mirror of
https://github.com/pomerium/pomerium.git
synced 2025-08-04 01:09:36 +02:00
Switch options parsing to viper
This commit is contained in:
Travis Groth
parent
702cc30b77
commit
febf9464a4
18 changed files with 798 additions and 326 deletions
|
|
@ -20,25 +20,10 @@ func ValidateOptions(o *config.Options) error {
|
|||
if len(decoded) != 32 {
|
||||
return fmt.Errorf("authorize: `SHARED_SECRET` want 32 but got %d bytes", len(decoded))
|
||||
}
|
||||
if o.Policy == "" && o.PolicyFile == "" {
|
||||
return errors.New("authorize: either `POLICY` or `POLICY_FILE` must be non-nil")
|
||||
}
|
||||
if o.Policy != "" {
|
||||
confBytes, err := base64.StdEncoding.DecodeString(o.Policy)
|
||||
if err != nil {
|
||||
return fmt.Errorf("authorize: `POLICY` is invalid base64 %v", err)
|
||||
}
|
||||
_, err = policy.FromConfig(confBytes)
|
||||
if err != nil {
|
||||
return fmt.Errorf("authorize: `POLICY` %v", err)
|
||||
}
|
||||
}
|
||||
if o.PolicyFile != "" {
|
||||
_, err = policy.FromConfigFile(o.PolicyFile)
|
||||
if err != nil {
|
||||
return fmt.Errorf("authorize: `POLICY_FILE` %v", err)
|
||||
}
|
||||
if len(o.Policies) == 0 {
|
||||
return errors.New("missing setting: no policies defined")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
@ -61,17 +46,10 @@ func New(opts *config.Options) (*Authorize, error) {
|
|||
}
|
||||
// errors handled by validate
|
||||
sharedKey, _ := base64.StdEncoding.DecodeString(opts.SharedKey)
|
||||
var policies []policy.Policy
|
||||
if opts.Policy != "" {
|
||||
confBytes, _ := base64.StdEncoding.DecodeString(opts.Policy)
|
||||
policies, _ = policy.FromConfig(confBytes)
|
||||
} else {
|
||||
policies, _ = policy.FromConfigFile(opts.PolicyFile)
|
||||
}
|
||||
|
||||
return &Authorize{
|
||||
SharedKey: string(sharedKey),
|
||||
identityAccess: NewIdentityWhitelist(policies),
|
||||
identityAccess: NewIdentityWhitelist(opts.Policies),
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,52 +1,36 @@
|
|||
package authorize
|
||||
|
||||
import (
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"os"
|
||||
"testing"
|
||||
|
||||
"github.com/pomerium/pomerium/internal/config"
|
||||
"github.com/pomerium/pomerium/internal/policy"
|
||||
)
|
||||
|
||||
func TestNew(t *testing.T) {
|
||||
t.Parallel()
|
||||
content := []byte(`[{"from": "pomerium.io","to":"httpbin.org"}]`)
|
||||
tmpfile, err := ioutil.TempFile("", "example")
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
defer os.Remove(tmpfile.Name()) // clean up
|
||||
|
||||
if _, err := tmpfile.Write(content); err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
if err := tmpfile.Close(); err != nil {
|
||||
log.Fatal(err)
|
||||
goodPolicy := policy.Policy{From: "pomerium.io", To: "httpbin.org"}
|
||||
goodPolicy.Validate()
|
||||
policies := []policy.Policy{
|
||||
goodPolicy,
|
||||
}
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
SharedKey string
|
||||
Policy string
|
||||
PolicyFile string
|
||||
wantErr bool
|
||||
name string
|
||||
SharedKey string
|
||||
Policies []policy.Policy
|
||||
wantErr bool
|
||||
}{
|
||||
{"good", "gXK6ggrlIW2HyKyUF9rUO4azrDgxhDPWqw9y+lJU7B8=", "WwogIHsKICAgICJyb3V0ZXMiOiAiaHR0cDovL3BvbWVyaXVtLmlvIgogIH0KXQ==", "", false},
|
||||
{"bad shared secret", "AZA85podM73CjLCjViDNz1EUvvejKpWp7Hysr0knXA==", "WwogIHsKICAgICJyb3V0ZXMiOiAiaHR0cDovL3BvbWVyaXVtLmlvIgogIH0KXQ==", "", true},
|
||||
{"really bad shared secret", "sup", "WwogIHsKICAgICJyb3V0ZXMiOiAiaHR0cDovL3BvbWVyaXVtLmlvIgogIH0KXQ==", "", true},
|
||||
{"bad base64 policy", "gXK6ggrlIW2HyKyUF9rUO4azrDgxhDPWqw9y+lJU7B8=", "WwogIHsKICAgICJyb3V0ZXMiOiAiaHR0cDovL3BvbWVyaXVtLmlvIgogIH0KXQ^=", "", true},
|
||||
{"bad json", "gXK6ggrlIW2HyKyUF9rUO4azrDgxhDPWqw9y+lJU7B8=", "e30=", "", true},
|
||||
{"no policies", "gXK6ggrlIW2HyKyUF9rUO4azrDgxhDPWqw9y+lJU7B8=", "", "", true},
|
||||
{"good policy file", "gXK6ggrlIW2HyKyUF9rUO4azrDgxhDPWqw9y+lJU7B8=", "", "./testdata/basic.json", true},
|
||||
{"bad policy file, directory", "gXK6ggrlIW2HyKyUF9rUO4azrDgxhDPWqw9y+lJU7B8=", "", "./testdata/", true},
|
||||
{"good policy", "gXK6ggrlIW2HyKyUF9rUO4azrDgxhDPWqw9y+lJU7B8=", "WwogIHsKICAgICJyb3V0ZXMiOiAiaHR0cDovL3BvbWVyaXVtLmlvIgogIH0KXQ==", "", false},
|
||||
{"good file", "gXK6ggrlIW2HyKyUF9rUO4azrDgxhDPWqw9y+lJU7B8=", "", tmpfile.Name(), false},
|
||||
{"validation error, short secret", "AZA85podM73CjLCjViDNz1EUvvejKpWp7Hysr0knXA==", "", "", true},
|
||||
{"nil options", "", "", "", true}, // special case
|
||||
{"good", "gXK6ggrlIW2HyKyUF9rUO4azrDgxhDPWqw9y+lJU7B8=", policies, false},
|
||||
{"bad shared secret", "AZA85podM73CjLCjViDNz1EUvvejKpWp7Hysr0knXA==", policies, true},
|
||||
{"really bad shared secret", "sup", policies, true},
|
||||
{"validation error, short secret", "AZA85podM73CjLCjViDNz1EUvvejKpWp7Hysr0knXA==", policies, true},
|
||||
{"nil options", "", []policy.Policy{}, true}, // special case
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
o := &config.Options{SharedKey: tt.SharedKey, Policy: tt.Policy, PolicyFile: tt.PolicyFile}
|
||||
o := &config.Options{SharedKey: tt.SharedKey, Policies: tt.Policies}
|
||||
if tt.name == "nil options" {
|
||||
o = nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue