forked from Deuxfleurs/garage
Merge pull request '0.8.x: config: refactor secret sourcing' (#685) from secret-sourcing into main-0.8.x
Reviewed-on: Deuxfleurs/garage#685
This commit is contained in:
commit
993ce74976
9 changed files with 336 additions and 276 deletions
1
Cargo.lock
generated
1
Cargo.lock
generated
|
@ -1227,6 +1227,7 @@ dependencies = [
|
||||||
"hyper",
|
"hyper",
|
||||||
"k2v-client",
|
"k2v-client",
|
||||||
"kuska-sodiumoxide",
|
"kuska-sodiumoxide",
|
||||||
|
"mktemp",
|
||||||
"netapp",
|
"netapp",
|
||||||
"opentelemetry",
|
"opentelemetry",
|
||||||
"opentelemetry-otlp",
|
"opentelemetry-otlp",
|
||||||
|
|
|
@ -33,7 +33,7 @@ args@{
|
||||||
ignoreLockHash,
|
ignoreLockHash,
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
nixifiedLockHash = "b73d35e98dc62acc3b01aba2cb825ba6e99217e46781b8c59f8e0ceef34e79d6";
|
nixifiedLockHash = "d9e11e914ea70ac73c71ea542e275eaeeffbd42e1bfc311d67c4a952c9e923c7";
|
||||||
workspaceSrc = if args.workspaceSrc == null then ./. else args.workspaceSrc;
|
workspaceSrc = if args.workspaceSrc == null then ./. else args.workspaceSrc;
|
||||||
currentLockHash = builtins.hashFile "sha256" (workspaceSrc + /Cargo.lock);
|
currentLockHash = builtins.hashFile "sha256" (workspaceSrc + /Cargo.lock);
|
||||||
lockHashIgnored = if ignoreLockHash
|
lockHashIgnored = if ignoreLockHash
|
||||||
|
@ -1771,6 +1771,7 @@ in
|
||||||
http = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".http."0.2.9" { inherit profileName; }).out;
|
http = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".http."0.2.9" { inherit profileName; }).out;
|
||||||
hyper = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".hyper."0.14.27" { inherit profileName; }).out;
|
hyper = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".hyper."0.14.27" { inherit profileName; }).out;
|
||||||
k2v_client = (rustPackages."unknown".k2v-client."0.0.4" { inherit profileName; }).out;
|
k2v_client = (rustPackages."unknown".k2v-client."0.0.4" { inherit profileName; }).out;
|
||||||
|
mktemp = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".mktemp."0.5.0" { inherit profileName; }).out;
|
||||||
serde_json = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".serde_json."1.0.105" { inherit profileName; }).out;
|
serde_json = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".serde_json."1.0.105" { inherit profileName; }).out;
|
||||||
sha2 = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".sha2."0.10.7" { inherit profileName; }).out;
|
sha2 = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".sha2."0.10.7" { inherit profileName; }).out;
|
||||||
static_init = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".static_init."1.0.3" { inherit profileName; }).out;
|
static_init = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".static_init."1.0.3" { inherit profileName; }).out;
|
||||||
|
|
|
@ -325,10 +325,9 @@ yourself.
|
||||||
|
|
||||||
### `allow_world_readable_secrets`
|
### `allow_world_readable_secrets`
|
||||||
|
|
||||||
Garage checks the permissions of your secret files to make sure
|
Garage checks the permissions of your secret files to make sure they're not
|
||||||
they're not world-readable. In some cases, the check might fail and
|
world-readable. In some cases, the check might fail and consider your files as
|
||||||
consider your files as world-readable even if they're not. Such as
|
world-readable even if they're not, for instance when using Posix ACLs.
|
||||||
when using Posix ACLs.
|
|
||||||
|
|
||||||
Setting `allow_world_readable_secrets` to `true` bypass this
|
Setting `allow_world_readable_secrets` to `true` bypass this
|
||||||
permission verification.
|
permission verification.
|
||||||
|
|
|
@ -67,6 +67,7 @@ chrono = "0.4"
|
||||||
http = "0.2"
|
http = "0.2"
|
||||||
hmac = "0.12"
|
hmac = "0.12"
|
||||||
hyper = { version = "0.14", features = ["client", "http1", "runtime"] }
|
hyper = { version = "0.14", features = ["client", "http1", "runtime"] }
|
||||||
|
mktemp = "0.5"
|
||||||
sha2 = "0.10"
|
sha2 = "0.10"
|
||||||
|
|
||||||
static_init = "1.0"
|
static_init = "1.0"
|
||||||
|
|
|
@ -7,6 +7,7 @@ extern crate tracing;
|
||||||
mod admin;
|
mod admin;
|
||||||
mod cli;
|
mod cli;
|
||||||
mod repair;
|
mod repair;
|
||||||
|
mod secrets;
|
||||||
mod server;
|
mod server;
|
||||||
#[cfg(feature = "telemetry-otlp")]
|
#[cfg(feature = "telemetry-otlp")]
|
||||||
mod tracing_setup;
|
mod tracing_setup;
|
||||||
|
@ -25,7 +26,6 @@ use structopt::StructOpt;
|
||||||
use netapp::util::parse_and_resolve_peer_addr;
|
use netapp::util::parse_and_resolve_peer_addr;
|
||||||
use netapp::NetworkKey;
|
use netapp::NetworkKey;
|
||||||
|
|
||||||
use garage_util::config::{read_secret_file, Config};
|
|
||||||
use garage_util::error::*;
|
use garage_util::error::*;
|
||||||
|
|
||||||
use garage_rpc::system::*;
|
use garage_rpc::system::*;
|
||||||
|
@ -35,6 +35,7 @@ use garage_model::helper::error::Error as HelperError;
|
||||||
|
|
||||||
use admin::*;
|
use admin::*;
|
||||||
use cli::*;
|
use cli::*;
|
||||||
|
use secrets::Secrets;
|
||||||
|
|
||||||
#[derive(StructOpt, Debug)]
|
#[derive(StructOpt, Debug)]
|
||||||
#[structopt(
|
#[structopt(
|
||||||
|
@ -63,39 +64,6 @@ struct Opt {
|
||||||
cmd: Command,
|
cmd: Command,
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(StructOpt, Debug)]
|
|
||||||
pub struct Secrets {
|
|
||||||
/// RPC secret network key, used to replace rpc_secret in config.toml when running the
|
|
||||||
/// daemon or doing admin operations
|
|
||||||
#[structopt(short = "s", long = "rpc-secret", env = "GARAGE_RPC_SECRET")]
|
|
||||||
pub rpc_secret: Option<String>,
|
|
||||||
|
|
||||||
/// RPC secret network key, used to replace rpc_secret in config.toml and rpc-secret
|
|
||||||
/// when running the daemon or doing admin operations
|
|
||||||
#[structopt(long = "rpc-secret-file", env = "GARAGE_RPC_SECRET_FILE")]
|
|
||||||
pub rpc_secret_file: Option<String>,
|
|
||||||
|
|
||||||
/// Admin API authentication token, replaces admin.admin_token in config.toml when
|
|
||||||
/// running the Garage daemon
|
|
||||||
#[structopt(long = "admin-token", env = "GARAGE_ADMIN_TOKEN")]
|
|
||||||
pub admin_token: Option<String>,
|
|
||||||
|
|
||||||
/// Admin API authentication token file path, replaces admin.admin_token in config.toml
|
|
||||||
/// and admin-token when running the Garage daemon
|
|
||||||
#[structopt(long = "admin-token-file", env = "GARAGE_ADMIN_TOKEN_FILE")]
|
|
||||||
pub admin_token_file: Option<String>,
|
|
||||||
|
|
||||||
/// Metrics API authentication token, replaces admin.metrics_token in config.toml when
|
|
||||||
/// running the Garage daemon
|
|
||||||
#[structopt(long = "metrics-token", env = "GARAGE_METRICS_TOKEN")]
|
|
||||||
pub metrics_token: Option<String>,
|
|
||||||
|
|
||||||
/// Metrics API authentication token file path, replaces admin.metrics_token in config.toml
|
|
||||||
/// and metrics-token when running the Garage daemon
|
|
||||||
#[structopt(long = "metrics-token-file", env = "GARAGE_METRICS_TOKEN_FILE")]
|
|
||||||
pub metrics_token_file: Option<String>,
|
|
||||||
}
|
|
||||||
|
|
||||||
#[tokio::main]
|
#[tokio::main]
|
||||||
async fn main() {
|
async fn main() {
|
||||||
// Initialize version and features info
|
// Initialize version and features info
|
||||||
|
@ -273,25 +241,3 @@ async fn cli_command(opt: Opt) -> Result<(), Error> {
|
||||||
Ok(x) => Ok(x),
|
Ok(x) => Ok(x),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn fill_secrets(mut config: Config, secrets: Secrets) -> Result<Config, Error> {
|
|
||||||
if secrets.rpc_secret.is_some() {
|
|
||||||
config.rpc_secret = secrets.rpc_secret;
|
|
||||||
} else if secrets.rpc_secret_file.is_some() {
|
|
||||||
config.rpc_secret = Some(read_secret_file(&secrets.rpc_secret_file.unwrap())?);
|
|
||||||
}
|
|
||||||
|
|
||||||
if secrets.admin_token.is_some() {
|
|
||||||
config.admin.admin_token = secrets.admin_token;
|
|
||||||
} else if secrets.admin_token_file.is_some() {
|
|
||||||
config.admin.admin_token = Some(read_secret_file(&secrets.admin_token_file.unwrap())?);
|
|
||||||
}
|
|
||||||
|
|
||||||
if secrets.metrics_token.is_some() {
|
|
||||||
config.admin.metrics_token = secrets.metrics_token;
|
|
||||||
} else if secrets.metrics_token_file.is_some() {
|
|
||||||
config.admin.metrics_token = Some(read_secret_file(&secrets.metrics_token_file.unwrap())?);
|
|
||||||
}
|
|
||||||
|
|
||||||
Ok(config)
|
|
||||||
}
|
|
||||||
|
|
|
@ -6,7 +6,7 @@ use garage_util::error::*;
|
||||||
use garage_model::garage::Garage;
|
use garage_model::garage::Garage;
|
||||||
|
|
||||||
use crate::cli::structs::*;
|
use crate::cli::structs::*;
|
||||||
use crate::{fill_secrets, Secrets};
|
use crate::secrets::{fill_secrets, Secrets};
|
||||||
|
|
||||||
pub async fn offline_repair(
|
pub async fn offline_repair(
|
||||||
config_file: PathBuf,
|
config_file: PathBuf,
|
||||||
|
|
318
src/garage/secrets.rs
Normal file
318
src/garage/secrets.rs
Normal file
|
@ -0,0 +1,318 @@
|
||||||
|
use structopt::StructOpt;
|
||||||
|
|
||||||
|
use garage_util::config::Config;
|
||||||
|
use garage_util::error::Error;
|
||||||
|
|
||||||
|
/// Structure for secret values or paths that are passed as CLI arguments or environment
|
||||||
|
/// variables, instead of in the config file.
|
||||||
|
#[derive(StructOpt, Debug, Default, Clone)]
|
||||||
|
pub struct Secrets {
|
||||||
|
/// Skip permission check on files containing secrets
|
||||||
|
#[cfg(unix)]
|
||||||
|
#[structopt(
|
||||||
|
long = "allow-world-readable-secrets",
|
||||||
|
env = "GARAGE_ALLOW_WORLD_READABLE_SECRETS"
|
||||||
|
)]
|
||||||
|
pub allow_world_readable_secrets: Option<bool>,
|
||||||
|
|
||||||
|
/// RPC secret network key, used to replace rpc_secret in config.toml when running the
|
||||||
|
/// daemon or doing admin operations
|
||||||
|
#[structopt(short = "s", long = "rpc-secret", env = "GARAGE_RPC_SECRET")]
|
||||||
|
pub rpc_secret: Option<String>,
|
||||||
|
|
||||||
|
/// RPC secret network key, used to replace rpc_secret in config.toml and rpc-secret
|
||||||
|
/// when running the daemon or doing admin operations
|
||||||
|
#[structopt(long = "rpc-secret-file", env = "GARAGE_RPC_SECRET_FILE")]
|
||||||
|
pub rpc_secret_file: Option<String>,
|
||||||
|
|
||||||
|
/// Admin API authentication token, replaces admin.admin_token in config.toml when
|
||||||
|
/// running the Garage daemon
|
||||||
|
#[structopt(long = "admin-token", env = "GARAGE_ADMIN_TOKEN")]
|
||||||
|
pub admin_token: Option<String>,
|
||||||
|
|
||||||
|
/// Admin API authentication token file path, replaces admin.admin_token in config.toml
|
||||||
|
/// and admin-token when running the Garage daemon
|
||||||
|
#[structopt(long = "admin-token-file", env = "GARAGE_ADMIN_TOKEN_FILE")]
|
||||||
|
pub admin_token_file: Option<String>,
|
||||||
|
|
||||||
|
/// Metrics API authentication token, replaces admin.metrics_token in config.toml when
|
||||||
|
/// running the Garage daemon
|
||||||
|
#[structopt(long = "metrics-token", env = "GARAGE_METRICS_TOKEN")]
|
||||||
|
pub metrics_token: Option<String>,
|
||||||
|
|
||||||
|
/// Metrics API authentication token file path, replaces admin.metrics_token in config.toml
|
||||||
|
/// and metrics-token when running the Garage daemon
|
||||||
|
#[structopt(long = "metrics-token-file", env = "GARAGE_METRICS_TOKEN_FILE")]
|
||||||
|
pub metrics_token_file: Option<String>,
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Single function to fill all secrets in the Config struct from their correct source (value
|
||||||
|
/// from config or CLI param or env variable or read from a file specified in config or CLI
|
||||||
|
/// param or env variable)
|
||||||
|
pub fn fill_secrets(mut config: Config, secrets: Secrets) -> Result<Config, Error> {
|
||||||
|
let allow_world_readable = secrets
|
||||||
|
.allow_world_readable_secrets
|
||||||
|
.unwrap_or(config.allow_world_readable_secrets);
|
||||||
|
|
||||||
|
fill_secret(
|
||||||
|
&mut config.rpc_secret,
|
||||||
|
&config.rpc_secret_file,
|
||||||
|
&secrets.rpc_secret,
|
||||||
|
&secrets.rpc_secret_file,
|
||||||
|
"rpc_secret",
|
||||||
|
allow_world_readable,
|
||||||
|
)?;
|
||||||
|
|
||||||
|
fill_secret(
|
||||||
|
&mut config.admin.admin_token,
|
||||||
|
&config.admin.admin_token_file,
|
||||||
|
&secrets.admin_token,
|
||||||
|
&secrets.admin_token_file,
|
||||||
|
"admin.admin_token",
|
||||||
|
allow_world_readable,
|
||||||
|
)?;
|
||||||
|
fill_secret(
|
||||||
|
&mut config.admin.metrics_token,
|
||||||
|
&config.admin.metrics_token_file,
|
||||||
|
&secrets.metrics_token,
|
||||||
|
&secrets.metrics_token_file,
|
||||||
|
"admin.metrics_token",
|
||||||
|
allow_world_readable,
|
||||||
|
)?;
|
||||||
|
|
||||||
|
Ok(config)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn fill_secret(
|
||||||
|
config_secret: &mut Option<String>,
|
||||||
|
config_secret_file: &Option<String>,
|
||||||
|
cli_secret: &Option<String>,
|
||||||
|
cli_secret_file: &Option<String>,
|
||||||
|
name: &'static str,
|
||||||
|
allow_world_readable: bool,
|
||||||
|
) -> Result<(), Error> {
|
||||||
|
let cli_value = match (&cli_secret, &cli_secret_file) {
|
||||||
|
(Some(_), Some(_)) => {
|
||||||
|
return Err(format!("only one of `{}` and `{}_file` can be set", name, name).into());
|
||||||
|
}
|
||||||
|
(Some(secret), None) => Some(secret.to_string()),
|
||||||
|
(None, Some(file)) => Some(read_secret_file(file, allow_world_readable)?),
|
||||||
|
(None, None) => None,
|
||||||
|
};
|
||||||
|
|
||||||
|
if let Some(val) = cli_value {
|
||||||
|
if config_secret.is_some() || config_secret_file.is_some() {
|
||||||
|
debug!("Overriding secret `{}` using value specified using CLI argument or environnement variable.", name);
|
||||||
|
}
|
||||||
|
|
||||||
|
*config_secret = Some(val);
|
||||||
|
} else if let Some(file_path) = &config_secret_file {
|
||||||
|
if config_secret.is_some() {
|
||||||
|
return Err(format!("only one of `{}` and `{}_file` can be set", name, name).into());
|
||||||
|
}
|
||||||
|
|
||||||
|
*config_secret = Some(read_secret_file(file_path, allow_world_readable)?);
|
||||||
|
}
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
fn read_secret_file(file_path: &String, allow_world_readable: bool) -> Result<String, Error> {
|
||||||
|
if !allow_world_readable {
|
||||||
|
#[cfg(unix)]
|
||||||
|
{
|
||||||
|
use std::os::unix::fs::MetadataExt;
|
||||||
|
let metadata = std::fs::metadata(file_path)?;
|
||||||
|
if metadata.mode() & 0o077 != 0 {
|
||||||
|
return Err(format!("File {} is world-readable! (mode: 0{:o}, expected 0600)\nRefusing to start until this is fixed, or environment variable GARAGE_ALLOW_WORLD_READABLE_SECRETS is set to true.", file_path, metadata.mode()).into());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
let secret_buf = std::fs::read_to_string(file_path)?;
|
||||||
|
|
||||||
|
// trim_end: allows for use case such as `echo "$(openssl rand -hex 32)" > somefile`.
|
||||||
|
// also editors sometimes add a trailing newline
|
||||||
|
Ok(String::from(secret_buf.trim_end()))
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(test)]
|
||||||
|
mod tests {
|
||||||
|
use std::fs::File;
|
||||||
|
use std::io::Write;
|
||||||
|
|
||||||
|
use garage_util::config::read_config;
|
||||||
|
use garage_util::error::Error;
|
||||||
|
|
||||||
|
use super::*;
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_rpc_secret_file_works() -> Result<(), Error> {
|
||||||
|
let path_secret = mktemp::Temp::new_file()?;
|
||||||
|
let mut file_secret = File::create(path_secret.as_path())?;
|
||||||
|
writeln!(file_secret, "foo")?;
|
||||||
|
drop(file_secret);
|
||||||
|
|
||||||
|
let path_config = mktemp::Temp::new_file()?;
|
||||||
|
let mut file_config = File::create(path_config.as_path())?;
|
||||||
|
let path_secret_path = path_secret.as_path();
|
||||||
|
writeln!(
|
||||||
|
file_config,
|
||||||
|
r#"
|
||||||
|
metadata_dir = "/tmp/garage/meta"
|
||||||
|
data_dir = "/tmp/garage/data"
|
||||||
|
replication_mode = "3"
|
||||||
|
rpc_bind_addr = "[::]:3901"
|
||||||
|
rpc_secret_file = "{}"
|
||||||
|
|
||||||
|
[s3_api]
|
||||||
|
s3_region = "garage"
|
||||||
|
api_bind_addr = "[::]:3900"
|
||||||
|
"#,
|
||||||
|
path_secret_path.display()
|
||||||
|
)?;
|
||||||
|
drop(file_config);
|
||||||
|
|
||||||
|
// Second configuration file, same as previous one
|
||||||
|
// except it allows world-readable secrets.
|
||||||
|
let path_config_allow_world_readable = mktemp::Temp::new_file()?;
|
||||||
|
let mut file_config_allow_world_readable =
|
||||||
|
File::create(path_config_allow_world_readable.as_path())?;
|
||||||
|
writeln!(
|
||||||
|
file_config_allow_world_readable,
|
||||||
|
r#"
|
||||||
|
metadata_dir = "/tmp/garage/meta"
|
||||||
|
data_dir = "/tmp/garage/data"
|
||||||
|
replication_mode = "3"
|
||||||
|
rpc_bind_addr = "[::]:3901"
|
||||||
|
rpc_secret_file = "{}"
|
||||||
|
allow_world_readable_secrets = true
|
||||||
|
|
||||||
|
[s3_api]
|
||||||
|
s3_region = "garage"
|
||||||
|
api_bind_addr = "[::]:3900"
|
||||||
|
"#,
|
||||||
|
path_secret_path.display()
|
||||||
|
)?;
|
||||||
|
drop(file_config_allow_world_readable);
|
||||||
|
|
||||||
|
let config = read_config(path_config.to_path_buf())?;
|
||||||
|
let config = fill_secrets(config, Secrets::default())?;
|
||||||
|
assert_eq!("foo", config.rpc_secret.unwrap());
|
||||||
|
|
||||||
|
// ---- Check non world-readable secrets config ----
|
||||||
|
#[cfg(unix)]
|
||||||
|
{
|
||||||
|
let secrets_allow_world_readable = Secrets {
|
||||||
|
allow_world_readable_secrets: Some(true),
|
||||||
|
..Default::default()
|
||||||
|
};
|
||||||
|
let secrets_no_allow_world_readable = Secrets {
|
||||||
|
allow_world_readable_secrets: Some(false),
|
||||||
|
..Default::default()
|
||||||
|
};
|
||||||
|
|
||||||
|
use std::os::unix::fs::PermissionsExt;
|
||||||
|
let metadata = std::fs::metadata(&path_secret_path)?;
|
||||||
|
let mut perm = metadata.permissions();
|
||||||
|
perm.set_mode(0o660);
|
||||||
|
std::fs::set_permissions(&path_secret_path, perm)?;
|
||||||
|
|
||||||
|
// Config file that just specifies the path
|
||||||
|
let config = read_config(path_config.to_path_buf())?;
|
||||||
|
assert!(fill_secrets(config, Secrets::default()).is_err());
|
||||||
|
|
||||||
|
let config = read_config(path_config.to_path_buf())?;
|
||||||
|
assert!(fill_secrets(config, secrets_allow_world_readable.clone()).is_ok());
|
||||||
|
|
||||||
|
let config = read_config(path_config.to_path_buf())?;
|
||||||
|
assert!(fill_secrets(config, secrets_no_allow_world_readable.clone()).is_err());
|
||||||
|
|
||||||
|
// Config file that also specifies to allow world_readable_secrets
|
||||||
|
let config = read_config(path_config_allow_world_readable.to_path_buf())?;
|
||||||
|
assert!(fill_secrets(config, Secrets::default()).is_ok());
|
||||||
|
|
||||||
|
let config = read_config(path_config_allow_world_readable.to_path_buf())?;
|
||||||
|
assert!(fill_secrets(config, secrets_allow_world_readable).is_ok());
|
||||||
|
|
||||||
|
let config = read_config(path_config_allow_world_readable.to_path_buf())?;
|
||||||
|
assert!(fill_secrets(config, secrets_no_allow_world_readable).is_err());
|
||||||
|
}
|
||||||
|
|
||||||
|
// ---- Check alternative secrets specified on CLI ----
|
||||||
|
|
||||||
|
let path_secret2 = mktemp::Temp::new_file()?;
|
||||||
|
let mut file_secret2 = File::create(path_secret2.as_path())?;
|
||||||
|
writeln!(file_secret2, "bar")?;
|
||||||
|
drop(file_secret2);
|
||||||
|
|
||||||
|
let config = read_config(path_config.to_path_buf())?;
|
||||||
|
let config = fill_secrets(
|
||||||
|
config,
|
||||||
|
Secrets {
|
||||||
|
rpc_secret: Some("baz".into()),
|
||||||
|
..Default::default()
|
||||||
|
},
|
||||||
|
)?;
|
||||||
|
assert_eq!(config.rpc_secret.as_deref(), Some("baz"));
|
||||||
|
|
||||||
|
let config = read_config(path_config.to_path_buf())?;
|
||||||
|
let config = fill_secrets(
|
||||||
|
config,
|
||||||
|
Secrets {
|
||||||
|
rpc_secret_file: Some(path_secret2.display().to_string()),
|
||||||
|
..Default::default()
|
||||||
|
},
|
||||||
|
)?;
|
||||||
|
assert_eq!(config.rpc_secret.as_deref(), Some("bar"));
|
||||||
|
|
||||||
|
let config = read_config(path_config.to_path_buf())?;
|
||||||
|
assert!(fill_secrets(
|
||||||
|
config,
|
||||||
|
Secrets {
|
||||||
|
rpc_secret: Some("baz".into()),
|
||||||
|
rpc_secret_file: Some(path_secret2.display().to_string()),
|
||||||
|
..Default::default()
|
||||||
|
}
|
||||||
|
)
|
||||||
|
.is_err());
|
||||||
|
|
||||||
|
drop(path_secret);
|
||||||
|
drop(path_secret2);
|
||||||
|
drop(path_config);
|
||||||
|
drop(path_config_allow_world_readable);
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_rcp_secret_and_rpc_secret_file_cannot_be_set_both() -> Result<(), Error> {
|
||||||
|
let path_config = mktemp::Temp::new_file()?;
|
||||||
|
let mut file_config = File::create(path_config.as_path())?;
|
||||||
|
writeln!(
|
||||||
|
file_config,
|
||||||
|
r#"
|
||||||
|
metadata_dir = "/tmp/garage/meta"
|
||||||
|
data_dir = "/tmp/garage/data"
|
||||||
|
replication_mode = "3"
|
||||||
|
rpc_bind_addr = "[::]:3901"
|
||||||
|
rpc_secret= "dummy"
|
||||||
|
rpc_secret_file = "dummy"
|
||||||
|
|
||||||
|
[s3_api]
|
||||||
|
s3_region = "garage"
|
||||||
|
api_bind_addr = "[::]:3900"
|
||||||
|
"#
|
||||||
|
)?;
|
||||||
|
let config = read_config(path_config.to_path_buf())?;
|
||||||
|
assert_eq!(
|
||||||
|
"only one of `rpc_secret` and `rpc_secret_file` can be set",
|
||||||
|
fill_secrets(config, Secrets::default())
|
||||||
|
.unwrap_err()
|
||||||
|
.to_string()
|
||||||
|
);
|
||||||
|
drop(path_config);
|
||||||
|
drop(file_config);
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
}
|
|
@ -15,9 +15,9 @@ use garage_web::WebServer;
|
||||||
use garage_api::k2v::api_server::K2VApiServer;
|
use garage_api::k2v::api_server::K2VApiServer;
|
||||||
|
|
||||||
use crate::admin::*;
|
use crate::admin::*;
|
||||||
|
use crate::secrets::{fill_secrets, Secrets};
|
||||||
#[cfg(feature = "telemetry-otlp")]
|
#[cfg(feature = "telemetry-otlp")]
|
||||||
use crate::tracing_setup::*;
|
use crate::tracing_setup::*;
|
||||||
use crate::{fill_secrets, Secrets};
|
|
||||||
|
|
||||||
async fn wait_from(mut chan: watch::Receiver<bool>) {
|
async fn wait_from(mut chan: watch::Receiver<bool>) {
|
||||||
while !*chan.borrow() {
|
while !*chan.borrow() {
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
//! Contains type and functions related to Garage configuration file
|
//! Contains type and functions related to Garage configuration file
|
||||||
use std::convert::TryFrom;
|
use std::convert::TryFrom;
|
||||||
use std::io::Read;
|
|
||||||
use std::net::SocketAddr;
|
use std::net::SocketAddr;
|
||||||
use std::path::PathBuf;
|
use std::path::PathBuf;
|
||||||
|
|
||||||
|
@ -198,6 +197,13 @@ pub struct KubernetesDiscoveryConfig {
|
||||||
pub skip_crd: bool,
|
pub skip_crd: bool,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Read and parse configuration
|
||||||
|
pub fn read_config(config_file: PathBuf) -> Result<Config, Error> {
|
||||||
|
let config = std::fs::read_to_string(config_file)?;
|
||||||
|
|
||||||
|
Ok(toml::from_str(&config)?)
|
||||||
|
}
|
||||||
|
|
||||||
fn default_db_engine() -> String {
|
fn default_db_engine() -> String {
|
||||||
"sled".into()
|
"sled".into()
|
||||||
}
|
}
|
||||||
|
@ -212,105 +218,6 @@ fn default_block_size() -> usize {
|
||||||
1048576
|
1048576
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Read and parse configuration
|
|
||||||
pub fn read_config(config_file: PathBuf) -> Result<Config, Error> {
|
|
||||||
let mut file = std::fs::OpenOptions::new()
|
|
||||||
.read(true)
|
|
||||||
.open(config_file.as_path())?;
|
|
||||||
|
|
||||||
let mut config = String::new();
|
|
||||||
file.read_to_string(&mut config)?;
|
|
||||||
|
|
||||||
let mut parsed_config: Config = toml::from_str(&config)?;
|
|
||||||
|
|
||||||
secret_from_file(
|
|
||||||
&mut parsed_config.rpc_secret,
|
|
||||||
&parsed_config.rpc_secret_file,
|
|
||||||
"rpc_secret",
|
|
||||||
parsed_config.allow_world_readable_secrets,
|
|
||||||
)?;
|
|
||||||
secret_from_file(
|
|
||||||
&mut parsed_config.admin.metrics_token,
|
|
||||||
&parsed_config.admin.metrics_token_file,
|
|
||||||
"admin.metrics_token",
|
|
||||||
parsed_config.allow_world_readable_secrets,
|
|
||||||
)?;
|
|
||||||
secret_from_file(
|
|
||||||
&mut parsed_config.admin.admin_token,
|
|
||||||
&parsed_config.admin.admin_token_file,
|
|
||||||
"admin.admin_token",
|
|
||||||
parsed_config.allow_world_readable_secrets,
|
|
||||||
)?;
|
|
||||||
|
|
||||||
Ok(parsed_config)
|
|
||||||
}
|
|
||||||
|
|
||||||
pub fn read_secret_file(file_path: &String) -> Result<String, Error> {
|
|
||||||
#[cfg(unix)]
|
|
||||||
if std::env::var("GARAGE_ALLOW_WORLD_READABLE_SECRETS").as_deref() != Ok("true") {
|
|
||||||
use std::os::unix::fs::MetadataExt;
|
|
||||||
let metadata = std::fs::metadata(file_path)?;
|
|
||||||
if metadata.mode() & 0o077 != 0 {
|
|
||||||
return Err(format!("File {} is world-readable! (mode: 0{:o}, expected 0600)\nRefusing to start until this is fixed, or environment variable GARAGE_ALLOW_WORLD_READABLE_SECRETS is set to true.", file_path, metadata.mode()).into());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
let mut file = std::fs::OpenOptions::new().read(true).open(file_path)?;
|
|
||||||
let mut secret_buf = String::new();
|
|
||||||
file.read_to_string(&mut secret_buf)?;
|
|
||||||
|
|
||||||
// trim_end: allows for use case such as `echo "$(openssl rand -hex 32)" > somefile`.
|
|
||||||
// also editors sometimes add a trailing newline
|
|
||||||
Ok(String::from(secret_buf.trim_end()))
|
|
||||||
}
|
|
||||||
|
|
||||||
fn secret_from_file(
|
|
||||||
secret: &mut Option<String>,
|
|
||||||
secret_file: &Option<String>,
|
|
||||||
name: &'static str,
|
|
||||||
conf_allow_world_readable: bool,
|
|
||||||
) -> Result<(), Error> {
|
|
||||||
match (&secret, &secret_file) {
|
|
||||||
(_, None) => {
|
|
||||||
// no-op
|
|
||||||
}
|
|
||||||
(Some(_), Some(_)) => {
|
|
||||||
return Err(format!("only one of `{}` and `{}_file` can be set", name, name).into());
|
|
||||||
}
|
|
||||||
(None, Some(file_path)) => {
|
|
||||||
#[cfg(unix)]
|
|
||||||
// decide whether to ignore or check permission
|
|
||||||
// bits. GARAGE_ALLOW_WORLD_READABLE_SECRETS
|
|
||||||
// always takes precedence over what's specified
|
|
||||||
// in the config file, to allow overriding it in
|
|
||||||
// case the config file is read-only.
|
|
||||||
let ignore_perms = {
|
|
||||||
let ignore_perms_env = std::env::var("GARAGE_ALLOW_WORLD_READABLE_SECRETS");
|
|
||||||
if ignore_perms_env.as_deref() == Ok("true") {
|
|
||||||
true
|
|
||||||
} else if ignore_perms_env.as_deref() == Ok("false") {
|
|
||||||
false
|
|
||||||
} else {
|
|
||||||
conf_allow_world_readable
|
|
||||||
}
|
|
||||||
};
|
|
||||||
if !ignore_perms {
|
|
||||||
use std::os::unix::fs::MetadataExt;
|
|
||||||
let metadata = std::fs::metadata(file_path)?;
|
|
||||||
if metadata.mode() & 0o077 != 0 {
|
|
||||||
return Err(format!("File {} is world-readable! (mode: 0{:o}, expected 0600)\nRefusing to start until this is fixed, or environment variable GARAGE_ALLOW_WORLD_READABLE_SECRETS is set to true.", file_path, metadata.mode()).into());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
let mut file = std::fs::OpenOptions::new().read(true).open(file_path)?;
|
|
||||||
let mut secret_buf = String::new();
|
|
||||||
file.read_to_string(&mut secret_buf)?;
|
|
||||||
// trim_end: allows for use case such as `echo "$(openssl rand -hex 32)" > somefile`.
|
|
||||||
// also editors sometimes add a trailing newline
|
|
||||||
*secret = Some(String::from(secret_buf.trim_end()));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
|
|
||||||
fn default_compression() -> Option<i32> {
|
fn default_compression() -> Option<i32> {
|
||||||
Some(1)
|
Some(1)
|
||||||
}
|
}
|
||||||
|
@ -439,117 +346,4 @@ mod tests {
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn test_rpc_secret_file_works() -> Result<(), Error> {
|
|
||||||
let path_secret = mktemp::Temp::new_file()?;
|
|
||||||
let mut file_secret = File::create(path_secret.as_path())?;
|
|
||||||
writeln!(file_secret, "foo")?;
|
|
||||||
drop(file_secret);
|
|
||||||
|
|
||||||
let path_config = mktemp::Temp::new_file()?;
|
|
||||||
let mut file_config = File::create(path_config.as_path())?;
|
|
||||||
let path_secret_path = path_secret.as_path();
|
|
||||||
writeln!(
|
|
||||||
file_config,
|
|
||||||
r#"
|
|
||||||
metadata_dir = "/tmp/garage/meta"
|
|
||||||
data_dir = "/tmp/garage/data"
|
|
||||||
replication_mode = "3"
|
|
||||||
rpc_bind_addr = "[::]:3901"
|
|
||||||
rpc_secret_file = "{}"
|
|
||||||
|
|
||||||
[s3_api]
|
|
||||||
s3_region = "garage"
|
|
||||||
api_bind_addr = "[::]:3900"
|
|
||||||
"#,
|
|
||||||
path_secret_path.display()
|
|
||||||
)?;
|
|
||||||
|
|
||||||
// Second configuration file, same as previous one
|
|
||||||
// except it allows world-readable secrets.
|
|
||||||
let path_config_allow_world_readable = mktemp::Temp::new_file()?;
|
|
||||||
let mut file_config_allow_world_readable =
|
|
||||||
File::create(path_config_allow_world_readable.as_path())?;
|
|
||||||
writeln!(
|
|
||||||
file_config_allow_world_readable,
|
|
||||||
r#"
|
|
||||||
metadata_dir = "/tmp/garage/meta"
|
|
||||||
data_dir = "/tmp/garage/data"
|
|
||||||
replication_mode = "3"
|
|
||||||
rpc_bind_addr = "[::]:3901"
|
|
||||||
rpc_secret_file = "{}"
|
|
||||||
allow_world_readable_secrets = true
|
|
||||||
|
|
||||||
[s3_api]
|
|
||||||
s3_region = "garage"
|
|
||||||
api_bind_addr = "[::]:3900"
|
|
||||||
"#,
|
|
||||||
path_secret_path.display()
|
|
||||||
)?;
|
|
||||||
|
|
||||||
let mut config = super::read_config(path_config.to_path_buf())?;
|
|
||||||
assert_eq!("foo", config.rpc_secret.unwrap());
|
|
||||||
#[cfg(unix)]
|
|
||||||
{
|
|
||||||
// Check non world-readable secrets config
|
|
||||||
use std::os::unix::fs::PermissionsExt;
|
|
||||||
let metadata = std::fs::metadata(&path_secret_path)?;
|
|
||||||
let mut perm = metadata.permissions();
|
|
||||||
perm.set_mode(0o660);
|
|
||||||
std::fs::set_permissions(&path_secret_path, perm)?;
|
|
||||||
|
|
||||||
std::env::set_var("GARAGE_ALLOW_WORLD_READABLE_SECRETS", "false");
|
|
||||||
assert!(super::read_config(path_config.to_path_buf()).is_err());
|
|
||||||
|
|
||||||
std::env::set_var("GARAGE_ALLOW_WORLD_READABLE_SECRETS", "true");
|
|
||||||
assert!(super::read_config(path_config.to_path_buf()).is_ok());
|
|
||||||
|
|
||||||
std::env::remove_var("GARAGE_ALLOW_WORLD_READABLE_SECRETS");
|
|
||||||
|
|
||||||
// Check world-readable secrets config.
|
|
||||||
assert!(super::read_config(path_config_allow_world_readable.to_path_buf()).is_ok());
|
|
||||||
|
|
||||||
std::env::set_var("GARAGE_ALLOW_WORLD_READABLE_SECRETS", "false");
|
|
||||||
assert!(super::read_config(path_config_allow_world_readable.to_path_buf()).is_err());
|
|
||||||
|
|
||||||
std::env::set_var("GARAGE_ALLOW_WORLD_READABLE_SECRETS", "true");
|
|
||||||
assert!(super::read_config(path_config_allow_world_readable.to_path_buf()).is_ok());
|
|
||||||
}
|
|
||||||
std::env::remove_var("GARAGE_ALLOW_WORLD_READABLE_SECRETS");
|
|
||||||
drop(path_config);
|
|
||||||
drop(path_secret);
|
|
||||||
drop(file_config);
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn test_rcp_secret_and_rpc_secret_file_cannot_be_set_both() -> Result<(), Error> {
|
|
||||||
let path_config = mktemp::Temp::new_file()?;
|
|
||||||
let mut file_config = File::create(path_config.as_path())?;
|
|
||||||
writeln!(
|
|
||||||
file_config,
|
|
||||||
r#"
|
|
||||||
metadata_dir = "/tmp/garage/meta"
|
|
||||||
data_dir = "/tmp/garage/data"
|
|
||||||
replication_mode = "3"
|
|
||||||
rpc_bind_addr = "[::]:3901"
|
|
||||||
rpc_secret= "dummy"
|
|
||||||
rpc_secret_file = "dummy"
|
|
||||||
|
|
||||||
[s3_api]
|
|
||||||
s3_region = "garage"
|
|
||||||
api_bind_addr = "[::]:3900"
|
|
||||||
"#
|
|
||||||
)?;
|
|
||||||
assert_eq!(
|
|
||||||
"only one of `rpc_secret` and `rpc_secret_file` can be set",
|
|
||||||
super::read_config(path_config.to_path_buf())
|
|
||||||
.unwrap_err()
|
|
||||||
.to_string()
|
|
||||||
);
|
|
||||||
drop(path_config);
|
|
||||||
drop(file_config);
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Add table
Reference in a new issue