[CC-1227] Capability to provide environment variables from dashboard

[jegasega]

Description of your patch

env_var cookbook update for checking environment variable name for unallowed characters and escaping special characters inside variable value.

Recommended Release Notes

None.

Estimated risk

Low

Components involved

env_vars cookbook

Description of testing done

See QA instructions

QA Instructions

1. Create simple Ruby application. (https://github.com/engineyard/todo.git) can be used for this testing.
2. Boot the environment with the latest V5 stack version. Environment should be run with following parameters:

• Environment type - Single Instance.

3. SSH to the instance.
4. Add following lines to the /etc/chef/dna.json file after dh_key value:

                "environment_variables": [
                  {
                    "name": "MY_VAR_NAME",
                    "value": "VmFyaWFibGUgdmFsdWUgYCQoKQo="
                  }
                ]

5. Run Chef PATH=/usr/local/ey_resin/bin:$PATH /home/ey/bin/chef-solo -j /etc/chef/dna.json -c /etc/chef/solo.rb
6. Check /data/[YOUR APPLICATION NAME]/shared/config/env.cloud file. Ensure variable value characters are properly escaped.
7. Change dna.json environment variable data to:

                "environment_variables": [
                  {
                    "name": "'MY_VAR_NAME",
                    "value": "VmFyaWFibGUgdmFsdWUgYCQoKQo="
                  }
                ]

8. Run Chef PATH=/usr/local/ey_resin/bin:$PATH /home/ey/bin/chef-solo -j /etc/chef/dna.json -c /etc/chef/solo.rb
9. Check /data/[YOUR APPLICATION NAME]/shared/config/env.cloud file. Ensure that no variables with invalid characters in variable name appeared.

[jfuechsl]

This most likely needs to be ported to v6 as well.

[paulasaurus]

This fails.

Test was done via dashboard environmental variables page, though results in the same DNA changes.

For multiline variables such as https://cloud.engineyard.com/app_deployments/110413/environment/environment_variables/593/edit the final env.cloud looks like:

export COMESTRI_HAPROXY_CERT="-----BEGIN CERTIFICATE-----^MMIIGsTCCBZmgAwIBAgIII7sCppK4rUcwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV^MBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYD

rather than:

export COMESTRI_HAPROXY_CERT="-----BEGIN CERTIFICATE-----^M
MIIGsTCCBZmgAwIBAgIII7sCppK4rUcwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV^M
BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow^M

So new lines are removed, not sure how this would impact genuine environmental variables.

The bigger issue is that single line variables are removed completely: https://cloud.engineyard.com/app_deployments/110413/environment/environment_variables/773/edit which is "MY_VAR_NAME" "line1" or in the DNA:

"name": "MY_VAR_NAME",                                                                                                                                                                                         
"value": "bGluZTE="

Is export MY_VAR_NAME="" in the env.cloud file.

The dashboard environmental variables page actually rejected an incorrect name when testing. Do we still want to use this PR fix to reject variables should they ever be somehow injected directly into the DNA as per the testing steps here?