Skip to content

Commit 7f107fe

Browse files
SungJin1212SungJin1212
authored
Add tenantID validation to regex validator (cortexproject#6836)
Signed-off-by: SungJin1212 <tjdwls1201@gmail.com>
1 parent f236c52 commit 7f107fe

File tree

3 files changed

+52
-1
lines changed

3 files changed

+52
-1
lines changed

pkg/querier/tenantfederation/regex_resolver.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -184,6 +184,14 @@ func (r *RegexValidator) TenantID(ctx context.Context) (string, error) {
184184
return "", errInvalidRegex
185185
}
186186

187+
if err := tenant.CheckTenantIDLength(id); err != nil {
188+
return "", err
189+
}
190+
191+
if err := tenant.CheckTenantIDIsSupported(id); err != nil {
192+
return "", err
193+
}
194+
187195
return id, nil
188196
}
189197

pkg/querier/tenantfederation/regex_resolver_test.go

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,8 @@ package tenantfederation
22

33
import (
44
"context"
5+
"errors"
6+
"strings"
57
"testing"
68
"time"
79

@@ -120,6 +122,31 @@ func Test_RegexValidator(t *testing.T) {
120122
orgID: "[a-z",
121123
expectedErr: errInvalidRegex,
122124
},
125+
{
126+
description: "tenant ID is too long",
127+
orgID: strings.Repeat("a", 151),
128+
expectedErr: errors.New("tenant ID is too long: max 150 characters"),
129+
},
130+
{
131+
description: ".",
132+
orgID: ".",
133+
expectedErr: errors.New("tenant ID is '.' or '..'"),
134+
},
135+
{
136+
description: "..",
137+
orgID: "..",
138+
expectedErr: errors.New("tenant ID is '.' or '..'"),
139+
},
140+
{
141+
description: "__markers__",
142+
orgID: "__markers__",
143+
expectedErr: errors.New("tenant ID '__markers__' is not allowed"),
144+
},
145+
{
146+
description: "user-index.json.gz",
147+
orgID: "user-index.json.gz",
148+
expectedErr: errors.New("tenant ID 'user-index.json.gz' is not allowed"),
149+
},
123150
}
124151

125152
for _, tc := range tests {

pkg/tenant/tenant.go

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ func NormalizeTenantIDs(tenantIDs []string) []string {
5454
return tenantIDs[0:posOut]
5555
}
5656

57-
// ValidTenantID
57+
// ValidTenantID validate tenantID
5858
func ValidTenantID(s string) error {
5959
// check if it contains invalid runes
6060
for pos, r := range s {
@@ -66,10 +66,26 @@ func ValidTenantID(s string) error {
6666
}
6767
}
6868

69+
if err := CheckTenantIDLength(s); err != nil {
70+
return err
71+
}
72+
73+
if err := CheckTenantIDIsSupported(s); err != nil {
74+
return err
75+
}
76+
77+
return nil
78+
}
79+
80+
func CheckTenantIDLength(s string) error {
6981
if len(s) > 150 {
7082
return errTenantIDTooLong
7183
}
7284

85+
return nil
86+
}
87+
88+
func CheckTenantIDIsSupported(s string) error {
7389
// check tenantID is "__markers__"
7490
if s == GlobalMarkersDir {
7591
return errTenantIDMarkers

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy