dehub/config.go

package dehub

import (
	"dehub/accessctl"
	"dehub/fs"
	"dehub/sigcred"
	"errors"
	"fmt"

	yaml "gopkg.in/yaml.v2"
)

// Account represents a single account defined in the Config.
type Account struct {
	ID         string              `yaml:"id"`
	Signifiers []sigcred.Signifier `yaml:"signifiers"`
	Meta       map[string]string   `yaml:"meta,omitempty"`
}

// Config represents the structure of the main dehub configuration file, and is
// used to marshal/unmarshal the yaml file.
type Config struct {
	Accounts       []Account                       `yaml:"accounts"`
	AccessControls []accessctl.BranchAccessControl `yaml:"access_controls"`
}

func (r *Repo) loadConfig(fs fs.FS) (Config, error) {
	rc, err := fs.Open(ConfigPath)
	if err != nil {
		return Config{}, fmt.Errorf("could not open config.yml: %w", err)
	}
	defer rc.Close()

	var cfg Config
	if err := yaml.NewDecoder(rc).Decode(&cfg); err != nil {
		return cfg, fmt.Errorf("could not decode config.yml: %w", err)
	}

	// TODO validate Config

	return cfg, nil
}

// LoadConfig loads the Config object from the HEAD of the repo, or directly
// from the filesystem if there is no HEAD yet.
func (r *Repo) LoadConfig() (Config, error) {
	headFS, err := r.headOrRawFS()
	if err != nil {
		return Config{}, fmt.Errorf("error retrieving repo HEAD: %w", err)
	}
	return r.loadConfig(headFS)
}

func (r *Repo) signifierForCredential(fs fs.FS, cred sigcred.Credential) (sigcred.SignifierInterface, error) {
	cfg, err := r.loadConfig(fs)
	if err != nil {
		return nil, fmt.Errorf("error loading config: %w", err)
	}

	var account Account
	var ok bool
	for _, account = range cfg.Accounts {
		if account.ID == cred.AccountID {
			ok = true
			break
		}
	}
	if !ok {
		return nil, fmt.Errorf("no account object for account id %q present in config", cred.AccountID)
	}

	for i, sig := range account.Signifiers {
		if sigInt, err := sig.Interface(); err != nil {
			return nil, fmt.Errorf("error converting signifier index:%d to inteface: %w", i, err)
		} else if ok, err := sigInt.Signed(fs, cred); err != nil {
			return nil, fmt.Errorf("error checking if signfier index:%d signed credential: %w", i, err)
		} else if ok {
			return sigInt, nil
		}
	}

	return nil, errors.New("no signifier found for credential")
}
Initial commit, can create master commit and verify previous master commits message: Initial commit, can create master commit and verify previous master commits change_hash: ADgeVBdfi1hA0TTDrBIkYHaQQYoxZaInZz1p/BAH35Ng credentials: - type: pgp_signature pub_key_id: 95C46FA6A41148AC body: iQIzBAABAgAdFiEEJ6tQKp6olvZKJ0lwlcRvpqQRSKwFAl5IbRgACgkQlcRvpqQRSKzWjg/+P0a3einWQ8wFUe05qXUbmMQ4K86Oa4I85pF6kubZlFy/UbcjiPnTPRMKAhmGZi4WCz1sW1F2al4qKvtq3nvn6+hZY8dj0SjPgGG2lkMMLEVy1hjsO7d9S9ZEfUv0cHOcvkphgVQk+InkegBXvFS45mwKQLDOiW5tPcTFDHTHBmC/nlCV/sKCrZEmQGU7KaELJKOf26LSY2zXe6fbVCa8njpIycYS7Wulu2OODcI5n6Ye2U6DvxN6MvuNvziyX7VMePS1xEdJYpltsNMhSkMMGLU7dovxbrhD617uwOsm1847YX9HTJ3Ixs+M0yobHmz8ob4OBcZx8r3AoiyDo+HNMmAZ96ue8pPHmI+2O9jEmbmbH61yq4crhUVAP8PncSTdq0tiYKj/zaSTJ8CT2W0uicX/3v9EtIFn0thqe/qZzHh6upixvpXDpNjZZ5SxiVm8MITnWzInQRbo9yvFsfgd7LqMGKZeGv5q5rgNTRM4fwGrJDuslwj8V2B4uw1ofPncL+LHmXArXWiewvvJFU2uRpfvsl+u4is2dl2SGVpe7ixm+a088gllOQCMRgLbuaN8dQ/eqdkfdxUg+SYQlx6vykrdJOSQrs9zaX/JuxnaNBTi/yLY1FqFXaXBGID6qX1cnPilw+J6vEZYt1MBtzXX+UEjHyVowIhMRsnts6Wq3Z8= account: mediocregopher 4 years ago			`package dehub`

