3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-12 08:37:38 +02:00
Code Issues Projects Releases Packages Wiki Activity

config: generate cookie secret if not set in all-in-one mode (#3742)

Browse source 
* config: generate cookie secret if not set in all-in-one mode

* fix tests

* config: add warning about cookie_secret

* breakup lines
This commit is contained in:
Caleb Doxsey 2022-11-11 14:14:30 -07:00 committed by GitHub
parent 2c9087f5e7
commit 9413123c0f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 111 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

36
config/options_test.go
View file

@ -53,11 +53,6 @@ func Test_Validate(t *testing.T) {
badSignoutRedirectURL := testOptions()
badSignoutRedirectURL.SignOutRedirectURLString = "--"
missingSharedSecretWithPersistence := testOptions()
missingSharedSecretWithPersistence.SharedKey = ""
missingSharedSecretWithPersistence.DataBrokerStorageType = StorageRedisName
missingSharedSecretWithPersistence.DataBrokerStorageConnectionString = "redis://somehost:6379"
tests := []struct {
name string
testOpts *Options
@ -71,7 +66,6 @@ func Test_Validate(t *testing.T) {
{"invalid databroker storage type", invalidStorageType, true},
{"missing databroker storage dsn", missingStorageDSN, true},
{"invalid signout redirect url", badSignoutRedirectURL, true},
{"no shared key with databroker persistence", missingSharedSecretWithPersistence, true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
@ -776,6 +770,36 @@ func TestOptions_GetSetResponseHeaders(t *testing.T) {
})
}
func TestOptions_GetSharedKey(t *testing.T) {
t.Run("default", func(t *testing.T) {
o := NewDefaultOptions()
bs, err := o.GetSharedKey()
assert.NoError(t, err)
assert.Equal(t, randomSharedKey, base64.StdEncoding.EncodeToString(bs))
})
t.Run("missing", func(t *testing.T) {
o := NewDefaultOptions()
o.Services = ServiceProxy
_, err := o.GetSharedKey()
assert.Error(t, err)
})
}
func TestOptions_GetCookieSecret(t *testing.T) {
t.Run("default", func(t *testing.T) {
o := NewDefaultOptions()
bs, err := o.GetCookieSecret()
assert.NoError(t, err)
assert.Equal(t, randomSharedKey, base64.StdEncoding.EncodeToString(bs))
})
t.Run("missing", func(t *testing.T) {
o := NewDefaultOptions()
o.Services = ServiceProxy
_, err := o.GetCookieSecret()
assert.Error(t, err)
})
}
func encodeCert(cert *tls.Certificate) []byte {
return pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: cert.Certificate[0]})
}