diff options
| author | Ash McKenzie <amckenzie@gitlab.com> | 2020-07-01 20:02:32 +1000 |
|---|---|---|
| committer | Ash McKenzie <amckenzie@gitlab.com> | 2020-07-01 20:02:32 +1000 |
| commit | f0707beb15d54268325acfab6b025f58737ffc6d (patch) | |
| tree | d5fedf1e16c910a5826932daeab53fc16172d87c | |
| parent | f7ea62a01191a0f5e7bf64e2c618689c260eb19b (diff) | |
| download | gitlab-shell-459-system-default-ssl_cert_dir-is-being-used-during-remote-gitaly-over-tls.tar.gz | |
Pass in ssl_cert_dir config setting459-system-default-ssl_cert_dir-is-being-used-during-remote-gitaly-over-tls
4 files changed, 36 insertions, 4 deletions
diff --git a/internal/command/authorizedkeys/authorized_keys.go b/internal/command/authorizedkeys/authorized_keys.go index f1cab45..a55851b 100644 --- a/internal/command/authorizedkeys/authorized_keys.go +++ b/internal/command/authorizedkeys/authorized_keys.go @@ -41,7 +41,7 @@ func (c *Command) printKeyLine() error { return nil } - keyLine, err := keyline.NewPublicKeyLine(strconv.FormatInt(response.Id, 10), response.Key, c.Config.RootDir) + keyLine, err := keyline.NewPublicKeyLine(strconv.FormatInt(response.Id, 10), response.Key, c.Config.RootDir, c.Config.SslCertDir) if err != nil { return err } diff --git a/internal/command/authorizedkeys/authorized_keys_test.go b/internal/command/authorizedkeys/authorized_keys_test.go index 4aa7586..e12f4fa 100644 --- a/internal/command/authorizedkeys/authorized_keys_test.go +++ b/internal/command/authorizedkeys/authorized_keys_test.go @@ -45,8 +45,12 @@ func TestExecute(t *testing.T) { url, cleanup := testserver.StartSocketHttpServer(t, requests) defer cleanup() + defaultConfig := &config.Config{RootDir: "/tmp", GitlabUrl: url} + configWithSslCertDir := &config.Config{RootDir: "/tmp", GitlabUrl: url, SslCertDir: "/tmp/certs"} + testCases := []struct { desc string + config *config.Config arguments *commandargs.AuthorizedKeys expectedOutput string }{ @@ -56,6 +60,12 @@ func TestExecute(t *testing.T) { expectedOutput: "command=\"/tmp/bin/gitlab-shell key-1\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty public-key\n", }, { + desc: "With SSL cert dir", + config: configWithSslCertDir, + arguments: &commandargs.AuthorizedKeys{ExpectedUser: "user", ActualUser: "user", Key: "key"}, + expectedOutput: "command=\"SSL_CERT_DIR=/tmp/certs /tmp/bin/gitlab-shell key-1\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty public-key\n", + }, + { desc: "When key doesn't match any existing key", arguments: &commandargs.AuthorizedKeys{ExpectedUser: "user", ActualUser: "user", Key: "not-found"}, expectedOutput: "# No key was found for not-found\n", @@ -75,8 +85,14 @@ func TestExecute(t *testing.T) { for _, tc := range testCases { t.Run(tc.desc, func(t *testing.T) { buffer := &bytes.Buffer{} + + config := defaultConfig + if tc.config != nil { + config = tc.config + } + cmd := &Command{ - Config: &config.Config{RootDir: "/tmp", GitlabUrl: url}, + Config: config, Args: tc.arguments, ReadWriter: &readwriter.ReadWriter{Out: buffer}, } diff --git a/internal/command/authorizedprincipals/authorized_principals.go b/internal/command/authorizedprincipals/authorized_principals.go index 10ae70e..c71e921 100644 --- a/internal/command/authorizedprincipals/authorized_principals.go +++ b/internal/command/authorizedprincipals/authorized_principals.go @@ -36,7 +36,7 @@ func (c *Command) printPrincipalLines() error { } func (c *Command) printPrincipalLine(principal string) error { - principalKeyLine, err := keyline.NewPrincipalKeyLine(c.Args.KeyId, principal, c.Config.RootDir) + principalKeyLine, err := keyline.NewPrincipalKeyLine(c.Args.KeyId, principal, c.Config.RootDir, c.Config.SslCertDir) if err != nil { return err } diff --git a/internal/command/authorizedprincipals/authorized_principals_test.go b/internal/command/authorizedprincipals/authorized_principals_test.go index f0334e5..f11dd0f 100644 --- a/internal/command/authorizedprincipals/authorized_principals_test.go +++ b/internal/command/authorizedprincipals/authorized_principals_test.go @@ -12,8 +12,12 @@ import ( ) func TestExecute(t *testing.T) { + defaultConfig := &config.Config{RootDir: "/tmp"} + configWithSslCertDir := &config.Config{RootDir: "/tmp", SslCertDir: "/tmp/certs"} + testCases := []struct { desc string + config *config.Config arguments *commandargs.AuthorizedPrincipals expectedOutput string }{ @@ -23,6 +27,12 @@ func TestExecute(t *testing.T) { expectedOutput: "command=\"/tmp/bin/gitlab-shell username-key\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty principal\n", }, { + desc: "With SSL cert dir", + config: configWithSslCertDir, + arguments: &commandargs.AuthorizedPrincipals{KeyId: "key", Principals: []string{"principal"}}, + expectedOutput: "command=\"SSL_CERT_DIR=/tmp/certs /tmp/bin/gitlab-shell username-key\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty principal\n", + }, + { desc: "With multiple principals", arguments: &commandargs.AuthorizedPrincipals{KeyId: "key", Principals: []string{"principal-1", "principal-2"}}, expectedOutput: "command=\"/tmp/bin/gitlab-shell username-key\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty principal-1\ncommand=\"/tmp/bin/gitlab-shell username-key\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty principal-2\n", @@ -32,8 +42,14 @@ func TestExecute(t *testing.T) { for _, tc := range testCases { t.Run(tc.desc, func(t *testing.T) { buffer := &bytes.Buffer{} + + config := defaultConfig + if tc.config != nil { + config = tc.config + } + cmd := &Command{ - Config: &config.Config{RootDir: "/tmp"}, + Config: config, Args: tc.arguments, ReadWriter: &readwriter.ReadWriter{Out: buffer}, } |