Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore objects with names that end with / when listing rule groups #3999

Merged
merged 6 commits into from
Mar 23, 2021
Merged

Ignore objects with names that end with / when listing rule groups #3999

merged 6 commits into from
Mar 23, 2021

Conversation

pstibrany
Copy link
Contributor

What this PR does: This PR changes bucket-client based rule-store implementation to ignore objects that end with /. Such objects may exist and would be returned, but would cause failure to load the rule later, which can lead to ruler not loading any rules.

Checklist

  • Tests updated
  • Documentation added
  • CHANGELOG.md updated - the order of entries should be [CHANGE], [FEATURE], [ENHANCEMENT], [BUGFIX]

@pstibrany pstibrany requested a review from pracucci March 23, 2021 11:26
@pstibrany
CHANGELOG.md
4e95c33 
Signed-off-by: Peter Štibraný <[email protected]>
pracucci
pracucci previously approved these changes Mar 23, 2021
View reviewed changes
Copy link
Contributor

@pracucci pracucci left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fix! LGMT

@pracucci
Update CHANGELOG.md
31e1963 
Signed-off-by: Marco Pracucci <[email protected]>
pracucci
pracucci reviewed Mar 23, 2021
View reviewed changes
Copy link
Contributor

@pracucci pracucci left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I approved, but I'm doing a step back now. / is a valid base64 character, so we may have it within the key name as well, which would break the logic anyway. Also having the key with / at the end may be legit 🤔

Am I missing anything?

@pracucci pracucci dismissed their stale review March 23, 2021 11:43

I need more thinking on it

@pstibrany
Copy link
Contributor Author

I approved, but I'm doing a step back now. / is a valid base64 character, so we may have it within the key name as well, which would break the logic anyway. Also having the key with / at the end may be legit 🤔

Am I missing anything?

We use base64 with "URL" alphabet (ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_), so / is not a valid character.

Key with / is legal in general, but our rule group objects must have non-empty name, which implies that they cannot have name ending with /.

@pracucci
Copy link
Contributor

We use base64 with "URL" alphabet (ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_), so / is not a valid character.

Interesting. So, how can we end up with an object ending with /?

@pstibrany
Copy link
Contributor Author

Interesting. So, how can we end up with an object ending with /?

Objects that we've found are from Aug 2020 and Dec 2020. I suspect that we didn't check for group or namespace names in the past (do we now?). Content of those files is suspicious too -- they don't look like rule group files at all.

@pracucci
Copy link
Contributor

Objects that we've found are from Aug 2020 and Dec 2020. I suspect that we didn't check for group or namespace names in the past (do we now?). Content of those files is suspicious too -- they don't look like rule group files at all.

My though is: if such objects are not supposed to be there, should we filter them out (this PR)? I would bet we can break several parts of cortex if the storage contains unexpected objects.

@pstibrany
Validate user, namespace and group.
fc7a188 
Signed-off-by: Peter Štibraný <[email protected]>
@pstibrany
Merge remote-tracking branch 'origin/rulestore-ignore-empty-groupname…
582984e 
…s' into rulestore-ignore-empty-groupnames

Signed-off-by: Peter Štibraný <[email protected]>
@pstibrany
Copy link
Contributor Author

Note that validation for empty group names was added in #3210.

pracucci
pracucci approved these changes Mar 23, 2021
View reviewed changes
Copy link
Contributor

@pracucci pracucci left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks very good to me, thanks!

@pstibrany pstibrany merged commit 73744e5 into cortexproject:master Mar 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pracucci pracucci pracucci approved these changes

Assignees
No one assigned
Labels
size/M
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pstibrany @pracucci