feat(config): Introduce concept of configuration dependencies (#418)

Author: PeterSchafer

pkg/app/app.go

@@ -29,6 +29,11 @@ import (
 )
 
 func defaultFuncOrganizationSlug(engine workflow.Engine, config configuration.Configuration, logger *zerolog.Logger, apiClientFactory func(url string, client *http.Client) api.ApiClient) configuration.DefaultValueFunction {
+	err := config.AddKeyDependency(configuration.ORGANIZATION_SLUG, configuration.ORGANIZATION)
+	if err != nil {
+		logger.Print("Failed to add dependency for ORGANIZATION_SLUG:", err)
+	}
+
 	callback := func(_ configuration.Configuration, existingValue interface{}) (interface{}, error) {
 		client := engine.GetNetworkAccess().GetHttpClient()
 		url := config.GetString(configuration.API_URL)
@@ -47,6 +52,11 @@ func defaultFuncOrganizationSlug(engine workflow.Engine, config configuration.Co
 }
 
 func defaultFuncOrganization(engine workflow.Engine, config configuration.Configuration, logger *zerolog.Logger, apiClientFactory func(url string, client *http.Client) api.ApiClient) configuration.DefaultValueFunction {
+	err := config.AddKeyDependency(configuration.ORGANIZATION, configuration.API_URL)
+	if err != nil {
+		logger.Print("Failed to add dependency for ORGANIZATION:", err)
+	}
+
 	callback := func(_ configuration.Configuration, existingValue interface{}) (interface{}, error) {
 		client := engine.GetNetworkAccess().GetHttpClient()
 		url := config.GetString(configuration.API_URL)
@@ -78,7 +88,16 @@ func defaultFuncOrganization(engine workflow.Engine, config configuration.Config
 	return callback
 }
 
-func defaultFuncApiUrl(_ configuration.Configuration, logger *zerolog.Logger) configuration.DefaultValueFunction {
+func defaultFuncApiUrl(globalConfig configuration.Configuration, logger *zerolog.Logger) configuration.DefaultValueFunction {
+	err := globalConfig.AddKeyDependency(configuration.API_URL, configuration.AUTHENTICATION_TOKEN)
+	if err != nil {
+		logger.Print("Failed to add dependency for API_URL:", err)
+	}
+	err = globalConfig.AddKeyDependency(configuration.API_URL, auth.CONFIG_KEY_OAUTH_TOKEN)
+	if err != nil {
+		logger.Print("Failed to add dependency for API_URL:", err)
+	}
+
 	callback := func(config configuration.Configuration, existingValue interface{}) (interface{}, error) {
 		urlString := constants.SNYK_DEFAULT_API_URL
 		authToken := config.GetString(configuration.AUTHENTICATION_TOKEN)
@@ -236,14 +255,20 @@ func initConfiguration(engine workflow.Engine, config configuration.Configuratio
 
 	// set default filesize threshold to 512MB
 	config.AddDefaultValue(configuration.IN_MEMORY_THRESHOLD_BYTES, configuration.StandardDefaultValueFunction(constants.SNYK_DEFAULT_IN_MEMORY_THRESHOLD_MB))
-	config.AddDefaultValue(configuration.API_URL, defaultFuncApiUrl(config, logger))
 	config.AddDefaultValue(configuration.TEMP_DIR_PATH, defaultTempDirectory(engine, config, logger))
 
