X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=installers%2Fcharm%2Fnbi%2Fsrc%2Fpod_spec.py;h=b8f5904dc3dedd3af33437129eb8c36384ae88d2;hb=49379ced23b5e344a773ce77ac9cb59c1864e19b;hp=4bbe334e650670f51fa1134bdb14e35aa2fa9331;hpb=6248fe6005403005832d6e770e83322d5f679e0f;p=osm%2Fdevops.git diff --git a/installers/charm/nbi/src/pod_spec.py b/installers/charm/nbi/src/pod_spec.py index 4bbe334e..b8f5904d 100644 --- a/installers/charm/nbi/src/pod_spec.py +++ b/installers/charm/nbi/src/pod_spec.py @@ -20,173 +20,150 @@ # osm-charmers@lists.launchpad.net ## -import logging -from pydantic import ( - BaseModel, - conint, - constr, - IPvAnyNetwork, - PositiveInt, - validator, - ValidationError, -) -from typing import Any, Dict, List, Optional +from ipaddress import ip_network +from typing import Any, Callable, Dict, List, NoReturn from urllib.parse import urlparse -logger = logging.getLogger(__name__) +def _validate_max_file_size(max_file_size: int, site_url: str) -> bool: + """Validate max_file_size. -class ConfigData(BaseModel): - """Configuration data model.""" - - enable_test: bool - database_commonkey: constr(min_length=1) - log_level: constr(regex=r"^(INFO|DEBUG)$") - auth_backend: constr(regex=r"^(internal|keystone)$") - site_url: Optional[str] - max_file_size: Optional[conint(ge=0)] - ingress_whitelist_source_range: Optional[IPvAnyNetwork] - tls_secret_name: Optional[str] - - @validator("max_file_size", pre=True, always=True) - def validate_max_file_size(cls, value, values, **kwargs): - site_url = values.get("site_url") - - if not site_url: - return value - - parsed = urlparse(site_url) - - if not parsed.scheme.startswith("http"): - return value - - if value is None: - raise ValueError("max_file_size needs to be defined if site_url is defined") - - return value - - @validator("ingress_whitelist_source_range", pre=True, always=True) - def validate_ingress_whitelist_source_range(cls, value, values, **kwargs): - if not value: - return None - - return value - - -class RelationData(BaseModel): - """Relation data model.""" - - message_host: str - message_port: PositiveInt - database_uri: constr(regex=r"^(mongo://)") - prometheus_host: str - prometheus_port: PositiveInt - keystone: bool - keystone_host: Optional[constr(min_length=1)] - keystone_port: Optional[PositiveInt] - keystone_user_domain_name: Optional[constr(min_length=1)] - keystone_project_domain_name: Optional[constr(min_length=1)] - keystone_username: Optional[constr(min_length=1)] - keystone_password: Optional[constr(min_length=1)] - keystone_service: Optional[constr(min_length=1)] - - @validator("keystone_host", pre=True, always=True) - def validate_keystone_host(cls, value, values, **kwargs): - keystone = values.get("keystone") - - if not keystone: - return value - - if value is None: - raise ValueError( - "keystone_host needs to be defined if keystone is configured" - ) - - return value + Args: + max_file_size (int): maximum file size allowed. + site_url (str): endpoint url. - @validator("keystone_port", pre=True, always=True) - def validate_keystone_port(cls, value, values, **kwargs): - keystone = values.get("keystone") + Returns: + bool: True if valid, false otherwise. + """ + if not site_url: + return True - if not keystone: - return value + parsed = urlparse(site_url) - if value is None: - raise ValueError( - "keystone_port needs to be defined if keystone is configured" - ) + if not parsed.scheme.startswith("http"): + return True - return value + if max_file_size is None: + return False - @validator("keystone_user_domain_name", pre=True, always=True) - def validate_keystone_user_domain_name(cls, value, values, **kwargs): - keystone = values.get("keystone") + return max_file_size >= 0 - if not keystone: - return value - if value is None: - raise ValueError( - "keystone_user_domain_name needs to be defined if keystone is configured" - ) +def _validate_ip_network(network: str) -> bool: + """Validate IP network. - return value + Args: + network (str): IP network range. - @validator("keystone_project_domain_name", pre=True, always=True) - def validate_keystone_project_domain_name(cls, value, values, **kwargs): - keystone = values.get("keystone") + Returns: + bool: True if valid, false otherwise. + """ + if not network: + return True - if not keystone: - return value + try: + ip_network(network) + except ValueError: + return False - if value is None: - raise ValueError( - "keystone_project_domain_name needs to be defined if keystone is configured" - ) + return True - return value - @validator("keystone_username", pre=True, always=True) - def validate_keystone_username(cls, value, values, **kwargs): - keystone = values.get("keystone") +def _validate_keystone_config(keystone: bool, value: Any, validator: Callable) -> bool: + """Validate keystone configurations. - if not keystone: - return value + Args: + keystone (bool): is keystone enabled, true if so, false otherwise. + value (Any): value to be validated. + validator (Callable): function to validate configuration. - if value is None: - raise ValueError( - "keystone_username needs to be defined if keystone is configured" - ) + Returns: + bool: true if valid, false otherwise. + """ + if not keystone: + return True - return value + return validator(value) - @validator("keystone_password", pre=True, always=True) - def validate_keystone_password(cls, value, values, **kwargs): - keystone = values.get("keystone") - if not keystone: - return value +def _validate_data( + config_data: Dict[str, Any], relation_data: Dict[str, Any], keystone: bool +) -> NoReturn: + """Validate input data. - if value is None: - raise ValueError( - "keystone_password needs to be defined if keystone is configured" - ) + Args: + config_data (Dict[str, Any]): configuration data. + relation_data (Dict[str, Any]): relation data. + keystone (bool): is keystone to be used. + """ + config_validators = { + "enable_test": lambda value, _: isinstance(value, bool), + "database_commonkey": lambda value, _: ( + isinstance(value, str) and len(value) > 1 + ), + "log_level": lambda value, _: ( + isinstance(value, str) and value in ("INFO", "DEBUG") + ), + "auth_backend": lambda value, _: ( + isinstance(value, str) and (value == "internal" or value == "keystone") + ), + "site_url": lambda value, _: isinstance(value, str) + if value is not None + else True, + "max_file_size": lambda value, values: _validate_max_file_size( + value, values.get("site_url") + ), + "ingress_whitelist_source_range": lambda value, _: _validate_ip_network(value), + "tls_secret_name": lambda value, _: isinstance(value, str) + if value is not None + else True, + } + relation_validators = { + "message_host": lambda value, _: isinstance(value, str), + "message_port": lambda value, _: isinstance(value, int) and value > 0, + "database_uri": lambda value, _: ( + isinstance(value, str) and value.startswith("mongodb://") + ), + "prometheus_host": lambda value, _: isinstance(value, str), + "prometheus_port": lambda value, _: isinstance(value, int) and value > 0, + "keystone_host": lambda value, _: _validate_keystone_config( + keystone, value, lambda x: isinstance(x, str) and len(x) > 0 + ), + "keystone_port": lambda value, _: _validate_keystone_config( + keystone, value, lambda x: isinstance(x, int) and x > 0 + ), + "keystone_user_domain_name": lambda value, _: _validate_keystone_config( + keystone, value, lambda x: isinstance(x, str) and len(x) > 0 + ), + "keystone_project_domain_name": lambda value, _: _validate_keystone_config( + keystone, value, lambda x: isinstance(x, str) and len(x) > 0 + ), + "keystone_username": lambda value, _: _validate_keystone_config( + keystone, value, lambda x: isinstance(x, str) and len(x) > 0 + ), + "keystone_password": lambda value, _: _validate_keystone_config( + keystone, value, lambda x: isinstance(x, str) and len(x) > 0 + ), + "keystone_service": lambda value, _: _validate_keystone_config( + keystone, value, lambda x: isinstance(x, str) and len(x) > 0 + ), + } + problems = [] - return value + for key, validator in config_validators.items(): + valid = validator(config_data.get(key), config_data) - @validator("keystone_service", pre=True, always=True) - def validate_keystone_service(cls, value, values, **kwargs): - keystone = values.get("keystone") + if not valid: + problems.append(key) - if not keystone: - return value + for key, validator in relation_validators.items(): + valid = validator(relation_data.get(key), relation_data) - if value is None: - raise ValueError( - "keystone_service needs to be defined if keystone is configured" - ) + if not valid: + problems.append(key) - return value + if len(problems) > 0: + raise ValueError("Errors found in: {}".format(", ".join(problems))) def _make_pod_ports(port: int) -> List[Dict[str, Any]]: @@ -297,8 +274,9 @@ def _make_pod_ingress_resources( annotations = { "nginx.ingress.kubernetes.io/proxy-body-size": "{}".format( - max_file_size + "m" if max_file_size > 0 else max_file_size - ) + str(max_file_size) + "m" if max_file_size > 0 else max_file_size + ), + "nginx.ingress.kubernetes.io/backend-protocol": "HTTPS", } if ingress_whitelist_source_range: @@ -418,11 +396,7 @@ def make_pod_spec( if not image_info: return None - ConfigData(**(config)) - RelationData( - **(relation_state), - keystone=True if config.get("auth_backend") == "keystone" else False, - ) + _validate_data(config, relation_state, config.get("auth_backend") == "keystone") ports = _make_pod_ports(port) env_config = _make_pod_envconfig(config, relation_state)