github/troubleshoot
1
0
Fork 0
mirror of https://github.com/replicatedhq/troubleshoot.git synced 2026-04-15 07:16:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #302 from replicatedhq/laverya/dont-rbac-check-excluded-collectors

Browse Source 
check whether a collector is excluded before checking RBAC for it
This commit is contained in:
Andrew Lavery
2020-11-19 19:44:41 -05:00
committed by GitHub
parent c81576f25f 0ec1c43afd
commit 2f2edb5356
3 changed files with 153 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
.github/workflows/build-test-deploy.yaml vendored
View File

@@ -18,8 +18,8 @@ jobs:
- name: setup env
run: |
echo "::set-env name=GOPATH::$(go env GOPATH)"
echo "::add-path::$(go env GOPATH)/bin"
echo "GOPATH=$(go env GOPATH)" >> $GITHUB_ENV
echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
shell: bash
- uses: actions/checkout@v2
@@ -35,8 +35,8 @@ jobs:
go-version: '1.14'
- name: setup env
run: |
echo "::set-env name=GOPATH::$(go env GOPATH)"
echo "::add-path::$(go env GOPATH)/bin"
echo "GOPATH=$(go env GOPATH)" >> $GITHUB_ENV
echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
shell: bash
- uses: actions/checkout@master
- run: make preflight
@@ -54,7 +54,7 @@ jobs:
with:
name: preflight
path: bin/
- uses: engineerd/setup-kind@v0.2.0
- uses: engineerd/setup-kind@v0.5.0
- run: chmod +x bin/preflight
- run: ./bin/preflight --interactive=false --format=json https://preflight.replicated.com
@@ -67,8 +67,8 @@ jobs:
go-version: '1.14'
- name: setup env
run: |
echo "::set-env name=GOPATH::$(go env GOPATH)"
echo "::add-path::$(go env GOPATH)/bin"
echo "GOPATH=$(go env GOPATH)" >> $GITHUB_ENV
echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
shell: bash
- uses: actions/checkout@master
- run: make support-bundle
@@ -87,7 +87,7 @@ jobs:
with:
name: support-bundle
path: bin/
- uses: engineerd/setup-kind@v0.2.0
- uses: engineerd/setup-kind@v0.5.0
- run: chmod +x bin/support-bundle
- run: ./bin/support-bundle ./examples/support-bundle/sample-collectors.yaml
- run: ./bin/support-bundle ./examples/support-bundle/sample-supportbundle.yaml
@@ -130,4 +130,4 @@ jobs:
- name: Update new support-bundle version in krew-index
uses: rajatjindal/krew-release-bot@v0.0.38
with:
krew_template_file: deploy/krew/support-bundle.yaml
krew_template_file: deploy/krew/support-bundle.yaml

227
pkg/collect/collector.go
View File

@@ -42,6 +42,125 @@ func isExcluded(excludeVal multitype.BoolOrString) (bool, error) {
return parsed, nil
}
// checks if a given collector has a spec with 'exclude' that evaluates to true.
func (c *Collector) IsExcluded() bool {
if c.Collect.ClusterInfo != nil {
isExcludedResult, err := isExcluded(c.Collect.ClusterInfo.Exclude)
if err != nil {
return true
}
if isExcludedResult {
return true
}
} else if c.Collect.ClusterResources != nil {
isExcludedResult, err := isExcluded(c.Collect.ClusterResources.Exclude)
if err != nil {
return true
}
if isExcludedResult {
return true
}
} else if c.Collect.Secret != nil {
isExcludedResult, err := isExcluded(c.Collect.Secret.Exclude)
if err != nil {
return true
}
if isExcludedResult {
return true
}
} else if c.Collect.Logs != nil {
isExcludedResult, err := isExcluded(c.Collect.Logs.Exclude)
if err != nil {
return true
}
if isExcludedResult {
return true
}
} else if c.Collect.Run != nil {
isExcludedResult, err := isExcluded(c.Collect.Run.Exclude)
if err != nil {
return true
}
if isExcludedResult {
return true
}
} else if c.Collect.Exec != nil {
isExcludedResult, err := isExcluded(c.Collect.Exec.Exclude)
if err != nil {
return true
}
if isExcludedResult {
return true
}
} else if c.Collect.Data != nil {
isExcludedResult, err := isExcluded(c.Collect.Data.Exclude)
if err != nil {
return true
}
if isExcludedResult {
return true
}
} else if c.Collect.Copy != nil {
isExcludedResult, err := isExcluded(c.Collect.Copy.Exclude)
if err != nil {
return true
}
if isExcludedResult {
return true
}
} else if c.Collect.HTTP != nil {
isExcludedResult, err := isExcluded(c.Collect.HTTP.Exclude)
if err != nil {
return true
}
if isExcludedResult {
return true
}
} else if c.Collect.Postgres != nil {
isExcludedResult, err := isExcluded(c.Collect.Postgres.Exclude)
if err != nil {
return true
}
if isExcludedResult {
return true
}
} else if c.Collect.Mysql != nil {
isExcludedResult, err := isExcluded(c.Collect.Mysql.Exclude)
if err != nil {
return true
}
if isExcludedResult {
return true
}
} else if c.Collect.Redis != nil {
isExcludedResult, err := isExcluded(c.Collect.Redis.Exclude)
if err != nil {
return true
}
if isExcludedResult {
return true
}
} else if c.Collect.Collectd != nil {
// TODO: see if redaction breaks these
isExcludedResult, err := isExcluded(c.Collect.Collectd.Exclude)
if err != nil {
return true
}
if isExcludedResult {
return true
}
} else if c.Collect.Ceph != nil {
isExcludedResult, err := isExcluded(c.Collect.Ceph.Exclude)
if err != nil {
return true
}
if isExcludedResult {
return true
}
}
return false
}
func (c *Collector) RunCollectorSync(globalRedactors []*troubleshootv1beta2.Redact) (result map[string][]byte, err error) {
defer func() {
if r := recover(); r != nil {
@@ -49,133 +168,38 @@ func (c *Collector) RunCollectorSync(globalRedactors []*troubleshootv1beta2.Reda
}
}()
var isExcludedResult bool
if c.IsExcluded() {
return
}
if c.Collect.ClusterInfo != nil {
isExcludedResult, err = isExcluded(c.Collect.ClusterInfo.Exclude)
if err != nil {
return
}
if isExcludedResult {
return
}
result, err = ClusterInfo(c)
} else if c.Collect.ClusterResources != nil {
isExcludedResult, err = isExcluded(c.Collect.ClusterResources.Exclude)
if err != nil {
return
}
if isExcludedResult {
return
}
result, err = ClusterResources(c)
} else if c.Collect.Secret != nil {
isExcludedResult, err = isExcluded(c.Collect.Secret.Exclude)
if err != nil {
return
}
if isExcludedResult {
return
}
result, err = Secret(c, c.Collect.Secret)
} else if c.Collect.Logs != nil {
isExcludedResult, err = isExcluded(c.Collect.Logs.Exclude)
if err != nil {
return
}
if isExcludedResult {
return
}
result, err = Logs(c, c.Collect.Logs)
} else if c.Collect.Run != nil {
isExcludedResult, err = isExcluded(c.Collect.Run.Exclude)
if err != nil {
return
}
if isExcludedResult {
return
}
result, err = Run(c, c.Collect.Run)
} else if c.Collect.Exec != nil {
isExcludedResult, err = isExcluded(c.Collect.Exec.Exclude)
if err != nil {
return
}
if isExcludedResult {
return
}
result, err = Exec(c, c.Collect.Exec)
} else if c.Collect.Data != nil {
isExcludedResult, err = isExcluded(c.Collect.Data.Exclude)
if err != nil {
return
}
if isExcludedResult {
return
}
result, err = Data(c, c.Collect.Data)
} else if c.Collect.Copy != nil {
isExcludedResult, err = isExcluded(c.Collect.Copy.Exclude)
if err != nil {
return
}
if isExcludedResult {
return
}
result, err = Copy(c, c.Collect.Copy)
} else if c.Collect.HTTP != nil {
isExcludedResult, err = isExcluded(c.Collect.HTTP.Exclude)
if err != nil {
return
}
if isExcludedResult {
return
}
result, err = HTTP(c, c.Collect.HTTP)
} else if c.Collect.Postgres != nil {
isExcludedResult, err = isExcluded(c.Collect.Postgres.Exclude)
if err != nil {
return
}
if isExcludedResult {
return
}
result, err = Postgres(c, c.Collect.Postgres)
} else if c.Collect.Mysql != nil {
isExcludedResult, err = isExcluded(c.Collect.Mysql.Exclude)
if err != nil {
return
}
if isExcludedResult {
return
}
result, err = Mysql(c, c.Collect.Mysql)
} else if c.Collect.Redis != nil {
isExcludedResult, err = isExcluded(c.Collect.Redis.Exclude)
if err != nil {
return
}
if isExcludedResult {
return
}
result, err = Redis(c, c.Collect.Redis)
} else if c.Collect.Collectd != nil {
// TODO: see if redaction breaks these
isExcludedResult, err = isExcluded(c.Collect.Collectd.Exclude)
if err != nil {
return
}
if isExcludedResult {
return
}
result, err = Collectd(c, c.Collect.Collectd)
} else if c.Collect.Ceph != nil {
isExcludedResult, err = isExcluded(c.Collect.Ceph.Exclude)
if err != nil {
return nil, err
}
if isExcludedResult {
return nil, nil
}
result, err = Ceph(c, c.Collect.Ceph)
} else {
err = errors.New("no spec found to run")
@@ -206,6 +230,10 @@ func (c *Collector) GetDisplayName() string {
}
func (c *Collector) CheckRBAC(ctx context.Context) error {
if c.IsExcluded() {
return nil // excluded collectors require no permissions
}
client, err := kubernetes.NewForConfig(c.ClientConfig)
if err != nil {
return errors.Wrap(err, "failed to create client from config")
@@ -215,7 +243,6 @@ func (c *Collector) CheckRBAC(ctx context.Context) error {
specs := c.Collect.AccessReviewSpecs(c.Namespace)
for _, spec := range specs {
sar := &authorizationv1.SelfSubjectAccessReview{
Spec: spec,
}

17
pkg/collect/collector_test.go
View File

@@ -260,6 +260,23 @@ abc
`,
},
},
{
name: "excluded data",
Collect: &troubleshootv1beta2.Collect{
Data: &troubleshootv1beta2.Data{
CollectorMeta: troubleshootv1beta2.CollectorMeta{
CollectorName: "datacollectorname",
Exclude: multitype.BoolOrString{Type: multitype.String, StrVal: "true"},
},
Name: "data",
Data: `abc 123
another line here
pwd=somethinggoeshere;`,
},
},
Redactors: []*troubleshootv1beta2.Redact{},
want: map[string]string{},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {