Working version using simplecommand

Author: Andrew Heberle

config_one_nocert.yml

@@ -0,0 +1,4 @@
+service-providers:
+- name: nocert
+  sp-url: http://localhost:9091
+  idp-metadata: https://mocksaml.com/api/saml/metadata

go.mod

@@ -7,24 +7,23 @@ toolchain go1.24.2
 replace github.com/crewjam/saml v0.4.14 => github.com/rancher/saml v0.4.14-rancher3
 
 require (
-	github.com/andrewheberle/simplecommand v0.2.0
+	github.com/andrewheberle/simplecommand v0.3.0
 	github.com/bep/simplecobra v0.6.0
 	github.com/cloudflare/certinel v0.4.1
 	github.com/crewjam/saml v0.4.14
-	github.com/go-viper/mapstructure/v2 v2.2.1
 	github.com/golang-jwt/jwt/v4 v4.5.2
 	github.com/jackc/pgx/v5 v5.6.0
 	github.com/karlseguin/ccache/v3 v3.0.6
 	github.com/oklog/run v1.1.0
 	github.com/russellhaering/goxmldsig v1.4.0
-	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
 	github.com/andrewheberle/simpleviper v1.1.1 // indirect
 	github.com/beevik/etree v1.2.0 // indirect
 	github.com/crewjam/httperr v0.2.0 // indirect
 	github.com/fsnotify/fsnotify v1.8.0 // indirect
+	github.com/go-viper/mapstructure/v2 v2.2.1 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
@@ -47,4 +46,5 @@ require (
 	golang.org/x/sync v0.10.0 // indirect
 	golang.org/x/sys v0.29.0 // indirect
 	golang.org/x/text v0.21.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -1,5 +1,5 @@
-github.com/andrewheberle/simplecommand v0.2.0 h1:ZJRESmjd8zsHGTK1EY5ickZOtWNlQLCh4qSUiSPVIsE=
-github.com/andrewheberle/simplecommand v0.2.0/go.mod h1:mcCWB3Ano9gsv7FW288hXDZr4H9XPYIgXxDJP1Z1cYY=
+github.com/andrewheberle/simplecommand v0.3.0 h1:pjTQae9YwajvSEFjdaaczAd/7i/LSic6yuxUQENYTlU=
+github.com/andrewheberle/simplecommand v0.3.0/go.mod h1:D9L/jnIotmn3rxyAYIKAAd9rSA+QEHsbfU1UUAo1Upg=
 github.com/andrewheberle/simpleviper v1.1.1 h1:9cgJDjcQZoQD1OrgjdMgWP4oFVlFGaHXzxVOsJz0abE=
 github.com/andrewheberle/simpleviper v1.1.1/go.mod h1:xMIWZmEaiCzd86Pq1YNb0PQ/4Fz5thKInTscmfUvUmw=
 github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A=

internal/pkg/cmd/cmd.go

@@ -15,9 +15,7 @@ import (
 	"github.com/andrewheberle/simplecommand"
 	"github.com/bep/simplecobra"
 	"github.com/cloudflare/certinel/fswatcher"
-	"github.com/go-viper/mapstructure/v2"
 	"github.com/oklog/run"
-	"gopkg.in/yaml.v3"
 )
 
 type rootCommand struct {
@@ -27,7 +25,6 @@ type rootCommand struct {
 	cert   string
 	key    string
 	listen string
-	config string
 	debug  bool
 
 	// sp flags
@@ -50,15 +47,17 @@ type rootCommand struct {
 }
 
 func (c *rootCommand) Init(cd *simplecobra.Commandeer) error {
-	c.Command.Init(cd)
+	if err := c.Command.Init(cd); err != nil {
+		return err
+	}
 
 	cmd := cd.CobraCommand
 	// general command line flags
 	cmd.Flags().StringVar(&c.cert, "cert", "", "HTTPS Certificate")
 	cmd.Flags().StringVar(&c.key, "key", "", "HTTPS Key")
 	cmd.MarkFlagsRequiredTogether("cert", "key")
 	cmd.Flags().StringVar(&c.listen, "listen", "127.0.0.1:9091", "Listen address")
-	cmd.Flags().StringVarP(&c.config, "config", "c", "", "Configuration file")
+	cmd.Flags().StringVarP(&c.Config, "config", "c", "", "Configuration file")
 	cmd.Flags().BoolVar(&c.debug, "debug", false, "Enable debug logging")
 
 	// sp command line flags
@@ -97,6 +96,8 @@ func (c *rootCommand) PreRun(this, runner *simplecobra.Commandeer) error {
 		logLevel.Set(slog.LevelDebug)
 	}
 
+	c.logger.Debug("service provider list", "list", c.serviceProviders())
+
 	return nil
 }
 
