Updating regex and improved debug

tapis-project · Nov 27, 2024 · 0c9f948 · 0c9f948
1 parent e69feb6
commit 0c9f948
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 25 deletions.
diff --git a/service/api_pods_podid_func.py b/service/api_pods_podid_func.py
@@ -342,13 +342,13 @@ async def pod_auth(pod_id_net, request: Request):
     # 'x-real-ip': '10.233.72.193'    
 
     # if not authenticated, start the OAuth flow
-    pod = Pod.db_get_with_pk(pod_id, tenant=g.request_tenant_id, site=g.site_id)
+    pod_init = Pod.db_get_with_pk(pod_id, tenant=g.request_tenant_id, site=g.site_id)
 
-    if pod.template:
+    if pod_init.template:
         # Derive the final pod object by combining the pod and templates
-        final_pod = combine_pod_and_template_recursively(pod, pod.template, tenant=g.request_tenant_id, site=g.site_id)
+        pod = combine_pod_and_template_recursively(pod_init, pod_init.template, tenant=g.request_tenant_id, site=g.site_id)
     else:
-        final_pod = pod
+        pod = pod_init
 
     net_info = pod.networking.get(network_key, None)
     if not net_info:
@@ -357,7 +357,10 @@ async def pod_auth(pod_id_net, request: Request):
     # check if dict
     # net_info
     if type(net_info) is not dict:
-        return JSONResponse(content = f"Pod {pod_id} net_info is not a dict, it's a {type(net_info)}", status_code = 500)
+        try:
+            net_info = net_info.dict()
+        except Exception as e:
+            raise Exception(f"Error converting net_info to dict: {e}")
 
     authenticated, xTapisUsername, _ = is_logged_in(request.cookies)
     # if already authenticated, return 200, which will allow the request to continue in Traefik
@@ -444,18 +447,24 @@ def callback(pod_id_net, request: Request):
     parts = pod_id_net.split('-', 1)
     pod_id = parts[0]
     network_key = parts[1] if len(parts) > 1 else 'default'
-    pod = Pod.db_get_with_pk(pod_id, tenant=g.request_tenant_id, site=g.site_id)
-
-    if pod.template:
+    pod_init = Pod.db_get_with_pk(pod_id, tenant=g.request_tenant_id, site=g.site_id)
+    
+    if pod_init.template:
         # Derive the final pod object by combining the pod and templates
-        final_pod = combine_pod_and_template_recursively(pod, pod.template, tenant=g.request_tenant_id, site=g.site_id)
+        pod = combine_pod_and_template_recursively(pod_init, pod_init.template, tenant=g.request_tenant_id, site=g.site_id)
     else:
-        final_pod = pod
+        pod = pod_init
 
     net_info = pod.networking.get(network_key, None)
     if not net_info:
         raise Exception(f"Pod {pod_id} does not have networking key that matches pod_id_net: {pod_id_net}")
 
+    if type(net_info) is not dict:
+        try:
+            net_info = net_info.dict()
+        except Exception as e:
+            raise Exception(f"Error converting net_info to dict: {e}")
+
     pod_id, tapis_domain = net_info['url'].split('.pods.') ## Should return `mypod` & `tacc.tapis.io` with proper tenant and schmu
     tapis_tenant = tapis_domain.split('.')[0]
     if not net_info["tapis_auth"]:

diff --git a/service/health_central.py b/service/health_central.py
@@ -232,7 +232,7 @@ def set_traefik_proxy():
             forward_auth_info = {
                 "tapis_auth": net_info.get('tapis_auth', False),
                 "auth_url": f"https://{tapis_domain}/v3/pods/{pod_id}/auth",
-                "tapis_auth_response_headers": net_info.get('tapis_auth_response_headers', []),
+                "tapis_auth_response_headers": net_info.get('tapis_auth_response_headers', {}),
             }
 
             match net_info['protocol']:

diff --git a/service/models_pods.py b/service/models_pods.py
@@ -81,7 +81,7 @@ class Networking(TapisModel):
     url: str = Field("", description = "URL used to access the port of the pod defined in this networking object. Generated by service.")
     ip_allow_list: list[str] = Field([], description = "List of IPs that are allowed to access this specific pod port. If empty, all IPs are allowed. ex. ['127.0.0.1/32', '192.168.1.7']")
     tapis_auth: bool = Field(False, description = "If true, will require Tapis auth to access the pod.")
-    tapis_auth_response_headers: Dict[str, str] = Field([], description = "Specification of headers to forward to the pod when using Tapis auth.")
+    tapis_auth_response_headers: Dict[str, str] = Field({}, description = "Specification of headers to forward to the pod when using Tapis auth.")
     tapis_auth_allowed_users: list[str] = Field(["*"], description = "List of users allowed to access the pod when using Tapis auth. Also accepts basic regex patterns to match against.")
     tapis_auth_return_path: str = Field("/", description = "Path to redirect to when accessing the pod via Tapis auth.")
     tapis_ui_uri: str = Field("", description = "Path to redirect to when accessing the pod via Tapis UI.")
@@ -108,14 +108,14 @@ def check_url(cls, v):
             # Regex match to ensure url is safe with only [A-z0-9.-] chars.
             res = re.fullmatch(r'[a-z][a-z0-9.-]+', v)
             if not res:
-                raise ValueError(f"networking.url can only contain lowercase alphanumeric characters, periods, and hyphens.")
+                raise ValueError(f"networking.url can only contain lowercase alphanumeric characters, periods, and hyphens. Got {v}")
             # pod_id char limit = 64
             if len(v) > 128:
                 raise ValueError(f"networking.*.url length must be below 128 characters. Inputted length: {len(v)}")
         return v
 
