lib/config/export.go

   1 // Copyright (C) The Arvados Authors. All rights reserved.
   2 //
   3 // SPDX-License-Identifier: AGPL-3.0
   4
   5 package config
   6
   7 import (
   8         "encoding/json"
   9         "errors"
  10         "fmt"
  11         "io"
  12         "strings"
  13
  14         "git.arvados.org/arvados.git/sdk/go/arvados"
  15 )
  16
  17 // ExportJSON writes a JSON object with the safe (non-secret) portions
  18 // of the cluster config to w.
  19 func ExportJSON(w io.Writer, cluster *arvados.Cluster) error {
  20         buf, err := json.Marshal(cluster)
  21         if err != nil {
  22                 return err
  23         }
  24         var m map[string]interface{}
  25         err = json.Unmarshal(buf, &m)
  26         if err != nil {
  27                 return err
  28         }
  29
  30         // ClusterID is not marshalled by default (see `json:"-"`).
  31         // Add it back here so it is included in the exported config.
  32         m["ClusterID"] = cluster.ClusterID
  33         err = redactUnsafe(m, "", "")
  34         if err != nil {
  35                 return err
  36         }
  37         return json.NewEncoder(w).Encode(m)
  38 }
  39
  40 // whitelist classifies configs as safe/unsafe to reveal to
  41 // unauthenticated clients.
  42 //
  43 // Every config entry must either be listed explicitly here along with
  44 // all of its parent keys (e.g., "API" + "API.RequestTimeout"), or
  45 // have an ancestor listed as false (e.g.,
  46 // "PostgreSQL.Connection.password" has an ancestor
  47 // "PostgreSQL.Connection" with a false value). Otherwise, it is a bug
  48 // which should be caught by tests.
  49 //
  50 // Example: API.RequestTimeout is safe because whitelist["API"] == and
  51 // whitelist["API.RequestTimeout"] == true.
  52 //
  53 // Example: PostgreSQL.Connection.password is not safe because
  54 // whitelist["PostgreSQL.Connection"] == false.
  55 //
  56 // Example: PostgreSQL.BadKey would cause an error because
  57 // whitelist["PostgreSQL"] isn't false, and neither
  58 // whitelist["PostgreSQL.BadKey"] nor whitelist["PostgreSQL.*"]
  59 // exists.
  60 var whitelist = map[string]bool{
  61         // | sort -t'"' -k2,2
  62         "ClusterID":                                    true,
  63         "API":                                          true,
  64         "API.AsyncPermissionsUpdateInterval":           false,
  65         "API.DisabledAPIs":                             false,
  66         "API.MaxConcurrentRequests":                    false,
  67         "API.MaxIndexDatabaseRead":                     false,
  68         "API.MaxItemsPerResponse":                      true,
  69         "API.MaxKeepBlobBuffers":                       false,
  70         "API.MaxRequestAmplification":                  false,
  71         "API.MaxRequestSize":                           true,
  72         "API.RailsSessionSecretToken":                  false,
  73         "API.RequestTimeout":                           true,
  74         "API.WebsocketClientEventQueue":                false,
  75         "API.SendTimeout":                              true,
  76         "API.WebsocketServerEventQueue":                false,
  77         "API.KeepServiceRequestTimeout":                false,
  78         "AuditLogs":                                    false,
  79         "AuditLogs.MaxAge":                             false,
  80         "AuditLogs.MaxDeleteBatch":                     false,
  81         "AuditLogs.UnloggedAttributes":                 false,
  82         "Collections":                                  true,
  83         "Collections.BlobSigning":                      true,
  84         "Collections.BlobSigningKey":                   false,
  85         "Collections.BlobSigningTTL":                   true,
  86         "Collections.BlobTrash":                        false,
  87         "Collections.BlobTrashLifetime":                false,
  88         "Collections.BlobTrashConcurrency":             false,
  89         "Collections.BlobTrashCheckInterval":           false,
  90         "Collections.BlobDeleteConcurrency":            false,
  91         "Collections.BlobReplicateConcurrency":         false,
  92         "Collections.CollectionVersioning":             false,
  93         "Collections.DefaultReplication":               true,
  94         "Collections.DefaultTrashLifetime":             true,
  95         "Collections.ForwardSlashNameSubstitution":     true,
  96         "Collections.ManagedProperties":                true,
  97         "Collections.ManagedProperties.*":              true,
  98         "Collections.ManagedProperties.*.*":            true,
  99         "Collections.PreserveVersionIfIdle":            true,
 100         "Collections.TrashSweepInterval":               false,
 101         "Collections.TrustAllContent":                  false,
 102         "Collections.WebDAVCache":                      false,
 103         "Collections.BalanceCollectionBatch":           false,
 104         "Collections.BalancePeriod":                    false,
 105         "Collections.BlobMissingReport":                false,
 106         "Collections.BalanceCollectionBuffers":         false,
 107         "Containers":                                   true,
 108         "Containers.CloudVMs":                          false,
 109         "Containers.CrunchRunCommand":                  false,
 110         "Containers.CrunchRunArgumentsList":            false,
 111         "Containers.DefaultKeepCacheRAM":               true,
 112         "Containers.DispatchPrivateKey":                false,
 113         "Containers.JobsAPI":                           true,
 114         "Containers.JobsAPI.Enable":                    true,
 115         "Containers.JobsAPI.GitInternalDir":            false,
 116         "Containers.Logging":                           false,
 117         "Containers.LogReuseDecisions":                 false,
 118         "Containers.MaxComputeVMs":                     false,
 119         "Containers.MaxDispatchAttempts":               false,
 120         "Containers.MaxRetryAttempts":                  true,
 121         "Containers.MinRetryPeriod":                    true,
 122         "Containers.ReserveExtraRAM":                   true,
 123         "Containers.SLURM":                             false,
 124         "Containers.StaleLockTimeout":                  false,
 125         "Containers.SupportedDockerImageFormats":       true,
 126         "Containers.SupportedDockerImageFormats.*":     true,
 127         "Containers.UsePreemptibleInstances":           true,
 128         "ForceLegacyAPI14":                             false,
 129         "Git":                                          false,
 130         "InstanceTypes":                                true,
 131         "InstanceTypes.*":                              true,
 132         "InstanceTypes.*.*":                            true,
 133         "Login":                                        true,
 134         "Login.GoogleClientID":                         false,
 135         "Login.GoogleClientSecret":                     false,
 136         "Login.GoogleAlternateEmailAddresses":          false,
 137         "Login.ProviderAppID":                          false,
 138         "Login.ProviderAppSecret":                      false,
 139         "Login.LoginCluster":                           true,
 140         "Login.RemoteTokenRefresh":                     true,
 141         "Mail":                                         false,
 142         "ManagementToken":                              false,
 143         "PostgreSQL":                                   false,
 144         "RemoteClusters":                               true,
 145         "RemoteClusters.*":                             true,
 146         "RemoteClusters.*.ActivateUsers":               true,
 147         "RemoteClusters.*.Host":                        true,
 148         "RemoteClusters.*.Insecure":                    true,
 149         "RemoteClusters.*.Proxy":                       true,
 150         "RemoteClusters.*.Scheme":                      true,
 151         "Services":                                     true,
 152         "Services.*":                                   true,
 153         "Services.*.ExternalURL":                       true,
 154         "Services.*.InternalURLs":                      false,
 155         "SystemLogs":                                   false,
 156         "SystemRootToken":                              false,
 157         "TLS":                                          false,
 158         "Users":                                        true,
 159         "Users.AnonymousUserToken":                     true,
 160         "Users.AdminNotifierEmailFrom":                 false,
 161         "Users.AutoAdminFirstUser":                     false,
 162         "Users.AutoAdminUserWithEmail":                 false,
 163         "Users.AutoSetupNewUsers":                      false,
 164         "Users.AutoSetupNewUsersWithRepository":        false,
 165         "Users.AutoSetupNewUsersWithVmUUID":            false,
 166         "Users.AutoSetupUsernameBlacklist":             false,
