Skip to content

Commit

Permalink
Merge pull request #737 from snyk/fix/expose-broker-client-config-inf…
Browse files Browse the repository at this point in the history
…o-in-connection

feat: send clientconfig metadata to server [HYB-202]
  • Loading branch information
aarlaud authored Mar 28, 2024
2 parents 453b3aa + f30be1a commit 0a1cd8a
Show file tree
Hide file tree
Showing 10 changed files with 183 additions and 21 deletions.
19 changes: 0 additions & 19 deletions lib/client/dispatcher/index.ts
Original file line number Diff line number Diff line change
@@ -1,27 +1,8 @@
import { log as logger } from '../../logs/logger';
import { Config } from '../types/config';
import { hashToken } from '../../common/utils/token';
import { HttpDispatcherServiceClient } from './client/api';
import { ServerId, getServerIdFromDispatcher } from './dispatcher-service';

export function highAvailabilityModeEnabled(config: any): boolean {
// high availability mode is disabled per default
let highAvailabilityModeEnabled = false;

const highAvailabilityModeEnabledValue = (config as Config)
.BROKER_HA_MODE_ENABLED;

if (typeof highAvailabilityModeEnabledValue !== 'undefined') {
highAvailabilityModeEnabled =
highAvailabilityModeEnabledValue.toLowerCase() === 'true' ||
highAvailabilityModeEnabledValue.toLowerCase() === 'yes';
}

logger.info({ enabled: highAvailabilityModeEnabled }, 'checking for HA mode');

return highAvailabilityModeEnabled;
}

export async function getServerId(
config: any,
brokerToken: string,
Expand Down
3 changes: 2 additions & 1 deletion lib/client/hooks/startup/processHooks.ts
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
import { getServerId, highAvailabilityModeEnabled } from '../../dispatcher';
import { getServerId } from '../../dispatcher';
import { log as logger } from '../../../logs/logger';
import { executePreflightChecks, preflightChecksEnabled } from '../../checks';
import { commitSigningEnabled, commitSigningFilterRules } from '../../scm';
import { HookResults } from '../../types/client';
import { CheckResult } from '../../checks/types';
import { ClientOpts } from '../../../common/types/options';
import { highAvailabilityModeEnabled } from '../../utils/configHelpers';

export const processStartUpHooks = async (
clientOpts: ClientOpts,
Expand Down
2 changes: 2 additions & 0 deletions lib/client/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import { isWebsocketConnOpen } from './utils/socketHelpers';
import { loadAllFilters } from '../common/filter/filtersAsync';
import { ClientOpts, LoadedClientOpts } from '../common/types/options';
import { websocketConnectionSelectorMiddleware } from './routesHandler/websocketConnectionMiddlewares';
import { getClientConfigMetadata } from './utils/configHelpers';

process.on('uncaughtException', (error) => {
if (error.message == 'read ECONNRESET') {
Expand Down Expand Up @@ -59,6 +60,7 @@ export const main = async (clientOpts: ClientOpts) => {
filters: clientOpts.filters,
preflightChecks: hookResults.preflightCheckResults,
version,
clientConfig: getClientConfigMetadata(clientOpts.config),
};

let websocketConnections: WebSocketConnection[] = [];
Expand Down
1 change: 1 addition & 0 deletions lib/client/socket.ts
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,7 @@ export const createWebSocket = (
websocket.serverId = serverId || '';
websocket.friendlyName = identifyingMetadata.friendlyName || '';
}
websocket.clientConfig = identifyingMetadata.clientConfig;

