diff --git a/code/go/internal/validator/spec.go b/code/go/internal/validator/spec.go index de4f7e2ef..007b358b8 100644 --- a/code/go/internal/validator/spec.go +++ b/code/go/internal/validator/spec.go @@ -106,7 +106,14 @@ func processErrors(errs specerrors.ValidationErrors) specerrors.ValidationErrors original string new string }{ - {"Must not validate the schema (not)", "Must not be present"}, + { + original: "Must not validate the schema (not)", + new: "Must not be present", + }, + { + original: "secret is required", + new: "variable identified as possible secret, secret parameter required to be set to true or false", + }, } redundant := []string{ "Must validate \"then\" as \"if\" was valid", diff --git a/code/go/pkg/validator/validator_test.go b/code/go/pkg/validator/validator_test.go index 3cd8e1679..5fd5130fe 100644 --- a/code/go/pkg/validator/validator_test.go +++ b/code/go/pkg/validator/validator_test.go @@ -194,6 +194,13 @@ func TestValidateFile(t *testing.T) { "field vars.0: Additional property secret is not allowed", }, }, + "bad_secret_vars_v3": { + "manifest.yml", + []string{ + "field vars.0: variable identified as possible secret, secret parameter required to be set to true or false", + "field vars.1: variable identified as possible secret, secret parameter required to be set to true or false", + }, + }, "bad_lifecycle": { "data_stream/test/lifecycle.yml", []string{ diff --git a/spec/changelog.yml b/spec/changelog.yml index b4f603baf..5c2a1a94e 100644 --- a/spec/changelog.yml +++ b/spec/changelog.yml @@ -10,6 +10,9 @@ - description: Add parquet files in terraform service deployer type: enhancement link: https://github.com/elastic/package-spec/pull/662 + - description: Require to define if a variable is a secret if it looks like a secret + type: enhancement + link: https://github.com/elastic/package-spec/pull/665 - version: 3.0.1 changes: - description: Using non-GA versions of the spec in GA packages produces a filterable validation error instead of a warning diff --git a/spec/integration/data_stream/manifest.spec.yml b/spec/integration/data_stream/manifest.spec.yml index ee103799b..02c61ba2a 100644 --- a/spec/integration/data_stream/manifest.spec.yml +++ b/spec/integration/data_stream/manifest.spec.yml @@ -115,39 +115,51 @@ spec: default: description: Default value(s) for variable $ref: "#/definitions/input_variable_value" - if: - properties: - type: - const: select - then: - required: - - options - properties: - options: - description: List of options for select type - type: array - items: - type: object - additionalProperties: false - properties: - value: - type: string - examples: - - node - - cluster - text: - type: string - examples: - - node - - cluster - required: - - value - - text - min_items: 1 - else: - not: - required: - - options + allOf: + - if: + properties: + type: + const: select + then: + required: + - options + properties: + options: + description: List of options for select type + type: array + items: + type: object + additionalProperties: false + properties: + value: + type: string + examples: + - node + - cluster + text: + type: string + examples: + - node + - cluster + required: + - value + - text + min_items: 1 + else: + not: + required: + - options + - if: + anyOf: + - properties: + name: + pattern: "(access_key|api_key|passphrase|password|secret|token)" + - properties: + type: + const: password + then: + required: + - secret required: - name - type @@ -494,6 +506,11 @@ spec: - title # JSON patches for newer versions should be placed on top versions: + - before: 3.0.2 + patch: + # Required secret for variables that look like secrets. + - op: remove + path: /definitions/vars/items/allOf/1 - before: 3.0.0 patch: # Stricter validation of elasticsearch settings and mappings. diff --git a/test/packages/bad_secret_vars_v3/LICENSE.txt b/test/packages/bad_secret_vars_v3/LICENSE.txt new file mode 100644 index 000000000..809108b85 --- /dev/null +++ b/test/packages/bad_secret_vars_v3/LICENSE.txt @@ -0,0 +1,93 @@ +Elastic License 2.0 + +URL: https://www.elastic.co/licensing/elastic-license + +## Acceptance + +By using the software, you agree to all of the terms and conditions below. + +## Copyright License + +The licensor grants you a non-exclusive, royalty-free, worldwide, +non-sublicensable, non-transferable license to use, copy, distribute, make +available, and prepare derivative works of the software, in each case subject to +the limitations and conditions below. + +## Limitations + +You may not provide the software to third parties as a hosted or managed +service, where the service provides users with access to any substantial set of +the features or functionality of the software. + +You may not move, change, disable, or circumvent the license key functionality +in the software, and you may not remove or obscure any functionality in the +software that is protected by the license key. + +You may not alter, remove, or obscure any licensing, copyright, or other notices +of the licensor in the software. Any use of the licensor’s trademarks is subject +to applicable law. + +## Patents + +The licensor grants you a license, under any patent claims the licensor can +license, or becomes able to license, to make, have made, use, sell, offer for +sale, import and have imported the software, in each case subject to the +limitations and conditions in this license. This license does not cover any +patent claims that you cause to be infringed by modifications or additions to +the software. If you or your company make any written claim that the software +infringes or contributes to infringement of any patent, your patent license for +the software granted under these terms ends immediately. If your company makes +such a claim, your patent license ends immediately for work on behalf of your +company. + +## Notices + +You must ensure that anyone who gets a copy of any part of the software from you +also gets a copy of these terms. + +If you modify the software, you must include in any modified copies of the +software prominent notices stating that you have modified the software. + +## No Other Rights + +These terms do not imply any licenses other than those expressly granted in +these terms. + +## Termination + +If you use the software in violation of these terms, such use is not licensed, +and your licenses will automatically terminate. If the licensor provides you +with a notice of your violation, and you cease all violation of this license no +later than 30 days after you receive that notice, your licenses will be +reinstated retroactively. However, if you violate these terms after such +reinstatement, any additional violation of these terms will cause your licenses +to terminate automatically and permanently. + +## No Liability + +*As far as the law allows, the software comes as is, without any warranty or +condition, and the licensor will not be liable to you for any damages arising +out of these terms or the use or nature of the software, under any kind of +legal claim.* + +## Definitions + +The **licensor** is the entity offering these terms, and the **software** is the +software the licensor makes available under these terms, including any portion +of it. + +**you** refers to the individual or entity agreeing to these terms. + +**your company** is any legal entity, sole proprietorship, or other kind of +organization that you work for, plus all organizations that have control over, +are under the control of, or are under common control with that +organization. **control** means ownership of substantially all the assets of an +entity, or the power to direct its management and policies by vote, contract, or +otherwise. Control can be direct or indirect. + +**your licenses** are all the licenses granted to you for the software under +these terms. + +**use** means anything you do with the software requiring one of your licenses. + +**trademark** means trademarks, service marks, and similar rights. diff --git a/test/packages/bad_secret_vars_v3/changelog.yml b/test/packages/bad_secret_vars_v3/changelog.yml new file mode 100644 index 000000000..bb0320a52 --- /dev/null +++ b/test/packages/bad_secret_vars_v3/changelog.yml @@ -0,0 +1,6 @@ +# newer versions go on top +- version: "0.0.1" + changes: + - description: Initial draft of the package + type: enhancement + link: https://github.com/elastic/integrations/pull/1 # FIXME Replace with the real PR link diff --git a/test/packages/bad_secret_vars_v3/docs/README.md b/test/packages/bad_secret_vars_v3/docs/README.md new file mode 100644 index 000000000..0788220aa --- /dev/null +++ b/test/packages/bad_secret_vars_v3/docs/README.md @@ -0,0 +1,84 @@ + + + +# Bad Select Vars + + + +## Data streams + + + + + + + + + + + +## Requirements + +You need Elasticsearch for storing and searching your data and Kibana for visualizing and managing it. +You can use our hosted Elasticsearch Service on Elastic Cloud, which is recommended, or self-manage the Elastic Stack on your own hardware. + + + +## Setup + + + +For step-by-step instructions on how to set up an integration, see the +[Getting started](https://www.elastic.co/guide/en/welcome-to-elastic/current/getting-started-observability.html) guide. + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/test/packages/bad_secret_vars_v3/img/sample-logo.svg b/test/packages/bad_secret_vars_v3/img/sample-logo.svg new file mode 100644 index 000000000..6268dd88f --- /dev/null +++ b/test/packages/bad_secret_vars_v3/img/sample-logo.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/test/packages/bad_secret_vars_v3/img/sample-screenshot.png b/test/packages/bad_secret_vars_v3/img/sample-screenshot.png new file mode 100644 index 000000000..d7a56a3ec Binary files /dev/null and b/test/packages/bad_secret_vars_v3/img/sample-screenshot.png differ diff --git a/test/packages/bad_secret_vars_v3/manifest.yml b/test/packages/bad_secret_vars_v3/manifest.yml new file mode 100644 index 000000000..5183600b4 --- /dev/null +++ b/test/packages/bad_secret_vars_v3/manifest.yml @@ -0,0 +1,44 @@ +format_version: 3.0.2 +name: bad_secret_vars_v3 +title: "Bad Select Vars" +version: 0.0.1 +source: + license: "Elastic-2.0" +description: "Invalid test package with secret vars" +type: integration +categories: + - custom +conditions: + kibana: + version: "^8.6.2" + elastic: + subscription: "basic" +vars: + - name: package_secret_by_type + type: password + title: Package Level Secret + show_user: true + - name: package_api_key + type: text + title: Package API Key +screenshots: + - src: /img/sample-screenshot.png + title: Sample screenshot + size: 600x600 + type: image/png +icons: + - src: /img/sample-logo.svg + title: Sample logo + size: 32x32 + type: image/svg+xml +policy_templates: + - name: sample + title: Sample logs + description: Collect sample logs + inputs: + - type: logfile + title: Collect sample logs from instances + description: Collecting sample logs +owner: + type: elastic + github: elastic/ecosystem diff --git a/test/packages/good_v3/manifest.yml b/test/packages/good_v3/manifest.yml index 4c22464c2..1e33ff455 100644 --- a/test/packages/good_v3/manifest.yml +++ b/test/packages/good_v3/manifest.yml @@ -1,4 +1,4 @@ -format_version: 3.0.0 +format_version: 3.0.2 name: good_v3 title: Good package description: This package is good for format version 3 diff --git a/test/packages/good_v3/validation.yml b/test/packages/good_v3/validation.yml index 06b762198..c23b6ed6c 100644 --- a/test/packages/good_v3/validation.yml +++ b/test/packages/good_v3/validation.yml @@ -1,3 +1,3 @@ errors: exclude_checks: - - "PSR00001" + - PSR00001 # Allow to use unreleased features in GA package.