Skip to content

Commit f6c98ef

Browse files
author
Lenny Goodell
authored
fix: Fix Secure MessageBus Secret validation for non-secure mode (#233)
username & password can be blank in non-secure mode. closes #232 Signed-off-by: lenny <[email protected]>
1 parent b20a018 commit f6c98ef

File tree

2 files changed

+32
-17
lines changed

2 files changed

+32
-17
lines changed

bootstrap/messaging/messaging.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ import (
2323
"sync"
2424

2525
"github.com/edgexfoundry/go-mod-bootstrap/v2/bootstrap/container"
26+
"github.com/edgexfoundry/go-mod-bootstrap/v2/bootstrap/secret"
2627
"github.com/edgexfoundry/go-mod-bootstrap/v2/bootstrap/startup"
2728
"github.com/edgexfoundry/go-mod-bootstrap/v2/config"
2829
"github.com/edgexfoundry/go-mod-bootstrap/v2/di"
@@ -205,7 +206,7 @@ func GetSecretData(authMode string, secretName string, provider SecretDataProvid
205206
func ValidateSecretData(authMode string, secretName string, secretData *SecretData) error {
206207
switch authMode {
207208
case AuthModeUsernamePassword:
208-
if secretData.Username == "" || secretData.Password == "" {
209+
if secret.IsSecurityEnabled() && (secretData.Username == "" || secretData.Password == "") {
209210
return fmt.Errorf("AuthModeUsernamePassword selected however Username or Password was not found for secret=%s", secretName)
210211
}
211212

bootstrap/messaging/messaging_test.go

Lines changed: 30 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ import (
99

1010
"github.com/edgexfoundry/go-mod-bootstrap/v2/bootstrap/container"
1111
"github.com/edgexfoundry/go-mod-bootstrap/v2/bootstrap/interfaces/mocks"
12+
"github.com/edgexfoundry/go-mod-bootstrap/v2/bootstrap/secret"
1213
"github.com/edgexfoundry/go-mod-bootstrap/v2/bootstrap/startup"
1314
"github.com/edgexfoundry/go-mod-bootstrap/v2/config"
1415
"github.com/edgexfoundry/go-mod-bootstrap/v2/di"
@@ -157,47 +158,57 @@ func TestGetSecretData(t *testing.T) {
157158
func TestValidateSecrets(t *testing.T) {
158159
tests := []struct {
159160
Name string
161+
SecureMode bool
160162
AuthMode string
161-
secrets SecretData
163+
SecretData SecretData
162164
ErrorExpectation bool
163165
ErrorMessage string
164166
}{
165-
{"Invalid AuthMode", "BadAuthMode", SecretData{}, true, "Invalid AuthMode of 'BadAuthMode' selected"},
166-
{"No Auth No error", AuthModeNone, SecretData{}, false, ""},
167-
{"UsernamePassword No Error", AuthModeUsernamePassword, SecretData{
167+
{"Invalid AuthMode", true, "BadAuthMode", SecretData{}, true, "Invalid AuthMode of 'BadAuthMode' selected"},
168+
{"No Auth No error", true, AuthModeNone, SecretData{}, false, ""},
169+
{"UsernamePassword No Error", true, AuthModeUsernamePassword, SecretData{
168170
Username: "user",
169171
Password: "Password",
170172
}, false, ""},
171-
{"UsernamePassword Error no Username", AuthModeUsernamePassword, SecretData{
173+
{"UsernamePassword Error no Username", true, AuthModeUsernamePassword, SecretData{
172174
Password: "Password",
173175
}, true, "AuthModeUsernamePassword selected however Username or Password was not found for secret=unit-test"},
174-
{"UsernamePassword Error no Password", AuthModeUsernamePassword, SecretData{
176+
{"UsernamePassword blank - non-secure", false, AuthModeUsernamePassword, SecretData{
177+
Username: "",
178+
Password: "",
179+
}, false, ""},
180+
{"UsernamePassword Error no Password", true, AuthModeUsernamePassword, SecretData{
175181
Username: "user",
176182
}, true, "AuthModeUsernamePassword selected however Username or Password was not found for secret=unit-test"},
177-
{"ClientCert No Error", AuthModeCert, SecretData{
183+
{"ClientCert No Error", true, AuthModeCert, SecretData{
178184
CertPemBlock: []byte("----"),
179185
KeyPemBlock: []byte("----"),
180186
}, false, ""},
181-
{"ClientCert No Key", AuthModeCert, SecretData{
187+
{"ClientCert No Key", true, AuthModeCert, SecretData{
182188
CertPemBlock: []byte("----"),
183189
}, true, "AuthModeCert selected however the key or cert PEM block was not found for secret=unit-test"},
184-
{"ClientCert No Cert", AuthModeCert, SecretData{
190+
{"ClientCert No Cert", true, AuthModeCert, SecretData{
185191
KeyPemBlock: []byte("----"),
186192
}, true, "AuthModeCert selected however the key or cert PEM block was not found for secret=unit-test"},
187-
{"CACert no error", AuthModeCA, SecretData{
193+
{"CACert no error", true, AuthModeCA, SecretData{
188194
CaPemBlock: []byte(testCACert),
189195
}, false, ""},
190-
{"CACert invalid error", AuthModeCA, SecretData{
196+
{"CACert invalid error", true, AuthModeCA, SecretData{
191197
CaPemBlock: []byte(`------`),
192198
}, true, "Error parsing CA Certificate"},
193-
{"CACert no ca error", AuthModeCA, SecretData{}, true, "AuthModeCA selected however no PEM Block was found for secret=unit-test"},
199+
{"CACert no ca error", true, AuthModeCA, SecretData{}, true, "AuthModeCA selected however no PEM Block was found for secret=unit-test"},
194200
}
195201

