Ignore case when checking process path whitelist (#40)

* Ignore case when checking process path whitelist

* Make all references to C: to c:

* Change process_test to C:\ to test casing issues

* Bump wins version for upgrade

charts/rancher-wins-upgrader/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: rancher-wins-upgrader
 version: 0.0.1
-appVersion: 0.1.0
+appVersion: 0.1.1
 annotations:
   catalog.cattle.io/certified: rancher
   catalog.cattle.io/namespace: cattle-wins-system

charts/rancher-wins-upgrader/README.md

@@ -24,7 +24,7 @@ If the second requirement is not met, there are two options to reconcile:
 
 This is the recommended approach for updating your Windows hosts, but it requires the user to log onto every Windows host to upgrade the wins config. After logging onto each host, you will need to do manually update the wins config.
 
-By default, the wins config is located in `C:\etc\rancher\wins\config`, but you could use the following powershell command to identify the command line arguments passed into the `rancher-wins` service (`--config` corresponds to the config path on the host):
+By default, the wins config is located in `c:\etc\rancher\wins\config`, but you could use the following powershell command to identify the command line arguments passed into the `rancher-wins` service (`--config` corresponds to the config path on the host):
 ```powershell
 (Get-CimInstance Win32_Service -Filter 'Name = "rancher-wins"').PathName
 ```

charts/rancher-wins-upgrader/scripts/upgrade.ps1

@@ -36,7 +36,7 @@ function Transfer-File
     $null = Copy-Item -Force -Path $Src -Destination $Dst
 }
 
-$prefixPath = 'C:\'
+$prefixPath = 'c:\'
 if ($env:CATTLE_PREFIX_PATH) {
     $prefixPath = $env:CATTLE_PREFIX_PATH
 }
@@ -50,11 +50,11 @@ $winsUpgradeDir = Split-Path -Path $winsUpgradePath
 $winsUpgradeFilename = Split-Path -Path $winsUpgradePath -Leaf
 
 Create-Directory -Path $winsUpgradeDir
-Transfer-File -Src "C:\Windows\wins.exe" -Dst $winsUpgradePath
+Transfer-File -Src "c:\Windows\wins.exe" -Dst $winsUpgradePath
 
-Create-Directory -Path "C:\host\etc\rancher\wins"
-Transfer-File -Src $winsUpgradePath -Dst "C:\host\etc\rancher\wins\$winsUpgradeFilename"
-Transfer-File -Src "C:\scripts\config" -Dst "C:\host\etc\rancher\wins\config"
+Create-Directory -Path "c:\host\etc\rancher\wins"
+Transfer-File -Src $winsUpgradePath -Dst "c:\host\etc\rancher\wins\$winsUpgradeFilename"
+Transfer-File -Src "c:\scripts\config" -Dst "c:\host\etc\rancher\wins\config"
 
 $winsOut = wins.exe cli prc run --path=$winsUpgradePath --args="up --wins-args=`'--config=$winsUpgradeDir\config`'"
 

charts/rancher-wins-upgrader/templates/_helpers.tpl

@@ -39,7 +39,7 @@ provider: kubernetes
 {{- end -}}
 
 {{- define "winsUpgrader.winsHostPath" -}}
-{{ default "C:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "\\\\" "\\" | replace "\\" "/" }}etc/rancher/wins
+{{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "\\\\" "\\" | replace "\\" "/" }}etc/rancher/wins
 {{- end -}}
 
 {{- define "winsUpgrader.winsMasqueradePath" -}}

charts/rancher-wins-upgrader/templates/daemonset.yaml

@@ -25,26 +25,26 @@ spec:
       containers:
       - name: noop
         image: {{ template "system_default_registry" $ }}{{ required "Must provide name for .Values.winsConfigs[].image.repository" .image.repository }}:{{ required "Must provide name for .Values.winsConfigs[].tag" .image.tag }}
-        command: ["pwsh", "-f", "C:/scripts/noop.ps1"]
+        command: ["pwsh", "-f", "c:/scripts/noop.ps1"]
         volumeMounts:
         - name: upgrade-scripts
-          mountPath: C:/scripts
+          mountPath: c:/scripts
       initContainers:
       - name: wins-upgrader
         image: {{ template "system_default_registry" $ }}{{ .image.repository }}:{{ .image.tag }}
-        command: ["pwsh", "-f", "C:/scripts/upgrade.ps1"]
+        command: ["pwsh", "-f", "c:/scripts/upgrade.ps1"]
         volumeMounts:
         - name: wins-pipe
           mountPath: \\.\pipe\rancher_wins
         - name: wins
-          mountPath: C:/host/etc/rancher/wins
+          mountPath: c:/host/etc/rancher/wins
         - name: upgrade-scripts
-          mountPath: C:/scripts
+          mountPath: c:/scripts
         env:
         - name: HELM_REVISION_NUMBER
           value: {{ $.Release.Revision | quote }}
         - name: CATTLE_PREFIX_PATH
-          value: {{ default "C:\\" $.Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}
+          value: {{ default "c:\\" $.Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}
 {{- if $.Values.masquerade.enabled }}
         - name: WINS_UPGRADE_PATH
           value: {{ include "winsUpgrader.winsMasqueradePath" $ }}

charts/rancher-wins-upgrader/values.yaml

@@ -7,7 +7,7 @@
 global:
   cattle:
     systemDefaultRegistry: ""
-    rkeWindowsPathPrefix: "C:\\"
+    rkeWindowsPathPrefix: "c:\\"
 
