Skip to content
This repository has been archived by the owner on Aug 21, 2023. It is now read-only.
/ config-tool Public archive

Configuration Validation Tool for Quay

License

Notifications You must be signed in to change notification settings

quay/config-tool

Repository files navigation

Config Tool

The Quay Config Tool implements several features to capture and validate configuration data based on a predefined schema.

This tool includes the following features:

  • Validate Quay configuration using CLI tool
  • Generate code for custom field group definitions (includes structs, constructors, defaults)
  • Validation tag support from Validator
  • Built-in validator tags for OAuth and JWT structs

Installation

Build from Source

Install using the Go tool:

go get -u github.com/quay/config-tool/...

This will generate files for the Quay validator executable and install the config-tool CLI tool.

Build from Dockerfile

Clone this repo and build an image:

$ git clone https://github.com/quay/config-tool.git
$ cd config-tool
$ sudo podman build -t config-tool .

Start the container and execute command:

$ sudo podman run -it -v ${CONFIG_MOUNT}:/conf config-tool ...

Note that you must mount in your config directory in order for the config-tool to see it.

Note: By default, this tool will generate an executable from a pre-built Config definition. For usage on writing a custom Config definition see here

Usage

The CLI tool contains two main commands:

The print command is used to output the entire configuration with defaults specified

{
        "HostSettings": (*fieldgroups.HostSettingsFieldGroup)({
                ServerHostname: "quay:8081",
                PreferredURLScheme: "https",
                ExternalTLSTermination: false
        }),
        "TagExpiration": (*fieldgroups.TagExpirationFieldGroup)({
                FeatureChangeTagExpiration: false,
                DefaultTagExpiration: "2w",
                TagExpirationOptions: {
                        "0s",
                        "1d",
                        "1w",
                        "2w",
                        "4w"
                }
        }),
        "UserVisibleSettings": (*fieldgroups.UserVisibleSettingsFieldGroup)({
                RegistryTitle: "Project Quay",
                RegistryTitleShort: "Project Quay",
                SearchResultsPerPage: 10,
                SearchMaxResultPageCount: 10,
                ContactInfo: {
                },
                AvatarKind: "local",
                Branding: (*fieldgroups.BrandingStruct)({
                        Logo: "not_a_url",
                        FooterIMG: "also_not_a_url",
                        FooterURL: ""
                })
        })
}

The validate command is used to show while field groups have been validated succesully

$ config-tool validate -c <path-to-config-dir>
+---------------------+--------------------+-------------------------+--------+
|     FIELD GROUP     |       FIELD        |          ERROR          | STATUS |
+---------------------+--------------------+-------------------------+--------+
| HostSettings        | -                  | -                       | 🟢     |
| TagExpiration       | -                  | -                       | 🟢     |
| UserVisibleSettings | BRANDING.Logo      | Field enforces tag: url | 🔴     |
|                     | BRANDING.FooterIMG | Field enforces tag: url | 🔴     |
+---------------------+--------------------+-------------------------+--------+

The editor command will bring up an interactive UI to reconfigure and validate a config bundle.

$ config-tool editor -c <path-to-config-dir> -p <editor-password> -e <operator-endpoint>

This command will bring up an interactive UI in which a user can modify, validate, and download a config. In addition, Swagger documentation can be reached by going to {{host}}/swagger/index.html

Using HTTPS

You can deploy the config editor using TLS certificates by passing environment variables to the runtime. The public and private keys must contain valid SANs for the route that you wish to deploy the editor on.

The paths can be specifed using CONFIG_TOOL_PRIVATE_KEY and CONFIG_TOOL_PUBLIC_KEY.

NOTE: If running from a container, the CONFIG_TOOL_PRIVATE_KEY and CONFIG_TOOL_PUBLIC_KEY values are the locations of the certs INSIDE the container. This might look something like the following:

$ docker run -p 7070:8080 \

-v ${PRIVATE_KEY_PATH}:/tls/localhost.key \
-v ${PUBLIC_KEY_PATH}:/tls/localhost.crt \
-e CONFIG_TOOL_PRIVATE_KEY=/tls/localhost.key \
-e CONFIG_TOOL_PUBLIC_KEY=/tls/localhost.crt \
-e DEBUGLOG=true \
-ti config-app:dev