+	config.AddDefaultValue(configuration.API_URL, defaultFuncApiUrl(config, logger))
+
+	err = config.AddKeyDependency(configuration.WEB_APP_URL, configuration.API_URL)
+	if err != nil {
+		logger.Print("Failed to add dependency for WEB_APP_URL:", err)
+	}
+
 	config.AddDefaultValue(configuration.WEB_APP_URL, func(c configuration.Configuration, existingValue any) (any, error) {
 		canonicalApiUrl := c.GetString(configuration.API_URL)
-		appUrl, err := api.DeriveAppUrl(canonicalApiUrl)
-		if err != nil {
-			logger.Print("Failed to determine default value for \"WEB_APP_URL\":", err)
+		appUrl, appUrlErr := api.DeriveAppUrl(canonicalApiUrl)
+		if appUrlErr != nil {
+			logger.Print("Failed to determine default value for \"WEB_APP_URL\":", appUrlErr)
 		}
 
 		return appUrl, nil
@@ -260,6 +285,11 @@ func initConfiguration(engine workflow.Engine, config configuration.Configuratio
 		}
 	})
 
+	err = config.AddKeyDependency(configuration.IS_FEDRAMP, configuration.API_URL)
+	if err != nil {
+		logger.Print("Failed to add dependency for IS_FEDRAMP:", err)
+	}
+
 	config.AddDefaultValue(configuration.IS_FEDRAMP, func(_ configuration.Configuration, existingValue any) (any, error) {
 		if existingValue == nil {
 			return api.IsFedramp(config.GetString(configuration.API_URL)), nil

pkg/app/app_test.go

@@ -32,6 +32,28 @@ import (
 	"golang.org/x/oauth2/jws"
 )
 
+func createOAuthTokenWithAudience(t *testing.T, audience string) string {
+	t.Helper()
+	header := &jws.Header{}
+	claims := &jws.ClaimSet{
+		Aud: audience,
+	}
+	pk, err := rsa.GenerateKey(rand.Reader, 2048)
+	assert.NoError(t, err)
+
+	accessToken, err := jws.Encode(header, claims, pk)
+	assert.NoError(t, err)
+
+	token := oauth2.Token{
+		AccessToken: accessToken,
+	}
+
+	tokenBytes, err := json.Marshal(token)
+	assert.NoError(t, err)
+
+	return string(tokenBytes)
+}
+
 func Test_AddsDefaultFunctionForCustomConfigFiles(t *testing.T) {
 	t.Run("should load default config files (without given command line)", func(t *testing.T) {
 		localConfig := configuration.NewWithOpts()
@@ -792,33 +814,12 @@ func Test_auth_oauth(t *testing.T) {
 	})
 
 	t.Run("oauth token change updates api url extraction", func(t *testing.T) {
-		createOAuthTokenWithAudience := func(audience string) string {
-			header := &jws.Header{}
-			claims := &jws.ClaimSet{
-				Aud: audience,
-			}
-			pk, err := rsa.GenerateKey(rand.Reader, 2048)
-			assert.NoError(t, err)
-
-			accessToken, err := jws.Encode(header, claims, pk)
-			assert.NoError(t, err)
-
-			token := oauth2.Token{
-				AccessToken: accessToken,
-			}
-
-			tokenBytes, err := json.Marshal(token)
-			assert.NoError(t, err)
-
-			return string(tokenBytes)
-		}
-
 		globalConfig := engine.GetConfiguration()
 		globalConfig.Set(configuration.API_URL, "https://api.snyk.io")
 		invocationConfig := globalConfig.Clone()
 
 		firstAPIURL := "https://api.eu.snyk.io"
-		firstOAuthToken := createOAuthTokenWithAudience(firstAPIURL)
+		firstOAuthToken := createOAuthTokenWithAudience(t, firstAPIURL)
 
 		// Set auth type to OAuth
 		invocationConfig.Set(localworkflows.AuthTypeParameter, auth.AUTH_TYPE_OAUTH)
@@ -849,7 +850,7 @@ func Test_auth_oauth(t *testing.T) {
 
 		// Now simulate re-authentication with EU
 		secondAPIURL := "https://api.us.snyk.io"
-		secondOAuthToken := createOAuthTokenWithAudience(secondAPIURL)
+		secondOAuthToken := createOAuthTokenWithAudience(t, secondAPIURL)
 
