Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Secret store fixes for error log message and not writing eKuiper file unless it already exists #3787

Merged
merged 2 commits into from
Oct 28, 2021
Merged

fix: Secret store fixes for error log message and not writing eKuiper file unless it already exists #3787

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
75c4221
fix: Fix Error logging to properly include error message
Oct 27, 2021
44bd9db
fix: Don't write eKuiper file if file doesn't already exist
Oct 27, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion internal/security/secretstore/init.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -418,7 +418,7 @@ func (b *Bootstrap) BootstrapHandler(ctx context.Context, _ *sync.WaitGroup, _ s

err = ConfigureSecureMessageBus(configuration.SecureMessageBus, redis5Pair, lc)
if err != nil {
lc.Error("failed to configure for Secure Message Bus: %w", err)
lc.Errorf("failed to configure for Secure Message Bus: %s", err.Error())
os.Exit(1)
}

Expand Down
9 changes: 9 additions & 0 deletions internal/security/secretstore/secure-messagebus.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
package secretstore

import (
"errors"
"fmt"
"os"
"text/template"
Expand Down Expand Up @@ -101,6 +102,14 @@ func ConfigureSecureMessageBus(secureMessageBus config.SecureMessageBusInfo, red
}

func configureKuiperForSecureMessageBus(credentials UserPasswordPair, fileType string, fileTemplate string, path string, lc logger.LoggingClient) error {
// This capability depends on the eKuiper file existing, which depends on the version of eKuiper installed.
// If the file doesn't exist, then the eKuiper version installed doesn't use it, so skip the injection.
_, err := os.Stat(path)
if err != nil && errors.Is(err, os.ErrNotExist) {
lc.Infof("eKuiper file %s doesn't exist, skipping Secure MessageBus credentials injection", path)
return nil
}

tmpl, err := template.New("eKuiper").Parse(fileTemplate)
if err != nil {
return fmt.Errorf("failed to parse eKuiper %s template: %w", fileType, err)
Expand Down
48 changes: 33 additions & 15 deletions internal/security/secretstore/secure-messagebus_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,17 +39,19 @@ func TestConfigureSecureMessageBus(t *testing.T) {
}

tests := []struct {
Name string
Type string
Credentials UserPasswordPair
Expected *UserPasswordPair
ExpectError bool
Name string
Type string
ConnectionFileExists bool
Credentials UserPasswordPair
Expected *UserPasswordPair
ExpectError bool
}{
{"valid redis", redisSecureMessageBusType, validExpected, &validExpected, false},
{"valid blank", blankSecureMessageBusType, validExpected, nil, false},
{"valid none", noneSecureMessageBusType, validExpected, nil, false},
{"invalid type", "bogus", validExpected, nil, true},
{"invalid mqtt", mqttSecureMessageBusType, validExpected, nil, true},
{"valid redis - both files", redisSecureMessageBusType, true, validExpected, &validExpected, false},
{"valid redis - no connection file", redisSecureMessageBusType, false, validExpected, &validExpected, false},
{"valid blank", blankSecureMessageBusType, false, validExpected, nil, false},
{"valid none", noneSecureMessageBusType, false, validExpected, nil, false},
{"invalid type", "bogus", false, validExpected, nil, true},
{"invalid mqtt", mqttSecureMessageBusType, false, validExpected, nil, true},
}
for _, test := range tests {
t.Run(test.Name, func(t *testing.T) {
Expand All @@ -61,6 +63,16 @@ func TestConfigureSecureMessageBus(t *testing.T) {
_ = os.Remove(secureMessageBus.KuiperConnectionsPath)
}()

if test.Expected != nil {
_, err := os.Create(secureMessageBus.KuiperConfigPath)
require.NoError(t, err)

if test.ConnectionFileExists {
_, err := os.Create(secureMessageBus.KuiperConnectionsPath)
require.NoError(t, err)
}
}

secureMessageBus.Type = test.Type
err := ConfigureSecureMessageBus(secureMessageBus, test.Credentials, logger.NewMockClient())
if test.ExpectError {
Expand Down Expand Up @@ -88,11 +100,17 @@ func TestConfigureSecureMessageBus(t *testing.T) {
assert.True(t, strings.Contains(string(contents), test.Expected.User))
assert.True(t, strings.Contains(string(contents), test.Expected.Password))

// Connections file should have been written
contents, err = os.ReadFile(secureMessageBus.KuiperConnectionsPath)
require.NoError(t, err)
assert.True(t, strings.Contains(string(contents), test.Expected.User))
assert.True(t, strings.Contains(string(contents), test.Expected.Password))
if test.ConnectionFileExists {
// Connections file should have been written
contents, err = os.ReadFile(secureMessageBus.KuiperConnectionsPath)
require.NoError(t, err)
assert.True(t, strings.Contains(string(contents), test.Expected.User))
assert.True(t, strings.Contains(string(contents), test.Expected.Password))
} else {
// Connections file should not have been written
_, err = os.Stat(secureMessageBus.KuiperConnectionsPath)
require.True(t, os.IsNotExist(err))
}
})
}
}