youtubebeat/vendor/github.com/elastic/beats/libbeat/common/config_test.go

// Licensed to Elasticsearch B.V. under one or more contributor
// license agreements. See the NOTICE file distributed with
// this work for additional information regarding copyright
// ownership. Elasticsearch B.V. licenses this file to you under
// the Apache License, Version 2.0 (the "License"); you may
// not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied.  See the License for the
// specific language governing permissions and limitations
// under the License.

package common

import (
	"fmt"
	"io/ioutil"
	"os"
	"runtime"
	"strings"
	"testing"

	"github.com/stretchr/testify/assert"
)

func TestConfigPrintDebug(t *testing.T) {
	tests := []struct {
		name      string
		selectors string
		config    map[string]interface{}
		expected  string
	}{
		{
			"No selector -> no output",
			"",
			map[string]interface{}{"name": "test"},
			"",
		},
		{
			"config selector redacts password in nested config",
			"config",
			map[string]interface{}{
				"config": map[string]interface{}{
					"password": "secret",
				},
			},
			`test:
{
  "config": {
    "password": "xxxxx"
  }
}
`,
		},
		{
			"config selector redacts password in nested array",
			"config",
			map[string]interface{}{
				"arr": []interface{}{
					map[string]interface{}{
						"password": "secret",
					},
				},
			},
			`test:
{
  "arr": [
    {
      "password": "xxxxx"
    }
  ]
}
`,
		},
		{
			"config-with-passwords does not redact",
			"config-with-passwords",
			map[string]interface{}{
				"config": map[string]interface{}{
					"password": "secret",
				},
			},
			`test:
{
  "config": {
    "password": "secret"
  }
}
`,
		},
	}

	origSelector := hasSelector
	origDebugf := configDebugf
	defer func() {
		hasSelector = origSelector
		configDebugf = origDebugf
	}()

	var buf string
	configDebugf = func(selector, msg string, extra ...interface{}) {
		if hasSelector(selector) {
			buf = buf + fmt.Sprintf(msg, extra...) + "\n"
		}
	}

	for i, test := range tests {
		t.Logf("run test (%v): %v", i, test.name)

		// reset selector and output buffer
		selectors := MakeStringSet(strings.Split(test.selectors, ",")...)
		buf = ""
		hasSelector = selectors.Has

		// create config
		cfg, err := NewConfigFrom(test.config)
		if err != nil {
			t.Fatal(err)
		}

		// create debug output
		cfg.PrintDebugf("test:")

		// validate debug output
		assert.Equal(t, test.expected, buf)
	}
}

func TestConfigFilePermissions(t *testing.T) {
	if !IsStrictPerms() {
		t.Skip("Skipping test because strict.perms is disabled")
	}

	f, err := ioutil.TempFile("", "writableConfig.yml")
	if err != nil {
		t.Fatal(err)
	}
	defer os.Remove(f.Name())
	defer f.Close()

	f.WriteString(`test.data: [1, 2, 3, 4]`)
	f.Sync()

	if _, err = LoadFile(f.Name()); err != nil {
		t.Fatal(err)
	}

	// Permissions checking isn't implemented for Windows DACLs.
	if runtime.GOOS == "windows" {
		return
	}

	if err = os.Chmod(f.Name(), 0460); err != nil {
		t.Fatal(err)
	}

	// Read will fail because config is group writable.
	_, err = LoadFile(f.Name())
	if assert.Error(t, err, "expected writable error") {
		assert.Contains(t, err.Error(), "writable")
	}
}