BUG/MINOR: detect when a raw configuration is uploaded incorrectly

oliwer · mjuraga · commit 3370eb23cc08 · 2023-05-09T13:27:20.000+02:00
Return an error when the user tries to upload an HAProxy configuration
file without any newline character. This can happen for example when
using curl(1) with bad options:

  # BAD! This will url-encode the file.
  curl -H 'Content-Type: text/plain' -d @haproxy.cfg $URL

  # GOOD. Upload without encoding.
  curl -H 'Content-Type: text/plain' -T haproxy.cfg $URL

Note that we still allow to upload an empty configuration, since this
is supported by HAProxy in master-worker mode, and it may actually be
useful in future releases.
diff --git a/e2e/tests/raw/data/haproxy.cfg b/e2e/tests/raw/data/haproxy.cfg
@@ -0,0 +1,34 @@
+global
+  chroot /var/lib/haproxy
+  user haproxy
+  group haproxy
+  maxconn 4000
+  pidfile /var/run/haproxy.pid
+  stats socket /var/lib/haproxy/stats level admin
+  log 127.0.0.1 local2
+
+defaults
+  mode http
+  maxconn 3000
+  log global
+  option httplog
+  option redispatch
+  option dontlognull
+  option http-server-close
+  option forwardfor except 127.0.0.0/8
+  timeout http-request 10s
+  timeout check 10s
+  timeout connect 10s
+  timeout client 1m
+  timeout queue 1m
+  timeout server 1m
+  timeout http-keep-alive 10s
+  retries 3
+
+backend test_backend
+  mode http
+  balance roundrobin
+  option forwardfor
+  server server_01 10.1.1.1:8080 check weight 80
+  server server_02 10.1.1.2:8080 check weight 80
+  server server_03 10.1.1.2:8080 check weight 80
diff --git a/e2e/tests/raw/data/haproxy.cfg.json b/e2e/tests/raw/data/haproxy.cfg.json
@@ -0,0 +1 @@
+"global\n  chroot /var/lib/haproxy\n  user haproxy\n  group haproxy\n  maxconn 4000\n  pidfile /var/run/haproxy.pid\n  stats socket /var/lib/haproxy/stats level admin\n  log 127.0.0.1 local2\n\ndefaults\n  mode http\n  maxconn 3000\n  log global\n  option httplog\n  option redispatch\n  option dontlognull\n  option http-server-close\n  option forwardfor except 127.0.0.0/8\n  timeout http-request 10s\n  timeout check 10s\n  timeout connect 10s\n  timeout client 1m\n  timeout queue 1m\n  timeout server 1m\n  timeout http-keep-alive 10s\n  retries 3\n\nbackend test_backend\n  mode http\n  balance roundrobin\n  option forwardfor\n  server server_01 10.1.1.1:8080 check weight 80\n  server server_02 10.1.1.2:8080 check weight 80\n  server server_03 10.1.1.2:8080 check weight 80\n"
diff --git a/e2e/tests/raw/get.bats b/e2e/tests/raw/get.bats
@@ -0,0 +1,30 @@
+#!/usr/bin/env bats
+#
+# Copyright 2023 HAProxy Technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+load '../../libs/dataplaneapi'
+load "../../libs/get_json_path"
+load '../../libs/haproxy_config_setup'
+load '../../libs/resource_client'
+
+load 'utils/_helpers'
+
+@test "raw: Download configuration" {
+  resource_get "$_RAW_BASE_PATH"
+  assert_equal "$SC" 200
+  test -n "$(get_json_path "$BODY" .data)" ||
+    fail "failed to download raw config. BODY: '$BODY'"
+}
diff --git a/e2e/tests/raw/post.bats b/e2e/tests/raw/post.bats
@@ -0,0 +1,36 @@
+#!/usr/bin/env bats
+#
+# Copyright 2023 HAProxy Technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+load '../../libs/dataplaneapi'
+load '../../libs/debug'
+load "../../libs/get_json_path"
+load '../../libs/haproxy_config_setup'
+load '../../libs/resource_client'
+load '../../libs/version'
+
+load 'utils/_helpers'
+
+@test "raw: Post new configuration" {
+  resource_post "$_RAW_BASE_PATH" 'data/haproxy.cfg.json'
+  assert_equal "$SC" 202
+}
+
+@test "raw: Post new configuration incorrectly (bug 1219)" {
+  resource_post_text "$_RAW_BASE_PATH" 'data/haproxy.cfg.json'
+  assert_equal "$SC" 400
+  assert_equal "$(get_json_path "$BODY" '.message')" "invalid configuration: no newline character found"
+}
diff --git a/e2e/tests/raw/utils/_helpers.bash b/e2e/tests/raw/utils/_helpers.bash
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+#
+# Copyright 2023 HAProxy Technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+_RAW_BASE_PATH="/services/haproxy/configuration/raw"
+
+# Identical to resource_post() but with the text/plain content type.
+function resource_post_text() {
+  local endpoint="$1" data="@${BATS_TEST_DIRNAME}/$2" qs_params="$3"
+
+  run curl -m 10 -s -H 'content-type: text/plain' --user dataplaneapi:mypassword \
+    "-XPOST" -w "\n%{http_code}" "-d${data}" \
+    "http://${LOCAL_IP_ADDRESS}:${E2E_PORT}${BASE_PATH}${endpoint}?$qs_params&version=$(version)"
+	assert_success
+	dpa_curl_status_body '$output'
+}
diff --git a/handlers/raw.go b/handlers/raw.go
@@ -95,6 +95,15 @@ func (h *PostRawConfigurationHandlerImpl) Handle(params configuration.PostHAProx
 		onlyValidate = *params.OnlyValidate
 	}
 
+	// Check for a common error where the user ran `curl -d @haproxy.cfg` without
+	// converting the file to json, which removes all the \n from the configuration.
+	if len(params.Data) > 0 && !strings.ContainsRune(params.Data, '\n') {
+		code := misc.ErrHTTPBadRequest
+		msg := "invalid configuration: no newline character found"
+		e := &models.Error{Code: &code, Message: &msg}
+		return configuration.NewPostHAProxyConfigurationBadRequest().WithPayload(e)
+	}
+
 	cfg, err := h.Client.Configuration()
 	if err != nil {
 		e := misc.HandleError(err)

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+"global\n chroot /var/lib/haproxy\n user haproxy\n group haproxy\n maxconn 4000\n pidfile /var/run/haproxy.pid\n stats socket /var/lib/haproxy/stats level admin\n log 127.0.0.1 local2\n\ndefaults\n mode http\n maxconn 3000\n log global\n option httplog\n option redispatch\n option dontlognull\n option http-server-close\n option forwardfor except 127.0.0.0/8\n timeout http-request 10s\n timeout check 10s\n timeout connect 10s\n timeout client 1m\n timeout queue 1m\n timeout server 1m\n timeout http-keep-alive 10s\n retries 3\n\nbackend test_backend\n mode http\n balance roundrobin\n option forwardfor\n server server_01 10.1.1.1:8080 check weight 80\n server server_02 10.1.1.2:8080 check weight 80\n server server_03 10.1.1.2:8080 check weight 80\n"