consolidate sia config objects into a single module (#2845)

Signed-off-by: Henry Avetisyan <[email protected]>

libs/go/sia/Makefile

@@ -13,7 +13,7 @@ ifneq ($(patsubst %$(SIA_DIR),,$(lastword $(ATHENZ_DIR))),)
 endif
 
 SUBDIRS = access/config access/tokens agent aws/agent aws/attestation aws/doc aws/lambda aws/meta \
-	aws/options aws/sds aws/stssession file futil gcp/attestation gcp/meta gcp/functions \
+	aws/options aws/stssession file futil gcp/attestation gcp/meta gcp/functions \
 	host/hostdoc host/ip host/provider host/signature host/utils logutil options pki/cert \
 	sds ssh/hostcert ssh/hostkey util verify
 OS = darwin linux windows

libs/go/sia/access/tokens/tokens.go

@@ -31,7 +31,7 @@ import (
 
 	"github.com/AthenZ/athenz/clients/go/zts"
 	"github.com/AthenZ/athenz/libs/go/sia/access/config"
-	"github.com/AthenZ/athenz/libs/go/sia/aws/options"
+	sc "github.com/AthenZ/athenz/libs/go/sia/config"
 	siafile "github.com/AthenZ/athenz/libs/go/sia/file"
 	"github.com/AthenZ/athenz/libs/go/sia/futil"
 	tlsconfig "github.com/AthenZ/athenz/libs/go/tls/config"
@@ -239,7 +239,7 @@ func makeTokenRequest(domain string, roles []string, expiryTime int, proxyPrinci
 	return params.Encode()
 }
 
-func NewTokenOptions(options *options.Options, ztsUrl string, userAgent string) (*config.TokenOptions, error) {
+func NewTokenOptions(options *sc.Options, ztsUrl string, userAgent string) (*config.TokenOptions, error) {
 	if options.AccessTokens == nil {
 		return nil, fmt.Errorf("not configured to fetch access tokens")
 	}
@@ -272,7 +272,7 @@ func NewTokenOptions(options *options.Options, ztsUrl string, userAgent string)
 	return tokenOpts, nil
 }
 
-func toTokenServices(services []options.Service) []config.TokenService {
+func toTokenServices(services []sc.Service) []config.TokenService {
 	var tokenServices []config.TokenService
 
 	for _, svc := range services {

libs/go/sia/agent/agent.go

@@ -35,6 +35,7 @@ import (
 	"github.com/AthenZ/athenz/libs/go/athenzutils"
 	"github.com/AthenZ/athenz/libs/go/sia/access/config"
 	"github.com/AthenZ/athenz/libs/go/sia/access/tokens"
+	sc "github.com/AthenZ/athenz/libs/go/sia/config"
 	"github.com/AthenZ/athenz/libs/go/sia/options"
 	"github.com/AthenZ/athenz/libs/go/sia/sds"
 	"github.com/AthenZ/athenz/libs/go/sia/ssh/hostkey"
@@ -86,7 +87,7 @@ func RoleKey(rotateKey bool, roleKey, svcKey string) (*rsa.PrivateKey, error) {
 	}
 }
 
-func GetRoleCertificates(ztsUrl string, opts *options.Options) (int, []string) {
+func GetRoleCertificates(ztsUrl string, opts *sc.Options) (int, []string) {
 
 	//initialize our return state to success
 	failures := make([]string, 0)
@@ -171,7 +172,7 @@ func GetRoleCertificates(ztsUrl string, opts *options.Options) (int, []string) {
 	return len(opts.Roles), failures
 }
 
-func RegisterInstance(ztsUrl string, opts *options.Options, docExpiryCheck bool) error {
+func RegisterInstance(ztsUrl string, opts *sc.Options, docExpiryCheck bool) error {
 
 	//special handling for VM instances ( EC2 / GCE )
 	//before we process our register event we need to check to
@@ -191,7 +192,7 @@ func RegisterInstance(ztsUrl string, opts *options.Options, docExpiryCheck bool)
 	return nil
 }
 
-func RefreshInstance(ztsUrl string, opts *options.Options) error {
+func RefreshInstance(ztsUrl string, opts *sc.Options) error {
 	for _, svc := range opts.Services {
 		err := refreshSvc(svc, ztsUrl, opts)
 		if err != nil {
@@ -201,7 +202,7 @@ func RefreshInstance(ztsUrl string, opts *options.Options) error {
 	return nil
 }
 
-func getServiceHostname(opts *options.Options, svc options.Service, fqdn bool) string {
+func getServiceHostname(opts *sc.Options, svc sc.Service, fqdn bool) string {
 	if !opts.SanDnsHostname {
 		return ""
 	}
@@ -235,7 +236,7 @@ func getServiceHostname(opts *options.Options, svc options.Service, fqdn bool) s
 	return fmt.Sprintf("%s.%s.%s.%s", hostname, svc.Name, hyphenDomain, opts.HostnameSuffix)
 }
 
-func registerSvc(svc options.Service, ztsUrl string, opts *options.Options) error {
+func registerSvc(svc sc.Service, ztsUrl string, opts *sc.Options) error {
 
 	key, err := util.GenerateKeyPair(2048)
 	if err != nil {
@@ -349,7 +350,7 @@ func registerSvc(svc options.Service, ztsUrl string, opts *options.Options) erro
 	return nil
 }
 
-func refreshSvc(svc options.Service, ztsUrl string, opts *options.Options) error {
+func refreshSvc(svc sc.Service, ztsUrl string, opts *sc.Options) error {
 
 	keyFile := util.GetSvcKeyFileName(opts.KeyDir, svc.KeyFilename, opts.Domain, svc.Name)
 	certFile := util.GetSvcCertFileName(opts.CertDir, svc.CertFilename, opts.Domain, svc.Name)
@@ -466,7 +467,7 @@ func refreshSvc(svc options.Service, ztsUrl string, opts *options.Options) error
 	return nil
 }
 
-func generateSshRequest(opts *options.Options, primaryServiceName, hostname string) (*zts.SSHCertRequest, string, error) {
+func generateSshRequest(opts *sc.Options, primaryServiceName, hostname string) (*zts.SSHCertRequest, string, error) {
 	var err error
 	var sshCsr string
 	var sshCertRequest *zts.SSHCertRequest
@@ -560,7 +561,7 @@ func hostCertificateLinePresent(sshConfigFile, sshCertFile string) (bool, error)
 	return false, nil
 }
 
-func SetupAgent(opts *options.Options, siaAgentDir, siaLinkDir string) {
+func SetupAgent(opts *sc.Options, siaAgentDir, siaLinkDir string) {
 
 	//first, let's determine if we need to drop our privileges
 	//since it requires us to create the directories with the
@@ -617,15 +618,15 @@ func SetupAgent(opts *options.Options, siaAgentDir, siaLinkDir string) {
 	}
 }
 
-func RunAgent(siaCmds, ztsUrl string, opts *options.Options) {
+func RunAgent(siaCmds, ztsUrl string, opts *sc.Options) {
 	log.Printf("sia command line arguments specified: '%s'\n", siaCmds)
 	cmds := strings.Split(siaCmds, ",")
 	for _, cmd := range cmds {
 		runAgentCommand(cmd, ztsUrl, opts)
 	}
 }
 
-func runAgentCommand(siaCmd, ztsUrl string, opts *options.Options) {
+func runAgentCommand(siaCmd, ztsUrl string, opts *sc.Options) {
 
 	//make sure the meta endpoint is configured by the caller
 	if opts.MetaEndPoint == "" {
@@ -888,9 +889,9 @@ func accessTokenRequest(tokenOpts *config.TokenOptions) error {
 	return err
 }
 
