diff options
| -rw-r--r-- | app.go | 7 | ||||
| -rw-r--r-- | internal/auth/auth.go | 52 | ||||
| -rw-r--r-- | internal/auth/auth_code_test.go | 6 | ||||
| -rw-r--r-- | internal/auth/auth_test.go | 48 | ||||
| -rw-r--r-- | internal/config/config.go | 8 | ||||
| -rw-r--r-- | internal/config/flags.go | 4 | ||||
| -rw-r--r-- | internal/config/validate.go | 2 | ||||
| -rw-r--r-- | test/acceptance/auth_test.go | 22 | ||||
| -rw-r--r-- | test/acceptance/helpers_test.go | 7 |
9 files changed, 87 insertions, 69 deletions
@@ -518,8 +518,8 @@ func runApp(config *cfg.Config) { // TODO: This if was introduced when `gitlab-server` wasn't a required parameter // once we completely remove support for legacy architecture and make it required // we can just remove this if statement https://gitlab.com/gitlab-org/gitlab-pages/-/issues/581 - if config.GitLab.Server != "" { - a.AcmeMiddleware = &acme.Middleware{GitlabURL: config.GitLab.Server} + if config.GitLab.PublicServer != "" { + a.AcmeMiddleware = &acme.Middleware{GitlabURL: config.GitLab.PublicServer} } if len(config.General.CustomHeaders) != 0 { @@ -549,9 +549,8 @@ func (a *theApp) setAuth(config *cfg.Config) { } var err error - // TODO: use config.GitLab.InternalServer https://gitlab.com/gitlab-org/gitlab-pages/-/issues/581 a.Auth, err = auth.New(config.General.Domain, config.Authentication.Secret, config.Authentication.ClientID, config.Authentication.ClientSecret, - config.Authentication.RedirectURI, config.GitLab.Server, config.Authentication.Scope) + config.Authentication.RedirectURI, config.GitLab.InternalServer, config.GitLab.PublicServer, config.Authentication.Scope) if err != nil { log.WithError(err).Fatal("could not initialize auth package") } diff --git a/internal/auth/auth.go b/internal/auth/auth.go index 30cb1e38..7307d668 100644 --- a/internal/auth/auth.go +++ b/internal/auth/auth.go @@ -55,18 +55,19 @@ var ( // Auth handles authenticating users with GitLab API type Auth struct { - pagesDomain string - clientID string - clientSecret string - redirectURI string - gitLabServer string - authSecret string - authScope string - jwtSigningKey []byte - jwtExpiry time.Duration - apiClient *http.Client - store sessions.Store - now func() time.Time // allows to stub time.Now() easily in tests + pagesDomain string + clientID string + clientSecret string + redirectURI string + internalGitlabServer string // used for exchanging OAuth code for token and Accessing API and checking if the user has access to the project + publicGitlabServer string // used for redirecting users to gitlab on the start of OAuth workflow + authSecret string + authScope string + jwtSigningKey []byte + jwtExpiry time.Duration + apiClient *http.Client + store sessions.Store + now func() time.Time // allows to stub time.Now() easily in tests } type tokenResponse struct { @@ -232,7 +233,7 @@ func (a *Auth) domainAllowed(ctx context.Context, name string, domains source.So } func (a *Auth) handleProxyingAuth(session *sessions.Session, w http.ResponseWriter, r *http.Request, domains source.Source) bool { - // handle auth callback e.g. https://gitlab.io/auth?domain&domain&state=state + // handle auth callback e.g. https://gitlab.io/auth?domain=domain&state=state if shouldProxyAuthToGitlab(r) { domain := r.URL.Query().Get("domain") state := r.URL.Query().Get("state") @@ -269,11 +270,11 @@ func (a *Auth) handleProxyingAuth(session *sessions.Session, w http.ResponseWrit return true } - url := fmt.Sprintf(authorizeURLTemplate, a.gitLabServer, a.clientID, a.redirectURI, state, a.authScope) + url := fmt.Sprintf(authorizeURLTemplate, a.publicGitlabServer, a.clientID, a.redirectURI, state, a.authScope) logRequest(r).WithFields(logrus.Fields{ - "gitlab_server": a.gitLabServer, - "pages_domain": domain, + "public_gitlab_server": a.publicGitlabServer, + "pages_domain": domain, }).Info("Redirecting user to gitlab for oauth") http.Redirect(w, r, url, 302) @@ -377,7 +378,7 @@ func (a *Auth) fetchAccessToken(code string) (tokenResponse, error) { token := tokenResponse{} // Prepare request - url := fmt.Sprintf(tokenURLTemplate, a.gitLabServer) + url := fmt.Sprintf(tokenURLTemplate, a.internalGitlabServer) content := fmt.Sprintf(tokenContentTemplate, a.clientID, a.clientSecret, code, a.redirectURI) req, err := http.NewRequest("POST", url, strings.NewReader(content)) @@ -489,9 +490,9 @@ func (a *Auth) checkAuthentication(w http.ResponseWriter, r *http.Request, domai // Access token exists, authorize request var url string if projectID > 0 { - url = fmt.Sprintf(apiURLProjectTemplate, a.gitLabServer, projectID) + url = fmt.Sprintf(apiURLProjectTemplate, a.internalGitlabServer, projectID) } else { - url = fmt.Sprintf(apiURLUserTemplate, a.gitLabServer) + url = fmt.Sprintf(apiURLUserTemplate, a.internalGitlabServer) } req, err := http.NewRequest("GET", url, nil) @@ -643,7 +644,7 @@ func generateKeys(secret string, count int) ([][]byte, error) { } // New when authentication supported this will be used to create authentication handler -func New(pagesDomain, storeSecret, clientID, clientSecret, redirectURI, gitLabServer, authScope string) (*Auth, error) { +func New(pagesDomain, storeSecret, clientID, clientSecret, redirectURI, internalGitlabServer, publicGitlabServer, authScope string) (*Auth, error) { // generate 3 keys, 2 for the cookie store and 1 for JWT signing keys, err := generateKeys(storeSecret, 3) if err != nil { @@ -651,11 +652,12 @@ func New(pagesDomain, storeSecret, clientID, clientSecret, redirectURI, gitLabSe } return &Auth{ - pagesDomain: pagesDomain, - clientID: clientID, - clientSecret: clientSecret, - redirectURI: redirectURI, - gitLabServer: strings.TrimRight(gitLabServer, "/"), + pagesDomain: pagesDomain, + clientID: clientID, + clientSecret: clientSecret, + redirectURI: redirectURI, + internalGitlabServer: strings.TrimRight(internalGitlabServer, "/"), + publicGitlabServer: strings.TrimRight(publicGitlabServer, "/"), apiClient: &http.Client{ Timeout: 5 * time.Second, Transport: httptransport.DefaultTransport, diff --git a/internal/auth/auth_code_test.go b/internal/auth/auth_code_test.go index d54fcc7e..5a496066 100644 --- a/internal/auth/auth_code_test.go +++ b/internal/auth/auth_code_test.go @@ -8,7 +8,7 @@ import ( ) func TestEncryptAndDecryptSignedCode(t *testing.T) { - auth := createTestAuth(t, "") + auth := createTestAuth(t, "", "") tests := map[string]struct { auth *Auth @@ -86,8 +86,8 @@ func TestEncryptAndDecryptSignedCode(t *testing.T) { } func TestDecryptCodeWithInvalidJWT(t *testing.T) { - auth1 := createTestAuth(t, "") - auth2 := createTestAuth(t, "") + auth1 := createTestAuth(t, "", "") + auth2 := createTestAuth(t, "", "") auth2.jwtSigningKey = []byte("another signing key") encCode, err := auth1.EncryptAndSignCode("domain", "code") diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go index 1bd52d09..c1fc834a 100644 --- a/internal/auth/auth_test.go +++ b/internal/auth/auth_test.go @@ -17,7 +17,7 @@ import ( "gitlab.com/gitlab-org/gitlab-pages/internal/source" ) -func createTestAuth(t *testing.T, url string) *Auth { +func createTestAuth(t *testing.T, internalServer string, publicServer string) *Auth { t.Helper() a, err := New("pages.gitlab-example.com", @@ -25,7 +25,8 @@ func createTestAuth(t *testing.T, url string) *Auth { "id", "secret", "http://pages.gitlab-example.com/auth", - url, + internalServer, + publicServer, "scope") require.NoError(t, err) @@ -70,7 +71,7 @@ func setSessionValues(t *testing.T, r *http.Request, store sessions.Store, value } func TestTryAuthenticate(t *testing.T) { - auth := createTestAuth(t, "") + auth := createTestAuth(t, "", "") result := httptest.NewRecorder() reqURL, err := url.Parse("/something/else") @@ -82,7 +83,7 @@ func TestTryAuthenticate(t *testing.T) { } func TestTryAuthenticateWithError(t *testing.T) { - auth := createTestAuth(t, "") + auth := createTestAuth(t, "", "") result := httptest.NewRecorder() reqURL, err := url.Parse("/auth?error=access_denied") @@ -96,7 +97,7 @@ func TestTryAuthenticateWithError(t *testing.T) { } func TestTryAuthenticateWithCodeButInvalidState(t *testing.T) { - auth := createTestAuth(t, "") + auth := createTestAuth(t, "", "") result := httptest.NewRecorder() reqURL, err := url.Parse("/auth?code=1&state=invalid") @@ -115,7 +116,7 @@ func TestTryAuthenticateWithCodeButInvalidState(t *testing.T) { } func TestTryAuthenticateRemoveTokenFromRedirect(t *testing.T) { - auth := createTestAuth(t, "") + auth := createTestAuth(t, "", "") result := httptest.NewRecorder() reqURL, err := url.Parse("/auth?code=1&state=state&token=secret") @@ -141,6 +142,21 @@ func TestTryAuthenticateRemoveTokenFromRedirect(t *testing.T) { require.Empty(t, redirect.Query().Get("token"), "token is gone after redirecting") } +func TestTryAuthenticateWithDomainAndState(t *testing.T) { + auth := createTestAuth(t, "", "public-gitlab.example.com") + result := httptest.NewRecorder() + reqURL, err := url.Parse("/auth?domain=https%3A%2F%2Fpages.gitlab-example.com&state=state") + require.NoError(t, err) + r := &http.Request{URL: reqURL} + + require.Equal(t, true, auth.TryAuthenticate(result, r, source.NewMockSource())) + require.Equal(t, http.StatusFound, result.Code) + redirect, err := url.Parse(result.Header().Get("Location")) + require.NoError(t, err) + + require.Equal(t, "/public-gitlab.example.com/oauth/authorize?client_id=id&redirect_uri=http://pages.gitlab-example.com/auth&response_type=code&state=state&scope=scope", redirect.String()) +} + func testTryAuthenticateWithCodeAndState(t *testing.T, https bool) { t.Helper() @@ -163,7 +179,7 @@ func testTryAuthenticateWithCodeAndState(t *testing.T, https bool) { apiServer.Start() defer apiServer.Close() - auth := createTestAuth(t, apiServer.URL) + auth := createTestAuth(t, apiServer.URL, "") domain := apiServer.URL if https { @@ -220,7 +236,7 @@ func TestCheckAuthenticationWhenAccess(t *testing.T) { apiServer.Start() defer apiServer.Close() - auth := createTestAuth(t, apiServer.URL) + auth := createTestAuth(t, apiServer.URL, "") result := httptest.NewRecorder() reqURL, err := url.Parse("/auth?code=1&state=state") @@ -256,7 +272,7 @@ func TestCheckAuthenticationWhenNoAccess(t *testing.T) { apiServer.Start() defer apiServer.Close() - auth := createTestAuth(t, apiServer.URL) + auth := createTestAuth(t, apiServer.URL, "") w := httptest.NewRecorder() @@ -300,7 +316,7 @@ func TestCheckAuthenticationWhenInvalidToken(t *testing.T) { apiServer.Start() defer apiServer.Close() - auth := createTestAuth(t, apiServer.URL) + auth := createTestAuth(t, apiServer.URL, "") result := httptest.NewRecorder() reqURL, err := url.Parse("/auth?code=1&state=state") @@ -335,7 +351,7 @@ func TestCheckAuthenticationWithoutProject(t *testing.T) { apiServer.Start() defer apiServer.Close() - auth := createTestAuth(t, apiServer.URL) + auth := createTestAuth(t, apiServer.URL, "") result := httptest.NewRecorder() reqURL, err := url.Parse("/auth?code=1&state=state") @@ -371,7 +387,7 @@ func TestCheckAuthenticationWithoutProjectWhenInvalidToken(t *testing.T) { apiServer.Start() defer apiServer.Close() - auth := createTestAuth(t, apiServer.URL) + auth := createTestAuth(t, apiServer.URL, "") result := httptest.NewRecorder() reqURL, err := url.Parse("/auth?code=1&state=state") @@ -404,7 +420,7 @@ func TestGenerateKeys(t *testing.T) { } func TestGetTokenIfExistsWhenTokenExists(t *testing.T) { - auth := createTestAuth(t, "") + auth := createTestAuth(t, "", "") result := httptest.NewRecorder() reqURL, err := url.Parse("/") @@ -423,7 +439,7 @@ func TestGetTokenIfExistsWhenTokenExists(t *testing.T) { } func TestGetTokenIfExistsWhenTokenDoesNotExist(t *testing.T) { - auth := createTestAuth(t, "") + auth := createTestAuth(t, "", "") result := httptest.NewRecorder() reqURL, err := url.Parse("http://pages.gitlab-example.com/test") @@ -441,7 +457,7 @@ func TestGetTokenIfExistsWhenTokenDoesNotExist(t *testing.T) { } func TestCheckResponseForInvalidTokenWhenInvalidToken(t *testing.T) { - auth := createTestAuth(t, "") + auth := createTestAuth(t, "", "") result := httptest.NewRecorder() reqURL, err := url.Parse("http://pages.gitlab-example.com/test") @@ -456,7 +472,7 @@ func TestCheckResponseForInvalidTokenWhenInvalidToken(t *testing.T) { } func TestCheckResponseForInvalidTokenWhenNotInvalidToken(t *testing.T) { - auth := createTestAuth(t, "") + auth := createTestAuth(t, "", "") result := httptest.NewRecorder() reqURL, err := url.Parse("/something") diff --git a/internal/config/config.go b/internal/config/config.go index b9deef3b..9261b705 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -102,7 +102,7 @@ type Cache struct { // GitLab groups settings related to configuring GitLab client used to // interact with GitLab API type GitLab struct { - Server string + PublicServer string InternalServer string APISecretKey []byte ClientHTTPTimeout time.Duration @@ -156,7 +156,7 @@ func internalGitlabServerFromFlags() string { return *internalGitLabServer } - return *gitLabServer + return *publicGitLabServer } func setGitLabAPISecretKey(secretFile string, config *Config) error { @@ -276,7 +276,7 @@ func loadConfig() (*Config, error) { } // Populating remaining GitLab settings - config.GitLab.Server = *gitLabServer + config.GitLab.PublicServer = *publicGitLabServer config.GitLab.InternalServer = internalGitlabServerFromFlags() @@ -326,7 +326,7 @@ func LogConfig(config *Config) { "status_path": config.General.StatusPath, "tls-min-version": *tlsMinVersion, "tls-max-version": *tlsMaxVersion, - "gitlab-server": config.GitLab.Server, + "gitlab-server": config.GitLab.PublicServer, "internal-gitlab-server": config.GitLab.InternalServer, "api-secret-key": *gitLabAPISecretKey, "domain-config-source": config.General.DomainConfigurationSource, diff --git a/internal/config/flags.go b/internal/config/flags.go index 72f4edc8..28a318c4 100644 --- a/internal/config/flags.go +++ b/internal/config/flags.go @@ -29,8 +29,8 @@ var ( logFormat = flag.String("log-format", "json", "The log output format: 'text' or 'json'") logVerbose = flag.Bool("log-verbose", false, "Verbose logging") secret = flag.String("auth-secret", "", "Cookie store hash key, should be at least 32 bytes long") - gitLabServer = flag.String("gitlab-server", "", "GitLab server, for example https://www.gitlab.com") - internalGitLabServer = flag.String("internal-gitlab-server", "", "Internal GitLab server used for API requests, useful if you want to send that traffic over an internal load balancer, example value https://www.gitlab.com (defaults to value of gitlab-server)") + publicGitLabServer = flag.String("gitlab-server", "", "Public GitLab server, for example https://www.gitlab.com") + internalGitLabServer = flag.String("internal-gitlab-server", "", "Internal GitLab server used for API requests, useful if you want to send that traffic over an internal load