chore: moved WatchAndValidateViper to viperx

.circleci/config.yml

@@ -32,7 +32,7 @@ jobs:
 
   test:
     docker:
-      - image: circleci/golang:1.13
+      - image: circleci/golang:1.14
         environment:
         - GO111MODULE=on
     working_directory: /go/src/github.com/ory/oathkeeper

.schemas/config.schema.json

@@ -1279,7 +1279,6 @@
                 "enabled": {
                   "title": "Enabled",
                   "type": "boolean",
-                  "default": true,
                   "description": "En-/disables this component."
                 }
               },
@@ -1304,7 +1303,11 @@
                     }
                   }
                 }
-              ]
+              ],
+              "default": {
+                "enabled": true,
+                "config": {}
+              }
             }
           }
         }

cmd/root.go

@@ -24,15 +24,13 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/fsnotify/fsnotify"
 	"github.com/gobuffalo/packr/v2"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 
 	_ "github.com/ory/jsonschema/v3/fileloader"
 	_ "github.com/ory/jsonschema/v3/httploader"
 
-	"github.com/ory/viper"
 	"github.com/ory/x/viperx"
 )
 
@@ -55,39 +53,14 @@ func Execute() {
 	}
 }
 
-func init() {
-	viperx.RegisterConfigFlag(RootCmd, "oathkeeper")
-}
-
 func watchAndValidateViper() {
-	logger = viperx.InitializeConfig("oathkeeper", "", logger)
-
 	schema, err := schemas.Find("config.schema.json")
 	if err != nil {
 		logger.WithError(err).Fatal("Unable to open configuration JSON Schema.")
 	}
+	viperx.WatchAndValidateViper(logger, schema, "ORY Oathkeeper", []string{"serve", "profiling", "log"})
+}
 
-	if err := viperx.Validate("config.schema.json", schema); err != nil {
-		viperx.LoggerWithValidationErrorFields(logger, err).
-			Fatal("The configuration is invalid and could not be loaded.")
-	}
-
-	viperx.AddWatcher(func(event fsnotify.Event) error {
-		if err := viperx.Validate("config.schema.json", schema); err != nil {
-			viperx.LoggerWithValidationErrorFields(logger, err).
-				Error("The changed configuration is invalid and could not be loaded. Rolling back to the last working configuration revision. Please address the validation errors before restarting ORY Oathkeeper.")
-			return viperx.ErrRollbackConfigurationChanges
-		}
-		return nil
-	})
-
-	viperx.WatchConfig(logger, &viperx.WatchOptions{
-		Immutables: []string{"serve", "profiling", "log"},
-		OnImmutableChange: func(key string) {
-			logger.
-				WithField("key", key).
-				WithField("reset_to", fmt.Sprintf("%v", viper.Get(key))).
-				Error("A configuration value marked as immutable has changed. Rolling back to the last working configuration revision. To reload the values please restart ORY Oathkeeper.")
-		},
-	})
+func init() {
+	viperx.RegisterConfigFlag(RootCmd, "oathkeeper")
 }

cmd/serve.go

@@ -43,6 +43,8 @@ on configuration options, open the configuration documentation:
 >> https://www.ory.sh/docs/oathkeeper/configuration <<
 `,
 	Run: func(cmd *cobra.Command, args []string) {
+		logger = viperx.InitializeConfig("oathkeeper", "", logger)
+
 		watchAndValidateViper()
 		server.RunServe(x.Version, x.Commit, x.Date)(cmd, args)
 	},

driver/configuration/provider_viper_public_test.go

@@ -27,35 +27,40 @@ import (
 	"github.com/ory/oathkeeper/x"
 )
 
-func TestPipelineConfig(t *testing.T) {
+func setup(t *testing.T) *ViperProvider {
+	l := logrus.New()
 	viper.Reset()
 	viperx.InitializeConfig(
 		"oathkeeper",
 		"./../../docs/",
-		logrus.New(),
+		l,
 	)
 
 	err := viperx.ValidateFromURL("file://../../.schemas/config.schema.json")
 	if err != nil {
-		viperx.LoggerWithValidationErrorFields(logrus.New(), err).Error("unable to validate")
+		viperx.LoggerWithValidationErrorFields(l, err).Error("unable to validate")
 	}
 	require.NoError(t, err)
 
-	p := NewViperProvider(logrus.New())
+	return NewViperProvider(l)
+}
 
+func TestPipelineConfig(t *testing.T) {
 	t.Run("case=should use config from environment variables", func(t *testing.T) {
 		var res json.RawMessage
 		require.NoError(t, os.Setenv("AUTHENTICATORS_OAUTH2_INTROSPECTION_CONFIG_INTROSPECTION_URL", "https://override/path"))
+		p := setup(t)
 
 		require.NoError(t, p.PipelineConfig("authenticators", "oauth2_introspection", nil, &res))
-		assert.JSONEq(t, `{"introspection_request_headers":{},"introspection_url":"https://override/path","pre_authorization":{"client_id":"some_id","client_secret":"some_secret","enabled":true,"scope":["foo","bar"],"token_url":"https://my-website.com/oauth2/token"},"required_scope":[],"retry":{"max_delay":"100ms", "give_up_after":"1s"},"scope_strategy":"exact","target_audience":[],"trusted_issuers":[]}`, string(res), "%s", res)
+		assert.JSONEq(t, `{"introspection_url":"https://override/path","pre_authorization":{"client_id":"some_id","client_secret":"some_secret","enabled":true,"scope":["foo","bar"],"token_url":"https://my-website.com/oauth2/token"},"retry":{"max_delay":"100ms", "give_up_after":"1s"},"scope_strategy":"exact"}`, string(res), "%s", res)
 
