Updates the list if disbled pgBackRest commands

jmckulk · jkatz · commit c9759b8d68f4 · 2020-03-26T09:16:03.000-04:00
diff --git a/apiserver/backupoptions/backupoptionsutil.go b/apiserver/backupoptions/backupoptionsutil.go
@@ -29,7 +29,7 @@ import (
 
 type backupOptions interface {
 	validate([]string) error
-	getBlacklistFlags() ([]string, []string)
+	getDenyListFlags() ([]string, []string)
 }
 
 // ValidateBackupOpts validates the backup/restore options that can be provided to the various backup
@@ -98,9 +98,8 @@ func convertBackupOptsToStruct(backupOpts string, request interface{}) (backupOp
 
 	err = commandLine.Parse(parsedBackupOpts)
 	if err != nil {
-		err = handleCustomParseErrors(err, usage, optsStruct)
-		if err != nil {
-			return nil, nil, err
+		if customErr := handleCustomParseErrors(err, usage, optsStruct); customErr != nil {
+			return nil, nil, customErr
 		}
 	}
 
@@ -186,28 +185,28 @@ func isValidValue(vals []string, val string) bool {
 	return isValid
 }
 
-// this function checks unknown options from the backup-opts flag to validate that they are not blacklisted
-// if the option is in the blacklist and error is returned, otherwise the flag is unkown to the operator
+// this function checks unknown options from the backup-opts flag to validate that they are not denied
+// if the option is in the deny list and error is returned, otherwise the flag is unkown to the operator
 // and can be passed to pgBackRest for validation.
 func handleCustomParseErrors(err error, usage *bytes.Buffer, optsStruct backupOptions) error {
-	blacklistFlags, blacklistFlagsShort := optsStruct.getBlacklistFlags()
+	denyListFlags, denyListFlagsShort := optsStruct.getDenyListFlags()
 	if err.Error() == "pflag: help requested" {
 		pflag.Usage()
 		return errors.New(usage.String())
 	} else if strings.Contains(err.Error(), "unknown flag") {
-		for _, blacklistFlag := range blacklistFlags {
-			flagMatch, err := regexp.MatchString("\\B"+blacklistFlag+"$", err.Error())
+		for _, denyListFlag := range denyListFlags {
+			flagMatch, err := regexp.MatchString("\\B"+denyListFlag+"$", err.Error())
 			if err != nil {
 				return err
 			} else if flagMatch {
-				return fmt.Errorf("Flag %s is not supported for use with PGO", blacklistFlag)
+				return fmt.Errorf("Flag %s is not supported for use with PGO", denyListFlag)
 			}
 		}
 	} else if strings.Contains(err.Error(), "unknown shorthand flag") {
-		for _, blacklistFlagShort := range blacklistFlagsShort {
-			blacklistFlagQuotes := "'" + strings.TrimPrefix(blacklistFlagShort, "-") + "'"
-			if strings.Contains(err.Error(), blacklistFlagQuotes) {
-				return fmt.Errorf("Shorthand flag %s is not supported for use with PGO", blacklistFlagShort)
+		for _, denyListFlagShort := range denyListFlagsShort {
+			denyListFlagQuotes := "'" + strings.TrimPrefix(denyListFlagShort, "-") + "'"
+			if strings.Contains(err.Error(), denyListFlagQuotes) {
+				return fmt.Errorf("Shorthand flag %s is not supported for use with PGO", denyListFlagShort)
 			}
 		}
 	}
diff --git a/apiserver/backupoptions/pgbackrestoptions.go b/apiserver/backupoptions/pgbackrestoptions.go
@@ -20,14 +20,45 @@ import (
 	"strings"
 )
 
-var pgBackRestOptsBlacklist = []string{"--archive-check", "--no-archive-check", "--online", "--no-online", "--link-all",
-	"--link-map", "--tablespace-map", "--tablespace-map-all", "--cmd-ssh", "--config", "--config-include-path",
-	"--config-path", "--lock-path", "--neutral-umask", "--no-neutral-umask", "--stanza", "--log-timestamp",
-	"--repo-cipher-type", "--repo-host", "--repo-host-cmd", "--repo-host-config", "--repo-host-config-include-path",
-	"--repo-host-config-path", "--repo-host-port", "--repo-host-user", "--repo-path", "--repo-s3-bucket",
-	"--repo-s3-ca-file", "--repo-s3-ca-path", "--repo-s3-endpoint", "--repo-s3-host", "--repo-s3-region",
-	"--repo-s3-verify-ssl", "--repo-type", "--pg-host", "--pg-host-cmd", "--pg-host-config",
-	"--pg-host-config-include-path", "--pg-host-config-path", "--pg-host-port", "--pg-host-user", "--pg-path", "--pg-port"}
+var pgBackRestOptsDenyList = []string{
+	"--cmd-ssh",
+	"--config",
+	"--config-include-path",
+	"--config-path",
+	"--link-all",
+	"--link-map",
+	"--lock-path",
+	"--log-timestamp",
+	"--neutral-umask",
+	"--no-neutral-umask",
+	"--no-online",
+	"--online",
+	"--pg-host",
+	"--pg-host-cmd",
+	"--pg-host-config",
+	"--pg-host-config-include-path",
+	"--pg-host-config-path",
+	"--pg-host-port",
+	"--pg-host-user",
+	"--pg-path",
+	"--pg-port",
+	"--repo-host",
+	"--repo-host-cmd",
+	"--repo-host-config",
+	"--repo-host-config-include-path",
+	"--repo-host-config-path",
+	"--repo-host-port",
+	"--repo-host-user",
+	"--repo-path",
+	"--repo-s3-bucket",
+	"--repo-s3-endpoint",
+	"--repo-s3-host",
+	"--repo-s3-region",
+	"--repo-type",
+	"--stanza",
+	"--tablespace-map",
+	"--tablespace-map-all",
+}
 
 type pgBackRestBackupOptions struct {
 	ArchiveCopy              bool   `flag:"archive-copy"`
@@ -225,10 +256,10 @@ func isValidBackrestLogLevel(logLevel string) bool {
 	return isValidValue(logLevels, logLevel)
 }
 
-func (backRestBackupOpts pgBackRestBackupOptions) getBlacklistFlags() ([]string, []string) {
-	return pgBackRestOptsBlacklist, nil
+func (backRestBackupOpts pgBackRestBackupOptions) getDenyListFlags() ([]string, []string) {
+	return pgBackRestOptsDenyList, nil
 }
 
-func (backRestRestoreOpts pgBackRestRestoreOptions) getBlacklistFlags() ([]string, []string) {
-	return pgBackRestOptsBlacklist, nil
+func (backRestRestoreOpts pgBackRestRestoreOptions) getDenyListFlags() ([]string, []string) {
+	return pgBackRestOptsDenyList, nil
 }
diff --git a/apiserver/backupoptions/pgdumpoptions.go b/apiserver/backupoptions/pgdumpoptions.go
@@ -20,10 +20,28 @@ import (
 	"strings"
 )
 
-var pgDumpRestoreOptsBlacklist = []string{"--binary-upgrade", "--no-reconnect", "--dbname", "--host", "--port",
-	"--username", "--no-password", "--password", "--version"}
+var pgDumpRestoreOptsDenyList = []string{
+	"--binary-upgrade",
+	"--dbname",
+	"--host",
+	"--no-password",
+	"--no-reconnect",
+	"--password",
+	"--port",
+	"--username",
+	"--version",
+}
 
-var pgDumpRestoreOptsBlacklistShort = []string{"-R", "-d", "-h", "-p", "-U", "-w", "-W", "-V"}
+var pgDumpRestoreOptsDenyListShort = []string{
+	"-R",
+	"-d",
+	"-h",
+	"-p",
+	"-U",
+	"-w",
+	"-W",
+	"-V",
+}
 
 type pgDumpOptions struct {
 	DataOnly                   bool     `flag:"data-only" flag-short:"a"`
@@ -265,14 +283,14 @@ func (restoreOpts pgRestoreOptions) validate(setFlagFieldNames []string) error {
 	return nil
 }
 
-func (dumpOpts pgDumpOptions) getBlacklistFlags() ([]string, []string) {
-	return pgDumpRestoreOptsBlacklist, pgDumpRestoreOptsBlacklistShort
+func (dumpOpts pgDumpOptions) getDenyListFlags() ([]string, []string) {
+	return pgDumpRestoreOptsDenyList, pgDumpRestoreOptsDenyListShort
 }
 
-func (dumpAllOpts pgDumpAllOptions) getBlacklistFlags() ([]string, []string) {
-	return pgDumpRestoreOptsBlacklist, pgDumpRestoreOptsBlacklistShort
+func (dumpAllOpts pgDumpAllOptions) getDenyListFlags() ([]string, []string) {
+	return pgDumpRestoreOptsDenyList, pgDumpRestoreOptsDenyListShort
 }
 
-func (restoreOpts pgRestoreOptions) getBlacklistFlags() ([]string, []string) {
-	return pgDumpRestoreOptsBlacklist, pgDumpRestoreOptsBlacklistShort
+func (restoreOpts pgRestoreOptions) getDenyListFlags() ([]string, []string) {
+	return pgDumpRestoreOptsDenyList, pgDumpRestoreOptsDenyListShort
 }
