Source code for ocsprest.config

"""Config"""
from __future__ import annotations
from typing import ClassVar, Optional
from pathlib import Path

from pydantic import Field
from pydantic_settings import BaseSettings, SettingsConfigDict



[docs]
class RESTConfig(BaseSettings):
    """Config for for the wrapper REST api"""


[docs]
    port: int = Field(description="bind port", default=8887)


[docs]
    addr: str = Field(description="bind address", default="0.0.0.0")  # nosec


[docs]
    cfssl: Path = Field(description="cfssl executable path", default="/usr/bin/cfssl")


[docs]
    data_path: Path = Field(
        description="Where is CFSSL persistent data", alias="CFSSL_PERSISTENT_FOLDER", default="/data/persistent"
    )


[docs]
    cacrt: Path = Field(
        alias="RUN_INTER_CA", description="CA cert to use in commands", default="/data/persistent/inter-ca.pem"
    )


[docs]
    cakey: Path = Field(
        alias="RUN_INTER_CA_KEY", description="CA key to use in commands", default="/data/persistent/inter-ca_key.pem"
    )


[docs]
    rootcacrt: Path = Field(
        alias="RUN_CA", description="Root CA cert to use in commands", default="/data/persistent/ca.pem"
    )


[docs]
    rootcakey: Path = Field(
        alias="RUN_CA_KEY", description="root CA key to use in commands", default="/data/persistent/init_ca-key.pem"
    )


[docs]
    conf: Path = Field(
        alias="RUN_CA_CFSSL_CONF",
        description="Path to the db config file",
        default="/data/persistent/root_ca_cfssl.json",
    )


[docs]
    dbconf: Path = Field(
        alias="RUN_DB_CONFIG", description="Path to the db config file", default="/data/persistent/db.json"
    )


[docs]
    respcrt: Path = Field(
        alias="RUN_OCSP_CERT", description="Responder cert to use", default="/data/persistent/ocsp.pem"
    )


[docs]
    respkey: Path = Field(
        alias="RUN_OCSP_KEY", description="Responder key to use", default="/data/persistent/ocsp_key.pem"
    )


[docs]
    crl: Path = Field(
        description="Location to dump the DER CRL to, .PEM version will also be created", default="/ca_public/crl.der"
    )


[docs]
    crl_lifetime: str = Field(description="Lifetime to pass to CFSSL", default="1800s")

    # OCSP responder rounds the response nextupdate in funky ways so less than 1h will lead to weird results

[docs]
    ocsp_lifetime: str = Field(description="Lifetime to pass to CFSSL", default="1h")


[docs]
    crl_refresh: int = Field(description="Interval to dump CRL via out background task", default=900)



[docs]
    ci: bool = Field(default=False, alias="CI", description="Are we running in CI")


[docs]
    model_config = SettingsConfigDict(env_prefix="or_", env_file=".env", extra="ignore", env_nested_delimiter="__")


[docs]
    _singleton: ClassVar[Optional[RESTConfig]] = None


    @classmethod

[docs]
    def singleton(cls) -> RESTConfig:
        """Return singleton"""
        if not RESTConfig._singleton:
            RESTConfig._singleton = RESTConfig()
        return RESTConfig._singleton