forked from rancher/rancher
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvalidator.go
139 lines (114 loc) · 3.51 KB
/
validator.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
package generator
import (
"fmt"
"regexp"
"strings"
"github.com/pkg/errors"
"github.com/vmware/kube-fluentd-operator/config-reloader/fluentd"
)
var (
fluentdForwardType = "forward"
recordTransformerType = "record_transformer"
rubyCodeBlockReg = regexp.MustCompile(`#\{.*\}`)
generalAllowFragnent = map[string]int{"buffer": 1}
filterAllowFragments = map[string]int{"record": 1}
forwardAllowFragments = map[string]int{
"buffer": 1,
"security": 1,
"server": -1,
}
)
func ValidateCustomTags(data interface{}) error {
return validateFragments("filter-custom-tags", "filter", data)
}
func ValidateSyslogToken(data interface{}) error {
return validateFragments("filter-sumo", "filter", data)
}
func ValidateCustomTarget(data interface{}) error {
return validateFragments("store-target", "store", data)
}
func validateFragments(templateName, fragmentName string, data interface{}) error {
fragments, err := generateFragments(templateName, data)
if err != nil {
return errors.Wrapf(err, "generate configure from template %s failed", templateName)
}
if err = validateFragmentExist(fragmentName, fragments); err != nil {
return err
}
fragment := fragments[0]
var allow map[string]int
switch fragment.Type() {
case recordTransformerType:
allow = filterAllowFragments
case fluentdForwardType:
allow = forwardAllowFragments
default:
allow = generalAllowFragnent
}
return validateFragmentsMatchExpected(fragment.Nested, allow)
}
func validateFragmentsMatchExpected(fragments fluentd.Fragment, expected map[string]int) error {
actual := make(map[string]int)
for _, v := range fragments {
actualNum := actual[v.Name] + 1
expectedNum, ok := expected[v.Name]
if !ok {
return errors.New("unexpected configure element: " + v.Name)
}
if expectedNum < 0 {
continue
}
if actualNum > expectedNum {
return errors.New("unexpected configure element: expected " + fmt.Sprint(expectedNum) + " configure element " + v.Name + ", but got " + fmt.Sprint(actualNum))
}
actual[v.Name] = actualNum
}
return nil
}
func validateFragmentExist(expectedName string, fragments fluentd.Fragment) error {
if len(fragments) == 0 {
return errors.New("not configure element found")
}
if len(fragments) > 1 {
return errors.New("expected configure element: " + expectedName + ", detected more than one elements: " + fragments[0].Name + ", " + fragments[1].Name + "...")
}
if fragments[0].Name != expectedName {
return errors.New(fragments[0].Name + "isn't expected configure element" + expectedName)
}
return nil
}
func generateFragments(templateName string, data interface{}) (fluentd.Fragment, error) {
buf, err := GenerateConfig(templateName, data)
if err != nil {
return nil, errors.Wrap(err, "generate fluentd configure failed")
}
configStr := string(buf)
if err = filterRubyCode(configStr); err != nil {
return nil, err
}
fragments, err := fluentd.ParseString(configStr)
if err != nil {
return nil, errors.Wrap(err, "parse fluentd configure failed")
}
return fragments, nil
}
func filterRubyCode(s string) error {
rubyCodeBlocks := rubyCodeBlockReg.FindStringSubmatch(s)
if len(rubyCodeBlocks) > 0 {
return errors.New("not allow embedded Ruby code: " + fmt.Sprintf("%v", rubyCodeBlocks))
}
return nil
}
func escapeString(postDoc string) string {
var escapeReplacer = strings.NewReplacer(
"\t", `\\t`,
"\n", `\\n`,
"\r", `\\r`,
"\f", `\\f`,
"\b", `\\b`,
"\"", `\\\"`,
"\\", `\\\\`,
)
escapeString := escapeReplacer.Replace(postDoc)
return fmt.Sprintf(`"%s"`, escapeString)
}