Merge pull request #5 from mabrarov/feature/redis_config_filters

Quoting and escaping of redis.conf arguments

README.md

@@ -40,7 +40,7 @@ mvnw.cmd clean package -Ddocker-maven-plugin.version=0.34-SNAPSHOT
 1. Redis version
 
    ```bash
-   docker run --rm abrarov/redis:6.0.9-1.0.1
+   docker run --rm abrarov/redis:6.0.9-1.0.2
    ```
 
    Expected output looks like:
@@ -52,7 +52,7 @@ mvnw.cmd clean package -Ddocker-maven-plugin.version=0.34-SNAPSHOT
 1. [Redis CLI](https://github.com/redis/redis#playing-with-redis)
 
    ```bash
-   container_id="$(docker run -d abrarov/redis:6.0.9-1.0.1 redis-server)" && \
+   container_id="$(docker run -d abrarov/redis:6.0.9-1.0.2 redis-server)" && \
    docker exec "${container_id}" redis-cli ping && \
    docker rm -fv "${container_id}" > /dev/null
    ```
@@ -66,7 +66,7 @@ mvnw.cmd clean package -Ddocker-maven-plugin.version=0.34-SNAPSHOT
 1. j2cli version
 
    ```bash
-   docker run --rm abrarov/j2cli:0.3.10-1.0.1
+   docker run --rm abrarov/j2cli:0.3.10-1.0.2
    ```
 
    Expected output is:
@@ -88,7 +88,7 @@ Assuming the current directory is a directory where this repository is cloned.
 * Test connection to Redis
 
    ```bash
-   docker run --rm --network redis_default abrarov/redis:6.0.9-1.0.1 redis-cli -h redis ping
+   docker run --rm --network redis_default abrarov/redis:6.0.9-1.0.2 redis-cli -h redis ping
    ```
 
    Expected output is:
@@ -100,7 +100,7 @@ Assuming the current directory is a directory where this repository is cloned.
 * Put some data into Redis
 
    ```bash
-   docker run --rm --network redis_default abrarov/redis:6.0.9-1.0.1 redis-cli -h redis set foo bar
+   docker run --rm --network redis_default abrarov/redis:6.0.9-1.0.2 redis-cli -h redis set foo bar
    ```
 
    Expected output is:
@@ -124,7 +124,7 @@ Assuming the current directory is a directory where this repository is cloned.
 * Test persistence of stored data
 
    ```bash
-   docker run --rm --network redis_default abrarov/redis:6.0.9-1.0.1 redis-cli -h redis get foo
+   docker run --rm --network redis_default abrarov/redis:6.0.9-1.0.2 redis-cli -h redis get foo
    ```
 
    Expected output is:

docker-compose.yml

@@ -1,40 +1,47 @@
 version: '2.1'
 
+x-redis-conf-dir: &redis-conf-dir '/config'
+x-redis-conf-file: &redis-conf-file '/config/redis.conf'
+x-redis-data-dir: &redis-data-dir '/data'
+x-helper-dir: &helper-dir '/helper'
+x-helper-wrapper-script: &helper-wrapper-script '/helper/run.sh'
+x-helper-dockerize: &helper-dockerize '/helper/dockerize'
+
 services:
 
   helper:
-    image: '${IMAGE_REGISTRY:-abrarov}/redis-helper:${PROJECT_VERSION:-1.0.1}'
+    image: '${IMAGE_REGISTRY:-abrarov}/redis-helper:${PROJECT_VERSION:-1.0.2}'
     read_only: true
     volumes:
-      - '/helper'
+      - *helper-dir
 
   init:
-    image: '${IMAGE_REGISTRY:-abrarov}/redis-init:${PROJECT_VERSION:-1.0.1}'
-    command: '/helper/run.sh'
+    image: '${IMAGE_REGISTRY:-abrarov}/redis-init:${PROJECT_VERSION:-1.0.2}'
+    command: *helper-wrapper-script
     environment:
       INIT_COMMAND: '/run.sh'
-      REDIS_CONFIG_DIR: '/config'
+      REDIS_CONFIG_FILE: *redis-conf-file
       REDIS_PORT: '6379'
       REDIS_LISTEN_BACKLOG: '128'
       REDIS_PROTECTED_MODE: 'no'
-      REDIS_DATA_DIR: '/data'
+      REDIS_DATA_DIR: *redis-data-dir
     read_only: true
     volumes:
       - '/tmp'
-      - '/config'
+      - *redis-conf-dir
     volumes_from:
       - 'helper:ro'
 
   redis:
-    image: '${IMAGE_REGISTRY:-abrarov}/redis:${REDIS_VERSION:-6.0.9}-${PROJECT_VERSION:-1.0.1}'
+    image: '${IMAGE_REGISTRY:-abrarov}/redis:${REDIS_VERSION:-6.0.9}-${PROJECT_VERSION:-1.0.2}'
     command:
-      - '/helper/dockerize'
+      - *helper-dockerize
       - '-wait'
       - 'tcp://init:8080'
       - '-timeout'
       - '60s'
       - 'redis-server'
-      - '/config/redis.conf'
+      - *redis-conf-file
     healthcheck:
       test:
         - 'CMD'
@@ -50,7 +57,7 @@ services:
     read_only: true
     volumes:
       - '/tmp'
-      - '/data'
+      - *redis-data-dir
     volumes_from:
       - 'helper:ro'
       - 'init:ro'

helper-image/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>io.fabric8.dmp.samples</groupId>
         <artifactId>redis-builder-parent</artifactId>
-        <version>1.0.1</version>
+        <version>1.0.2</version>
     </parent>
 
