config: remove validate side effects (#2109)

* config: default shared key

* handle additional errors

* update grpc addr and grpc insecure

* update google cloud service authentication service account

* fix set response headers

* fix qps

* fix test
This commit is contained in:
Caleb Doxsey 2021-04-22 15:10:50 -06:00 committed by GitHub
parent 2806b67bee
commit b1d62bb541
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
19 changed files with 138 additions and 81 deletions

View file

@ -20,7 +20,11 @@ import (
// ValidateOptions checks that configuration are complete and valid.
// Returns on first error found.
func ValidateOptions(o *config.Options) error {
if _, err := cryptutil.NewAEADCipherFromBase64(o.SharedKey); err != nil {
sharedKey, err := o.GetSharedKey()
if err != nil {
return fmt.Errorf("authenticate: 'SHARED_SECRET' invalid: %w", err)
}
if _, err := cryptutil.NewAEADCipher(sharedKey); err != nil {
return fmt.Errorf("authenticate: 'SHARED_SECRET' invalid: %w", err)
}
if _, err := cryptutil.NewAEADCipherFromBase64(o.CookieSecret); err != nil {

View file

@ -39,6 +39,7 @@ func TestOptions_Validate(t *testing.T) {
shortCookieLength := newTestOptions(t)
shortCookieLength.CookieSecret = "gN3xnvfsAwfCXxnJorGLKUG4l2wC8sS8nfLMhcStPg=="
badSharedKey := newTestOptions(t)
badSharedKey.Services = "authenticate"
badSharedKey.SharedKey = ""
badAuthenticateURL := newTestOptions(t)
badAuthenticateURL.AuthenticateURLString = "BAD_URL"

View file

@ -78,7 +78,7 @@ func newAuthenticateStateFromConfig(cfg *config.Config) (*authenticateState, err
state.redirectURL.Path = cfg.Options.AuthenticateCallbackPath
// shared cipher to encrypt data before passing data between services
state.sharedKey, err = base64.StdEncoding.DecodeString(cfg.Options.SharedKey)
state.sharedKey, err = cfg.Options.GetSharedKey()
if err != nil {
return nil, err
}
@ -140,7 +140,7 @@ func newAuthenticateStateFromConfig(cfg *config.Config) (*authenticateState, err
state.jwk.Keys = append(state.jwk.Keys, *jwk)
}
sharedKey, err := base64.StdEncoding.DecodeString(cfg.Options.SharedKey)
sharedKey, err := cfg.Options.GetSharedKey()
if err != nil {
return nil, err
}
@ -157,7 +157,7 @@ func newAuthenticateStateFromConfig(cfg *config.Config) (*authenticateState, err
CAFile: cfg.Options.CAFile,
RequestTimeout: cfg.Options.GRPCClientTimeout,
ClientDNSRoundRobin: cfg.Options.GRPCClientDNSRoundRobin,
WithInsecure: cfg.Options.GRPCInsecure,
WithInsecure: cfg.Options.GetGRPCInsecure(),
InstallationID: cfg.Options.InstallationID,
ServiceName: cfg.Options.Services,
SignedJWTKey: sharedKey,