From 92c4bda184cda8323ad961d889a8186b2baa98bd Mon Sep 17 00:00:00 2001 From: Matthew Fisher Date: Mon, 21 Sep 2020 08:31:08 -0700 Subject: [PATCH] use warning function This ensures warning messages are displayed on stderr rather than stdout. Signed-off-by: Matthew Fisher --- cmd/helm/registry_login.go | 2 +- cmd/helm/root.go | 2 +- cmd/helm/root_unix.go | 8 +++----- cmd/helm/root_unix_test.go | 33 +++++++++++++++++++++++---------- cmd/helm/root_windows.go | 2 +- cmd/helm/search_repo.go | 3 +-- 6 files changed, 30 insertions(+), 20 deletions(-) diff --git a/cmd/helm/registry_login.go b/cmd/helm/registry_login.go index e3435bf9d..43228f90a 100644 --- a/cmd/helm/registry_login.go +++ b/cmd/helm/registry_login.go @@ -104,7 +104,7 @@ func getUsernamePassword(usernameOpt string, passwordOpt string, passwordFromStd } } } else { - fmt.Fprintln(os.Stderr, "WARNING! Using --password via the CLI is insecure. Use --password-stdin.") + warning("Using --password via the CLI is insecure. Use --password-stdin.") } return username, password, nil diff --git a/cmd/helm/root.go b/cmd/helm/root.go index 91542bb7e..0a2b1be8f 100644 --- a/cmd/helm/root.go +++ b/cmd/helm/root.go @@ -205,7 +205,7 @@ func newRootCmd(actionConfig *action.Configuration, out io.Writer, args []string loadPlugins(cmd, out) // Check permissions on critical files - checkPerms(out) + checkPerms() return cmd, nil } diff --git a/cmd/helm/root_unix.go b/cmd/helm/root_unix.go index 4eb0b442b..b1b0f3896 100644 --- a/cmd/helm/root_unix.go +++ b/cmd/helm/root_unix.go @@ -19,14 +19,12 @@ limitations under the License. package main import ( - "fmt" - "io" "os" "os/user" "path/filepath" ) -func checkPerms(out io.Writer) { +func checkPerms() { // This function MUST NOT FAIL, as it is just a check for a common permissions problem. // If for some reason the function hits a stopping condition, it may panic. But only if // we can be sure that it is panicing because Helm cannot proceed. @@ -52,9 +50,9 @@ func checkPerms(out io.Writer) { perm := fi.Mode().Perm() if perm&0040 > 0 { - fmt.Fprintf(out, "WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: %s\n", kc) + warning("Kubernetes configuration file is group-readable. This is insecure. Location: %s", kc) } if perm&0004 > 0 { - fmt.Fprintf(out, "WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: %s\n", kc) + warning("Kubernetes configuration file is world-readable. This is insecure. Location: %s", kc) } } diff --git a/cmd/helm/root_unix_test.go b/cmd/helm/root_unix_test.go index b1fcfbc66..89c3c1eea 100644 --- a/cmd/helm/root_unix_test.go +++ b/cmd/helm/root_unix_test.go @@ -19,7 +19,7 @@ limitations under the License. package main import ( - "bytes" + "bufio" "io/ioutil" "os" "path/filepath" @@ -28,6 +28,14 @@ import ( ) func TestCheckPerms(t *testing.T) { + // NOTE(bacongobbler): have to open a new file handler here as the default os.Sterr cannot be read from + stderr, err := os.Open("/dev/stderr") + if err != nil { + t.Fatalf("could not open /dev/stderr for reading: %s", err) + } + defer stderr.Close() + reader := bufio.NewReader(stderr) + tdir, err := ioutil.TempDir("", "helmtest") if err != nil { t.Fatal(err) @@ -43,21 +51,26 @@ func TestCheckPerms(t *testing.T) { settings.KubeConfig = tfile defer func() { settings.KubeConfig = tconfig }() - var b bytes.Buffer - checkPerms(&b) + checkPerms() + text, err := reader.ReadString('\n') + if err != nil { + t.Fatalf("could not read from stderr: %s", err) + } expectPrefix := "WARNING: Kubernetes configuration file is group-readable. This is insecure. Location:" - if !strings.HasPrefix(b.String(), expectPrefix) { - t.Errorf("Expected to get a warning for group perms. Got %q", b.String()) + if !strings.HasPrefix(text, expectPrefix) { + t.Errorf("Expected to get a warning for group perms. Got %q", text) } if err := fh.Chmod(0404); err != nil { t.Errorf("Could not change mode on file: %s", err) } - b.Reset() - checkPerms(&b) + checkPerms() + text, err = reader.ReadString('\n') + if err != nil { + t.Fatalf("could not read from stderr: %s", err) + } expectPrefix = "WARNING: Kubernetes configuration file is world-readable. This is insecure. Location:" - if !strings.HasPrefix(b.String(), expectPrefix) { - t.Errorf("Expected to get a warning for world perms. Got %q", b.String()) + if !strings.HasPrefix(text, expectPrefix) { + t.Errorf("Expected to get a warning for world perms. Got %q", text) } - } diff --git a/cmd/helm/root_windows.go b/cmd/helm/root_windows.go index 243780d40..0b390f16c 100644 --- a/cmd/helm/root_windows.go +++ b/cmd/helm/root_windows.go @@ -18,7 +18,7 @@ package main import "io" -func checkPerms(out io.Writer) { +func checkPerms() { // Not yet implemented on Windows. If you know how to do a comprehensive perms // check on Windows, contributions welcomed! } diff --git a/cmd/helm/search_repo.go b/cmd/helm/search_repo.go index a7f27f179..bf82a6051 100644 --- a/cmd/helm/search_repo.go +++ b/cmd/helm/search_repo.go @@ -22,7 +22,6 @@ import ( "fmt" "io" "io/ioutil" - "os" "path/filepath" "strings" @@ -184,7 +183,7 @@ func (o *searchRepoOptions) buildIndex() (*search.Index, error) { f := filepath.Join(o.repoCacheDir, helmpath.CacheIndexFile(n)) ind, err := repo.LoadIndexFile(f) if err != nil { - fmt.Fprintf(os.Stderr, "WARNING: Repo %q is corrupt or missing. Try 'helm repo update'.", n) + warning("Repo %q is corrupt or missing. Try 'helm repo update'.", n) continue }