[lxc-devel] [lxd/master] Network: Name validation changes
tomponline on Github
lxc-bot at linuxcontainers.org
Thu Aug 6 16:45:50 UTC 2020
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 430 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200806/b538e490/attachment-0001.bin>
-------------- next part --------------
From 5b8305ba6cc1a75dd0ba7bbbf93dc5895e0362ff Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 6 Aug 2020 17:40:33 +0100
Subject: [PATCH 1/7] shared/validate: Adds IsURLSegmentSafe function
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
shared/validate/validate.go | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/shared/validate/validate.go b/shared/validate/validate.go
index cc1811d6ed..35d30dd699 100644
--- a/shared/validate/validate.go
+++ b/shared/validate/validate.go
@@ -312,3 +312,14 @@ func IsNetworkVLAN(value string) error {
return nil
}
+
+// IsURLSegmentSafe validates whether value can be used in a URL segment.
+func IsURLSegmentSafe(value string) error {
+ for _, char := range []string{"/", "?", "&"} {
+ if strings.Contains(value, char) {
+ return fmt.Errorf("Cannot contain %q", char)
+ }
+ }
+
+ return nil
+}
From b468279eff50513bba721f625f6442b71d125d68 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 6 Aug 2020 17:40:45 +0100
Subject: [PATCH 2/7] lxd/network/driver/common: Adds common ValidateName
function
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
lxd/network/driver_common.go | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lxd/network/driver_common.go b/lxd/network/driver_common.go
index 49baf2299b..9708c78057 100644
--- a/lxd/network/driver_common.go
+++ b/lxd/network/driver_common.go
@@ -19,6 +19,7 @@ import (
log "github.com/lxc/lxd/shared/log15"
"github.com/lxc/lxd/shared/logger"
"github.com/lxc/lxd/shared/logging"
+ "github.com/lxc/lxd/shared/validate"
)
// common represents a generic LXD network.
@@ -94,6 +95,11 @@ func (n *common) validate(config map[string]string, driverRules map[string]func(
return nil
}
+// ValidateName validates network name.
+func (n *common) ValidateName(name string) error {
+ return validate.IsURLSegmentSafe(name)
+}
+
// ID returns the network ID.
func (n *common) ID() int64 {
return n.id
From b7b46e00bc0de74b3df261dd9c63ddfe0c4e0e23 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 6 Aug 2020 17:41:19 +0100
Subject: [PATCH 3/7] lxd/network/driver/bridge: Changes ValidateName to use
common validation too
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
lxd/network/driver_bridge.go | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/lxd/network/driver_bridge.go b/lxd/network/driver_bridge.go
index 82943e95f7..5518259f0a 100644
--- a/lxd/network/driver_bridge.go
+++ b/lxd/network/driver_bridge.go
@@ -120,7 +120,13 @@ func (n *bridge) fillConfig(config map[string]string) error {
// ValidateName validates network name.
func (n *bridge) ValidateName(name string) error {
- return validInterfaceName(name)
+ err := validInterfaceName(name)
+ if err != nil {
+ return err
+ }
+
+ // Apply common name validation that applies to all network types.
+ return n.common.ValidateName(name)
}
// Validate network config.
From c92f86a06ec835011c0d2ad909ff23f2e527fc82 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 6 Aug 2020 17:42:54 +0100
Subject: [PATCH 4/7] lxd/network/driver: Removes ValidateName from sriov and
macvlan
Will use common validator.
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
lxd/network/driver_macvlan.go | 5 -----
lxd/network/driver_sriov.go | 5 -----
2 files changed, 10 deletions(-)
diff --git a/lxd/network/driver_macvlan.go b/lxd/network/driver_macvlan.go
index 70cee2c98d..9581b3c255 100644
--- a/lxd/network/driver_macvlan.go
+++ b/lxd/network/driver_macvlan.go
@@ -14,11 +14,6 @@ type macvlan struct {
common
}
-// ValidateName validates network name.
