
+	[string]: close({
+		certs?:  string
+		to:      string
+		to_tls?: bool
+		reqlog?: string
+	})
diff --git a/etc/gofer.yaml b/etc/gofer.yaml
new file mode 100644
index 0000000..50ae97b
--- /dev/null
+++ b/etc/gofer.yaml
@@ -0,0 +1,116 @@
+# gofer configuration file
+
+# Address for the control/debug server.
+# DO NOT EXPOSE THIS TO THE INTERNET, it is dangerous and will leak a lot of
+# information.
+control_addr: "127.0.0.1:8081"
+
+# Request logging.
+reqlog:
+  # Name of the log; just an id used to refer to it on the server entries
+  # below.
+  "requests.log":
+    # Path to the log file.
+    file: "/var/log/gofer/requests.log"
+
+    # How many entries to hold in memory. Defaults to 0 (synchronous logging).
+    bufsize: 16
+
+    # Log format.
+    # Known formats: <common>, <combined>, <combinedvh>, <lighttpd>, <gofer>
+    # (that is the default).
+    #format: "<gofer>"
+
+
+# HTTP servers.
+# Map of address: configuration.
+http:
+  # Address to listen on.
+  # systemd socket passing is supported, use "&name" to indicate that you've
+  # set up a systemd socket unit with "FileDescriptorName=name".
+  # Examples: ":80", "127.0.0.1:8080", "&http".
+  "&http":
+
+    # The following options all have the same structure: the route type, and
+    # within, a series of <path>: <target>.
+    # The path have the semantics of http.ServeMux.
+    # The meaning of the target is type-specific.
+
+    # Serve the directory at the given path.
+    dir:
+      "/": "/srv/www/"
+      #"/other": "/srv/other/"
+
+    # Static individual files.
+    #static:
+    #  "/a/file": "/srv/files/file"
+
+    # Proxy requests.
+    #proxy:
+    #  "/api/v1/": "http://localhost:8080/api/"
+
+    # Redirect to a different URL.
+    #redirect:
+    #  "/wiki": "https://wikipedia.org"
+
+    # Execute a CGI.
+    #cgi:
+    #  "/gitweb": "/usr/share/gitweb/gitweb.cgi"
+
+    # Enforce authentication on these paths. The target is the file containing
+    # the user and passwords.
+    #auth:
+    #  "/private": "/srv/auth/web-users.yaml"
+
+    # Set a header on replies.
+    #setheader:
+    #  "/":
+    #    "My-Header": "my header value"
+
+    # Configure options for the "dir" type, so we can customize some behaviour
+    # per path.
+    diropts:
+      "/":
+        # Enable listing when index.html is not present?
+        listing:
+          "/": false
+          "/pub/": true
+
+        # Exclude files matching these regular expressions. They won't appear
+        # in listings, and won't be served to users (404 will be returned
+        # instead).
+        #exclude: [".*\\.secret", ".*/config"]
+
+      #"/other":
+      #  listing: true
+
+    # Enable request logging. The target is a log name, which should match an
+    # entry in the top-level reqlog configuration (see above).
+    reqlog:
+      "/": "requests.log"
+
+
+# HTTPS servers.
+https:
+  "&https":
+    # Location of the certificates, for TLS.
+    certs: "/etc/letsencrypt/live/"
+
+    # The rest of the fields are the same as for http above.
+    proxy:
+      "/": "http://localhost:8080/"
+      "/local/": "http://localhost:99/"
+
+
+# Raw socket proxying.
+raw:
+  ":995":
+    # If this is present, we will listen on a TLS socket; otherwise it will be
+    # a plain socket.
+    certs: "/etc/letsencrypt/live/"
+
+    # Address to proxy to.
+    to: "127.0.0.1:1995"
+
+    # If this is true, then we will use TLS to connect to the backend.
+    to_tls: true
diff --git a/gofer.yaml.example b/gofer.yaml.example
deleted file mode 100644
index fd626e2..0000000
--- a/gofer.yaml.example
+++ /dev/null
@@ -1,33 +0,0 @@
-
-# Address for the control/debug http.
-control_addr: "127.0.0.1:8081"
-
-# HTTP(s) proxy
-https:
-  # Address to listen on.
-  # systemd socket passing is supported, use "&name" to indicate that you've
-  # set up a systemd socket unit with "FileDescriptorName=name".
-  ":https":
-    # Location of the certificates, for TLS.
-    certs: "/etc/letsencrypt/live/"
-
-    proxy:
-      "/": "http://localhost:8080/"
-      "/local/": "http://localhost:99/"
-
-http:
-  ":http":
-    proxy:
-      "/": "http://localhost:8080/"
-
-
-raw:
-  ":995":
-    # If this is present, we will listen on a TLS socket; otherwise it will be
-    # a plain socket.
-    certs: "/etc/letsencrypt/live/"
-
-    # Where to connect to. If to_tls is true, then we will do TLS against the
-    # backend.
-    to: "example.com:1995"
-    to_tls: true
diff --git a/gofer_test.go b/gofer_test.go
index 74440da..7adc4bb 100644
--- a/gofer_test.go
+++ b/gofer_test.go
@@ -12,7 +12,7 @@ import (
 )
 
 func TestDumpConfig(t *testing.T) {
-	conf, err := config.Load("gofer.yaml.example")
+	conf, err := config.Load("etc/gofer.yaml")
 	if err != nil {
 		t.Fatalf("error loading config example: %v", err)
 	}
diff --git a/test/01-be.yaml b/test/01-be.yaml
index 0d88f4f..1f1c5bc 100644
--- a/test/01-be.yaml
+++ b/test/01-be.yaml
@@ -4,7 +4,7 @@ control_addr: "127.0.0.1:8459"
 reqlog:
   "requests":
     file: ".01-be.requests.log"
-    buffer: 10
+    bufsize: 10
 
 http:
   ":8450":