From 279f207b99ccfb745e85a242e7e442865f40bf4c Mon Sep 17 00:00:00 2001
From: Gerhard Lausser <gerhard.lausser@consol.de>
Date: Wed, 26 Jul 2023 09:53:05 +0200
Subject: [PATCH] =?UTF-8?q?Relative=20include=20paths=20are=20now=20consid?=
 =?UTF-8?q?ered=20to=20be=20in=20the=20parent=20ini-fil=E2=80=A6=20(#33)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Relative include paths are now considered to be in the parent ini-file's folder

* fix a formatting error

* rename test config snclient_incl.ini

* update test case for config, include from rel. subdir
---
 pkg/snclient/config.go                        |   3 +
 pkg/snclient/config_test.go                   |  22 ++
 pkg/snclient/t/configs/snclient_incl.ini      | 276 ++++++++++++++++++
 pkg/snclient/t/configs/snclient_local_01.ini  |   7 +
 .../t/configs/subdir/snclient_local_02.ini    |   3 +
 5 files changed, 311 insertions(+)
 create mode 100644 pkg/snclient/t/configs/snclient_incl.ini
 create mode 100644 pkg/snclient/t/configs/snclient_local_01.ini
 create mode 100644 pkg/snclient/t/configs/subdir/snclient_local_02.ini

diff --git a/pkg/snclient/config.go b/pkg/snclient/config.go
index b6a85bc4..6e36eeb6 100644
--- a/pkg/snclient/config.go
+++ b/pkg/snclient/config.go
@@ -245,6 +245,9 @@ func (config *Config) ParseINI(file io.Reader, iniPath string) error {
 
