ITQC/containernetworking-plugins
24
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 34 Wiki Activity

Check for duplicated sysctl keys

Browse Source 
Signed-off-by: mmirecki <mmirecki@redhat.com>
This commit is contained in:
mmirecki 2022-04-15 15:06:47 +02:00
parent 93604ec20a
commit 7c452c77cd
2 changed files with 77 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
plugins/meta/tuning/tuning.go
View File

@ -304,6 +304,9 @@ func restoreBackup(ifName, containerID, backupPath string) error {
} }
func cmdAdd(args *skel.CmdArgs) error { func cmdAdd(args *skel.CmdArgs) error {
if err := validateSysctlConflictingKeys(args.StdinData); err != nil {
return err
}
tuningConf, err := parseConf(args.StdinData, args.Args) tuningConf, err := parseConf(args.StdinData, args.Args)
if err != nil { if err != nil {
return err return err
@ -405,6 +408,9 @@ func main() {
} }
func cmdCheck(args *skel.CmdArgs) error { func cmdCheck(args *skel.CmdArgs) error {
if err := validateSysctlConflictingKeys(args.StdinData); err != nil {
return err
}
tuningConf, err := parseConf(args.StdinData, args.Args) tuningConf, err := parseConf(args.StdinData, args.Args)
if err != nil { if err != nil {
return err return err
@ -542,3 +548,25 @@ func readAllowlist() (bool, []string, error) {
} }
return true, allowList, nil return true, allowList, nil
} }
type sysctlKey string
type sysctlCheck struct {
SysCtl map[sysctlKey]string `json:"sysctl"`
}
var sysctlDuplicatesMap = map[sysctlKey]interface{}{}
func (d *sysctlKey) UnmarshalText(data []byte) error {
key := sysctlKey(string(data))
if _, exists := sysctlDuplicatesMap[key]; exists {
return errors.New("duplicated sysctl keys are not allowed")
}
sysctlDuplicatesMap[key] = ""
return nil
}
func validateSysctlConflictingKeys(data []byte) error {
sysctlCheck := sysctlCheck{}
return json.Unmarshal(data, &sysctlCheck)
}

49
plugins/meta/tuning/tuning_test.go
View File

@ -130,6 +130,7 @@ var _ = Describe("tuning plugin", func() {
return nil return nil
}) })
Expect(err).NotTo(HaveOccurred()) Expect(err).NotTo(HaveOccurred())
sysctlDuplicatesMap = map[sysctlKey]interface{}{}
}) })
AfterEach(func() { AfterEach(func() {
@ -1122,5 +1123,53 @@ var _ = Describe("tuning plugin", func() {
}) })
Expect(err).NotTo(HaveOccurred()) Expect(err).NotTo(HaveOccurred())
}) })
It(fmt.Sprintf("[%s] does not allow duplicated sysctl values", ver), func() {
conf := []byte(fmt.Sprintf(`{
"name": "test",
"type": "tuning",
"cniVersion": "%s",
"sysctl": {
"net.ipv4.conf.all.log_martians": "1",
"net.ipv4.conf.all.log_martians": "0"
},
"prevResult": {
"interfaces": [
{"name": "dummy0", "sandbox":"netns"}
],
"ips": [
{
"version": "4",
"address": "10.0.0.2/24",
"gateway": "10.0.0.1",
"interface": 0
}
]
}
}`, ver))
args := &skel.CmdArgs{
ContainerID: "dummy",
Netns: targetNS.Path(),
IfName: IFNAME,
StdinData: conf,
}
beforeConf = configToRestore{}
err := originalNS.Do(func(ns.NetNS) error {
defer GinkgoRecover()
_, _, err := testutils.CmdAddWithArgs(args, func() error {
return cmdAdd(args)
})
Expect(err).To(HaveOccurred())
Expect(err.Error()).To(ContainSubstring("duplicated"))
return nil
})
Expect(err).NotTo(HaveOccurred())
})
} }
}) })