Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-12-12 07:22:41 +01:00
Code Issues Projects Releases Wiki Activity

Add structured logging system with color-coded output and file logging

Browse Source 
- Add comprehensive logging system with color-coded log levels
- Wrap all command executions with run_cmd() to capture output
- Add file logging with timestamps (default: openvpn-install.log)
- Suppress interactive prompts in auto-install mode
- Show log file location hint on errors
- Add E2E output validation to catch raw echo leaks
This commit is contained in:
Stanislas Lange
2025-12-07 23:09:59 +01:00
parent a3389c126c
commit 8a672e744f
5 changed files with 562 additions and 309 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docker-compose.yml
View File

@@ -5,7 +5,7 @@ services:
context: . context: .
dockerfile: test/Dockerfile.server dockerfile: test/Dockerfile.server
args: args:
BASE_IMAGE: ${BASE_IMAGE:-} BASE_IMAGE: ${BASE_IMAGE:-ubuntu:24.04}
container_name: openvpn-server container_name: openvpn-server
hostname: openvpn-server hostname: openvpn-server
cap_add: cap_add:

764
openvpn-install.sh
View File

File diff suppressed because it is too large Load Diff

3
test/Dockerfile.server
View File

@@ -35,7 +35,8 @@ RUN chmod +x /opt/openvpn-install.sh
# Copy test scripts # Copy test scripts
COPY test/server-entrypoint.sh /entrypoint.sh COPY test/server-entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh COPY test/validate-output.sh /opt/test/validate-output.sh
RUN chmod +x /entrypoint.sh /opt/test/validate-output.sh
WORKDIR /opt WORKDIR /opt

15
test/server-entrypoint.sh
View File

@@ -14,6 +14,7 @@ echo "TUN device ready"
# Set up environment for auto-install # Set up environment for auto-install
export AUTO_INSTALL=y export AUTO_INSTALL=y
export FORCE_COLOR=1
export APPROVE_INSTALL=y export APPROVE_INSTALL=y
export APPROVE_IP=y export APPROVE_IP=y
export IPV6_SUPPORT=n export IPV6_SUPPORT=n
@@ -34,11 +35,23 @@ chmod +x /tmp/openvpn-install.sh
echo "Running OpenVPN install script..." echo "Running OpenVPN install script..."
# Run in subshell because the script calls 'exit 0' after generating client config # Run in subshell because the script calls 'exit 0' after generating client config
# Capture output to validate logging format, while still displaying it
# Use || true to prevent set -e from exiting on failure, then check exit code # Use || true to prevent set -e from exiting on failure, then check exit code
(bash -x /tmp/openvpn-install.sh) && INSTALL_EXIT_CODE=0 || INSTALL_EXIT_CODE=$? INSTALL_OUTPUT="/tmp/install-output.log"
(bash /tmp/openvpn-install.sh) 2>&1 | tee "$INSTALL_OUTPUT" && INSTALL_EXIT_CODE=${PIPESTATUS[0]} || INSTALL_EXIT_CODE=${PIPESTATUS[0]}
echo "=== Installation complete (exit code: $INSTALL_EXIT_CODE) ===" echo "=== Installation complete (exit code: $INSTALL_EXIT_CODE) ==="
# Validate that all output uses proper logging format (ANSI color codes)
echo "Validating output format..."
if /opt/test/validate-output.sh "$INSTALL_OUTPUT"; then
echo "PASS: All script output uses proper log formatting"
else
echo "FAIL: Script output contains unformatted lines"
echo "This indicates echo statements that should use log_* functions"
exit 1
fi
if [ "$INSTALL_EXIT_CODE" -ne 0 ]; then if [ "$INSTALL_EXIT_CODE" -ne 0 ]; then
echo "ERROR: Install script failed with exit code $INSTALL_EXIT_CODE" echo "ERROR: Install script failed with exit code $INSTALL_EXIT_CODE"
exit 1 exit 1

87
test/validate-output.sh Executable file
View File

@@ -0,0 +1,87 @@
#!/bin/bash
# Validates that script output only contains properly formatted log messages
# All output from openvpn-install.sh should use logging functions
#
# Usage: ./validate-output.sh <output_file>
# Or pipe: some_command | ./validate-output.sh
set -euo pipefail
INPUT_FILE="${1:-/dev/stdin}"
# Valid output patterns:
# - Lines starting with ANSI escape codes (colored output)
# - Lines starting with our log prefixes (non-TTY mode)
# - Lines starting with > (command echo from run_cmd)
# - Empty lines
# ANSI escape code pattern
ANSI_PATTERN=$'^\033\\['
# Log prefix patterns (for non-TTY mode where colors are disabled)
# These match: [INFO], [WARN], [ERROR], [OK], [DEBUG], or > (command line)
LOG_PREFIXES='^(\[INFO\]|\[WARN\]|\[ERROR\]|\[OK\]|\[DEBUG\]|> )'
# Count issues
INVALID_LINES=0
TOTAL_LINES=0
LINE_NUM=0
echo "Validating script output for unformatted lines..."
echo ""
while IFS= read -r line || [[ -n "$line" ]]; do
LINE_NUM=$((LINE_NUM + 1))
# Skip empty lines
if [[ -z "$line" ]]; then
continue
fi
TOTAL_LINES=$((TOTAL_LINES + 1))
# Check if line starts with ANSI escape code (colored output from log functions)
if [[ "$line" =~ $ANSI_PATTERN ]]; then
continue
fi
# Check if line starts with our log prefixes (non-TTY mode)
if [[ "$line" =~ $LOG_PREFIXES ]]; then
continue
fi
# If we get here, the line doesn't match expected patterns - it's raw output
INVALID_LINES=$((INVALID_LINES + 1))
# Truncate long lines for display
if [[ ${#line} -gt 100 ]]; then
DISPLAY_LINE="${line:0:100}..."
else
DISPLAY_LINE="$line"
fi
echo " [LEAK] Line $LINE_NUM: $DISPLAY_LINE"
done <"$INPUT_FILE"
echo ""
echo "----------------------------------------"
echo "Total lines checked: $TOTAL_LINES"
echo "Invalid lines found: $INVALID_LINES"
if [[ $INVALID_LINES -gt 0 ]]; then
echo ""
echo "ERROR: Found $INVALID_LINES line(s) without proper log formatting."
echo ""
echo "All user-visible output should use log_* functions:"
echo " - log_info 'message' -> [INFO] message"
echo " - log_warn 'message' -> [WARN] message"
echo " - log_error 'message' -> [ERROR] message"
echo " - log_success 'message' -> [OK] message"
echo " - run_cmd 'desc' cmd -> > cmd"
echo ""
echo "Raw echo statements or command output should not leak to stdout."
exit 1
fi
echo ""
echo "All output is properly formatted!"
exit 0