-func tokenOptions(opts *options.Options, ztsUrl string) (*config.TokenOptions, error) {
+func tokenOptions(opts *sc.Options, ztsUrl string) (*config.TokenOptions, error) {
 	userAgent := fmt.Sprintf("%s-%s", opts.Provider, opts.InstanceId)
-	tokenOpts, err := tokens.NewTokenOptions(options.LegacyOptions(opts), ztsUrl, userAgent)
+	tokenOpts, err := tokens.NewTokenOptions(opts, ztsUrl, userAgent)
 	if err != nil {
 		return nil, fmt.Errorf("processing access tokens: %s", err.Error())
 	}
@@ -923,7 +924,7 @@ func fetchAccessToken(tokenOpts *config.TokenOptions) error {
 	}
 }
 
-func shouldSkipRegister(opts *options.Options) bool {
+func shouldSkipRegister(opts *sc.Options) bool {
 	if opts.EC2StartTime == nil {
 		return false
 	}
@@ -932,13 +933,13 @@ func shouldSkipRegister(opts *options.Options) bool {
 	return duration.Seconds() > 1800
 }
 
-func serviceAlreadyRegistered(opts *options.Options, svc options.Service) bool {
+func serviceAlreadyRegistered(opts *sc.Options, svc sc.Service) bool {
 	keyFile := util.GetSvcKeyFileName(opts.KeyDir, svc.KeyFilename, opts.Domain, svc.Name)
 	certFile := util.GetSvcCertFileName(opts.CertDir, svc.CertFilename, opts.Domain, svc.Name)
 	return util.FileExists(keyFile) && util.FileExists(certFile)
 }
 
-func shouldExitRightAway(failedRefreshCount int, opts *options.Options) bool {
+func shouldExitRightAway(failedRefreshCount int, opts *sc.Options) bool {
 	// if the failed count already matches or exceeds our configured
 	// value then we return right away
 	if failedRefreshCount >= opts.FailCountForExit {

libs/go/sia/agent/agent_test.go

@@ -32,12 +32,11 @@ import (
 
 	"github.com/AthenZ/athenz/libs/go/sia/access/config"
 	"github.com/AthenZ/athenz/libs/go/sia/agent/devel/ztsmock"
+	sc "github.com/AthenZ/athenz/libs/go/sia/config"
 	"github.com/AthenZ/athenz/libs/go/sia/host/ip"
 	"github.com/AthenZ/athenz/libs/go/sia/host/signature"
-	"github.com/AthenZ/athenz/libs/go/sia/options"
 	"github.com/AthenZ/athenz/libs/go/sia/ssh/hostkey"
 	"github.com/AthenZ/athenz/libs/go/sia/util"
-
 	"github.com/stretchr/testify/assert"
 )
 
@@ -200,9 +199,9 @@ func TestRegisterInstance(test *testing.T) {
 	tp := TestProvider{
 		Name: "athenz.aws.us-west-2",
 	}
-	opts := &options.Options{
+	opts := &sc.Options{
 		Domain: "athenz",
-		Services: []options.Service{
+		Services: []sc.Service{
 			{
 				Name: "hockey",
 				Uid:  util.ExecIdCommand("-u"),
@@ -248,7 +247,7 @@ func copyFile(src, dst string) error {
 	return os.WriteFile(dst, data, 0644)
 }
 
-func refreshServiceCertSetup(test *testing.T) (*options.Options, string) {
+func refreshServiceCertSetup(test *testing.T) (*sc.Options, string) {
 
 	siaDir := test.TempDir()
 
