17803: Ensure keys with mismatched case don't get used.

[arvados.git] / lib / config / load_test.go
diff --git a/lib/config/load_test.go b/lib/config/load_test.go

index 5e912f91aa835e51cec5210b1d6b52c1a9016e39..3e0368cc03835c7763c26534d237da882d5e8f3e 100644 (file)
--- a/lib/config/load_test.go
+++ b/lib/config/load_test.go
@@ -164,6 +164,7 @@ func (s *LoadSuite) TestSampleKeys(c *check.C) {
                 cfg, err := testLoader(c, yaml, nil).Load()
                 c.Assert(err, check.IsNil)
                 cc, err := cfg.GetCluster("z1111")
+               c.Assert(err, check.IsNil)
                 _, hasSample := cc.InstanceTypes["SAMPLE"]
                 c.Check(hasSample, check.Equals, false)
                 if strings.Contains(yaml, "Foo") {
@@ -191,21 +192,43 @@ func (s *LoadSuite) TestDeprecatedOrUnknownWarning(c *check.C) {
         _, err := testLoader(c, `
  Clusters:
    zzzzz:
-    postgresql: {}
-    BadKey: {}
-    Containers: {}
+    ManagementToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+    SystemRootToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+    Collections:
+     BlobSigningKey: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+    PostgreSQL: {}
+    BadKey1: {}
+    Containers:
+      RunTimeEngine: abc
      RemoteClusters:
        z2222:
          Host: z2222.arvadosapi.com
          Proxy: true
-        BadKey: badValue
+        BadKey2: badValue
+    Services:
+      KeepStore:
+        InternalURLs:
+          "http://host.example:12345": {}
+      # we use Keepproxy instead of Keepstore for the RendezVous test,
+      # to avoid the "keepstore has no volumes" warning
+      Keepproxy:
+        InternalURLs:
+          "http://host.example:12345":
+            # ideally we would reject Rendezvous here too, but
+            # currently we don't
+            RendezVous: x
+    ServiceS:
+      Keepstore:
+        InternalURLs:
+          "http://host.example:12345": {}
  `, &logbuf).Load()
         c.Assert(err, check.IsNil)
+       c.Log(logbuf.String())
         logs := strings.Split(strings.TrimSuffix(logbuf.String(), "\n"), "\n")
         for _, log := range logs {
-               c.Check(log, check.Matches, `.*deprecated or unknown config entry:.*BadKey.*`)
+               c.Check(log, check.Matches, `.*deprecated or unknown config entry:.*(RunTimeEngine.*RuntimeEngine|BadKey1|BadKey2|KeepStore|ServiceS|RendezVous).*`)
         }
-       c.Check(logs, check.HasLen, 2)
+       c.Check(logs, check.HasLen, 6)
  }
  
  func (s *LoadSuite) checkSAMPLEKeys(c *check.C, path string, x interface{}) {
@@ -260,6 +283,10 @@ func (s *LoadSuite) TestNoUnrecognizedKeysInDefaultConfig(c *check.C) {
         err = yaml.Unmarshal(buf, &loaded)
         c.Assert(err, check.IsNil)
  
+       c.Check(logbuf.String(), check.Matches, `(?ms).*SystemRootToken: secret token is not set.*`)
+       c.Check(logbuf.String(), check.Matches, `(?ms).*ManagementToken: secret token is not set.*`)
+       c.Check(logbuf.String(), check.Matches, `(?ms).*Collections.BlobSigningKey: secret token is not set.*`)
+       logbuf.Reset()
         loader.logExtraKeys(loaded, supplied, "")
         c.Check(logbuf.String(), check.Equals, "")
  }
@@ -268,7 +295,13 @@ func (s *LoadSuite) TestNoWarningsForDumpedConfig(c *check.C) {
         var logbuf bytes.Buffer
         logger := logrus.New()
         logger.Out = &logbuf
-       cfg, err := testLoader(c, `{"Clusters":{"zzzzz":{}}}`, &logbuf).Load()
+       cfg, err := testLoader(c, `
+Clusters:
+ zzzzz:
+  ManagementToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+  SystemRootToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+  Collections:
+   BlobSigningKey: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`, &logbuf).Load()
         c.Assert(err, check.IsNil)
         yaml, err := yaml.Marshal(cfg)
         c.Assert(err, check.IsNil)
@@ -278,18 +311,82 @@ func (s *LoadSuite) TestNoWarningsForDumpedConfig(c *check.C) {
         c.Check(logbuf.String(), check.Equals, "")
  }
  