     <artifactId>helper-image</artifactId>

j2cli-builder-image/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>io.fabric8.dmp.samples</groupId>
         <artifactId>redis-builder-parent</artifactId>
-        <version>1.0.1</version>
+        <version>1.0.2</version>
     </parent>
 
     <artifactId>j2cli-builder-image</artifactId>

j2cli-dist/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>io.fabric8.dmp.samples</groupId>
         <artifactId>redis-builder-parent</artifactId>
-        <version>1.0.1</version>
+        <version>1.0.2</version>
     </parent>
 
     <artifactId>j2cli-dist</artifactId>

j2cli-image/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>io.fabric8.dmp.samples</groupId>
         <artifactId>redis-builder-parent</artifactId>
-        <version>1.0.1</version>
+        <version>1.0.2</version>
     </parent>
 
     <artifactId>j2cli-image</artifactId>

pom.xml

@@ -4,7 +4,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>io.fabric8.dmp.samples</groupId>
     <artifactId>redis-builder-parent</artifactId>
-    <version>1.0.1</version>
+    <version>1.0.2</version>
     <packaging>pom</packaging>
 
     <scm>

redis-builder-image/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>io.fabric8.dmp.samples</groupId>
         <artifactId>redis-builder-parent</artifactId>
-        <version>1.0.1</version>
+        <version>1.0.2</version>
     </parent>
 
     <artifactId>redis-builder-image</artifactId>

redis-dist/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>io.fabric8.dmp.samples</groupId>
         <artifactId>redis-builder-parent</artifactId>
-        <version>1.0.1</version>
+        <version>1.0.2</version>
     </parent>
 
     <artifactId>redis-dist</artifactId>

redis-image/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>io.fabric8.dmp.samples</groupId>
         <artifactId>redis-builder-parent</artifactId>
-        <version>1.0.1</version>
+        <version>1.0.2</version>
     </parent>
 
     <artifactId>redis-image</artifactId>

redis-init-image/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>io.fabric8.dmp.samples</groupId>
         <artifactId>redis-builder-parent</artifactId>
-        <version>1.0.1</version>
+        <version>1.0.2</version>
     </parent>
 
     <artifactId>redis-init-image</artifactId>

redis-init-image/src/assembly/rootfs.xml

@@ -7,6 +7,22 @@
     </formats>
     <includeBaseDirectory>false</includeBaseDirectory>
     <fileSets>
+        <!--
+            This file set adds directory TAR entry corresponding to the the following tree:
+            /
+            └─── config (0777)
+         -->
+        <fileSet>
+            <outputDirectory/>
+            <directory>src/main/resources/rootfs</directory>
+            <excludes>
+                <exclude>**/*.*</exclude>
+            </excludes>
+            <includes>
+                <include>config</include>
+            </includes>
+            <directoryMode>0777</directoryMode>
+        </fileSet>
         <fileSet>
             <outputDirectory>bin</outputDirectory>
             <directory>${project.build.directory}</directory>
@@ -26,30 +42,14 @@
             <filtered>true</filtered>
         </fileSet>
         <fileSet>
-            <outputDirectory>template</outputDirectory>
-            <directory>src/main/resources/rootfs/template</directory>
+            <outputDirectory/>
+            <directory>src/main/resources/rootfs</directory>
             <includes>
                 <include>*.j2</include>
+                <include>*.py</include>
             </includes>
-            <directoryMode>0444</directoryMode>
             <fileMode>0444</fileMode>
             <lineEnding>unix</lineEnding>
         </fileSet>
-        <!--
-            This file set adds directory TAR entry corresponding to the the following tree:
-            /
-            └─── config (0777)
-         -->
-        <fileSet>
-            <outputDirectory/>
-            <directory>src/main/resources/rootfs</directory>
-            <excludes>
-                <exclude>**/*.*</exclude>
-            </excludes>
-            <includes>
-                <include>config</include>
-            </includes>
-            <directoryMode>0777</directoryMode>
-        </fileSet>
     </fileSets>
 </assembly>

redis-init-image/src/main/resources/Dockerfile

@@ -4,14 +4,17 @@ USER root
 
 ADD ["rootfs.tar", "/"]
 
