mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-30 10:56:28 +02:00
de603f87de
* Add new configurable bootstrap writers (#2405) This PR adds the ability to configure different backends to use for storing modifications to the zero bootstrap config. The two currently implemented backends allow writing changes to a file or to a Kubernetes secret. Backend selection is determined by the scheme in a URI passed to the flag '--config-writeback-uri'. In a Kubernetes environment, where the bootstrap config is mounted into the pod from a secret, this option allows Pomerium to write changes back to the secret, as writes to the mounted secret file on disk are not persisted. * Use env vars for bootstrap config filepath/writeback uri * linter pass and code cleanup * Add new config writer options mechanism This moves the encryption cipher parameter out of the WriteConfig() method in the ConfigWriter interface and into a new ConfigWriterOptions struct. Options (e.g. cipher) can be applied to an existing ConfigWriter to allow customizing implementation-specific behavior. * Code cleanup/lint fixes * Move vendored k8s code into separate package, and add license header and package comment
68 lines
1.7 KiB
Go
68 lines
1.7 KiB
Go
package bootstrap_test
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/pomerium/pomerium/config"
|
|
"github.com/pomerium/pomerium/internal/zero/bootstrap"
|
|
cluster_api "github.com/pomerium/pomerium/pkg/zero/cluster"
|
|
)
|
|
|
|
func TestConfigChanges(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
secret := []byte("secret")
|
|
|
|
src, err := bootstrap.New(secret, nil, nil, nil)
|
|
require.NoError(t, err)
|
|
|
|
ptr := func(s string) *string { return &s }
|
|
|
|
var listenerCalled bool
|
|
src.OnConfigChange(nil, func(_ context.Context, _ *config.Config) {
|
|
listenerCalled = true
|
|
})
|
|
|
|
for i, tc := range []struct {
|
|
bootstrap cluster_api.BootstrapConfig
|
|
expectChanged bool
|
|
expectDatabrokerType string
|
|
expectDatabrokerConnectionString string
|
|
}{
|
|
{
|
|
cluster_api.BootstrapConfig{},
|
|
false,
|
|
config.StorageInMemoryName,
|
|
"",
|
|
},
|
|
{
|
|
cluster_api.BootstrapConfig{
|
|
DatabrokerStorageConnection: ptr("postgres://"),
|
|
},
|
|
true,
|
|
config.StoragePostgresName,
|
|
"postgres://",
|
|
},
|
|
{
|
|
cluster_api.BootstrapConfig{},
|
|
true,
|
|
config.StorageInMemoryName,
|
|
"",
|
|
},
|
|
} {
|
|
t.Run(fmt.Sprintf("test-%d", i), func(t *testing.T) {
|
|
listenerCalled = false
|
|
changed := src.UpdateBootstrap(context.Background(), tc.bootstrap)
|
|
cfg := src.GetConfig()
|
|
assert.Equal(t, tc.expectChanged, changed, "changed")
|
|
assert.Equal(t, tc.expectChanged, listenerCalled, "listenerCalled")
|
|
assert.Equal(t, tc.expectDatabrokerType, cfg.Options.DataBrokerStorageType, "databroker type")
|
|
assert.Equal(t, tc.expectDatabrokerConnectionString, cfg.Options.DataBrokerStorageConnectionString, "databroker connection string")
|
|
})
|
|
}
|
|
}
|