(haproxy) String validation for haproxy config

- Add validation in the anchor that backend IP addresses and ports sourced from Kubernetes are valid looking strings. Change-Id: I7539b633dc49efd7262a22c6f9ff040880d9724f
2019-09-22 04:12:22 -05:00 · 2019-09-22 04:12:22 -05:00 · 97f7ed6db7
parent adc5146ffb
commit 97f7ed6db7
1 changed files with 12 additions and 0 deletions
--- a/charts/haproxy/templates/bin/_anchor.tpl
+++ b/charts/haproxy/templates/bin/_anchor.tpl
@ -57,6 +57,13 @@ install_config() {
    if [ $? -ne 0]; then
      echo "Unable to retrieve service IPs for {{ $service }}, will retry configuration render."
      return 1
+    else
+      for IP in $SERVICE_IPS; do
+        if echo -n "$IP" | grep -qvE '^([0-9]{1,3}\.?){4}$'; then
+          echo "Backend IP "$IP" doesn't appear to be a valid IP, short-circuiting update..."
+          return 1
+        fi
+      done
    fi

    DEST_PORT=$(kubectl \
@ -70,6 +77,11 @@ install_config() {
    if [ $? -ne 0]; then
      echo "Unable to retrieve service port for {{ $service }}, will retry configuration render."
      return 1
+    else
+      if echo -n "$DEST_PORT" | grep -qvE '^[0-9]{1,5}$'; then
+        echo "Backend destination port $DEST_PORT doesn't appear to be valid, short-circuiting update..."
+        return 1
+      fi
    fi

    set -x