diff --git a/main/cmds.go b/main/cmds.go index 412ca2b..9b2004b 100644 --- a/main/cmds.go +++ b/main/cmds.go @@ -140,6 +140,13 @@ func enablePre(ctx *log.Context, hEnv HandlerEnvironment, seqNum int) error { // but last status file is still is "transitioning" ctx.Log("event", "check status", "message", "transitioning status detected but no process to handle it - set to success status") reportStatus(ctx, hEnv, seqNum, StatusSuccess, cmd{enable, "Enable", true, enablePre, 3}, "Last script execution didn't finish.") + } else { //agent restarts but execution is done and not transitioning + err = cleanUpSettings(hEnv.HandlerEnvironment.ConfigFolder) + if err != nil { + ctx.Log("message", "error clearing config folder") + } else { + ctx.Log("message", "config folder cleared successfully") + } } } os.Exit(0) @@ -189,6 +196,13 @@ func enable(ctx *log.Context, h HandlerEnvironment, seqNum int) (string, error) ctx.Log("event", "enable script failed") } + err = cleanUpSettings(h.HandlerEnvironment.ConfigFolder) + if err != nil { + ctx.Log("message", "error clearing config folder") + } else { + ctx.Log("message", "config folder cleared successfully") + } + msg := fmt.Sprintf("\n[stdout]\n%s\n[stderr]\n%s", string(stdoutTail), string(stderrTail)) // Always report nil for error because extension should not fail if script throws error // Error still will be reported in the message diff --git a/main/handlersettings_test.go b/main/handlersettings_test.go index 3d66377..66d8630 100644 --- a/main/handlersettings_test.go +++ b/main/handlersettings_test.go @@ -1,7 +1,14 @@ package main -import "testing" -import "github.com/stretchr/testify/require" +import ( + "io/ioutil" + "os" + "path/filepath" + "strconv" + "testing" + + "github.com/stretchr/testify/require" +) func Test_handlerSettingsValidate(t *testing.T) { // commandToExecute not specified @@ -98,3 +105,48 @@ func Test_toJSON(t *testing.T) { require.Nil(t, err) require.Equal(t, `{"a":3}`, s) } + +func Test_protectedSettingsTest(t *testing.T) { + //set up test direcotry + test files + testFolderPath := "/config" + settingsExtensionName := ".settings" + + err := createTestFiles(testFolderPath, settingsExtensionName) + require.NoError(t, err) + + err = cleanUpSettings(testFolderPath) + require.NoError(t, err) + + fileName := "" + for i := 0; i < 3; i++ { + fileName = filepath.Join(testFolderPath, strconv.FormatInt(int64(i), 10)+settingsExtensionName) + content, err := ioutil.ReadFile(fileName) + require.NoError(t, err) + require.Equal(t, len(content), 0) + } + + // cleanup + defer os.RemoveAll(testFolderPath) +} + +func createTestFiles(folderPath, settingsExtensionName string) error { + err := os.MkdirAll(folderPath, os.ModeDir) + if err != nil { + return err + } + fileName := "" + //create test directories + testContent := []byte("beep boop") + for i := 0; i < 3; i++ { + fileName = filepath.Join(folderPath, strconv.FormatInt(int64(i), 10)+settingsExtensionName) + file, err := os.Create(fileName) + if err != nil { + return err + } + size, err := file.Write(testContent) + if err != nil || size == 0 { + return err + } + } + return nil +} diff --git a/main/handlersettingscommon.go b/main/handlersettingscommon.go index 0caf991..87079cd 100644 --- a/main/handlersettingscommon.go +++ b/main/handlersettingscommon.go @@ -9,6 +9,7 @@ import ( "io/ioutil" "os/exec" "path/filepath" + "strings" ) const ( @@ -140,3 +141,23 @@ func unmarshalProtectedSettings(configFolder string, hs handlerSettingsCommon, v } return nil } + +// cleanUpSettings clears out the settings file [ex: 0.settings] to ensure no +// protected settings are logged in VM +func cleanUpSettings(configFolder string) error { + configDir, err := ioutil.ReadDir(configFolder) + if err != nil { + return err + } + content := []byte("") + for _, file := range configDir { + if strings.Compare(filepath.Ext(file.Name()), settingsFileSuffix) == 0 { //checking if its a settings file + filePath := filepath.Join(configFolder, file.Name()) + err = ioutil.WriteFile(filePath, content, 0644) + if err != nil { + return err + } + } + } + return nil +}