fix: Issue #9364 JSON config validation

[gsergey418alt]

Fixes #9364. Disallow unknown fields when updating the config with ipfs config
Before:

$ ipfs config --json -- Provider  '{"Foo":""}' &&  ipfs config --json -- Provider && echo ok
{
  "Foo": ""
}
ok
$

After:

$ ipfs config --json -- Provider  '{"Foo":""}' &&  ipfs config --json -- Provider && echo ok
Error: failed to set config value: failure to decode config: json: unknown field "Foo" (maybe use --json?)
$

[guillaumemichel]

Triage notes:

• Changelog should be moved to 0.34
• Strict config file parsing should be optional (CLI flag e.g ipfs daemon --allow-unknown-config-fields--disallow-unknown-config-fields, true by default) to avoid breaking existing users

[gsergey418alt]

Yeah, you're right, that would break existing users, will fix that tomorrow.

[guillaumemichel]

Thanks @gsergey418alt for your contribution.

Could you add a flag to enable/disable strict config JSON parsing? e.g ipfs daemon --allow-unknown-config-fields, true by default.

This would allow existing users to pass that flag to continue using the same config, and would facilitate development when comparing different versions with the same config.

[gsergey418alt]

Docker commands still failing in CI, maybe some issue on your side? I don't see anything related to ipfs config.

[gsergey418alt]

@guillaumemichel The existing users can keep using the same config, the validation is only done on the ipfs config command.

[guillaumemichel]

what is the reason to define a new function, and not use ToMap defined above?

[gsergey418alt]

There's no way to get encoding/json package (which is used in the ToMap function) to ignore the struct tags like json:",omitempty" that hide the map fields. That means that the user wouldn't be able to set these fields, since this map is used to validate user's input from ipfs config. Had to use the reflect package to make that happen.

[gsergey418alt]

Same stuff with the docker commands

[guillaumemichel]

I just checked locally, and only this PR is failing the docker sharness tests. master doesn't have this issue.

• this CID probably needs to be adjusted. Not sure what it corresponds to, but maybe one of the files defined above?
• this test seems directly linked with the config

[gsergey418alt]

@guillaumemichel Yep, seen that test. I fixed the values to be valid, but it's still failing because the docker container isn't starting up.

[guillaumemichel]

Turns out Datastore.Path isn't a valid config anymore: old style datatstore config detected, which is why the docker tests were failing.

Just opened #10686 to address the outdated ipfs config --help.

[gsergey418alt]

Awesome, good catch.

[guillaumemichel]

I updated the ReflectToMap since it was missing some cases, and added a test for it.

@gsergey418alt could you please adapt CheckKey accordingly, and add extensive sharness tests e.g in t0021-config.sh covering all possible key types (e.g bool, int, string, list, nested struct, etc.) both in json and "." (Key1.Key2.Key3) format where possible.

[gsergey418alt]

Good work, but you would need a way to distinguish between in-config maps and structure. In my implementation, this was done via the "map" value of a field, so when the validator encounters this field, it knows that the user is trying to set nested value inside a map and it discards the rest of key. I think I should've named the function something like GetValidationMap or something

[guillaumemichel]

you would need a way to distinguish between in-config maps and structure

@gsergey418alt could you expand on that? I am not sure to understand the difference in practice.

If your implementation works better, we can use it, I just want to cover all corner cases, and to test everything.

[gsergey418alt]

@guillaumemichel If we run ipfs config --json Routing.Routers.Test "{\"Parameters\":\"Test\",\"Type\":\"Test\"}", we need a way to know that .Test is a user-defined entry in the Routers map and isn't supposed to be validated.

[guillaumemichel]

@guillaumemichel If we run ipfs config --json Routing.Routers.Test "{"Parameters":"Test","Type":"Test"}", we need a way to know that .Test is a user-defined entry in the Routers map and isn't supposed to be validated.

Ok I see. Would that work for maps that have nested types?

[gsergey418alt]

@guillaumemichel Hmm, haven't thought about that actually. Maybe we could create a "ref" element inside that map that could be validated against if you want that covered.

[gsergey418alt]

@guillaumemichel I've added sharness test for other data types, changed function name to GetValidationMap. I've also changed the behavior of the function for maps, as it was in my previous implementation, without validation for map-nested structures. I won't be active until Monday, so have a good weekend!

[guillaumemichel]

Could you add a test for Gateway.PublicGateways and to set all PublicGateways parameters? if this works as expected, we should be good and there is no need to modify the reflect code further.

Have a nice weekend!

[gsergey418alt]

@guillaumemichel I've solved the problem with validating structs inside maps, and it now works as expected. Added test for PublicGateways.

[guillaumemichel]

@guillaumemichel I've solved the problem with validating structs inside maps, and it now works as expected. Added test for PublicGateways.

Looks good thanks!

A sharness test is still failing, probably due to the following config command:

ipfs config --json Plugins.Plugins.peerlog.Config.Enabled true

Additionally, could you also add a test TestCheckKey in config_test.go testing a few possible keys?

[gsergey418alt]

Added handling for interface{} in the config, like Plugins.Plugins.peerlog.Config.Enabled

[guillaumemichel]

@gsergey418alt would that work? Using "any" as key seems strange.

Suggested change

	if v, ok := cursor.(string); ok && v == "any" {
	return nil
	}
	if cursor == nil {
	return nil
	}

[gsergey418alt]

I think I'm using it as a value here, try printing json.Marshal(confmap)

[guillaumemichel]

what do you mean?

I just think using the string "any" is strange. Would it work to test for a nil pointer or empty string instead? And adapting ReflectToMap accordingly.

[gsergey418alt]

There are other empty strings in the output of ReflectToMap. Nil pointer could work, but "any" is perhaps more expressive e. g. this key contain anything, stop validating. I can change it to nil ptr if you want to.

[gsergey418alt]

NVM, empty strings and nil values would also work

[gsergey418alt]

NVM, It wouldn't work with empty strings, but it would still fail at a later stage.

[gsergey418alt]

Changed "any" to nil