Split up boulder-config.json (VA) (letsencrypt#1979)

benileo · cpu · commit bea8e5753644 · 2016-07-01T13:06:50.000-04:00
diff --git a/cmd/boulder-va/main.go b/cmd/boulder-va/main.go
@@ -1,6 +1,8 @@
 package main
 
 import (
+	"flag"
+	"os"
 	"time"
 
 	"github.com/jmhodges/clock"
@@ -10,113 +12,165 @@ import (
 	"github.com/letsencrypt/boulder/cmd"
 	caaPB "github.com/letsencrypt/boulder/cmd/caa-checker/proto"
 	bgrpc "github.com/letsencrypt/boulder/grpc"
-	blog "github.com/letsencrypt/boulder/log"
 	"github.com/letsencrypt/boulder/metrics"
 	"github.com/letsencrypt/boulder/rpc"
 	"github.com/letsencrypt/boulder/va"
 )
 
 const clientName = "VA"
 
+type config struct {
+	VA struct {
+		cmd.ServiceConfig
+
+		UserAgent string
+
+		IssuerDomain string
+
+		PortConfig cmd.PortConfig
+
+		MaxConcurrentRPCServerRequests int64
+
+		LookupIPv6 bool
+
+		GoogleSafeBrowsing *cmd.GoogleSafeBrowsingConfig
+
+		CAAService *cmd.GRPCClientConfig
+
+		CAADistributedResolver *cmd.CAADistributedResolverConfig
+
+		// The number of times to try a DNS query (that has a temporary error)
+		// before giving up. May be short-circuited by deadlines. A zero value
+		// will be turned into 1.
+		DNSTries int
+
+		// Feature flag to enable enforcement of CAA SERVFAILs.
+		CAASERVFAILExceptions string
+	}
+
+	Statsd cmd.StatsdConfig
+
+	Syslog cmd.SyslogConfig
+
+	Common struct {
+		DNSResolver               string
+		DNSTimeout                string
+		DNSAllowLoopbackAddresses bool
+	}
+}
+
 func main() {
-	app := cmd.NewAppShell("boulder-va", "Handles challenge validation")
-	app.Action = func(c cmd.Config, stats metrics.Statter, logger blog.Logger) {
-		go cmd.DebugServer(c.VA.DebugAddr)
-
-		go cmd.ProfileCmd("VA", stats)
-
-		pc := &cmd.PortConfig{
-			HTTPPort:  80,
-			HTTPSPort: 443,
-			TLSPort:   443,
-		}
-		if c.VA.PortConfig.HTTPPort != 0 {
-			pc.HTTPPort = c.VA.PortConfig.HTTPPort
-		}
-		if c.VA.PortConfig.HTTPSPort != 0 {
-			pc.HTTPSPort = c.VA.PortConfig.HTTPSPort
-		}
-		if c.VA.PortConfig.TLSPort != 0 {
-			pc.TLSPort = c.VA.PortConfig.TLSPort
-		}
-		var caaClient caaPB.CAACheckerClient
-		if c.VA.CAAService != nil {
-			conn, err := bgrpc.ClientSetup(c.VA.CAAService)
-			cmd.FailOnError(err, "Failed to load credentials and create connection to service")
-			caaClient = caaPB.NewCAACheckerClient(conn)
-		}
-		scoped := metrics.NewStatsdScope(stats, "VA", "DNS")
-		sbc := newGoogleSafeBrowsing(c.VA.GoogleSafeBrowsing)
-		var cdrClient *cdr.CAADistributedResolver
-		if c.VA.CAADistributedResolver != nil {
-			var err error
-			cdrClient, err = cdr.New(
-				scoped,
-				c.VA.CAADistributedResolver.Timeout.Duration,
-				c.VA.CAADistributedResolver.MaxFailures,