 func (config *Config) parseInclude(inclPath, srcPath string) error {
 	log.Tracef("reading config include: %s", inclPath)
+	if !filepath.IsAbs(inclPath) {
+		inclPath = filepath.Join(filepath.Dir(srcPath), inclPath)
+	}
 	matchingPaths, err := filepath.Glob(inclPath)
 	if err != nil {
 		return fmt.Errorf("malformed include path: %s", err.Error())
diff --git a/pkg/snclient/config_test.go b/pkg/snclient/config_test.go
index 60c988b9..6dea7c27 100644
--- a/pkg/snclient/config_test.go
+++ b/pkg/snclient/config_test.go
@@ -265,3 +265,25 @@ func TestConfigPackaging(t *testing.T) {
 	assert.NoErrorf(t, err, "parse ini without error")
 	assert.Equalf(t, origConfig, strings.TrimSpace(cfg.ToString()), "default config should not change when opened and saved unchanged")
 }
+
+func TestConfigRelativeIncludes(t *testing.T) {
+	testDir, _ := os.Getwd()
+	pkgDir := filepath.Join(testDir, "t", "configs")
+	pkgCfgFile := filepath.Join(pkgDir, "snclient_incl.ini")
+
+	file, err := os.Open(pkgCfgFile)
+	assert.NoErrorf(t, err, "open ini without error")
+
+	cfg := NewConfig(true)
+	err = cfg.ParseINI(file, pkgCfgFile)
+	file.Close()
+	assert.NoErrorf(t, err, "config parsed")
+
+	section := cfg.Section("/settings/WEB/server")
+	webPort, _ := section.GetString("port")
+	assert.Equalf(t, "11122", webPort, "got web port")
+	useSSL, _ := section.GetString("use ssl")
+	assert.Equalf(t, "false", useSSL, "got use ssl")
+	webPassword, _ := section.GetString("password")
+	assert.Equalf(t, "INCL02PW", webPassword, "got password")
+}
diff --git a/pkg/snclient/t/configs/snclient_incl.ini b/pkg/snclient/t/configs/snclient_incl.ini
new file mode 100644
index 00000000..1eda78ef
--- /dev/null
+++ b/pkg/snclient/t/configs/snclient_incl.ini
@@ -0,0 +1,276 @@
+[/paths]
+; exe-path - Path to snclient executable (auto-detected).
+exe-path =
+
+; shared-path- Path to shared things.
+shared-path = /etc/snclient
+
+; scripts - Path to scripts.
+scripts = ${shared-path}/scripts
+
+; certificate-path - Path for certificates.
+certificate-path = ${shared-path}
+
+
+[/modules]
+; WEBServer - Enable HTTP REST API requests via check_nsc_web.
+WEBServer = enabled
+
+; NRPEServer - Enable NRPE server.
+NRPEServer = disabled
+
+; PrometheusServer - Enable /metrics HTTP server for the agent itself.
+PrometheusServer = enabled
+
+; CheckExternalScripts - Enable scripts from /settings/external scripts/...
+CheckExternalScripts = disabled
+
+; CheckSystem - Collect windows cpu metrics which can be queried by the check_cpu plugin.
+CheckSystem = enabled
+
+; CheckSystemUnix - Collect non-windows cpu metrics which can be queried by the check_cpu plugin.
+CheckSystemUnix = enabled
+
+; CheckDisk - Controls wether check_drivesize is allowed or not.
+CheckDisk = enabled
+
+; CheckWMI - Controls wether check_wmi is allowed or not.
+CheckWMI = disabled
+
+
+[/settings/default]
+; allowed hosts - List of ips/networks/hostname allowed to connect.
+allowed hosts = 127.0.0.1, ::1
+
+; cache allowed hosts - Cache resolved dns names.
+cache allowed hosts = true
+
+; timeout - Timeout when reading packets on incoming sockets.
+timeout = 30
+
+; bind to - Allows you to bind server to a specific local address.
+; This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses.
+bind to =
+
+; tls min version - Set minimum allowed tls version, leave empty to allow all versions
+; or specify one of: tls1.0, tls1.1, tls1.2, tls1.3
+tls min version = "tls1.1"
+
+
+; log - Configure log properties.
+[/settings/log]
+
+; file name - The file to write log data to.
+; Set this to none or /dev/null to disable log to file or use "stdout" or "stderr" to log there.
+file name = /var/log/snclient/snclient.log
+
+; level - Log level to use. Available levels are error,warning,info,debug,trace.
+level = info
+
+
+; log file - Configure log file properties.
+[/settings/log/file]
+
+; max size - When file size reaches this it will be truncated to 50% if set to 0 truncation will be disabled.
+max size = 0
+
+
+[/settings/updates]
+; automatic updates - Update snclient automatically.
+automatic updates = disabled
+
+; automatic restart - Automatically restart snclient after update is finished.
+automatic restart = disabled
+
+; channel - comma separated list of channel to search for updates.
+channel = stable
+
+; pre release - Control if pre releases from the stable channel should be considered as well.
+pre release = false
+
+; insecure - - Skip all ssl verifications.
+insecure = false
+
+; update hours - Set time range(s) in which updates are allowed.
+update hours = 0-24
+
+; update days - set day range(s) in which updates are allowed.
+update days  = mon-sun
+
+
+[/settings/updates/channel]
+; stable - This is the stable release channel.
+stable = https://api.github.com/repos/ConSol-monitoring/snclient/releases
+
+; dev - This url is for the development channel.
+dev = https://api.github.com/repos/ConSol-monitoring/snclient/actions/artifacts
+
+; custom - Any other url works as well.
+; custom - https://company-server.local/snclient/snclient-${goos}-${goarch}
+
+; local - Even local files can be checked.
+; local - file://z:\updates\snclient-${goos}-${goarch}
+
+
+[/settings/updates/channel/dev]
+; github token - the dev channel requires a github token to download the update
+;github token = <GITHUB-TOKEN>
+
+
+[/settings/NRPE/server]
+; insecure - - Skip all ssl verifications
+insecure = false
+
+; allow nasty characters - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
+allow nasty characters = false
+
+; port - Port to use for NRPE.
+port = 5666
+
+; allow arguments - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
+allow arguments = false
+
+; use ssl - This option controls if SSL will be enabled.
+use ssl = true
+
+; certificate - SSL certificate to use for the ssl server.
+certificate = ${certificate-path}/server.crt
+
+; certificate key - ssl private key to use for the ssl server.
