Merge pull request #4213 from mrlhansen/master

im2: improvments for log, option, freeipa, gpfs

provider-integration/im2/pkg/im/freeipa/client.go

@@ -2,16 +2,18 @@ package freeipa
 
 import (
 	"crypto/tls"
+	"crypto/x509"
 	"encoding/json"
 	"fmt"
-	"io"
-	"log"
 	"net/http"
 	"net/http/cookiejar"
 	"net/url"
+	"os"
 	"strconv"
 	"strings"
 	"time"
+
+	"ucloud.dk/pkg/log"
 )
 
 const (
@@ -27,13 +29,36 @@ type Client struct {
 	password   string
 }
 
-func NewClient(url string) *Client {
+func NewClient(url string, verify bool, cacert string) *Client {
+	var certPool *x509.CertPool = nil
 	jar, _ := cookiejar.New(nil)
+
+	if len(cacert) > 0 {
+		certPool, err := x509.SystemCertPool()
+		if err != nil {
+			log.Error("SystemCertPool() failed: %v", err)
+			return nil
+		}
+
+		caCertPEM, err := os.ReadFile(cacert)
+		if err != nil {
+			log.Error("ReadFile() failed: %v", err)
+			return nil
+		}
+
+		ok := certPool.AppendCertsFromPEM(caCertPEM)
+		if !ok {
+			log.Error("AppendCertsFromPEM() failed: %v", err)
+			return nil
+		}
+	}
+
 	return &Client{
 		httpClient: http.Client{
 			Transport: &http.Transport{
 				TLSClientConfig: &tls.Config{
-					InsecureSkipVerify: true,
+					RootCAs:            certPool,
+					InsecureSkipVerify: !verify,
 				},
 			},
 			Timeout: time.Duration(5) * time.Second,
@@ -51,7 +76,7 @@ func (c *Client) Authenticate(username, password string) bool {
 
 	req, err := http.NewRequest("POST", urlstr, strings.NewReader(data.Encode()))
 	if err != nil {
-		log.Printf("new http request failed: %v", err)
+		log.Error("new http request failed: %v", err)
 		return false
 	}
 
@@ -64,12 +89,12 @@ func (c *Client) Authenticate(username, password string) bool {
 		defer resp.Body.Close()
 	}
 	if err != nil {
-		log.Printf("http request failed: %v", err)
+		log.Error("http request failed: %v", err)
 		return false
 	}
 
 	if resp.StatusCode != http.StatusOK {
-		log.Printf("authentication failed with status code %d", resp.StatusCode)
+		log.Error("authentication failed with status code %d", resp.StatusCode)
 		return false
 	}
 
@@ -93,7 +118,7 @@ func (c *Client) Request(method, item string, params *Params, rw *ResponseWrappe
 	// Prepare and send request
 	p, err := json.Marshal(params)
 	if err != nil {
-		log.Printf("json marshal failed: %v", err)
+		log.Error("json marshal failed: %v", err)
 		return false
 	}
 
@@ -102,7 +127,7 @@ func (c *Client) Request(method, item string, params *Params, rw *ResponseWrappe
 
 	req, err := http.NewRequest("POST", urlstr, strings.NewReader(s))
 	if err != nil {
-		log.Printf("new http request failed: %v", err)
+		log.Error("new http request failed: %v", err)
 		return false
 	}
 
@@ -115,7 +140,7 @@ func (c *Client) Request(method, item string, params *Params, rw *ResponseWrappe
 		defer resp.Body.Close()
 	}
 	if err != nil {
-		log.Printf("http request failed: %v", err)
+		log.Error("http request failed: %v", err)
 		return false
 	}
 
@@ -124,24 +149,15 @@ func (c *Client) Request(method, item string, params *Params, rw *ResponseWrappe
 		return false
 	}
 
-	// Debug
-	bodyBytes, err := io.ReadAll(resp.Body)
-	if err != nil {
-		log.Fatal(err)
-	}
-	bodyString := string(bodyBytes)
-	fmt.Println(bodyString)
-
 	// Parse the reponse wrapper
-	// err = json.NewDecoder(resp.Body).Decode(rw)
-	json.Unmarshal(bodyBytes, rw)
+	err = json.NewDecoder(resp.Body).Decode(rw)
 	if err != nil {
-		log.Printf("json unmarshal failed: %v", err)
+		log.Error("json unmarshal failed: %v", err)
 		return false
 	}
 
 	if err := ipaHandleError(rw, method); err != nil {
-		log.Printf("%v", err)
+		log.Error("%v", err)
 		return false
 	}
 
@@ -156,7 +172,7 @@ func (c *Client) Request(method, item string, params *Params, rw *ResponseWrappe
 
 	err = json.Unmarshal(rw.Result.RawResult, rd)
 	if err != nil {
-		log.Printf("json unmarshal failed: %v", err)
+		log.Error("json unmarshal failed: %v", err)
 		return false
 	}
 
@@ -258,7 +274,7 @@ func (c *Client) UserQuery(name string) (User, bool) {
 
 func (c *Client) UserCreate(u *User) bool {
 	// Check variables
-	if ok := ipaValidateName(u.Username); !ok {
+	if !ipaValidateName(u.Username) {
 		return false
 	}
 
@@ -285,7 +301,7 @@ func (c *Client) UserCreate(u *User) bool {
 		p["employeenumber"] = u.EmployeeNumber
 	}
 
-	if ok := ipaValidateMail(u.Mail); ok {
+	if ipaValidateMail(u.Mail) {
 		p["mail"] = u.Mail
 	}
 
@@ -337,7 +353,7 @@ func (c *Client) UserModify(u *User) bool {
 		p["employeenumber"] = u.EmployeeNumber
 	}
 
-	if ok := ipaValidateMail(u.Mail); ok {
+	if ipaValidateMail(u.Mail) {
 		p["mail"] = u.Mail
 	}
 
@@ -381,7 +397,7 @@ func (c *Client) GroupQuery(name string) (Group, bool) {
 
 func (c *Client) GroupCreate(g *Group) bool {
 	// Check variables
-	if ok := ipaValidateName(g.Name); !ok {
+	if !ipaValidateName(g.Name) {
 		return false
 	}
 

provider-integration/im2/pkg/im/gpfs/client.go

@@ -3,12 +3,14 @@ package gpfs
 import (
 	"bytes"
 	"crypto/tls"
+	"crypto/x509"
 	"encoding/json"
 	"fmt"
-	"io"
-	"log"
 	"net/http"
+	"os"
 	"time"
+
+	"ucloud.dk/pkg/log"
 )
 
 type Params map[string]any
@@ -21,13 +23,35 @@ type Client struct {
 	timeout    int
 }
 
-func NewClient(url string) *Client {
+func NewClient(url string, verify bool, cacert string) *Client {
+	var certPool *x509.CertPool = nil
+
+	if len(cacert) > 0 {
+		certPool, err := x509.SystemCertPool()
+		if err != nil {
+			log.Error("SystemCertPool() failed: %v", err)
+			return nil
+		}
+
+		caCertPEM, err := os.ReadFile(cacert)
+		if err != nil {
+			log.Error("ReadFile() failed: %v", err)
+			return nil
+		}
+
+		ok := certPool.AppendCertsFromPEM(caCertPEM)
+		if !ok {
+			log.Error("AppendCertsFromPEM() failed: %v", err)
+			return nil
+		}
+	}
+
 	return &Client{
 		httpClient: http.Client{
 			Transport: &http.Transport{
 				TLSClientConfig: &tls.Config{
-                                         // TODO(Dan): Put this into configuration
-					InsecureSkipVerify: true,
+					RootCAs:            certPool,
+					InsecureSkipVerify: !verify,
 				},
 			},
 			Timeout: time.Duration(5) * time.Second,
@@ -53,13 +77,13 @@ func (c *Client) Request(method, url string, params *Params, rd any) bool {
 	// Prepare and send request
 	p, err := json.Marshal(params)
 	if err != nil {
-		log.Printf("json marshal failed: %v", err)
+		log.Error("json marshal failed: %v", err)
 		return false
 	}
 
 	req, err := http.NewRequest(method, c.baseurl+"/"+url, bytes.NewReader(p))
 	if err != nil {
-		log.Printf("new http request failed: %v", err)
+		log.Error("new http request failed: %v", err)
 		return false
 	}
 
@@ -72,7 +96,7 @@ func (c *Client) Request(method, url string, params *Params, rd any) bool {
 		defer resp.Body.Close()
 	}
 	if err != nil {
-		log.Printf("http request failed: %v", err)
+		log.Error("http request failed: %v", err)
 		return false
 	}
 
@@ -81,23 +105,14 @@ func (c *Client) Request(method, url string, params *Params, rd any) bool {
 		return false
 	}
 
-	// Debug
-	bodyBytes, err := io.ReadAll(resp.Body)
-	if err != nil {
-		log.Fatal(err)
-	}
-	bodyString := string(bodyBytes)
-	fmt.Println(bodyString)
-
 	// Parse the response data
 	if rd == nil {
 		return true
 	}
 
-	// err = json.NewDecoder(resp.Body).Decode(rd)
-	json.Unmarshal(bodyBytes, rd)
+	err = json.NewDecoder(resp.Body).Decode(rd)
 	if err != nil {
-		log.Printf("json unmarshal failed: %v", err)
+		log.Error("json unmarshal failed: %v", err)
 		return false
 	}
 
@@ -132,12 +147,11 @@ func (c *Client) JobWait(jobid int) (JobResponse, bool) {
 
 func (c *Client) FilesetExists(filesystem, fileset string) bool {
 	// Check variables
-	// TODO(Dan): Check that filesystem and fileset does not contain '..' or '/'
-	if len(filesystem) == 0 {
+	if !gpfsValidateName(filesystem) {
 		return false
 	}
 
-	if len(fileset) == 0 {
+	if !gpfsValidateName(fileset) {
 		return false
 	}
 
@@ -151,12 +165,11 @@ func (c *Client) FilesetQuery(filesystem, fileset string) (Fileset, bool) {
 	var result Fileset
 
 	// Check variables
-	// TODO(Dan): Check that filesystem and fileset does not contain '..' or '/'
-	if len(filesystem) == 0 {
+	if !gpfsValidateName(filesystem) {
 		return result, false
 	}
 
-	if len(fileset) == 0 {
+	if !gpfsValidateName(fileset) {
 		return result, false
 	}
 
@@ -197,11 +210,11 @@ func (c *Client) FilesetCreate(f *Fileset) bool {
 		return false
 	}
 
-	if len(f.Filesystem) == 0 {
+	if !gpfsValidateName(f.Filesystem) {
 		return false
 	}
 
-	if len(f.Name) == 0 {
+	if !gpfsValidateName(f.Name) {
 		return false
 	}
 
@@ -249,11 +262,11 @@ func (c *Client) FilesetQuota(f *Fileset) bool {
 		return false
 	}
 
-	if len(f.Filesystem) == 0 {
+	if !gpfsValidateName(f.Filesystem) {
 		return false
 	}
 
-	if len(f.Name) == 0 {
+	if !gpfsValidateName(f.Name) {
 		return false
 	}
 
@@ -282,12 +295,11 @@ func (c *Client) FilesetQuota(f *Fileset) bool {
 
 func (c *Client) FilesetUnlink(filesystem, fileset string) bool {
 	// Check variables
-	// TODO(Dan): Check that filesystem and fileset does not contain '..' or '/'
-	if len(filesystem) == 0 {
+	if !gpfsValidateName(filesystem) {
 		return false
 	}
 
-	if len(fileset) == 0 {
+	if !gpfsValidateName(fileset) {
 		return false
 	}
 
@@ -306,12 +318,11 @@ func (c *Client) FilesetUnlink(filesystem, fileset string) bool {
 
 func (c *Client) FilesetDelete(filesystem, fileset string) bool {
 	// Check variables
-	// TODO(Dan): Check that filesystem and fileset does not contain '..' or '/'
-	if len(filesystem) == 0 {
+	if !gpfsValidateName(filesystem) {
 		return false
 	}
 
-	if len(fileset) == 0 {
+	if !gpfsValidateName(fileset) {
 		return false
 	}
 

provider-integration/im2/pkg/im/gpfs/helper.go

@@ -0,0 +1,10 @@
+package gpfs
+
+import (
+	"regexp"
+)
+
+func gpfsValidateName(s string) bool {
+	re := regexp.MustCompile(`^([a-z][a-z0-9_-]+)$`)
+	return re.MatchString(s)
+}