Merge remote-tracking branch 'origin' into SHIELD-64-security-fixes-o…

…f-session-cookie

VERSION

@@ -1 +1 @@
-4.0.85
+4.0.93

components/automate-backend-opensearch/habitat/cert.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 basePath=$1
-echo " ================= Getting certs from vault using =============="
+echo " ================= Getting certs from vault using ==============="
 echo $OPENSEARCH_ROOT_CA_PEM
 echo $OPENSEARCH_ADMIN_PEM
 echo $OPENSEARCH_ADMIN_KEY_PEM

components/automate-backend-postgresql/habitat/cert.sh

@@ -1,28 +1,20 @@
 #!/bin/bash
-
-openssl genrsa -out MyRootCA.key 2048
-
-openssl req -x509 -new -days 1095 -key MyRootCA.key -sha256 -out MyRootCA.pem -subj '/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=chefrootca'
-
-openssl genrsa -out ssl-pkcs12.key 2048
-
-openssl pkcs8 -v1 "PBE-SHA1-3DES" -in "ssl-pkcs12.key" -topk8 -out "ssl.key" -nocrypt
-
-openssl req -new -key ssl.key -out ssl.csr -subj '/C=US/ST=Washington/L=Seattle/O=Chef Software Inc/CN=chefadmin'
-
-openssl x509 -days 1095 -req -in ssl.csr -CA MyRootCA.pem -CAkey MyRootCA.key -CAcreateserial -out ssl.pem -sha256
-
+echo " ================= Getting certs from vault using ==============="
+echo $OPENSEARCH_ROOT_CA_PEM
+echo $OPENSEARCH_NODE1_PEM
+echo $OPENSEARCH_NODE1_KEY_PEM
+
 cat <<EOF >> habitat/default.toml
 # server public cert used for ssl listener
-ssl_cert = """$(cat ssl.pem)"""
+ssl_cert = """$OPENSEARCH_NODE1_PEM"""
 EOF
 
 cat <<EOF >> habitat/default.toml
 # server private key
-ssl_key = """$(cat ssl.key)"""
+ssl_key = """$OPENSEARCH_NODE1_KEY_PEM"""
 EOF
 
 cat <<EOF >> habitat/default.toml
 # issuer public cert that signed the above server public cert
-issuer_cert = """$(cat MyRootCA.pem)"""
+issuer_cert = """$OPENSEARCH_ROOT_CA_PEM"""
 EOF

components/automate-cli/pkg/docs/yaml_docs_test.go

@@ -15,16 +15,15 @@ import (
 
 var _ = fmt.Sprintf("stop bothering me")
 
-func newTmpDir() (string, func()) {
-	tmpDir, _ := ioutil.TempDir("", "statusTmpDir")
+func newTmpDir(t testing.TB) string {
+	tmpDir := t.TempDir()
 	os.MkdirAll(tmpDir, os.ModePerm)
-	return tmpDir, func() { os.RemoveAll(tmpDir) }
+	return tmpDir
 }
 
 func TestStatusDocToYamlFile(t *testing.T) {
 	t.Run("writes doc to YAML file", func(t *testing.T) {
-		tmpDir, cleanup := newTmpDir()
-		defer cleanup()
+		tmpDir := newTmpDir(t)
 
 		doc := newStatusDoc()
 		path := filepath.Join(tmpDir, "errors.yaml")
@@ -65,8 +64,7 @@ func parseResult(t *testing.T, tmpDir string) cmdDoc {
 
 func TestGenYamlTree(t *testing.T) {
 	t.Run("creates some yaml for an empty command", func(t *testing.T) {
-		tmpDir, cleanup := newTmpDir()
-		defer cleanup()
+		tmpDir := newTmpDir(t)
 
 		cmd := basicCmd()
 		err := GenYamlTree(cmd, tmpDir)
@@ -78,8 +76,7 @@ func TestGenYamlTree(t *testing.T) {
 		assert.Equal(t, "example-for-test", docFromFile.Name)
 	})
 	t.Run("includes flags in the yaml output", func(t *testing.T) {
-		tmpDir, cleanup := newTmpDir()
-		defer cleanup()
+		tmpDir := newTmpDir(t)
 
 		cmd := basicCmd()
 
@@ -109,8 +106,7 @@ func TestGenYamlTree(t *testing.T) {
 		assert.Equal(t, "default_value", actualOpt.DefaultValue)
 	})
 	t.Run("does not include hidden flags in the yaml output", func(t *testing.T) {
-		tmpDir, cleanup := newTmpDir()
-		defer cleanup()
+		tmpDir := newTmpDir(t)
 
 		cmd := basicCmd()
 

components/automate-cli/pkg/selfupdater/executablecache/cache_test.go

@@ -1,8 +1,6 @@
 package executablecache
 
 import (
-	"io/ioutil"
-	"os"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -20,9 +18,7 @@ const testVersionOld = "20180522150600"
 const testVersionOlder = "20180522150500"
 
 func TestExecutableCacheRoundTrip(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "TestExecutableCache")
-	require.NoError(t, err)
-	defer os.RemoveAll(tmpdir)
+	tmpdir := t.TempDir()
 
 	ec := New(WithCacheDir(tmpdir))
 	exists, err := ec.Exists(testVersion)
@@ -44,9 +40,7 @@ func TestExecutableCacheRoundTrip(t *testing.T) {
 }
 
 func TestExecutableCacheRoundLatest(t *testing.T) {
-	tmpdir, err := ioutil.TempDir("", "TestExecutableCache")
-	require.NoError(t, err)
-	defer os.RemoveAll(tmpdir)
+	tmpdir := t.TempDir()
 
 	ec := New(WithCacheDir(tmpdir))
 	exists, err := ec.Exists(testVersion)

components/automate-cli/pkg/selfupdater/selfupdater_test.go

@@ -2,8 +2,6 @@ package selfupdater
 
 import (
 	"context"
-	"io/ioutil"
-	"os"
 	"path"
 	"testing"
 
@@ -36,9 +34,7 @@ func (m *mockUpdateSource) ExpectExecutableFetch(ctx context.Context, desiredVer
 
 func TestExecutableIsFetchedAndCachedWhenUpdateRequired(t *testing.T) {
 	ctx := context.Background()
-	tmpdir, err := ioutil.TempDir("", "TestExecutableCache")
-	require.NoError(t, err)
-	defer os.RemoveAll(tmpdir)
+	tmpdir := t.TempDir()
 	executablecache := executablecache.New(executablecache.WithCacheDir(tmpdir))
 	updateSource := &mockUpdateSource{}
 	updateSource.ExpectExecutableFetch(ctx, "1", "#!/bin/sh\n")
@@ -59,9 +55,7 @@ func TestExecutableIsFetchedAndCachedWhenUpdateRequired(t *testing.T) {
 
 func TestExecutableIsTakenFromCacheIfExists(t *testing.T) {
 	ctx := context.Background()
-	tmpdir, err := ioutil.TempDir("", "TestExecutableCache")
-	require.NoError(t, err)
-	defer os.RemoveAll(tmpdir)
+	tmpdir := t.TempDir()
 	executablecache := executablecache.New(executablecache.WithCacheDir(tmpdir))
 	updateSource := &mockUpdateSource{}
 	updateSource.ExpectExecutableFetch(ctx, "1", "#!/bin/sh\n")
@@ -72,7 +66,7 @@ func TestExecutableIsTakenFromCacheIfExists(t *testing.T) {
 		myVersion:       "0",
 	}
 
-	_, err = updater.NextExecutable(ctx)
+	_, err := updater.NextExecutable(ctx)
 	require.NoError(t, err)
 
 	_, err = updater.NextExecutable(ctx)
@@ -84,9 +78,7 @@ func TestExecutableIsTakenFromCacheIfExists(t *testing.T) {
 
 func TestNextExecutableIsNotAvailableWhenVersionsMatch(t *testing.T) {
 	ctx := context.Background()
-	tmpdir, err := ioutil.TempDir("", "TestExecutableCache")
-	require.NoError(t, err)
-	defer os.RemoveAll(tmpdir)
+	tmpdir := t.TempDir()
 	executablecache := executablecache.New(executablecache.WithCacheDir(tmpdir))
 	updateSource := &mockUpdateSource{}
 	updateSource.ExpectExecutableFetch(ctx, "1", "#!/bin/sh\n")

components/automate-deployment/pkg/a1upgrade/a1upgrade_compat_test.go

@@ -115,8 +115,7 @@ func TestLocalBackupDirectoryDoesNotExist(t *testing.T) {
 }
 
 func TestLocalBackupDirectoryExistsAndIsEmpty(t *testing.T) {
-	testDir, _ := ioutil.TempDir("", "TestEmptyBackupDir")
-	defer os.Remove(testDir)
+	testDir := t.TempDir()
 
 	checker := NewCompatChecker()
 	err := checker.BackupConfigured("fs", false, testDir, "")
@@ -128,10 +127,9 @@ func TestLocalBackupDirectoryExistsAndIsEmpty(t *testing.T) {
 }
 
