mirror of
https://github.com/gravitational/teleport
synced 2024-10-21 01:34:01 +00:00
Do not override cfg.CAPins if ApplyCAPins is called with empty caPins… (#14122)
Do not override cfg.CAPins if ApplyCAPins is called with empty caPins slice
This commit is contained in:
parent
51b3bc3dda
commit
d1781d39be
|
@ -1369,6 +1369,57 @@ func TestDebugFlag(t *testing.T) {
|
|||
require.True(t, cfg.Debug)
|
||||
}
|
||||
|
||||
func TestMergingCAPinConfig(t *testing.T) {
|
||||
tests := []struct {
|
||||
desc string
|
||||
cliPins []string
|
||||
configPins string // this goes into the yaml in bracket syntax [val1,val2,...]
|
||||
want []string
|
||||
}{
|
||||
{
|
||||
desc: "pin taken from cli only",
|
||||
cliPins: []string{"cli-pin"},
|
||||
configPins: "",
|
||||
want: []string{"cli-pin"},
|
||||
},
|
||||
{
|
||||
desc: "pin taken from file config only",
|
||||
cliPins: []string{},
|
||||
configPins: "fc-pin",
|
||||
want: []string{"fc-pin"},
|
||||
},
|
||||
{
|
||||
desc: "non-empty pins from cli override file config",
|
||||
cliPins: []string{"cli-pin1", "", "cli-pin2", ""},
|
||||
configPins: "fc-pin",
|
||||
want: []string{"cli-pin1", "cli-pin2"},
|
||||
},
|
||||
{
|
||||
desc: "all empty pins from cli do not override file config",
|
||||
cliPins: []string{"", ""},
|
||||
configPins: "fc-pin1,fc-pin2",
|
||||
want: []string{"fc-pin1", "fc-pin2"},
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.desc, func(t *testing.T) {
|
||||
clf := CommandLineFlags{
|
||||
CAPins: tt.cliPins,
|
||||
ConfigString: base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf(
|
||||
configWithCAPins,
|
||||
tt.configPins,
|
||||
))),
|
||||
}
|
||||
cfg := service.MakeDefaultConfig()
|
||||
require.Empty(t, cfg.CAPins)
|
||||
err := Configure(&clf, cfg)
|
||||
require.NoError(t, err)
|
||||
require.ElementsMatch(t, tt.want, cfg.CAPins)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestLicenseFile(t *testing.T) {
|
||||
testCases := []struct {
|
||||
path string
|
||||
|
|
|
@ -213,3 +213,33 @@ auth_service:
|
|||
type: saml
|
||||
local_auth: false
|
||||
`
|
||||
|
||||
const configWithCAPins = `
|
||||
teleport:
|
||||
nodename: cat.example.com
|
||||
advertise_ip: 10.10.10.1
|
||||
pid_file: /var/run/teleport.pid
|
||||
log:
|
||||
output: stderr
|
||||
severity: INFO
|
||||
ca_pin: [%v]
|
||||
auth_service:
|
||||
enabled: yes
|
||||
listen_addr: 10.5.5.1:3025
|
||||
cluster_name: magadan
|
||||
tokens:
|
||||
- "proxy,node:xxx"
|
||||
- "auth:yyy"
|
||||
authentication:
|
||||
type: local
|
||||
second_factor: off
|
||||
|
||||
ssh_service:
|
||||
enabled: no
|
||||
|
||||
proxy_service:
|
||||
enabled: yes
|
||||
web_listen_addr: webhost
|
||||
tunnel_listen_addr: tunnelhost:1001
|
||||
public_addr: web3:443
|
||||
`
|
||||
|
|
|
@ -301,7 +301,9 @@ func (cfg *Config) ApplyCAPins(caPins []string) error {
|
|||
}
|
||||
filteredPins = append(filteredPins, strings.Split(pins, "\n")...)
|
||||
}
|
||||
cfg.CAPins = filteredPins
|
||||
if len(filteredPins) > 0 {
|
||||
cfg.CAPins = filteredPins
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue