Fix parsing of environment variables to prevent object parsing. #132

[blakerouse]

Currently internal/parse handles the values from the environment variable just like values from the configuration file. This PR changes the parser to limit environment variable parsing to not parse object notation.

This is a breaking change because if any environment relies on this behavior it would break them. I question if this is correct way to solve the bug.

Really the bug could be solved by ensuring that the environment variable is single quoted:

export ENV_VAR="'{user}'"

I would be okay with closing this PR and closing the bug with this comment.

[urso]

Personally for environment variables I would not expect them to support the object syntax. But I'm not sure if we are facing a bug that has turned into a feature :)

For arrays we have to support top-level arrays. There are definitely users configuring multiple hosts by separating them via commas.

Really the bug could be solved by ensuring that the environment variable is single quoted:

Good to know we have a workaround.

@ph WDYT?

[urso]

s/strings/string

[urso]

but shouldn't it be stops at or stops at (non-native english speaker here :) )

[urso]

even if p.cfg.Array is false we might still parse top-level arrays if users have an environment variable like 1,2,3.

[blakerouse]

For the Env case p.cfg.Array is still true which allows the flowing to be in the environment variables:

		{`[]`, nil},
		{
			`a,b,c`,
			[]interface{}{"a", "b", "c"},
		},
		{
			`C:\Windows\Path1,C:\Windows\Path2`,
			[]interface{}{
				`C:\Windows\Path1`,
				`C:\Windows\Path2`,
			},
		},
		{
			`[array, 1, true, "abc"]`,
			[]interface{}{"array", uint64(1), true, "abc"},
		},
		{
			`[test, [1,2,3], on]`,
			[]interface{}{
				"test",
				[]interface{}{uint64(1), uint64(2), uint64(3)},
				true,
			},
		},
		{
			`[host1:1234, host2:1234]`,
			[]interface{}{
				"host1:1234",
				"host2:1234",
			},
		},

[urso]

Should we adapt the stop set based on the config? e.g. if Array and Object are false and the string does not start with quotes we could return the original string as is.

[blakerouse]

In the case that Array and Object are false the stopSet will just be "," (the topLevelStopSet) and it will not change unless the parser hits a double or single quoted string (when enabled).

Being that we want top level array parsing to still be allowed when p.cfg.Array is false, I believe this path is correct. I am going to add more tests for all the combinations of configs.

[urso]

Oh, I see. Top-level array parsing can not be disabled and is done independent of the cfg.Array setting. My impression was that Array parsing also disables the top-level array support.

I think that makes sense. Was just not what I expected. Maybe we should document that top-level array splitting is active always.

[urso]

this will affect parsing for every single resolver. go-ucfg has 3 resolver options by default: ResolveEnv, ResolveNOOP, and Resolve. The last one accepts a custom function.

I think it makes sense to have the resolver also configure the parsing mode.

[ph]

There is also a Keystore resolver in libbeat.

[ph]

@urso @blakerouse Even if this is breaking change I doubt it is really used in the wild (the parsing). But as you have said, this might be a bug turned into a feature. Even I believe this behavior leads to confusion and it is a usability problem.

[ph]

Also, I don't think the object reference used in the variables is a well-understood behavior, I wish we had stats to understand how people are actually using it.

[blakerouse]

@urso this is ready for another review. It became a much bigger change with adding the config to the resolvers but I like the result.

[codecov-io]

Codecov Report

Merging #139 into master will increase coverage by 0.14%.
The diff coverage is 92.1%.

@@            Coverage Diff             @@
##           master     #139      +/-   ##
==========================================
+ Coverage    77.8%   77.94%   +0.14%     
==========================================
  Files          23       23              
  Lines        2595     2612      +17     
==========================================
+ Hits         2019     2036      +17     
  Misses        425      425              
  Partials      151      151

Impacted Files	Coverage Δ
flag/value.go	68.18% <ø> (ø)	⬆️
types.go	74.23% <100%> (ø)	⬆️
parse/parse.go	95.74% <100%> (ø)
variables.go	80.28% <100%> (+0.07%)	⬆️
opts.go	64.7% <50%> (ø)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5059399...30da7a8. Read the comment docs.

[urso]

Although it is a breaking change, I like it. I think we should go forward with it. In case users have problems in Beats, we can still point them towards the -E setting. The -E setting still accepts the object syntax.

Please add changelog entries. Besides fixing #132, the change breaks API + removes object syntax for env variables.

[blakerouse]

@urso Added changelog entries.

[ph]

LGTM, Lets also make it obvious in the beats changelog when this change goes in 7.7