diff --git a/cmd/finch-daemon/main.go b/cmd/finch-daemon/main.go index 5b9d1dc..ab0a6e5 100644 --- a/cmd/finch-daemon/main.go +++ b/cmd/finch-daemon/main.go @@ -34,6 +34,7 @@ import ( "github.com/runfinch/finch-daemon/internal/service/system" "github.com/runfinch/finch-daemon/internal/service/volume" "github.com/runfinch/finch-daemon/pkg/archive" + daemonConfig "github.com/runfinch/finch-daemon/pkg/config" "github.com/runfinch/finch-daemon/pkg/ecc" "github.com/runfinch/finch-daemon/pkg/flog" ) @@ -49,6 +50,7 @@ type DaemonOptions struct { socketAddr string socketOwner int regoPath string + configPath string } var options = new(DaemonOptions) @@ -68,6 +70,7 @@ func main() { " (more info: https://github.com/lima-vm/lima/blob/5a9bca3d09481ed7109b14f8d3f0074816731f43/examples/default.yaml#L340)."+ " -1 means no-op.") rootCmd.Flags().StringVar(&options.regoPath, "rego-path", "", "Optional path to a rego policy. Currently only allowlist/denylist options are available") + rootCmd.Flags().StringVar(&options.configPath, "config", "", "Optional path to a settings YAML file (finch-daemon.yaml)") if err := rootCmd.Execute(); err != nil { log.Printf("got error: %v", err) log.Fatal(err) @@ -79,6 +82,17 @@ func runAdapter(cmd *cobra.Command, _ []string) error { } func run(options *DaemonOptions) error { + if options.configPath != "" { + cfg, err := daemonConfig.Load(options.configPath) + if err != nil { + return fmt.Errorf("could not read from %v: %v", options.configPath, err) + } + + if options.regoPath == "" { + options.regoPath = cfg.RegoPath + } + } + // This sets the log level of the dependencies that use logrus (e.g., containerd library). if options.debug { logrus.SetLevel(logrus.DebugLevel) diff --git a/go.mod b/go.mod index 89e29f0..24aa49c 100644 --- a/go.mod +++ b/go.mod @@ -39,6 +39,7 @@ require ( golang.org/x/net v0.28.0 golang.org/x/sys v0.23.0 google.golang.org/protobuf v1.34.2 + gopkg.in/yaml.v2 v2.4.0 ) require ( @@ -167,7 +168,6 @@ require ( google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect google.golang.org/grpc v1.66.0 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/cri-api v0.29.3 // indirect lukechampine.com/blake3 v1.2.1 // indirect diff --git a/pkg/config/config.go b/pkg/config/config.go new file mode 100644 index 0000000..ef1dc40 --- /dev/null +++ b/pkg/config/config.go @@ -0,0 +1,41 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +package config + +import ( + "errors" + "fmt" + "os" + + "gopkg.in/yaml.v2" +) + +type Config struct { + RegoPath string `yaml:"rego_path,omitempty"` +} + +// Load reads a YAML file from a given location and returns a new Config struct. +func Load(cfgPath string) (*Config, error) { + b, err := os.ReadFile(cfgPath) + if err != nil { + // Ignore file not found errors + if errors.Is(err, os.ErrNotExist) { + return &Config{}, nil + } + return &Config{}, err + } + + cfg := CreateDefaultConfig() + if err := yaml.Unmarshal(b, cfg); err != nil { + return &Config{}, fmt.Errorf("failed to unmarshal config file: %w", err) + } + + return cfg, nil +} + +func CreateDefaultConfig() *Config { + return &Config{ + RegoPath: "", + } +}