Skip to content

Commit

Permalink
cleanup http config in legacy paltform for migrated params
Browse files Browse the repository at this point in the history
  • Loading branch information
@mshustov
mshustov committed Aug 7, 2019
1 parent 08bd1ad commit 393d1ea
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 160 deletions.
57 changes: 19 additions & 38 deletions src/legacy/server/config/schema.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,6 @@
*/

import Joi from 'joi';
import {
constants as cryptoConstants
} from 'crypto';
import os from 'os';

import {
Expand All @@ -35,6 +32,7 @@ import {
DEFAULT_CSP_WARN_LEGACY_BROWSERS,
} from '../csp';

const HANDLED_IN_NEW_PLATFORM = Joi.any().description('This key is handled in the new platform ONLY');
export default () => Joi.object({
pkg: Joi.object({
version: Joi.string().default(Joi.ref('$version')),
Expand Down Expand Up @@ -83,50 +81,33 @@ export default () => Joi.object({
server: Joi.object({
uuid: Joi.string().guid().default(),
name: Joi.string().default(os.hostname()),
host: Joi.string().hostname().default('localhost'),
port: Joi.number().default(5601),
keepaliveTimeout: Joi.number().default(120000),
socketTimeout: Joi.number().default(120000),
maxPayloadBytes: Joi.number().default(1048576),
autoListen: Joi.boolean().default(true),
defaultRoute: Joi.string().default('/app/kibana').regex(/^\//, `start with a slash`),
basePath: Joi.string().default('').allow('').regex(/(^$|^\/.*[^\/]$)/, `start with a slash, don't end with one`),
rewriteBasePath: Joi.boolean().when('basePath', {
is: '',
then: Joi.default(false).valid(false),
otherwise: Joi.default(false),
}),
customResponseHeaders: Joi.object().unknown(true).default({}),
ssl: Joi.object({
enabled: Joi.boolean().default(false),
redirectHttpFromPort: Joi.number(),
certificate: Joi.string().when('enabled', {
is: true,
then: Joi.required(),
}),
key: Joi.string().when('enabled', {
is: true,
then: Joi.required()
}),
keyPassphrase: Joi.string(),
certificateAuthorities: Joi.array().single().items(Joi.string()).default([]),
supportedProtocols: Joi.array().items(Joi.string().valid('TLSv1', 'TLSv1.1', 'TLSv1.2')).default(['TLSv1.1', 'TLSv1.2']),
cipherSuites: Joi.array().items(Joi.string()).default(cryptoConstants.defaultCoreCipherList.split(':'))
}).default(),
cors: Joi.when('$dev', {
is: true,
then: Joi.object().default({
origin: ['*://localhost:9876'] // karma test server
}),
otherwise: Joi.boolean().default(false)
}),
xsrf: Joi.object({
disableProtection: Joi.boolean().default(false),
whitelist: Joi.array().items(
Joi.string().regex(/^\//, 'start with a slash')
).default([]),
token: Joi.string().optional().notes('Deprecated')
}).default(),

// keep them for BWC, remove when not used in Legacy.
// validation should be in sync with one in New platform.
basePath: Joi.string().default('').allow('').regex(/(^$|^\/.*[^\/]$)/, `start with a slash, don't end with one`),
host: Joi.string().hostname().default('localhost'),
port: Joi.number().default(5601),
rewriteBasePath: Joi.boolean().when('basePath', {
is: '',
then: Joi.default(false).valid(false),
otherwise: Joi.default(false),
}),

autoListen: HANDLED_IN_NEW_PLATFORM,
cors: HANDLED_IN_NEW_PLATFORM,
keepaliveTimeout: HANDLED_IN_NEW_PLATFORM,
maxPayloadBytes: HANDLED_IN_NEW_PLATFORM,
socketTimeout: HANDLED_IN_NEW_PLATFORM,
ssl: HANDLED_IN_NEW_PLATFORM,
}).default(),

uiSettings: Joi.object().keys({
Expand Down
122 changes: 0 additions & 122 deletions src/legacy/server/config/schema.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,128 +101,6 @@ describe('Config schema', function () {
});
});

describe('ssl', function () {
describe('enabled', function () {

it('can\'t be a string', function () {
const config = {};
set(config, 'server.ssl.enabled', 'bogus');
const { error } = validate(config);
expect(error).toBeInstanceOf(Object);
expect(error).toHaveProperty('details');
expect(error.details[0]).toHaveProperty('path', ['server', 'ssl', 'enabled']);
});

it('can be true', function () {
const config = {};
set(config, 'server.ssl.enabled', true);
set(config, 'server.ssl.certificate', '/path.cert');
set(config, 'server.ssl.key', '/path.key');
const { error } = validate(config);
expect(error).toBe(null);
});

it('can be false', function () {
const config = {};
set(config, 'server.ssl.enabled', false);
const { error } = validate(config);
expect(error).toBe(null);
});
});

describe('certificate', function () {

it('isn\'t required when ssl isn\'t enabled', function () {
const config = {};
set(config, 'server.ssl.enabled', false);
const { error } = validate(config);
expect(error).toBe(null);
});

it('is required when ssl is enabled', function () {
const config = {};
set(config, 'server.ssl.enabled', true);
set(config, 'server.ssl.key', '/path.key');
const { error } = validate(config);
expect(error).toBeInstanceOf(Object);
expect(error).toHaveProperty('details');
expect(error.details[0]).toHaveProperty('path', ['server', 'ssl', 'certificate']);
});
});

describe('key', function () {
it('isn\'t required when ssl isn\'t enabled', function () {
const config = {};
set(config, 'server.ssl.enabled', false);
const { error } = validate(config);
expect(error).toBe(null);
});

it('is required when ssl is enabled', function () {
const config = {};
set(config, 'server.ssl.enabled', true);
set(config, 'server.ssl.certificate', '/path.cert');
const { error } = validate(config);
expect(error).toBeInstanceOf(Object);
expect(error).toHaveProperty('details');
expect(error.details[0]).toHaveProperty('path', ['server', 'ssl', 'key']);
});
});

describe('keyPassphrase', function () {
it('is a possible config value', function () {
const config = {};
set(config, 'server.ssl.keyPassphrase', 'password');
const { error } = validate(config);
expect(error).toBe(null);
});
});

describe('certificateAuthorities', function () {
it('allows array of string', function () {
const config = {};
set(config, 'server.ssl.certificateAuthorities', ['/path1.crt', '/path2.crt']);
const { error } = validate(config);
expect(error).toBe(null);
});

it('allows a single string', function () {
const config = {};
set(config, 'server.ssl.certificateAuthorities', '/path1.crt');
const { error } = validate(config);
expect(error).toBe(null);
});
});

describe('supportedProtocols', function () {

it ('rejects SSLv2', function () {
const config = {};
set(config, 'server.ssl.supportedProtocols', ['SSLv2']);
const { error } = validate(config);
expect(error).toBeInstanceOf(Object);
expect(error).toHaveProperty('details');
expect(error.details[0]).toHaveProperty('path', ['server', 'ssl', 'supportedProtocols', 0]);
});

it('rejects SSLv3', function () {
const config = {};
set(config, 'server.ssl.supportedProtocols', ['SSLv3']);
const { error } = validate(config);
expect(error).toBeInstanceOf(Object);
expect(error).toHaveProperty('details');
expect(error.details[0]).toHaveProperty('path', ['server', 'ssl', 'supportedProtocols', 0]);
});

it('accepts TLSv1, TLSv1.1, TLSv1.2', function () {
const config = {};
set(config, 'server.ssl.supportedProtocols', ['TLSv1', 'TLSv1.1', 'TLSv1.2']);
const { error } = validate(config);
expect(error).toBe(null);
});
});
});

describe('xsrf', () => {
it('disableProtection is `false` by default.', () => {
const { error, value: { server: { xsrf: { disableProtection } } } } = validate({});
Expand Down

0 comments on commit 393d1ea

Please sign in to comment.