config: require shared key if using redis backed databroker (#1801)

2025-08-02 00:10:45 +02:00 · 2021-01-22 16:28:18 -05:00 · 2021-01-22 16:28:18 -05:00 · f946d940f5
commit f946d940f5
parent d4037f0010
2 changed files with 7 additions and 1 deletions
--- a/config/options.go
+++ b/config/options.go
@ -496,7 +496,7 @@ func (o *Options) Validate() error {

 	if IsAll(o.Services) {
 		// mutual auth between services on the same host can be generated at runtime
-		if o.SharedKey == "" {
+		if o.SharedKey == "" && o.DataBrokerStorageType == StorageInMemoryName {
 			o.SharedKey = cryptutil.NewBase64Key()
 		}
 		// in all in one mode we are running just over the local socket
--- a/config/options_test.go
+++ b/config/options_test.go
@ -47,6 +47,11 @@ func Test_Validate(t *testing.T) {
 	badSignoutRedirectURL := testOptions()
 	badSignoutRedirectURL.SignOutRedirectURLString = "--"

+	missingSharedSecretWithPersistence := testOptions()
+	missingSharedSecretWithPersistence.SharedKey = ""
+	missingSharedSecretWithPersistence.DataBrokerStorageType = StorageRedisName
+	missingSharedSecretWithPersistence.DataBrokerStorageConnectionString = "redis://somehost:6379"
+
 	tests := []struct {
 		name     string
 		testOpts *Options
@ -60,6 +65,7 @@ func Test_Validate(t *testing.T) {
 		{"invalid databroker storage type", invalidStorageType, true},
 		{"missing databroker storage dsn", missingStorageDSN, true},
 		{"invalid signout redirect url", badSignoutRedirectURL, true},
+		{"no shared key with databroker persistence", missingSharedSecretWithPersistence, true},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {