diff options
| author | Andrei Pavel <andrei@isc.org> | 2021-03-22 16:09:20 +0100 |
|---|---|---|
| committer | Andrei Pavel <andrei@isc.org> | 2021-05-21 15:22:00 +0200 |
| commit | 7490558912c7be5b527d1b10a4ded1738d9a4856 (patch) | |
| tree | 7e613faed3560ef8f8f7b76d21db72f021f6c7ef /src/lib/testutils | |
| parent | [#1721] order-conscious filtering of redact paths (diff) | |
| download | kea-7490558912c7be5b527d1b10a4ded1738d9a4856.tar.xz kea-7490558912c7be5b527d1b10a4ded1738d9a4856.zip | |
[#1721] unit tests for redaction
Diffstat (limited to 'src/lib/testutils')
| -rw-r--r-- | src/lib/testutils/dhcp_test_lib.sh.in | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/src/lib/testutils/dhcp_test_lib.sh.in b/src/lib/testutils/dhcp_test_lib.sh.in index 9915ab5405..73ffd02264 100644 --- a/src/lib/testutils/dhcp_test_lib.sh.in +++ b/src/lib/testutils/dhcp_test_lib.sh.in @@ -1020,3 +1020,80 @@ server_pid_file_test() { # All ok. Shut down the server and exit. test_finish 0 } + +# This test verifies that passwords are redacted in logs. +# This function takes 2 parameters: +# test_name +# config - string with a content of the config (will be written to a file) +# expected_code - expected exit code returned by kea (0 - success, 1 - failure) +password_redact_test() { + local test_name="${1}" + local config="${2}" + local expected_code="${3}" + + # Log the start of the test and print test name. + test_start "${test_name}" + # Remove dangling Kea instances and remove log files. + cleanup + # Create correct configuration file. + create_config "${config}" + # Instruct Control Agent to log to the specific file. + set_logger + # Check it + printf "Running command %s.\n" "\"${bin_path}/${bin} -d -t ${CFG_FILE}\"" + run_command \ + "${bin_path}/${bin}" -d -t "${CFG_FILE}" + if [ "${EXIT_CODE}" -ne "${expected_code}" ]; then + printf 'ERROR: expected exit code %s, got %s\n' "${expected_code}" "${EXIT_CODE}" + clean_exit 1 + fi + if grep -q 'sensitive' "${LOG_FILE}"; then + printf "ERROR: sensitive is present in logs\n" + clean_exit 1 + fi + if ! grep -q 'superadmin' "${LOG_FILE}"; then + printf "ERROR: superadmin is not present in logs\n" + clean_exit 1 + fi + test_finish 0 +} + +# kea-dhcp[46] configuration with a password +# used for redact tests: +# - sensitive should be hidden +# - superadmin should be visible +kea_dhcp_config() { + printf ' +{ + "Dhcp%s": { + "config-control": { + "config-databases": [ + { + "password": "sensitive", + "type": "mysql", + "user": "keatest" + } + ] + }, + "hosts-database": { + "password": "sensitive", + "type": "mysql", + "user": "keatest" + }, + "lease-database": { + "password": "sensitive", + "type": "mysql", + "user": "keatest" + }, + "user-context": { + "password": "superadmin", + "secret": "superadmin", + "shared-info": { + "password": "superadmin", + "secret": "superadmin" + } + } + } +} +' "${1}" +} |