Merge pull request #1949 from carlpett/blacklist-fingerprints-and-dri…

…vers Support blacklisting fingerprinters
hashicorp · Nov 9, 2016 · 96b5840 · 96b5840
2 parents 7ec5077 + dd2c853
commit 96b5840
Show file tree

Hide file tree

Showing 3 changed files with 130 additions and 3 deletions.
diff --git a/client/client.go b/client/client.go
@@ -720,6 +720,8 @@ func (c *Client) reservePorts() {
 func (c *Client) fingerprint() error {
 	whitelist := c.config.ReadStringListToMap("fingerprint.whitelist")
 	whitelistEnabled := len(whitelist) > 0
+	blacklist := c.config.ReadStringListToMap("fingerprint.blacklist")
+
 	c.logger.Printf("[DEBUG] client: built-in fingerprints: %v", fingerprint.BuiltinFingerprints())
 
 	var applied []string
@@ -730,6 +732,11 @@ func (c *Client) fingerprint() error {
 			skipped = append(skipped, name)
 			continue
 		}
+		// Skip modules that are in the blacklist
+		if _, ok := blacklist[name]; ok {
+			skipped = append(skipped, name)
+			continue
+		}
 		f, err := fingerprint.NewFingerprint(name, c.logger)
 		if err != nil {
 			return err
@@ -754,7 +761,7 @@ func (c *Client) fingerprint() error {
 	}
 	c.logger.Printf("[DEBUG] client: applied fingerprints %v", applied)
 	if len(skipped) != 0 {
-		c.logger.Printf("[DEBUG] client: fingerprint modules skipped due to whitelist: %v", skipped)
+		c.logger.Printf("[DEBUG] client: fingerprint modules skipped due to white/blacklist: %v", skipped)
 	}
 	return nil
 }
@@ -778,9 +785,10 @@ func (c *Client) fingerprintPeriodic(name string, f fingerprint.Fingerprint, d t
 
 // setupDrivers is used to find the available drivers
 func (c *Client) setupDrivers() error {
-	// Build the whitelist of drivers.
+	// Build the white/blacklists of drivers.
 	whitelist := c.config.ReadStringListToMap("driver.whitelist")
 	whitelistEnabled := len(whitelist) > 0
+	blacklist := c.config.ReadStringListToMap("driver.blacklist")
 
 	var avail []string
 	var skipped []string
@@ -792,6 +800,11 @@ func (c *Client) setupDrivers() error {
 			skipped = append(skipped, name)
 			continue
 		}
+		// Skip fingerprinting drivers that are in the blacklist
+		if _, ok := blacklist[name]; ok {
+			skipped = append(skipped, name)
+			continue
+		}
 
 		d, err := driver.NewDriver(name, driverCtx)
 		if err != nil {
@@ -817,7 +830,7 @@ func (c *Client) setupDrivers() error {
 	c.logger.Printf("[DEBUG] client: available drivers %v", avail)
 
 	if len(skipped) != 0 {
-		c.logger.Printf("[DEBUG] client: drivers skipped due to whitelist: %v", skipped)
+		c.logger.Printf("[DEBUG] client: drivers skipped due to white/blacklist: %v", skipped)
 	}
 
 	return nil

diff --git a/client/client_test.go b/client/client_test.go
@@ -216,6 +216,23 @@ func TestClient_Fingerprint_InWhitelist(t *testing.T) {
 	}
 }
 
+func TestClient_Fingerprint_InBlacklist(t *testing.T) {
+	c := testClient(t, func(c *config.Config) {
+		if c.Options == nil {
+			c.Options = make(map[string]string)
+		}
+
+		// Weird spacing to test trimming. Blacklist cpu.
+		c.Options["fingerprint.blacklist"] = "  cpu	"
+	})
+	defer c.Shutdown()
+
+	node := c.Node()
+	if node.Attributes["cpu.frequency"] != "" {
+		t.Fatalf("cpu fingerprint module loaded despite blacklisting")
+	}
+}
+
 func TestClient_Fingerprint_OutOfWhitelist(t *testing.T) {
 	c := testClient(t, func(c *config.Config) {
 		if c.Options == nil {
@@ -232,6 +249,35 @@ func TestClient_Fingerprint_OutOfWhitelist(t *testing.T) {
 	}
 }
 
