- deviceatlas-log-level
- deviceatlas-separator
- deviceatlas-properties-cookie
+ - expose-experimental-directives
- external-check
- gid
- group
Client-side component was used during the request. This directive is optional
and set to DAPROPS by default if not set.
+expose-experimental-directives
+ This statement must appear before using directives tagged as experimental or
+ the config file will be rejected.
+
external-check
Allows the use of an external agent to perform health checks. This is
disabled by default as a security precaution, and even when enabled, checks
};
enum cfg_keyword_flags {
- KWF_UNIMPLEMENTED, // TO REMOVE once an enum value is implemented
+ KWF_EXPERIMENTAL = 0x1,
};
struct cfg_keyword {
/* handle 'tainted' status */
enum tainted_flags {
- TAINTED_UNIMPLEMENTED, // TO REMOVE once an enum value is implemented
+ TAINTED_CONFIG_EXP_KW_DECLARED = 0x1,
};
void mark_tainted(const enum tainted_flags flag);
unsigned int get_tainted();
+extern unsigned int experimental_directives_allowed;
+
+struct cfg_keyword;
+int check_kw_experimental(struct cfg_keyword *kw, const char *file, int linenum,
+ char **errmsg);
+
/* simplified way to declare static build options in a file */
#define REGISTER_BUILD_OPTS(str) \
INITCALL2(STG_REGISTER, hap_register_build_opts, (str), 0)
alertif_too_many_args(0, file, linenum, args, &err_code);
goto out;
}
+ else if (strcmp(args[0], "expose-experimental-directives") == 0) {
+ experimental_directives_allowed = 1;
+ }
else if (strcmp(args[0], "daemon") == 0) {
if (alertif_too_many_args(0, file, linenum, args, &err_code))
goto out;
if (kwl->kw[index].section != CFG_GLOBAL)
continue;
if (strcmp(kwl->kw[index].kw, args[0]) == 0) {
+ if (check_kw_experimental(&kwl->kw[index], file, linenum, &errmsg)) {
+ ha_alert(errmsg);
+ err_code |= ERR_ALERT | ERR_FATAL;
+ goto out;
+ }
+
rc = kwl->kw[index].parse(args, CFG_GLOBAL, NULL, NULL, file, linenum, &errmsg);
if (rc < 0) {
ha_alert("parsing [%s:%d] : %s\n", file, linenum, errmsg);
if (kwl->kw[index].section != CFG_LISTEN)
continue;
if (strcmp(kwl->kw[index].kw, args[0]) == 0) {
+ if (check_kw_experimental(&kwl->kw[index], file, linenum, &errmsg)) {
+ ha_alert(errmsg);
+ err_code |= ERR_ALERT | ERR_FATAL;
+ goto out;
+ }
+
/* prepare error message just in case */
rc = kwl->kw[index].parse(args, CFG_LISTEN, curproxy, curr_defproxy, file, linenum, &errmsg);
if (rc < 0) {
/* set if experimental features have been used for the current process */
static unsigned int tainted = 0;
+unsigned int experimental_directives_allowed = 0;
+
+int check_kw_experimental(struct cfg_keyword *kw, const char *file, int linenum,
+ char **errmsg)
+{
+ if (kw->flags & KWF_EXPERIMENTAL) {
+ if (!experimental_directives_allowed) {
+ memprintf(errmsg, "parsing [%s:%d] : '%s' directive is experimental, must be allowed via a global 'expose-experimental-directives'\n",
+ file, linenum, kw->kw);
+ return 1;
+ }
+ mark_tainted(TAINTED_CONFIG_EXP_KW_DECLARED);
+ }
+
+ return 0;
+}
+
/* master CLI configuration (-S flag) */
struct list mworker_cli_conf = LIST_HEAD_INIT(mworker_cli_conf);
projects / thirdparty / haproxy.git / commitdiff
