search

RedHatInsights / insights-core

Insights Core is a data collection and processing framework used by Red Hat Insights
https://cloud.redhat.com/insights
Apache License 2.0
149 stars 207 forks source link

Make remove.conf smarter #802

Open gravitypriest opened 6 years ago

gravitypriest commented 6 years ago

Based on https://bugzilla.redhat.com/show_bug.cgi?id=1522725

Should be able to use wildcards in command/file definition.

csams commented 6 years ago

@gravitypriest @jhjaggars @kylape FYI this kind of thing is handled differently in 3.x core. It's integrated with datasources. See the first cut with the blacklist module and its usage in SpecFactory.

gravitypriest commented 6 years ago

This looks like it does nearly exactly what we want it to do. Do those _COMMAND_FILTER and _FILE_FILTER in blacklist take care of filtering the command/file output for?

brantleyr commented 6 years ago

@csams it looks like the 3.X core handles this how we want. However, it really depends on our transition timeframe from 1.X to 3.X core (even though we're running 3.X client wrapper). This will depend on if we want the new 3.X client to support blacklist wildcards via the remove.conf file, and also if we want this functionality supported in the 1.X client.

csams commented 6 years ago

@gravitypriest They're connected at a low level with the validation checks in FileProvider and CommandOutputProvider and are used to prevent certain files from being read or executed. For simple files and commands, the validation is straightforward against the string representations in the spec definition. For globs and foreach commands, the blacklist is applied after the file paths or command strings have been resolved. This means the spec can be a glob pattern for a directory, and the blacklist can be written to reject everything within it or only certain files that match a particular pattern. Likewise with commands. A blacklist entry could allow ethtool in general but disallow it for certain interfaces. I went with regexes for the matching since they're more expressive than globs but still straightforward to understand for the simple use cases.

Filtering output of allowed files or commands is handled by the filters module and the FileProvider and CommandOutputProvider classes.

csams commented 6 years ago

@brantleyr Cool, I wanted to give everybody a heads up that blacklisting and filtering moved around a bit due to how datasources work in 3.x core just in case it impacted design decisions for the client.