From 3729c722293734bb7939d938e90c819459dfb08c Mon Sep 17 00:00:00 2001 From: Tim Gross Date: Tue, 6 Aug 2019 10:40:23 -0400 Subject: [PATCH] relocate template function flag to ClientConfig --- command/agent/config.go | 17 +++---- command/agent/config_test.go | 92 ++++++++++++++++++------------------ 2 files changed, 55 insertions(+), 54 deletions(-) diff --git a/command/agent/config.go b/command/agent/config.go index e3dc76e2e5c4..d8bce6db450b 100644 --- a/command/agent/config.go +++ b/command/agent/config.go @@ -108,10 +108,6 @@ type Config struct { // for security bulletins DisableAnonymousSignature bool `hcl:"disable_anonymous_signature"` - // EnableInsecureTemplateFunctions enables templates to include functions - // that are unsafe because they expose information from the client host. - EnableInsecureTemplateFunctions bool `hcl:"enable_insecure_template_functions"` - // Consul contains the configuration for the Consul Agent and // parameters necessary to register services, their checks, and // discover the current Nomad servers. @@ -246,6 +242,10 @@ type ClientConfig struct { // DisableRemoteExec disables remote exec targeting tasks on this client DisableRemoteExec bool `hcl:"disable_remote_exec"` + // EnableInsecureTemplateFunctions enables templates to include functions + // that are unsafe because they expose information from the client host. + EnableInsecureTemplateFunctions bool `hcl:"enable_insecure_template_functions"` + // ServerJoin contains information that is used to attempt to join servers ServerJoin *ServerJoin `hcl:"server_join"` @@ -671,7 +671,6 @@ func DevConfig() *Config { conf.DevMode = true conf.EnableDebug = true conf.DisableAnonymousSignature = true - conf.EnableInsecureTemplateFunctions = false conf.Consul.AutoAdvertise = helper.BoolToPtr(true) if runtime.GOOS == "darwin" { conf.Client.NetworkInterface = "lo0" @@ -686,6 +685,7 @@ func DevConfig() *Config { conf.Client.GCDiskUsageThreshold = 99 conf.Client.GCInodeUsageThreshold = 99 conf.Client.GCMaxAllocs = 50 + conf.Client.EnableInsecureTemplateFunctions = false conf.Telemetry.PrometheusMetrics = true conf.Telemetry.PublishAllocationMetrics = true conf.Telemetry.PublishNodeMetrics = true @@ -830,9 +830,6 @@ func (c *Config) Merge(b *Config) *Config { if b.DisableAnonymousSignature { result.DisableAnonymousSignature = true } - if b.EnableInsecureTemplateFunctions { - result.EnableInsecureTemplateFunctions = true - } // Apply the telemetry config if result.Telemetry == nil && b.Telemetry != nil { @@ -1310,6 +1307,10 @@ func (a *ClientConfig) Merge(b *ClientConfig) *ClientConfig { result.DisableRemoteExec = b.DisableRemoteExec } + if b.EnableInsecureTemplateFunctions { + result.EnableInsecureTemplateFunctions = true + } + // Add the servers result.Servers = append(result.Servers, b.Servers...) diff --git a/command/agent/config_test.go b/command/agent/config_test.go index 5e497bc75d96..827f5670ccf2 100644 --- a/command/agent/config_test.go +++ b/command/agent/config_test.go @@ -41,22 +41,21 @@ func TestConfig_Merge(t *testing.T) { } c2 := &Config{ - Region: "global", - Datacenter: "dc1", - NodeName: "node1", - DataDir: "/tmp/dir1", - PluginDir: "/tmp/pluginDir1", - LogLevel: "INFO", - LogJson: false, - EnableDebug: false, - LeaveOnInt: false, - LeaveOnTerm: false, - EnableSyslog: false, - SyslogFacility: "local0.info", - DisableUpdateCheck: helper.BoolToPtr(false), - DisableAnonymousSignature: false, - EnableInsecureTemplateFunctions: true, - BindAddr: "127.0.0.1", + Region: "global", + Datacenter: "dc1", + NodeName: "node1", + DataDir: "/tmp/dir1", + PluginDir: "/tmp/pluginDir1", + LogLevel: "INFO", + LogJson: false, + EnableDebug: false, + LeaveOnInt: false, + LeaveOnTerm: false, + EnableSyslog: false, + SyslogFacility: "local0.info", + DisableUpdateCheck: helper.BoolToPtr(false), + DisableAnonymousSignature: false, + BindAddr: "127.0.0.1", Telemetry: &Telemetry{ StatsiteAddr: "127.0.0.1:8125", StatsdAddr: "127.0.0.1:8125", @@ -89,12 +88,13 @@ func TestConfig_Merge(t *testing.T) { Options: map[string]string{ "foo": "bar", }, - NetworkSpeed: 100, - CpuCompute: 100, - MemoryMB: 100, - MaxKillTimeout: "20s", - ClientMaxPort: 19996, - DisableRemoteExec: false, + NetworkSpeed: 100, + CpuCompute: 100, + MemoryMB: 100, + MaxKillTimeout: "20s", + ClientMaxPort: 19996, + DisableRemoteExec: false, + EnableInsecureTemplateFunctions: true, Reserved: &Resources{ CPU: 10, MemoryMB: 10, @@ -190,22 +190,21 @@ func TestConfig_Merge(t *testing.T) { } c3 := &Config{ - Region: "global", - Datacenter: "dc2", - NodeName: "node2", - DataDir: "/tmp/dir2", - PluginDir: "/tmp/pluginDir2", - LogLevel: "DEBUG", - LogJson: true, - EnableDebug: true, - LeaveOnInt: true, - LeaveOnTerm: true, - EnableSyslog: true, - SyslogFacility: "local0.debug", - DisableUpdateCheck: helper.BoolToPtr(true), - DisableAnonymousSignature: true, - EnableInsecureTemplateFunctions: true, - BindAddr: "127.0.0.2", + Region: "global", + Datacenter: "dc2", + NodeName: "node2", + DataDir: "/tmp/dir2", + PluginDir: "/tmp/pluginDir2", + LogLevel: "DEBUG", + LogJson: true, + EnableDebug: true, + LeaveOnInt: true, + LeaveOnTerm: true, + EnableSyslog: true, + SyslogFacility: "local0.debug", + DisableUpdateCheck: helper.BoolToPtr(true), + DisableAnonymousSignature: true, + BindAddr: "127.0.0.2", Telemetry: &Telemetry{ StatsiteAddr: "127.0.0.2:8125", StatsdAddr: "127.0.0.2:8125", @@ -247,14 +246,15 @@ func TestConfig_Merge(t *testing.T) { "foo": "bar", "baz": "zip", }, - ChrootEnv: map[string]string{}, - ClientMaxPort: 20000, - ClientMinPort: 22000, - NetworkSpeed: 105, - CpuCompute: 105, - MemoryMB: 105, - MaxKillTimeout: "50s", - DisableRemoteExec: false, + ChrootEnv: map[string]string{}, + ClientMaxPort: 20000, + ClientMinPort: 22000, + NetworkSpeed: 105, + CpuCompute: 105, + MemoryMB: 105, + MaxKillTimeout: "50s", + DisableRemoteExec: false, + EnableInsecureTemplateFunctions: true, Reserved: &Resources{ CPU: 15, MemoryMB: 15,