Add env var override to all postgresql configuration settings

Also consolidate host and port settings into single socket address
settings.

Author: tankyleo

rust/server/src/main.rs

@@ -9,7 +9,6 @@
 #![deny(rustdoc::private_intra_doc_links)]
 #![deny(missing_docs)]
 
-use std::net::SocketAddr;
 use std::sync::Arc;
 
 use tokio::net::TcpListener;
@@ -22,7 +21,6 @@ use api::auth::{Authorizer, NoopAuthorizer};
 use api::kv_store::KvStore;
 use auth_impls::JWTAuthorizer;
 use impls::postgres_store::{PostgresPlaintextBackend, PostgresTlsBackend};
-use util::config::{Config, ServerConfig};
 use vss_service::VssService;
 
 mod util;
@@ -35,21 +33,10 @@ fn main() {
 		std::process::exit(1);
 	}
 
-	let Config { server_config: ServerConfig { host, port }, jwt_auth_config, postgresql_config } =
-		match util::config::load_config(&args[1]) {
-			Ok(cfg) => cfg,
-			Err(e) => {
-				eprintln!("Failed to load configuration: {}", e);
-				std::process::exit(1);
-			},
-		};
-	let addr: SocketAddr = match format!("{}:{}", host, port).parse() {
-		Ok(addr) => addr,
-		Err(e) => {
-			eprintln!("Invalid host/port configuration: {}", e);
-			std::process::exit(1);
-		},
-	};
+	let config = util::config::load_configuration(&args[1]).unwrap_or_else(|e| {
+		eprintln!("Failed to load configuration: {}", e);
+		std::process::exit(-1);
+	});
 
 	let runtime = match tokio::runtime::Builder::new_multi_thread().enable_all().build() {
 		Ok(runtime) => Arc::new(runtime),
@@ -68,67 +55,63 @@ fn main() {
 			},
 		};
 
-		let rsa_pem_env = match std::env::var("VSS_JWT_RSA_PEM") {
-			Ok(env) => Some(env),
-			Err(std::env::VarError::NotPresent) => None,
-			Err(e) => {
-				println!("Failed to load the VSS_JWT_RSA_PEM env var: {}", e);
-				std::process::exit(-1);
-			},
-		};
-		let rsa_pem = rsa_pem_env.or(jwt_auth_config.and_then(|config| config.rsa_pem));
-		let authorizer: Arc<dyn Authorizer> = if let Some(pem) = rsa_pem {
-			let authorizer = match JWTAuthorizer::new(pem.as_str()).await {
+		let authorizer: Arc<dyn Authorizer> = if let Some(rsa_pem) = config.rsa_pem {
+			let jwt_authorizer = match JWTAuthorizer::new(&rsa_pem).await {
 				Ok(auth) => auth,
 				Err(e) => {
 					println!("Failed to configure JWT authorizer: {}", e);
 					std::process::exit(-1);
 				},
 			};
 			println!("Configured JWT authorizer with RSA public key");
-			Arc::new(authorizer)
+			Arc::new(jwt_authorizer)
 		} else {
-			println!("No JWT authentication method configured");
-			Arc::new(NoopAuthorizer {})
+			let noop_authorizer = NoopAuthorizer {};
+			println!("No authentication method configured");
+			Arc::new(noop_authorizer)
 		};
 
