consolidate storage validation logic

This commit is contained in:
Girish Ramakrishnan
2022-06-03 10:56:50 -07:00
parent 7dba294961
commit 7598cf2baf
4 changed files with 62 additions and 14 deletions
+20 -13
View File
@@ -168,6 +168,7 @@ const appstore = require('./appstore.js'),
semver = require('semver'),
services = require('./services.js'),
settings = require('./settings.js'),
shell = require('./shell.js'),
spawn = require('child_process').spawn,
split = require('split'),
superagent = require('superagent'),
@@ -191,6 +192,8 @@ const APPS_FIELDS_PREFIXED = [ 'apps.id', 'apps.appStoreId', 'apps.installationS
// const PORT_BINDINGS_FIELDS = [ 'hostPort', 'type', 'environmentVariable', 'appId' ].join(',');
const CHECKVOLUME_CMD = path.join(__dirname, 'scripts/checkvolume.sh');
function validatePortBindings(portBindings, manifest) {
assert.strictEqual(typeof portBindings, 'object');
assert.strictEqual(typeof manifest, 'object');
@@ -478,13 +481,24 @@ function validateEnv(env) {
return null;
}
function validateStorage(volume, prefix) {
assert.strictEqual(typeof volume, 'object');
async function checkStorage(volumeId, prefix) {
assert.strictEqual(typeof volumeId, 'string');
assert.strictEqual(typeof prefix, 'string');
if (path.isAbsolute(prefix)) return new BoxError(BoxError.BAD_FIELD, `prefix "${prefix}" must be a relative path`);
if (prefix.endsWith('/')) return new BoxError(BoxError.BAD_FIELD, `prefix "${prefix}" contains trailing slash`);
if (path.normalize(prefix) !== prefix) return new BoxError(BoxError.BAD_FIELD, `prefix "${prefix}" is not a normalized path`);
const volume = await volumes.get(volumeId);
if (volume === null) throw new BoxError(BoxError.BAD_FIELD, 'Storage volume not found');
const status = await volumes.getStatus(volume);
if (status.state !== 'active') throw new BoxError(BoxError.BAD_FIELD, 'Volume is not active');
if (path.isAbsolute(prefix)) throw new BoxError(BoxError.BAD_FIELD, `prefix "${prefix}" must be a relative path`);
if (prefix.endsWith('/')) throw new BoxError(BoxError.BAD_FIELD, `prefix "${prefix}" contains trailing slash`);
if (prefix !== '' && path.normalize(prefix) !== prefix) throw new BoxError(BoxError.BAD_FIELD, `prefix "${prefix}" is not a normalized path`);
const storageDir = path.join(volume.hostPath, prefix);
const [error] = await safe(shell.promises.sudo('checkStorage', [ CHECKVOLUME_CMD, storageDir ], {}));
if (error && error.code === 2) throw new BoxError(BoxError.BAD_FIELD, `Targer directory ${storageDir} is not empty`);
if (error && error.code === 3) throw new BoxError(BoxError.BAD_FIELD, `Targer directory ${storageDir} does not support chown`);
return null;
}
@@ -1794,14 +1808,7 @@ async function setStorage(app, volumeId, volumePrefix, auditSource) {
if (error) throw error;
if (volumeId) {
const volume = await volumes.get(volumeId);
if (volume === null) throw new BoxError(BoxError.BAD_FIELD, 'Storage volume not found');
const status = await volumes.getStatus(volume);
if (status.state !== 'active') throw new BoxError(BoxError.BAD_FIELD, 'Volume is not active');
error = validateStorage(volume, volumePrefix);
if (error) throw error;
await checkStorage(volumeId, volumePrefix);
} else {
volumeId = volumePrefix = null;
}
+39
View File
@@ -0,0 +1,39 @@
#!/bin/bash
set -eu -o pipefail
if [[ ${EUID} -ne 0 ]]; then
echo "This script should be run as root." > /dev/stderr
exit 1
fi
if [[ $# -eq 0 ]]; then
echo "No arguments supplied"
exit 1
fi
if [[ "$1" == "--check" ]]; then
echo "OK"
exit 0
fi
volume_dir="$1"
readonly test_file="${volume_dir}/.chown-test"
mkdir -p "${volume_dir}"
rm -f "${test_file}" # clean up any from previous run
if [[ -n "$(ls -A \"${volume_dir}\")" ]]; then
echo "volume dir is not empty"
exit 2
fi
touch "${test_file}"
if ! chown yellowtent:yellowtent "${test_file}"; then
echo "chown does not work"
exit 3
fi
rm -f "${test_file}"
rm -r "${volume_dir}" # will get recreated by the local storage addon
-1
View File
@@ -20,4 +20,3 @@ fi
volume_dir="$1"
mkdir -p "${volume_dir}"