+ENV PATH="@j2cli.venv.dir@/bin:${PATH}"
+
 RUN ["/bin/busybox", "sh", "-c", "set -e && for cmd in $(/bin/busybox --list); do /bin/busybox ln -s /bin/busybox \"/usr/bin/${cmd}\"; done"]
 
 USER nonroot
 
 CMD ["/run.sh"]
 
-ENV REDIS_CONFIG_DIR="/config" \
-    REDIS_CONFIG_TEMPLATE_DIR="/template" \
+ENV REDIS_CONFIG_FILE="/config/redis.conf" \
+    REDIS_CONFIG_TEMPLATE_FILE="/redis.conf.j2" \
+    REDIS_CONFIG_FILTERS_FILE="/filters.py" \
     REDIS_PORT="6379" \
     REDIS_PROTECTED_MODE="yes" \
     REDIS_LISTEN_BACKLOG="511" \

redis-init-image/src/main/resources/rootfs/filters.py

@@ -0,0 +1,19 @@
+# -*- coding: utf-8 -*-
+
+
+def quote_redis_conf_argument(text):
+    """
+    Escapes and quotes given text to make it safe for usage as an argument
+    in the Redis configuration file.
+
+    Refer to https://redis.io/topics/config and
+    https://github.com/redis/redis/blob/unstable/src/sds.c
+    """
+    if text is None:
+        return text
+    escaped = str(text) \
+        .replace('\\', '\\\\') \
+        .replace('\r', '\\r') \
+        .replace('\n', '\\n') \
+        .replace('"', '\\"')
+    return '"' + escaped + '"'

redis-init-image/src/main/resources/rootfs/template/redis.conf.j2 → redis-init-image/src/main/resources/rootfs/redis.conf.j2

@@ -84,7 +84,7 @@ bind 0.0.0.0
 # you are sure you want clients from other hosts to connect to Redis
 # even if no authentication is configured, nor a specific set of interfaces
 # are explicitly listed using the "bind" directive.
-protected-mode {{ REDIS_PROTECTED_MODE }}
+protected-mode {{ REDIS_PROTECTED_MODE | quote_redis_conf_argument }}
 
 # Accept connections on the specified port, default is 6379 (IANA #815344).
 # If port 0 is specified Redis will not listen on a TCP socket.
@@ -97,7 +97,7 @@ port 6379
 # will silently truncate it to the value of /proc/sys/net/core/somaxconn so
 # make sure to raise both the value of somaxconn and tcp_max_syn_backlog
 # in order to get the desired effect.
-tcp-backlog {{ REDIS_LISTEN_BACKLOG }}
+tcp-backlog {{ REDIS_LISTEN_BACKLOG | quote_redis_conf_argument }}
 
 # Unix socket.
 #
@@ -252,7 +252,7 @@ pidfile /var/run/redis_6379.pid
 # verbose (many rarely useful info, but not a mess like the debug level)
 # notice (moderately verbose, what you want in production probably)
 # warning (only very important / critical messages are logged)
-loglevel {{ REDIS_LOG_LEVEL }}
+loglevel {{ REDIS_LOG_LEVEL | quote_redis_conf_argument }}
 
 # Specify the log file name. Also the empty string can be used to force
 # Redis to log on the standard output. Note that if you use standard
@@ -280,7 +280,7 @@ databases 16
 #
 # However it is possible to force the pre-4.0 behavior and always show a
 # ASCII art logo in startup logs by setting the following option to yes.
-always-show-logo {{ REDIS_SHOW_LOGO }}
+always-show-logo {{ REDIS_SHOW_LOGO | quote_redis_conf_argument }}
 
 ################################ SNAPSHOTTING  ################################
 #
@@ -362,7 +362,7 @@ rdb-del-sync-files no
 # The Append Only File will also be created inside this directory.
 #
 # Note that you must specify a directory here, not a file name.
-dir {{ REDIS_DATA_DIR }}
+dir {{ REDIS_DATA_DIR | quote_redis_conf_argument }}
 
 ################################# REPLICATION #################################
 
@@ -1086,7 +1086,7 @@ oom-score-adj-values 0 200 800
 #
 # Please check http://redis.io/topics/persistence for more information.
 
-appendonly {{ REDIS_APPENDONLY }}
+appendonly {{ REDIS_APPENDONLY | quote_redis_conf_argument }}
 
 # The name of the append only file (default: "appendonly.aof")
 

redis-init-image/src/main/resources/rootfs/run.sh

@@ -2,6 +2,7 @@
 
 set -e
 
-export PATH="@j2cli.venv.dir@/bin:${PATH}"
-
-j2 --import-env="" -o "${REDIS_CONFIG_DIR}/redis.conf" "${REDIS_CONFIG_TEMPLATE_DIR}/redis.conf.j2"
+j2 --import-env="" \
+  --filters "${REDIS_CONFIG_FILTERS_FILE}" \
+  -o "${REDIS_CONFIG_FILE}" \
+  "${REDIS_CONFIG_TEMPLATE_FILE}"