MCPcopy Index your code
hub / github.com/cortexproject/cortex / TestConfigEndpoint_SecretsMasked

Function TestConfigEndpoint_SecretsMasked

pkg/cortex/modules_test.go:256–287  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

254}
255
256func TestConfigEndpoint_SecretsMasked(t *testing.T) {
257 cfg := newDefaultConfig()
258
259 // Use reflection to find every flagext.Secret field in the config and set
260 // it to a sentinel value. This ensures newly added Secret fields are
261 // automatically covered without updating this test.
262 sentinel := "LEAKED_SECRET_VALUE"
263 setAllSecrets(reflect.ValueOf(cfg), sentinel)
264
265 cortex := &Cortex{
266 Server: &server.Server{},
267 Cfg: *cfg,
268 }
269 cortex.Server.HTTP = mux.NewRouter()
270
271 _, err := cortex.initAPI()
272 require.NoError(t, err)
273
274 req := httptest.NewRequest("GET", "/config", nil)
275 resp := httptest.NewRecorder()
276 cortex.Server.HTTP.ServeHTTP(resp, req)
277
278 require.Equal(t, 200, resp.Code)
279
280 body := resp.Body.String()
281
282 // Verify the sentinel never appears in cleartext.
283 assert.NotContains(t, body, sentinel, "a flagext.Secret value was leaked in /config output")
284
285 // Verify at least one masked value is present (sanity check).
286 assert.Contains(t, body, "********", "expected masked secrets in /config output")
287}
288
289// TestConfig_SensitiveFieldTypes verifies that every struct field in Config
290// whose YAML tag name suggests a credential uses flagext.Secret, not string.

Callers

nothing calls this directly

Calls 6

initAPIMethod · 0.95
newDefaultConfigFunction · 0.85
setAllSecretsFunction · 0.85
EqualMethod · 0.65
StringMethod · 0.65
ServeHTTPMethod · 0.45

Tested by

no test coverage detected