Add NGINX Agent config validation (#1039)

Author: dhurley

go.mod

@@ -11,6 +11,7 @@ require (
 	github.com/docker/docker v27.3.1+incompatible
 	github.com/fsnotify/fsnotify v1.8.0
 	github.com/go-resty/resty/v2 v2.16.2
+	github.com/goccy/go-yaml v1.17.1
 	github.com/google/go-cmp v0.6.0
 	github.com/google/uuid v1.6.0
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0

go.sum

@@ -179,6 +179,8 @@ github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
 github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/goccy/go-yaml v1.17.1 h1:LI34wktB2xEE3ONG/2Ar54+/HJVBriAGJ55PHls4YuY=
+github.com/goccy/go-yaml v1.17.1/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
 github.com/gogo/googleapis v1.4.1 h1:1Yx4Myt7BxzvUr5ldGSbwYiZG6t9wGBZ+8/fX3Wvtq0=
 github.com/gogo/googleapis v1.4.1/go.mod h1:2lpHqI5OcWCtVElxXnPt+s8oJvMpySlOyM6xDCrzib4=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=

internal/collector/otel_collector_plugin_test.go

@@ -324,7 +324,7 @@ func TestCollector_ProcessResourceUpdateTopic(t *testing.T) {
 		Server: &config.ServerConfig{
 			Host: "",
 			Port: 0,
-			Type: 0,
+			Type: config.Grpc,
 		},
 		TLS: &config.TLSConfig{
 			Cert:       "",
@@ -408,7 +408,7 @@ func TestCollector_ProcessResourceUpdateTopicFails(t *testing.T) {
 		Server: &config.ServerConfig{
 			Host: "",
 			Port: 0,
-			Type: 0,
+			Type: config.Grpc,
 		},
 		TLS: &config.TLSConfig{
 			Cert:       "",

internal/collector/otelcol.tmpl

@@ -37,10 +37,10 @@ receivers:
 {{- range $index, $otlpReceiver := .Receivers.OtlpReceivers }}
   otlp/{{$index}}:
     protocols:
-      {{- if eq .Server.Type 0 }}
-      grpc:
-        endpoint: "{{ .Server.Host }}:{{ .Server.Port }}"
-        {{- if and .OtlpTLSConfig (or (gt (len .OtlpTLSConfig.Key) 0) (gt (len .OtlpTLSConfig.Cert) 0) (gt (len .OtlpTLSConfig.Key) 0)) }}
+      {{- if eq .Server.Type "http" }}
+      http:
+        endpoint: "{{- .Server.Host -}}:{{- .Server.Port -}}"
+        {{- if .OtlpTLSConfig }}
         tls:
           {{ if gt (len .OtlpTLSConfig.Cert) 0 -}}
           cert_file: {{ .OtlpTLSConfig.Cert }}
@@ -53,9 +53,9 @@ receivers:
           {{- end }}
         {{- end }}
       {{- else }}
-      http:
-        endpoint: "{{- .Server.Host -}}:{{- .Server.Port -}}"
-        {{- if .OtlpTLSConfig }}
+      grpc:
+        endpoint: "{{ .Server.Host }}:{{ .Server.Port }}"
+        {{- if and .OtlpTLSConfig (or (gt (len .OtlpTLSConfig.Key) 0) (gt (len .OtlpTLSConfig.Cert) 0) (gt (len .OtlpTLSConfig.Key) 0)) }}
         tls:
           {{ if gt (len .OtlpTLSConfig.Cert) 0 -}}
           cert_file: {{ .OtlpTLSConfig.Cert }}

internal/collector/settings_test.go

@@ -68,7 +68,7 @@ func TestTemplateWrite(t *testing.T) {
 		Server: &config.ServerConfig{
 			Host: "localhost",
 			Port: 9876,
-			Type: 0,
+			Type: config.Grpc,
 		},
 		TLS: nil,
 	}
@@ -106,7 +106,7 @@ func TestTemplateWrite(t *testing.T) {
 		Server: &config.ServerConfig{
 			Host: "localhost",
 			Port: 4317,
-			Type: 0,
+			Type: config.Grpc,
 		},
 		OtlpTLSConfig: &config.OtlpTLSConfig{
 			Cert: "/tmp/cert.pem",

internal/config/config.go

@@ -6,6 +6,7 @@
 package config
 
 import (
+	"bytes"
 	"context"
 	"encoding/json"
 	"errors"
@@ -20,6 +21,7 @@ import (
 
