fix(secrets): Avoid count underflow by only counting initialized secrets (#14991)
This commit is contained in:
Sven Rebhan
GitHub
parent
d0f505cc67
commit
7ce22b2490
|
|
@ -478,7 +478,12 @@ func (c *Config) LoadAll(configFiles ...string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if there is enough lockable memory for the secret
|
// Check if there is enough lockable memory for the secret
|
||||||
c.NumberSecrets = uint64(secretCount.Load())
|
count := secretCount.Load()
|
||||||
|
if count < 0 {
|
||||||
|
log.Printf("E! Invalid secret count %d, please report this incident including your configuration!", count)
|
||||||
|
count = 0
|
||||||
|
}
|
||||||
|
c.NumberSecrets = uint64(count)
|
||||||
|
|
||||||
// Let's link all secrets to their secret-stores
|
// Let's link all secrets to their secret-stores
|
||||||
return c.LinkSecrets()
|
return c.LinkSecrets()
|
||||||
|
|
|
||||||
|
|
@ -1293,6 +1293,7 @@ type MockupInputPlugin struct {
|
||||||
MaxBodySize config.Size `toml:"max_body_size"`
|
MaxBodySize config.Size `toml:"max_body_size"`
|
||||||
Paths []string `toml:"paths"`
|
Paths []string `toml:"paths"`
|
||||||
Port int `toml:"port"`
|
Port int `toml:"port"`
|
||||||
|
Password config.Secret `toml:"password"`
|
||||||
Command string
|
Command string
|
||||||
Files []string
|
Files []string
|
||||||
PidFile string
|
PidFile string
|
||||||
|
|
|
||||||
|
|
@ -155,11 +155,11 @@ func (s *Secret) Destroy() {
|
||||||
if s.container != nil {
|
if s.container != nil {
|
||||||
s.container.Destroy()
|
s.container.Destroy()
|
||||||
s.container = nil
|
s.container = nil
|
||||||
}
|
|
||||||
|
|
||||||
// Keep track of the number of secrets...
|
// Keep track of the number of used secrets...
|
||||||
secretCount.Add(-1)
|
secretCount.Add(-1)
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Empty return if the secret is completely empty
|
// Empty return if the secret is completely empty
|
||||||
func (s *Secret) Empty() bool {
|
func (s *Secret) Empty() bool {
|
||||||
|
|
|
||||||
|
|
@ -351,6 +351,31 @@ func TestSecretEnvironmentVariable(t *testing.T) {
|
||||||
require.EqualValues(t, "an env secret", secret.TemporaryString())
|
require.EqualValues(t, "an env secret", secret.TemporaryString())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestSecretCount(t *testing.T) {
|
||||||
|
secretCount.Store(0)
|
||||||
|
cfg := []byte(`
|
||||||
|
[[inputs.mockup]]
|
||||||
|
|
||||||
|
[[inputs.mockup]]
|
||||||
|
secret = "a secret"
|
||||||
|
|
||||||
|
[[inputs.mockup]]
|
||||||
|
secret = "another secret"
|
||||||
|
`)
|
||||||
|
|
||||||
|
c := NewConfig()
|
||||||
|
require.NoError(t, c.LoadConfigData(cfg))
|
||||||
|
require.Len(t, c.Inputs, 3)
|
||||||
|
require.Equal(t, int64(2), secretCount.Load())
|
||||||
|
|
||||||
|
// Remove all secrets and check
|
||||||
|
for _, ri := range c.Inputs {
|
||||||
|
input := ri.Input.(*MockupSecretPlugin)
|
||||||
|
input.Secret.Destroy()
|
||||||
|
}
|
||||||
|
require.Equal(t, int64(0), secretCount.Load())
|
||||||
|
}
|
||||||
|
|
||||||
func TestSecretStoreStatic(t *testing.T) {
|
func TestSecretStoreStatic(t *testing.T) {
|
||||||
cfg := []byte(
|
cfg := []byte(
|
||||||
`
|
`
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue