Workhorse: Allow HTTPS for backends

As part of a requirement to use end-to-end encryption, Workhorse needs to be able to speak HTTPS for the auth backend. This has been tested with SSL enabled on Puma. Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/353011 Changelog: added

Workhorse: Allow HTTPS for backends
As part of a requirement to use end-to-end encryption, Workhorse needs to be able to speak HTTPS for the auth backend. This has been tested with SSL enabled on Puma. Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/353011 Changelog: added
24fbcde5 · Stan Hu · 4a9f2ab7 · 24fbcde5 · 24fbcde5
Commit 24fbcde5 authored Feb 18, 2022 by Stan Hu
Show whitespace changes
Inline Side-by-side

Showing with 4 additions and 3 deletions

workhorse/backend.go workhorse/backend.go +2 -2

workhorse/backend_test.go workhorse/backend_test.go +2 -1

No files found.
--- a/workhorse/backend.go
+++ b/workhorse/backend.go
@@ -18,8 +18,8 @@ func parseAuthBackend(authBackend string) (*url.URL, error) {
 		}
 	}

-	if backendURL.Scheme != "http" {
-		return nil, fmt.Errorf("invalid scheme, only 'http' is allowed: %q", authBackend)
+	if backendURL.Scheme != "http" && backendURL.Scheme != "https" {
+		return nil, fmt.Errorf("invalid scheme, only 'http' and 'https' are allowed: %q", authBackend)
 	}

 	if backendURL.Host == "" {

--- a/workhorse/backend_test.go
+++ b/workhorse/backend_test.go
@@ -10,7 +10,7 @@ func TestParseAuthBackendFailure(t *testing.T) {
 	failures := []string{
 		"",
 		"ftp://localhost",
-		"https://example.com",
+		"gopher://example.com",
 	}

 	for _, example := range failures {
@@ -27,6 +27,7 @@ func TestParseAuthBackend(t *testing.T) {
 		{"localhost:3000", "localhost:3000", "http"},
 		{"http://localhost", "localhost", "http"},
 		{"localhost", "localhost", "http"},
+		{"https://localhost", "localhost", "https"},
 	}

 	for _, example := range successes {