Add validation of agent flag values for ConfigMap

If the Cilium agent flags are passed via a mounted ConfigMap (cilium-agent --config-dir=/tmp/cilium/config-map), the default for Helm deployments, the flag values are not validated. For example if you set "restore" with invalid value "0SO##ME5_RANDOM" in ConfigMap then Agent would run with incorrect parameter: ..... level=info msg=" --restore='0SO##ME5_RANDOM'" subsys=daemon ..... But if start Agent with CLI then the validation will warn and prevent starting the agent: cilium-agent[8654]: invalid argument "0SO##ME5_RANDOM" for "--restore" flag: strconv.ParseBool: parsing "0SO##ME5_RANDOM": invalid syntax This commit add agent flag values validation for ConfigMap Fixes: #13070 Signed-off-by: Roman Ptitcyn romanspb@yahoo.com
cilium · May 27, 2021 · d965f84 · d965f84
1 parent 8da8b88
commit d965f84
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 5 deletions.
diff --git a/daemon/cmd/daemon_main.go b/daemon/cmd/daemon_main.go
@@ -180,7 +180,7 @@ func init() {
 		return
 	}
 
-	cobra.OnInitialize(option.InitConfig("Cilium", "ciliumd"))
+	cobra.OnInitialize(option.InitConfig(RootCmd, "Cilium", "ciliumd"))
 
 	// Reset the help function to also exit, as we block elsewhere in interrupts
 	// and would not exit when called with -h.

diff --git a/operator/flags.go b/operator/flags.go
@@ -28,7 +28,7 @@ import (
 )
 
 func init() {
-	cobra.OnInitialize(option.InitConfig("Cilium-Operator", "cilium-operators"))
+	cobra.OnInitialize(option.InitConfig(rootCmd, "Cilium-Operator", "cilium-operators"))
 
 	flags := rootCmd.Flags()
 

diff --git a/pkg/option/config.go b/pkg/option/config.go
@@ -44,6 +44,7 @@ import (
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/shirou/gopsutil/v3/mem"
 	"github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 
@@ -3164,8 +3165,27 @@ func sanitizeIntParam(paramName string, paramDefault int) int {
 	return intParam
 }
 
+// validateConfigmap checks whether the flag exists and validate the value of flag
+func validateConfigmap(cmd *cobra.Command, m map[string]interface{}) (error, string) {
+	// validate the config-map
+	for key, value := range m {
+		if val := fmt.Sprintf("%v", value); val != "" {
+			flags := cmd.Flags()
+			// check whether the flag exists
+			if flag := flags.Lookup(key); flag != nil {
+				// validate the value of flag
+				if err := flag.Value.Set(val); err != nil {
+					return err, key
+				}
+			}
+		}
+	}
+
+	return nil, ""
+}
+
 // InitConfig reads in config file and ENV variables if set.
-func InitConfig(programName, configName string) func() {
+func InitConfig(cmd *cobra.Command, programName, configName string) func() {
 	return func() {
 		if viper.GetBool("version") {
 			fmt.Printf("%s %s\n", programName, version.Version)
@@ -3190,8 +3210,13 @@ func InitConfig(programName, configName string) func() {
 			} else {
 				// replace deprecated fields with new fields
 				ReplaceDeprecatedFields(m)
-				err := MergeConfig(m)
-				if err != nil {
+
+				// validate the config-map
+				if err, flag := validateConfigmap(cmd, m); err != nil {
+					log.WithError(err).Fatal("Incorrect config-map flag " + flag)
+				}
+
+				if err := MergeConfig(m); err != nil {
 					log.WithError(err).Fatal("Unable to merge configuration")
 				}
 			}