-				c.VA.CAADistributedResolver.Proxies,
-				logger,
-			)
-			cmd.FailOnError(err, "Failed to create CAADistributedResolver")
-		}
-		dnsTimeout, err := time.ParseDuration(c.Common.DNSTimeout)
-		cmd.FailOnError(err, "Couldn't parse DNS timeout")
-		dnsTries := c.VA.DNSTries
-		if dnsTries < 1 {
-			dnsTries = 1
-		}
-		clk := clock.Default()
-		caaSERVFAILExceptions, err := bdns.ReadHostList(c.VA.CAASERVFAILExceptions)
-		cmd.FailOnError(err, "Couldn't read CAASERVFAILExceptions file")
-		var resolver bdns.DNSResolver
-		if !c.Common.DNSAllowLoopbackAddresses {
-			r := bdns.NewDNSResolverImpl(
-				dnsTimeout,
-				[]string{c.Common.DNSResolver},
-				caaSERVFAILExceptions,
-				scoped,
-				clk,
-				dnsTries)
-			r.LookupIPv6 = c.VA.LookupIPv6
-			resolver = r
-		} else {
-			r := bdns.NewTestDNSResolverImpl(dnsTimeout, []string{c.Common.DNSResolver}, scoped, clk, dnsTries)
-			r.LookupIPv6 = c.VA.LookupIPv6
-			resolver = r
-		}
-		vai := va.NewValidationAuthorityImpl(
-			pc,
-			sbc,
-			caaClient,
-			cdrClient,
-			resolver,
-			c.VA.UserAgent,
-			c.VA.IssuerDomain,
-			stats,
-			clk,
+	configFile := flag.String("config", "", "File path to the configuration file for this service")
+	flag.Parse()
+	if *configFile == "" {
+		flag.Usage()
+		os.Exit(1)
+	}
+
+	var c config
+	err := cmd.ReadJSONFile(*configFile, &c)
+	cmd.FailOnError(err, "Reading JSON config file into config structure")
+
+	go cmd.DebugServer(c.VA.DebugAddr)
+
+	stats, logger := cmd.StatsAndLogging(c.Statsd, c.Syslog)
+	defer logger.AuditPanic()
+	logger.Info(cmd.VersionString(clientName))
+
+	go cmd.ProfileCmd("VA", stats)
+
+	pc := &cmd.PortConfig{
+		HTTPPort:  80,
+		HTTPSPort: 443,
+		TLSPort:   443,
+	}
+	if c.VA.PortConfig.HTTPPort != 0 {
+		pc.HTTPPort = c.VA.PortConfig.HTTPPort
+	}
+	if c.VA.PortConfig.HTTPSPort != 0 {
+		pc.HTTPSPort = c.VA.PortConfig.HTTPSPort
+	}
+	if c.VA.PortConfig.TLSPort != 0 {
+		pc.TLSPort = c.VA.PortConfig.TLSPort
+	}
+
+	var caaClient caaPB.CAACheckerClient
+	if c.VA.CAAService != nil {
+		conn, err := bgrpc.ClientSetup(c.VA.CAAService)
+		cmd.FailOnError(err, "Failed to load credentials and create connection to service")
+		caaClient = caaPB.NewCAACheckerClient(conn)
+	}
+
+	scoped := metrics.NewStatsdScope(stats, "VA", "DNS")
+	sbc := newGoogleSafeBrowsing(c.VA.GoogleSafeBrowsing)
+
+	var cdrClient *cdr.CAADistributedResolver
+	if c.VA.CAADistributedResolver != nil {
+		var err error
+		cdrClient, err = cdr.New(
+			scoped,
+			c.VA.CAADistributedResolver.Timeout.Duration,
+			c.VA.CAADistributedResolver.MaxFailures,
+			c.VA.CAADistributedResolver.Proxies,
 			logger)
+		cmd.FailOnError(err, "Failed to create CAADistributedResolver")
+	}
 