-		let postgresql_config =
-			postgresql_config.expect("PostgreSQLConfig must be defined in config file.");
-		let endpoint = postgresql_config.to_postgresql_endpoint();
-		let default_db = postgresql_config.default_database;
-		let vss_db = postgresql_config.vss_database;
-		let store: Arc<dyn KvStore> = if let Some(tls_config) = postgresql_config.tls {
-			let postgres_tls_backend = match PostgresTlsBackend::new(
-				&endpoint,
-				&default_db,
-				&vss_db,
-				tls_config.crt_pem.as_deref(),
+		let store: Arc<dyn KvStore> = if let Some(crt_pem) = config.tls_config {
+			let postgres_tls_backend = PostgresTlsBackend::new(
+				&config.postgresql_prefix,
+				&config.default_db,
+				&config.vss_db,
+				crt_pem.as_deref(),
 			)
 			.await
-			{
-				Ok(backend) => backend,
-				Err(e) => {
-					println!("Failed to start postgres tls backend: {}", e);
-					std::process::exit(-1);
-				},
-			};
+			.unwrap_or_else(|e| {
+				println!("Failed to start postgres TLS backend: {}", e);
+				std::process::exit(-1);
+			});
+			println!(
+				"Connected to PostgreSQL TLS backend with DSN: {}/{}",
+				config.postgresql_prefix, config.vss_db
+			);
 			Arc::new(postgres_tls_backend)
 		} else {
-			let postgres_plaintext_backend =
-				match PostgresPlaintextBackend::new(&endpoint, &default_db, &vss_db).await {
-					Ok(backend) => backend,
-					Err(e) => {
-						println!("Failed to start postgres plaintext backend: {}", e);
-						std::process::exit(-1);
-					},
-				};
+			let postgres_plaintext_backend = PostgresPlaintextBackend::new(
+				&config.postgresql_prefix,
+				&config.default_db,
+				&config.vss_db,
+			)
+			.await
+			.unwrap_or_else(|e| {
+				println!("Failed to start postgres plaintext backend: {}", e);
+				std::process::exit(-1);
+			});
+			println!(
+				"Connected to PostgreSQL plaintext backend with DSN: {}/{}",
+				config.postgresql_prefix, config.vss_db
+			);
 			Arc::new(postgres_plaintext_backend)
 		};
-		println!("Connected to PostgreSQL backend with DSN: {}/{}", endpoint, vss_db);
 
-		let rest_svc_listener =
-			TcpListener::bind(&addr).await.expect("Failed to bind listening port");
-		println!("Listening for incoming connections on {}", addr);
+		let rest_svc_listener = TcpListener::bind(&config.bind_address).await.unwrap_or_else(|e| {
+			println!("Failed to bind listening port: {}", e);
+			std::process::exit(-1);
+		});
+		println!("Listening for incoming connections on {}", config.bind_address);
+
 		loop {
 			tokio::select! {
 				res = rest_svc_listener.accept() => {

rust/server/src/util/config.rs

@@ -1,58 +1,142 @@
 use serde::Deserialize;
+use std::net::SocketAddr;
 
 #[derive(Deserialize)]
-pub(crate) struct Config {
-	pub(crate) server_config: ServerConfig,
-	pub(crate) jwt_auth_config: Option<JwtAuthConfig>,
-	pub(crate) postgresql_config: Option<PostgreSQLConfig>,
+struct Config {
+	server_config: ServerConfig,
+	jwt_auth_config: Option<JwtAuthConfig>,
+	postgresql_config: Option<PostgreSQLConfig>,
 }
 
 #[derive(Deserialize)]
-pub(crate) struct ServerConfig {
-	pub(crate) host: String,
-	pub(crate) port: u16,
+struct ServerConfig {
+	bind_address: SocketAddr,
 }
 
 #[derive(Deserialize)]
-pub(crate) struct JwtAuthConfig {
-	pub(crate) rsa_pem: Option<String>,
+struct JwtAuthConfig {
+	rsa_pem: Option<String>,
 }
 
+const JWT_RSA_PEM_VAR: &str = "VSS_JWT_RSA_PEM";
+const PSQL_USER_VAR: &str = "VSS_PSQL_USERNAME";
+const PSQL_PASS_VAR: &str = "VSS_PSQL_PASSWORD";
+const PSQL_ADDR_VAR: &str = "VSS_PSQL_ADDRESS";
+const PSQL_DB_VAR: &str = "VSS_PSQL_DEFAULT_DB";
+const PSQL_VSS_DB_VAR: &str = "VSS_PSQL_VSS_DB";
+const PSQL_TLS_VAR: &str = "VSS_PSQL_TLS";
+const PSQL_CERT_PEM_VAR: &str = "VSS_PSQL_CRT_PEM";
+
 #[derive(Deserialize)]
-pub(crate) struct PostgreSQLConfig {
-	pub(crate) username: Option<String>, // Optional in TOML, can be overridden by env
-	pub(crate) password: Option<String>, // Optional in TOML, can be overridden by env
-	pub(crate) host: String,
-	pub(crate) port: u16,
-	pub(crate) default_database: String,
-	pub(crate) vss_database: String,
-	pub(crate) tls: Option<TlsConfig>,
+struct PostgreSQLConfig {
+	username: Option<String>,
+	password: Option<String>,
+	address: Option<SocketAddr>,
+	default_database: Option<String>,
+	vss_database: Option<String>,
+	tls: Option<TlsConfig>,
 }
 
 #[derive(Deserialize)]
-pub(crate) struct TlsConfig {
-	pub(crate) crt_pem: Option<String>,
+struct TlsConfig {
+	crt_pem: Option<String>,
 }
 
-impl PostgreSQLConfig {
-	pub(crate) fn to_postgresql_endpoint(&self) -> String {
-		let username_env = std::env::var("VSS_POSTGRESQL_USERNAME");
-		let username = username_env.as_ref()
-			.ok()
-			.or_else(|| self.username.as_ref())
-			.expect("PostgreSQL database username must be provided in config or env var VSS_POSTGRESQL_USERNAME must be set.");
-		let password_env = std::env::var("VSS_POSTGRESQL_PASSWORD");
-		let password = password_env.as_ref()
-			.ok()
-			.or_else(|| self.password.as_ref())
-			.expect("PostgreSQL database password must be provided in config or env var VSS_POSTGRESQL_PASSWORD must be set.");
-
-		format!("postgresql://{}:{}@{}:{}", username, password, self.host, self.port)
-	}
+pub(crate) struct Configuration {
+	pub(crate) bind_address: SocketAddr,
+	pub(crate) rsa_pem: Option<String>,
+	pub(crate) postgresql_prefix: String,
+	pub(crate) default_db: String,
+	pub(crate) vss_db: String,
+	pub(crate) tls_config: Option<Option<String>>,
 }
 
