mirror of
https://github.com/pomerium/pomerium.git
synced 2025-08-06 10:21:05 +02:00
core/config: update file watcher source to handle base64 encoded certificates
This commit is contained in:
Caleb Doxsey
parent
ffca3b36a9
commit
1767a72244
2 changed files with 36 additions and 1 deletions
|
|
@ -288,7 +288,14 @@ func getAllConfigFilePaths(cfg *Config) []string {
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, pair := range cfg.Options.CertificateFiles {
|
for _, pair := range cfg.Options.CertificateFiles {
|
||||||
fs = append(fs, pair.CertFile, pair.KeyFile)
|
// #4714 skip base64 certificates stored in CertificateFiles
|
||||||
|
// so only add watches for files that exist
|
||||||
|
if _, err := os.Stat(pair.CertFile); err == nil {
|
||||||
|
fs = append(fs, pair.CertFile)
|
||||||
|
}
|
||||||
|
if _, err := os.Stat(pair.KeyFile); err == nil {
|
||||||
|
fs = append(fs, pair.KeyFile)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, policy := range cfg.Options.Policies {
|
for _, policy := range cfg.Options.Policies {
|
||||||
|
|
|
||||||
|
|
@ -1,19 +1,34 @@
|
||||||
package config
|
package config
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"bytes"
|
||||||
"context"
|
"context"
|
||||||
|
"encoding/base64"
|
||||||
|
"io"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"sync"
|
"sync"
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/rs/zerolog"
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
|
|
||||||
|
"github.com/pomerium/pomerium/internal/log"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestFileWatcherSource(t *testing.T) {
|
func TestFileWatcherSource(t *testing.T) {
|
||||||
ctx := context.Background()
|
ctx := context.Background()
|
||||||
|
|
||||||
|
// capture logs
|
||||||
|
var logOutput bytes.Buffer
|
||||||
|
logger := zerolog.New(io.MultiWriter(&logOutput, zerolog.NewTestWriter(t)))
|
||||||
|
originalLogger := log.Logger()
|
||||||
|
log.SetLogger(&logger)
|
||||||
|
t.Cleanup(func() {
|
||||||
|
log.SetLogger(originalLogger)
|
||||||
|
})
|
||||||
|
|
||||||
tmpdir := t.TempDir()
|
tmpdir := t.TempDir()
|
||||||
|
|
||||||
err := os.WriteFile(filepath.Join(tmpdir, "example.txt"), []byte{1}, 0o600)
|
err := os.WriteFile(filepath.Join(tmpdir, "example.txt"), []byte{1}, 0o600)
|
||||||
|
|
@ -26,8 +41,19 @@ func TestFileWatcherSource(t *testing.T) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
testCertFileRef := "./testdata/example-cert.pem"
|
||||||
|
testKeyFileRef := "./testdata/example-key.pem"
|
||||||
|
testCertFile, _ := os.ReadFile(testCertFileRef)
|
||||||
|
testKeyFile, _ := os.ReadFile(testKeyFileRef)
|
||||||
|
testCertAsBase64 := base64.StdEncoding.EncodeToString(testCertFile)
|
||||||
|
testKeyAsBase64 := base64.StdEncoding.EncodeToString(testKeyFile)
|
||||||
|
|
||||||
ssrc := NewStaticSource(&Config{
|
ssrc := NewStaticSource(&Config{
|
||||||
Options: &Options{
|
Options: &Options{
|
||||||
|
CertificateFiles: []certificateFilePair{{
|
||||||
|
CertFile: testCertAsBase64,
|
||||||
|
KeyFile: testKeyAsBase64,
|
||||||
|
}},
|
||||||
CAFile: filepath.Join(tmpdir, "example.txt"),
|
CAFile: filepath.Join(tmpdir, "example.txt"),
|
||||||
Policies: []Policy{{
|
Policies: []Policy{{
|
||||||
KubernetesServiceAccountTokenFile: filepath.Join(tmpdir, "kubernetes-example.txt"),
|
KubernetesServiceAccountTokenFile: filepath.Join(tmpdir, "kubernetes-example.txt"),
|
||||||
|
|
@ -77,4 +103,6 @@ func TestFileWatcherSource(t *testing.T) {
|
||||||
case <-time.After(time.Second):
|
case <-time.After(time.Second):
|
||||||
t.Error("expected OnConfigChange to be fired after triggering a change to the underlying source")
|
t.Error("expected OnConfigChange to be fired after triggering a change to the underlying source")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
assert.NotContains(t, logOutput.String(), "failed to add file to polling-based file watcher")
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue