Add validation for cert paths when pushing to cloud

elastic · Sep 13, 2024 · c64818e · c64818e
1 parent 6145794
commit c64818e
Show file tree

Hide file tree

Showing 3 changed files with 75 additions and 17 deletions.
diff --git a/__tests__/push/__snapshots__/index.test.ts.snap b/__tests__/push/__snapshots__/index.test.ts.snap
@@ -1,5 +1,32 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
+exports[`Push abort on push with clientCertificate.certPath used in cloud 1`] = `
+"Aborted. Invalid synthetics project settings.
+
+Certificate path options (certPath, keyPath, pfxPath) are not supported on cloud locations, use in-memory alternatives (cert, key, pfx) when running on cloud.
+
+Run 'npx @elastic/synthetics init' to create project with default settings.
+"
+`;
+
+exports[`Push abort on push with clientCertificate.keyPath used in cloud 1`] = `
+"Aborted. Invalid synthetics project settings.
+
+Certificate path options (certPath, keyPath, pfxPath) are not supported on cloud locations, use in-memory alternatives (cert, key, pfx) when running on cloud.
+
+Run 'npx @elastic/synthetics init' to create project with default settings.
+"
+`;
+
+exports[`Push abort on push with clientCertificate.pfxPath used in cloud 1`] = `
+"Aborted. Invalid synthetics project settings.
+
+Certificate path options (certPath, keyPath, pfxPath) are not supported on cloud locations, use in-memory alternatives (cert, key, pfx) when running on cloud.
+
+Run 'npx @elastic/synthetics init' to create project with default settings.
+"
+`;
+
 exports[`Push error on empty project id 1`] = `
 "Aborted. Invalid synthetics project settings.
 

diff --git a/__tests__/push/index.test.ts b/__tests__/push/index.test.ts
@@ -53,9 +53,7 @@ describe('Push', () => {
   ) {
     await writeFile(
       join(PROJECT_DIR, filename),
-      `export default { monitor: ${JSON.stringify(
-        monitor
-      )}, project: ${JSON.stringify(settings)} }`
+      `export default ${JSON.stringify({ ...settings, monitor })}`
     );
   }
 
@@ -89,20 +87,23 @@ describe('Push', () => {
   });
 
   it('error on invalid location', async () => {
-    await fakeProjectSetup({ id: 'test-project' }, {});
+    await fakeProjectSetup({ project: { id: 'test-project' } }, {});
     const output = await runPush();
     expect(output).toMatchSnapshot();
   });
 
   it('error when schedule is not present', async () => {
-    await fakeProjectSetup({ id: 'test-project' }, { locations: ['test-loc'] });
+    await fakeProjectSetup(
+      { project: { id: 'test-project' } },
+      { locations: ['test-loc'] }
+    );
     const output = await runPush();
     expect(output).toMatchSnapshot();
   });
 
   it('error on invalid schedule', async () => {
     await fakeProjectSetup(
-      { id: 'test-project' },
+      { project: { id: 'test-project' } },
       { locations: ['test-loc'], schedule: 12 }
     );
     const output = await runPush();
@@ -111,7 +112,7 @@ describe('Push', () => {
 
   it('abort on push with different project id', async () => {
     await fakeProjectSetup(
-      { id: 'test-project' },
+      { project: { id: 'test-project' } },
       { locations: ['test-loc'], schedule: 3 }
     );
     const output = await runPush(
@@ -125,7 +126,13 @@ describe('Push', () => {
 
   it('error on invalid schedule in monitor DSL', async () => {
     await fakeProjectSetup(
-      { id: 'test-project', space: 'dummy', url: 'http://localhost:8080' },
+      {
+        project: {
+          id: 'test-project',
+          space: 'dummy',
+          url: 'http://localhost:8080',
+        },
+      },
       { locations: ['test-loc'], schedule: 3 }
     );
     const testJourney = join(PROJECT_DIR, 'test.journey.ts');
@@ -141,7 +148,7 @@ journey('journey 1', () => monitor.use({ id: 'j1', schedule: 8 }));`
 
   it('errors on duplicate browser monitors', async () => {
     await fakeProjectSetup(
-      { id: 'test-project', space: 'dummy', url: server.PREFIX },
+      { project: { id: 'test-project', space: 'dummy', url: server.PREFIX } },
       { locations: ['test-loc'], schedule: 3 }
     );
 
