cmd: Streamlines https configuration variables (#124)

Closes #121 Signed-off-by: Frederic BIDON <frederic@oneconcern.com>
ory · Oct 11, 2018 · 9f6f815 · 9f6f815
1 parent 26fdda1
commit 9f6f815
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 56 deletions.
diff --git a/UPGRADE.md b/UPGRADE.md
@@ -16,6 +16,13 @@ before finalizing the upgrade process.
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 
+## master
+
+### Refresh Configuration
+
+Environment variables `HTTP_TLS_xxx` are now called
+`HTTPS_TLS_xxx`.
+
 ## 1.0.0-beta.9
 
 ### Refresh Configuration

diff --git a/cmd/helper_messages.go b/cmd/helper_messages.go
@@ -182,10 +182,10 @@ NOTE: configure TLS params consistently both as PATH or as string. If no TLS pai
 - HTTPS_TLS_KEY_PATH: The path to the TLS private key (pem encoded).
 	Example: HTTPS_TLS_KEY_PATH=~/key.pem
 
-- HTTP_TLS_CERT: Base64 encoded (without padding) string of the TLS certificate (PEM encoded) to be used for HTTP over TLS (HTTPS).
+- HTTPS_TLS_CERT: Base64 encoded (without padding) string of the TLS certificate (PEM encoded) to be used for HTTP over TLS (HTTPS).
 	Example: HTTPS_TLS_CERT="-----BEGIN CERTIFICATE-----\nMIIDZTCCAk2gAwIBAgIEV5xOtDANBgkqhkiG9w0BAQ0FADA0MTIwMAYDVQQDDClP..."
 
-- HTTP_TLS_KEY: Base64 encoded (without padding) string of the private key (PEM encoded) to be used for HTTP over TLS (HTTPS).
+- HTTPS_TLS_KEY: Base64 encoded (without padding) string of the private key (PEM encoded) to be used for HTTP over TLS (HTTPS).
 	Example: HTTPS_TLS_KEY="-----BEGIN ENCRYPTED PRIVATE KEY-----\nMIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDg..."
 `
 

diff --git a/cmd/helper_server.go b/cmd/helper_server.go
@@ -277,8 +277,8 @@ func handlerFactories(keyManager rsakey.Manager) ([]proxy.Authenticator, []proxy
 }
 
 func getTLSCertAndKey() (*tls.Certificate, error) {
-	certString, keyString := viper.GetString("HTTP_TLS_CERT"), viper.GetString("HTTP_TLS_KEY")
-	certPath, keyPath := viper.GetString("HTTP_TLS_CERT_PATH"), viper.GetString("HTTP_TLS_KEY_PATH")
+	certString, keyString := viper.GetString("HTTPS_TLS_CERT"), viper.GetString("HTTPS_TLS_KEY")
+	certPath, keyPath := viper.GetString("HTTPS_TLS_CERT_PATH"), viper.GetString("HTTPS_TLS_KEY_PATH")
 
 	if certString == "" && keyString == "" && certPath == "" && keyPath == "" {
 		// serve http

diff --git a/cmd/helper_server_test.go b/cmd/helper_server_test.go
@@ -127,119 +127,119 @@ RHMZNMoDTRhmhQhj8M7N+FMtZAUOMddZ/1cvREtFW7+66w+XZvj9CQ/uectp/qb+
 	defer func() {
 		_ = os.Remove(tmpCert)
 		_ = os.Remove(tmpKey)
-		os.Setenv("HTTP_TLS_KEY_PATH", "")
-		os.Setenv("HTTP_TLS_CERT_PATH", "")
-		os.Setenv("HTTP_TLS_KEY", "")
-		os.Setenv("HTTP_TLS_CERT", "")
+		os.Setenv("HTTPS_TLS_KEY_PATH", "")
+		os.Setenv("HTTPS_TLS_CERT_PATH", "")
+		os.Setenv("HTTPS_TLS_KEY", "")
+		os.Setenv("HTTPS_TLS_CERT", "")
 	}()
 	_ = ioutil.WriteFile(tmpCert, []byte(certFileContent), 0600)
 	_ = ioutil.WriteFile(tmpKey, []byte(keyFileContent), 0600)
 	initConfig()
 
