From: Peter Amstutz <pamstutz@veritasgenetics.com>
Date: Wed, 31 Jul 2019 17:15:51 +0000 (-0400)
Subject: 15467: Services only load their own legacy config files
X-Git-Tag: 2.0.0~238^2
X-Git-Url: https://git.arvados.org/arvados.git/commitdiff_plain/6c89457a8f144d03f230656a1f4c43675d066b8c

15467: Services only load their own legacy config files

Services may be configured to run as different users, so (for example)
crunch-dispatch-slurm attempting to load another component's legacy
config results in permission error.  Don't do that.

Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz@veritasgenetics.com>
---

diff --git a/apps/workbench/config/arvados_config.rb b/apps/workbench/config/arvados_config.rb
index c0ecfde25f..c1340b4ff5 100644
--- a/apps/workbench/config/arvados_config.rb
+++ b/apps/workbench/config/arvados_config.rb
@@ -21,7 +21,7 @@ require 'open3'
 
 # Load the defaults, used by config:migrate and fallback loading
 # legacy application.yml
-Open3.popen2("arvados-server", "config-dump", "-config=-") do |stdin, stdout, status_thread|
+Open3.popen2("arvados-server", "config-dump", "-config=-", "-skip-legacy") do |stdin, stdout, status_thread|
   stdin.write("Clusters: {xxxxx: {}}")
   stdin.close
   confs = YAML.load(stdout, deserialize_symbols: false)
@@ -31,7 +31,7 @@ Open3.popen2("arvados-server", "config-dump", "-config=-") do |stdin, stdout, st
 end
 
 # Load the global config file
-Open3.popen2("arvados-server", "config-dump") do |stdin, stdout, status_thread|
+Open3.popen2("arvados-server", "config-dump", "-skip-legacy") do |stdin, stdout, status_thread|
   confs = YAML.load(stdout, deserialize_symbols: false)
   if confs && !confs.empty?
     # config-dump merges defaults with user configuration, so every
diff --git a/lib/config/cmd.go b/lib/config/cmd.go
index 5cb76fc35d..e9ceaca864 100644
--- a/lib/config/cmd.go
+++ b/lib/config/cmd.go
@@ -113,11 +113,13 @@ func (checkCommand) RunCommand(prog string, args []string, stdin io.Reader, stdo
 	// such that the deprecated keys/files are superfluous and can
 	// be deleted.
 	loader.SkipDeprecated = true
+	loader.SkipLegacy = true
 	withoutDepr, err := loader.Load()
 	if err != nil {
 		return 1
 	}
 	loader.SkipDeprecated = false
+	loader.SkipLegacy = false
 	withDepr, err := loader.Load()
 	if err != nil {
 		return 1
diff --git a/lib/config/deprecated.go b/lib/config/deprecated.go
index 3e1ec7278b..cfd77ced23 100644
--- a/lib/config/deprecated.go
+++ b/lib/config/deprecated.go
@@ -128,6 +128,9 @@ func (ldr *Loader) loadOldConfigHelper(component, path string, target interface{
 
 // update config using values from an old-style keepstore config file.
 func (ldr *Loader) loadOldKeepstoreConfig(cfg *arvados.Config) error {
+	if ldr.KeepstorePath == "" {
+		return nil
+	}
 	var oc oldKeepstoreConfig
 	err := ldr.loadOldConfigHelper("keepstore", ldr.KeepstorePath, &oc)
 	if os.IsNotExist(err) && (ldr.KeepstorePath == defaultKeepstoreConfigPath) {
@@ -198,6 +201,9 @@ func loadOldClientConfig(cluster *arvados.Cluster, client *arvados.Client) {
 
 // update config using values from an crunch-dispatch-slurm config file.
 func (ldr *Loader) loadOldCrunchDispatchSlurmConfig(cfg *arvados.Config) error {
+	if ldr.CrunchDispatchSlurmPath == "" {
+		return nil
+	}
 	var oc oldCrunchDispatchSlurmConfig
 	err := ldr.loadOldConfigHelper("crunch-dispatch-slurm", ldr.CrunchDispatchSlurmPath, &oc)
 	if os.IsNotExist(err) && (ldr.CrunchDispatchSlurmPath == defaultCrunchDispatchSlurmConfigPath) {
@@ -263,6 +269,9 @@ const defaultWebsocketConfigPath = "/etc/arvados/ws/ws.yml"
 
 // update config using values from an crunch-dispatch-slurm config file.
 func (ldr *Loader) loadOldWebsocketConfig(cfg *arvados.Config) error {
+	if ldr.WebsocketPath == "" {
+		return nil
+	}
 	var oc oldWsConfig
 	err := ldr.loadOldConfigHelper("arvados-ws", ldr.WebsocketPath, &oc)
 	if os.IsNotExist(err) && ldr.WebsocketPath == defaultWebsocketConfigPath {
diff --git a/lib/config/load.go b/lib/config/load.go
index 2dacd5c26c..33d31f71c9 100644
--- a/lib/config/load.go
+++ b/lib/config/load.go
@@ -26,7 +26,8 @@ var ErrNoClustersDefined = errors.New("config does not define any clusters")
 type Loader struct {
 	Stdin          io.Reader
 	Logger         logrus.FieldLogger
-	SkipDeprecated bool // Don't load legacy/deprecated config keys/files
+	SkipDeprecated bool // Don't load deprecated config keys
+	SkipLegacy     bool // Don't load legacy config files
 
 	Path                    string
 	KeepstorePath           string
@@ -61,6 +62,7 @@ func (ldr *Loader) SetupFlags(flagset *flag.FlagSet) {
 	flagset.StringVar(&ldr.KeepstorePath, "legacy-keepstore-config", defaultKeepstoreConfigPath, "Legacy keepstore configuration `file`")
 	flagset.StringVar(&ldr.CrunchDispatchSlurmPath, "legacy-crunch-dispatch-slurm-config", defaultCrunchDispatchSlurmConfigPath, "Legacy crunch-dispatch-slurm configuration `file`")
 	flagset.StringVar(&ldr.WebsocketPath, "legacy-ws-config", defaultWebsocketConfigPath, "Legacy arvados-ws configuration `file`")
+	flagset.BoolVar(&ldr.SkipLegacy, "skip-legacy", false, "Don't load legacy config files")
 }
 
 // MungeLegacyConfigArgs checks args for a -config flag whose argument
@@ -119,6 +121,19 @@ func (ldr *Loader) MungeLegacyConfigArgs(lgr logrus.FieldLogger, args []string,
 			}
 		}
 	}
+
+	// Disable legacy config loading for components other than the
+	// one that was specified
+	if legacyConfigArg != "-legacy-keepstore-config" {
+		ldr.KeepstorePath = ""
+	}
+	if legacyConfigArg != "-legacy-crunch-dispatch-slurm-config" {
+		ldr.CrunchDispatchSlurmPath = ""
+	}
+	if legacyConfigArg != "-legacy-ws-config" {
+		ldr.WebsocketPath = ""
+	}
+
 	return munged
 }
 
@@ -207,6 +222,8 @@ func (ldr *Loader) Load() (*arvados.Config, error) {
 		if err != nil {
 			return nil, err
 		}
+	}
+	if !ldr.SkipLegacy {
 		// legacy file is required when either:
 		// * a non-default location was specified
 		// * no primary config was loaded, and this is the
diff --git a/services/api/config/arvados_config.rb b/services/api/config/arvados_config.rb
index 39d50cbbb3..847bee0483 100644
--- a/services/api/config/arvados_config.rb
+++ b/services/api/config/arvados_config.rb
@@ -45,7 +45,7 @@ end
 
 # Load the defaults, used by config:migrate and fallback loading
 # legacy application.yml
-Open3.popen2("arvados-server", "config-dump", "-config=-") do |stdin, stdout, status_thread|
+Open3.popen2("arvados-server", "config-dump", "-config=-", "-skip-legacy") do |stdin, stdout, status_thread|
   stdin.write("Clusters: {xxxxx: {}}")
   stdin.close
   confs = YAML.load(stdout, deserialize_symbols: false)
@@ -55,7 +55,7 @@ Open3.popen2("arvados-server", "config-dump", "-config=-") do |stdin, stdout, st
 end
 
 # Load the global config file
-Open3.popen2("arvados-server", "config-dump") do |stdin, stdout, status_thread|
+Open3.popen2("arvados-server", "config-dump", "-skip-legacy") do |stdin, stdout, status_thread|
   confs = YAML.load(stdout, deserialize_symbols: false)
   if confs && !confs.empty?
     # config-dump merges defaults with user configuration, so every