Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-pages.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKrasimir Angelov <kangelov@gitlab.com>2019-12-05 11:44:17 +0300
committerKrasimir Angelov <kangelov@gitlab.com>2019-12-05 11:44:17 +0300
commite97fad680a73720b4b539f54f0ac9bcd46ee92f9 (patch)
tree201489a46f33ee4ca4236dcd605e5bcba3341d4e
parent7f35a7b7c1dde36f695fd7f1627fa77d9d8d2be0 (diff)
Base64 decode GitLab API secret
before using it.
-rw-r--r--acceptance_test.go3
-rw-r--r--helpers_test.go10
-rw-r--r--internal/fixture/fixtures.go4
-rw-r--r--internal/source/gitlab/client/client_test.go4
-rw-r--r--main.go22
5 files changed, 40 insertions, 3 deletions
diff --git a/acceptance_test.go b/acceptance_test.go
index dfa334b9..3dbb6950 100644
--- a/acceptance_test.go
+++ b/acceptance_test.go
@@ -1536,7 +1536,8 @@ func TestGitlabDomainsSource(t *testing.T) {
defer source.Close()
newSourceDomains := "GITLAB_NEW_SOURCE_DOMAINS=new-source-test.gitlab.io,other-test.gitlab.io"
- pagesArgs := []string{"-gitlab-server", source.URL, "-api-secret-key", "README.md"}
+ gitLabAPISecretKey := CreateGitLabAPISecretKeyFixtureFile(t)
+ pagesArgs := []string{"-gitlab-server", source.URL, "-api-secret-key", gitLabAPISecretKey}
teardown := RunPagesProcessWithEnvs(t, true, *pagesBinary, listeners, "", []string{newSourceDomains}, pagesArgs...)
defer teardown()
diff --git a/helpers_test.go b/helpers_test.go
index b13fb18f..c04993e9 100644
--- a/helpers_test.go
+++ b/helpers_test.go
@@ -75,6 +75,16 @@ func CreateHTTPSFixtureFiles(t *testing.T) (key string, cert string) {
return keyfile.Name(), certfile.Name()
}
+func CreateGitLabAPISecretKeyFixtureFile(t *testing.T) (filepath string) {
+ secretfile, err := ioutil.TempFile("", "gitlab-api-secret")
+ require.NoError(t, err)
+ secretfile.Close()
+
+ require.NoError(t, ioutil.WriteFile(secretfile.Name(), []byte(fixture.GitLabAPISecretKey), 0644))
+
+ return secretfile.Name()
+}
+
// ListenSpec is used to point at a gitlab-pages http server, preserving the
// type of port it is (http, https, proxy)
type ListenSpec struct {
diff --git a/internal/fixture/fixtures.go b/internal/fixture/fixtures.go
index 38bbd375..e425da1b 100644
--- a/internal/fixture/fixtures.go
+++ b/internal/fixture/fixtures.go
@@ -53,4 +53,8 @@ yhGSbQKBgD3VEnPiSUmXBo39kPcnPg93E3JfdAOiOwIB2qwfYzg9kpmuTWws+DFz
lKpMI27YkmnPqROQ2NTUfdxYmw3EHHMAsvnmHeMNGn3ijSUZVKmPfV436Qc8iVci
s4wKoCRhBUZ52sHki/ieb+5hycT3JnVXMDtbJxgXFW5a86usXEpO
-----END RSA PRIVATE KEY-----`
+
+ // GitLabAPISecretKey used in tests
+ // 32 bytes, base64 encoded
+ GitLabAPISecretKey = "e41rcFh7XBA7sNABWVCe2AZvxMsy6QDtJ8S9Ql1UiN8="
)
diff --git a/internal/source/gitlab/client/client_test.go b/internal/source/gitlab/client/client_test.go
index d056f2bd..e8c36c48 100644
--- a/internal/source/gitlab/client/client_test.go
+++ b/internal/source/gitlab/client/client_test.go
@@ -10,6 +10,8 @@ import (
"github.com/stretchr/testify/require"
jwt "github.com/dgrijalva/jwt-go"
+
+ "gitlab.com/gitlab-org/gitlab-pages/internal/fixture"
)
var (
@@ -144,6 +146,6 @@ func validateToken(t *testing.T, tokenString string) {
}
func secretKey() []byte {
- secretKey, _ := base64.StdEncoding.DecodeString(encodedSecret)
+ secretKey, _ := base64.StdEncoding.DecodeString(fixture.GitLabAPISecretKey)
return secretKey
}
diff --git a/main.go b/main.go
index aed0cc27..c4a6a4e2 100644
--- a/main.go
+++ b/main.go
@@ -1,6 +1,7 @@
package main
import (
+ "encoding/base64"
"errors"
"fmt"
"io"
@@ -121,6 +122,22 @@ func setArtifactsServer(artifactsServer string, artifactsServerTimeout int, conf
config.ArtifactsServer = artifactsServer
}
+func setGitLabAPISecretKey(secretFile string, config *appConfig) {
+ encoded := readFile(secretFile)
+
+ decoded := make([]byte, base64.StdEncoding.DecodedLen(len(encoded)))
+ secretLength, err := base64.StdEncoding.Decode(decoded, encoded)
+ if err != nil {
+ log.WithError(err).Fatal("Failed to decode GitLab API secret")
+ }
+
+ if secretLength != 32 {
+ log.WithError(fmt.Errorf("Expected 32 bytes GitLab API secret but got %d bytes", secretLength)).Fatal("Failed to decode GitLab API secret")
+ }
+
+ config.GitLabAPISecretKey = decoded
+}
+
func configFromFlags() appConfig {
var config appConfig
@@ -144,13 +161,16 @@ func configFromFlags() appConfig {
}{
{&config.RootCertificate, *pagesRootCert},
{&config.RootKey, *pagesRootKey},
- {&config.GitLabAPISecretKey, *gitLabAPISecretKey},
} {
if file.path != "" {
*file.contents = readFile(file.path)
}
}
+ if *gitLabAPISecretKey != "" {
+ setGitLabAPISecretKey(*gitLabAPISecretKey, &config)
+ }
+
if *artifactsServer != "" {
setArtifactsServer(*artifactsServer, *artifactsServerTimeout, &config)
}