-func (n *macvlan) ValidateName(name string) error {
- return validVirtualNetworkName(name)
-}
-
// Validate network config.
func (n *macvlan) Validate(config map[string]string) error {
rules := map[string]func(value string) error{
diff --git a/lxd/network/driver_sriov.go b/lxd/network/driver_sriov.go
index da9412b4c8..f8edc3fd9f 100644
--- a/lxd/network/driver_sriov.go
+++ b/lxd/network/driver_sriov.go
@@ -14,11 +14,6 @@ type sriov struct {
common
}
-// ValidateName validates network name.
-func (n *sriov) ValidateName(name string) error {
- return validVirtualNetworkName(name)
-}
-
// Validate network config.
func (n *sriov) Validate(config map[string]string) error {
rules := map[string]func(value string) error{
From b062cebb6e6f97306e6303c430fbd0f091e065c2 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 6 Aug 2020 17:43:21 +0100
Subject: [PATCH 5/7] lxd/network/network/load: Adds field name context to name
validation errors
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
lxd/network/network_load.go | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/lxd/network/network_load.go b/lxd/network/network_load.go
index 9ce8122d59..d65d7c2842 100644
--- a/lxd/network/network_load.go
+++ b/lxd/network/network_load.go
@@ -1,6 +1,8 @@
package network
import (
+ "github.com/pkg/errors"
+
"github.com/lxc/lxd/lxd/state"
"github.com/lxc/lxd/shared/api"
)
@@ -39,7 +41,12 @@ func ValidateName(name string, netType string) error {
n := driverFunc()
n.init(nil, 0, name, netType, "", nil, "Unknown")
- return n.ValidateName(name)
+ err := n.ValidateName(name)
+ if err != nil {
+ return errors.Wrapf(err, "Network name invalid")
+ }
+
+ return nil
}
// Validate validates the supplied network name and configuration for the specified network type.
@@ -54,7 +61,7 @@ func Validate(name string, netType string, config map[string]string) error {
err := n.ValidateName(name)
if err != nil {
- return err
+ return errors.Wrapf(err, "Network name invalid")
}
return n.Validate(config)
From 315a628d489ffd7e338ba13eb7e5e9cacbd9f988 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 6 Aug 2020 17:43:45 +0100
Subject: [PATCH 6/7] lxd/network/network/utils: Removes
validVirtualNetworkName
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
lxd/network/network_utils.go | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/lxd/network/network_utils.go b/lxd/network/network_utils.go
index cd221009f6..18e6ea2d1e 100644
--- a/lxd/network/network_utils.go
+++ b/lxd/network/network_utils.go
@@ -50,15 +50,6 @@ func validInterfaceName(value string) error {
return nil
}
-// validVirtualNetworkName validates a virtual network name (one that doesn't have an actual network interface).
-func validVirtualNetworkName(value string) error {
- if strings.Contains(value, "/") {
- return fmt.Errorf(`Network name cannot contain "/"`)
- }
-
- return nil
-}
-
func networkValidPort(value string) error {
if value == "" {
return nil
From 58c6f4c04332b2cea517f3495a0a64306a21361a Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 6 Aug 2020 17:44:00 +0100
Subject: [PATCH 7/7] lxd/networks: Returns network context on network startup
failure
Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
lxd/networks.go | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lxd/networks.go b/lxd/networks.go
index cee9c0ea68..41838c41d2 100644
--- a/lxd/networks.go
+++ b/lxd/networks.go
@@ -933,14 +933,14 @@ func networkStartup(s *state.State) error {
// Get a list of managed networks.
networks, err := s.Cluster.GetNonPendingNetworks()
if err != nil {
- return err
+ return errors.Wrapf(err, "Failed to load networks")
}
// Bring them all up.
for _, name := range networks {
n, err := network.LoadByName(s, name)
if err != nil {
- return err
+ return errors.Wrapf(err, "Failed to load network %q", name)
}
err = n.Validate(n.Config())
More information about the lxc-devel
mailing list