config: generate cookie secret if not set in all-in-one mode (#3742)

* config: generate cookie secret if not set in all-in-one mode * fix tests * config: add warning about cookie_secret * breakup lines
2025-05-14 17:47:54 +02:00 · 2022-11-11 14:14:30 -07:00 · 2022-11-11 14:14:30 -07:00 · 9413123c0f
commit 9413123c0f
parent 2c9087f5e7
8 changed files with 111 additions and 17 deletions
--- a/internal/log/warnings.go
+++ b/internal/log/warnings.go
@ -0,0 +1,42 @@
+package log
+
+import (
+	"context"
+	"sync"
+
+	"github.com/pomerium/pomerium/internal/syncutil"
+)
+
+var warnCookieSecretOnce sync.Once
+
+// WarnCookieSecret warns about the cookie secret.
+func WarnCookieSecret() {
+	warnCookieSecretOnce.Do(func() {
+		Warn(context.Background()).
+			Msg("using a generated COOKIE_SECRET. " +
+				"Set the COOKIE_SECRET to avoid users being logged out on restart. " +
+				"https://www.pomerium.com/docs/reference/cookie-secret")
+	})
+}
+
+var warnNoTLSCertificateOnce syncutil.OnceMap[string]
+
+// WarnNoTLSCertificate warns about no TLS certificate.
+func WarnNoTLSCertificate(domain string) {
+	warnNoTLSCertificateOnce.Do(domain, func() {
+		Warn(context.Background()).
+			Str("domain", domain).
+			Msg("no TLS certificate found for domain, using a self-signed certificate")
+	})
+}
+
+var warnWebSocketHTTP1_1Once syncutil.OnceMap[string]
+
+// WarnWebSocketHTTP1_1 warns about falling back to http 1.1 due to web socket support.
+func WarnWebSocketHTTP1_1(clusterID string) {
+	warnWebSocketHTTP1_1Once.Do(clusterID, func() {
+		Warn(context.Background()).
+			Str("cluster-id", clusterID).
+			Msg("forcing http/1.1 due to web socket support")
+	})
+}