Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Ingest Manager] Add namespace validation #75381

Merged
merged 10 commits into from
Aug 20, 2020
Merged

[Ingest Manager] Add namespace validation #75381

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
3c09ab8
Add namespace validation on APIs and UI
jen-huang Aug 18, 2020
d236d4a
Add test coverage
jen-huang Aug 18, 2020
4aa1f79
Fix imports
jen-huang Aug 18, 2020
00d5d90
Fix schema
jen-huang Aug 18, 2020
40cecb4
Merge remote-tracking branch 'upstream/master' into ingest/bug/74667
jen-huang Aug 19, 2020
1e50244
Merge remote-tracking branch 'upstream/master' into ingest/bug/74667
jen-huang Aug 19, 2020
5deb2d5
Rename to policy
jen-huang Aug 19, 2020
848ced9
Fix typo
jen-huang Aug 20, 2020
3210347
Merge remote-tracking branch 'upstream/master' into ingest/bug/74667
jen-huang Aug 20, 2020
dd62085
Merge remote-tracking branch 'upstream/master' into ingest/bug/74667
jen-huang Aug 20, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions x-pack/plugins/ingest_manager/common/services/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,4 @@ export { storedPackagePoliciesToAgentInputs } from './package_policies_to_agent_
export { fullAgentPolicyToYaml } from './full_agent_policy_to_yaml';
export { isPackageLimited, doesAgentPolicyAlreadyIncludePackage } from './limited_package';
export { decodeCloudId } from './decode_cloud_id';
export { isValidNamespace } from './is_valid_namespace';
28 changes: 28 additions & 0 deletions x-pack/plugins/ingest_manager/common/services/is_valid_namespace.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
import { isValidNamespace } from './is_valid_namespace';

describe('Ingest Manager - isValidNamespace', () => {
it('returns true for valid namespaces', () => {
expect(isValidNamespace('default')).toBe(true);
expect(isValidNamespace('namespace-with-dash')).toBe(true);
expect(isValidNamespace('123')).toBe(true);
});

it('returns false for invalid namespaces', () => {
expect(isValidNamespace('Default')).toBe(false);
expect(isValidNamespace('namespace with spaces')).toBe(false);
expect(isValidNamespace('foo/bar')).toBe(false);
expect(isValidNamespace('foo\\bar')).toBe(false);
expect(isValidNamespace('foo*bar')).toBe(false);
expect(isValidNamespace('foo?bar')).toBe(false);
expect(isValidNamespace('foo"bar')).toBe(false);
expect(isValidNamespace('foo<bar')).toBe(false);
expect(isValidNamespace('foo|bar')).toBe(false);
expect(isValidNamespace('foo,bar')).toBe(false);
expect(isValidNamespace('foo#bar')).toBe(false);
});
});
17 changes: 17 additions & 0 deletions x-pack/plugins/ingest_manager/common/services/is_valid_namespace.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

// Namespace string eventually becomes part of an index name. This method partially implements index name rules from
// https://github.com/elastic/elasticsearch/blob/master/docs/reference/indices/create-index.asciidoc
export function isValidNamespace(namespace: string) {
return (
typeof namespace === 'string' &&
// Lowercase only
namespace === namespace.toLowerCase() &&
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just a few cases missing which agent validates

  • namespace is allowed to contain . but is not allowed to be equal to . or ..
  • namespace cannot be longer than 255 chars
  • namespace cannot start with -, _ or +

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@michalpristas I think the validation is incorrect,

Cannot be longer than 255 bytes (note it is bytes, so multi-byte characters will count towards the 255 limit faster)

This mean, type + dataset + namespace <= 255 bytes.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what we do in agent is that we put 255 constraint on dataset, namespace and a product of concatenation, so eventaully we will fail when index > 255.
putting some not communicated constraint felt weird (such as 255/3 or some other math) so i used 255 on each part and result as well.
as namespace is created before configuration and can lead to different indexes based on dataset and type it would make sense to agree on some constraint which can be applied at the time of specifying namespace.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc @jen-huang

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I followed up in #75846 (comment).

// Cannot include \, /, *, ?, ", <, >, |, space character, comma, #, :
/^[^\*\\/\?"<>|\s,#:]+$/.test(namespace)
);
}
8 changes: 8 additions & 0 deletions ...public/applications/ingest_manager/sections/agent_policy/components/agent_policy_form.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import { FormattedMessage } from '@kbn/i18n/react';
import { i18n } from '@kbn/i18n';
import styled from 'styled-components';
import { NewAgentPolicy, AgentPolicy } from '../../../types';
import { isValidNamespace } from '../../../services';
import { AgentPolicyDeleteProvider } from './agent_policy_delete_provider';

interface ValidationResults {
Expand Down Expand Up @@ -57,6 +58,13 @@ export const agentPolicyFormValidation = (
defaultMessage="A namespace is required"
/>,
];
} else if (!isValidNamespace(agentPolicy.namespace)) {
errors.namespace = [
<FormattedMessage
id="xpack.ingestManager.agentPolicyForm.namespaceInvalidErrorMessage"
defaultMessage="Namespace contains invalid characters"
/>,
];
}

