Initial commit

2026-01-18 13:53:35 +00:00
commit 166db6cbf9
18 changed files with 1011 additions and 0 deletions
--- a/internal/kcpolicy/config.go
+++ b/internal/kcpolicy/config.go
@@ -0,0 +1,62 @@
+package kcpolicy
+
+import (
+	"fmt"
+	"os"
+
+	"gopkg.in/yaml.v3"
+)
+
+type Config struct {
+	Keycloak struct {
+		BaseURL      string `yaml:"base_url"`
+		Realm        string `yaml:"realm"`
+		ClientID     string `yaml:"client_id"`
+		ClientSecret string `yaml:"client_secret"`
+	} `yaml:"keycloak"`
+
+	SQLite struct {
+		Path string `yaml:"path"`
+	} `yaml:"sqlite"`
+
+	Policy struct {
+		Domain              string `yaml:"domain"`
+		CacheTTLSeconds     int    `yaml:"cache_ttl_seconds"`
+		KeycloakFailureMode string `yaml:"keycloak_failure_mode"` // "tempfail" or "dunno"
+	} `yaml:"policy"`
+
+	Sockets struct {
+		PolicySocket     string `yaml:"policy_socket"`
+		SocketmapSocket  string `yaml:"socketmap_socket"`
+		SocketOwnerUser  string `yaml:"socket_owner_user"`
+		SocketOwnerGroup string `yaml:"socket_owner_group"`
+		SocketMode       string `yaml:"socket_mode"`
+	} `yaml:"sockets"`
+}
+
+func LoadConfig(path string) (*Config, error) {
+	b, err := os.ReadFile(path)
+	if err != nil {
+		return nil, err
+	}
+	var cfg Config
+	if err := yaml.Unmarshal(b, &cfg); err != nil {
+		return nil, err
+	}
+	if cfg.Keycloak.BaseURL == "" || cfg.Keycloak.Realm == "" {
+		return nil, fmt.Errorf("missing keycloak.base_url or keycloak.realm")
+	}
+	if cfg.SQLite.Path == "" {
+		return nil, fmt.Errorf("missing sqlite.path")
+	}
+	if cfg.Policy.Domain == "" {
+		return nil, fmt.Errorf("missing policy.domain")
+	}
+	if cfg.Policy.CacheTTLSeconds <= 0 {
+		cfg.Policy.CacheTTLSeconds = 120
+	}
+	if cfg.Policy.KeycloakFailureMode == "" {
+		cfg.Policy.KeycloakFailureMode = "tempfail"
+	}
+	return &cfg, nil
+}