@@ -275,9 +274,9 @@ func refreshServiceCertSetup(test *testing.T) (*options.Options, string) {
 	tp := TestProvider{
 		Name: "athenz.aws.us-west-2",
 	}
-	opts := &options.Options{
+	opts := &sc.Options{
 		Domain: "athenz",
-		Services: []options.Service{
+		Services: []sc.Service{
 			{
 				Name:     "hockey",
 				Uid:      util.ExecIdCommand("-u"),
@@ -344,17 +343,17 @@ func TestRoleCertificateRequest(test *testing.T) {
 	tp := TestProvider{
 		Name: "athenz.aws.us-west-2",
 	}
-	opts := &options.Options{
+	opts := &sc.Options{
 		Domain: "athenz",
-		Services: []options.Service{
+		Services: []sc.Service{
 			{
 				Name:     "hockey",
 				Uid:      util.ExecIdCommand("-u"),
 				Gid:      util.ExecIdCommand("-g"),
 				FileMode: 0400,
 			},
 		},
-		Roles: []options.Role{
+		Roles: []sc.Role{
 			{
 				Name:             "athenz:role.writers",
 				Service:          "hockey",
@@ -385,7 +384,7 @@ func TestRoleCertificateRequest(test *testing.T) {
 
 func TestShouldSkipRegister(test *testing.T) {
 	startTime := time.Now()
-	opts := &options.Options{
+	opts := &sc.Options{
 		EC2StartTime: &startTime,
 	}
 	//current time is valid
@@ -471,7 +470,7 @@ func TestUpdateSSHConfigFile(test *testing.T) {
 }
 
 func TestNilTokenOptions(test *testing.T) {
-	opts := &options.Options{
+	opts := &sc.Options{
 		Domain: "athenz",
 	}
 	token, err := tokenOptions(opts, "")
@@ -480,7 +479,7 @@ func TestNilTokenOptions(test *testing.T) {
 }
 
 func TestTokenStoreOptions(test *testing.T) {
-	opts := &options.Options{
+	opts := &sc.Options{
 		Domain: "athenz",
 		AccessTokens: []config.AccessToken{
 			{
@@ -530,13 +529,13 @@ func TestGetServiceHostname(test *testing.T) {
 				Name:     "testProvider",
 				Hostname: tt.providerHostname,
 			}
-			opts := options.Options{
+			opts := sc.Options{
 				SanDnsHostname: tt.sanDnsHostname,
 				HostnameSuffix: tt.hostnameSuffix,
 				Domain:         tt.domain,
 				Provider:       provider,
 			}
-			svc := options.Service{
+			svc := sc.Service{
 				Name: tt.service,
 			}
 			hostname := getServiceHostname(&opts, svc, false)
@@ -551,7 +550,7 @@ func TestServiceAlreadyRegistered(test *testing.T) {
 
 	keyDir := test.TempDir()
 	certDir := test.TempDir()
-	opts := options.Options{
+	opts := sc.Options{
 		KeyDir:  keyDir,
 		CertDir: certDir,
 		Domain:  "athenz",
@@ -581,7 +580,7 @@ func TestServiceAlreadyRegistered(test *testing.T) {
 	}
 	for _, tt := range tests {
 		test.Run(tt.name, func(t *testing.T) {
-			svc := options.Service{
+			svc := sc.Service{
 				Name:         "api",
 				KeyFilename:  tt.keyFileName,
 				CertFilename: tt.certFileName,
@@ -599,7 +598,7 @@ func TestGenerateSshRequest(test *testing.T) {
 	tp := TestProvider{
 		Name: "athenz.aws.us-west-2",
 	}
-	opts := options.Options{
+	opts := sc.Options{
 		Ssh:      false,
 		Provider: tp,
 	}
@@ -610,7 +609,7 @@ func TestGenerateSshRequest(test *testing.T) {
 	assert.Nil(test, err)
 	// ssh enabled but not for primary service we should get success with nils and empty csr
 	opts.Ssh = true
-	opts.Services = []options.Service{
+	opts.Services = []sc.Service{
 		{
 			Name: "api",
 		},
@@ -653,7 +652,7 @@ func TestGenerateSshRequest(test *testing.T) {
 
 func TestShouldExitRightAwayCountsOnly(test *testing.T) {
 
-	opts := &options.Options{
+	opts := &sc.Options{
 		FailCountForExit: 2,
 	}