 	"github.com/nginx/agent/v3/internal/datasource/file"
 
+	"github.com/goccy/go-yaml"
 	uuidLibrary "github.com/nginx/agent/v3/pkg/id"
 	selfsignedcerts "github.com/nginx/agent/v3/pkg/tls"
 	"github.com/spf13/cobra"
@@ -523,6 +525,11 @@ func getConfigFilePaths() []string {
 }
 
 func loadPropertiesFromFile(cfg string) error {
+	validationError := validateYamlFile(cfg)
+	if validationError != nil {
+		return validationError
+	}
+
 	viperInstance.SetConfigFile(cfg)
 	viperInstance.SetConfigType("yaml")
 	err := viperInstance.MergeInConfig()
@@ -533,6 +540,20 @@ func loadPropertiesFromFile(cfg string) error {
 	return nil
 }
 
+func validateYamlFile(filePath string) error {
+	fileContents, readError := os.ReadFile(filePath)
+	if readError != nil {
+		return fmt.Errorf("failed to read file %s: %w", filePath, readError)
+	}
+
+	decoder := yaml.NewDecoder(bytes.NewReader(fileContents), yaml.DisallowUnknownField())
+	if err := decoder.Decode(&Config{}); err != nil {
+		return errors.New(yaml.FormatError(err, false, false))
+	}
+
+	return nil
+}
+
 func normalizeFunc(f *flag.FlagSet, name string) flag.NormalizedName {
 	from := []string{"_", "."}
 	to := "-"

internal/config/config_test.go

@@ -5,6 +5,7 @@
 package config
 
 import (
+	"errors"
 	"os"
 	"path"
 	"strings"
@@ -29,6 +30,9 @@ func TestRegisterConfigFile(t *testing.T) {
 	require.NoError(t, err)
 	defer helpers.RemoveFileWithErrorCheck(t, file.Name())
 
+	_, err = file.WriteString("log:")
+	require.NoError(t, err)
+
 	currentDirectory, err := os.Getwd()
 	require.NoError(t, err)
 
@@ -596,6 +600,37 @@ func TestParseJSON(t *testing.T) {
 	}
 }
 
+func TestValidateYamlFile(t *testing.T) {
+	tests := []struct {
+		expected error
+		name     string
+		input    string
+	}{
+		{
+			name:     "Test 1: Valid NGINX Agent config file",
+			input:    "testdata/nginx-agent.conf",
+			expected: nil,
+		},
+		{
+			name:     "Test 2: Invalid format NGINX Agent config file",
+			input:    "testdata/invalid-format-nginx-agent.conf",
+			expected: errors.New("[2:1] unknown field \"level\""),
+		},
+		{
+			name:     "Test 3: Unknown field in NGINX Agent config file",
+			input:    "testdata/unknown-field-nginx-agent.conf",
+			expected: errors.New("[5:1] unknown field \"unknown_field\""),
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := validateYamlFile(tt.input)
+			assert.Equal(t, tt.expected, result)
+		})
+	}
+}
+
 func getAgentConfig() *Config {
 	return &Config{
 		UUID:    "",
@@ -636,6 +671,7 @@ func getAgentConfig() *Config {
 						Server: &ServerConfig{
 							Host: "127.0.0.1",
 							Port: 1234,
+							Type: Grpc,
 						},
 						TLS: &TLSConfig{
 							Cert:       "/path/to/server-cert.pem",
@@ -660,7 +696,7 @@ func getAgentConfig() *Config {
 						Server: &ServerConfig{
 							Host: "localhost",
 							Port: 4317,
-							Type: 0,
+							Type: Grpc,
 						},
 						Auth: &AuthConfig{
 							Token: "even-secreter-token",
@@ -696,7 +732,6 @@ func getAgentConfig() *Config {
 					Server: &ServerConfig{
 						Host: "localhost",
 						Port: 1337,
-						Type: 0,
 					},
 					Path: "/",
 				},

internal/config/mapper.go

@@ -21,8 +21,8 @@ func FromCommandProto(config *mpi.CommandServer) *Command {
 			Host: config.GetServer().GetHost(),
 			Port: int(config.GetServer().GetPort()),
 		}
-		if config.GetServer().GetType() != mpi.ServerSettings_SERVER_SETTINGS_TYPE_UNDEFINED {
-			cmd.Server.Type = ServerType(config.GetServer().GetType())
+		if config.GetServer().GetType() == mpi.ServerSettings_SERVER_SETTINGS_TYPE_GRPC {
+			cmd.Server.Type = Grpc
 		}
 	} else {
 		cmd.Server = nil
@@ -55,10 +55,15 @@ func ToCommandProto(cmd *Command) *mpi.CommandServer {
 
