* Extend structured logging usage in aggregator
* Use structured logging in advisories processor
* Remove unnecessary inner function
* Format
* Feat: Add verbose flag to example aggregator toml (in comment)
---------
Co-authored-by: JanHoefelmeyer <jan.hoefelmeyer@intevation.de>
* fix: ensure HTTP requests use proxy env vars
Updated all instances of `http.Transport` to include the `Proxy` field set to `http.ProxyFromEnvironment`. This ensures that the application respects proxy configuration defined by the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables.
### Changes:
- Modified `http.Transport` initialization across the codebase to use:
```go
Proxy: http.ProxyFromEnvironment
```
- Ensured TLS configurations remain intact by preserving `TLSClientConfig`.
### Why:
- Previously, HTTP requests bypassed proxy settings due to missing configuration in the transport layer.
- This fix enables compatibility with proxied environments, aligning with standard Go behavior.
### Impact:
- All HTTP and HTTPS traffic now adheres to proxy settings.
- Domains listed in `NO_PROXY` bypass the proxy as expected.
### Verification:
- Tested with proxy environment variables set (`HTTP_PROXY`, `HTTPS_PROXY`).
- Verified requests route through the proxy and `NO_PROXY` works as intended.
* reformat with fmt
---------
Co-authored-by: Cormac Doherty <cormac.doherty@ncsc.gov.ie>
* Change the go module path
from github.com/csaf-poc/csaf_distribution to github.com/gocsaf/csaf.
* Rename archive for release tarballs.
* Adjust testing scripts and documentation.
This PR adds structured logging for the aggregator service. Currently, only the text handler is used, but I can extend this to use the JSON handler as well. In this case, probably some code that is shared between the aggregator and the downloader would need to be moved to a common package.
I was also wondering, whether this repo is moving to Go 1.21 at the future, since `slog` was introduced in to the standard lib in 1.21. So currently, this still relies on the `x/exp` package.
Fixes #462
* Convert a lot of variables to snake case
* Add snakecase for variables made out of two words that had it in no version yet (for consistency)
* Adjust example files too
---------
Co-authored-by: JanHoefelmeyer <hoefelmeyer.jan@gmail.com>
* use full name for printing out the used logfile for the downloader.
* for debug or verbose, log the timeintervall that will be used
for downloader and aggregator. (The checker has this as part
of its output already.)
* Fix that TOML key `update_interval` can be processed on top level.
* Add missing keys to top level and provider entries.
* Move explanations to first mention of keys.
* Describe overriding ability and defaults early on and only once.
* Aggregator now checks every provider on whether its mirrored or listed.
*Add the option to the docs.
* Clean up the example toml file to still contain two mirrors and one example-lister.
Co-authored-by: Jan Höfelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
* provider now checks for undecoded config entries and returns an error if any are found
* Specific error message now in server logs, more general message for user
* Changes spaces to tabs for formatting consistency
* Further formatting
* Improved handling of undecoded TOML fields in config.
* aggregator now checks for not decoded config options
Co-authored-by: Jan Höfelmeyer <Jan Höfelmeyer jhoefelmeyer@intevation.de>
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
* Simple tool to test the remote validation
* Added remote validator support to provider.
* Added remote validation to aggregator.
* Calm golint
* Removed csaf_remote_validator tool as it was only for dev.
* Re-added csaf_remote_validator tool. Testing is not done.
* Embed the document entirely
* Include testing the remote validator in the Itests
* Change permission of the script
* Remove code for Itests
* As these will be done in another branch
Co-authored-by: Fadi Abbud <fadi.abbud@intevation.de>
* Adjust provider and aggregator to copy the used openpgp pubkey into a locally
provided directory `openpgp` beside the `prodiver-metadata.json`.
This more robust and self-reliant than using a public pubkey server,
which is the reason why the CSAF 2.0 csd02 mentions it as example in
"7.1.20 Requirement 20: Public OpenPGP Key".
* Improve aggregator by removing a typo `aggreator` from one written paths.
(Done with this change as it also affects the openpgp/ paths writing.)
solve #85
* Implement a logging client and activate it using verbose parameter or option
in checker and aggregator.
Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
* Factor JSON evaluation and construction base URLs out of of checker.
* Move json path matching to util.
* Add csaf_aggregator (as additional command)
* Improve itest workflow to checkout the branch where it is running on.
resolve #105
resolve #72
Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com>
Co-authored-by: Bernhard Reiter <bernhard@intevation.de>
Co-authored-by: Fadi Abbud <fadi.abbud@intevation.de>