 		// Mock second authentication
 		mockAuthenticator.EXPECT().Authenticate().DoAndReturn(func() error {
@@ -870,3 +871,59 @@ func Test_auth_oauth(t *testing.T) {
 		assert.Equal(t, secondAPIURL, actualApiUrl, "Second OAuth token should contain US API URL")
 	})
 }
+
+// this tests compares the behavior of the config when it has caching enabled and when it doesn't
+func Test_config_compareCachedAndUncachedConfig(t *testing.T) {
+	tests := []struct {
+		name   string
+		config configuration.Configuration
+	}{
+		{
+			name:   "Cached config",
+			config: configuration.NewWithOpts(configuration.WithCachingEnabled(time.Hour * 1)),
+		},
+		{
+			name:   "Uncached config",
+			config: configuration.NewWithOpts(),
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			engine := CreateAppEngineWithOptions(WithConfiguration(tt.config))
+			assert.NotNil(t, engine)
+
+			// Default API URL
+			assert.Equal(t, constants.SNYK_DEFAULT_API_URL, tt.config.GetString(configuration.API_URL))
+
+			// set API URL explicitly
+			tt.config.Set(configuration.API_URL, "https://api.us.snyk.io")
+			assert.Equal(t, "https://api.us.snyk.io", tt.config.GetString(configuration.API_URL))
+			assert.Equal(t, "https://app.us.snyk.io", tt.config.GetString(configuration.WEB_APP_URL))
+
+			// set PAT and derive API URL
+			tt.config.Set(configuration.AUTHENTICATION_TOKEN, createMockPAT(t, `{"h":"api.au.snyk.io"}`))
+			assert.Equal(t, "https://api.au.snyk.io", tt.config.GetString(configuration.API_URL))
+			assert.Equal(t, "https://app.au.snyk.io", tt.config.GetString(configuration.WEB_APP_URL))
+			tt.config.Unset(configuration.AUTHENTICATION_TOKEN)
+
+			// set OAuth token and derive API URL
+			tt.config.Set(auth.CONFIG_KEY_OAUTH_TOKEN, createOAuthTokenWithAudience(t, "https://api.snykgov.io"))
+			assert.Equal(t, "https://api.snykgov.io", tt.config.GetString(configuration.API_URL))
+			assert.Equal(t, "https://app.snykgov.io", tt.config.GetString(configuration.WEB_APP_URL))
+
+			// set PAT and derive API URL
+			tt.config.Set(configuration.AUTHENTICATION_TOKEN, createMockPAT(t, `{"h":"api.eu.snyk.io"}`))
+			assert.Equal(t, "https://api.eu.snyk.io", tt.config.GetString(configuration.API_URL))
+			assert.Equal(t, "https://app.eu.snyk.io", tt.config.GetString(configuration.WEB_APP_URL))
+
+			// unset PAT and OAuth token
+			tt.config.Unset(configuration.AUTHENTICATION_TOKEN)
+			tt.config.Unset(auth.CONFIG_KEY_OAUTH_TOKEN)
+
+			// exlicitly set API URL is restored
+			assert.Equal(t, "https://api.us.snyk.io", tt.config.GetString(configuration.API_URL))
+			assert.Equal(t, "https://app.us.snyk.io", tt.config.GetString(configuration.WEB_APP_URL))
+		})
+	}
+}

pkg/auth/oauth2authenticator.go

@@ -90,7 +90,6 @@ func getRedirectUri(port int) string {
 }
 
 func getOAuthConfiguration(config configuration.Configuration) *oauth2.Config {
-	config.ClearCache()
 	apiUrl := config.GetString(configuration.API_URL)
 	appUrl := config.GetString(configuration.WEB_APP_URL)
 	tokenUrl := apiUrl + "/oauth2/token"

pkg/configuration/configuration.go

@@ -62,6 +62,10 @@ type Configuration interface {
 	GetAllKeysThatContainValues(key string) []string
 	GetKeyType(key string) KeyType
 