balancer, example value https://gitlab.example.internal (defaults to value of gitlab-server)") gitLabAPISecretKey = flag.String("api-secret-key", "", "File with secret key used to authenticate with the GitLab API") gitlabClientHTTPTimeout = flag.Duration("gitlab-client-http-timeout", 10*time.Second, "GitLab API HTTP client connection timeout in seconds (default: 10s)") gitlabClientJWTExpiry = flag.Duration("gitlab-client-jwt-expiry", 30*time.Second, "JWT Token expiry time in seconds (default: 30s)") diff --git a/internal/config/validate.go b/internal/config/validate.go index dd6fec5d..f73aabff 100644 --- a/internal/config/validate.go +++ b/internal/config/validate.go @@ -40,7 +40,7 @@ func validateAuthConfig(config *Config) error { err := errors.New("auth-client-secret must be defined if authentication is supported") result = multierror.Append(result, err) } - if config.GitLab.Server == "" { + if config.GitLab.PublicServer == "" { err := errors.New("gitlab-server must be defined if authentication is supported") result = multierror.Append(result, err) } diff --git a/test/acceptance/auth_test.go b/test/acceptance/auth_test.go index 96205020..c6948c13 100644 --- a/test/acceptance/auth_test.go +++ b/test/acceptance/auth_test.go @@ -26,7 +26,7 @@ func TestWhenAuthIsDisabledPrivateIsNotAccessible(t *testing.T) { } func TestWhenAuthIsEnabledPrivateWillRedirectToAuthorize(t *testing.T) { - teardown := RunPagesProcessWithAuth(t, *pagesBinary, supportedListeners(), "") + teardown := RunPagesProcessWithAuth(t, *pagesBinary, supportedListeners(), "https://internal-gitlab-auth.com", "https://public-gitlab-auth.com") defer teardown() rsp, err := GetRedirectPage(t, httpsListener, "group.auth.gitlab-example.com", "private.project/") @@ -48,7 +48,7 @@ func TestWhenAuthIsEnabledPrivateWillRedirectToAuthorize(t *testing.T) { require.NoError(t, err) require.Equal(t, "https", url.Scheme) - require.Equal(t, "gitlab-auth.com", url.Host) + require.Equal(t, "public-gitlab-auth.com", url.Host) require.Equal(t, "/oauth/authorize", url.Path) require.Equal(t, "clientID", url.Query().Get("client_id")) require.Equal(t, "https://projects.gitlab-example.com/auth", url.Query().Get("redirect_uri")) @@ -57,7 +57,7 @@ func TestWhenAuthIsEnabledPrivateWillRedirectToAuthorize(t *testing.T) { } func TestWhenAuthDeniedWillCauseUnauthorized(t *testing.T) { - teardown := RunPagesProcessWithAuth(t, *pagesBinary, supportedListeners(), "") + teardown := RunPagesProcessWithAuth(t, *pagesBinary, supportedListeners(), "https://internal-gitlab-auth.com", "https://public-gitlab-auth.com") defer teardown() rsp, err := GetPageFromListener(t, httpsListener, "projects.gitlab-example.com", "/auth?error=access_denied") @@ -68,7 +68,7 @@ func TestWhenAuthDeniedWillCauseUnauthorized(t *testing.T) { require.Equal(t, http.StatusUnauthorized, rsp.StatusCode) } func TestWhenLoginCallbackWithWrongStateShouldFail(t *testing.T) { - teardown := RunPagesProcessWithAuth(t, *pagesBinary, supportedListeners(), "") + teardown := RunPagesProcessWithAuth(t, *pagesBinary, supportedListeners(), "https://internal-gitlab-auth.com", "https://public-gitlab-auth.com") defer teardown() rsp, err := GetRedirectPage(t, httpsListener, "group.auth.gitlab-example.com", "private.project/") @@ -86,7 +86,7 @@ func TestWhenLoginCallbackWithWrongStateShouldFail(t *testing.T) { } func TestWhenLoginCallbackWithUnencryptedCode(t *testing.T) { - teardown := RunPagesProcessWithAuth(t, *pagesBinary, supportedListeners(), "") + teardown := RunPagesProcessWithAuth(t, *pagesBinary, supportedListeners(), "https://internal-gitlab-auth.com", "https://public-gitlab-auth.com") defer teardown() rsp, err := GetRedirectPage(t, httpsListener, "group.auth.gitlab-example.com", "private.project/") @@ -182,7 +182,7 @@ func TestAccessControlUnderCustomDomain(t *testing.T) { testServer.Start() defer testServer.Close() - teardown := RunPagesProcessWithGitlabServer(t, *pagesBinary, supportedListeners(), "", testServer.URL) + teardown := RunPagesProcessWithAuth(t, *pagesBinary, supportedListeners(), testServer.URL, "https://public-gitlab-auth.com") defer teardown() tests := map[string]struct { @@ -263,7 +263,7 @@ func TestCustomErrorPageWithAuth(t *testing.T) { testServer.Start() defer testServer.Close() - teardown := RunPagesProcessWithGitlabServer(t, *pagesBinary, supportedListeners(), "", testServer.URL) + teardown := RunPagesProcessWithAuth(t, *pagesBinary, supportedListeners(), testServer.URL, "https://public-gitlab-auth.com") defer teardown() tests := []struct { @@ -373,7 +373,7 @@ func TestAccessControlUnderCustomDomainWithHTTPSProxy(t *testing.T) { testServer.Start() defer testServer.Close() - teardown := RunPagesProcessWithGitlabServer(t, *pagesBinary, supportedListeners(), "", testServer.URL) + teardown := RunPagesProcessWithAuth(t, *pagesBinary, supportedListeners(), testServer.URL, "https://public-gitlab-auth.com") defer teardown() rsp, err := GetProxyRedirectPageWithCookie(t, proxyListener, "private.domain.com", "/", "", true) @@ -435,7 +435,7 @@ func TestAccessControlUnderCustomDomainWithHTTPSProxy(t *testing.T) { } func TestAccessControlGroupDomain404RedirectsAuth(t *testing.T) { - teardown := RunPagesProcessWithAuth(t, *pagesBinary, supportedListeners(), "") + teardown := RunPagesProcessWithAuth(t, *pagesBinary, supportedListeners(), "https://internal-gitlab-auth.com", "https://public-gitlab-auth.com") defer teardown() rsp, err := GetRedirectPage(t, httpListener, "group.gitlab-example.com", "/nonexistent/") @@ -449,7 +449,7 @@ func TestAccessControlGroupDomain404RedirectsAuth(t *testing.T) { require.Equal(t, "/auth", url.Path) } func TestAccessControlProject404DoesNotRedirect(t *testing.T) { - teardown := RunPagesProcessWithAuth(t, *pagesBinary, supportedListeners(), "") + teardown := RunPagesProcessWithAuth(t, *pagesBinary, supportedListeners(), "https://internal-gitlab-auth.com", "https://public-gitlab-auth.com") defer teardown() rsp, err := GetRedirectPage(t, httpListener, "group.gitlab-example.com", "/project/nonexistent/") @@ -649,7 +649,7 @@ func TestHijackedCode(t *testing.T) { testServer.Start() defer testServer.Close() - teardown := RunPagesProcessWithGitlabServer(t, *pagesBinary, supportedListeners(), "", testServer.URL) + teardown := RunPagesProcessWithAuth(t, *pagesBinary, supportedListeners(), testServer.URL, "https://public-gitlab-auth.com") defer teardown() /****ATTACKER******/ diff --git a/test/acceptance/helpers_test.go b/test/acceptance/helpers_test.go index ebb498d0..2aa7041d 100644 --- a/test/acceptance/helpers_test.go +++ b/test/acceptance/helpers_test.go @@ -260,13 +260,14 @@ func RunPagesProcessWithStubGitLabServer(t *testing.T, opts ...processOption) *L return logBuf } -func RunPagesProcessWithAuth(t *testing.T, pagesBinary string, listeners []ListenSpec, promPort string) func() { +func RunPagesProcessWithAuth(t *testing.T, pagesBinary string, listeners []ListenSpec, internalServer string, publicServer string) func() { configFile, cleanup := defaultConfigFileWith(t, - "gitlab-server=https://gitlab-auth.com", + "internal-gitlab-server="+internalServer, + "gitlab-server="+publicServer, "auth-redirect-uri=https://projects.gitlab-example.com/auth") defer cleanup() - _, cleanup2 := runPagesProcess(t, true, pagesBinary, listeners, promPort, nil, + _, cleanup2 := runPagesProcess(t, true, pagesBinary, listeners, "", nil, "-config="+configFile, ) return cleanup2 |