-		amqpConf := c.VA.AMQP
-
-		if c.VA.GRPC != nil {
-			s, l, err := bgrpc.NewServer(c.VA.GRPC, metrics.NewStatsdScope(stats, "VA"))
-			cmd.FailOnError(err, "Unable to setup VA gRPC server")
-			err = bgrpc.RegisterValidationAuthorityGRPCServer(s, vai)
-			cmd.FailOnError(err, "Unable to register VA gRPC server")
-			go func() {
-				err = s.Serve(l)
-				cmd.FailOnError(err, "VA gRPC service failed")
-			}()
-		}
-
-		vas, err := rpc.NewAmqpRPCServer(amqpConf, c.VA.MaxConcurrentRPCServerRequests, stats, logger)
-		cmd.FailOnError(err, "Unable to create VA RPC server")
-		err = rpc.NewValidationAuthorityServer(vas, vai)
-		cmd.FailOnError(err, "Unable to setup VA RPC server")
-
-		err = vas.Start(amqpConf)
-		cmd.FailOnError(err, "Unable to run VA RPC server")
+	dnsTimeout, err := time.ParseDuration(c.Common.DNSTimeout)
+	cmd.FailOnError(err, "Couldn't parse DNS timeout")
+	dnsTries := c.VA.DNSTries
+	if dnsTries < 1 {
+		dnsTries = 1
+	}
+	clk := clock.Default()
+	caaSERVFAILExceptions, err := bdns.ReadHostList(c.VA.CAASERVFAILExceptions)
+	cmd.FailOnError(err, "Couldn't read CAASERVFAILExceptions file")
+	var resolver bdns.DNSResolver
+	if !c.Common.DNSAllowLoopbackAddresses {
+		r := bdns.NewDNSResolverImpl(
+			dnsTimeout,
+			[]string{c.Common.DNSResolver},
+			caaSERVFAILExceptions,
+			scoped,
+			clk,
+			dnsTries)
+		r.LookupIPv6 = c.VA.LookupIPv6
+		resolver = r
+	} else {
+		r := bdns.NewTestDNSResolverImpl(dnsTimeout, []string{c.Common.DNSResolver}, scoped, clk, dnsTries)
+		r.LookupIPv6 = c.VA.LookupIPv6
+		resolver = r
 	}
 
-	app.Run()
+	vai := va.NewValidationAuthorityImpl(
+		pc,
+		sbc,
+		caaClient,
+		cdrClient,
+		resolver,
+		c.VA.UserAgent,
+		c.VA.IssuerDomain,
+		stats,
+		clk,
+		logger)
+
+	amqpConf := c.VA.AMQP
+	if c.VA.GRPC != nil {
+		s, l, err := bgrpc.NewServer(c.VA.GRPC, metrics.NewStatsdScope(stats, "VA"))
+		cmd.FailOnError(err, "Unable to setup VA gRPC server")
+		err = bgrpc.RegisterValidationAuthorityGRPCServer(s, vai)
+		cmd.FailOnError(err, "Unable to register VA gRPC server")
+		go func() {
+			err = s.Serve(l)
+			cmd.FailOnError(err, "VA gRPC service failed")
+		}()
+	}
+
+	vas, err := rpc.NewAmqpRPCServer(amqpConf, c.VA.MaxConcurrentRPCServerRequests, stats, logger)
+	cmd.FailOnError(err, "Unable to create VA RPC server")
+	err = rpc.NewValidationAuthorityServer(vas, vai)
+	cmd.FailOnError(err, "Unable to setup VA RPC server")
+
+	err = vas.Start(amqpConf)
+	cmd.FailOnError(err, "Unable to run VA RPC server")
 }
diff --git a/cmd/config.go b/cmd/config.go
@@ -25,34 +25,6 @@ type Config struct {
 	// TODO(jsha): Delete this after a deploy.
 	AMQP *AMQPConfig
 
-	VA struct {
-		ServiceConfig
-
-		UserAgent string
-
-		IssuerDomain string
-
-		PortConfig PortConfig
-
-		MaxConcurrentRPCServerRequests int64
-
-		LookupIPv6 bool
-
-		GoogleSafeBrowsing *GoogleSafeBrowsingConfig
-
-		CAAService *GRPCClientConfig
-
-		CAADistributedResolver *CAADistributedResolverConfig
-
-		// The number of times to try a DNS query (that has a temporary error)
-		// before giving up. May be short-circuited by deadlines. A zero value
-		// will be turned into 1.
-		DNSTries int
-
-		// Feature flag to enable enforcement of CAA SERVFAILs.
-		CAASERVFAILExceptions string
-	}
-
 	Statsd StatsdConfig
 
