syncer/config/verify.go - servicecomb-service-center - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package config

 import (
 	"crypto/md5"
 	"fmt"
 	"net"
 	"net/url"
 	"path/filepath"
 	"sort"
 	"strconv"
 	"strings"
 	"time"

 	"github.com/apache/servicecomb-service-center/pkg/log"
 	"github.com/apache/servicecomb-service-center/pkg/tlsutil"
 	"github.com/apache/servicecomb-service-center/syncer/pkg/utils"
 	"github.com/pkg/errors"
 )

 // Verify Provide config verification
 func Verify(c *Config) (err error) {
 	if err = verifyListener(&c.Listener); err != nil {
 		return
 	}

 	if err = verifyJoin(&c.Join); err != nil {
 		return
 	}

 	if err = verifyTask(&c.Task); err != nil {
 		return
 	}

 	if err = verifyRegistry(&c.Registry); err != nil {
 		return
 	}

 	if c.Listener.TLSMount.Enabled {
 		listenerTls := c.GetTLSConfig(c.Listener.TLSMount.Name)
 		if listenerTls == nil {
 			err = errors.Errorf("listener tls config notfound, name = %s", c.Listener.TLSMount.Name)
 			return
 		}
 		if err = verifyTLSConfig(listenerTls); err == nil {
 			return
 		}
 	}

 	if c.Registry.TLSMount.Enabled {
 		registryTls := c.GetTLSConfig(c.Listener.TLSMount.Name)
 		if registryTls == nil {
 			err = errors.Errorf("registry tls config notfound, name = %s", c.Registry.TLSMount.Name)
 			return
 		}
 		if err = verifyTLSConfig(registryTls); err == nil {
 			return
 		}
 	}

 	if c.Cluster == "" {
 		endpoints := strings.Split(c.Registry.Address, ",")
 		sort.Strings(endpoints)
 		str := strings.Join(endpoints, ",")
 		c.Cluster = fmt.Sprintf("%x", md5.Sum([]byte(str)))
 	}

 	if c.DataDir == "" {
 		c.DataDir = defaultDataDir + c.Node
 	}
 	c.DataDir = filepath.Dir(c.DataDir)
 	return nil
 }

 func verifyListener(listener *Listener) (err error) {
 	bindHost, bindPort, bErr := utils.SplitHostPort(listener.BindAddr, defaultBindPort)
 	if bErr != nil {
 		err = errors.Wrapf(bErr, "verify bind address failed, url is %s", listener.BindAddr)
 		return
 	}
 	listener.BindAddr = bindHost + ":" + strconv.Itoa(bindPort)

 	rpcHost, rpcPort, rErr := utils.SplitHostPort(listener.RPCAddr, defaultRPCPort)
 	if rErr != nil {
 		err = errors.Wrapf(rErr, "verify rpc address failed, url is %s", listener.RPCAddr)
 		return
 	}
 	listener.RPCAddr = rpcHost + ":" + strconv.Itoa(rpcPort)

 	peerHost, peerPort, pErr := utils.SplitHostPort(listener.PeerAddr, defaultPeerPort)
 	if pErr != nil {
 		err = errors.Wrapf(pErr, "verify peer address failed, url is %s", listener.PeerAddr)
 		return
 	}
 	listener.PeerAddr = peerHost + ":" + strconv.Itoa(peerPort)
 	return
 }

 func verifyJoin(join *Join) (err error) {
 	if !join.Enabled {
 		return
 	}
 	endpoints := strings.Split(join.Address, ",")
 	for _, addr := range endpoints {
 		_, _, err1 := net.SplitHostPort(addr)
 		if err1 != nil {
 			err = errors.Wrapf(err1, "Verify joinAddr failed, urls has %s", addr)
 			return
 		}
 	}

 	if join.RetryMax < 0 {
 		join.RetryMax = defaultRetryJoinMax
 	}

 	if _, err1 := time.ParseDuration(join.RetryInterval); err1 != nil {
 		log.Warnf("join retry interval '%s' is wrong", join.RetryInterval)
 		join.RetryInterval = defaultRetryJoinInterval
 	}
 	return
 }

 func verifyTask(task *Task) (err error) {
 	if task.Kind == "" {
 		task.Kind = defaultTaskKind
 	}

 	if task.Kind == defaultTaskKind {
 		for _, label := range task.Params {
 			if label.Key != defaultTaskKey {
 				continue
 			}
 			_, err1 := time.ParseDuration(label.Value)
 			if err1 != nil {
 				err = errors.Wrapf(err1, "Verify task params failed, key = %s, value = %s", label.Key, label.Value)
 				return
 			}
 		}
 	}
 	return
 }

 func verifyRegistry(r *Registry) (err error) {
 	endpoints := strings.Split(r.Address, ",")
 	for _, addr := range endpoints {
 		_, err = url.Parse(addr)
 		if err != nil {
 			log.Errorf(err, "Verify registry endpoints failed, urls has %s", addr)
 			return err
 		}
 	}
 	return nil
 }

 func verifyTLSConfig(conf *TLSConfig) (err error) {
 	if conf.CAFile == "" || !utils.IsFileExist(conf.CAFile) {
 		conf.CAFile = pathFromSSLEnvOrDefault(conf.Name, defaultCAName)
 		if !utils.IsFileExist(conf.CAFile) {
 			err = errors.Errorf("tls ca file '%s' is not found", conf.CAFile)
 			return
 		}
 	}

 	if conf.CertFile == "" || !utils.IsFileExist(conf.CertFile) {
 		conf.CertFile = pathFromSSLEnvOrDefault(conf.Name, defaultCertName)
 		if !utils.IsFileExist(conf.CertFile) {
 			err = errors.Errorf("tls cert file '%s' is not found", conf.CertFile)
 			return
 		}
 	}

 	if conf.KeyFile == "" || !utils.IsFileExist(conf.KeyFile) {
 		conf.KeyFile = pathFromSSLEnvOrDefault(conf.Name, defaultKeyName)
 		if !utils.IsFileExist(conf.KeyFile) {
 			err = errors.Errorf("tls key file '%s' is not found", conf.KeyFile)
 			return
 		}
 	}

 	for _, cipher := range conf.Ciphers {
 		if _, ok := tlsutil.TLSCipherSuiteMap[cipher]; !ok {
 			err = errors.Errorf("cipher %s not exist", cipher)
 			return
 		}
 	}
 	return
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package config

	import (
	"crypto/md5"
	"fmt"
	"net"
	"net/url"
	"path/filepath"
	"sort"
	"strconv"
	"strings"
	"time"

	"github.com/apache/servicecomb-service-center/pkg/log"
	"github.com/apache/servicecomb-service-center/pkg/tlsutil"
	"github.com/apache/servicecomb-service-center/syncer/pkg/utils"
	"github.com/pkg/errors"
	)

	// Verify Provide config verification
	func Verify(c *Config) (err error) {
	if err = verifyListener(&c.Listener); err != nil {
	return
	}

	if err = verifyJoin(&c.Join); err != nil {
	return
	}

	if err = verifyTask(&c.Task); err != nil {
	return
	}

	if err = verifyRegistry(&c.Registry); err != nil {
	return
	}

	if c.Listener.TLSMount.Enabled {
	listenerTls := c.GetTLSConfig(c.Listener.TLSMount.Name)
	if listenerTls == nil {
	err = errors.Errorf("listener tls config notfound, name = %s", c.Listener.TLSMount.Name)
	return
	}
	if err = verifyTLSConfig(listenerTls); err == nil {
	return
	}
	}

	if c.Registry.TLSMount.Enabled {
	registryTls := c.GetTLSConfig(c.Listener.TLSMount.Name)
	if registryTls == nil {
	err = errors.Errorf("registry tls config notfound, name = %s", c.Registry.TLSMount.Name)
	return
	}
	if err = verifyTLSConfig(registryTls); err == nil {
	return
	}
	}

	if c.Cluster == "" {
	endpoints := strings.Split(c.Registry.Address, ",")
	sort.Strings(endpoints)
	str := strings.Join(endpoints, ",")
	c.Cluster = fmt.Sprintf("%x", md5.Sum([]byte(str)))
	}