 167         "Users.EmailSubjectPrefix":                     false,
 168         "Users.NewInactiveUserNotificationRecipients":  false,
 169         "Users.NewUserNotificationRecipients":          false,
 170         "Users.NewUsersAreActive":                      false,
 171         "Users.PreferDomainForUsername":                false,
 172         "Users.UserNotifierEmailFrom":                  false,
 173         "Users.UserProfileNotificationAddress":         false,
 174         "Volumes":                                      true,
 175         "Volumes.*":                                    true,
 176         "Volumes.*.*":                                  false,
 177         "Volumes.*.AccessViaHosts":                     true,
 178         "Volumes.*.AccessViaHosts.*":                   true,
 179         "Volumes.*.AccessViaHosts.*.ReadOnly":          true,
 180         "Volumes.*.ReadOnly":                           true,
 181         "Volumes.*.Replication":                        true,
 182         "Volumes.*.StorageClasses":                     true,
 183         "Volumes.*.StorageClasses.*":                   false,
 184         "Workbench":                                    true,
 185         "Workbench.ActivationContactLink":              false,
 186         "Workbench.APIClientConnectTimeout":            true,
 187         "Workbench.APIClientReceiveTimeout":            true,
 188         "Workbench.APIResponseCompression":             true,
 189         "Workbench.ApplicationMimetypesWithViewIcon":   true,
 190         "Workbench.ApplicationMimetypesWithViewIcon.*": true,
 191         "Workbench.ArvadosDocsite":                     true,
 192         "Workbench.ArvadosPublicDataDocURL":            true,
 193         "Workbench.DefaultOpenIdPrefix":                false,
 194         "Workbench.EnableGettingStartedPopup":          true,
 195         "Workbench.EnablePublicProjectsPage":           true,
 196         "Workbench.FileViewersConfigURL":               true,
 197         "Workbench.LogViewerMaxBytes":                  true,
 198         "Workbench.MultiSiteSearch":                    true,
 199         "Workbench.ProfilingEnabled":                   true,
 200         "Workbench.Repositories":                       false,
 201         "Workbench.RepositoryCache":                    false,
 202         "Workbench.RunningJobLogRecordsToFetch":        true,
 203         "Workbench.SecretKeyBase":                      false,
 204         "Workbench.ShowRecentCollectionsOnDashboard":   true,
 205         "Workbench.ShowUserAgreementInline":            true,
 206         "Workbench.ShowUserNotifications":              true,
 207         "Workbench.SiteName":                           true,
 208         "Workbench.Theme":                              true,
 209         "Workbench.UserProfileFormFields":              true,
 210         "Workbench.UserProfileFormFields.*":            true,
 211         "Workbench.UserProfileFormFields.*.*":          true,
 212         "Workbench.UserProfileFormFields.*.*.*":        true,
 213         "Workbench.UserProfileFormMessage":             true,
 214         "Workbench.VocabularyURL":                      true,
 215         "Workbench.WelcomePageHTML":                    true,
 216         "Workbench.InactivePageHTML":                   true,
 217 }
 218
 219 func redactUnsafe(m map[string]interface{}, mPrefix, lookupPrefix string) error {
 220         var errs []string
 221         for k, v := range m {
 222                 lookupKey := k
 223                 safe, ok := whitelist[lookupPrefix+k]
 224                 if !ok {
 225                         lookupKey = "*"
 226                         safe, ok = whitelist[lookupPrefix+"*"]
 227                 }
 228                 if !ok {
 229                         errs = append(errs, fmt.Sprintf("config bug: key %q not in whitelist map", lookupPrefix+k))
 230                         continue
 231                 }
 232                 if !safe {
 233                         delete(m, k)
 234                         continue
 235                 }
 236                 if v, ok := v.(map[string]interface{}); ok {
 237                         err := redactUnsafe(v, mPrefix+k+".", lookupPrefix+lookupKey+".")
 238                         if err != nil {
 239                                 errs = append(errs, err.Error())
 240                         }
 241                 }
 242         }
 243         if len(errs) > 0 {
 244                 return errors.New(strings.Join(errs, "\n"))
 245         }
 246         return nil
 247 }