 	// 1. no TLS
-	os.Setenv("HTTP_TLS_KEY_PATH", "")
-	os.Setenv("HTTP_TLS_CERT_PATH", "")
-	os.Setenv("HTTP_TLS_KEY", "")
-	os.Setenv("HTTP_TLS_CERT", "")
+	os.Setenv("HTTPS_TLS_KEY_PATH", "")
+	os.Setenv("HTTPS_TLS_CERT_PATH", "")
+	os.Setenv("HTTPS_TLS_KEY", "")
+	os.Setenv("HTTPS_TLS_CERT", "")
 	cert, err := getTLSCertAndKey()
 	assert.Nil(t, cert)
 	assert.NoError(t, err)
 
 	// 2. inconsistent TLS (i): warning only
-	os.Setenv("HTTP_TLS_KEY_PATH", "x")
-	os.Setenv("HTTP_TLS_CERT_PATH", "")
-	os.Setenv("HTTP_TLS_KEY", "")
-	os.Setenv("HTTP_TLS_CERT", "")
+	os.Setenv("HTTPS_TLS_KEY_PATH", "x")
+	os.Setenv("HTTPS_TLS_CERT_PATH", "")
+	os.Setenv("HTTPS_TLS_KEY", "")
+	os.Setenv("HTTPS_TLS_CERT", "")
 	cert, err = getTLSCertAndKey()
 	assert.Nil(t, cert)
 	assert.NoError(t, err)
 
 	// 2. inconsistent TLS (ii): warning only
-	os.Setenv("HTTP_TLS_KEY_PATH", "")
-	os.Setenv("HTTP_TLS_CERT_PATH", "")
-	os.Setenv("HTTP_TLS_KEY", "")
-	os.Setenv("HTTP_TLS_CERT", "x")
+	os.Setenv("HTTPS_TLS_KEY_PATH", "")
+	os.Setenv("HTTPS_TLS_CERT_PATH", "")
+	os.Setenv("HTTPS_TLS_KEY", "")
+	os.Setenv("HTTPS_TLS_CERT", "x")
 	cert, err = getTLSCertAndKey()
 	assert.Nil(t, cert)
 	assert.NoError(t, err)
 
 	// 3. invalid TLS file
-	os.Setenv("HTTP_TLS_KEY_PATH", "x")
-	os.Setenv("HTTP_TLS_CERT_PATH", tmpCert)
-	os.Setenv("HTTP_TLS_KEY", "")
-	os.Setenv("HTTP_TLS_CERT", "")
+	os.Setenv("HTTPS_TLS_KEY_PATH", "x")
+	os.Setenv("HTTPS_TLS_CERT_PATH", tmpCert)
+	os.Setenv("HTTPS_TLS_KEY", "")
+	os.Setenv("HTTPS_TLS_CERT", "")
 	cert, err = getTLSCertAndKey()
 	assert.Nil(t, cert)
 	assert.Error(t, err)
 
 	// 4. invalid TLS string (i)
-	os.Setenv("HTTP_TLS_KEY_PATH", "")
-	os.Setenv("HTTP_TLS_CERT_PATH", "")
-	os.Setenv("HTTP_TLS_KEY", "{}")
-	os.Setenv("HTTP_TLS_CERT", certFixture)
+	os.Setenv("HTTPS_TLS_KEY_PATH", "")
+	os.Setenv("HTTPS_TLS_CERT_PATH", "")
+	os.Setenv("HTTPS_TLS_KEY", "{}")
+	os.Setenv("HTTPS_TLS_CERT", certFixture)
 	cert, err = getTLSCertAndKey()
 	assert.Nil(t, cert)
 	assert.Error(t, err)
 
 	// 4. invalid TLS string (ii)
-	os.Setenv("HTTP_TLS_KEY_PATH", "")
-	os.Setenv("HTTP_TLS_CERT_PATH", "")
-	os.Setenv("HTTP_TLS_KEY", keyFixture)
-	os.Setenv("HTTP_TLS_CERT", "{}")
+	os.Setenv("HTTPS_TLS_KEY_PATH", "")
+	os.Setenv("HTTPS_TLS_CERT_PATH", "")
+	os.Setenv("HTTPS_TLS_KEY", keyFixture)
+	os.Setenv("HTTPS_TLS_CERT", "{}")
 	cert, err = getTLSCertAndKey()
 	assert.Nil(t, cert)
 	assert.Error(t, err)
 
