Remove secret file existence check in Validate for headers

config/headers.go

@@ -52,47 +52,47 @@ var reservedHeaders = map[string]struct{}{
 // Headers represents the configuration for HTTP headers.
 type Headers struct {
 	Headers map[string]Header `yaml:",inline"`
-	dir     string
-}
-
-// Header represents the configuration for a single HTTP header.
-type Header struct {
-	Values  []string `yaml:"values,omitempty" json:"values,omitempty"`
-	Secrets []Secret `yaml:"secrets,omitempty" json:"secrets,omitempty"`
-	Files   []string `yaml:"files,omitempty" json:"files,omitempty"`
 }
 
 func (h Headers) MarshalJSON() ([]byte, error) {
 	// Inline the Headers map when serializing JSON because json encoder doesn't support "inline" directive.
 	return json.Marshal(h.Headers)
 }
 
-// SetDirectory records the directory to make headers file relative to the
-// configuration file.
+// SetDirectory make headers file relative to the configuration file.
 func (h *Headers) SetDirectory(dir string) {
 	if h == nil {
 		return
 	}
-	h.dir = dir
+	for _, h := range h.Headers {
+		h.SetDirectory(dir)
+	}
 }
 
 // Validate validates the Headers config.
 func (h *Headers) Validate() error {
-	for n, header := range h.Headers {
+	for n := range h.Headers {
 		if _, ok := reservedHeaders[http.CanonicalHeaderKey(n)]; ok {
 			return fmt.Errorf("setting header %q is not allowed", http.CanonicalHeaderKey(n))
 		}
-		for _, v := range header.Files {
-			f := JoinDir(h.dir, v)
-			_, err := os.ReadFile(f)
-			if err != nil {
-				return fmt.Errorf("unable to read header %q from file %s: %w", http.CanonicalHeaderKey(n), f, err)
-			}
-		}
 	}
 	return nil
 }
 
+// Header represents the configuration for a single HTTP header.
+type Header struct {
+	Values  []string `yaml:"values,omitempty" json:"values,omitempty"`
+	Secrets []Secret `yaml:"secrets,omitempty" json:"secrets,omitempty"`
+	Files   []string `yaml:"files,omitempty" json:"files,omitempty"`
+}
+
+// SetDirectory makes headers file relative to the configuration file.
+func (h *Header) SetDirectory(dir string) {
+	for i := range h.Files {
+		h.Files[i] = JoinDir(dir, h.Files[i])
+	}
+}
+
 // NewHeadersRoundTripper returns a RoundTripper that sets HTTP headers on
 // requests as configured.
 func NewHeadersRoundTripper(config *Headers, next http.RoundTripper) http.RoundTripper {
@@ -121,10 +121,9 @@ func (rt *headersRoundTripper) RoundTrip(req *http.Request) (*http.Response, err
 			req.Header.Add(n, string(v))
 		}
 		for _, v := range h.Files {
-			f := JoinDir(rt.config.dir, v)
-			b, err := os.ReadFile(f)
+			b, err := os.ReadFile(v)
 			if err != nil {
-				return nil, fmt.Errorf("unable to read headers file %s: %w", f, err)
+				return nil, fmt.Errorf("unable to read headers file %s: %w", v, err)
 			}
 			req.Header.Add(n, strings.TrimSpace(string(b)))
 		}

config/http_config.go

@@ -828,7 +828,7 @@ type basicAuthRoundTripper struct {
 
 // NewBasicAuthRoundTripper will apply a BASIC auth authorization header to a request unless it has
 // already been set.
-func NewBasicAuthRoundTripper(username SecretReader, password SecretReader, rt http.RoundTripper) http.RoundTripper {
+func NewBasicAuthRoundTripper(username, password SecretReader, rt http.RoundTripper) http.RoundTripper {
 	return &basicAuthRoundTripper{username, password, rt}
 }
 

config/http_config_test.go

@@ -1107,7 +1107,7 @@ func getCertificateBlobs(t *testing.T) map[string][]byte {
 	return bs
 }
 
-func writeCertificate(bs map[string][]byte, src string, dst string) {
+func writeCertificate(bs map[string][]byte, src, dst string) {
 	b, ok := bs[src]
 	if !ok {
 		panic(fmt.Sprintf("Couldn't find %q in bs", src))