 		// Cleanup
 		require.NoError(t, os.Setenv("AUTHENTICATORS_OAUTH2_INTROSPECTION_CONFIG_INTROSPECTION_URL", ""))
 
 	})
 
 	t.Run("case=should fail when invalid value is used in override", func(t *testing.T) {
+		p := setup(t)
 		res := json.RawMessage{}
 		require.Error(t, p.PipelineConfig("mutators", "hydrator", json.RawMessage(`{"not-api":"invalid"}`), &res))
 		assert.JSONEq(t, `{"api":{"url":"https://some-url/","retry":{"give_up_after":"1s","max_delay":"100ms"}},"not-api":"invalid"}`, string(res))
@@ -69,6 +74,7 @@ func TestPipelineConfig(t *testing.T) {
 
 	t.Run("case=should pass and override values", func(t *testing.T) {
 		var dec mutate.MutatorHydratorConfig
+		p := setup(t)
 		require.NoError(t, p.PipelineConfig("mutators", "hydrator", json.RawMessage(``), &dec))
 		assert.Equal(t, "https://some-url/", dec.Api.URL)
 
@@ -79,6 +85,7 @@ func TestPipelineConfig(t *testing.T) {
 
 	t.Run("case=should pass array values", func(t *testing.T) {
 		var dec authn.AuthenticatorOAuth2JWTConfiguration
+		p := setup(t)
 		require.NoError(t, p.PipelineConfig("authenticators", "jwt", json.RawMessage(`{}`), &dec))
 		assert.Equal(t,
 			[]string{"https://my-website.com/.well-known/jwks.json", "https://my-other-website.com/.well-known/jwks.json", "file://path/to/local/jwks.json"},

go.mod

@@ -7,10 +7,10 @@ require (
 	github.com/auth0/go-jwt-middleware v0.0.0-20170425171159-5493cabe49f7
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/bxcodec/faker v2.0.1+incompatible
-	github.com/dgraph-io/ristretto v0.0.1
+	github.com/dgraph-io/ristretto v0.0.2
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/dlclark/regexp2 v1.2.0
-	github.com/fsnotify/fsnotify v1.4.7
+	github.com/fsnotify/fsnotify v1.4.9
 	github.com/ghodss/yaml v1.0.0
 	github.com/go-openapi/errors v0.19.2
 	github.com/go-openapi/runtime v0.19.5
@@ -29,28 +29,26 @@ require (
 	github.com/huandu/xstrings v1.2.0 // indirect
 	github.com/imdario/mergo v0.3.7
 	github.com/julienschmidt/httprouter v1.2.0
-	github.com/lib/pq v1.0.0
+	github.com/lib/pq v1.2.0
 	github.com/mattn/goveralls v0.0.3
 	github.com/ory/fosite v0.29.2
 	github.com/ory/go-acc v0.0.0-20181118080137-ddc355013f90
 	github.com/ory/go-convenience v0.1.0
 	github.com/ory/gojsonschema v1.2.0
 	github.com/ory/graceful v0.1.1
-	github.com/ory/herodot v0.6.2
+	github.com/ory/herodot v0.7.0
 	github.com/ory/jsonschema/v3 v3.0.1
 	github.com/ory/ladon v1.1.0
 	github.com/ory/sdk/swagutil v0.0.0-20200202121523-307941feee4b
-	github.com/ory/viper v1.5.7
-	github.com/ory/x v0.0.95
+	github.com/ory/viper v1.7.3
+	github.com/ory/x v0.0.106
 	github.com/pborman/uuid v1.2.0
-	github.com/pelletier/go-toml v1.6.0 // indirect
 	github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2
 	github.com/pkg/errors v0.9.1
 	github.com/rs/cors v1.6.0
 	github.com/segmentio/analytics-go v3.1.0+incompatible
 	github.com/sirupsen/logrus v1.4.2
 	github.com/spf13/cobra v0.0.5
-	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/sqs/goreturns v0.0.0-20181028201513-538ac6014518
 	github.com/square/go-jose v2.3.1+incompatible
 	github.com/stretchr/testify v1.4.0
@@ -59,7 +57,7 @@ require (
 	github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce
 	github.com/urfave/negroni v1.0.0
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
-	golang.org/x/crypto v0.0.0-20200117160349-530e935923ad
+	golang.org/x/crypto v0.0.0-20200320181102-891825fb96df
 	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
 	golang.org/x/tools v0.0.0-20200203215610-ab391d50b528
 	gopkg.in/square/go-jose.v2 v2.3.1