 	// 5. valid TLS files
-	os.Setenv("HTTP_TLS_KEY_PATH", tmpKey)
-	os.Setenv("HTTP_TLS_CERT_PATH", tmpCert)
-	os.Setenv("HTTP_TLS_KEY", "")
-	os.Setenv("HTTP_TLS_CERT", "")
+	os.Setenv("HTTPS_TLS_KEY_PATH", tmpKey)
+	os.Setenv("HTTPS_TLS_CERT_PATH", tmpCert)
+	os.Setenv("HTTPS_TLS_KEY", "")
+	os.Setenv("HTTPS_TLS_CERT", "")
 	cert, err = getTLSCertAndKey()
 	assert.NotNil(t, cert)
 	assert.NoError(t, err)
 
 	// 6. valid TLS strings
-	os.Setenv("HTTP_TLS_KEY_PATH", "")
-	os.Setenv("HTTP_TLS_CERT_PATH", "")
-	os.Setenv("HTTP_TLS_KEY", keyFixture)
-	os.Setenv("HTTP_TLS_CERT", certFixture)
+	os.Setenv("HTTPS_TLS_KEY_PATH", "")
+	os.Setenv("HTTPS_TLS_CERT_PATH", "")
+	os.Setenv("HTTPS_TLS_KEY", keyFixture)
+	os.Setenv("HTTPS_TLS_CERT", certFixture)
 	cert, err = getTLSCertAndKey()
 	assert.NotNil(t, cert)
 	assert.NoError(t, err)
 
 	// 7. invalid TLS file content
-	os.Setenv("HTTP_TLS_KEY_PATH", keyFixture)
-	os.Setenv("HTTP_TLS_CERT_PATH", certFixture)
-	os.Setenv("HTTP_TLS_KEY", "")
-	os.Setenv("HTTP_TLS_CERT", "")
+	os.Setenv("HTTPS_TLS_KEY_PATH", keyFixture)
+	os.Setenv("HTTPS_TLS_CERT_PATH", certFixture)
+	os.Setenv("HTTPS_TLS_KEY", "")
+	os.Setenv("HTTPS_TLS_CERT", "")
 	cert, err = getTLSCertAndKey()
 	assert.Nil(t, cert)
 	assert.Error(t, err)
 
 	// 8. invalid TLS string content
-	os.Setenv("HTTP_TLS_KEY_PATH", "")
-	os.Setenv("HTTP_TLS_CERT_PATH", "")
-	os.Setenv("HTTP_TLS_KEY", keyFileContent)
-	os.Setenv("HTTP_TLS_CERT", certFileContent)
+	os.Setenv("HTTPS_TLS_KEY_PATH", "")
+	os.Setenv("HTTPS_TLS_CERT_PATH", "")
+	os.Setenv("HTTPS_TLS_KEY", keyFileContent)
+	os.Setenv("HTTPS_TLS_CERT", certFileContent)
 	cert, err = getTLSCertAndKey()
 	assert.Nil(t, cert)
 	assert.Error(t, err)
 
 	// 9. mismatched TLS file content
-	os.Setenv("HTTP_TLS_KEY_PATH", certFileContent)
-	os.Setenv("HTTP_TLS_CERT_PATH", keyFileContent)
-	os.Setenv("HTTP_TLS_KEY", "")
-	os.Setenv("HTTP_TLS_CERT", "")
+	os.Setenv("HTTPS_TLS_KEY_PATH", certFileContent)
+	os.Setenv("HTTPS_TLS_CERT_PATH", keyFileContent)
+	os.Setenv("HTTPS_TLS_KEY", "")
+	os.Setenv("HTTPS_TLS_CERT", "")
 	cert, err = getTLSCertAndKey()
 	assert.Nil(t, cert)
 	assert.Error(t, err)
 
 	// 10. mismatched TLS string content
-	os.Setenv("HTTP_TLS_KEY_PATH", "")
-	os.Setenv("HTTP_TLS_CERT_PATH", "")
-	os.Setenv("HTTP_TLS_KEY", certFixture)
-	os.Setenv("HTTP_TLS_CERT", keyFixture)
+	os.Setenv("HTTPS_TLS_KEY_PATH", "")
+	os.Setenv("HTTPS_TLS_CERT_PATH", "")
+	os.Setenv("HTTPS_TLS_KEY", certFixture)
+	os.Setenv("HTTPS_TLS_CERT", keyFixture)
 	cert, err = getTLSCertAndKey()
 	assert.Nil(t, cert)
 	assert.Error(t, err)