			`import (`
			`"dehub/accessctl"`
			`"dehub/fs"`
			`"dehub/sigcred"`
			`"errors"`
			`"fmt"`

			`yaml "gopkg.in/yaml.v2"`
			`)`

			`// Account represents a single account defined in the Config.`
			`type Account struct {`
			ID string `yaml:"id"`
			Signifiers []sigcred.Signifier `yaml:"signifiers"`
			Meta map[string]string `yaml:"meta,omitempty"`
			`}`

			`// Config represents the structure of the main dehub configuration file, and is`
			`// used to marshal/unmarshal the yaml file.`
			`type Config struct {`
Refactor access controls to support multiple branches message: \|- Refactor access controls to support multiple branches This was a big lift. It implements a backwards incompatible change to overhaul access control patterns to also encompass which branch is being interacted with, not only which files. The `accessctl` package was significantly rewritten to support this, as well as some of the code modifying it. The INTRODUCTION and SPEC were also appropriately updated. The change to the SPEC is _technically_ backwards incompatible, but it won't effect anything. The `access_control` previously being used will just be ignored, and the changes to `accessctl` include the definition of fallback access controls which will automatically be applied if nothing else matches, so when verifying the older history of this repo those will be used. change_hash: AIfNYLmOLGpuyTiVodT3hDe9lF4E+5DbOTgSdkbjJONb credentials: - type: pgp_signature pub_key_id: 95C46FA6A41148AC body: iQIzBAABAgAdFiEEJ6tQKp6olvZKJ0lwlcRvpqQRSKwFAl5aw0sACgkQlcRvpqQRSKy7kw//UMyS/waV/tE1vntZrMbmEtFmiXPcMVNal76cjhdiF3He50qXoWG6m0qWz+arD1tbjoZml6pvU+Xt45y/Uc54DZizzz0E9azoFW0/uvZiLApftFRArZbT9GhbDs2afalyoTJx/xvQu+a2FD/zfljEWE8Zix+bwHCLojiYHHVA65HFLEt8RsH33jFyzWvS9a2yYqZXL0qrU9tdV68hazdIm1LCp+lyVV74TjwxPAZDOmNAE9l4EjIk1pgr2Qo4u2KwJqCGdVCvka8TiFFYiP7C6319ZhDMyj4m9yZsd1xGtBd9zABVBDgmzCEjt0LI3Tv35lPd2tpFBkjQy0WGcMAhwSHWSP7lxukQMCEB7og/SwtKaExiBJhf1HRO6H9MlhNSW4X1xwUgP+739ixKKUY/RcyXgZ4pkzt6sewAMVbUOcmzXdUvuyDJQ0nhDFowgicpSh1m8tTkN1aLUx18NfnGZRgkgBeE6EpT5/+NBfFwvpiQkXZ3bcMiNhNTU/UnWMyqjKlog+8Ca/7CqgswYppMaw4iPaC54H8P6JTH+XnqDlLKSkvh7PiJJa5nFDG07fqc8lYKm1KGv6virAhEsz/AYKLoNGIsqXt+mYUDLvQpjlRsiN52euxyn5e41LcrH0RidIGMVeaS+7re1pWbkCkMMMtYlnCbC5L6mfrBu6doN8o= account: mediocregopher 4 years ago			Accounts []Account `yaml:"accounts"`
			AccessControls []accessctl.BranchAccessControl `yaml:"access_controls"`
Initial commit, can create master commit and verify previous master commits message: Initial commit, can create master commit and verify previous master commits change_hash: ADgeVBdfi1hA0TTDrBIkYHaQQYoxZaInZz1p/BAH35Ng credentials: - type: pgp_signature pub_key_id: 95C46FA6A41148AC body: iQIzBAABAgAdFiEEJ6tQKp6olvZKJ0lwlcRvpqQRSKwFAl5IbRgACgkQlcRvpqQRSKzWjg/+P0a3einWQ8wFUe05qXUbmMQ4K86Oa4I85pF6kubZlFy/UbcjiPnTPRMKAhmGZi4WCz1sW1F2al4qKvtq3nvn6+hZY8dj0SjPgGG2lkMMLEVy1hjsO7d9S9ZEfUv0cHOcvkphgVQk+InkegBXvFS45mwKQLDOiW5tPcTFDHTHBmC/nlCV/sKCrZEmQGU7KaELJKOf26LSY2zXe6fbVCa8njpIycYS7Wulu2OODcI5n6Ye2U6DvxN6MvuNvziyX7VMePS1xEdJYpltsNMhSkMMGLU7dovxbrhD617uwOsm1847YX9HTJ3Ixs+M0yobHmz8ob4OBcZx8r3AoiyDo+HNMmAZ96ue8pPHmI+2O9jEmbmbH61yq4crhUVAP8PncSTdq0tiYKj/zaSTJ8CT2W0uicX/3v9EtIFn0thqe/qZzHh6upixvpXDpNjZZ5SxiVm8MITnWzInQRbo9yvFsfgd7LqMGKZeGv5q5rgNTRM4fwGrJDuslwj8V2B4uw1ofPncL+LHmXArXWiewvvJFU2uRpfvsl+u4is2dl2SGVpe7ixm+a088gllOQCMRgLbuaN8dQ/eqdkfdxUg+SYQlx6vykrdJOSQrs9zaX/JuxnaNBTi/yLY1FqFXaXBGID6qX1cnPilw+J6vEZYt1MBtzXX+UEjHyVowIhMRsnts6Wq3Z8= account: mediocregopher 4 years ago			`}`

