Skip to content

Commit

Permalink
fix: Secret store fixes for error log message and not writing eKuiper…
Browse files Browse the repository at this point in the history
… file unless it already exists (#3787)

* fix: Fix Error logging to properly include error message

fixes #3784

Signed-off-by: Leonard Goodell <[email protected]>

* fix: Don't write eKuiper file if file doesn't already exist

fixes #3786

Signed-off-by: lenny <[email protected]>
Signed-off-by: Leonard Goodell <[email protected]>
  • Loading branch information
Lenny Goodell authored Oct 28, 2021
1 parent d325f45 commit 4a9701c
Show file tree
Hide file tree
Showing 3 changed files with 43 additions and 16 deletions.
2 changes: 1 addition & 1 deletion internal/security/secretstore/init.go
Original file line number Diff line number Diff line change
Expand Up @@ -418,7 +418,7 @@ func (b *Bootstrap) BootstrapHandler(ctx context.Context, _ *sync.WaitGroup, _ s

err = ConfigureSecureMessageBus(configuration.SecureMessageBus, redis5Pair, lc)
if err != nil {
lc.Error("failed to configure for Secure Message Bus: %w", err)
lc.Errorf("failed to configure for Secure Message Bus: %s", err.Error())
os.Exit(1)
}

Expand Down
9 changes: 9 additions & 0 deletions internal/security/secretstore/secure-messagebus.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
package secretstore

import (
"errors"
"fmt"
"os"
"text/template"
Expand Down Expand Up @@ -101,6 +102,14 @@ func ConfigureSecureMessageBus(secureMessageBus config.SecureMessageBusInfo, red
}

func configureKuiperForSecureMessageBus(credentials UserPasswordPair, fileType string, fileTemplate string, path string, lc logger.LoggingClient) error {
// This capability depends on the eKuiper file existing, which depends on the version of eKuiper installed.
// If the file doesn't exist, then the eKuiper version installed doesn't use it, so skip the injection.
_, err := os.Stat(path)
if err != nil && errors.Is(err, os.ErrNotExist) {
lc.Infof("eKuiper file %s doesn't exist, skipping Secure MessageBus credentials injection", path)
return nil
}

tmpl, err := template.New("eKuiper").Parse(fileTemplate)
if err != nil {
return fmt.Errorf("failed to parse eKuiper %s template: %w", fileType, err)
Expand Down
48 changes: 33 additions & 15 deletions internal/security/secretstore/secure-messagebus_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,17 +39,19 @@ func TestConfigureSecureMessageBus(t *testing.T) {
}

tests := []struct {
Name string
Type string
Credentials UserPasswordPair
Expected *UserPasswordPair
ExpectError bool
Name string
Type string
ConnectionFileExists bool
Credentials UserPasswordPair
Expected *UserPasswordPair
ExpectError bool
}{
{"valid redis", redisSecureMessageBusType, validExpected, &validExpected, false},
{"valid blank", blankSecureMessageBusType, validExpected, nil, false},
{"valid none", noneSecureMessageBusType, validExpected, nil, false},
{"invalid type", "bogus", validExpected, nil, true},
{"invalid mqtt", mqttSecureMessageBusType, validExpected, nil, true},
{"valid redis - both files", redisSecureMessageBusType, true, validExpected, &validExpected, false},
{"valid redis - no connection file", redisSecureMessageBusType, false, validExpected, &validExpected, false},
{"valid blank", blankSecureMessageBusType, false, validExpected, nil, false},
{"valid none", noneSecureMessageBusType, false, validExpected, nil, false},
{"invalid type", "bogus", false, validExpected, nil, true},
{"invalid mqtt", mqttSecureMessageBusType, false, validExpected, nil, true},
}
for _, test := range tests {
t.Run(test.Name, func(t *testing.T) {
Expand All @@ -61,6 +63,16 @@ func TestConfigureSecureMessageBus(t *testing.T) {
_ = os.Remove(secureMessageBus.KuiperConnectionsPath)
}()

if test.Expected != nil {
_, err := os.Create(secureMessageBus.KuiperConfigPath)
require.NoError(t, err)

if test.ConnectionFileExists {
_, err := os.Create(secureMessageBus.KuiperConnectionsPath)
require.NoError(t, err)
}
}

secureMessageBus.Type = test.Type
err := ConfigureSecureMessageBus(secureMessageBus, test.Credentials, logger.NewMockClient())
if test.ExpectError {
Expand Down Expand Up @@ -88,11 +100,17 @@ func TestConfigureSecureMessageBus(t *testing.T) {
assert.True(t, strings.Contains(string(contents), test.Expected.User))
assert.True(t, strings.Contains(string(contents), test.Expected.Password))

// Connections file should have been written
contents, err = os.ReadFile(secureMessageBus.KuiperConnectionsPath)
require.NoError(t, err)
assert.True(t, strings.Contains(string(contents), test.Expected.User))
assert.True(t, strings.Contains(string(contents), test.Expected.Password))
if test.ConnectionFileExists {
// Connections file should have been written
contents, err = os.ReadFile(secureMessageBus.KuiperConnectionsPath)
require.NoError(t, err)
assert.True(t, strings.Contains(string(contents), test.Expected.User))
assert.True(t, strings.Contains(string(contents), test.Expected.Password))
} else {
// Connections file should not have been written
_, err = os.Stat(secureMessageBus.KuiperConnectionsPath)
require.True(t, os.IsNotExist(err))
}
})
}
}

0 comments on commit 4a9701c

Please sign in to comment.