@@ -164,7 +171,7 @@ journey('duplicate name', () => monitor.use({ schedule: 15 }));`
 
   it('warn if throttling config is set', async () => {
     await fakeProjectSetup(
-      { id: 'test-project' },
+      { project: { id: 'test-project' } },
       { locations: ['test-loc'], schedule: 3 }
     );
     const testJourney = join(PROJECT_DIR, 'test.journey.ts');
@@ -180,7 +187,7 @@ journey('duplicate name', () => monitor.use({ schedule: 15 }));`
 
   it('errors on duplicate lightweight monitors', async () => {
     await fakeProjectSetup(
-      { id: 'test-project', space: 'dummy', url: server.PREFIX },
+      { project: { id: 'test-project', space: 'dummy', url: server.PREFIX } },
       { locations: ['test-loc'], schedule: 3 }
     );
 
@@ -220,7 +227,7 @@ heartbeat.monitors:
 
   it('error on invalid CHUNK SIZE', async () => {
     await fakeProjectSetup(
-      { id: 'test-project', space: 'dummy', url: server.PREFIX },
+      { project: { id: 'test-project', space: 'dummy', url: server.PREFIX } },
       { locations: ['test-loc'], schedule: 3 }
     );
     const output = await runPush(undefined, { CHUNK_SIZE: '251' });
@@ -231,7 +238,7 @@ heartbeat.monitors:
 
   it('respects valid CHUNK SIZE', async () => {
     await fakeProjectSetup(
-      { id: 'test-project', space: 'dummy', url: server.PREFIX },
+      { project: { id: 'test-project', space: 'dummy', url: server.PREFIX } },
       { locations: ['test-loc'], schedule: 3 }
     );
     const testJourney = join(PROJECT_DIR, 'chunk.journey.ts');
@@ -260,7 +267,9 @@ heartbeat.monitors:
       beforeAll(async () => {
         server = await createKibanaTestServer(version);
         await fakeProjectSetup(
-          { id: 'test-project', space: 'dummy', url: server.PREFIX },
+          {
+            project: { id: 'test-project', space: 'dummy', url: server.PREFIX },
+          },
           { locations: ['test-loc'], schedule: 3 }
         );
       });
@@ -314,7 +323,7 @@ heartbeat.monitors:
         journey('journey 1', () => monitor.use({ id: 'j1' }));`
         );
         await fakeProjectSetup(
-          { id: 'bar', space: 'dummy', url: server.PREFIX },
+          { project: { id: 'bar', space: 'dummy', url: server.PREFIX } },
           { locations: ['test-loc'], schedule: 3 },
           'synthetics.config.test.ts'
         );
@@ -330,4 +339,18 @@ heartbeat.monitors:
       });
     });
   });
+
+  ['certPath', 'keyPath', 'pfxPath'].forEach(key => {
+    it(`abort on push with clientCertificate.${key} used in cloud`, async () => {
+      await fakeProjectSetup(
+        {
+          project: { id: 'test-project', space: 'dummy', url: server.PREFIX },
+          playwrightOptions: { clientCertificates: [{ [key]: 'test.file' }] },
+        },
+        { locations: ['test-loc'], schedule: 3 }
+      );
+      const output = await runPush();
+      expect(output).toMatchSnapshot();
+    });
+  });
 });
diff --git a/src/push/index.ts b/src/push/index.ts
@@ -223,8 +223,16 @@ export function validateSettings(opts: PushOptions) {
   - CLI '--schedule <mins>'
   - Config file 'monitors.schedule' field`;
   } else if (opts.schedule && !ALLOWED_SCHEDULES.includes(opts.schedule)) {
-    reason = `Set default schedule(${opts.schedule
-      }) to one of the allowed values - ${ALLOWED_SCHEDULES.join(',')}`;
+    reason = `Set default schedule(${
+      opts.schedule
+    }) to one of the allowed values - ${ALLOWED_SCHEDULES.join(',')}`;
+  } else if (
+    opts.locations &&
+    (opts?.playwrightOptions?.clientCertificates ?? []).filter(cert => {
+      return cert.certPath || cert.keyPath || cert.pfxPath;
+    }).length > 0
+  ) {
+    reason = `Certificate path options (certPath, keyPath, pfxPath) are not supported on cloud locations, use in-memory alternatives (cert, key, pfx) when running on cloud.`;
   }
 
   if (!reason) return;