terraform/internal/command/testdata/login-oauth-server/main.go

73 lines
1.7 KiB
Go
Raw Normal View History

Upgrade to Go 1.17 This includes the addition of the new "//go:build" comment form in addition to the legacy "// +build" notation, as produced by gofmt to ensure consistent behavior between Go versions. The new directives are all equivalent to what was present before, so there's no change in behavior. Go 1.17 continues to use the Unicode 13 tables as in Go 1.16, so this upgrade does not require also upgrading our Unicode-related dependencies. This upgrade includes the following breaking changes which will also appear as breaking changes for Terraform users, but that are consistent with the Terraform v1.0 compatibility promises. - On MacOS, Terraform now requires macOS 10.13 High Sierra or later. This upgrade also includes the following breaking changes which will appear as breaking changes for Terraform users that are inconsistent with our compatibility promises, but have justified exceptions as follows: - cidrsubnet, cidrhost, and cidrnetmask will now reject IPv4 CIDR addresses whose decimal components have leading zeros, where previously they would just silently ignore those leading zeros. This is a security-motivated exception to our compatibility promises, because some external systems interpret zero-prefixed octets as octal numbers rather than decimal, and thus the previous lenient parsing could lead to a different interpretation of the address between systems, and thus potentially allow bypassing policy when configuring firewall rules etc. This upgrade also includes the following breaking changes which could _potentially_ appear as breaking changes for Terraform users, but that do not in practice for the reasons given: - The Go net/url package no longer allows query strings with pairs separated by semicolons instead of ampersands. This primarily affects HTTP servers written in Go, and Terraform includes a special temporary HTTP server as part of its implementation of OAuth for "terraform login", but that server only needs to accept URLs created by Terraform itself and Terraform does not generate any URLs that would be rejected.
2021-08-17 02:19:17 +02:00
//go:build ignore
// +build ignore
// This file is a helper for those doing _manual_ testing of "terraform login"
// and/or "terraform logout" and want to start up a test OAuth server in a
// separate process for convenience:
//
// go run ./command/testdata/login-oauth-server/main.go :8080
//
// This is _not_ the main way to use this oauthserver package. For automated
// test code, import it as a normal Go package instead:
//
// import oauthserver "github.com/hashicorp/terraform/internal/command/testdata/login-oauth-server"
package main
import (
"fmt"
"net"
"net/http"
"os"
oauthserver "github.com/hashicorp/terraform/internal/command/testdata/login-oauth-server"
)
func main() {
if len(os.Args) < 2 {
fmt.Fprintln(os.Stderr, "Usage: go run ./command/testdata/login-oauth-server/main.go <listen-address>")
os.Exit(1)
}
host, port, err := net.SplitHostPort(os.Args[1])
if err != nil {
fmt.Fprintln(os.Stderr, "Invalid address: %s", err)
os.Exit(1)
}
if host == "" {
host = "127.0.0.1"
}
addr := fmt.Sprintf("%s:%s", host, port)
fmt.Printf("Will listen on %s...\n", addr)
fmt.Printf(
configExampleFmt,
fmt.Sprintf("http://%s:%s/authz", host, port),
fmt.Sprintf("http://%s:%s/token", host, port),
fmt.Sprintf("http://%s:%s/revoke", host, port),
)
server := &http.Server{
Addr: addr,
Handler: oauthserver.Handler,
}
err = server.ListenAndServe()
fmt.Fprintln(os.Stderr, err.Error())
}
const configExampleFmt = `
host "login-test.example.com" {
services = {
"login.v1" = {
authz = %q
token = %q
client = "placeholder"
grant_types = ["code", "password"]
}
"logout.v1" = %q
}
}
`