 	Syslog SyslogConfig
diff --git a/cmd/shell.go b/cmd/shell.go
@@ -94,12 +94,6 @@ func (as *AppShell) Run() {
 		}
 
 		// Provide default values for each service's AMQP config section.
-		if config.VA.AMQP == nil {
-			config.VA.AMQP = config.AMQP
-			if config.VA.AMQP != nil && config.AMQP.VA != nil {
-				config.VA.AMQP.ServiceQueue = config.AMQP.VA.Server
-			}
-		}
 		if config.Mailer.AMQP == nil {
 			config.Mailer.AMQP = config.AMQP
 		}
diff --git a/test/boulder-config-next.json b/test/boulder-config-next.json
@@ -17,48 +17,6 @@
     }
   },
 
-  "va": {
-    "CAASERVFAILExceptions": "test/caa-servfail-exceptions.txt",
-    "userAgent": "boulder",
-    "debugAddr": "localhost:8004",
-    "portConfig": {
-      "httpPort": 5002,
-      "httpsPort": 5001,
-      "tlsPort": 5001
-    },
-    "lookupIPV6": true,
-    "maxConcurrentRPCServerRequests": 16,
-    "dnsTries": 3,
-    "issuerDomain": "happy-hacker-ca.invalid",
-    "caaService": {
-      "serverAddresses": ["boulder:9090"],
-      "serverIssuerPath": "test/grpc-creds/ca.pem",
-      "clientCertificatePath": "test/grpc-creds/client.pem",
-      "clientKeyPath": "test/grpc-creds/key.pem"
-    },
-    "caaPublicResolver": {
-        "timeout": "10s",
-        "keepalive": "30s",
-        "maxFailures": 1,
-        "proxies": []
-    },
-    "grpc": {
-      "address": "boulder:9092",
-      "serverCertificatePath": "test/grpc-creds/server.pem",
-      "serverKeyPath": "test/grpc-creds/key.pem",
-      "clientIssuerPath": "test/grpc-creds/ca.pem"
-    },
-    "amqp": {
-      "serverURLFile": "test/secrets/amqp_url",
-      "insecure": true,
-      "serviceQueue": "VA.server",
-      "RA": {
-        "server": "RA.server",
-        "rpcTimeout": "15s"
-      }
-    }
-  },
-
   "revoker": {
     "dbConnectFile": "test/secrets/revoker_dburl",
     "maxDBConns": 1,
diff --git a/test/boulder-config.json b/test/boulder-config.json
@@ -18,28 +18,6 @@
     }
   },
 
-  "va": {
-    "userAgent": "boulder",
-    "debugAddr": "localhost:8004",
-    "portConfig": {
-      "httpPort": 5002,
-      "httpsPort": 5001,
-      "tlsPort": 5001
-    },
-    "maxConcurrentRPCServerRequests": 16,
-    "dnsTries": 3,
-    "issuerDomain": "happy-hacker-ca.invalid",
-    "amqp": {
-      "serverURLFile": "test/secrets/amqp_url",
-      "insecure": true,
-      "serviceQueue": "VA.server",
-      "RA": {
-        "server": "RA.server",
-        "rpcTimeout": "15s"
-      }
-    }
-  },
-
   "revoker": {
     "dbConnectFile": "test/secrets/revoker_dburl",
     "maxDBConns": 1,
diff --git a/test/config-next/va.json b/test/config-next/va.json
diff --git a/test/config/va.json b/test/config/va.json

Original file line number	Diff line number	Diff line change
`@@ -94,12 +94,6 @@ func (as *AppShell) Run() {`
`94`	`94`	`}`
`95`	`95`
`96`	`96`	`// Provide default values for each service's AMQP config section.`
`97`		`- if config.VA.AMQP == nil {`
`98`		`- config.VA.AMQP = config.AMQP`
`99`		`- if config.VA.AMQP != nil && config.AMQP.VA != nil {`
`100`		`- config.VA.AMQP.ServiceQueue = config.AMQP.VA.Server`
`101`		`- }`
`102`		`- }`
`103`	`97`	`if config.Mailer.AMQP == nil {`
`104`	`98`	`config.Mailer.AMQP = config.AMQP`
`105`	`99`	`}`