Remove datastore

3 files changed, 9 insertions, 78 deletions

diff --git a/README.md b/README.md
index 6f1ef23..9581761 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,6 @@
 - [Configuration](#configuration)
 	- [server](#server-1)
 		- [database](#database)
-		- [datastore](#datastore) [DEPRECATED]
 	- [auth](#auth)
 		- [Provider-specific options](#provider-specific-options)
 	- [ssh](#ssh)
@@ -113,7 +112,6 @@ Exception to this: the `http_logfile` option **ONLY** writes to local files.
 - `cookie_secret`: string. Authentication key for the session cookie. This can be a secret stored in a [vault](https://www.vaultproject.io/) using the form `/vault/path/key` e.g. `/vault/secret/cashier/cookie_secret`.
 - `csrf_secret`: string. Authentication key for CSRF protection. This can be a secret stored in a [vault](https://www.vaultproject.io/) using the form `/vault/path/key` e.g. `/vault/secret/cashier/csrf_secret`.
 - `http_logfile`: string. Path to the HTTP request log. Logs are written in the [Common Log Format](https://en.wikipedia.org/wiki/Common_Log_Format). The only valid destination for logs is a local file path.
-- `datastore`: string. Datastore connection string. See [Datastore](#datastore).
 
 ### database
 
@@ -146,35 +144,10 @@ server {
 }
 ```
 
-Prior to using MySQL or SQLite you need to create the database and tables using [one of the provided files](db).  
+Prior to using MySQL or SQLite you need to create the database and tables using [the provided seed file](db/seed.sql).  
 e.g. `mysql < db/seed.sql`.  
 Obviously you should setup a role user for running in prodution.
 
-### datastore
-
-## The datastore option is deprecated. Use the [database](#database) option instead
-
-~~Datastores contain a record of issued certificates for audit and revocation purposes. The connection string is of the form `engine:username:password:host[:port]`.~~
-
-~~Supported database providers: `mysql`, `sqlite` and `mem`.~~
-
-~~`mem` is an in-memory database intended for testing and takes no additional config options.~~  
-~~`mysql` is the MySQL database and accepts `username`, `password` and `host` arguments. Only `username` and `host` arguments are required. `port` is assumed to be 3306 unless otherwise specified.~~  
-~~`sqlite` is the SQLite database and accepts a `path` argument.~~
-
-~~If no datastore is specified the `mem` store is used by default.~~
-
-~~Examples:~~
-
-```
-server {
-  datastore = "mem"  # use the in-memory database.
-  datastore = "mysql:root::localhost"  # mysql running on localhost with the user 'root' and no password.
-  datastore = "mysql:cashier:PaSsWoRd:mydbprovider.example.com:5150"  # mysql running on a remote host on port 5150
-  datastore = "sqlite:/data/certs.db"
-}
-```
-
 ## auth
 - `provider` : string. Name of the oauth provider. Valid providers are currently "google", "github" and "gitlab".
 - `oauth_client_id` : string. Oauth Client ID. This can be a secret stored in a [vault](https://www.vaultproject.io/) using the form `/vault/path/key` e.g. `/vault/secret/cashier/oauth_client_id`.
@@ -275,7 +248,7 @@ where `/etc/ssh/ca.pub` contains the public part of your signing key.
 If you wish to use certificate revocation you need to set the `RevokedKeys` option in sshd_config - see the next section.
 
 ## Revoking certificates
-When a certificate is signed a record is kept in the configured datastore. You can view issued certs at `http(s)://<ca url>/admin/certs` and also revoke them.  
+When a certificate is signed a record is kept in the configured database. You can view issued certs at `http(s)://<ca url>/admin/certs` and also revoke them.  
 The revocation list is served at `http(s)://<ca url>/revoked`. To use it your sshd_config must have `RevokedKeys` set:
 ```
 RevokedKeys /etc/ssh/revoked_keys
diff --git a/example-server.conf b/example-server.conf
index 8d299fa..e0b3ea5 100644
--- a/example-server.conf
+++ b/example-server.conf
@@ -9,7 +9,13 @@ server {
   cookie_secret = "supersecret"  # Authentication key for the client cookie
   csrf_secret = "supersecret"  # Authentication key for the CSRF token
   http_logfile = "http.log"  # Logfile for HTTP requests
-  datastore = "mysql:user:pass:host:3306"  # engine:username:password:hostname:port
+}
+
+database {
+  type = "mysql"
+  address = "host:3306"
+  username = "user"
+  password = "pass"
 }
 
 # Oauth2 configuration
diff --git a/server/config/config.go b/server/config/config.go
index 573ae85..422a135 100644
--- a/server/config/config.go
+++ b/server/config/config.go
@@ -1,9 +1,6 @@
 package config
 
 import (
-	"bytes"
-	"fmt"
-	"log"
 	"os"
 	"strconv"
 	"strings"
@@ -40,7 +37,6 @@ type Server struct {
 	CSRFSecret            string   `hcl:"csrf_secret"`
 	HTTPLogFile           string   `hcl:"http_logfile"`
 	Database              Database `hcl:"database"`
-	Datastore             string   `hcl:"datastore"` // Deprecated. TODO: remove.
 }
 
 // Auth holds the configuration specific to the OAuth provider.
@@ -89,54 +85,11 @@ func verifyConfig(c *Config) error {
 	return err
 }
 
-func convertDatastoreConfig(c *Config) {
-	// Convert the deprecated 'datastore' config to the new 'database' config.
-	if c.Server != nil && c.Server.Datastore != "" {
-		conf := c.Server.Datastore
-		engine := strings.Split(conf, ":")[0]
-		switch engine {
-		case "mysql":
-			s := strings.SplitN(conf, ":", 4)
-			engine, user, passwd, addrs := s[0], s[1], s[2], s[3]
-			c.Server.Database = map[string]string{
-				"type":     engine,
-				"username": user,
-				"password": passwd,
-				"address":  addrs,
-			}
-		case "sqlite":
-			s := strings.Split(conf, ":")
-			c.Server.Database = map[string]string{"type": s[0], "filename": s[1]}
-		case "mem":
-			c.Server.Database = map[string]string{"type": "mem"}
-		}
-		var out bytes.Buffer
-		out.WriteString("The `datastore` option has been deprecated in favour of the `database` option. You should update your config.\n")
-		out.WriteString("The new config (passwords have been redacted) should look something like:\n")
-		out.WriteString("server {\n  database {\n")
-		for k, v := range c.Server.Database {
-			if v == "" {
-				continue
-			}
-			if k == "password" {
-				out.WriteString("    password = \"[ REDACTED ]\"\n")
-				continue
-			}
-			out.WriteString(fmt.Sprintf("    %s = \"%s\"\n", k, v))
-		}
-		out.WriteString("  }\n}")
-		log.Println(out.String())
-	}
-}
-
 func setFromEnvironment(c *Config) {
 	port, err := strconv.Atoi(os.Getenv("PORT"))
 	if err == nil {
 		c.Server.Port = port
 	}
-	if os.Getenv("DATASTORE") != "" {
-		c.Server.Datastore = os.Getenv("DATASTORE")
-	}
 	if os.Getenv("OAUTH_CLIENT_ID") != "" {
 		c.Auth.OauthClientID = os.Getenv("OAUTH_CLIENT_ID")
 	}
@@ -194,7 +147,6 @@ func ReadConfig(f string) (*Config, error) {
 		return nil, err
 	}
 	setFromEnvironment(config)
-	convertDatastoreConfig(config)
 	if err := verifyConfig(config); err != nil {
 		return nil, errors.Wrap(err, "unable to verify config")
 	}