X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/72a8b3582d925ea30fe78697ff76bafb20d8bd9e..4c30d75e647f42318fd0069613b3ed4f82c70ea0:/lib/config/load.go diff --git a/lib/config/load.go b/lib/config/load.go index f9ee6989d2..7eb4039100 100644 --- a/lib/config/load.go +++ b/lib/config/load.go @@ -13,9 +13,10 @@ import ( "io" "io/ioutil" "os" + "regexp" "strings" - "git.curoverse.com/arvados.git/sdk/go/arvados" + "git.arvados.org/arvados.git/sdk/go/arvados" "github.com/ghodss/yaml" "github.com/imdario/mergo" "github.com/sirupsen/logrus" @@ -26,18 +27,18 @@ var ErrNoClustersDefined = errors.New("config does not define any clusters") type Loader struct { Stdin io.Reader Logger logrus.FieldLogger - SkipDeprecated bool // Don't load legacy/deprecated config keys/files + SkipDeprecated bool // Don't load deprecated config keys + SkipLegacy bool // Don't load legacy config files + SkipAPICalls bool // Don't do checks that call RailsAPI/controller Path string KeepstorePath string + KeepWebPath string CrunchDispatchSlurmPath string WebsocketPath string - - // Legacy config file for the current component (will be the - // same as one of the above files). If set, not being able to - // load the 'main' config.yml will not be a fatal error, but - // the the legacy file will be required instead. - LegacyComponentConfig string + KeepproxyPath string + GitHttpdPath string + KeepBalancePath string configdata []byte } @@ -64,9 +65,16 @@ func NewLoader(stdin io.Reader, logger logrus.FieldLogger) *Loader { // // ldr.Path == "/tmp/c.yaml" func (ldr *Loader) SetupFlags(flagset *flag.FlagSet) { flagset.StringVar(&ldr.Path, "config", arvados.DefaultConfigFile, "Site configuration `file` (default may be overridden by setting an ARVADOS_CONFIG environment variable)") - flagset.StringVar(&ldr.KeepstorePath, "legacy-keepstore-config", defaultKeepstoreConfigPath, "Legacy keepstore configuration `file`") - flagset.StringVar(&ldr.CrunchDispatchSlurmPath, "legacy-crunch-dispatch-slurm-config", defaultCrunchDispatchSlurmConfigPath, "Legacy crunch-dispatch-slurm configuration `file`") - flagset.StringVar(&ldr.WebsocketPath, "legacy-ws-config", defaultWebsocketConfigPath, "Legacy arvados-ws configuration `file`") + if !ldr.SkipLegacy { + flagset.StringVar(&ldr.KeepstorePath, "legacy-keepstore-config", defaultKeepstoreConfigPath, "Legacy keepstore configuration `file`") + flagset.StringVar(&ldr.KeepWebPath, "legacy-keepweb-config", defaultKeepWebConfigPath, "Legacy keep-web configuration `file`") + flagset.StringVar(&ldr.CrunchDispatchSlurmPath, "legacy-crunch-dispatch-slurm-config", defaultCrunchDispatchSlurmConfigPath, "Legacy crunch-dispatch-slurm configuration `file`") + flagset.StringVar(&ldr.WebsocketPath, "legacy-ws-config", defaultWebsocketConfigPath, "Legacy arvados-ws configuration `file`") + flagset.StringVar(&ldr.KeepproxyPath, "legacy-keepproxy-config", defaultKeepproxyConfigPath, "Legacy keepproxy configuration `file`") + flagset.StringVar(&ldr.GitHttpdPath, "legacy-git-httpd-config", defaultGitHttpdConfigPath, "Legacy arv-git-httpd configuration `file`") + flagset.StringVar(&ldr.KeepBalancePath, "legacy-keepbalance-config", defaultKeepBalanceConfigPath, "Legacy keep-balance configuration `file`") + flagset.BoolVar(&ldr.SkipLegacy, "skip-legacy", false, "Don't load legacy config files") + } } // MungeLegacyConfigArgs checks args for a -config flag whose argument @@ -125,6 +133,31 @@ func (ldr *Loader) MungeLegacyConfigArgs(lgr logrus.FieldLogger, args []string, } } } + + // Disable legacy config loading for components other than the + // one that was specified + if legacyConfigArg != "-legacy-keepstore-config" { + ldr.KeepstorePath = "" + } + if legacyConfigArg != "-legacy-crunch-dispatch-slurm-config" { + ldr.CrunchDispatchSlurmPath = "" + } + if legacyConfigArg != "-legacy-ws-config" { + ldr.WebsocketPath = "" + } + if legacyConfigArg != "-legacy-keepweb-config" { + ldr.KeepWebPath = "" + } + if legacyConfigArg != "-legacy-keepproxy-config" { + ldr.KeepproxyPath = "" + } + if legacyConfigArg != "-legacy-git-httpd-config" { + ldr.GitHttpdPath = "" + } + if legacyConfigArg != "-legacy-keepbalance-config" { + ldr.KeepBalancePath = "" + } + return munged } @@ -144,15 +177,10 @@ func (ldr *Loader) Load() (*arvados.Config, error) { if ldr.configdata == nil { buf, err := ldr.loadBytes(ldr.Path) if err != nil { - if ldr.LegacyComponentConfig != "" && os.IsNotExist(err) && !ldr.SkipDeprecated { - buf = []byte(`Clusters: {zzzzz: {}}`) - } else { - return nil, err - } + return nil, err } ldr.configdata = buf } - noConfigLoaded := bytes.Compare(ldr.configdata, []byte(`Clusters: {zzzzz: {}}`)) == 0 // Load the config into a dummy map to get the cluster ID // keys, discarding the values; then set up defaults for each @@ -218,19 +246,21 @@ func (ldr *Loader) Load() (*arvados.Config, error) { if err != nil { return nil, err } + } + if !ldr.SkipLegacy { // legacy file is required when either: // * a non-default location was specified // * no primary config was loaded, and this is the // legacy config file for the current component for _, err := range []error{ - ldr.loadOldKeepstoreConfig(&cfg, (ldr.KeepstorePath != defaultKeepstoreConfigPath) || - (noConfigLoaded && ldr.LegacyComponentConfig == ldr.KeepstorePath)), - - ldr.loadOldCrunchDispatchSlurmConfig(&cfg, (ldr.CrunchDispatchSlurmPath != defaultCrunchDispatchSlurmConfigPath) || - (noConfigLoaded && ldr.LegacyComponentConfig == ldr.CrunchDispatchSlurmPath)), - - ldr.loadOldWebsocketConfig(&cfg, (ldr.WebsocketPath != defaultWebsocketConfigPath) || - (noConfigLoaded && ldr.LegacyComponentConfig == ldr.WebsocketPath)), + ldr.loadOldEnvironmentVariables(&cfg), + ldr.loadOldKeepstoreConfig(&cfg), + ldr.loadOldKeepWebConfig(&cfg), + ldr.loadOldCrunchDispatchSlurmConfig(&cfg), + ldr.loadOldWebsocketConfig(&cfg), + ldr.loadOldKeepproxyConfig(&cfg), + ldr.loadOldGitHttpdConfig(&cfg), + ldr.loadOldKeepBalanceConfig(&cfg), } { if err != nil { return nil, err @@ -240,14 +270,36 @@ func (ldr *Loader) Load() (*arvados.Config, error) { // Check for known mistakes for id, cc := range cfg.Clusters { - err = checkKeyConflict(fmt.Sprintf("Clusters.%s.PostgreSQL.Connection", id), cc.PostgreSQL.Connection) - if err != nil { - return nil, err + for _, err = range []error{ + ldr.checkToken(fmt.Sprintf("Clusters.%s.ManagementToken", id), cc.ManagementToken), + ldr.checkToken(fmt.Sprintf("Clusters.%s.SystemRootToken", id), cc.SystemRootToken), + ldr.checkToken(fmt.Sprintf("Clusters.%s.Collections.BlobSigningKey", id), cc.Collections.BlobSigningKey), + checkKeyConflict(fmt.Sprintf("Clusters.%s.PostgreSQL.Connection", id), cc.PostgreSQL.Connection), + ldr.checkEmptyKeepstores(cc), + ldr.checkUnlistedKeepstores(cc), + } { + if err != nil { + return nil, err + } } } return &cfg, nil } +var acceptableTokenRe = regexp.MustCompile(`^[a-zA-Z0-9]+$`) +var acceptableTokenLength = 32 + +func (ldr *Loader) checkToken(label, token string) error { + if token == "" { + ldr.Logger.Warnf("%s: secret token is not set (use %d+ random characters from a-z, A-Z, 0-9)", label, acceptableTokenLength) + } else if !acceptableTokenRe.MatchString(token) { + return fmt.Errorf("%s: unacceptable characters in token (only a-z, A-Z, 0-9 are acceptable)", label) + } else if len(token) < acceptableTokenLength { + ldr.Logger.Warnf("%s: token is too short (should be at least %d characters)", label, acceptableTokenLength) + } + return nil +} + func checkKeyConflict(label string, m map[string]string) error { saw := map[string]bool{} for k := range m {