mirror of
https://github.com/pomerium/pomerium.git
synced 2025-08-03 00:40:25 +02:00
core/config: update file watcher source to handle base64 encoded certificates
This commit is contained in:
Caleb Doxsey
parent
ffca3b36a9
commit
1767a72244
2 changed files with 36 additions and 1 deletions
|
|
@ -288,7 +288,14 @@ func getAllConfigFilePaths(cfg *Config) []string {
|
|||
}
|
||||
|
||||
for _, pair := range cfg.Options.CertificateFiles {
|
||||
fs = append(fs, pair.CertFile, pair.KeyFile)
|
||||
// #4714 skip base64 certificates stored in CertificateFiles
|
||||
// so only add watches for files that exist
|
||||
if _, err := os.Stat(pair.CertFile); err == nil {
|
||||
fs = append(fs, pair.CertFile)
|
||||
}
|
||||
if _, err := os.Stat(pair.KeyFile); err == nil {
|
||||
fs = append(fs, pair.KeyFile)
|
||||
}
|
||||
}
|
||||
|
||||
for _, policy := range cfg.Options.Policies {
|
||||
|
|
|
|||
|
|
@ -1,19 +1,34 @@
|
|||
package config
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"encoding/base64"
|
||||
"io"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"sync"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/rs/zerolog"
|
||||
"github.com/stretchr/testify/assert"
|
||||
|
||||
"github.com/pomerium/pomerium/internal/log"
|
||||
)
|
||||
|
||||
func TestFileWatcherSource(t *testing.T) {
|
||||
ctx := context.Background()
|
||||
|
||||
// capture logs
|
||||
var logOutput bytes.Buffer
|
||||
logger := zerolog.New(io.MultiWriter(&logOutput, zerolog.NewTestWriter(t)))
|
||||
originalLogger := log.Logger()
|
||||
log.SetLogger(&logger)
|
||||
t.Cleanup(func() {
|
||||
log.SetLogger(originalLogger)
|
||||
})
|
||||
|
||||
tmpdir := t.TempDir()
|
||||
|
||||
err := os.WriteFile(filepath.Join(tmpdir, "example.txt"), []byte{1}, 0o600)
|
||||
|
|
@ -26,8 +41,19 @@ func TestFileWatcherSource(t *testing.T) {
|
|||
return
|
||||
}
|
||||
|
||||
testCertFileRef := "./testdata/example-cert.pem"
|
||||
testKeyFileRef := "./testdata/example-key.pem"
|
||||
testCertFile, _ := os.ReadFile(testCertFileRef)
|
||||
testKeyFile, _ := os.ReadFile(testKeyFileRef)
|
||||
testCertAsBase64 := base64.StdEncoding.EncodeToString(testCertFile)
|
||||
testKeyAsBase64 := base64.StdEncoding.EncodeToString(testKeyFile)
|
||||
|
||||
ssrc := NewStaticSource(&Config{
|
||||
Options: &Options{
|
||||
CertificateFiles: []certificateFilePair{{
|
||||
CertFile: testCertAsBase64,
|
||||
KeyFile: testKeyAsBase64,
|
||||
}},
|
||||
CAFile: filepath.Join(tmpdir, "example.txt"),
|
||||
Policies: []Policy{{
|
||||
KubernetesServiceAccountTokenFile: filepath.Join(tmpdir, "kubernetes-example.txt"),
|
||||
|
|
@ -77,4 +103,6 @@ func TestFileWatcherSource(t *testing.T) {
|
|||
case <-time.After(time.Second):
|
||||
t.Error("expected OnConfigChange to be fired after triggering a change to the underlying source")
|
||||
}
|
||||
|
||||
assert.NotContains(t, logOutput.String(), "failed to add file to polling-based file watcher")
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue