lib/config/export.go

   1 // Copyright (C) The Arvados Authors. All rights reserved.
   2 //
   3 // SPDX-License-Identifier: AGPL-3.0
   4
   5 package config
   6
   7 import (
   8         "encoding/json"
   9         "errors"
  10         "fmt"
  11         "io"
  12         "strings"
  13
  14         "git.curoverse.com/arvados.git/sdk/go/arvados"
  15 )
  16
  17 // ExportJSON writes a JSON object with the safe (non-secret) portions
  18 // of the cluster config to w.
  19 func ExportJSON(w io.Writer, cluster *arvados.Cluster) error {
  20         buf, err := json.Marshal(cluster)
  21         if err != nil {
  22                 return err
  23         }
  24         var m map[string]interface{}
  25         err = json.Unmarshal(buf, &m)
  26         if err != nil {
  27                 return err
  28         }
  29         err = redactUnsafe(m, "", "")
  30         if err != nil {
  31                 return err
  32         }
  33         return json.NewEncoder(w).Encode(m)
  34 }
  35
  36 // whitelist classifies configs as safe/unsafe to reveal to
  37 // unauthenticated clients.
  38 //
  39 // Every config entry must either be listed explicitly here along with
  40 // all of its parent keys (e.g., "API" + "API.RequestTimeout"), or
  41 // have an ancestor listed as false (e.g.,
  42 // "PostgreSQL.Connection.password" has an ancestor
  43 // "PostgreSQL.Connection" with a false value). Otherwise, it is a bug
  44 // which should be caught by tests.
  45 //
  46 // Example: API.RequestTimeout is safe because whitelist["API"] == and
  47 // whitelist["API.RequestTimeout"] == true.
  48 //
  49 // Example: PostgreSQL.Connection.password is not safe because
  50 // whitelist["PostgreSQL.Connection"] == false.
  51 //
  52 // Example: PostgreSQL.BadKey would cause an error because
  53 // whitelist["PostgreSQL"] isn't false, and neither
  54 // whitelist["PostgreSQL.BadKey"] nor whitelist["PostgreSQL.*"]
  55 // exists.
  56 var whitelist = map[string]bool{
  57         // | sort -t'"' -k2,2
  58         "API":                                        true,
  59         "API.AsyncPermissionsUpdateInterval":         false,
  60         "API.DisabledAPIs":                           false,
  61         "API.MaxIndexDatabaseRead":                   false,
  62         "API.MaxItemsPerResponse":                    true,
  63         "API.MaxRequestAmplification":                false,
  64         "API.MaxRequestSize":                         true,
  65         "API.RailsSessionSecretToken":                false,
  66         "API.RequestTimeout":                         true,
  67         "AuditLogs":                                  false,
  68         "AuditLogs.MaxAge":                           false,
  69         "AuditLogs.MaxDeleteBatch":                   false,
  70         "AuditLogs.UnloggedAttributes":               false,
  71         "Collections":                                true,
  72         "Collections.BlobSigning":                    true,
  73         "Collections.BlobSigningKey":                 false,
  74         "Collections.BlobSigningTTL":                 true,
  75         "Collections.CollectionVersioning":           false,
  76         "Collections.DefaultReplication":             true,
  77         "Collections.DefaultTrashLifetime":           true,
  78         "Collections.ManagedProperties":              true,
  79         "Collections.ManagedProperties.*":            true,
  80         "Collections.ManagedProperties.*.*":          true,
  81         "Collections.PreserveVersionIfIdle":          true,
  82         "Collections.TrashSweepInterval":             false,
  83         "Containers":                                 true,
  84         "Containers.CloudVMs":                        false,
  85         "Containers.DefaultKeepCacheRAM":             true,
  86         "Containers.DispatchPrivateKey":              false,
  87         "Containers.JobsAPI":                         true,
  88         "Containers.JobsAPI.CrunchJobUser":           false,
  89         "Containers.JobsAPI.CrunchJobWrapper":        false,
  90         "Containers.JobsAPI.CrunchRefreshTrigger":    false,
  91         "Containers.JobsAPI.DefaultDockerImage":      false,
  92         "Containers.JobsAPI.Enable":                  true,
  93         "Containers.JobsAPI.GitInternalDir":          false,
  94         "Containers.JobsAPI.ReuseJobIfOutputsDiffer": false,
  95         "Containers.Logging":                         false,
  96         "Containers.LogReuseDecisions":               false,
  97         "Containers.MaxComputeVMs":                   false,
  98         "Containers.MaxDispatchAttempts":             false,
  99         "Containers.MaxRetryAttempts":                true,
 100         "Containers.SLURM":                           false,
 101         "Containers.StaleLockTimeout":                false,
 102         "Containers.SupportedDockerImageFormats":     true,
 103         "Containers.UsePreemptibleInstances":         true,
 104         "Git":                                        false,
 105         "InstanceTypes":                              true,
 106         "InstanceTypes.*":                            true,
 107         "InstanceTypes.*.*":                          true,
 108         "Login":                                      false,
 109         "Mail":                                       false,
 110         "ManagementToken":                            false,
 111         "PostgreSQL":                                 false,
 112         "RemoteClusters":                             true,
 113         "RemoteClusters.*":                           true,
 114         "RemoteClusters.*.ActivateUsers":             true,
 115         "RemoteClusters.*.Host":                      true,
 116         "RemoteClusters.*.Insecure":                  true,
 117         "RemoteClusters.*.Proxy":                     true,
 118         "RemoteClusters.*.Scheme":                    true,
 119         "Services":                                   true,
 120         "Services.*":                                 true,
 121         "Services.*.ExternalURL":                     true,
 122         "Services.*.InternalURLs":                    false,
 123         "SystemLogs":                                 false,
 124         "SystemRootToken":                            false,
 125         "TLS":                                        false,
 126         "Users":                                      false,
 127         "Workbench":                                  false,
 128 }
 129
 130 func redactUnsafe(m map[string]interface{}, mPrefix, lookupPrefix string) error {
 131         var errs []string
 132         for k, v := range m {
 133                 lookupKey := k
 134                 safe, ok := whitelist[lookupPrefix+k]
 135                 if !ok {
 136                         lookupKey = "*"
 137                         safe, ok = whitelist[lookupPrefix+"*"]
 138                 }
 139                 if !ok {
 140                         errs = append(errs, fmt.Sprintf("config bug: key %q not in whitelist map", lookupPrefix+k))
 141                         continue
 142                 }
 143                 if !safe {
 144                         delete(m, k)
 145                         continue
 146                 }
 147                 if v, ok := v.(map[string]interface{}); ok {
 148                         err := redactUnsafe(v, mPrefix+k+".", lookupPrefix+lookupKey+".")
 149                         if err != nil {
 150                                 errs = append(errs, err.Error())
 151                         }
 152                 }
 153         }
 154         if len(errs) > 0 {
 155                 return errors.New(strings.Join(errs, "\n"))
 156         }
 157         return nil
 158 }