15467: Services only load their own legacy config files

Services may be configured to run as different users, so (for example)
crunch-dispatch-slurm attempting to load another component's legacy
config results in permission error.  Don't do that.

Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz@veritasgenetics.com>

diff --git a/apps/workbench/config/arvados_config.rb b/apps/workbench/config/arvados_config.rb
index c0ecfde25f55de68491c29745240d1581dd94e59..c1340b4ff50a04a8bb88fc62a9d358c7dc0f0633 100644 (file)
--- a/apps/workbench/config/arvados_config.rb
+++ b/apps/workbench/config/arvados_config.rb
@@ -21,7 +21,7 @@ require 'open3'
 
 # Load the defaults, used by config:migrate and fallback loading
 # legacy application.yml
-Open3.popen2("arvados-server", "config-dump", "-config=-") do |stdin, stdout, status_thread|
+Open3.popen2("arvados-server", "config-dump", "-config=-", "-skip-legacy") do |stdin, stdout, status_thread|
   stdin.write("Clusters: {xxxxx: {}}")
   stdin.close
   confs = YAML.load(stdout, deserialize_symbols: false)
@@ -31,7 +31,7 @@ Open3.popen2("arvados-server", "config-dump", "-config=-") do |stdin, stdout, st
 end
 
 # Load the global config file
-Open3.popen2("arvados-server", "config-dump") do |stdin, stdout, status_thread|
+Open3.popen2("arvados-server", "config-dump", "-skip-legacy") do |stdin, stdout, status_thread|
   confs = YAML.load(stdout, deserialize_symbols: false)
   if confs && !confs.empty?
     # config-dump merges defaults with user configuration, so every

diff --git a/lib/config/cmd.go b/lib/config/cmd.go
index 5cb76fc35d63bd331f92e7ec02fccc1084a0c0e6..e9ceaca8642af7dbb7e993fa0b52de6e81566d63 100644 (file)
--- a/lib/config/cmd.go
+++ b/lib/config/cmd.go
@@ -113,11 +113,13 @@ func (checkCommand) RunCommand(prog string, args []string, stdin io.Reader, stdo
        // such that the deprecated keys/files are superfluous and can
        // be deleted.
        loader.SkipDeprecated = true
+       loader.SkipLegacy = true
        withoutDepr, err := loader.Load()
        if err != nil {
                return 1
        }
        loader.SkipDeprecated = false
+       loader.SkipLegacy = false
        withDepr, err := loader.Load()
        if err != nil {
                return 1

diff --git a/lib/config/deprecated.go b/lib/config/deprecated.go
index 3e1ec7278bcf4662dafbddb0314a8f56432682ac..cfd77ced23bd4e7a228f57a712c99d269ad964fa 100644 (file)
--- a/lib/config/deprecated.go
+++ b/lib/config/deprecated.go
@@ -128,6 +128,9 @@ func (ldr *Loader) loadOldConfigHelper(component, path string, target interface{
 
 // update config using values from an old-style keepstore config file.
 func (ldr *Loader) loadOldKeepstoreConfig(cfg *arvados.Config) error {
+       if ldr.KeepstorePath == "" {
+               return nil
+       }
        var oc oldKeepstoreConfig
        err := ldr.loadOldConfigHelper("keepstore", ldr.KeepstorePath, &oc)
        if os.IsNotExist(err) && (ldr.KeepstorePath == defaultKeepstoreConfigPath) {
@@ -198,6 +201,9 @@ func loadOldClientConfig(cluster *arvados.Cluster, client *arvados.Client) {
 
 // update config using values from an crunch-dispatch-slurm config file.
 func (ldr *Loader) loadOldCrunchDispatchSlurmConfig(cfg *arvados.Config) error {
+       if ldr.CrunchDispatchSlurmPath == "" {
+               return nil
+       }
        var oc oldCrunchDispatchSlurmConfig
        err := ldr.loadOldConfigHelper("crunch-dispatch-slurm", ldr.CrunchDispatchSlurmPath, &oc)
        if os.IsNotExist(err) && (ldr.CrunchDispatchSlurmPath == defaultCrunchDispatchSlurmConfigPath) {
@@ -263,6 +269,9 @@ const defaultWebsocketConfigPath = "/etc/arvados/ws/ws.yml"
 
 // update config using values from an crunch-dispatch-slurm config file.
 func (ldr *Loader) loadOldWebsocketConfig(cfg *arvados.Config) error {
+       if ldr.WebsocketPath == "" {
+               return nil
+       }
        var oc oldWsConfig
        err := ldr.loadOldConfigHelper("arvados-ws", ldr.WebsocketPath, &oc)
        if os.IsNotExist(err) && ldr.WebsocketPath == defaultWebsocketConfigPath {

diff --git a/lib/config/load.go b/lib/config/load.go
index 2dacd5c26c423739cbb5e2238d6ef2c9cbbbc370..33d31f71c9172272cf901db29cc202c9338dd0bd 100644 (file)
--- a/lib/config/load.go
+++ b/lib/config/load.go
@@ -26,7 +26,8 @@ var ErrNoClustersDefined = errors.New("config does not define any clusters")
 type Loader struct {
        Stdin          io.Reader
        Logger         logrus.FieldLogger
-       SkipDeprecated bool // Don't load legacy/deprecated config keys/files
+       SkipDeprecated bool // Don't load deprecated config keys
+       SkipLegacy     bool // Don't load legacy config files
 
        Path                    string
        KeepstorePath           string
@@ -61,6 +62,7 @@ func (ldr *Loader) SetupFlags(flagset *flag.FlagSet) {
        flagset.StringVar(&ldr.KeepstorePath, "legacy-keepstore-config", defaultKeepstoreConfigPath, "Legacy keepstore configuration `file`")
        flagset.StringVar(&ldr.CrunchDispatchSlurmPath, "legacy-crunch-dispatch-slurm-config", defaultCrunchDispatchSlurmConfigPath, "Legacy crunch-dispatch-slurm configuration `file`")
        flagset.StringVar(&ldr.WebsocketPath, "legacy-ws-config", defaultWebsocketConfigPath, "Legacy arvados-ws configuration `file`")
+       flagset.BoolVar(&ldr.SkipLegacy, "skip-legacy", false, "Don't load legacy config files")
 }
 
 // MungeLegacyConfigArgs checks args for a -config flag whose argument
@@ -119,6 +121,19 @@ func (ldr *Loader) MungeLegacyConfigArgs(lgr logrus.FieldLogger, args []string,
                        }
                }
        }
+
+       // Disable legacy config loading for components other than the
+       // one that was specified
+       if legacyConfigArg != "-legacy-keepstore-config" {
+               ldr.KeepstorePath = ""
+       }
+       if legacyConfigArg != "-legacy-crunch-dispatch-slurm-config" {
+               ldr.CrunchDispatchSlurmPath = ""
+       }
+       if legacyConfigArg != "-legacy-ws-config" {
+               ldr.WebsocketPath = ""
+       }
+
        return munged
 }
 
@@ -207,6 +222,8 @@ func (ldr *Loader) Load() (*arvados.Config, error) {
                if err != nil {
                        return nil, err
                }
+       }
+       if !ldr.SkipLegacy {
                // legacy file is required when either:
                // * a non-default location was specified
                // * no primary config was loaded, and this is the

diff --git a/services/api/config/arvados_config.rb b/services/api/config/arvados_config.rb
index 39d50cbbb33c62acf03c7340cc9afb05b4229a6c..847bee0483a37ac8fc755f64f1f74fea86d25d3d 100644 (file)
--- a/services/api/config/arvados_config.rb
+++ b/services/api/config/arvados_config.rb
@@ -45,7 +45,7 @@ end
 
 # Load the defaults, used by config:migrate and fallback loading
 # legacy application.yml
-Open3.popen2("arvados-server", "config-dump", "-config=-") do |stdin, stdout, status_thread|
+Open3.popen2("arvados-server", "config-dump", "-config=-", "-skip-legacy") do |stdin, stdout, status_thread|
   stdin.write("Clusters: {xxxxx: {}}")
   stdin.close
   confs = YAML.load(stdout, deserialize_symbols: false)
@@ -55,7 +55,7 @@ Open3.popen2("arvados-server", "config-dump", "-config=-") do |stdin, stdout, st
 end
 
 # Load the global config file
-Open3.popen2("arvados-server", "config-dump") do |stdin, stdout, status_thread|
+Open3.popen2("arvados-server", "config-dump", "-skip-legacy") do |stdin, stdout, status_thread|
   confs = YAML.load(stdout, deserialize_symbols: false)
   if confs && !confs.empty?
     # config-dump merges defaults with user configuration, so every