logger.info(
{
Expand Down
4 changes: 3 additions & 1 deletion lib/client/socketHandlers/openHandler.ts
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ export const openHandler = (
: '****',
preflightChecks: identifyingMetadata.preflightChecks,
version: identifyingMetadata.version,
clientConfig: identifyingMetadata.clientConfig,
filters: identifyingMetadata.filters ?? {},
};
if (clientOps.config.universalBrokerEnabled) {
metadata['supportedIntegrationType'] =
Expand All @@ -36,7 +38,7 @@ export const openHandler = (
token: clientOps.config.universalBrokerEnabled
? identifyingMetadata.identifier
: clientOps.config.brokerToken,
metadata: identifyingMetadata,
metadata: metadata,
};
io.send('identify', clientData);
};
15 changes: 15 additions & 0 deletions lib/client/types/client.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,19 @@ export interface HookResults {
preflightCheckResults?: CheckResult[];
}

export interface ConfigMetadata {
haMode: boolean;
debugMode: boolean;
bodyLogMode: boolean;
credPooling: boolean;
privateCa: boolean;
tlsReject: boolean;
proxy: boolean;
customAccept: boolean;
insecureDownstream: boolean;
universalBroker: boolean;
}

export interface IdentifyingMetadata {
capabilities: string[];
clientId: string;
Expand All @@ -17,6 +30,7 @@ export interface IdentifyingMetadata {
socketVersion?: number;
socketType?: string;
friendlyName?: string;
clientConfig: ConfigMetadata;
}

export interface ConnectionMetadata {
Expand All @@ -40,6 +54,7 @@ export interface WebSocketConnection {
socketVersion?: any;
socketType?: string;
identifier?: string;
clientConfig?: any;
friendlyName?: string;
supportedIntegrationType: string;
serverId: string;
Expand Down
48 changes: 48 additions & 0 deletions lib/client/utils/configHelpers.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
import { ConfigMetadata } from '../types/client';
import { Config } from '../types/config';
import { log as logger } from '../../logs/logger';

export const getClientConfigMetadata = (
clientConfig: Record<string, any>,
): ConfigMetadata => {
const configMetadata: ConfigMetadata = {
haMode: highAvailabilityModeEnabled(clientConfig),
debugMode: clientConfig.logLevel === 'debug' ? true : false,
bodyLogMode: clientConfig.logEnableBody ? true : false,
credPooling: isCredPoolingUsed(clientConfig),
privateCa: clientConfig.nodeExtraCaCert ? true : false,
tlsReject:
parseInt(clientConfig.nodeTlsRejectUnauthorized) === 0 ? true : false,
proxy: clientConfig.httpProxy || clientConfig.httpsProxy ? true : false,
customAccept: clientConfig.accept ? true : false,
insecureDownstream: clientConfig.insecureDownstream ? true : false,
universalBroker: clientConfig.universalBrokerEnabled ? true : false,
};
return configMetadata;
};

const isCredPoolingUsed = (config: Record<string, any>): boolean => {
for (const key in config) {
if (config.hasOwnProperty(key) && key.includes('_POOL')) {
return true; // Found a key containing '_POOL'
}
}
return false;
};

export function highAvailabilityModeEnabled(config: any): boolean {
// high availability mode is disabled per default
let highAvailabilityModeEnabled = false;
const highAvailabilityModeEnabledValue = (config as Config)
.BROKER_HA_MODE_ENABLED;

if (typeof highAvailabilityModeEnabledValue !== 'undefined') {
highAvailabilityModeEnabled =
highAvailabilityModeEnabledValue.toLowerCase() === 'true' ||
highAvailabilityModeEnabledValue.toLowerCase() === 'yes';
}

logger.info({ enabled: highAvailabilityModeEnabled }, 'checking for HA mode');

return highAvailabilityModeEnabled;
}
1 change: 1 addition & 0 deletions lib/server/utils/socket.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@ export const metadataWithoutFilters = (metadataWithFilters) => {
clientId: metadataWithFilters.clientId,
preflightChecks: metadataWithFilters.preflightChecks,
version: metadataWithFilters.version,
clientConfig: metadataWithFilters.clientConfig ?? {},
};
};
13 changes: 13 additions & 0 deletions test/functional/server-client.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,19 @@ describe('proxy requests originating from behind the broker server', () => {
filters: expect.any(Object),
clientId: expect.any(String),
version: version,
clientConfig: {
bodyLogMode: false,
credPooling: true, //client sets a PASSWORD_POOL
customAccept: true,
debugMode: false,
haMode: false,
insecureDownstream: false,
privateCa: false,
proxy: false,
tlsReject: false,
universalBroker: false,
},
identifier: '****',
});
});

