MINOR: cfgparse: implement experimental config keywords
Add a new flag to mark a keyword as experimental. An experimental
keyword cannot be used if the global 'expose-experimental-directives' is
not present first.
Only keywords parsed through a standard cfg_keywords lists in
global/proxies section will be automatically detected if declared
experimental. To support a keyword outside of these lists,
check_kw_experimental must be called manually during its parsing.
If an experimental keyword is present in the config, the tainted flag is
updated.
For the moment, no keyword is marked as experimental.
diff --git a/doc/configuration.txt b/doc/configuration.txt
index e37f84c..19f1808 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -969,6 +969,7 @@
- deviceatlas-log-level
- deviceatlas-separator
- deviceatlas-properties-cookie
+ - expose-experimental-directives
- external-check
- gid
- group
@@ -1274,6 +1275,10 @@
Client-side component was used during the request. This directive is optional
and set to DAPROPS by default if not set.
+expose-experimental-directives
+ This statement must appear before using directives tagged as experimental or
+ the config file will be rejected.
+
external-check
Allows the use of an external agent to perform health checks. This is
disabled by default as a security precaution, and even when enabled, checks
diff --git a/include/haproxy/cfgparse.h b/include/haproxy/cfgparse.h
index b32c90d..83c031d 100644
--- a/include/haproxy/cfgparse.h
+++ b/include/haproxy/cfgparse.h
@@ -43,7 +43,7 @@
};
enum cfg_keyword_flags {
- KWF_UNIMPLEMENTED, // TO REMOVE once an enum value is implemented
+ KWF_EXPERIMENTAL = 0x1,
};
struct cfg_keyword {
diff --git a/include/haproxy/global.h b/include/haproxy/global.h
index 20a0950..fb7b62b 100644
--- a/include/haproxy/global.h
+++ b/include/haproxy/global.h
@@ -98,11 +98,17 @@
/* handle 'tainted' status */
enum tainted_flags {
- TAINTED_UNIMPLEMENTED, // TO REMOVE once an enum value is implemented
+ TAINTED_CONFIG_EXP_KW_DECLARED = 0x1,
};
void mark_tainted(const enum tainted_flags flag);
unsigned int get_tainted();
+extern unsigned int experimental_directives_allowed;
+
+struct cfg_keyword;
+int check_kw_experimental(struct cfg_keyword *kw, const char *file, int linenum,
+ char **errmsg);
+
/* simplified way to declare static build options in a file */
#define REGISTER_BUILD_OPTS(str) \
INITCALL2(STG_REGISTER, hap_register_build_opts, (str), 0)
diff --git a/src/cfgparse-global.c b/src/cfgparse-global.c
index 384ad3c..98012d1 100644
--- a/src/cfgparse-global.c
+++ b/src/cfgparse-global.c
@@ -70,6 +70,9 @@
alertif_too_many_args(0, file, linenum, args, &err_code);
goto out;
}
+ else if (strcmp(args[0], "expose-experimental-directives") == 0) {
+ experimental_directives_allowed = 1;
+ }
else if (strcmp(args[0], "daemon") == 0) {
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
@@ -1306,6 +1309,12 @@
if (kwl->kw[index].section != CFG_GLOBAL)
continue;
if (strcmp(kwl->kw[index].kw, args[0]) == 0) {
+ if (check_kw_experimental(&kwl->kw[index], file, linenum, &errmsg)) {
+ ha_alert(errmsg);
+ err_code |= ERR_ALERT | ERR_FATAL;
+ goto out;
+ }
+
rc = kwl->kw[index].parse(args, CFG_GLOBAL, NULL, NULL, file, linenum, &errmsg);
if (rc < 0) {
ha_alert("parsing [%s:%d] : %s\n", file, linenum, errmsg);
diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c
index 8a81b44..78f1a58 100644
--- a/src/cfgparse-listen.c
+++ b/src/cfgparse-listen.c
@@ -3040,6 +3040,12 @@
if (kwl->kw[index].section != CFG_LISTEN)
continue;
if (strcmp(kwl->kw[index].kw, args[0]) == 0) {
+ if (check_kw_experimental(&kwl->kw[index], file, linenum, &errmsg)) {
+ ha_alert(errmsg);
+ err_code |= ERR_ALERT | ERR_FATAL;
+ goto out;
+ }
+
/* prepare error message just in case */
rc = kwl->kw[index].parse(args, CFG_LISTEN, curproxy, curr_defproxy, file, linenum, &errmsg);
if (rc < 0) {
diff --git a/src/haproxy.c b/src/haproxy.c
index 4c7ff55..0ca8780 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -262,6 +262,23 @@
/* set if experimental features have been used for the current process */
static unsigned int tainted = 0;
+unsigned int experimental_directives_allowed = 0;
+
+int check_kw_experimental(struct cfg_keyword *kw, const char *file, int linenum,
+ char **errmsg)
+{
+ if (kw->flags & KWF_EXPERIMENTAL) {
+ if (!experimental_directives_allowed) {
+ memprintf(errmsg, "parsing [%s:%d] : '%s' directive is experimental, must be allowed via a global 'expose-experimental-directives'\n",
+ file, linenum, kw->kw);
+ return 1;
+ }
+ mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);
+ }
+
+ return 0;
+}
+
/* master CLI configuration (-S flag) */
struct list mworker_cli_conf = LIST_HEAD_INIT(mworker_cli_conf);