+	// AddKeyDependency can be used to describe that a certain key and its values actually depend on another value, this can then be used to clear the cache of a key when a depending key changes.
+	// In words: key depends on dependencyKey.
+	AddKeyDependency(key string, dependencyKey string) error
+
 	// PersistInStorage ensures that when Set is called with the given key, it will be persisted in the config file.
 	PersistInStorage(key string)
 	SetStorage(storage Storage)
@@ -103,6 +107,8 @@ type extendedViper struct {
 
 	// supportedEnvVars store the env vars that should be supported REGARDLESS of its prefix. e.g. NODE_EXTRA_CA_CERTS
 	supportedEnvVars []string
+
+	interkeyDependencies map[string][]string
 }
 
 // StandardDefaultValueFunction is a default value function that returns the default value if the existing value is nil.
@@ -238,10 +244,11 @@ func NewInMemory() Configuration {
 func createViperDefaultConfig(opts ...Opts) *extendedViper {
 	// prepare environment variables
 	config := &extendedViper{
-		viper:           viper.New(),
-		alternativeKeys: make(map[string][]string),
-		defaultValues:   make(map[string]DefaultValueFunction),
-		persistedKeys:   make(map[string]bool),
+		viper:                viper.New(),
+		alternativeKeys:      make(map[string][]string),
+		defaultValues:        make(map[string]DefaultValueFunction),
+		persistedKeys:        make(map[string]bool),
+		interkeyDependencies: make(map[string][]string),
 	}
 	config.viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
 
@@ -331,20 +338,31 @@ func (ev *extendedViper) Clone() Configuration {
 		items := ev.defaultCache.Items()
 		clonedCache := cache.NewFrom(cacheTTL, defaultCacheCleanupInterval, items)
 		evClone.setCache(clonedCache)
+		evClone.interkeyDependencies = ev.interkeyDependencies
 	}
 
 	return clone
 }
 
+func (ev *extendedViper) clearCache(key string) {
+	if ev.defaultCache != nil {
+		ev.defaultCache.Delete(key)
+
+		// clear cache of all keys that depend on the current key
+		for _, dependencyKey := range ev.interkeyDependencies[key] {
+			ev.clearCache(dependencyKey)
+		}
+	}
+}
+
 // Set sets a configuration value.
 func (ev *extendedViper) Set(key string, value interface{}) {
 	ev.mutex.Lock()
 	localStorage := ev.storage
 	isPersisted := ev.persistedKeys[key]
 	ev.viper.Set(key, value)
-	if ev.defaultCache != nil {
-		ev.defaultCache.Delete(key)
-	}
+	ev.clearCache(key)
+
 	ev.mutex.Unlock()
 
 	if localStorage != nil && isPersisted {
@@ -863,6 +881,39 @@ func (ev *extendedViper) getCacheSettings() (bool, time.Duration, error) {
 	return enabled, duration, nil
 }
 
+func (ev *extendedViper) detectCircularDependency(key string, dependencyKey string) error {
+	circularDependencyError := errors.New("circular dependency detected")
+
+	if key == dependencyKey {
+		return circularDependencyError
+	}
+
+	for _, existingKey := range ev.interkeyDependencies[key] {
+		if existingKey == dependencyKey {
+			return circularDependencyError
+		}
+
+		if err := ev.detectCircularDependency(existingKey, dependencyKey); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (ev *extendedViper) AddKeyDependency(key string, dependencyKey string) error {
+	ev.mutex.Lock()
+	defer ev.mutex.Unlock()
+
+	// detect circular dependencies
+	if err := ev.detectCircularDependency(key, dependencyKey); err != nil {
+		return err
+	}
+
+	ev.interkeyDependencies[dependencyKey] = append(ev.interkeyDependencies[dependencyKey], key)
+	return nil
+}
+
 func toBool(result interface{}) (bool, error) {
 	switch v := result.(type) {
 	case bool: