backport of commit 772cda4eb24360db53cb640c71cd32aec4aacfc1 (#21573)

Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
This commit is contained in:
hc-github-team-secure-vault-core 2023-07-05 09:47:58 -04:00 committed by GitHub
parent a2b98398e1
commit ea7fce78f8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 177 additions and 10 deletions

View File

@ -41,12 +41,12 @@ type SharedConfig struct {
// LogFormat specifies the log format. Valid values are "standard" and
// "json". The values are case-insenstive. If no log format is specified,
// then standard format will be used.
LogFile string `hcl:"log_file"`
LogFormat string `hcl:"log_format"`
LogLevel string `hcl:"log_level"`
LogFile string `hcl:"log_file"`
LogRotateDuration string `hcl:"log_rotate_duration"`
LogRotateBytes int `hcl:"log_rotate_bytes"`
LogRotateBytesRaw interface{} `hcl:"log_rotate_bytes"`
LogRotateDuration string `hcl:"log_rotate_duration"`
LogRotateMaxFiles int `hcl:"log_rotate_max_files"`
LogRotateMaxFilesRaw interface{} `hcl:"log_rotate_max_files"`
@ -167,16 +167,26 @@ func (c *SharedConfig) Sanitized() map[string]interface{} {
}
result := map[string]interface{}{
"disable_mlock": c.DisableMlock,
"cluster_name": c.ClusterName,
"default_max_request_duration": c.DefaultMaxRequestDuration,
"disable_mlock": c.DisableMlock,
"log_format": c.LogFormat,
"log_level": c.LogLevel,
"pid_file": c.PidFile,
}
"log_level": c.LogLevel,
"log_format": c.LogFormat,
"pid_file": c.PidFile,
"cluster_name": c.ClusterName,
// Optional log related settings
if c.LogFile != "" {
result["log_file"] = c.LogFile
}
if c.LogRotateBytes != 0 {
result["log_rotate_bytes"] = c.LogRotateBytes
}
if c.LogRotateDuration != "" {
result["log_rotate_duration"] = c.LogRotateDuration
}
if c.LogRotateMaxFiles != 0 {
result["log_rotate_max_files"] = c.LogRotateMaxFiles
}
// Sanitize listeners

View File

@ -0,0 +1,157 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package configutil
import (
"testing"
"github.com/stretchr/testify/require"
)
type mapValue[T any] struct {
Value T
IsFound bool
}
type expectedLogFields struct {
File mapValue[string]
Format mapValue[string]
Level mapValue[string]
RotateBytes mapValue[int]
RotateDuration mapValue[string]
RotateMaxFiles mapValue[int]
}
// TestSharedConfig_Sanitized_LogFields ensures that 'log related' shared config
// is sanitized as expected.
func TestSharedConfig_Sanitized_LogFields(t *testing.T) {
tests := map[string]struct {
Value *SharedConfig
IsNil bool
Expected expectedLogFields
}{
"nil": {
Value: nil,
IsNil: true,
},
"empty": {
Value: &SharedConfig{},
IsNil: false,
Expected: expectedLogFields{
Format: mapValue[string]{IsFound: true, Value: ""},
Level: mapValue[string]{IsFound: true, Value: ""},
},
},
"only-log-level-and-format": {
Value: &SharedConfig{
LogFormat: "json",
LogLevel: "warn",
},
IsNil: false,
Expected: expectedLogFields{
Format: mapValue[string]{IsFound: true, Value: "json"},
Level: mapValue[string]{IsFound: true, Value: "warn"},
},
},
"valid-log-fields": {
Value: &SharedConfig{
LogFile: "vault.log",
LogFormat: "json",
LogLevel: "warn",
LogRotateBytes: 1024,
LogRotateDuration: "30m",
LogRotateMaxFiles: -1,
},
IsNil: false,
Expected: expectedLogFields{
File: mapValue[string]{IsFound: true, Value: "vault.log"},
Format: mapValue[string]{IsFound: true, Value: "json"},
Level: mapValue[string]{IsFound: true, Value: "warn"},
RotateBytes: mapValue[int]{IsFound: true, Value: 1024},
RotateDuration: mapValue[string]{IsFound: true, Value: "30m"},
RotateMaxFiles: mapValue[int]{IsFound: true, Value: -1},
},
},
}
for name, tc := range tests {
name := name
tc := tc
t.Run(name, func(t *testing.T) {
cfg := tc.Value.Sanitized()
switch {
case tc.IsNil:
require.Nil(t, cfg)
default:
require.NotNil(t, cfg)
// Log file
val, found := cfg["log_file"]
switch {
case tc.Expected.File.IsFound:
require.True(t, found)
require.NotNil(t, val)
require.Equal(t, tc.Expected.File.Value, val)
default:
require.Nil(t, val)
}
// Log format
val, found = cfg["log_format"]
switch {
case tc.Expected.Format.IsFound:
require.True(t, found)
require.NotNil(t, val)
require.Equal(t, tc.Expected.Format.Value, val)
default:
require.Nil(t, val)
}
// Log level
val, found = cfg["log_level"]
switch {
case tc.Expected.Level.IsFound:
require.True(t, found)
require.NotNil(t, val)
require.Equal(t, tc.Expected.Level.Value, val)
default:
require.Nil(t, val)
}
// Log rotate bytes
val, found = cfg["log_rotate_bytes"]
switch {
case tc.Expected.RotateBytes.IsFound:
require.True(t, found)
require.NotNil(t, val)
require.Equal(t, tc.Expected.RotateBytes.Value, val)
default:
require.Nil(t, val)
}
// Log rotate duration
val, found = cfg["log_rotate_duration"]
switch {
case tc.Expected.RotateDuration.IsFound:
require.True(t, found)
require.NotNil(t, val)
require.Equal(t, tc.Expected.RotateDuration.Value, val)
default:
require.Nil(t, val)
}
// Log rotate max files
val, found = cfg["log_rotate_max_files"]
switch {
case tc.Expected.RotateMaxFiles.IsFound:
require.True(t, found)
require.NotNil(t, val)
require.Equal(t, tc.Expected.RotateMaxFiles.Value, val)
default:
require.Nil(t, val)
}
}
})
}
}