+certificate key = ${certificate-path}/server.key
+
+; client certificates - require client certificate (list of pem files).
+;client certificates = ${certificate-path}/client1.pem, ${certificate-path}/client2.pem
+
+
+; Windows system - Section for windows system checks and system settings
+[/settings/system/windows]
+
+; default buffer length - Contols the counter bucket size ex.: for cpu counter.
+default buffer length = 1h
+
+
+; Unix system - Section for non windows system checks
+[/settings/system/unix]
+
+; default buffer length - Contols the counter bucket size ex.: for cpu counter.
+default buffer length = 1h
+
+
+; External script settings - General settings for the external scripts module (CheckExternalScripts).
+[/settings/external scripts]
+
+; timeout - The maximum time in seconds that a command can execute. (if more then this execution will be aborted).
+; NOTICE this only affects external commands not internal ones.
+timeout = 60
+
+; Allow certain potentially dangerous characters in arguments - This option determines whether or not
+; we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
+allow nasty characters = false
+
+; Allow arguments when executing external scripts - This option determines whether or not the we will allow
+; clients to specify arguments to commands that are executed.
+allow arguments = false
+
+; Script root folder - Root path where all scripts are contained (You can not upload/download scripts outside this folder).
+script root = ${scripts}
+
+; Load all scripts in a given folder - Load all (${script path}/*.*) scripts in a given directory and use them as commands.
+script path =
+
+; ignore perfdata - Do not parse performance data from the output
+ignore perfdata = no
+
+
+; External scripts - A list of scripts available to run from the CheckExternalScripts module.
+; Syntax is: `command=script arguments`
+[/settings/external scripts/scripts]
+
+
+; script: default - The configuration section for the  default script.
+[/settings/external scripts/scripts/default]
+
+; ignore perfdata - Do not parse performance data from the output
+ignore perfdata = no
+
+; command - Command to execute
+command =
+
+
+; Wrapped scripts - A list of wrapped scripts (ie. script using a template mechanism).
+; The template used will be defined by the extension of the script.
+; Thus a foo.ps1 will use the ps1 wrapping from the wrappings section.
+; Syntax is: `command=script`
+[/settings/external scripts/wrapped scripts]
+
+
+; Command aliases - A list of aliases for already defined commands (with arguments).
+; An alias is an internal command that has been predefined to provide a single command without arguments.
+; Be careful so you don't create loops (ie check_loop=check_a, check_a=check_loop)
+[/settings/external scripts/alias]
+
+
+; alias: default - The configuration section for the default alias
+[/settings/external scripts/alias/default]
+
+; ignore perfdata - Do not parse performance data from the output
+ignore perfdata = no
+
+; command - Command to execute
+command =
+
+
+; Script wrappings - A list of templates for defining script commands.
+; Enter any command line here and they will be expanded by scripts placed under
+; the wrapped scripts section.
+; %SCRIPT% will be replaced by the actual script and
+; %ARGS% will be replaced by any given arguments.
+[/settings/external scripts/wrappings]
+
+; Batch file - Command used for executing wrapped batch files
+bat = ${script root}\\%SCRIPT% %ARGS%
+
+; Visual basic script - Command line used for wrapped vbs scripts
+vbs = cscript.exe //T:30 //NoLogo ${script root}\\lib\\wrapper.vbs %SCRIPT% %ARGS%
+
+; Powershell Wrapping - Command line used for executing wrapped ps1 (powershell) scripts
+ps1 = cmd /c echo If (-Not (Test-Path "${script root}\%SCRIPT%") ) { Write-Host "UNKNOWN: Script `"%SCRIPT%`" not found."; exit(3) }; ${script root}\%SCRIPT% $ARGS$; exit($lastexitcode) | powershell.exe /noprofile -command -
+
+
+; Web server - Section for http REST service
+[/settings/WEB/server]
+; password - must be changed from default value, set to empty string to disable passwords.
+; password can be stored encrypted when using the format: <HASH>:<hashed password>, ex.: SHA256:...
+; supported hash algorithms are SHA256, you can use "snclient hash" to generate password hashes.
+password = CHANGEME
+
+; use ssl - This option controls if SSL will be enabled.
+use ssl = true
+
+; port - Port to use for WEB server.
+port = 8443
+
+; certificate - ssl certificate to use for the ssl server
+certificate = ${certificate-path}/server.crt
+
+; certificate key - ssl private key to use for the ssl server
+certificate key = ${certificate-path}/server.key
+
+; allow nasty characters - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
+allow nasty characters = false
+
+; allow arguments - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
+allow arguments = true
+
+
+[/settings/Prometheus/server]
+; port - Port to use for WEB server.
+port = 9999
+
+; use ssl - This option controls if SSL will be enabled.
+use ssl = false
+
+
+; INCLUDED FILES - Files to be included in the configuration
+[/includes]
+local = snclient_local*.ini
diff --git a/pkg/snclient/t/configs/snclient_local_01.ini b/pkg/snclient/t/configs/snclient_local_01.ini
new file mode 100644
index 00000000..6b7b49ae
--- /dev/null
+++ b/pkg/snclient/t/configs/snclient_local_01.ini
@@ -0,0 +1,7 @@
+[/settings/WEB/server]
+port = 11122
+use ssl = true
+password = INCL01PW
+
+[/includes]
+local = subdir/snclient_local*.ini
diff --git a/pkg/snclient/t/configs/subdir/snclient_local_02.ini b/pkg/snclient/t/configs/subdir/snclient_local_02.ini
new file mode 100644
index 00000000..4ae939f3
--- /dev/null
+++ b/pkg/snclient/t/configs/subdir/snclient_local_02.ini
@@ -0,0 +1,3 @@
+[/settings/WEB/server]
+use ssl = false
+password = INCL02PW