 func TestLocalBackupDirNonEmpty(t *testing.T) {
-	testDir, _ := ioutil.TempDir("", "TestBackupDir")
+	testDir := t.TempDir()
 	testFile, _ := ioutil.TempFile(testDir, "TestFile")
 	defer os.Remove(testFile.Name())
-	defer os.Remove(testDir)
 
 	checker := NewCompatChecker()
 	err := checker.BackupConfigured("fs", false, testDir, "")
@@ -203,11 +201,10 @@ func TestWorkflowGitReposDirDoesNotExist(t *testing.T) {
 }
 
 func TestWorkflowGitReposDirExistWithData(t *testing.T) {
-	gitReposDir, _ := ioutil.TempDir("", "TestGitReposDir")
+	gitReposDir := t.TempDir()
 	// Create a subdirectory of the workflow directory so that the workflow
 	// directory will be non-empty. We don't use this subdirectory otherwise.
 	_, _ = ioutil.TempDir(gitReposDir, "WorkflowSubdir")
-	defer os.RemoveAll(gitReposDir)
 
 	checker := NewCompatChecker()
 	err := checker.WorkflowGitReposValid(gitReposDir)
@@ -219,8 +216,7 @@ func TestWorkflowGitReposDirExistWithData(t *testing.T) {
 
 // @afiune Do we care if the git_repos dir is empty?
 func TestWorkflowGitReposDirExistWithNOData(t *testing.T) {
-	gitReposDir, _ := ioutil.TempDir("", "TestGitReposDir")
-	defer os.Remove(gitReposDir)
+	gitReposDir := t.TempDir()
 
 	checker := NewCompatChecker()
 	err := checker.WorkflowGitReposValid(gitReposDir)
@@ -232,26 +228,22 @@ func TestWorkflowGitReposDirExistWithNOData(t *testing.T) {
 
 func TestRunningMarketplaceImage(t *testing.T) {
 	t.Run("the config is invalid when chef-marketplace is installed", func(t *testing.T) {
-		testDirBase, _ := ioutil.TempDir("", "")
+		testDirBase := t.TempDir()
 		testDir := path.Join(testDirBase, "chef-marketplace")
 		_ = os.Mkdir(testDir, 0755)
 
-		defer os.RemoveAll(testDirBase)
-
 		checker := NewCompatChecker()
 		err := checker.RunningMarketplaceImage(path.Dir(testDir))
 		require.NoError(t, err)
 		assert.Equal(t, 1, checker.Failures)
 	})
 
 	t.Run("the config is valid when chef-marketplace is not installed", func(t *testing.T) {
-		testDirBase, _ := ioutil.TempDir("", "")
+		testDirBase := t.TempDir()
 		// some other omnibus package that is not explicitly banned
 		testDir := path.Join(testDirBase, "chef-client")
 		_ = os.Mkdir(testDir, 0755)
 
-		defer os.Remove(testDir)
-
 		checker := NewCompatChecker()
 		err := checker.RunningMarketplaceImage(path.Dir(testDir))
 		require.NoError(t, err)
@@ -454,65 +446,55 @@ func TestCSBookshelfConfigValid(t *testing.T) {
 
 func TestUnsupportedCSAddOnsNotUsed(t *testing.T) {
 	t.Run("the config is invalid when chef-manage is used", func(t *testing.T) {
-		testDirBase, _ := ioutil.TempDir("", "")
+		testDirBase := t.TempDir()
 		testDir := path.Join(testDirBase, "chef-manage")
 		_ = os.Mkdir(testDir, 0755)
 
-		defer os.RemoveAll(testDirBase)
-
 		checker := NewCompatChecker()
 		err := checker.UnsupportedCSAddOnsNotUsed(path.Dir(testDir))
 		require.NoError(t, err)
 		assert.Equal(t, 1, checker.Failures)
 	})
 
 	t.Run("the config is invalid when opscode-push-jobs-server is used", func(t *testing.T) {
-		testDirBase, _ := ioutil.TempDir("", "")
+		testDirBase := t.TempDir()
 		testDir := path.Join(testDirBase, "opscode-push-jobs-server")
 		_ = os.Mkdir(testDir, 0755)
 
-		defer os.Remove(testDir)
-
 		checker := NewCompatChecker()
 		err := checker.UnsupportedCSAddOnsNotUsed(path.Dir(testDir))
 		require.NoError(t, err)
 		assert.Equal(t, 1, checker.Failures)
 	})
 
 	t.Run("the config is invalid when opscode-reporting is used", func(t *testing.T) {
-		testDirBase, _ := ioutil.TempDir("", "")
+		testDirBase := t.TempDir()
 		testDir := path.Join(testDirBase, "opscode-reporting")
 		_ = os.Mkdir(testDir, 0755)
 
