From: Lucas Di Pentima <lucas@di-pentima.com.ar>
Date: Fri, 19 Feb 2021 15:48:32 +0000 (-0300)
Subject: 17295: Adds cluster ID validation on the config file.
X-Git-Tag: 2.2.0~118^2
X-Git-Url: https://git.arvados.org/arvados.git/commitdiff_plain/a4ca6916de801f811bd7f97e94e6a08b0d617d53

17295: Adds cluster ID validation on the config file.

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas@di-pentima.com.ar>
---

diff --git a/lib/config/export_test.go b/lib/config/export_test.go
index 7af117e385..f11b65f452 100644
--- a/lib/config/export_test.go
+++ b/lib/config/export_test.go
@@ -17,7 +17,7 @@ var _ = check.Suite(&ExportSuite{})
 type ExportSuite struct{}
 
 func (s *ExportSuite) TestExport(c *check.C) {
-	confdata := strings.Replace(string(DefaultYAML), "SAMPLE", "testkey", -1)
+	confdata := strings.Replace(string(DefaultYAML), "SAMPLE", "12345", -1)
 	cfg, err := testLoader(c, confdata, nil).Load()
 	c.Assert(err, check.IsNil)
 	cluster, err := cfg.GetCluster("xxxxx")
diff --git a/lib/config/load.go b/lib/config/load.go
index 7eb4039100..f682359379 100644
--- a/lib/config/load.go
+++ b/lib/config/load.go
@@ -270,7 +270,18 @@ func (ldr *Loader) Load() (*arvados.Config, error) {
 
 	// Check for known mistakes
 	for id, cc := range cfg.Clusters {
+		for remote, _ := range cc.RemoteClusters {
+			if remote == "*" || remote == "SAMPLE" {
+				continue
+			}
+			err = ldr.checkClusterID(fmt.Sprintf("Clusters.%s.RemoteClusters.%s", id, remote), remote, true)
+			if err != nil {
+				return nil, err
+			}
+		}
 		for _, err = range []error{
+			ldr.checkClusterID(fmt.Sprintf("Clusters.%s", id), id, false),
+			ldr.checkClusterID(fmt.Sprintf("Clusters.%s.Login.LoginCluster", id), cc.Login.LoginCluster, true),
 			ldr.checkToken(fmt.Sprintf("Clusters.%s.ManagementToken", id), cc.ManagementToken),
 			ldr.checkToken(fmt.Sprintf("Clusters.%s.SystemRootToken", id), cc.SystemRootToken),
 			ldr.checkToken(fmt.Sprintf("Clusters.%s.Collections.BlobSigningKey", id), cc.Collections.BlobSigningKey),
@@ -286,6 +297,17 @@ func (ldr *Loader) Load() (*arvados.Config, error) {
 	return &cfg, nil
 }
 
+var acceptableClusterIDRe = regexp.MustCompile(`^[a-z0-9]{5}$`)
+
+func (ldr *Loader) checkClusterID(label, clusterID string, emptyStringOk bool) error {
+	if emptyStringOk && clusterID == "" {
+		return nil
+	} else if !acceptableClusterIDRe.MatchString(clusterID) {
+		return fmt.Errorf("%s: cluster ID should be 5 alphanumeric characters", label)
+	}
+	return nil
+}
+
 var acceptableTokenRe = regexp.MustCompile(`^[a-zA-Z0-9]+$`)
 var acceptableTokenLength = 32
 
diff --git a/lib/config/load_test.go b/lib/config/load_test.go
index 4cdebf62bc..91bd6a7439 100644
--- a/lib/config/load_test.go
+++ b/lib/config/load_test.go
@@ -351,7 +351,7 @@ Clusters:
     Proxy: true
 `, `
 Clusters:
- abcdef:
+ abcde:
   ManagementToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
   SystemRootToken: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
   Collections: