Merge pull request #1338 from skriss/validate-config-keys

objectstores/volumesnapshotters: check for invalid keys in config

changelogs/unreleased/1338-skriss

@@ -0,0 +1 @@
+aws/azure/gcp: fail fast if unsupported keys are provided in BackupStorageLocation/VolumeSnapshotLocation config

pkg/cloudprovider/aws/object_store.go

@@ -29,6 +29,8 @@ import (
 	"github.com/aws/aws-sdk-go/service/s3/s3manager"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+
+	"github.com/heptio/velero/pkg/cloudprovider"
 )
 
 const (
@@ -62,6 +64,17 @@ func isValidSignatureVersion(signatureVersion string) bool {
 }
 
 func (o *ObjectStore) Init(config map[string]string) error {
+	if err := cloudprovider.ValidateConfigKeys(config,
+		regionKey,
+		s3URLKey,
+		publicURLKey,
+		kmsKeyIDKey,
+		s3ForcePathStyleKey,
+		signatureVersionKey,
+	); err != nil {
+		return err
+	}
+
 	var (
 		region              = config[regionKey]
 		s3URL               = config[s3URLKey]

pkg/cloudprovider/aws/volume_snapshotter.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2017 the Velero contributors.
+Copyright 2017, 2019 the Velero contributors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -32,6 +32,8 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/sets"
+
+	"github.com/heptio/velero/pkg/cloudprovider"
 )
 
 const regionKey = "region"
@@ -64,6 +66,10 @@ func NewVolumeSnapshotter(logger logrus.FieldLogger) *VolumeSnapshotter {
 }
 
 func (b *VolumeSnapshotter) Init(config map[string]string) error {
+	if err := cloudprovider.ValidateConfigKeys(config, regionKey); err != nil {
+		return err
+	}
+
 	region := config[regionKey]
 	if region == "" {
 		return errors.Errorf("missing %s in aws configuration", regionKey)

pkg/cloudprovider/azure/object_store.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2017 the Velero contributors.
+Copyright 2017, 2019 the Velero contributors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -29,6 +29,8 @@ import (
 	"github.com/Azure/go-autorest/autorest/azure"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+
+	"github.com/heptio/velero/pkg/cloudprovider"
 )
 
 const (
@@ -99,6 +101,10 @@ func mapLookup(data map[string]string) func(string) string {
 }
 
 func (o *ObjectStore) Init(config map[string]string) error {
+	if err := cloudprovider.ValidateConfigKeys(config, resourceGroupConfigKey, storageAccountConfigKey); err != nil {
+		return err
+	}
+
 	storageAccountKey, err := getStorageAccountKey(config)
 	if err != nil {
 		return err

pkg/cloudprovider/azure/volume_snapshotter.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2017 the Velero contributors.
+Copyright 2017, 2019 the Velero contributors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -34,6 +34,8 @@ import (
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
+
+	"github.com/heptio/velero/pkg/cloudprovider"
 )
 
 const (
@@ -70,6 +72,10 @@ func NewVolumeSnapshotter(logger logrus.FieldLogger) *VolumeSnapshotter {
 }
 
 func (b *VolumeSnapshotter) Init(config map[string]string) error {
+	if err := cloudprovider.ValidateConfigKeys(config, resourceGroupConfigKey, apiTimeoutConfigKey); err != nil {
+		return err
+	}
+
 	// 1. we need AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID, AZURE_RESOURCE_GROUP
 	envVars, err := getRequiredValues(os.Getenv, tenantIDEnvVar, clientIDEnvVar, clientSecretEnvVar, subscriptionIDEnvVar, resourceGroupEnvVar)
 	if err != nil {

pkg/cloudprovider/config.go

@@ -0,0 +1,39 @@
+/*
+Copyright 2019 the Velero contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package cloudprovider
+
+import (
+	"github.com/pkg/errors"
+	"k8s.io/apimachinery/pkg/util/sets"
+)
+
+func ValidateConfigKeys(config map[string]string, validKeys ...string) error {
+	validKeysSet := sets.NewString(validKeys...)
+
+	var invalidKeys []string
+	for k := range config {
+		if !validKeysSet.Has(k) {
+			invalidKeys = append(invalidKeys, k)
+		}
+	}
+
+	if len(invalidKeys) > 0 {
+		return errors.Errorf("config has invalid keys %v; valid keys are %v", invalidKeys, validKeys)
+	}
+
+	return nil
+}

pkg/cloudprovider/config_test.go

@@ -0,0 +1,34 @@
+/*
+Copyright 2019 the Velero contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package cloudprovider
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestValidateConfigKeys(t *testing.T) {
+	assert.NoError(t, ValidateConfigKeys(nil))
+	assert.NoError(t, ValidateConfigKeys(map[string]string{}))
+	assert.NoError(t, ValidateConfigKeys(map[string]string{"foo": "bar"}, "foo"))
+	assert.NoError(t, ValidateConfigKeys(map[string]string{"foo": "bar", "bar": "baz"}, "foo", "bar"))
+
+	assert.Error(t, ValidateConfigKeys(map[string]string{"foo": "bar"}))
+	assert.Error(t, ValidateConfigKeys(map[string]string{"foo": "bar"}, "Foo"))
+	assert.Error(t, ValidateConfigKeys(map[string]string{"foo": "bar", "boo": ""}, "foo"))
+}

pkg/cloudprovider/gcp/object_store.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2017 the Velero contributors.
+Copyright 2017, 2019 the Velero contributors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -29,6 +29,8 @@ import (
 	"golang.org/x/oauth2/google"
 	"google.golang.org/api/iterator"
 	"google.golang.org/api/option"
+
+	"github.com/heptio/velero/pkg/cloudprovider"
 )
 
 const credentialsEnvVar = "GOOGLE_APPLICATION_CREDENTIALS"
@@ -60,6 +62,10 @@ func NewObjectStore(logger logrus.FieldLogger) *ObjectStore {
 }
 
 func (o *ObjectStore) Init(config map[string]string) error {
+	if err := cloudprovider.ValidateConfigKeys(config); err != nil {
+		return err
+	}
+
 	credentialsFile := os.Getenv(credentialsEnvVar)
 	if credentialsFile == "" {
 		return errors.Errorf("%s is undefined", credentialsEnvVar)

pkg/cloudprovider/gcp/volume_snapshotter.go

@@ -1,5 +1,5 @@
 /*
-Copyright 2017 the Velero contributors.
+Copyright 2017, 2019 the Velero contributors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -33,6 +33,8 @@ import (
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
+
+	"github.com/heptio/velero/pkg/cloudprovider"
 )
 
 const (
@@ -51,6 +53,10 @@ func NewVolumeSnapshotter(logger logrus.FieldLogger) *VolumeSnapshotter {
 }
 
 func (b *VolumeSnapshotter) Init(config map[string]string) error {
+	if err := cloudprovider.ValidateConfigKeys(config); err != nil {
+		return err
+	}
+
 	project, err := extractProjectFromCreds()
 	if err != nil {
 		return err