config.go

package main

import (
	"io/ioutil"

	"github.com/sirupsen/logrus"
	"gopkg.in/yaml.v2"
)

type (
	/*                    *
	 * CONFIGURATION DATA *
	 *                    */

	// LDAP server configuration
	ldapConfig struct {
		Host         string   `yaml:"host"`
		Port         uint16   `yaml:"port"`
		TLS          string   `yaml:"tls"`
		TLSNoVerify  bool     `yaml:"tls_skip_verify"`
		CaChain      string   `yaml:"cachain"`
		BindUser     string   `yaml:"bind_user"`
		BindPassword string   `yaml:"bind_password"`
		MemberFields []string `yaml:"member_fields"`
		UsernameAttr string   `yaml:"username_attribute"`
	}

	// Graylog server configuration
	graylogConfig struct {
		APIBase        string `yaml:"api_base"`
		Username       string
		Password       string
		DeleteAccounts bool `yaml:"delete_accounts"`
	}

	// A Graylog object on which privileges are defined
	graylogObject struct {
		Type  string `yaml:"type"`
		ID    string `yaml:"id"`
		Level string `yaml:"level"`
	}

	// A mapping from a LDAP group to a set of privileges
	groupPrivileges struct {
		Roles      []string
		Privileges []graylogObject
	}

	// All group mappings
	groupMapping map[string]groupPrivileges

	// The whole configuration
	configuration struct {
		LDAP    ldapConfig
		Graylog graylogConfig
		Mapping groupMapping
	}
)

// Check group/privilege mapping configuration
func checkPrivMapping(cfg groupMapping, log *logrus.Entry) {
	for group, info := range cfg {
		log := log.WithField("group", group)
		for index, priv := range info.Privileges {
			log := log.WithField("entry", index)
			if !graylogItems[priv.Type] {
				log.WithField("item", priv.Type).
					Fatal("Invalid Graylog item")
			}
			if _, ok := privLevels[priv.Level]; !ok {
				log.WithField("level", priv.Level).
					Fatal("Invalid privilege level")
			}
		}
	}
}

// Load and check the configuration file
func loadConfiguration(flags cliFlags) (cfg configuration) {
	log := log.WithField("config", flags.cfgFile)
	log.Trace("Loading configuration")
	cfgData, err := ioutil.ReadFile(flags.cfgFile)
	if err != nil {
		log.WithField("error", err).Fatal("Could not load configuration")
	}

	cfg = configuration{
		LDAP: ldapConfig{
			Port: 389,
			TLS:  "no",
		},
	}
	err = yaml.Unmarshal(cfgData, &cfg)
	if err != nil {
		log.WithField("error", err).Fatal("Could not parse configuration")
	}

	checkPrivMapping(cfg.Mapping, log)
	return
}