From d64a7472ab6d74cc6b7984cd36f0c5c6129b7a68 Mon Sep 17 00:00:00 2001 From: Julien Date: Tue, 3 Sep 2024 10:46:10 +0200 Subject: [PATCH 1/2] Remove secret file existence check in Validate for headers This commit removes the check for the existence of the secret file for headers in the `Validate` function. The check is not valid for relative paths since `Validate` is called before `SetDirectory`, which is responsible for setting up the environment. This change aligns with the handling of other secret files, which are not checked during config validation. Signed-off-by: Julien --- config/headers.go | 9 +-------- config/http_config.go | 2 +- config/http_config_test.go | 2 +- 3 files changed, 3 insertions(+), 10 deletions(-) diff --git a/config/headers.go b/config/headers.go index 4a0be4a1..81cd8aad 100644 --- a/config/headers.go +++ b/config/headers.go @@ -78,17 +78,10 @@ func (h *Headers) SetDirectory(dir string) { // Validate validates the Headers config. func (h *Headers) Validate() error { - for n, header := range h.Headers { + for n := range h.Headers { if _, ok := reservedHeaders[http.CanonicalHeaderKey(n)]; ok { return fmt.Errorf("setting header %q is not allowed", http.CanonicalHeaderKey(n)) } - for _, v := range header.Files { - f := JoinDir(h.dir, v) - _, err := os.ReadFile(f) - if err != nil { - return fmt.Errorf("unable to read header %q from file %s: %w", http.CanonicalHeaderKey(n), f, err) - } - } } return nil } diff --git a/config/http_config.go b/config/http_config.go index 228db63e..b640b899 100644 --- a/config/http_config.go +++ b/config/http_config.go @@ -828,7 +828,7 @@ type basicAuthRoundTripper struct { // NewBasicAuthRoundTripper will apply a BASIC auth authorization header to a request unless it has // already been set. -func NewBasicAuthRoundTripper(username SecretReader, password SecretReader, rt http.RoundTripper) http.RoundTripper { +func NewBasicAuthRoundTripper(username, password SecretReader, rt http.RoundTripper) http.RoundTripper { return &basicAuthRoundTripper{username, password, rt} } diff --git a/config/http_config_test.go b/config/http_config_test.go index 9236f7cb..77382328 100644 --- a/config/http_config_test.go +++ b/config/http_config_test.go @@ -1107,7 +1107,7 @@ func getCertificateBlobs(t *testing.T) map[string][]byte { return bs } -func writeCertificate(bs map[string][]byte, src string, dst string) { +func writeCertificate(bs map[string][]byte, src, dst string) { b, ok := bs[src] if !ok { panic(fmt.Sprintf("Couldn't find %q in bs", src)) From 334963d1a28ee07975f6777cf65539ecddb89ae0 Mon Sep 17 00:00:00 2001 From: Julien Date: Tue, 3 Sep 2024 11:12:43 +0200 Subject: [PATCH 2/2] Change the logic for SetDirectory Signed-off-by: Julien --- config/headers.go | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/config/headers.go b/config/headers.go index 81cd8aad..7276742e 100644 --- a/config/headers.go +++ b/config/headers.go @@ -52,14 +52,6 @@ var reservedHeaders = map[string]struct{}{ // Headers represents the configuration for HTTP headers. type Headers struct { Headers map[string]Header `yaml:",inline"` - dir string -} - -// Header represents the configuration for a single HTTP header. -type Header struct { - Values []string `yaml:"values,omitempty" json:"values,omitempty"` - Secrets []Secret `yaml:"secrets,omitempty" json:"secrets,omitempty"` - Files []string `yaml:"files,omitempty" json:"files,omitempty"` } func (h Headers) MarshalJSON() ([]byte, error) { @@ -67,13 +59,14 @@ func (h Headers) MarshalJSON() ([]byte, error) { return json.Marshal(h.Headers) } -// SetDirectory records the directory to make headers file relative to the -// configuration file. +// SetDirectory make headers file relative to the configuration file. func (h *Headers) SetDirectory(dir string) { if h == nil { return } - h.dir = dir + for _, h := range h.Headers { + h.SetDirectory(dir) + } } // Validate validates the Headers config. @@ -86,6 +79,20 @@ func (h *Headers) Validate() error { return nil } +// Header represents the configuration for a single HTTP header. +type Header struct { + Values []string `yaml:"values,omitempty" json:"values,omitempty"` + Secrets []Secret `yaml:"secrets,omitempty" json:"secrets,omitempty"` + Files []string `yaml:"files,omitempty" json:"files,omitempty"` +} + +// SetDirectory makes headers file relative to the configuration file. +func (h *Header) SetDirectory(dir string) { + for i := range h.Files { + h.Files[i] = JoinDir(dir, h.Files[i]) + } +} + // NewHeadersRoundTripper returns a RoundTripper that sets HTTP headers on // requests as configured. func NewHeadersRoundTripper(config *Headers, next http.RoundTripper) http.RoundTripper { @@ -114,10 +121,9 @@ func (rt *headersRoundTripper) RoundTrip(req *http.Request) (*http.Response, err req.Header.Add(n, string(v)) } for _, v := range h.Files { - f := JoinDir(rt.config.dir, v) - b, err := os.ReadFile(f) + b, err := os.ReadFile(v) if err != nil { - return nil, fmt.Errorf("unable to read headers file %s: %w", f, err) + return nil, fmt.Errorf("unable to read headers file %s: %w", v, err) } req.Header.Add(n, strings.TrimSpace(string(b))) }