b3a8abf24a
Adding the openbao-monitor code pulled from the openbao-manager-go repo found here: https://github.com/michel-thebeau-WR/openbao-manager-go git related files have been trimmed off. Partial-bug: 2117422 Change-Id: I1a27ab4a4d0b68810d97c86e2930dd482a11d0cb Signed-off-by: Tae Park <tae.park@windriver.com>
95 lines
2.5 KiB
Go
95 lines
2.5 KiB
Go
package baoConfig
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"fmt"
|
|
"os"
|
|
"path"
|
|
"regexp"
|
|
"slices"
|
|
)
|
|
|
|
func (configInstance MonitorConfig) validateDNS() error {
|
|
for domain_name, url := range configInstance.OpenbaoAddresses {
|
|
// If Host is empty, then the domain entry is invalid
|
|
// The ports will always at least have the default value of 8200
|
|
if url.Host == "" {
|
|
return fmt.Errorf(
|
|
"the domain entry %v in OpenbaoAddresses is invalid", domain_name)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (configInstance MonitorConfig) validateTokens() error {
|
|
rootExists := false
|
|
r, _ := regexp.Compile("[sbr][.][a-zA-Z0-9]{24,}")
|
|
for releaseID, token := range configInstance.Tokens {
|
|
if token.Duration == 0 {
|
|
// There can only be one root token
|
|
if rootExists {
|
|
return fmt.Errorf("there are two or more root tokens listed")
|
|
} else {
|
|
rootExists = true
|
|
}
|
|
}
|
|
// Token key should have s, b, or r as the first character, and . as the second.
|
|
// The body of the token (key[2:]) should be 24 characters or more
|
|
if !r.MatchString(token.Key) {
|
|
return fmt.Errorf(
|
|
"the token with release id %v has wrong key format", releaseID)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (configInstance MonitorConfig) validateKeyShards() error {
|
|
for shardName, shard := range configInstance.UnsealKeyShards {
|
|
// A shard should have both its key and base64 key non-empty
|
|
if shard.Key == "" || shard.KeyBase64 == "" {
|
|
return fmt.Errorf("shard %v has missing keys", shardName)
|
|
}
|
|
// Base64 encoded keys must be able to be decoded with no errors
|
|
_, err := base64.StdEncoding.DecodeString(shard.KeyBase64)
|
|
if err != nil {
|
|
return fmt.Errorf(
|
|
"error with validating if %v has a correct base64 encoded key: %v", shardName, err)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (configInstance MonitorConfig) validateLogConfig() error {
|
|
if configInstance.LogPath != "" {
|
|
_, err := os.Stat(path.Dir(configInstance.LogPath))
|
|
if err != nil {
|
|
return fmt.Errorf(
|
|
"error in checking the parent directory of LogPath. Error message: %v", err)
|
|
}
|
|
}
|
|
if configInstance.LogLevel != "" {
|
|
availableLogLevels := []string{"DEBUG", "INFO", "WARN", "ERROR"}
|
|
if !slices.Contains(availableLogLevels, configInstance.LogLevel) {
|
|
return fmt.Errorf(
|
|
"the listed LogLevel %v is not a valid log level", configInstance.LogLevel)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (configInstance MonitorConfig) validateCACert() error {
|
|
if configInstance.CACert != "" {
|
|
_, err := os.Stat(configInstance.CACert)
|
|
if err != nil {
|
|
return fmt.Errorf(
|
|
"error in checking the path of CACert. Error message: %v", err)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|