 	// Map ServerConfig to the ServerSettings
 	if cmd.Server != nil {
+		protoServerType := mpi.ServerSettings_SERVER_SETTINGS_TYPE_UNDEFINED
+		if cmd.Server.Type == Grpc {
+			protoServerType = mpi.ServerSettings_SERVER_SETTINGS_TYPE_GRPC
+		}
+
 		protoConfig.Server = &mpi.ServerSettings{
 			Host: cmd.Server.Host,
 			Port: int32(cmd.Server.Port),
-			Type: mpi.ServerSettings_ServerType(cmd.Server.Type + 1),
+			Type: protoServerType,
 		}
 	}
 

internal/config/mapper_test.go

@@ -23,7 +23,7 @@ func TestFromCommandProto(t *testing.T) {
 				Server: &mpi.ServerSettings{
 					Host: getAgentConfig().Command.Server.Host,
 					Port: int32(getAgentConfig().Command.Server.Port),
-					Type: 1,
+					Type: mpi.ServerSettings_SERVER_SETTINGS_TYPE_GRPC,
 				},
 				Auth: &mpi.AuthSettings{},
 				Tls: &mpi.TLSSettings{
@@ -64,7 +64,7 @@ func TestFromCommandProto(t *testing.T) {
 				Server: &mpi.ServerSettings{
 					Host: getAgentConfig().Command.Server.Host,
 					Port: int32(getAgentConfig().Command.Server.Port),
-					Type: 1, // gRPC
+					Type: mpi.ServerSettings_SERVER_SETTINGS_TYPE_GRPC,
 				},
 				Tls: &mpi.TLSSettings{
 					Cert:       getAgentConfig().Command.TLS.Cert,
@@ -86,7 +86,7 @@ func TestFromCommandProto(t *testing.T) {
 				Server: &mpi.ServerSettings{
 					Host: getAgentConfig().Command.Server.Host,
 					Port: int32(getAgentConfig().Command.Server.Port),
-					Type: 1, // Change to HTTP when supported
+					Type: mpi.ServerSettings_SERVER_SETTINGS_TYPE_GRPC,
 				},
 				Auth: &mpi.AuthSettings{},
 			},
@@ -132,7 +132,7 @@ func TestToCommandProto(t *testing.T) {
 				Server: &mpi.ServerSettings{
 					Host: getAgentConfig().Command.Server.Host,
 					Port: int32(getAgentConfig().Command.Server.Port),
-					Type: 2,
+					Type: mpi.ServerSettings_SERVER_SETTINGS_TYPE_GRPC,
 				},
 				Auth: &mpi.AuthSettings{},
 				Tls: &mpi.TLSSettings{
@@ -174,7 +174,7 @@ func TestToCommandProto(t *testing.T) {
 				Server: &mpi.ServerSettings{
 					Host: getAgentConfig().Command.Server.Host,
 					Port: int32(getAgentConfig().Command.Server.Port),
-					Type: 2, // gRPC
+					Type: mpi.ServerSettings_SERVER_SETTINGS_TYPE_GRPC,
 				},
 				Tls: &mpi.TLSSettings{
 					Cert:       getAgentConfig().Command.TLS.Cert,
@@ -196,7 +196,7 @@ func TestToCommandProto(t *testing.T) {
 				Server: &mpi.ServerSettings{
 					Host: getAgentConfig().Command.Server.Host,
 					Port: int32(getAgentConfig().Command.Server.Port),
-					Type: 2,
+					Type: mpi.ServerSettings_SERVER_SETTINGS_TYPE_GRPC,
 				},
 				Auth: &mpi.AuthSettings{},
 			},

internal/config/testdata/invalid-format-nginx-agent.conf

@@ -0,0 +1,3 @@
+log:
+level: debug
+