VictoriaMetrics/lib/fs
Zakhar Bessarab 201fd6de1e
lib/fs/fscore: do not trim content from path (#6503)
### Describe Your Changes

Trimming content which is loaded from an external pass leads to obscure
issues in case user-defined input contained trimmed chars. For example.
user-defined password "foo\n" will become "foo" while user will expect
it to contain a new line.

---
For example, a user defines a password which ends with `\n`. This often
happens when user Kubernetes secrets and manually encodes value as
base64-encoded string.

In this case vmauth configuration might look like:
```
users:
  - url_prefix:
      - http://vminsert:8480/insert/0/prometheus/api/v1/write
    name: foo
    username: foo
    password: "foobar\n"
```

vmagent configuration for this setup will use the following flags:
```
-remoteWrite.url=http://vmauth:8427/
-remoteWrite.basicAuth.passwordFile=/tmp/vmagent-password
-remoteWrite.basicAuth.username="foo"
```
Where `/tmp/vmagent-password` is a file with `foobar\n` password.

Before this change such configuration will result in `401 Unauthorized`
response received by vmagent since after file content will become
`foobar`.

---
An example with Kubernetes operator which uses a secret to reference the
same password in multiple configurations.

<details>
  <summary>See full manifests</summary>

`Secret`:
```
apiVersion: v1
data:
  name: Zm9v # foo
  password: Zm9vYmFy # foobar\n
  username: Zm9v= # foo
kind: Secret
metadata:
  name: vmuser
```


`VMUser`: 
```
apiVersion: operator.victoriametrics.com/v1beta1
kind: VMUser
metadata:
  name: vmagents
spec:
  generatePassword: false
  name: vmagents
  targetRefs:
  - crd:
      kind: VMAgent
      name: some-other-agent
      namespace: example
  username: foo
  # note - the secret above is referenced to provide password
  passwordRef:
    name: vmagent
    key: password
```

`VMAgent`:
```
apiVersion: operator.victoriametrics.com/v1beta1
kind: VMAgent
metadata:
  name: example
spec:
  selectAllByDefault: true
  scrapeInterval: 5s
  replicaCount: 1
  remoteWrite:
    - url: "http://vmauth-vmauth-example:8427/api/v1/write"
      # note - the secret above is referenced as well
      basicAuth:
        username:
          name: vmagent
          key: username
        password:
          name: vmagent
          key: password
```

</details>

Since both config target exactly the same `Secret` object it is expected
to work, but apparently the result will be `401 Unauthrized` error.

### Checklist

The following checks are **mandatory**:

- [x] My change adheres [VictoriaMetrics contributing
guidelines](https://docs.victoriametrics.com/contributing/).

---------

Signed-off-by: Zakhar Bessarab <z.bessarab@victoriametrics.com>
Signed-off-by: hagen1778 <roman@victoriametrics.com>
Co-authored-by: hagen1778 <roman@victoriametrics.com>
2024-06-19 10:31:48 +02:00
..
fscore lib/fs/fscore: do not trim content from path (#6503) 2024-06-19 10:31:48 +02:00
dir_remover.go lib/fs: support NFS implementations that return EEXIST instead of ENOTEMPTY (#6398) 2024-06-04 15:17:38 +02:00
fadvise_darwin.go app/vmselect/promql: follow-up for ce4f26db02 2024-01-16 02:55:08 +02:00
fadvise_openbsd.go
fadvise_solaris.go fixes solaris build (#1345) 2021-05-31 09:21:23 +03:00
fadvise_unix.go all: cleanup: remove // +build ... lines, since they are no longer needed after Go1.17, and the minimum supported Go version for VictoriaMetrics source code is Go1.20 2023-11-13 19:12:51 +01:00
fs_nix.go lib: consistently use atomic.* types instead of atomic.* functions 2024-02-24 02:07:53 +02:00
fs_openbsd.go lib: consistently use atomic.* types instead of atomic.* functions 2024-02-24 02:07:53 +02:00
fs_solaris.go lib: consistently use atomic.* types instead of atomic.* functions 2024-02-24 02:07:53 +02:00
fs_test.go all: allow dynamically reading *AuthKey flag values from files and urls 2024-01-21 22:03:38 +02:00
fs_unix.go all: cleanup: remove // +build ... lines, since they are no longer needed after Go1.17, and the minimum supported Go version for VictoriaMetrics source code is Go1.20 2023-11-13 19:12:51 +01:00
fs_windows.go lib/fs: fix GOOS=windows build after f8baf29b6e 2024-03-01 01:46:29 +02:00
fs.go Revert "app/vmselect: make vmselect resilient to absence of cache folder (#5987)" 2024-03-30 07:29:24 +02:00
reader_at_test.go all: use os.{Read|Write}File instead of ioutil.{Read|Write}File 2022-08-21 23:52:35 +03:00
reader_at_timing_test.go all: use os.{Read|Write}File instead of ioutil.{Read|Write}File 2022-08-21 23:52:35 +03:00
reader_at.go lib: consistently use atomic.* types instead of atomic.* functions 2024-02-24 02:07:53 +02:00