+func (s *LoadSuite) TestUnacceptableTokens(c *check.C) {
+       for _, trial := range []struct {
+               short      bool
+               configPath string
+               example    string
+       }{
+               {false, "SystemRootToken", "SystemRootToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa_b_c"},
+               {false, "ManagementToken", "ManagementToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa b c"},
+               {false, "ManagementToken", "ManagementToken: \"$aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabc\""},
+               {false, "Collections.BlobSigningKey", "Collections: {BlobSigningKey: \"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa⛵\"}"},
+               {true, "SystemRootToken", "SystemRootToken: a_b_c"},
+               {true, "ManagementToken", "ManagementToken: a b c"},
+               {true, "ManagementToken", "ManagementToken: \"$abc\""},
+               {true, "Collections.BlobSigningKey", "Collections: {BlobSigningKey: \"⛵\"}"},
+       } {
+               c.Logf("trying bogus config: %s", trial.example)
+               _, err := testLoader(c, "Clusters:\n zzzzz:\n  "+trial.example, nil).Load()
+               if trial.short {
+                       c.Check(err, check.ErrorMatches, `Clusters.zzzzz.`+trial.configPath+`: unacceptable characters in token.*`)
+               } else {
+                       c.Check(err, check.ErrorMatches, `Clusters.zzzzz.`+trial.configPath+`: unacceptable characters in token.*`)
+               }
+       }
+}
+
  func (s *LoadSuite) TestPostgreSQLKeyConflict(c *check.C) {
         _, err := testLoader(c, `
  Clusters:
   zzzzz:
-  postgresql:
-   connection:
+  PostgreSQL:
+   Connection:
       DBName: dbname
       Host: host
  `, nil).Load()
         c.Check(err, check.ErrorMatches, `Clusters.zzzzz.PostgreSQL.Connection: multiple entries for "(dbname|host)".*`)
  }
  
+func (s *LoadSuite) TestBadClusterIDs(c *check.C) {
+       for _, data := range []string{`
+Clusters:
+ 123456:
+  ManagementToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+  SystemRootToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+  Collections:
+   BlobSigningKey: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+`, `
+Clusters:
+ 12345:
+  ManagementToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+  SystemRootToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+  Collections:
+   BlobSigningKey: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+  RemoteClusters:
+   Zzzzz:
+    Host: Zzzzz.arvadosapi.com
+    Proxy: true
+`, `
+Clusters:
+ abcde:
+  ManagementToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+  SystemRootToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+  Collections:
+   BlobSigningKey: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+  Login:
+   LoginCluster: zz-zz
+`,
+       } {
+               c.Log(data)
+               v, err := testLoader(c, data, nil).Load()
+               if v != nil {
+                       c.Logf("%#v", v.Clusters)
+               }
+               c.Check(err, check.ErrorMatches, `.*cluster ID should be 5 alphanumeric characters.*`)
+       }
+}
+
  func (s *LoadSuite) TestBadType(c *check.C) {
         for _, data := range []string{`
  Clusters:
@@ -358,10 +455,12 @@ Clusters:
  `)
  }
  
-func checkEquivalent(c *check.C, goty, expectedy string) {
-       gotldr := testLoader(c, goty, nil)
+func checkEquivalent(c *check.C, goty, expectedy string) string {
+       var logbuf bytes.Buffer
+       gotldr := testLoader(c, goty, &logbuf)
         expectedldr := testLoader(c, expectedy, nil)
         checkEquivalentLoaders(c, gotldr, expectedldr)
+       return logbuf.String()
  }
  
  func checkEqualYAML(c *check.C, got, expected interface{}) {