 ## One or more configurations for the wins server to be applied across all of the nodes based on the nodeSelector and tolerations provided
 ##
@@ -16,26 +16,26 @@ winsConfigs:
   image:
     # TODO(aiyengar2): replace with an image that just contains wins
     repository: rancher/wins
-    tag: v0.1.0
+    tag: v0.1.1
     os: "windows"
   config: |
     debug: false
     listen: rancher_wins
     proxy: rancher_wins_proxy
     whiteList:
       processPaths:
-        - {{ default "C:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\rancher\wins\wins-upgrade.exe
-        - {{ default "C:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\windows-exporter\windows-exporter.exe
-        - {{ default "C:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\wmi-exporter\wmi-exporter.exe
-        - {{ default "C:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\kubernetes\bin\kube-proxy.exe
-        - {{ default "C:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\kubernetes\bin\kubelet.exe
-        - {{ default "C:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\nginx\nginx.exe
-        - {{ default "C:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}opt\bin\flanneld.exe
+        - {{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\rancher\wins\wins-upgrade.exe
+        - {{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\windows-exporter\windows-exporter.exe
+        - {{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\wmi-exporter\wmi-exporter.exe
+        - {{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\kubernetes\bin\kube-proxy.exe
+        - {{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\kubernetes\bin\kubelet.exe
+        - {{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\nginx\nginx.exe
+        - {{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}opt\bin\flanneld.exe
       proxyPorts:
         - 9796
     upgrade:
       mode: watching
-      watchingPath: {{ default "C:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\rancher\wins\wins.exe
+      watchingPath: {{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\rancher\wins\wins.exe
   # By default, `kubernetes.io/os: windows` or `beta.kubernetes.io/os: windows` will be included
   nodeSelector: {}
   # If provided, these tolerations will be used. Otherwise, it defaults to `[ {operator: Exists} ]`
@@ -57,4 +57,4 @@ masquerade:
   # wmi_exporter is the only default whitelisted process that may or may not be run on the host, since
   # it is only ever deployed if the Windows cluster is also using Prometheus-based Windows monitoring (e.g. Rancher Monitoring V1)
   # All of the other default whitelisted processes are required for the Kubernetes cluster to operate
-  as: '{{ default "C:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\wmi-exporter\wmi-exporter.exe'
+  as: '{{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }}etc\wmi-exporter\wmi-exporter.exe'

cmd/grpcs/process_path_whitelist.go

@@ -3,6 +3,7 @@ package grpcs
 import (
 	"context"
 	"path/filepath"
+	"strings"
 
 	"github.com/rancher/wins/pkg/types"
 	"google.golang.org/grpc"
@@ -13,13 +14,15 @@ import (
 func ProcessPathUnaryServerInterceptor(whitelist []string) grpc.UnaryServerInterceptor {
 	whitelistIndex := make(map[string]struct{}, len(whitelist))
 	for _, wl := range whitelist {
-		whitelistIndex[filepath.Clean(wl)] = struct{}{}
+		path := strings.ToLower(filepath.Clean(wl))
+		whitelistIndex[path] = struct{}{}
 	}
 
 	return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
 		if info.FullMethod == "/wins.ProcessService/Start" {
 			if psr, ok := req.(*types.ProcessStartRequest); ok {
-				if _, exist := whitelistIndex[filepath.Clean(psr.Path)]; !exist {
+				path := strings.ToLower(filepath.Clean(psr.Path))
+				if _, exist := whitelistIndex[path]; !exist {
 					return nil, status.Errorf(codes.InvalidArgument, "invalid path")
 				}
 			}

tests/integration/process_test.ps1

@@ -35,8 +35,8 @@ Describe "process" {
         $config = @{
             whiteList = @{
                 processPaths = @(
-                    "c:\otherpath"
-                    "c:\etc\nginx\nginx.exe"
+                    "C:\otherpath"
+                    "C:\etc\nginx\nginx.exe"
                 )
             }
         }
@@ -82,7 +82,7 @@ Describe "process" {
         $config = @{
             whiteList = @{
                 processPaths = @(
-                    "c:\otherpath"
+                    "C:\otherpath"
                 )
             }
         }