168 lines
3.4 KiB
Go
168 lines
3.4 KiB
Go
|
// Licensed to Elasticsearch B.V. under one or more contributor
|
||
|
// license agreements. See the NOTICE file distributed with
|
||
|
// this work for additional information regarding copyright
|
||
|
// ownership. Elasticsearch B.V. licenses this file to you under
|
||
|
// the Apache License, Version 2.0 (the "License"); you may
|
||
|
// not use this file except in compliance with the License.
|
||
|
// You may obtain a copy of the License at
|
||
|
//
|
||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||
|
//
|
||
|
// Unless required by applicable law or agreed to in writing,
|
||
|
// software distributed under the License is distributed on an
|
||
|
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||
|
// KIND, either express or implied. See the License for the
|
||
|
// specific language governing permissions and limitations
|
||
|
// under the License.
|
||
|
|
||
|
package common
|
||
|
|
||
|
import (
|
||
|
"fmt"
|
||
|
"io/ioutil"
|
||
|
"os"
|
||
|
"runtime"
|
||
|
"strings"
|
||
|
"testing"
|
||
|
|
||
|
"github.com/stretchr/testify/assert"
|
||
|
)
|
||
|
|
||
|
func TestConfigPrintDebug(t *testing.T) {
|
||
|
tests := []struct {
|
||
|
name string
|
||
|
selectors string
|
||
|
config map[string]interface{}
|
||
|
expected string
|
||
|
}{
|
||
|
{
|
||
|
"No selector -> no output",
|
||
|
"",
|
||
|
map[string]interface{}{"name": "test"},
|
||
|
"",
|
||
|
},
|
||
|
{
|
||
|
"config selector redacts password in nested config",
|
||
|
"config",
|
||
|
map[string]interface{}{
|
||
|
"config": map[string]interface{}{
|
||
|
"password": "secret",
|
||
|
},
|
||
|
},
|
||
|
`test:
|
||
|
{
|
||
|
"config": {
|
||
|
"password": "xxxxx"
|
||
|
}
|
||
|
}
|
||
|
`,
|
||
|
},
|
||
|
{
|
||
|
"config selector redacts password in nested array",
|
||
|
"config",
|
||
|
map[string]interface{}{
|
||
|
"arr": []interface{}{
|
||
|
map[string]interface{}{
|
||
|
"password": "secret",
|
||
|
},
|
||
|
},
|
||
|
},
|
||
|
`test:
|
||
|
{
|
||
|
"arr": [
|
||
|
{
|
||
|
"password": "xxxxx"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
`,
|
||
|
},
|
||
|
{
|
||
|
"config-with-passwords does not redact",
|
||
|
"config-with-passwords",
|
||
|
map[string]interface{}{
|
||
|
"config": map[string]interface{}{
|
||
|
"password": "secret",
|
||
|
},
|
||
|
},
|
||
|
`test:
|
||
|
{
|
||
|
"config": {
|
||
|
"password": "secret"
|
||
|
}
|
||
|
}
|
||
|
`,
|
||
|
},
|
||
|
}
|
||
|
|
||
|
origSelector := hasSelector
|
||
|
origDebugf := configDebugf
|
||
|
defer func() {
|
||
|
hasSelector = origSelector
|
||
|
configDebugf = origDebugf
|
||
|
}()
|
||
|
|
||
|
var buf string
|
||
|
configDebugf = func(selector, msg string, extra ...interface{}) {
|
||
|
if hasSelector(selector) {
|
||
|
buf = buf + fmt.Sprintf(msg, extra...) + "\n"
|
||
|
}
|
||
|
}
|
||
|
|
||
|
for i, test := range tests {
|
||
|
t.Logf("run test (%v): %v", i, test.name)
|
||
|
|
||
|
// reset selector and output buffer
|
||
|
selectors := MakeStringSet(strings.Split(test.selectors, ",")...)
|
||
|
buf = ""
|
||
|
hasSelector = selectors.Has
|
||
|
|
||
|
// create config
|
||
|
cfg, err := NewConfigFrom(test.config)
|
||
|
if err != nil {
|
||
|
t.Fatal(err)
|
||
|
}
|
||
|
|
||
|
// create debug output
|
||
|
cfg.PrintDebugf("test:")
|
||
|
|
||
|
// validate debug output
|
||
|
assert.Equal(t, test.expected, buf)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func TestConfigFilePermissions(t *testing.T) {
|
||
|
if !IsStrictPerms() {
|
||
|
t.Skip("Skipping test because strict.perms is disabled")
|
||
|
}
|
||
|
|
||
|
f, err := ioutil.TempFile("", "writableConfig.yml")
|
||
|
if err != nil {
|
||
|
t.Fatal(err)
|
||
|
}
|
||
|
defer os.Remove(f.Name())
|
||
|
defer f.Close()
|
||
|
|
||
|
f.WriteString(`test.data: [1, 2, 3, 4]`)
|
||
|
f.Sync()
|
||
|
|
||
|
if _, err = LoadFile(f.Name()); err != nil {
|
||
|
t.Fatal(err)
|
||
|
}
|
||
|
|
||
|
// Permissions checking isn't implemented for Windows DACLs.
|
||
|
if runtime.GOOS == "windows" {
|
||
|
return
|
||
|
}
|
||
|
|
||
|
if err = os.Chmod(f.Name(), 0460); err != nil {
|
||
|
t.Fatal(err)
|
||
|
}
|
||
|
|
||
|
// Read will fail because config is group writable.
|
||
|
_, err = LoadFile(f.Name())
|
||
|
if assert.Error(t, err, "expected writable error") {
|
||
|
assert.Contains(t, err.Error(), "writable")
|
||
|
}
|
||
|
}
|