From c64818e08cffd443f9a3630a7f71b899dd55e19f Mon Sep 17 00:00:00 2001 From: emilioalvap Date: Fri, 13 Sep 2024 16:34:59 +0200 Subject: [PATCH] Add validation for cert paths when pushing to cloud --- .../push/__snapshots__/index.test.ts.snap | 27 ++++++++++ __tests__/push/index.test.ts | 53 +++++++++++++------ src/push/index.ts | 12 ++++- 3 files changed, 75 insertions(+), 17 deletions(-) diff --git a/__tests__/push/__snapshots__/index.test.ts.snap b/__tests__/push/__snapshots__/index.test.ts.snap index 82e93d04..c15f14ba 100644 --- a/__tests__/push/__snapshots__/index.test.ts.snap +++ b/__tests__/push/__snapshots__/index.test.ts.snap @@ -1,5 +1,32 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP +exports[`Push abort on push with clientCertificate.certPath used in cloud 1`] = ` +"Aborted. Invalid synthetics project settings. + +Certificate path options (certPath, keyPath, pfxPath) are not supported on cloud locations, use in-memory alternatives (cert, key, pfx) when running on cloud. + +Run 'npx @elastic/synthetics init' to create project with default settings. +" +`; + +exports[`Push abort on push with clientCertificate.keyPath used in cloud 1`] = ` +"Aborted. Invalid synthetics project settings. + +Certificate path options (certPath, keyPath, pfxPath) are not supported on cloud locations, use in-memory alternatives (cert, key, pfx) when running on cloud. + +Run 'npx @elastic/synthetics init' to create project with default settings. +" +`; + +exports[`Push abort on push with clientCertificate.pfxPath used in cloud 1`] = ` +"Aborted. Invalid synthetics project settings. + +Certificate path options (certPath, keyPath, pfxPath) are not supported on cloud locations, use in-memory alternatives (cert, key, pfx) when running on cloud. + +Run 'npx @elastic/synthetics init' to create project with default settings. +" +`; + exports[`Push error on empty project id 1`] = ` "Aborted. Invalid synthetics project settings. diff --git a/__tests__/push/index.test.ts b/__tests__/push/index.test.ts index 151762ac..3c8e6ecf 100644 --- a/__tests__/push/index.test.ts +++ b/__tests__/push/index.test.ts @@ -53,9 +53,7 @@ describe('Push', () => { ) { await writeFile( join(PROJECT_DIR, filename), - `export default { monitor: ${JSON.stringify( - monitor - )}, project: ${JSON.stringify(settings)} }` + `export default ${JSON.stringify({ ...settings, monitor })}` ); } @@ -89,20 +87,23 @@ describe('Push', () => { }); it('error on invalid location', async () => { - await fakeProjectSetup({ id: 'test-project' }, {}); + await fakeProjectSetup({ project: { id: 'test-project' } }, {}); const output = await runPush(); expect(output).toMatchSnapshot(); }); it('error when schedule is not present', async () => { - await fakeProjectSetup({ id: 'test-project' }, { locations: ['test-loc'] }); + await fakeProjectSetup( + { project: { id: 'test-project' } }, + { locations: ['test-loc'] } + ); const output = await runPush(); expect(output).toMatchSnapshot(); }); it('error on invalid schedule', async () => { await fakeProjectSetup( - { id: 'test-project' }, + { project: { id: 'test-project' } }, { locations: ['test-loc'], schedule: 12 } ); const output = await runPush(); @@ -111,7 +112,7 @@ describe('Push', () => { it('abort on push with different project id', async () => { await fakeProjectSetup( - { id: 'test-project' }, + { project: { id: 'test-project' } }, { locations: ['test-loc'], schedule: 3 } ); const output = await runPush( @@ -125,7 +126,13 @@ describe('Push', () => { it('error on invalid schedule in monitor DSL', async () => { await fakeProjectSetup( - { id: 'test-project', space: 'dummy', url: 'http://localhost:8080' }, + { + project: { + id: 'test-project', + space: 'dummy', + url: 'http://localhost:8080', + }, + }, { locations: ['test-loc'], schedule: 3 } ); const testJourney = join(PROJECT_DIR, 'test.journey.ts'); @@ -141,7 +148,7 @@ journey('journey 1', () => monitor.use({ id: 'j1', schedule: 8 }));` it('errors on duplicate browser monitors', async () => { await fakeProjectSetup( - { id: 'test-project', space: 'dummy', url: server.PREFIX }, + { project: { id: 'test-project', space: 'dummy', url: server.PREFIX } }, { locations: ['test-loc'], schedule: 3 } ); @@ -164,7 +171,7 @@ journey('duplicate name', () => monitor.use({ schedule: 15 }));` it('warn if throttling config is set', async () => { await fakeProjectSetup( - { id: 'test-project' }, + { project: { id: 'test-project' } }, { locations: ['test-loc'], schedule: 3 } ); const testJourney = join(PROJECT_DIR, 'test.journey.ts'); @@ -180,7 +187,7 @@ journey('duplicate name', () => monitor.use({ schedule: 15 }));` it('errors on duplicate lightweight monitors', async () => { await fakeProjectSetup( - { id: 'test-project', space: 'dummy', url: server.PREFIX }, + { project: { id: 'test-project', space: 'dummy', url: server.PREFIX } }, { locations: ['test-loc'], schedule: 3 } ); @@ -220,7 +227,7 @@ heartbeat.monitors: it('error on invalid CHUNK SIZE', async () => { await fakeProjectSetup( - { id: 'test-project', space: 'dummy', url: server.PREFIX }, + { project: { id: 'test-project', space: 'dummy', url: server.PREFIX } }, { locations: ['test-loc'], schedule: 3 } ); const output = await runPush(undefined, { CHUNK_SIZE: '251' }); @@ -231,7 +238,7 @@ heartbeat.monitors: it('respects valid CHUNK SIZE', async () => { await fakeProjectSetup( - { id: 'test-project', space: 'dummy', url: server.PREFIX }, + { project: { id: 'test-project', space: 'dummy', url: server.PREFIX } }, { locations: ['test-loc'], schedule: 3 } ); const testJourney = join(PROJECT_DIR, 'chunk.journey.ts'); @@ -260,7 +267,9 @@ heartbeat.monitors: beforeAll(async () => { server = await createKibanaTestServer(version); await fakeProjectSetup( - { id: 'test-project', space: 'dummy', url: server.PREFIX }, + { + project: { id: 'test-project', space: 'dummy', url: server.PREFIX }, + }, { locations: ['test-loc'], schedule: 3 } ); }); @@ -314,7 +323,7 @@ heartbeat.monitors: journey('journey 1', () => monitor.use({ id: 'j1' }));` ); await fakeProjectSetup( - { id: 'bar', space: 'dummy', url: server.PREFIX }, + { project: { id: 'bar', space: 'dummy', url: server.PREFIX } }, { locations: ['test-loc'], schedule: 3 }, 'synthetics.config.test.ts' ); @@ -330,4 +339,18 @@ heartbeat.monitors: }); }); }); + + ['certPath', 'keyPath', 'pfxPath'].forEach(key => { + it(`abort on push with clientCertificate.${key} used in cloud`, async () => { + await fakeProjectSetup( + { + project: { id: 'test-project', space: 'dummy', url: server.PREFIX }, + playwrightOptions: { clientCertificates: [{ [key]: 'test.file' }] }, + }, + { locations: ['test-loc'], schedule: 3 } + ); + const output = await runPush(); + expect(output).toMatchSnapshot(); + }); + }); }); diff --git a/src/push/index.ts b/src/push/index.ts index fe4f9dbb..40ecd585 100644 --- a/src/push/index.ts +++ b/src/push/index.ts @@ -223,8 +223,16 @@ export function validateSettings(opts: PushOptions) { - CLI '--schedule ' - Config file 'monitors.schedule' field`; } else if (opts.schedule && !ALLOWED_SCHEDULES.includes(opts.schedule)) { - reason = `Set default schedule(${opts.schedule - }) to one of the allowed values - ${ALLOWED_SCHEDULES.join(',')}`; + reason = `Set default schedule(${ + opts.schedule + }) to one of the allowed values - ${ALLOWED_SCHEDULES.join(',')}`; + } else if ( + opts.locations && + (opts?.playwrightOptions?.clientCertificates ?? []).filter(cert => { + return cert.certPath || cert.keyPath || cert.pfxPath; + }).length > 0 + ) { + reason = `Certificate path options (certPath, keyPath, pfxPath) are not supported on cloud locations, use in-memory alternatives (cert, key, pfx) when running on cloud.`; } if (!reason) return;