Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Packager config mods #338

Merged
merged 3 commits into from
Aug 21, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 26 additions & 6 deletions packager/util/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,13 +24,22 @@ import (
)

type Config struct {
LocalOnly bool
Port int
CertFile string // This must be the full certificate chain.
KeyFile string // Just for the first cert, obviously.
OCSPCache string
LocalOnly bool
Port int
CertFile string // This must be the full certificate chain.
KeyFile string // Just for the first cert, obviously.

// When set, both CertFile and NewCertFile will be read/write. CertFile and
// NewCertFile will be set when both are valid and that once CertFile becomes
// invalid, NewCertFile will replace it (CertFile = NewCertFile) and NewCertFile
// will be set to empty. This will also apply to disk copies as well (which
// we may require to be some sort of shared filesystem, if multiple replicas of
// ammpackager are running).
NewCertFile string // The new full certificate chain replacing the expired one.
twifkak marked this conversation as resolved.
Show resolved Hide resolved
OCSPCache string
ForwardedRequestHeaders []string
URLSet []URLSet
URLSet []URLSet
ACMEConfig *ACMEConfig
}

type URLSet struct {
Expand All @@ -50,6 +59,17 @@ type URLPattern struct {
SamePath *bool
}

type ACMEConfig struct {
Production *ACMEServerConfig
Development *ACMEServerConfig
}

type ACMEServerConfig struct {
DiscoURL string // ACME Directory Resource URL
AccountURL string // ACME Account URL. If non-empty, we
// will auto-renew cert via ACME.
}

// TODO(twifkak): Extract default values into a function separate from the one
// that does the parsing and validation. This would make signer_test and
// validation_test less brittle.
Expand Down
71 changes: 71 additions & 0 deletions packager/util/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,77 @@ func TestInvalidQueryRE(t *testing.T) {
`))), "QueryRE must be a valid regexp")
}

func TestOptionalNewCert(t *testing.T) {
config, err := ReadConfig([]byte(`
CertFile = "cert.pem"
KeyFile = "key.pem"
NewCertFile = "newcert.pem"
OCSPCache = "/tmp/ocsp"
[[URLSet]]
[URLSet.Sign]
Domain = "example.com"
`))
require.NoError(t, err)
assert.Equal(t, Config{
Port: 8080,
CertFile: "cert.pem",
KeyFile: "key.pem",
NewCertFile: "newcert.pem",
OCSPCache: "/tmp/ocsp",
URLSet: []URLSet{{
Sign: &URLPattern{
Domain: "example.com",
PathRE: stringPtr(".*"),
QueryRE: stringPtr(""),
MaxLength: 2000,
},
}},
}, *config)
}

func TestOptionalACMEConfig(t *testing.T) {
config, err := ReadConfig([]byte(`
CertFile = "cert.pem"
KeyFile = "key.pem"
OCSPCache = "/tmp/ocsp"
[[URLSet]]
[URLSet.Sign]
Domain = "example.com"
[ACMEConfig]
[ACMEConfig.Production]
DiscoURL = "prod.disco.url"
AccountURL = "prod.account.url"
[ACMEConfig.Development]
DiscoURL = "dev.disco.url"
AccountURL = "dev.account.url"
`))
require.NoError(t, err)
assert.Equal(t, Config{
Port: 8080,
CertFile: "cert.pem",
KeyFile: "key.pem",
OCSPCache: "/tmp/ocsp",
ACMEConfig: &ACMEConfig{
Production: &ACMEServerConfig{
DiscoURL: "prod.disco.url",
AccountURL: "prod.account.url",
},
Development: &ACMEServerConfig{
DiscoURL: "dev.disco.url",
AccountURL: "dev.account.url",
},
},
URLSet: []URLSet{{
Sign: &URLPattern{
Domain: "example.com",
PathRE: stringPtr(".*"),
QueryRE: stringPtr(""),
MaxLength: 2000,
},
}},
}, *config)
}

func TestSignMissing(t *testing.T) {
msg := errorFrom(ReadConfig([]byte(`
CertFile = "cert.pem"
Expand Down