fixed tests & added abort conditions for auto-repo-file

also uses cast.ToBool to be on-par with vipers bool parsing from string
creativeprojects · Mar 17, 2024 · 48f391b · 48f391b
1 parent 2c0d464
commit 48f391b
Show file tree

Hide file tree

Showing 5 changed files with 131 additions and 28 deletions.
diff --git a/config/confidential_test.go b/config/confidential_test.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
+	"github.com/creativeprojects/resticprofile/platform"
 	"github.com/creativeprojects/resticprofile/util/templates"
 	"github.com/stretchr/testify/require"
 	"os"
@@ -284,6 +285,9 @@ func TestGetNonConfidentialArgs(t *testing.T) {
 }
 
 func TestGetAutoRepositoryFile(t *testing.T) {
+	require.NoError(t, os.Unsetenv("RESTIC_REPOSITORY"))
+	require.NoError(t, os.Unsetenv("RESTIC_REPOSITORY_FILE"))
+
 	tests := map[string]bool{
 		"/path/to/file":                      false,
 		"file:/path/to/file":                 false,
@@ -302,6 +306,10 @@ func TestGetAutoRepositoryFile(t *testing.T) {
 			require.NoError(t, err)
 			args := profile.GetCommandFlags(constants.CommandBackup)
 
+			if usesFile && platform.IsWindows() {
+				usesFile = false // Windows has no support for repository file right now (as temp files can't be forced to private with standard go API)
+			}
+
 			if usesFile {
 				file := templates.TempFile("my-profile-repo.txt")
 				expected := shell.NewArg(file, shell.ArgConfigEscape).String()
@@ -318,6 +326,55 @@ func TestGetAutoRepositoryFile(t *testing.T) {
 	}
 }
 
+func TestGetAutoRepositoryFileDisabledWithEnv(t *testing.T) {
+	if platform.IsWindows() {
+		t.Skip()
+	}
+
+	tests := []string{
+		"RESTIC_REPOSITORY",
+		"RESTIC_REPOSITORY_FILE",
+	}
+
+	for _, envKey := range tests {
+		t.Run(envKey, func(t *testing.T) {
+			config := fmt.Sprintf(`
+				[my-profile]
+				repository = %q
+            `, defaultHttpUrl)
+
+			defer os.Unsetenv(envKey)
+			profile, err := getResolvedProfile("toml", config, "my-profile")
+			require.NoError(t, err)
+
+			hasRepoFlag := func() (found bool) {
+				_, found = profile.GetCommandFlags(constants.CommandBackup).Get("repo")
+				return
+			}
+
+			t.Run("no-env", func(t *testing.T) {
+				require.NoError(t, os.Unsetenv(envKey))
+				profile.Environment = nil
+				assert.False(t, hasRepoFlag())
+			})
+
+			t.Run("profile-env", func(t *testing.T) {
+				require.NoError(t, os.Unsetenv(envKey))
+				profile.Environment = map[string]ConfidentialValue{
+					envKey: NewConfidentialValue("1"),
+				}
+				assert.True(t, hasRepoFlag())
+			})
+
+			t.Run("os-env", func(t *testing.T) {
+				require.NoError(t, os.Setenv(envKey, "1"))
+				profile.Environment = nil
+				assert.True(t, hasRepoFlag())
+			})
+		})
+	}
+}
+
 func TestConfidentialToJSON(t *testing.T) {
 	t.Run("marshal", func(t *testing.T) {
 		value := NewConfidentialValue("plain")

diff --git a/config/global.go b/config/global.go
@@ -4,6 +4,7 @@ import (
 	"time"
 
 	"github.com/creativeprojects/resticprofile/constants"
+	"github.com/creativeprojects/resticprofile/util/maybe"
 )
 
 // Global holds the configuration from the global section
@@ -15,7 +16,7 @@ type Global struct {
 	Priority             string              `mapstructure:"priority" default:"normal" enum:"idle;background;low;normal;high;highest" description:"Sets process priority class for resticprofile and child processes (on any OS)"`
 	DefaultCommand       string              `mapstructure:"default-command" default:"snapshots" description:"The restic or resticprofile command to use when no command was specified"`
 	Initialize           bool                `mapstructure:"initialize" default:"false" description:"Initialize a repository if missing"`
-	NoAutoRepositoryFile bool                `mapstructure:"prevent-auto-repository-file" default:"false" description:"Prevents using a repository file for repository definitions containing a password"`
+	NoAutoRepositoryFile maybe.Bool          `mapstructure:"prevent-auto-repository-file" default:"false" description:"Prevents using a repository file for repository definitions containing a password"`
 	ResticBinary         string              `mapstructure:"restic-binary" description:"Full path of the restic executable (detected if not set)"`
 	ResticVersion        string              // not configurable at the moment. To be set after ResticBinary is known.
 	FilterResticFlags    bool                `mapstructure:"restic-arguments-filter" default:"true" description:"Remove unknown flags instead of passing all configured flags to restic"`

diff --git a/config/profile.go b/config/profile.go
@@ -752,24 +752,39 @@ func (p *Profile) replaceWithRepositoryFile(repository *ConfidentialValue, repos
 		*repositoryFile = origFile
 	}
 
-	if !p.hasConfig() || p.config.mustGetGlobalSection().NoAutoRepositoryFile {
+	// abort if repo is not confidential or a file is in use already
+	if !repository.IsConfidential() || len(origFile) > 0 {
 		return
 	}
 