	if c.DataDir == "" {
	c.DataDir = defaultDataDir + c.Node
	}
	c.DataDir = filepath.Dir(c.DataDir)
	return nil
	}

	func verifyListener(listener *Listener) (err error) {
	bindHost, bindPort, bErr := utils.SplitHostPort(listener.BindAddr, defaultBindPort)
	if bErr != nil {
	err = errors.Wrapf(bErr, "verify bind address failed, url is %s", listener.BindAddr)
	return
	}
	listener.BindAddr = bindHost + ":" + strconv.Itoa(bindPort)

	rpcHost, rpcPort, rErr := utils.SplitHostPort(listener.RPCAddr, defaultRPCPort)
	if rErr != nil {
	err = errors.Wrapf(rErr, "verify rpc address failed, url is %s", listener.RPCAddr)
	return
	}
	listener.RPCAddr = rpcHost + ":" + strconv.Itoa(rpcPort)

	peerHost, peerPort, pErr := utils.SplitHostPort(listener.PeerAddr, defaultPeerPort)
	if pErr != nil {
	err = errors.Wrapf(pErr, "verify peer address failed, url is %s", listener.PeerAddr)
	return
	}
	listener.PeerAddr = peerHost + ":" + strconv.Itoa(peerPort)
	return
	}

	func verifyJoin(join *Join) (err error) {
	if !join.Enabled {
	return
	}
	endpoints := strings.Split(join.Address, ",")
	for _, addr := range endpoints {
	_, _, err1 := net.SplitHostPort(addr)
	if err1 != nil {
	err = errors.Wrapf(err1, "Verify joinAddr failed, urls has %s", addr)
	return
	}
	}

	if join.RetryMax < 0 {
	join.RetryMax = defaultRetryJoinMax
	}

	if _, err1 := time.ParseDuration(join.RetryInterval); err1 != nil {
	log.Warnf("join retry interval '%s' is wrong", join.RetryInterval)
	join.RetryInterval = defaultRetryJoinInterval
	}
	return
	}

	func verifyTask(task *Task) (err error) {
	if task.Kind == "" {
	task.Kind = defaultTaskKind
	}

	if task.Kind == defaultTaskKind {
	for _, label := range task.Params {
	if label.Key != defaultTaskKey {
	continue
	}
	_, err1 := time.ParseDuration(label.Value)
	if err1 != nil {
	err = errors.Wrapf(err1, "Verify task params failed, key = %s, value = %s", label.Key, label.Value)
	return
	}
	}
	}
	return
	}

	func verifyRegistry(r *Registry) (err error) {
	endpoints := strings.Split(r.Address, ",")
	for _, addr := range endpoints {
	_, err = url.Parse(addr)
	if err != nil {
	log.Errorf(err, "Verify registry endpoints failed, urls has %s", addr)
	return err
	}
	}
	return nil
	}

	func verifyTLSConfig(conf *TLSConfig) (err error) {
	if conf.CAFile == "" \|\| !utils.IsFileExist(conf.CAFile) {
	conf.CAFile = pathFromSSLEnvOrDefault(conf.Name, defaultCAName)
	if !utils.IsFileExist(conf.CAFile) {
	err = errors.Errorf("tls ca file '%s' is not found", conf.CAFile)
	return
	}
	}

	if conf.CertFile == "" \|\| !utils.IsFileExist(conf.CertFile) {
	conf.CertFile = pathFromSSLEnvOrDefault(conf.Name, defaultCertName)
	if !utils.IsFileExist(conf.CertFile) {
	err = errors.Errorf("tls cert file '%s' is not found", conf.CertFile)
	return
	}
	}

	if conf.KeyFile == "" \|\| !utils.IsFileExist(conf.KeyFile) {
	conf.KeyFile = pathFromSSLEnvOrDefault(conf.Name, defaultKeyName)
	if !utils.IsFileExist(conf.KeyFile) {
	err = errors.Errorf("tls key file '%s' is not found", conf.KeyFile)
	return
	}
	}

	for _, cipher := range conf.Ciphers {
	if _, ok := tlsutil.TLSCipherSuiteMap[cipher]; !ok {
	err = errors.Errorf("cipher %s not exist", cipher)
	return
	}
	}
	return
	}