root.go

Documentation: github.com/sigstore/timestamp-authority/cmd/timestamp-server/app

     1  //
     2  // Copyright 2022 The Sigstore Authors.
     3  //
     4  // Licensed under the Apache License, Version 2.0 (the "License");
     5  // you may not use this file except in compliance with the License.
     6  // You may obtain a copy of the License at
     7  //
     8  //     http://www.apache.org/licenses/LICENSE-2.0
     9  //
    10  // Unless required by applicable law or agreed to in writing, software
    11  // distributed under the License is distributed on an "AS IS" BASIS,
    12  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  // See the License for the specific language governing permissions and
    14  // limitations under the License.
    15  
    16  package app
    17  
    18  import (
    19  	"fmt"
    20  	"os"
    21  
    22  	homedir "github.com/mitchellh/go-homedir"
    23  	"github.com/sigstore/timestamp-authority/pkg/log"
    24  	"github.com/spf13/cobra"
    25  	"github.com/spf13/viper"
    26  )
    27  
    28  var (
    29  	cfgFile      string
    30  	logType      string
    31  	enablePprof  bool
    32  	httpPingOnly bool
    33  )
    34  
    35  // rootCmd represents the base command when called without any subcommands
    36  var rootCmd = &cobra.Command{
    37  	Use:   "timestamp-server",
    38  	Short: "Timestamp authority service",
    39  	Long:  `Timestamp authority service that issues signed timestamps`,
    40  	// Uncomment the following line if your bare application
    41  	// has an action associated with it:
    42  	//	Run: func(cmd *cobra.Command, args []string) { },
    43  }
    44  
    45  // Execute adds all child commands to the root command and sets flags appropriately.
    46  // This is called by main.main(). It only needs to happen once to the rootCmd.
    47  func Execute() {
    48  	if err := rootCmd.Execute(); err != nil {
    49  		log.Logger.Error(err)
    50  		os.Exit(1)
    51  	}
    52  }
    53  
    54  func init() {
    55  	cobra.OnInitialize(initConfig)
    56  
    57  	rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.timestamp-server.yaml)")
    58  	rootCmd.PersistentFlags().StringVar(&logType, "log-type", "dev", "logger type to use (dev/prod)")
    59  	rootCmd.PersistentFlags().BoolVar(&enablePprof, "enable-pprof", false, "enable pprof for profiling on port 6060")
    60  	rootCmd.PersistentFlags().BoolVar(&httpPingOnly, "http-ping-only", false, "serve only /ping in the http server")
    61  	rootCmd.PersistentFlags().String("timestamp-signer", "memory", "Timestamping authority signer. Valid options include: [kms, tink, memory, file]. Memory and file-based signers should only be used for testing")
    62  	rootCmd.PersistentFlags().String("timestamp-signer-hash", "sha256", "Hash algorithm used by the signer. Must match the hash algorithm specified for a KMS or Tink key. Valid options include: [sha256, sha384, sha512]. Ignored for Memory signer.")
    63  	// KMS flags
    64  	rootCmd.PersistentFlags().String("kms-key-resource", "", "KMS key for signing timestamp responses. Valid options include: [gcpkms://resource, azurekms://resource, hashivault://resource, awskms://resource]")
    65  	// Tink flags
    66  	rootCmd.PersistentFlags().String("tink-key-resource", "", "KMS key for signing timestamp responses for Tink keysets. Valid options include: [gcp-kms://resource, aws-kms://resource, hcvault://]")
    67  	rootCmd.PersistentFlags().String("tink-keyset-path", "", "Path to KMS-encrypted keyset for Tink, decrypted by tink-key-resource")
    68  	rootCmd.PersistentFlags().String("tink-hcvault-token", "", "Authentication token for Hashicorp Vault API calls")
    69  	// KMS, Tink and File flags
    70  	rootCmd.PersistentFlags().String("certificate-chain-path", "", "Path to PEM-encoded certificate chain certifying the kms-key-resource, tink-key-resource, or file-signer-key-path to act as a timestamping authority")
    71  	// File flags
    72  	rootCmd.PersistentFlags().String("file-signer-key-path", "", "Path to file containing PEM-encoded private key. Supported formats include PKCS#1, PKCS#8, and RFC5915 for EC")
    73  	rootCmd.PersistentFlags().String("file-signer-passwd", "", "Password to decrypt private key")
    74  	// NTP time introspection
    75  	rootCmd.PersistentFlags().String("ntp-monitoring", "", "Path to a file configuring ntp monitoring. Uses pkg/ntpmonitor/ntpsync.yaml as the default configuration if none is provided")
    76  	rootCmd.PersistentFlags().Bool("disable-ntp-monitoring", false, "Disables NTP monitoring. Defaults to false")
    77  
    78  	if err := viper.BindPFlags(rootCmd.PersistentFlags()); err != nil {
    79  		log.Logger.Fatal(err)
    80  	}
    81  }
    82  
    83  // initConfig reads in config file and ENV variables if set.
    84  func initConfig() {
    85  	if cfgFile != "" {
    86  		// Use config file from the flag.
    87  		viper.SetConfigFile(cfgFile)
    88  	} else {
    89  		// Find home directory.
    90  		home, err := homedir.Dir()
    91  		if err != nil {
    92  			fmt.Println(err)
    93  			os.Exit(1)
    94  		}
    95  
    96  		viper.AddConfigPath(home)
    97  		viper.AddConfigPath(".")
    98  		viper.SetConfigName("timestamp-server")
    99  		viper.SetConfigType("yaml")
   100  	}
   101  
   102  	viper.AutomaticEnv() // read in environment variables that match
   103  
   104  	// If a config file is found, read it in.
   105  	if err := viper.ReadInConfig(); err == nil {
   106  		log.Logger.Infof("Using config file: %s", viper.ConfigFileUsed())
   107  	}
   108  }
   109
View as plain text