diff options
Diffstat (limited to 'security-tools')
4 files changed, 39 insertions, 13 deletions
diff --git a/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java b/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java index f83d9198f08..996d2533ae1 100644 --- a/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java +++ b/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java @@ -8,6 +8,7 @@ import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.ParseException; import java.io.PrintStream; +import java.util.EnumSet; import java.util.Map; import java.util.Optional; import java.util.TreeMap; @@ -48,21 +49,24 @@ public class Main { ? UnixShell.fromConfigName(arguments.getOptionValue(SHELL_OPTION)) : UnixShell.detect(envVars.get("SHELL")); - Optional<TransportSecurityOptions> options = TransportSecurityUtils.getOptions(envVars); - if (options.isEmpty()) { - return 0; - } Map<OutputVariable, String> outputVariables = new TreeMap<>(); - options.get().getCaCertificatesFile() - .ifPresent(caCertFile -> outputVariables.put(OutputVariable.CA_CERTIFICATE, caCertFile.toString())); - MixedMode mixedMode = TransportSecurityUtils.getInsecureMixedMode(envVars); - if (mixedMode != MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) { - options.get().getCertificatesFile() - .ifPresent(certificateFile -> outputVariables.put(OutputVariable.CERTIFICATE, certificateFile.toString())); - options.get().getPrivateKeyFile() - .ifPresent(privateKeyFile -> outputVariables.put(OutputVariable.PRIVATE_KEY, privateKeyFile.toString())); + Optional<TransportSecurityOptions> options = TransportSecurityUtils.getOptions(envVars); + if (options.isPresent()) { + options.get().getCaCertificatesFile() + .ifPresent(caCertFile -> outputVariables.put(OutputVariable.CA_CERTIFICATE, caCertFile.toString())); + MixedMode mixedMode = TransportSecurityUtils.getInsecureMixedMode(envVars); + if (mixedMode != MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) { + options.get().getCertificatesFile() + .ifPresent(certificateFile -> outputVariables.put(OutputVariable.CERTIFICATE, certificateFile.toString())); + options.get().getPrivateKeyFile() + .ifPresent(privateKeyFile -> outputVariables.put(OutputVariable.PRIVATE_KEY, privateKeyFile.toString())); + } } shell.writeOutputVariables(stdOut, outputVariables); + EnumSet<OutputVariable> unusedVariables = outputVariables.isEmpty() + ? EnumSet.allOf(OutputVariable.class) + : EnumSet.complementOf(EnumSet.copyOf(outputVariables.keySet())); + shell.unsetVariables(stdOut, unusedVariables); return 0; } catch (ParseException e) { return handleException("Failed to parse command line arguments: " + e.getMessage(), e, debugMode); diff --git a/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/UnixShell.java b/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/UnixShell.java index 4e04e198763..391df61798b 100644 --- a/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/UnixShell.java +++ b/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/UnixShell.java @@ -5,6 +5,7 @@ import java.io.PrintStream; import java.util.Arrays; import java.util.List; import java.util.Map; +import java.util.Set; /** * Definition of some unix shell variants and how to export environments variable for those supported. @@ -25,6 +26,14 @@ enum UnixShell { out.println(';'); }); } + @Override + void unsetVariables(PrintStream out, Set<OutputVariable> variables) { + variables.forEach(variable -> { + out.print("unset "); + out.print(variable.variableName()); + out.println(';'); + }); + } }, CSHELL("cshell", List.of("csh", "fish")) { @Override @@ -37,6 +46,14 @@ enum UnixShell { out.println("\";"); }); } + @Override + void unsetVariables(PrintStream out, Set<OutputVariable> variables) { + variables.forEach(variable -> { + out.print("unsetenv "); + out.print(variable.variableName()); + out.println(';'); + }); + } }; private static final UnixShell DEFAULT = BOURNE; @@ -50,6 +67,7 @@ enum UnixShell { } abstract void writeOutputVariables(PrintStream out, Map<OutputVariable, String> variables); + abstract void unsetVariables(PrintStream out, Set<OutputVariable> variables); String configName() { return configName; diff --git a/security-tools/src/test/java/com/yahoo/vespa/security/tool/securityenv/MainTest.java b/security-tools/src/test/java/com/yahoo/vespa/security/tool/securityenv/MainTest.java index 6b25c2a2bce..b563ebd14f4 100644 --- a/security-tools/src/test/java/com/yahoo/vespa/security/tool/securityenv/MainTest.java +++ b/security-tools/src/test/java/com/yahoo/vespa/security/tool/securityenv/MainTest.java @@ -41,10 +41,11 @@ public class MainTest { } @Test - public void prints_no_output_when_no_security_config() { + public void unsets_all_variables_when_no_security_config() throws IOException { int exitCode = runMain(List.of(), Map.of()); assertThat(exitCode).isEqualTo(0); assertThat(stdErr()).isEmpty(); + assertThat(stdOut()).isEqualTo(readTestResource("no-security-output.txt")); } @Test diff --git a/security-tools/src/test/resources/no-security-output.txt b/security-tools/src/test/resources/no-security-output.txt new file mode 100644 index 00000000000..8ecd1e77902 --- /dev/null +++ b/security-tools/src/test/resources/no-security-output.txt @@ -0,0 +1,3 @@ +unset VESPA_TLS_CA_CERT; +unset VESPA_TLS_CERT; +unset VESPA_TLS_PRIVATE_KEY; |