-		defer os.Remove(testDir)
-
 		checker := NewCompatChecker()
 		err := checker.UnsupportedCSAddOnsNotUsed(path.Dir(testDir))
 		require.NoError(t, err)
 		assert.Equal(t, 1, checker.Failures)
 	})
 
 	t.Run("the config is invalid when opscode-analytics is used", func(t *testing.T) {
-		testDirBase, _ := ioutil.TempDir("", "")
+		testDirBase := t.TempDir()
 		testDir := path.Join(testDirBase, "opscode-analytics")
 		_ = os.Mkdir(testDir, 0755)
 
-		defer os.Remove(testDir)
-
 		checker := NewCompatChecker()
 		err := checker.UnsupportedCSAddOnsNotUsed(path.Dir(testDir))
 		require.NoError(t, err)
 		assert.Equal(t, 1, checker.Failures)
 	})
 
 	t.Run("the config is valid when no unsupported add-ons are used", func(t *testing.T) {
-		testDirBase, _ := ioutil.TempDir("", "")
+		testDirBase := t.TempDir()
 		// some other omnibus package that is not explicitly banned
 		testDir := path.Join(testDirBase, "chef-client")
 		_ = os.Mkdir(testDir, 0755)
 
-		defer os.Remove(testDir)
-
 		checker := NewCompatChecker()
 		err := checker.UnsupportedCSAddOnsNotUsed(path.Dir(testDir))
 		require.NoError(t, err)

components/automate-deployment/pkg/a1upgrade/filemover_test.go

@@ -26,9 +26,9 @@ var myUser = strconv.FormatInt(int64(os.Geteuid()), 10)
 var testServiceName = "test-service"
 
 func TestResumeMove(t *testing.T) {
-	setup := func(opts ...FileMoverOpt) (*FileMover, string, string, func()) {
-		tmpSrc, _ := ioutil.TempDir("", "FileMoverTestSrc")
-		tmpDst, _ := ioutil.TempDir("", "FileMoverTestDst")
+	setup := func(opts ...FileMoverOpt) (*FileMover, string, string) {
+		tmpSrc := t.TempDir()
+		tmpDst := t.TempDir()
 		srcPath := filepath.Join(tmpSrc, "some_dir")
 		dstPath := "data/some_dir"
 		mover := NewFileMover(srcPath, testServiceName, dstPath, opts...)
@@ -38,17 +38,13 @@ func TestResumeMove(t *testing.T) {
 
 		os.MkdirAll(srcPath, os.ModePerm)
 		require.NoError(t, ioutil.WriteFile(filepath.Join(srcPath, "testfile"), []byte("test context"), os.ModePerm))
-		return mover, srcPath, path.Join(tmpDst, testServiceName, dstPath), func() {
-			os.RemoveAll(tmpSrc)
-			os.RemoveAll(tmpDst)
-		}
+		return mover, srcPath, path.Join(tmpDst, testServiceName, dstPath)
 	}
 
 	w := cli.NewWriter(os.Stdout, os.Stderr, new(bytes.Buffer))
 
 	t.Run("it renames the src directory to the new directory when possible", func(t *testing.T) {
-		mover, src, dst, cleanup := setup()
-		defer cleanup()
+		mover, src, dst := setup()
 
 		err := mover.Move(w)
 		require.NoError(t, err)
@@ -61,8 +57,7 @@ func TestResumeMove(t *testing.T) {
 		if err != nil {
 			t.Fatal("rsync does not exist, cannot run rsync test")
 		}
-		mover, src, dst, cleanup := setup()
-		defer cleanup()
+		mover, src, dst := setup()
 		os.MkdirAll(dst, os.ModePerm)
 
 		mover.RsyncCmd = "rsync"
@@ -77,8 +72,7 @@ func TestResumeMove(t *testing.T) {
 		if err != nil {
 			t.Fatal("rsync does not exist, cannot run rsync test")
 		}
-		mover, src, dst, cleanup := setup(ForceCopy())
-		defer cleanup()
+		mover, src, dst := setup(ForceCopy())
 		os.MkdirAll(dst, os.ModePerm)
 		mover.SrcPath = path.Join(mover.SrcPath, "testfile")
 		mover.RelDestPath = path.Join(mover.RelDestPath, "testfile")
@@ -91,8 +85,7 @@ func TestResumeMove(t *testing.T) {
 	})
 
 	t.Run("it doesn't move the directory again if the move is already complete", func(t *testing.T) {
-		mover, src, dst, cleanup := setup()
-		defer cleanup()
+		mover, src, dst := setup()
 
 		err := mover.Move(w)
 		require.NoError(t, err)