-pub(crate) fn load_config(config_path: &str) -> Result<Config, Box<dyn std::error::Error>> {
-	let config_str = std::fs::read_to_string(config_path)?;
-	let config: Config = toml::from_str(&config_str)?;
-	Ok(config)
+pub(crate) fn load_configuration(config_file_path: &str) -> Result<Configuration, String> {
+	let config_file = std::fs::read_to_string(config_file_path)
+		.map_err(|e| format!("Failed to read configuration file: {}", e))?;
+	let Config { server_config: ServerConfig { bind_address }, jwt_auth_config, postgresql_config } =
+		toml::from_str(&config_file)
+			.map_err(|e| format!("Failed to parse configuration file: {}", e))?;
+
+	macro_rules! read_env {
+		($env_var:expr) => {
+			match std::env::var($env_var) {
+				Ok(env) => Some(env),
+				Err(std::env::VarError::NotPresent) => None,
+				Err(e) => {
+					return Err(format!(
+						"Failed to load the {} environment variable: {}",
+						$env_var, e
+					))
+				},
+			}
+		};
+	}
+
+	macro_rules! read_config {
+		($env:expr, $config: expr, $item: expr, $var_name: expr) => {
+			$env.or($config).ok_or(format!(
+				"{} must be provided in the configuration file or the environment variable {} must be set.",
+				$item, $var_name
+			))?
+		};
+	}
+
+	let rsa_pem_env = read_env!(JWT_RSA_PEM_VAR);
+	let rsa_pem = rsa_pem_env.or(jwt_auth_config.and_then(|config| config.rsa_pem));
+
+	let username_env = read_env!(PSQL_USER_VAR);
+	let password_env = read_env!(PSQL_PASS_VAR);
+	let address_env: Option<SocketAddr> = read_env!(PSQL_ADDR_VAR)
+		.map(|address| {
+			address.parse().map_err(|e| {
+				format!("Unable to parse the postgresql address environment variable: {}", e)
+			})
+		})
+		.transpose()?;
+	let default_db_env = read_env!(PSQL_DB_VAR);
+	let vss_db_env = read_env!(PSQL_VSS_DB_VAR);
+	let tls_config_env = read_env!(PSQL_TLS_VAR);
+	let crt_pem_env = read_env!(PSQL_CERT_PEM_VAR);
+
+	let (
+		username_config,
+		password_config,
+		address_config,
+		default_db_config,
+		vss_db_config,
+		tls_config,
+	) = match postgresql_config {
+		Some(c) => (
+			c.username,
+			c.password,
+			c.address,
+			c.default_database,
+			c.vss_database,
+			c.tls.map(|tls| tls.crt_pem),
+		),
+		None => (None, None, None, None, None, None),
+	};
+
+	let username =
+		read_config!(username_env, username_config, "PostgreSQL database username", PSQL_USER_VAR);
+	let password =
+		read_config!(password_env, password_config, "PostgreSQL database password", PSQL_PASS_VAR);
+	let address =
+		read_config!(address_env, address_config, "PostgreSQL service address", PSQL_ADDR_VAR);
+	let default_db = read_config!(
+		default_db_env,
+		default_db_config,
+		"PostgreSQL default database name",
+		PSQL_DB_VAR
+	);
+	let vss_db =
+		read_config!(vss_db_env, vss_db_config, "PostgreSQL vss database name", PSQL_VSS_DB_VAR);
+
+	let tls_config =
+		crt_pem_env.map(|pem| Some(pem)).or(tls_config_env.map(|_| None)).or(tls_config);
+
+	let postgresql_prefix = format!("postgresql://{}:{}@{}", username, password, address);
+
+	Ok(Configuration { bind_address, rsa_pem, postgresql_prefix, default_db, vss_db, tls_config })
 }

rust/server/vss-server-config.toml

@@ -1,6 +1,5 @@
 [server_config]
-host = "127.0.0.1"
-port = 8080
+bind_address = "127.0.0.1:8080"
 
 # Uncomment the table below to verify JWT tokens in the HTTP Authorization header against the given RSA public key,
 # can be overridden by env var `VSS_JWT_RSA_PEM`
@@ -11,16 +10,15 @@ port = 8080
 # """
 
 [postgresql_config]
-username = "postgres"  # Optional in TOML, can be overridden by env var `VSS_POSTGRESQL_USERNAME`
-password = "postgres"  # Optional in TOML, can be overridden by env var `VSS_POSTGRESQL_PASSWORD`
-host = "localhost"
-port = 5432
-default_database = "postgres"
-vss_database = "vss"
+username = "postgres"          # Optional in TOML, can be overridden by env var `VSS_PSQL_USERNAME`
+password = "postgres"          # Optional in TOML, can be overridden by env var `VSS_PSQL_PASSWORD`
+address = "127.0.0.1:5432"     # Optional in TOML, can be overridden by env var `VSS_PSQL_ADDRESS`
+default_database = "postgres"  # Optional in TOML, can be overridden by env var `VSS_PSQL_DEFAULT_DB`
+vss_database = "vss"           # Optional in TOML, can be overridden by env var `VSS_PSQL_VSS_DB`
 
-# [postgresql_config.tls]  # Uncomment to make TLS connections to the postgres database
+# [postgresql_config.tls]  # Uncomment, or set env var `VSS_PSQL_TLS` to make TLS connections to the postgres database
 #
-# Uncomment the lines below to add a root certificate to your trusted root certificates
+# Uncomment the lines below, or set `VSS_PSQL_CRT_PEM`, to add a root certificate to your trusted root certificates
 #
 # crt_pem = """
 # -----BEGIN CERTIFICATE-----