utils.verify.verify_log: warn at all levels less than info

2025-04-17 10:10:20 +00:00 · 2016-08-10 11:49:10 -06:00 · 2016-08-10 11:49:10 -06:00 · 2fc3a55338
commit 2fc3a55338
parent 72a3f18a2e
2 changed files with 35 additions and 3 deletions
--- a/salt/utils/verify.py
+++ b/salt/utils/verify.py
@ -23,6 +23,7 @@ else:

 # Import salt libs
 from salt.log import is_console_configured
+from salt.log.setup import LOG_LEVELS
 from salt.exceptions import SaltClientError, SaltSystemExit
 import salt.defaults.exitcodes
 import salt.utils
@ -519,5 +520,7 @@ def verify_log(opts):
    '''
    If an insecre logging configuration is found, show a warning
    '''
-    if opts.get('log_level') in ('garbage', 'trace', 'debug'):
+    level = LOG_LEVELS.get(opts.get('log_level').lower(), logging.NOTSET)
+
+    if level < logging.INFO:
        log.warn('Insecure logging configuration detected! Sensitive data may be logged.')
--- a/tests/unit/utils/verify_test.py
+++ b/tests/unit/utils/verify_test.py
@ -21,6 +21,12 @@ from salttesting.helpers import (
    requires_network,
    TestsLoggingHandler
 )
+from salttesting.mock import (
+    MagicMock,
+    patch,
+    NO_MOCK,
+    NO_MOCK_REASON
+)
 ensure_in_syspath('../../')

 # Import salt libs
@ -32,7 +38,9 @@ from salt.utils.verify import (
    verify_socket,
    zmq_version,
    check_max_open_files,
-    valid_id
+    valid_id,
+    log,
+    verify_log,
 )

 # Import 3rd-party libs
@ -115,7 +123,6 @@ class TestVerify(TestCase):

    @skipIf(True, 'Skipping until we can find why Jenkins is bailing out')
    def test_max_open_files(self):
-
        with TestsLoggingHandler() as handler:
            logmsg_dbg = (
                'DEBUG:This salt-master instance has accepted {0} minion keys.'
@ -216,6 +223,28 @@ class TestVerify(TestCase):
                shutil.rmtree(tempdir)
                resource.setrlimit(resource.RLIMIT_NOFILE, (mof_s, mof_h))

+    @skipIf(NO_MOCK, NO_MOCK_REASON)
+    def test_verify_log(self):
+        '''
+        Test that verify_log works as expected
+        '''
+        message = 'Insecure logging configuration detected! Sensitive data may be logged.'
+
+        mock_cheese = MagicMock()
+        with patch.object(log, 'warn', mock_cheese):
+            verify_log({'log_level': 'cheeseshop'})
+            mock_cheese.assert_called_once_with(message)
+
+        mock_trace = MagicMock()
+        with patch.object(log, 'warn', mock_trace):
+            verify_log({'log_level': 'trace'})
+            mock_trace.assert_called_once_with(message)
+
+        mock_info = MagicMock()
+        with patch.object(log, 'warn', mock_info):
+            verify_log({'log_level': 'info'})
+            mock_info.assert_not_called()
+

 if __name__ == '__main__':
    from integration import run_tests