tmp(acme-writer): force use of authentication env var

ipshipyard · Sep 16, 2024 · eef1770 · eef1770
1 parent ae0139e
commit eef1770
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/acme/writer.go b/acme/writer.go
@@ -82,7 +82,11 @@ func (c *acmeWriter) OnStartup() error {
 	authKey, found := os.LookupEnv(authEnvVar)
 	if found {
 		c.forgeAuthKey = authKey
+	} else {
+		// TODO: Remove when ready for rollout
+		return fmt.Errorf("environment variable %s not found", authEnvVar)
 	}
+
 	c.ln = ln
 
 	c.mux = mux.NewRouter()

diff --git a/e2e_test.go b/e2e_test.go
@@ -53,6 +53,10 @@ import (
 const forge = "libp2p.direct"
 const forgeRegistration = "registration.libp2p.direct"
 
+const authEnvVar = "FORGE_ACCESS_TOKEN"
+const authToken = "testToken"
+const authForgeHeader = "Forge-Authorization"
+
 var dnsServerAddress string
 var httpPort int
 
@@ -63,6 +67,11 @@ func TestMain(m *testing.M) {
 		os.Exit(1)
 	}
 
+	if err := os.Setenv(authEnvVar, authToken); err != nil {
+		fmt.Println(err.Error())
+		os.Exit(1)
+	}
+
 	defer os.RemoveAll(tmpDir)
 
 	tmpListener, err := net.Listen("tcp", ":0")
@@ -138,6 +147,7 @@ func TestSetACMEChallenge(t *testing.T) {
 		t.Fatal(err)
 	}
 	req.Host = forgeRegistration
+	req.Header.Set(authForgeHeader, authToken)
 
 	peerHTTPClient := &httppeeridauth.ClientPeerIDAuth{PrivKey: sk}
 	_, resp, err := peerHTTPClient.AuthenticatedDo(http.DefaultClient, req)
@@ -425,6 +435,7 @@ func TestLibp2pACMEE2E(t *testing.T) {
 		client.WithForgeDomain(forge), client.WithForgeRegistrationEndpoint(fmt.Sprintf("http://127.0.0.1:%d", httpPort)), client.WithCAEndpoint(acmeEndpoint), client.WithTrustedRoots(cas),
 		client.WithModifiedForgeRequest(func(req *http.Request) error {
 			req.Host = forgeRegistration
+			req.Header.Set(authForgeHeader, authToken)
 			return nil
 		}),
 		client.WithAllowPrivateForgeAddrs(),