@@ -115,67 +116,23 @@ type serviceProvider struct {
 }
 
 func (c *rootCommand) Run(ctx context.Context, cd *simplecobra.Commandeer, args []string) error {
-	var serviceProviders []serviceProvider
-
-	// did we load in via a config file
-	if c.config != "" {
-		// read in file
-		b, err := os.ReadFile(c.config)
-		if err == nil {
-			var y map[string]any
-
-			// unmarshal to map
-			if err := yaml.Unmarshal(b, &y); err == nil {
-				// was there a service_providers key
-				if splist, ok := y["service_providers"]; ok {
-					// multiple sp
-					if err := mapstructure.Decode(splist, &serviceProviders); err != nil {
-						return fmt.Errorf("error with service providers list: %w", err)
-					}
-				} else {
-					// single sp
-					var sp serviceProvider
-
-					// try to unmarshal as single
-					if err := yaml.Unmarshal(b, &sp); err != nil {
-						return fmt.Errorf("error with service provider: %w", err)
-					}
-
-					serviceProviders = []serviceProvider{sp}
-				}
-			}
-		}
-	} else {
-		// create sp conf from flags directly
-		serviceProviders = []serviceProvider{
-			{
-				ServiceProviderURL:          c.spUrl,
-				ServiceProviderClaimMapping: c.spClaimMapping,
-				ServiceProviderCertificate:  c.spCert,
-				ServiceProviderKey:          c.spKey,
-				IdPMetadata:                 c.idpMetadata,
-				IdPIssuer:                   c.idpIssuer,
-				IdPSSOEndpoint:              c.idpSSOEndpoint,
-				IdPCertificate:              c.idpCertificate,
-				DatabaseConnection:          c.dbConnection,
-				DatabaseTablePrefix:         c.dbPrefix,
-			},
-		}
-	}
-
 	// create run group
 	g := run.Group{}
 
 	// new mux
 	mux := http.NewServeMux()
 
 	// set up service provider(s)
-	for _, spConfig := range serviceProviders {
+	for _, spConfig := range c.serviceProviders() {
+		// use global values as a fallback if some values are not set
+		spConfig.ServiceProviderCertificate = fallback(spConfig.ServiceProviderCertificate, c.spCert)
+		spConfig.ServiceProviderKey = fallback(spConfig.ServiceProviderKey, c.spKey)
+
 		// show config in debug mode
 		c.logger.Debug("setting up service provider",
 			"name", spConfig.Name,
 			"url", spConfig.ServiceProviderURL,
-			"metdata", spConfig.IdPMetadata,
+			"metadata", spConfig.IdPMetadata,
 			"cert", spConfig.ServiceProviderCertificate,
 			"key", spConfig.ServiceProviderKey,
 		)
@@ -334,6 +291,53 @@ func (c *rootCommand) Run(ctx context.Context, cd *simplecobra.Commandeer, args
 	return g.Run()
 }
 
+func (c *rootCommand) serviceProviders() []serviceProvider {
+	var serviceProviders []serviceProvider
+
+	// no config file or no viper
+	if c.Config == "" || c.Viper() == nil {
+		return []serviceProvider{
+			{
+				ServiceProviderURL:          c.spUrl,
+				ServiceProviderClaimMapping: c.spClaimMapping,
+				ServiceProviderCertificate:  c.spCert,
+				ServiceProviderKey:          c.spKey,
+				IdPMetadata:                 c.idpMetadata,
+				IdPIssuer:                   c.idpIssuer,
+				IdPSSOEndpoint:              c.idpSSOEndpoint,
+				IdPCertificate:              c.idpCertificate,
+				DatabaseConnection:          c.dbConnection,
+				DatabaseTablePrefix:         c.dbPrefix,
+			},
+		}
+	}
+
+	// plain config file (not a list)
+	if c.Viper().Get("service-providers") == nil {
+		return []serviceProvider{
+			{
+				ServiceProviderURL:          c.spUrl,
+				ServiceProviderClaimMapping: c.spClaimMapping,
+				ServiceProviderCertificate:  c.spCert,
+				ServiceProviderKey:          c.spKey,
+				IdPMetadata:                 c.idpMetadata,
+				IdPIssuer:                   c.idpIssuer,
+				IdPSSOEndpoint:              c.idpSSOEndpoint,
+				IdPCertificate:              c.idpCertificate,
+				DatabaseConnection:          c.dbConnection,
+				DatabaseTablePrefix:         c.dbPrefix,
+			},
+		}
+	}
+
+	// try to unmarshal from list
+	if err := c.Viper().UnmarshalKey("service-providers", &serviceProviders); err != nil {
+		return []serviceProvider{}
+	}
+
+	return serviceProviders
+}
+
 func Execute(args []string) error {
 	rootCmd := &rootCommand{
 		Command: simplecommand.New(
@@ -356,3 +360,13 @@ a SAML IdP in order to provide SSO to a proxied service.`),
 
 	return nil
 }
+
+func fallback[T comparable](a, b T) T {
+	var zero T
+
+	if a == zero {
+		return b
+	}
+
+	return a
+}