+func TestClient_Fingerprint_WhitelistBlacklistCombination(t *testing.T) {
+	c := testClient(t, func(c *config.Config) {
+		if c.Options == nil {
+			c.Options = make(map[string]string)
+		}
+
+		// With both white- and blacklist, should return the set difference of modules (arch, cpu)
+		c.Options["fingerprint.whitelist"] = "arch,memory,cpu"
+		c.Options["fingerprint.blacklist"] = "memory,nomad"
+	})
+	defer c.Shutdown()
+
+	node := c.Node()
+	// Check expected modules are present
+	if node.Attributes["cpu.frequency"] == "" {
+		t.Fatalf("missing cpu fingerprint module")
+	}
+	if node.Attributes["arch"] == "" {
+		t.Fatalf("missing arch fingerprint module")
+	}
+	// Check remainder _not_ present
+	if node.Attributes["memory.totalbytes"] != "" {
+		t.Fatalf("found memory fingerprint module")
+	}
+	if node.Attributes["nomad.version"] != "" {
+		t.Fatalf("found nomad fingerprint module")
+	}
+}
+
 func TestClient_Drivers(t *testing.T) {
 	c := testClient(t, nil)
 	defer c.Shutdown()
@@ -267,6 +313,27 @@ func TestClient_Drivers_InWhitelist(t *testing.T) {
 	}
 }
 
+func TestClient_Drivers_InBlacklist(t *testing.T) {
+	c := testClient(t, func(c *config.Config) {
+		if c.Options == nil {
+			c.Options = make(map[string]string)
+		}
+
+		// Weird spacing to test trimming
+		c.Options["driver.blacklist"] = "   exec ,  foo	"
+	})
+	defer c.Shutdown()
+
+	node := c.Node()
+	if node.Attributes["driver.exec"] != "" {
+		if v, ok := osExecDriverSupport[runtime.GOOS]; !v && ok {
+			t.Fatalf("exec driver loaded despite blacklist")
+		} else {
+			t.Skipf("missing exec driver, no OS support")
+		}
+	}
+}
+
 func TestClient_Drivers_OutOfWhitelist(t *testing.T) {
 	c := testClient(t, func(c *config.Config) {
 		if c.Options == nil {
@@ -283,6 +350,29 @@ func TestClient_Drivers_OutOfWhitelist(t *testing.T) {
 	}
 }
 
+func TestClient_Drivers_WhitelistBlacklistCombination(t *testing.T) {
+	c := testClient(t, func(c *config.Config) {
+		if c.Options == nil {
+			c.Options = make(map[string]string)
+		}
+
+		// Expected output is set difference (raw_exec)
+		c.Options["driver.whitelist"] = "raw_exec,exec"
+		c.Options["driver.blacklist"] = "exec"
+	})
+	defer c.Shutdown()
+
+	node := c.Node()
+	// Check expected present
+	if node.Attributes["driver.raw_exec"] == "" {
+		t.Fatalf("missing raw_exec driver")
+	}
+	// Check expected absent
+	if node.Attributes["driver.exec"] != "" {
+		t.Fatalf("exec driver loaded despite blacklist")
+	}
+}
+
 func TestClient_Register(t *testing.T) {
 	s1, _ := testServer(t, nil)
 	defer s1.Shutdown()

diff --git a/website/source/docs/agent/configuration/client.html.md b/website/source/docs/agent/configuration/client.html.md
@@ -133,6 +133,18 @@ see the [drivers documentation](/docs/drivers/index.html).
     }
     ```
 
+- `"driver.blacklist"` `(string: "")` - Specifies a comma-separated list of
+  blacklisted drivers . If specified, drivers in the blacklist will be
+  disabled.
+
+    ```hcl
+    client {
+      options = {
+        "driver.blacklist" = "docker,qemu"
+      }
+    }
+    ```
+
 - `"env.blacklist"` `(string: see below)` - Specifies a comma-separated list of
   environment variable keys not to pass to these tasks. Nomad passes the host
   environment variables to `exec`, `raw_exec` and `java` tasks. If specified,
@@ -213,6 +225,18 @@ see the [drivers documentation](/docs/drivers/index.html).
     }
     ```
 
+- `"fingerprint.blacklist"` `(string: "")` - Specifies a comma-separated list of
+  blacklisted fingerprinters. If specified, any fingerprinters in the blacklist
+  will be disabled.
+
+    ```hcl
+    client {
+      options = {
+        "fingerprint.blacklist" = "network"
+      }
+    }
+    ```
+
 ### `reserved` Parameters
 
 - `cpu` `(int: 0)` - Specifies the amount of CPU to reserve, in MHz.