196202
for _, test := range tests {
197203
t.Run(test.Name, func(t *testing.T) {
198-
result := ValidateSecretData(test.AuthMode, "unit-test", &test.secrets)
204+
if test.SecureMode {
205+
_ = os.Setenv(secret.EnvSecretStore, "true")
206+
defer func() { _ = os.Setenv(secret.EnvSecretStore, "false") }()
207+
}
208+
209+
result := ValidateSecretData(test.AuthMode, "unit-test", &test.SecretData)
199210
if test.ErrorExpectation {
200-
assert.Error(t, result, "Result should be an error")
211+
require.Error(t, result, "Result should be an error")
201212
assert.Equal(t, test.ErrorMessage, result.(error).Error())
202213
} else {
203214
assert.Nil(t, result, "Should be nil")
@@ -207,6 +218,9 @@ func TestValidateSecrets(t *testing.T) {
207218
}
208219

209220
func TestSetOptionalAuthData(t *testing.T) {
221+
_ = os.Setenv(secret.EnvSecretStore, "true")
222+
defer func() { _ = os.Setenv(secret.EnvSecretStore, "false") }()
223+
210224
tests := []struct {
211225
Name string
212226
Authmode string
@@ -287,9 +301,9 @@ func TestSetOptionalAuthData(t *testing.T) {
287301
if test.Provider != nil {
288302
if len(test.SecretName) == 0 {
289303
test.SecretName = "notfound"
290-
test.Provider.On("GetSecret", test.SecretName).Return(nil, errors.New("Not Found"))
304+
test.Provider.On("GetSecret", test.SecretName).Return(nil, errors.New("Not Found")).Once()
291305
} else {
292-
test.Provider.On("GetSecret", test.SecretName).Return(test.SecretData, nil)
306+
test.Provider.On("GetSecret", test.SecretName).Return(test.SecretData, nil).Once()
293307
}
294308

295309
dic = di.NewContainer(di.ServiceConstructorMap{

0 commit comments

Comments
 (0)