-	if repository.IsConfidential() && len(*repositoryFile) == 0 {
-		file, err := templates.PrivateTempFile(fmt.Sprintf("%s%s-repo.txt", p.Name, suffix))
-		if err != nil {
-			clog.Debugf(`private file %s not supported: %s`, file, err.Error())
+	// abort by global config or environment
+	var global *Global
+	if p.hasConfig() {
+		global = p.config.mustGetGlobalSection()
+	}
+	if global == nil || global.NoAutoRepositoryFile.IsTrue() {
+		return
+	} else if global.NoAutoRepositoryFile.IsUndefined() {
+		env := p.GetEnvironment(true)
+		if len(env.Get("RESTIC_REPOSITORY")) > 0 || len(env.Get("RESTIC_REPOSITORY_FILE")) > 0 {
+			clog.Debug("restic repository is set using environment variables, not replacing plain \"repository\" argument")
 			return
 		}
+	}
 
-		if err = os.WriteFile(file, []byte(origRepo.Value()), 0600); err == nil {
-			clog.Debugf(`replaced plain "repository" argument with "repository-file" (%s) to avoid password leak`, file)
-			*repository = NewConfidentialValue("")
-			*repositoryFile = file
-		} else {
-			clog.Debugf(`failed writing %s: %s`, file, err.Error())
-		}
+	// apply temporary change
+	file, err := templates.PrivateTempFile(fmt.Sprintf("%s%s-repo.txt", p.Name, suffix))
+	if err != nil {
+		clog.Debugf(`private file %s not supported: %s`, file, err.Error())
+		return
+	}
+
+	if err = os.WriteFile(file, []byte(origRepo.Value()), 0600); err == nil {
+		clog.Debugf(`replaced plain "repository" argument with "repository-file" (%s) to avoid password leak`, file)
+		*repository = NewConfidentialValue("")
+		*repositoryFile = file
+	} else {
+		clog.Debugf(`failed writing %s: %s`, file, err.Error())
 	}
 	return
 }

diff --git a/util/maybe/bool.go b/util/maybe/bool.go
@@ -1,7 +1,10 @@
 package maybe
 
 import (
+	"errors"
+	"github.com/spf13/cast"
 	"reflect"
+	"strconv"
 )
 
 type Bool struct {
@@ -45,17 +48,25 @@ func BoolFromNilable(value *bool) Bool {
 
 // BoolDecoder implements config parsing for maybe.Bool
 func BoolDecoder() func(from reflect.Type, to reflect.Type, data interface{}) (interface{}, error) {
-	boolValueType := reflect.TypeOf(Bool{})
+	fromType := reflect.TypeOf(true)
+	valueType := reflect.TypeOf(Bool{})
 
-	return func(from reflect.Type, to reflect.Type, data interface{}) (interface{}, error) {
-		if from != reflect.TypeOf(true) || to != boolValueType {
-			return data, nil
+	return func(from reflect.Type, to reflect.Type, data interface{}) (result interface{}, err error) {
+		result = data
+		if to != valueType {
+			return
 		}
-		boolValue, ok := data.(bool)
-		if !ok {
-			// it should never happen
-			return data, nil
+
+		if value, e := cast.ToBoolE(data); e == nil {
+			from = fromType
+			data = value
+		} else if errors.Is(e, new(strconv.NumError)) {
+			err = e
+		}
+
+		if err == nil && from == fromType {
+			result = SetBool(data.(bool))
 		}
-		return Bool{Set(boolValue)}, nil
+		return
 	}
 }
diff --git a/util/maybe/bool_test.go b/util/maybe/bool_test.go
@@ -1,6 +1,7 @@
 package maybe_test
 
 import (
+	"fmt"
 	"reflect"
 	"testing"
 
@@ -77,10 +78,10 @@ func TestBoolDecoder(t *testing.T) {
 		expected any
 	}{
 		{
-			from:     reflect.TypeOf(""),
+			from:     reflect.TypeOf(struct{}{}),
 			to:       reflect.TypeOf(maybe.Bool{}),
-			source:   true,
-			expected: true, // same value returned as the "from" type in unexpected
+			source:   struct{}{},
+			expected: struct{}{}, // same value returned as the "from" type in unexpected
 		},
 		{
 			from:     reflect.TypeOf(true),
@@ -89,11 +90,29 @@ func TestBoolDecoder(t *testing.T) {
 			expected: false, // same value returned as the "to" type in unexpected
 		},
 		{
-			from:     reflect.TypeOf(true),
+			from:     reflect.TypeOf(""),
 			to:       reflect.TypeOf(maybe.Bool{}),
 			source:   "",
 			expected: "", // same value returned as the original value in unexpected
 		},
+		{
+			from:     reflect.TypeOf(""),
+			to:       reflect.TypeOf(maybe.Bool{}),
+			source:   "true",
+			expected: maybe.True(),
+		},
+		{
+			from:     reflect.TypeOf(""),
+			to:       reflect.TypeOf(maybe.Bool{}),
+			source:   "t",
+			expected: maybe.True(),
+		},
+		{
+			from:     reflect.TypeOf(""),
+			to:       reflect.TypeOf(maybe.Bool{}),
+			source:   "f",
+			expected: maybe.False(),
+		},
 		{
 			from:     reflect.TypeOf(true),
 			to:       reflect.TypeOf(maybe.Bool{}),
@@ -107,8 +126,8 @@ func TestBoolDecoder(t *testing.T) {
 			expected: maybe.False(),
 		},
 	}
-	for _, fixture := range fixtures {
-		t.Run("", func(t *testing.T) {
+	for i, fixture := range fixtures {
+		t.Run(fmt.Sprintf("%d", i), func(t *testing.T) {
 			decoder := maybe.BoolDecoder()
 			decoded, err := decoder(fixture.from, fixture.to, fixture.source)
 			assert.NoError(t, err)