Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
config: generate cookie secret if not set in all-in-one mode (#3742)
* config: generate cookie secret if not set in all-in-one mode * fix tests * config: add warning about cookie_secret * breakup lines
- Loading branch information
1 parent
2c9087f
commit 9413123
Showing
8 changed files
with
111 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
package log | ||
|
||
import ( | ||
"context" | ||
"sync" | ||
|
||
"github.com/pomerium/pomerium/internal/syncutil" | ||
) | ||
|
||
var warnCookieSecretOnce sync.Once | ||
|
||
// WarnCookieSecret warns about the cookie secret. | ||
func WarnCookieSecret() { | ||
warnCookieSecretOnce.Do(func() { | ||
Warn(context.Background()). | ||
Msg("using a generated COOKIE_SECRET. " + | ||
"Set the COOKIE_SECRET to avoid users being logged out on restart. " + | ||
"https://www.pomerium.com/docs/reference/cookie-secret") | ||
}) | ||
} | ||
|
||
var warnNoTLSCertificateOnce syncutil.OnceMap[string] | ||
|
||
// WarnNoTLSCertificate warns about no TLS certificate. | ||
func WarnNoTLSCertificate(domain string) { | ||
warnNoTLSCertificateOnce.Do(domain, func() { | ||
Warn(context.Background()). | ||
Str("domain", domain). | ||
Msg("no TLS certificate found for domain, using a self-signed certificate") | ||
}) | ||
} | ||
|
||
var warnWebSocketHTTP1_1Once syncutil.OnceMap[string] | ||
|
||
// WarnWebSocketHTTP1_1 warns about falling back to http 1.1 due to web socket support. | ||
func WarnWebSocketHTTP1_1(clusterID string) { | ||
warnWebSocketHTTP1_1Once.Do(clusterID, func() { | ||
Warn(context.Background()). | ||
Str("cluster-id", clusterID). | ||
Msg("forcing http/1.1 due to web socket support") | ||
}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
// Package syncutil contains methods for working with sync code. | ||
package syncutil | ||
|
||
import ( | ||
"sync" | ||
) | ||
|
||
// A OnceMap is a collection sync.Onces accessible by a key. The zero value is usable. | ||
type OnceMap[T comparable] struct { | ||
mu sync.Mutex | ||
m map[T]*sync.Once | ||
} | ||
|
||
// Do runs f once. | ||
func (o *OnceMap[T]) Do(key T, f func()) { | ||
o.mu.Lock() | ||
if o.m == nil { | ||
o.m = make(map[T]*sync.Once) | ||
} | ||
oo, ok := o.m[key] | ||
if !ok { | ||
oo = new(sync.Once) | ||
o.m[key] = oo | ||
} | ||
o.mu.Unlock() | ||
oo.Do(f) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters