Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

using a dedicated regex for msd static workload name validation #2338

Merged
merged 1 commit into from
Oct 10, 2023
Merged

using a dedicated regex for msd static workload name validation #2338

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions clients/go/msd/client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -600,8 +600,8 @@ func (client MSDClient) PutStaticWorkload(domainName DomainName, serviceName Ent
}
}

func (client MSDClient) DeleteStaticWorkload(domainName DomainName, serviceName EntityName, name string) error {
url := client.URL + "/domain/" + fmt.Sprint(domainName) + "/service/" + fmt.Sprint(serviceName) + "/name/" + name + "/workload/static"
func (client MSDClient) DeleteStaticWorkload(domainName DomainName, serviceName EntityName, name StaticWorkloadName) error {
url := client.URL + "/domain/" + fmt.Sprint(domainName) + "/service/" + fmt.Sprint(serviceName) + "/name/" + fmt.Sprint(name) + "/workload/static"
resp, err := client.httpDelete(url, nil)
if err != nil {
return err
Expand Down
15 changes: 12 additions & 3 deletions clients/go/msd/model.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

16 changes: 14 additions & 2 deletions clients/go/msd/msd_schema.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 11 additions & 2 deletions core/msd/src/main/java/com/yahoo/athenz/msd/MSDSchema.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,15 @@ private static Schema build() {
.comment("ServiceName in TransportPolicySubject should allow * to indicate ANY")
.pattern("\\*|([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*");

sb.stringType("StaticWorkloadComponent")
.pattern("[a-zA-Z0-9][a-zA-Z0-9-:._]*");

sb.stringType("StaticWorkloadFQDN")
.pattern("([a-zA-Z0-9][a-zA-Z0-9-:._]*\\.)*[a-zA-Z0-9][a-zA-Z0-9-:._]*");

sb.stringType("StaticWorkloadName")
.pattern("(([a-zA-Z0-9][a-zA-Z0-9-:._]*\\.)*[a-zA-Z0-9][a-zA-Z0-9-:._]*)(\\/[0-9]{1,3})?");

sb.enumType("TransportPolicyEnforcementState")
.comment("Types of transport policy enforcement states")
.element("ENFORCE")
Expand Down Expand Up @@ -206,7 +215,7 @@ private static Schema build() {
.field("serviceName", "EntityName", false, "name of the service")
.field("type", "StaticWorkloadType", false, "value representing one of the StaticWorkloadType enum")
.arrayField("ipAddresses", "String", true, "list of IP addresses associated with the workload, optional for getWorkloadsByIP API call")
.field("name", "String", true, "name associated with the workload. In most cases will be a FQDN")
.field("name", "StaticWorkloadName", true, "name associated with the workload. In most cases will be a FQDN")
.field("updateTime", "Timestamp", true, "most recent update timestamp in the backend");

sb.structType("WorkloadOptions")
Expand Down Expand Up @@ -628,7 +637,7 @@ private static Schema build() {
.name("deleteStaticWorkload")
.pathParam("domainName", "DomainName", "name of the domain")
.pathParam("serviceName", "EntityName", "name of the service")
.pathParam("name", "String", "name associated with the workload. In most cases will be a FQDN")
.pathParam("name", "StaticWorkloadName", "name associated with the workload. In most cases will be a FQDN")
.auth("update", "{domainName}:service.{serviceName}")
.expected("NO_CONTENT")
.exception("BAD_REQUEST", "ResourceError", "")
Expand Down
6 changes: 5 additions & 1 deletion core/msd/src/main/rdl/Names.tdl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,4 +49,8 @@ type PathElement String (pattern="[a-zA-Z0-9-\\._~=+@$,:]*");
type TransportPolicySubjectDomainName String (pattern="\\*|{DomainName}");

// ServiceName in TransportPolicySubject should allow * to indicate ANY
type TransportPolicySubjectServiceName String (pattern="\\*|{EntityName}");
type TransportPolicySubjectServiceName String (pattern="\\*|{EntityName}");

type StaticWorkloadComponent String (pattern="[a-zA-Z0-9][a-zA-Z0-9-:._]*");
type StaticWorkloadFQDN String (pattern="({StaticWorkloadComponent}\\.)*{StaticWorkloadComponent}");
type StaticWorkloadName String (pattern="({StaticWorkloadFQDN})(\\/[0-9]{1,3})?");
2 changes: 1 addition & 1 deletion core/msd/src/main/rdl/Workload.rdli
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ resource StaticWorkload PUT "/domain/{domainName}/service/{serviceName}/workload
resource StaticWorkload DELETE "/domain/{domainName}/service/{serviceName}/name/{name}/workload/static" (name=deleteStaticWorkload) {
DomainName domainName; // name of the domain
EntityName serviceName; // name of the service
String name; // name associated with the workload. In most cases will be a FQDN
StaticWorkloadName name; // name associated with the workload. In most cases will be a FQDN
authorize ("update", "{domainName}:service.{serviceName}");
expected NO_CONTENT;
exceptions {
Expand Down
2 changes: 1 addition & 1 deletion core/msd/src/main/rdl/Workload.tdl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ type StaticWorkload Struct {
EntityName serviceName; // name of the service
StaticWorkloadType type; // value representing one of the StaticWorkloadType enum
Array<String> ipAddresses (optional); // list of IP addresses associated with the workload, optional for getWorkloadsByIP API call
String name (optional); // name associated with the workload. In most cases will be a FQDN
StaticWorkloadName name (optional); // name associated with the workload. In most cases will be a FQDN
Timestamp updateTime (optional); // most recent update timestamp in the backend
}

Expand Down
40 changes: 40 additions & 0 deletions core/msd/src/test/java/com/yahoo/athenz/msd/StaticWorkloadTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,10 @@

package com.yahoo.athenz.msd;

import com.yahoo.rdl.Schema;
import com.yahoo.rdl.Timestamp;
import com.yahoo.rdl.Validator;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;

import java.util.Collections;
Expand Down Expand Up @@ -99,4 +102,41 @@ public void testStaticWorkloadFields() {
assertEquals(wl1, wl1);

}

@Test (dataProvider = "staticWorkloadNameProvider")
public void testStaticWorkloadName(String name, boolean expected) {

Schema schema = MSDSchema.instance();
Validator validator = new Validator(schema);

StaticWorkload wl1 = new StaticWorkload();
wl1.setDomainName("athenz")
.setServiceName("api")
.setName(name)
.setType(StaticWorkloadType.CLOUD_LB);

Validator.Result result = validator.validate(wl1, "StaticWorkload");
assertEquals(result.valid, expected);
}

@DataProvider
private Object[][] staticWorkloadNameProvider() {
return new Object[][] {
{"10.10.20.30", true},
{"10.10.20.30/24", true},
{"172.30.255.255", true},
{"2001:db8:abcd:12::ffff", true},
{"2001:db8:abcd:12::ffff/24", true},
{"2001:db8:abcd:12::ffff/128", true},
{"myhostname", true},
{"ABC::AA012_113_3332_11344", true},
{"myhostname.subdomain.domain.com", true},
{"avc/dd", false},
{"avc/12/11", false},
{"*ddw$%#", false},
{"/", false},
{"/etc/passwd", false},
};
}

}