From 91a7e5f27c2c96d48b1ee94f90f460e639e43963 Mon Sep 17 00:00:00 2001 From: tvpartytonight Date: Wed, 25 Oct 2023 08:42:07 -0700 Subject: [PATCH] (PUP-11973) Only send compiler header for v3 catalog requests --- src/clj/puppetlabs/puppetserver/ringutils.clj | 3 +- .../services/master/master_core.clj | 31 ++++++++++--------- .../services/master/master_service_test.clj | 11 +++++++ .../services/master/master_core_test.clj | 13 +++++--- 4 files changed, 37 insertions(+), 21 deletions(-) diff --git a/src/clj/puppetlabs/puppetserver/ringutils.clj b/src/clj/puppetlabs/puppetserver/ringutils.clj index 7e69dcafd..8be06225e 100644 --- a/src/clj/puppetlabs/puppetserver/ringutils.clj +++ b/src/clj/puppetlabs/puppetserver/ringutils.clj @@ -76,7 +76,8 @@ {:status 403 :body "Forbidden."}))) (defn wrap-with-certname-as-compiler - "Function that returns middleware that add X-Puppet-Compiler-Name to the response" + "Function that returns middleware that add X-Puppet-Compiler-Name to the response, + only for the posts to the v3 catalog endpoint. Otherwise, do nothing." [handler name] (fn [request] (ring/header (handler request) "X-Puppet-Compiler-Name" name))) diff --git a/src/clj/puppetlabs/services/master/master_core.clj b/src/clj/puppetlabs/services/master/master_core.clj index 6f42e6e4f..0b786ef76 100644 --- a/src/clj/puppetlabs/services/master/master_core.clj +++ b/src/clj/puppetlabs/services/master/master_core.clj @@ -1051,7 +1051,8 @@ "v3 route tree for the ruby side of the master service." [request-handler :- IFn bolt-builtin-content-dir :- (schema/maybe [schema/Str]) - bolt-projects-dir :- (schema/maybe schema/Str)] + bolt-projects-dir :- (schema/maybe schema/Str) + certname :- schema/Str] (comidi/routes (comidi/GET ["/node/" [#".*" :rest]] request (request-handler request)) @@ -1072,7 +1073,7 @@ (comidi/GET ["/catalog/" [#".*" :rest]] request (request-handler (assoc request :include-code-id? true))) (comidi/POST ["/catalog/" [#".*" :rest]] request - (request-handler (assoc request :include-code-id? true))) + (ringutils/wrap-with-certname-as-compiler request-handler certname)) (comidi/PUT ["/facts/" [#".*" :rest]] request (request-handler request)) (comidi/PUT ["/report/" [#".*" :rest]] request @@ -1178,9 +1179,10 @@ wrap-with-jruby-queue-limit :- IFn boltlib-path :- (schema/maybe [schema/Str]) bolt-builtin-content-dir :- (schema/maybe [schema/Str]) - bolt-projects-dir :- (schema/maybe schema/Str)] + bolt-projects-dir :- (schema/maybe schema/Str) + certname :- schema/Str] (comidi/context "/v3" - (v3-ruby-routes ruby-request-handler bolt-builtin-content-dir bolt-projects-dir) + (v3-ruby-routes ruby-request-handler bolt-builtin-content-dir bolt-projects-dir certname) (comidi/wrap-routes (v3-clojure-routes jruby-service get-code-content-fn @@ -1292,7 +1294,8 @@ environment-class-cache-enabled :- schema/Bool boltlib-path :- (schema/maybe [schema/Str]) bolt-builtin-content-dir :- (schema/maybe [schema/Str]) - bolt-projects-dir :- (schema/maybe schema/Str)] + bolt-projects-dir :- (schema/maybe schema/Str) + certname :- schema/Str] (comidi/routes (v3-routes ruby-request-handler clojure-request-wrapper @@ -1303,7 +1306,8 @@ wrap-with-jruby-queue-limit boltlib-path bolt-builtin-content-dir - bolt-projects-dir) + bolt-projects-dir + certname) (v4-routes clojure-request-wrapper jruby-service wrap-with-jruby-queue-limit @@ -1313,16 +1317,14 @@ wrap-middleware :- IFn [handler :- IFn authorization-fn :- IFn - puppet-version :- schema/Str - certname :- schema/Str] + puppet-version :- schema/Str] (-> handler authorization-fn (middleware/wrap-uncaught-errors :plain) middleware/wrap-request-logging i18n/locale-negotiator middleware/wrap-response-logging - (ringutils/wrap-with-puppet-version-header puppet-version) - (ringutils/wrap-with-certname-as-compiler certname))) + (ringutils/wrap-with-puppet-version-header puppet-version))) (schema/defn ^:always-validate get-master-route-config "Get the webserver route configuration for the master service" @@ -1372,14 +1374,12 @@ certname :- schema/Str] (let [ruby-request-handler (wrap-middleware handle-request wrap-with-authorization-check - puppet-version - certname) + puppet-version) clojure-request-wrapper (fn [handler] (wrap-middleware (ring/wrap-params handler) wrap-with-authorization-check - puppet-version - certname))] + puppet-version))] (root-routes ruby-request-handler clojure-request-wrapper jruby-service @@ -1389,7 +1389,8 @@ environment-class-cache-enabled boltlib-path bolt-builtin-content-dir - bolt-projects-dir))) + bolt-projects-dir + certname))) (def MasterStatusV1 {(schema/optional-key :experimental) {:http-metrics [http-metrics/RouteSummary] diff --git a/test/integration/puppetlabs/services/master/master_service_test.clj b/test/integration/puppetlabs/services/master/master_service_test.clj index afc2def2c..50e5cbb16 100644 --- a/test/integration/puppetlabs/services/master/master_service_test.clj +++ b/test/integration/puppetlabs/services/master/master_service_test.clj @@ -694,6 +694,17 @@ (finally (jruby-testutils/return-instance jruby-service jruby-instance :http-report-processor-metrics-test))))))) +(deftest ^:integration compiler-name-as-header + (testing "POSTs to the v3 catalog endpoint return the certname as a header" + (bootstrap-testutils/with-puppetserver-running + app + {:jruby-puppet {:gem-path gem-path + :max-active-instances 1 + :server-code-dir test-resources-code-dir + :server-conf-dir master-service-test-runtime-dir}} + (let [resp (http-post "/puppet/v3/catalog/foo?environment=production" "")] + (is (= "localhost" (get-in resp [:headers "x-puppet-compiler-name"]))))))) + (deftest encoded-spaces-test (testing "Encoded spaces should be routed correctly" (bootstrap-testutils/with-puppetserver-running diff --git a/test/unit/puppetlabs/services/master/master_core_test.clj b/test/unit/puppetlabs/services/master/master_core_test.clj index ce25196b8..a52ca6712 100644 --- a/test/unit/puppetlabs/services/master/master_core_test.clj +++ b/test/unit/puppetlabs/services/master/master_core_test.clj @@ -51,7 +51,8 @@ true nil ["./dev-resources/puppetlabs/services/master/master_core_test/builtin_bolt_content"] - "./dev-resources/puppetlabs/services/master/master_core_test/bolt_projects") + "./dev-resources/puppetlabs/services/master/master_core_test/bolt_projects" + "test-certname") (comidi/routes->handler) (wrap-middleware identity puppet-version))) @@ -65,10 +66,12 @@ request (partial app-request app)] (is (= 200 (:status (request "/v3/environments")))) (is (= 200 (:status (request "/v3/catalog/bar?environment=environment1234")))) - (is (= 200 (:status (app (-> {:request-method :post - :uri "/v3/catalog/bar" - :content-type "application/x-www-form-urlencoded"} - (ring-mock/body "environment=environment1234")))))) + (let [response (app (-> {:request-method :post + :uri "/v3/catalog/bar" + :content-type "application/x-www-form-urlencoded"} + (ring-mock/body "environment=environment1234")))] + (is (= "test-certname" (get-in response [:headers "X-Puppet-Compiler-Name"])) + (is (= 200 (:status response))))) (is (nil? (request "/foo"))) (is (nil? (request "/foo/bar"))) (doseq [[method paths]