			`func (r *Repo) loadConfig(fs fs.FS) (Config, error) {`
			`rc, err := fs.Open(ConfigPath)`
			`if err != nil {`
			`return Config{}, fmt.Errorf("could not open config.yml: %w", err)`
			`}`
			`defer rc.Close()`

			`var cfg Config`
			`if err := yaml.NewDecoder(rc).Decode(&cfg); err != nil {`
			`return cfg, fmt.Errorf("could not decode config.yml: %w", err)`
			`}`

			`// TODO validate Config`

			`return cfg, nil`
			`}`

			`// LoadConfig loads the Config object from the HEAD of the repo, or directly`
			`// from the filesystem if there is no HEAD yet.`
			`func (r *Repo) LoadConfig() (Config, error) {`
			`headFS, err := r.headOrRawFS()`
			`if err != nil {`
			`return Config{}, fmt.Errorf("error retrieving repo HEAD: %w", err)`
			`}`
			`return r.loadConfig(headFS)`
			`}`

			`func (r *Repo) signifierForCredential(fs fs.FS, cred sigcred.Credential) (sigcred.SignifierInterface, error) {`
			`cfg, err := r.loadConfig(fs)`
			`if err != nil {`
			`return nil, fmt.Errorf("error loading config: %w", err)`
			`}`

			`var account Account`
			`var ok bool`
			`for _, account = range cfg.Accounts {`
			`if account.ID == cred.AccountID {`
			`ok = true`
			`break`
			`}`
			`}`
			`if !ok {`
			`return nil, fmt.Errorf("no account object for account id %q present in config", cred.AccountID)`
			`}`

			`for i, sig := range account.Signifiers {`
			`if sigInt, err := sig.Interface(); err != nil {`
			`return nil, fmt.Errorf("error converting signifier index:%d to inteface: %w", i, err)`
			`} else if ok, err := sigInt.Signed(fs, cred); err != nil {`
			`return nil, fmt.Errorf("error checking if signfier index:%d signed credential: %w", i, err)`
			`} else if ok {`
			`return sigInt, nil`
			`}`
			`}`

			`return nil, errors.New("no signifier found for credential")`
			`}`