return errors;
Expand Down
8 changes: 7 additions & 1 deletion ...ager/sections/agent_policy/create_package_policy_page/services/validate_package_policy.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
*/
import { i18n } from '@kbn/i18n';
import { safeLoad } from 'js-yaml';
import { getFlattenedObject } from '../../../../services';
import { getFlattenedObject, isValidNamespace } from '../../../../services';
import {
NewPackagePolicy,
PackagePolicyInput,
Expand Down Expand Up @@ -65,6 +65,12 @@ export const validatePackagePolicy = (
defaultMessage: 'Namespace is required',
}),
];
} else if (!isValidNamespace(packagePolicy.namespace)) {
validationResults.namespace = [
i18n.translate('xpack.ingestManager.packagePolicyValidation.namespaceInvalidErrorMessage', {
defaultMessage: 'Namespace contains invalid characters',
}),
];
}

if (
Expand Down
1 change: 1 addition & 0 deletions x-pack/plugins/ingest_manager/public/applications/ingest_manager/services/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,4 +24,5 @@ export {
fullAgentPolicyToYaml,
isPackageLimited,
doesAgentPolicyAlreadyIncludePackage,
isValidNamespace,
} from '../../../../common';
4 changes: 2 additions & 2 deletions x-pack/plugins/ingest_manager/server/types/models/agent_policy.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,12 @@
* you may not use this file except in compliance with the Elastic License.
*/
import { schema } from '@kbn/config-schema';
import { PackagePolicySchema } from './package_policy';
import { PackagePolicySchema, NamespaceSchema } from './package_policy';
import { AgentPolicyStatus } from '../../../common';

const AgentPolicyBaseSchema = {
name: schema.string({ minLength: 1 }),
namespace: schema.string({ minLength: 1 }),
namespace: NamespaceSchema,
description: schema.maybe(schema.string()),
monitoring_enabled: schema.maybe(
schema.arrayOf(schema.oneOf([schema.literal('logs'), schema.literal('metrics')]))
Expand Down
12 changes: 11 additions & 1 deletion x-pack/plugins/ingest_manager/server/types/models/package_policy.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,16 @@
* you may not use this file except in compliance with the Elastic License.
*/
import { schema } from '@kbn/config-schema';
import { isValidNamespace } from '../../../common';

export const NamespaceSchema = schema.string({
minLength: 1,
validate: (value) => {
if (!isValidNamespace(value)) {
return 'Namespace contains invalid characters';
}
},
});

const ConfigRecordSchema = schema.recordOf(
schema.string(),
Expand All @@ -16,7 +26,7 @@ const ConfigRecordSchema = schema.recordOf(
const PackagePolicyBaseSchema = {
name: schema.string(),
description: schema.maybe(schema.string()),
namespace: schema.string({ minLength: 1 }),
namespace: NamespaceSchema,
policy_id: schema.string(),
enabled: schema.boolean(),
package: schema.maybe(
Expand Down
13 changes: 12 additions & 1 deletion x-pack/test/ingest_manager_api_integration/apis/agent_policy/agent_policy.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ export default function ({ getService }: FtrProviderContext) {
expect(apiResponse.success).to.be(true);
});

it('should return a 400 with an invalid namespace', async () => {
it('should return a 400 with an empty namespace', async () => {
await supertest
.post(`/api/ingest_manager/agent_policies`)
.set('kbn-xsrf', 'xxxx')
Expand All @@ -36,6 +36,17 @@ export default function ({ getService }: FtrProviderContext) {
})
.expect(400);
});

it('should return a 400 with an invalid namespace', async () => {
await supertest
.post(`/api/ingest_manager/agent_policies`)
.set('kbn-xsrf', 'xxxx')
.send({
name: 'TEST',
namespace: 'InvalidNamespace',
})
.expect(400);
});
});

describe('POST /api/ingest_manager/agent_policies/{agentPolicyId}/copy', () => {
Expand Down
27 changes: 26 additions & 1 deletion x-pack/test/ingest_manager_api_integration/apis/package_policy/create.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ export default function ({ getService }: FtrProviderContext) {
}
});

it('should return a 400 with an invalid namespace', async function () {
it('should return a 400 with an empty namespace', async function () {
if (server.enabled) {
await supertest
.post(`/api/ingest_manager/package_policies`)
Expand All @@ -84,6 +84,31 @@ export default function ({ getService }: FtrProviderContext) {
}
});

it('should return a 400 with an invalid namespace', async function () {
if (server.enabled) {
await supertest
.post(`/api/ingest_manager/package_policies`)
.set('kbn-xsrf', 'xxxx')
.send({
name: 'filetest-1',
description: '',
namespace: 'InvalidNamespace',
policy_id: agentPolicyId,
enabled: true,
output_id: '',
inputs: [],
package: {
name: 'filetest',
title: 'For File Tests',
version: '0.1.0',
},
})
.expect(400);
} else {
warnAndSkipTest(this, log);
}
});

it('should not allow multiple limited packages on the same agent policy', async function () {
if (server.enabled) {
await supertest
Expand Down