feat: plugins: add loadConfig parameter & config validator support

This commit is contained in:
Stéphane Lesimple 2023-05-31 13:03:24 +00:00 committed by Stéphane Lesimple
parent 262e545bbb
commit 482eddb10c
4 changed files with 49 additions and 15 deletions

View file

@ -10,6 +10,7 @@ use OVH::Bastion::Plugin qw( :DEFAULT help );
use OVH::Bastion::Plugin::ACL;
my $remainingOptions = OVH::Bastion::Plugin::begin(
loadConfig => 1,
argv => \@ARGV,
header => "adding personal access to a server on an account",
options => {

View file

@ -10,6 +10,7 @@ use OVH::Bastion::Plugin qw( :DEFAULT help );
use OVH::Bastion::Plugin::ACL;
my $remainingOptions = OVH::Bastion::Plugin::begin(
loadConfig => 1,
argv => \@ARGV,
header => "adding personal access to a server on your account",
options => {

View file

@ -15,8 +15,10 @@ $SIG{'PIPE'} = 'IGNORE'; # continue even if osh_info gets a SIGPIPE because t
$| = 1;
use Exporter 'import';
our ($user, $ip, $host, $port, $scriptName, $self, $sysself, $realm, $remoteself, $HOME, $savedArgs); ## no critic (ProhibitPackageVars)
our @EXPORT = qw( $user $ip $host $port $scriptName $self $sysself $realm $remoteself $HOME $savedArgs ); ## no critic (ProhibitAutomaticExportation)
## no critic (ProhibitPackageVars)
our ($user, $ip, $host, $port, $scriptName, $self, $sysself, $realm, $remoteself, $HOME, $savedArgs, $pluginConfig);
## no critic (ProhibitAutomaticExportation)
our @EXPORT = qw( $user $ip $host $port $scriptName $self $sysself $realm $remoteself $HOME $savedArgs $pluginConfig );
our @EXPORT_OK = qw( help );
my $_helptext;
@ -28,6 +30,7 @@ sub begin {
my $options = $params{'options'};
my $header = $params{'header'};
my $argv = $params{'argv'};
my $loadConfig = $params{'loadConfig'};
my $helpfunc = $params{'help'};
$_helptext = $params{'helptext'};
@ -147,6 +150,16 @@ sub begin {
"Error with your USER (\"$sysself\" vs \"$ENV{'USER'}\"), please report to your sysadmin.";
}
if ($loadConfig) {
# try to load config, and abort if we get an error
$fnret = OVH::Bastion::plugin_config(plugin => $scriptName);
if (!$fnret) {
warn_syslog("Invalid configuration for plugin $scriptName: $fnret");
osh_exit 'ERR_INVALID_CONFIGURATION', "Error in plugin configuration, aborting";
}
$pluginConfig = $fnret->value;
}
# only unparsed options are remaining there
return \@pluginOptions;
}

View file

@ -788,7 +788,6 @@ sub plugin_config {
secure => 1
);
if ($fnret->err eq 'KO_CANNOT_OPEN_FILE') {
# chmod error, don't fail silently
warn_syslog("Can't read configuration file '"
. OVH::Bastion::main_configuration_directory()
@ -796,13 +795,33 @@ sub plugin_config {
return R('ERR_CONFIGURATION_ERROR',
msg => "Configuration file has improper rights, ask your sysadmin!");
}
if ($fnret && ref $fnret->value eq 'HASH') {
elsif ($fnret->err eq 'KO_NO_SUCH_FILE') {
# no configuration, just continue
}
elsif (!($fnret && ref $fnret->value eq 'HASH')) {
# other error, report it and fail
warn_syslog("Error loading plugin $plugin configuration ($fnret)");
return R('ERR_CONFIGURATION_ERROR', msg => "Plugin configuration is invalid, aborting");
}
else {
# avoid overriding keys
foreach my $key (keys %{$fnret->value}) {
$config{$key} = $fnret->value->{$key} if not exists $config{$key};
}
}
# do we have a config validator for this plugin?
## no critic(Modules::RequireBarewordIncludes)
eval { require "OVH::Bastion::Plugin::$plugin"; };
if (!$@) {
my $validator = "OVH::Bastion::Plugin::${plugin}::validate_config";
$fnret = $validator->(config => \%config);
if (!$fnret || !$fnret->value) {
warn_syslog("Invalid configuration for plugin $plugin: $fnret");
return R('ERR_INVALID_CONFIGURATION', msg => "Plugin configuration is invalid");
}
%config = %{$fnret->value};
}
}
else {
%config = %$mock_data;