clair: use Etag header to communicate indexer state change

Adding this fixes a race condition that might occur when doing a deploy, where a manifest would be associated with the wrong indexer state. In the course of this change, the Etag validation logic is also corrected. Signed-off-by: Hank Donnay <hdonnay@redhat.com>
quay · Mar 13, 2020 · 42b1ba9 · 42b1ba9
1 parent 485a7f6
commit 42b1ba9
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 13 deletions.
diff --git a/cmd/clair/httptransport.go b/cmd/clair/httptransport.go
@@ -11,9 +11,6 @@ import (
 	"github.com/quay/claircore/libvuln"
 	"go.opentelemetry.io/otel/plugin/othttp"
 
-	"github.com/quay/clair/v4/middleware/auth"
-	"github.com/quay/clair/v4/middleware/compress"
-
 	"github.com/quay/clair/v4/config"
 	"github.com/quay/clair/v4/indexer"
 	"github.com/quay/clair/v4/matcher"

diff --git a/indexer/httptransport.go b/indexer/httptransport.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"net/http"
 	"path"
-	"sort"
 	"strings"
 	"time"
 
@@ -58,8 +57,11 @@ func NewHTTPTransport(service Service) (*HTTP, error) {
 
 func unmodified(r *http.Request, v string) bool {
 	if vs, ok := r.Header["If-None-Match"]; ok {
-		sort.Strings(vs)
-		return sort.SearchStrings(vs, v) != -1
+		for _, rv := range vs {
+			if rv == v {
+				return true
+			}
+		}
 	}
 	return false
 }
@@ -109,7 +111,7 @@ func (h *HTTP) IndexReportHandler(w http.ResponseWriter, r *http.Request) {
 		je.Error(w, resp, http.StatusInternalServerError)
 		return
 	}
-	validator := fmt.Sprintf(`"%s|%s"`, state, manifest.String())
+	validator := `"` + state + `"`
 	if unmodified(r, validator) {
 		w.WriteHeader(http.StatusNotModified)
 		return
@@ -166,19 +168,42 @@ func (h *HTTP) IndexHandler(w http.ResponseWriter, r *http.Request) {
 		je.Error(w, resp, http.StatusMethodNotAllowed)
 		return
 	}
+	state, err := h.serv.State(ctx)
+	if err != nil {
+		resp := &je.Response{
+			Code:    "internal error",
+			Message: "could not retrieve indexer state " + err.Error(),
+		}
+		je.Error(w, resp, http.StatusInternalServerError)
+		return
+	}
 
 	var m claircore.Manifest
-	err := json.NewDecoder(r.Body).Decode(&m)
-	if err != nil {
+	if err := json.NewDecoder(r.Body).Decode(&m); err != nil {
 		resp := &je.Response{
 			Code:    "bad-request",
 			Message: fmt.Sprintf("failed to deserialize manifest: %v", err),
 		}
 		je.Error(w, resp, http.StatusBadRequest)
 		return
 	}
+	if m.Hash.String() == "" || len(m.Layers) == 0 {
+		resp := &je.Response{
+			Code:    "bad-request",
+			Message: "bogus manifest",
+		}
+		je.Error(w, resp, http.StatusBadRequest)
+		return
+	}
+	next := path.Join(IndexReportAPIPath, m.Hash.String())
 
-	// TODO Validate manifest structure.
+	w.Header().Add("link", fmt.Sprintf(linkIndex, next))
+	w.Header().Add("link", fmt.Sprintf(linkReport, path.Join(v1Root, "vulnerabilty_report", m.Hash.String())))
+	validator := `"` + state + `"`
+	if unmodified(r, validator) {
+		w.WriteHeader(http.StatusPreconditionFailed)
+		return
+	}
 
 	// TODO Do we need some sort of background context embedded in the HTTP
 	// struct?
@@ -188,13 +213,12 @@ func (h *HTTP) IndexHandler(w http.ResponseWriter, r *http.Request) {
 			Code:    "index-error",
 			Message: fmt.Sprintf("failed to start scan: %v", err),
 		}
+		w.Header().Del("link")
 		je.Error(w, resp, http.StatusInternalServerError)
 		return
 	}
 
-	next := path.Join(IndexReportAPIPath, m.Hash.String())
-	w.Header().Add("link", fmt.Sprintf(linkReport, path.Join(v1Root, "vulnerabilty_report", m.Hash.String())))
-	w.Header().Add("link", fmt.Sprintf(linkIndex, next))
+	w.Header().Set("etag", validator)
 	w.Header().Set("location", next)
 	w.WriteHeader(http.StatusCreated)
 	if err := json.NewEncoder(w).Encode(report); err != nil {