mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-31 18:07:17 +02:00
Refactor to central options struct and parsing
This commit is contained in:
Travis Groth
parent
5970d6c766
commit
ebb6df6c3f
12 changed files with 415 additions and 511 deletions
|
|
@ -7,49 +7,16 @@ import (
|
|||
"net/http"
|
||||
"net/http/httptest"
|
||||
"net/url"
|
||||
"os"
|
||||
"reflect"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/pomerium/pomerium/internal/config"
|
||||
|
||||
"github.com/pomerium/pomerium/internal/policy"
|
||||
)
|
||||
|
||||
var fixedDate = time.Date(2009, 11, 17, 20, 34, 58, 651387237, time.UTC)
|
||||
|
||||
func TestOptionsFromEnvConfig(t *testing.T) {
|
||||
os.Clearenv()
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
want *Options
|
||||
envKey string
|
||||
envValue string
|
||||
wantErr bool
|
||||
}{
|
||||
{"good default, no env settings", defaultOptions, "", "", false},
|
||||
{"bad url", nil, "AUTHENTICATE_SERVICE_URL", "%.ugly", true},
|
||||
{"good duration", defaultOptions, "COOKIE_REFRESH", "1m", false},
|
||||
{"bad duration", nil, "COOKIE_REFRESH", "1sm", true},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
if tt.envKey != "" {
|
||||
os.Setenv(tt.envKey, tt.envValue)
|
||||
defer os.Unsetenv(tt.envKey)
|
||||
}
|
||||
got, err := OptionsFromEnvConfig()
|
||||
if (err != nil) != tt.wantErr {
|
||||
t.Errorf("OptionsFromEnvConfig() error = %v, wantErr %v", err, tt.wantErr)
|
||||
return
|
||||
}
|
||||
if !reflect.DeepEqual(got, tt.want) {
|
||||
t.Errorf("OptionsFromEnvConfig() = %v, want %v", got, tt.want)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestNewReverseProxy(t *testing.T) {
|
||||
backend := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.WriteHeader(http.StatusOK)
|
||||
|
|
@ -88,7 +55,7 @@ func TestNewReverseProxyHandler(t *testing.T) {
|
|||
backendHost := net.JoinHostPort(backendHostname, backendPort)
|
||||
proxyURL, _ := url.Parse(backendURL.Scheme + "://" + backendHost + "/")
|
||||
proxyHandler := NewReverseProxy(proxyURL)
|
||||
opts := defaultOptions
|
||||
opts := config.NewOptions()
|
||||
opts.SigningKey = "LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU0zbXBaSVdYQ1g5eUVneFU2czU3Q2J0YlVOREJTQ0VBdFFGNWZVV0hwY1FvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFaFBRditMQUNQVk5tQlRLMHhTVHpicEVQa1JyazFlVXQxQk9hMzJTRWZVUHpOaTRJV2VaLwpLS0lUdDJxMUlxcFYyS01TYlZEeXI5aWp2L1hoOThpeUV3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo="
|
||||
route, err := policy.FromConfig([]byte(`[{"from":"corp.example.com","to":"example.com","timeout":"1s"}]`))
|
||||
if err != nil {
|
||||
|
|
@ -112,22 +79,23 @@ func TestNewReverseProxyHandler(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func testOptions() *Options {
|
||||
func testOptions() *config.Options {
|
||||
authenticateService, _ := url.Parse("https://authenticate.corp.beyondperimeter.com")
|
||||
authorizeService, _ := url.Parse("https://authorize.corp.beyondperimeter.com")
|
||||
configBlob := `[{"from":"corp.example.com","to":"example.com"}]` //valid yaml
|
||||
configBlob := `[{"from":"corp.example.notatld","to":"example.notatld"}]` //valid yaml
|
||||
policy := base64.URLEncoding.EncodeToString([]byte(configBlob))
|
||||
return &Options{
|
||||
Policy: policy,
|
||||
AuthenticateURL: authenticateService,
|
||||
AuthorizeURL: authorizeService,
|
||||
SharedKey: "80ldlrU2d7w+wVpKNfevk6fmb8otEx6CqOfshj2LwhQ=",
|
||||
CookieSecret: "OromP1gurwGWjQPYb1nNgSxtbVB5NnLzX6z5WOKr0Yw=",
|
||||
CookieName: "pomerium",
|
||||
}
|
||||
|
||||
opts := config.NewOptions()
|
||||
opts.Policy = policy
|
||||
opts.AuthenticateURL = authenticateService
|
||||
opts.AuthorizeURL = authorizeService
|
||||
opts.SharedKey = "80ldlrU2d7w+wVpKNfevk6fmb8otEx6CqOfshj2LwhQ="
|
||||
opts.CookieSecret = "OromP1gurwGWjQPYb1nNgSxtbVB5NnLzX6z5WOKr0Yw="
|
||||
opts.ProxyCookieName = "pomerium"
|
||||
return opts
|
||||
}
|
||||
|
||||
func testOptionsWithCORS() *Options {
|
||||
func testOptionsWithCORS() *config.Options {
|
||||
configBlob := `[{"from":"corp.example.com","to":"example.com","cors_allow_preflight":true}]` //valid yaml
|
||||
opts := testOptions()
|
||||
opts.Policy = base64.URLEncoding.EncodeToString([]byte(configBlob))
|
||||
|
|
@ -168,11 +136,11 @@ func TestOptions_Validate(t *testing.T) {
|
|||
|
||||
tests := []struct {
|
||||
name string
|
||||
o *Options
|
||||
o *config.Options
|
||||
wantErr bool
|
||||
}{
|
||||
{"good - minimum options", good, false},
|
||||
{"nil options", &Options{}, true},
|
||||
{"nil options", &config.Options{}, true},
|
||||
{"from route", badFromRoute, true},
|
||||
{"to route", badToRoute, true},
|
||||
{"authenticate service url", badAuthURL, true},
|
||||
|
|
@ -191,7 +159,7 @@ func TestOptions_Validate(t *testing.T) {
|
|||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
o := tt.o
|
||||
if err := o.Validate(); (err != nil) != tt.wantErr {
|
||||
if err := ValidateOptions(o); (err != nil) != tt.wantErr {
|
||||
t.Errorf("Options.Validate() error = %v, wantErr %v", err, tt.wantErr)
|
||||
}
|
||||
})
|
||||
|
|
@ -207,13 +175,13 @@ func TestNew(t *testing.T) {
|
|||
badRoutedProxy.SigningKey = "YmFkIGtleQo="
|
||||
tests := []struct {
|
||||
name string
|
||||
opts *Options
|
||||
opts *config.Options
|
||||
wantProxy bool
|
||||
numRoutes int
|
||||
wantErr bool
|
||||
}{
|
||||
{"good", good, true, 1, false},
|
||||
{"empty options", &Options{}, false, 0, true},
|
||||
{"empty options", &config.Options{}, false, 0, true},
|
||||
{"nil options", nil, false, 0, true},
|
||||
{"short secret/validate sanity check", shortCookieLength, false, 0, true},
|
||||
{"invalid ec key, valid base64 though", badRoutedProxy, false, 0, true},
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue