Skip to content

Commit

Permalink
cmd: Streamlines https configuration variables (#124)
Browse files Browse the repository at this point in the history
Closes  #121

Signed-off-by: Frederic BIDON <[email protected]>
  • Loading branch information
fredbi authored and aeneasr committed Oct 11, 2018
1 parent 26fdda1 commit 9f6f815
Show file tree
Hide file tree
Showing 4 changed files with 63 additions and 56 deletions.
7 changes: 7 additions & 0 deletions UPGRADE.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,13 @@ before finalizing the upgrade process.

<!-- END doctoc generated TOC please keep comment here to allow auto update -->

## master

### Refresh Configuration

Environment variables `HTTP_TLS_xxx` are now called
`HTTPS_TLS_xxx`.

## 1.0.0-beta.9

### Refresh Configuration
Expand Down
4 changes: 2 additions & 2 deletions cmd/helper_messages.go
Original file line number Diff line number Diff line change
Expand Up @@ -182,10 +182,10 @@ NOTE: configure TLS params consistently both as PATH or as string. If no TLS pai
- HTTPS_TLS_KEY_PATH: The path to the TLS private key (pem encoded).
Example: HTTPS_TLS_KEY_PATH=~/key.pem
- HTTP_TLS_CERT: Base64 encoded (without padding) string of the TLS certificate (PEM encoded) to be used for HTTP over TLS (HTTPS).
- HTTPS_TLS_CERT: Base64 encoded (without padding) string of the TLS certificate (PEM encoded) to be used for HTTP over TLS (HTTPS).
Example: HTTPS_TLS_CERT="-----BEGIN CERTIFICATE-----\nMIIDZTCCAk2gAwIBAgIEV5xOtDANBgkqhkiG9w0BAQ0FADA0MTIwMAYDVQQDDClP..."
- HTTP_TLS_KEY: Base64 encoded (without padding) string of the private key (PEM encoded) to be used for HTTP over TLS (HTTPS).
- HTTPS_TLS_KEY: Base64 encoded (without padding) string of the private key (PEM encoded) to be used for HTTP over TLS (HTTPS).
Example: HTTPS_TLS_KEY="-----BEGIN ENCRYPTED PRIVATE KEY-----\nMIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDg..."
`

Expand Down
4 changes: 2 additions & 2 deletions cmd/helper_server.go
Original file line number Diff line number Diff line change
Expand Up @@ -277,8 +277,8 @@ func handlerFactories(keyManager rsakey.Manager) ([]proxy.Authenticator, []proxy
}

func getTLSCertAndKey() (*tls.Certificate, error) {
certString, keyString := viper.GetString("HTTP_TLS_CERT"), viper.GetString("HTTP_TLS_KEY")
certPath, keyPath := viper.GetString("HTTP_TLS_CERT_PATH"), viper.GetString("HTTP_TLS_KEY_PATH")
certString, keyString := viper.GetString("HTTPS_TLS_CERT"), viper.GetString("HTTPS_TLS_KEY")
certPath, keyPath := viper.GetString("HTTPS_TLS_CERT_PATH"), viper.GetString("HTTPS_TLS_KEY_PATH")

if certString == "" && keyString == "" && certPath == "" && keyPath == "" {
// serve http
Expand Down
104 changes: 52 additions & 52 deletions cmd/helper_server_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -127,119 +127,119 @@ RHMZNMoDTRhmhQhj8M7N+FMtZAUOMddZ/1cvREtFW7+66w+XZvj9CQ/uectp/qb+
defer func() {
_ = os.Remove(tmpCert)
_ = os.Remove(tmpKey)
os.Setenv("HTTP_TLS_KEY_PATH", "")
os.Setenv("HTTP_TLS_CERT_PATH", "")
os.Setenv("HTTP_TLS_KEY", "")
os.Setenv("HTTP_TLS_CERT", "")
os.Setenv("HTTPS_TLS_KEY_PATH", "")
os.Setenv("HTTPS_TLS_CERT_PATH", "")
os.Setenv("HTTPS_TLS_KEY", "")
os.Setenv("HTTPS_TLS_CERT", "")
}()
_ = ioutil.WriteFile(tmpCert, []byte(certFileContent), 0600)
_ = ioutil.WriteFile(tmpKey, []byte(keyFileContent), 0600)
initConfig()