Expand Down
98 changes: 98 additions & 0 deletions test/unit/configHelper.test.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
import { getClientConfigMetadata } from '../../lib/client/utils/configHelpers';
import { getConfig, loadBrokerConfig } from '../../lib/common/config/config';
import { LoadedClientOpts } from '../../lib/common/types/options';

describe('config', () => {
beforeAll(() => {
loadBrokerConfig();
});
afterEach(() => {
delete process.env.LOG_LEVEL;
delete process.env.LOG_ENABLE_BODY;
delete process.env.GITHUB_TOKEN_POOL;
delete process.env.INSECURE_DOWNSTREAM;
delete process.env.BROKER_HA_MODE_ENABLED;
delete process.env.HTTP_PROXY;
delete process.env.NODE_EXTRA_CA_CERT;
delete process.env.ACCEPT;
delete process.env.NODE_TLS_REJECT_UNAUTHORIZED;
delete process.env.UNIVERSAL_BROKER_ENABLED;
});

afterAll(() => {
delete process.env.LOG_LEVEL;
delete process.env.LOG_ENABLE_BODY;
delete process.env.GITHUB_TOKEN_POOL;
delete process.env.INSECURE_DOWNSTREAM;
delete process.env.BROKER_HA_MODE_ENABLED;
delete process.env.HTTP_PROXY;
delete process.env.NODE_EXTRA_CA_CERT;
delete process.env.ACCEPT;
delete process.env.NODE_TLS_REJECT_UNAUTHORIZED;
delete process.env.UNIVERSAL_BROKER_ENABLED;
});
it('everything is false for empty config', () => {
loadBrokerConfig();
const config = getConfig();
expect(getClientConfigMetadata(config as LoadedClientOpts)).toEqual({
bodyLogMode: false,
credPooling: false,
customAccept: false,
debugMode: false,
haMode: false,
privateCa: false,
proxy: false,
tlsReject: false,
insecureDownstream: false,
universalBroker: false,
});
});

it('everything is true for everything enabled in config', () => {
process.env.LOG_LEVEL = 'debug';
process.env.LOG_ENABLE_BODY = 'true';
process.env.GITHUB_TOKEN_POOL = '123,456';
process.env.INSECURE_DOWNSTREAM = 'true_but_truly_value_does_not_matter';
process.env.BROKER_HA_MODE_ENABLED = 'true';
process.env.HTTP_PROXY = 'http://myproxy';
process.env.NODE_EXTRA_CA_CERT = 'my/path';
process.env.ACCEPT = 'my/path';
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
process.env.UNIVERSAL_BROKER_ENABLED = 'true';
loadBrokerConfig();
const config = getConfig();
expect(getClientConfigMetadata(config as LoadedClientOpts)).toEqual({
bodyLogMode: true,
credPooling: true,
customAccept: true,
debugMode: true,
haMode: true,
privateCa: true,
proxy: true,
tlsReject: true,
insecureDownstream: true,
universalBroker: true,
});
});

it('everything is false for everything disabled in config', () => {
process.env.LOG_LEVEL = 'info';
process.env.GITHUB_TOKEN = '456';
process.env.BROKER_HA_MODE_ENABLED = 'false';
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '1';
loadBrokerConfig();
const config = getConfig();
expect(getClientConfigMetadata(config as LoadedClientOpts)).toEqual({
bodyLogMode: false,
credPooling: false,
customAccept: false,
debugMode: false,
haMode: false,
privateCa: false,
proxy: false,
tlsReject: false,
insecureDownstream: false,
universalBroker: false,
});
});
});

0 comments on commit 0a1cd8a

Please sign in to comment.