Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aucolalecse - normalizations broken after upgrade to yaml.v2 #169

Closed
andrewkroh opened this issue Nov 8, 2024 · 1 comment
Closed

aucolalecse - normalizations broken after upgrade to yaml.v2 #169

andrewkroh opened this issue Nov 8, 2024 · 1 comment
Labels
bug

Comments

@andrewkroh
Copy link
Member

In #156, the project migrated from gopkg.in/yaml.v2 to yaml.v3. None of the tests detected a failure, but the unmarshaling of normalizations.yaml was broken. The test below detects the change.

The reason appears to be twofold:

  1. The Unmarshaler interface signature changed. https://pkg.go.dev/gopkg.in/yaml.v3#Unmarshaler
  2. YAML anchors no longer deep-merge.
diff --git a/aucoalesce/normalize_test.go b/aucoalesce/normalize_test.go
index 478a01f..6d86358 100644
--- a/aucoalesce/normalize_test.go
+++ b/aucoalesce/normalize_test.go
@@ -18,7 +18,6 @@
 package aucoalesce
 
 import (
-	"io/ioutil"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -31,14 +30,24 @@ func TestNormInit(t *testing.T) {
 }
 
 func TestLoadNormalizationConfig(t *testing.T) {
-	b, err := ioutil.ReadFile("normalizations.yaml")
+	_, recordTypes, err := LoadNormalizationConfig(normalizationDataYAML)
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	if _, _, err := LoadNormalizationConfig(b); err != nil {
-		t.Fatal(err)
+	if len(recordTypes["USER_ROLE_CHANGE"]) != 1 {
+		t.Fatal("expected single normalization")
 	}
+	n := recordTypes["USER_ROLE_CHANGE"][0]
+
+	assert.Equal(t, n.Subject.PrimaryFieldName.Values, []string{"auid"})
+	assert.Equal(t, n.Subject.SecondaryFieldName.Values, []string{"acct", "id", "uid"})
+
+	assert.Equal(t, n.Object.PrimaryFieldName.Values, []string{"selected-context"})
+	assert.Equal(t, n.Object.SecondaryFieldName.Values, []string{"addr", "hostname"})
+	assert.Equal(t, n.Object.What, "user-session")
+
+	assert.Equal(t, n.How.Values, []string{"exe", "terminal"})
 }
 
 var stringsYAML = `
@andrewkroh andrewkroh added the bug label Nov 8, 2024
This was referenced Nov 8, 2024
Merged
Merged
andrewkroh added a commit that referenced this issue Nov 22, 2024
@andrewkroh
aucoalesce - Fix yaml.v3 upgrade issues (#170)
bb6a63c 
This change addresses #169 to fix bugs introduced during the upgrade from yaml.v2 to yaml.v3.

Add failing test case: A test case has been added to highlight the regression.

Update yaml.v3 Unmarshaler implementation: The yaml.Unmarshaler interface changed between yaml.v2 and yaml.v3, but the implementation was not updated accordingly. This commit ensures that the yaml.Unmarshaler interface is correctly implemented and adds compile-time checks to ensure proper interface adherence.

Flatten keys in normalizations.yaml to avoid deep merge issues: Under yaml.v3, anchors with objects do not perform a deep merge as expected in previous versions. To address this, the structure in normalizations.yaml has been flattened, replacing the object-based merging with a flatter structure. This ensures the expected behavior where keys in later nodes override keys from earlier ones. The flattening of normalizations.yaml was aided by https://gist.github.com/andrewkroh/e7212a1ff033a0227f7c8d3fa7df8973 (white space changes were manually reverted).

Enable strict YAML decoding: This change enforces strict decoding of normalizations.yaml to ensure all fields are explicitly defined in the corresponding struct. This helps catch potential typos or undefined fields.
@andrewkroh
Copy link
Member Author

Fixed by #170.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@andrewkroh