// 1. no TLS
os.Setenv("HTTP_TLS_KEY_PATH", "")
os.Setenv("HTTP_TLS_CERT_PATH", "")
os.Setenv("HTTP_TLS_KEY", "")
os.Setenv("HTTP_TLS_CERT", "")
os.Setenv("HTTPS_TLS_KEY_PATH", "")
os.Setenv("HTTPS_TLS_CERT_PATH", "")
os.Setenv("HTTPS_TLS_KEY", "")
os.Setenv("HTTPS_TLS_CERT", "")
cert, err := getTLSCertAndKey()
assert.Nil(t, cert)
assert.NoError(t, err)

// 2. inconsistent TLS (i): warning only
os.Setenv("HTTP_TLS_KEY_PATH", "x")
os.Setenv("HTTP_TLS_CERT_PATH", "")
os.Setenv("HTTP_TLS_KEY", "")
os.Setenv("HTTP_TLS_CERT", "")
os.Setenv("HTTPS_TLS_KEY_PATH", "x")
os.Setenv("HTTPS_TLS_CERT_PATH", "")
os.Setenv("HTTPS_TLS_KEY", "")
os.Setenv("HTTPS_TLS_CERT", "")
cert, err = getTLSCertAndKey()
assert.Nil(t, cert)
assert.NoError(t, err)

// 2. inconsistent TLS (ii): warning only
os.Setenv("HTTP_TLS_KEY_PATH", "")
os.Setenv("HTTP_TLS_CERT_PATH", "")
os.Setenv("HTTP_TLS_KEY", "")
os.Setenv("HTTP_TLS_CERT", "x")
os.Setenv("HTTPS_TLS_KEY_PATH", "")
os.Setenv("HTTPS_TLS_CERT_PATH", "")
os.Setenv("HTTPS_TLS_KEY", "")
os.Setenv("HTTPS_TLS_CERT", "x")
cert, err = getTLSCertAndKey()
assert.Nil(t, cert)
assert.NoError(t, err)

// 3. invalid TLS file
os.Setenv("HTTP_TLS_KEY_PATH", "x")
os.Setenv("HTTP_TLS_CERT_PATH", tmpCert)
os.Setenv("HTTP_TLS_KEY", "")
os.Setenv("HTTP_TLS_CERT", "")
os.Setenv("HTTPS_TLS_KEY_PATH", "x")
os.Setenv("HTTPS_TLS_CERT_PATH", tmpCert)
os.Setenv("HTTPS_TLS_KEY", "")
os.Setenv("HTTPS_TLS_CERT", "")
cert, err = getTLSCertAndKey()
assert.Nil(t, cert)
assert.Error(t, err)

// 4. invalid TLS string (i)
os.Setenv("HTTP_TLS_KEY_PATH", "")
os.Setenv("HTTP_TLS_CERT_PATH", "")
os.Setenv("HTTP_TLS_KEY", "{}")
os.Setenv("HTTP_TLS_CERT", certFixture)
os.Setenv("HTTPS_TLS_KEY_PATH", "")
os.Setenv("HTTPS_TLS_CERT_PATH", "")
os.Setenv("HTTPS_TLS_KEY", "{}")
os.Setenv("HTTPS_TLS_CERT", certFixture)
cert, err = getTLSCertAndKey()
assert.Nil(t, cert)
assert.Error(t, err)

// 4. invalid TLS string (ii)
os.Setenv("HTTP_TLS_KEY_PATH", "")
os.Setenv("HTTP_TLS_CERT_PATH", "")
os.Setenv("HTTP_TLS_KEY", keyFixture)
os.Setenv("HTTP_TLS_CERT", "{}")
os.Setenv("HTTPS_TLS_KEY_PATH", "")
os.Setenv("HTTPS_TLS_CERT_PATH", "")
os.Setenv("HTTPS_TLS_KEY", keyFixture)
os.Setenv("HTTPS_TLS_CERT", "{}")
cert, err = getTLSCertAndKey()
assert.Nil(t, cert)
assert.Error(t, err)

// 5. valid TLS files
os.Setenv("HTTP_TLS_KEY_PATH", tmpKey)
os.Setenv("HTTP_TLS_CERT_PATH", tmpCert)
os.Setenv("HTTP_TLS_KEY", "")
os.Setenv("HTTP_TLS_CERT", "")
os.Setenv("HTTPS_TLS_KEY_PATH", tmpKey)
os.Setenv("HTTPS_TLS_CERT_PATH", tmpCert)
os.Setenv("HTTPS_TLS_KEY", "")
os.Setenv("HTTPS_TLS_CERT", "")
cert, err = getTLSCertAndKey()
assert.NotNil(t, cert)
assert.NoError(t, err)

// 6. valid TLS strings
os.Setenv("HTTP_TLS_KEY_PATH", "")
os.Setenv("HTTP_TLS_CERT_PATH", "")
os.Setenv("HTTP_TLS_KEY", keyFixture)
os.Setenv("HTTP_TLS_CERT", certFixture)
os.Setenv("HTTPS_TLS_KEY_PATH", "")
os.Setenv("HTTPS_TLS_CERT_PATH", "")
os.Setenv("HTTPS_TLS_KEY", keyFixture)
os.Setenv("HTTPS_TLS_CERT", certFixture)
cert, err = getTLSCertAndKey()
assert.NotNil(t, cert)
assert.NoError(t, err)

// 7. invalid TLS file content
os.Setenv("HTTP_TLS_KEY_PATH", keyFixture)
os.Setenv("HTTP_TLS_CERT_PATH", certFixture)
os.Setenv("HTTP_TLS_KEY", "")
os.Setenv("HTTP_TLS_CERT", "")
os.Setenv("HTTPS_TLS_KEY_PATH", keyFixture)
os.Setenv("HTTPS_TLS_CERT_PATH", certFixture)
os.Setenv("HTTPS_TLS_KEY", "")
os.Setenv("HTTPS_TLS_CERT", "")
cert, err = getTLSCertAndKey()
assert.Nil(t, cert)
assert.Error(t, err)

// 8. invalid TLS string content
os.Setenv("HTTP_TLS_KEY_PATH", "")
os.Setenv("HTTP_TLS_CERT_PATH", "")
os.Setenv("HTTP_TLS_KEY", keyFileContent)
os.Setenv("HTTP_TLS_CERT", certFileContent)
os.Setenv("HTTPS_TLS_KEY_PATH", "")
os.Setenv("HTTPS_TLS_CERT_PATH", "")
os.Setenv("HTTPS_TLS_KEY", keyFileContent)
os.Setenv("HTTPS_TLS_CERT", certFileContent)
cert, err = getTLSCertAndKey()
assert.Nil(t, cert)
assert.Error(t, err)

// 9. mismatched TLS file content
os.Setenv("HTTP_TLS_KEY_PATH", certFileContent)
os.Setenv("HTTP_TLS_CERT_PATH", keyFileContent)
os.Setenv("HTTP_TLS_KEY", "")
os.Setenv("HTTP_TLS_CERT", "")
os.Setenv("HTTPS_TLS_KEY_PATH", certFileContent)
os.Setenv("HTTPS_TLS_CERT_PATH", keyFileContent)
os.Setenv("HTTPS_TLS_KEY", "")
os.Setenv("HTTPS_TLS_CERT", "")
cert, err = getTLSCertAndKey()
assert.Nil(t, cert)
assert.Error(t, err)

// 10. mismatched TLS string content
os.Setenv("HTTP_TLS_KEY_PATH", "")
os.Setenv("HTTP_TLS_CERT_PATH", "")
os.Setenv("HTTP_TLS_KEY", certFixture)
os.Setenv("HTTP_TLS_CERT", keyFixture)
os.Setenv("HTTPS_TLS_KEY_PATH", "")
os.Setenv("HTTPS_TLS_CERT_PATH", "")
os.Setenv("HTTPS_TLS_KEY", certFixture)
os.Setenv("HTTPS_TLS_CERT", keyFixture)
cert, err = getTLSCertAndKey()
assert.Nil(t, cert)
assert.Error(t, err)
Expand Down

0 comments on commit 9f6f815

Please sign in to comment.