bug: Accept either paths or strings containing the cert for APNS (#241)

* bug: Accept either paths or strings containing the cert for APNS Closes: #240 * bug: allow APNS env credentials to include serialized keys Closes #240 * f fix settings comment
mozilla-services · Dec 2, 2020 · b3dd8a3 · b3dd8a3
1 parent 0f168c9
commit b3dd8a3
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 21 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/autoendpoint/Cargo.toml b/autoendpoint/Cargo.toml
@@ -36,7 +36,7 @@ reqwest = "0.10.6"
 rusoto_core = "0.45.0"
 rusoto_dynamodb = "0.45.0"
 # Using debug-logs avoids https://github.com/getsentry/sentry-rust/issues/237
-sentry = { version = "0.21", features = ["debug-logs"] }
+sentry = { version = "0.20", features = ["debug-logs"] }
 serde = { version = "1.0", features = ["derive"] }
 serde_dynamodb = "0.6"
 serde_json = "1.0"

diff --git a/autoendpoint/src/routers/apns/router.rs b/autoendpoint/src/routers/apns/router.rs
@@ -82,8 +82,16 @@ impl ApnsRouter {
         } else {
             Endpoint::Production
         };
-        let cert = tokio::fs::read(settings.cert).await?;
-        let key = tokio::fs::read(settings.key).await?;
+        let cert = if !settings.cert.starts_with('-') {
+            tokio::fs::read(settings.cert).await?
+        } else {
+            settings.cert.as_bytes().to_vec()
+        };
+        let key = if !settings.key.starts_with('-') {
+            tokio::fs::read(settings.key).await?
+        } else {
+            settings.key.as_bytes().to_vec()
+        };
         let client = ApnsClientData {
             client: Box::new(
                 a2::Client::certificate_parts(&cert, &key, endpoint)

diff --git a/autoendpoint/src/routers/apns/settings.rs b/autoendpoint/src/routers/apns/settings.rs
@@ -1,5 +1,4 @@
 use std::collections::HashMap;
-use std::path::PathBuf;
 
 /// Settings for `ApnsRouter`
 #[derive(Clone, Debug, serde::Deserialize)]
@@ -18,8 +17,11 @@ pub struct ApnsSettings {
 #[serde(default)]
 #[serde(deny_unknown_fields)]
 pub struct ApnsChannel {
-    pub cert: PathBuf,
-    pub key: PathBuf,
+    /// the cert and key are either paths
+    /// or an inline value that starts with "-"
+    /// e.g. `-----BEGIN PRIVATE KEY-----\n`
+    pub cert: String,
+    pub key: String,
     pub topic: Option<String>,
     pub sandbox: bool,
 }

diff --git a/autoendpoint/src/settings.rs b/autoendpoint/src/settings.rs
@@ -68,7 +68,9 @@ impl Settings {
         }
 
         // Merge the environment overrides
-        config.merge(Environment::with_prefix(ENV_PREFIX))?;
+        // Note: Specify the separator here so that the shell can properly pass args
+        // down to the sub structures.
+        config.merge(Environment::with_prefix(ENV_PREFIX).separator("__"))?;
 
         config.try_into::<Self>().map_err(|error| match error {
             // Configuration errors are not very sysop friendly, Try to make them