     @validator('tapis_auth_response_headers')
-    def check_tapis_auth_forward_cookies(cls, v):
+    def check_tapis_auth_response_headers(cls, v):
         if v:
             if not isinstance(v, dict):
                 raise TypeError(f"networking.tapis_auth_response_headers must be dict. Got '{type(v).__name__}'.")
@@ -124,19 +124,19 @@ def check_tapis_auth_forward_cookies(cls, v):
                     raise TypeError(f"networking.tapis_auth_response_headers key type must be str. Got '{type(header_name).__name__}', key: '{header_name}'.")
                 if not isinstance(header_val, str):
                     raise TypeError(f"networking.tapis_auth_response_headers val type must be str. Got '{type(header_val).__name__}', value: '{header_val}'.")
-
-
         return v
 
     @validator('tapis_auth_return_path')
     def check_tapis_auth_return_path(cls, v):
         if v:
+            if not v.startswith('/'):
+                raise ValueError(f"networking.tapis_auth_return_path should start with '/'. Got {v}")
             # Regex match to ensure url is safe with only [A-z0-9.-/] chars.
-            res = re.fullmatch(r'[a-z][a-z0-9.-/]+', v)
+            res = re.fullmatch(r'(?:[A-Za-z0-9.\-_\/]+)', v)
             if not res:
-                raise ValueError(f"networking.tapis_auth_return_path can only contain lowercase alphanumeric characters, periods, forward-slash, and hyphens.")
+                raise ValueError(f"networking.tapis_auth_return_path should start with '/' and can contain alphanumeric characters, periods, forward-slash, underscores, and hyphens. Got {v}")
             if len(v) > 180:
-                raise ValueError(f"networking.tapis_auth_return_path length must be below 180 characters. Inputted length: {len(v)}")
+                raise ValueError(f"networking.tapis_auth_return_path length must be below 180 characters. Got length: {len(v)}")
         return v
 
     @validator('tapis_auth_allowed_users')
@@ -155,7 +155,7 @@ def check_tapis_ui_uri(cls, v):
             # Regex match to ensure url is safe with only [A-z0-9.-/] chars.
             res = re.fullmatch(r'[a-z][a-z0-9.-/]+', v)
             if not res:
-                raise ValueError(f"networking.tapis_ui_uri can only contain lowercase alphanumeric characters, periods, forward-slash, and hyphens.")
+                raise ValueError(f"networking.tapis_ui_uri can only contain lowercase alphanumeric characters, periods, forward-slash, and hyphens. Got {v}")
             # pod_id char limit = 64
             if len(v) > 128:
                 raise ValueError(f"networking.tapis_ui_uri length must be below 128 characters. Inputted length: {len(v)}")
@@ -165,7 +165,7 @@ def check_tapis_ui_uri(cls, v):
     def check_tapis_ui_uri_description(cls, v):
         # ensure tapis_ui_uri_description is all ascii
         if not v.isascii():
-            raise ValueError(f"networking.tapis_ui_uri_description field may only contain ASCII characters.")
+            raise ValueError(f"networking.tapis_ui_uri_description field may only contain ASCII characters. Got {v}")
         # make sure tapis_ui_uri_description < 255 characters
         if len(v) > 255:
             raise ValueError(f"networking.tapis_ui_uri_description field must be less than 255 characters. Inputted length: {len(v)}")
@@ -177,7 +177,7 @@ def check_tapis_auth_fields(cls, values):
         tapis_auth = values.get('tapis_auth')
 
         if tapis_auth and protocol != "http":
-            raise ValueError(f"networking.tapis_auth can only be used with protocol 'http'.")
+            raise ValueError(f"networking.tapis_auth can only be used with protocol 'http'. Got protocol {protocol}.")
 
         return values
 

diff --git a/service/models_templates_tags.py b/service/models_templates_tags.py
@@ -103,7 +103,7 @@ class Networking(TapisModel):
     url: str = Field("", description = "URL used to access the port of the pod defined in this networking object. Generated by service.")
     ip_allow_list: list[str] = Field([], description = "List of IPs that are allowed to access this specific pod port. If empty, all IPs are allowed. ex. ['127.0.0.1/32', '192.168.1.7']")
     tapis_auth: bool = Field(False, description = "If true, will require Tapis auth to access the pod.")
-    tapis_auth_response_headers: Dict[str, str] = Field([], description = "Specification of headers to forward to the pod when using Tapis auth.")
+    tapis_auth_response_headers: Dict[str, str] = Field({}, description = "Specification of headers to forward to the pod when using Tapis auth.")
     tapis_auth_allowed_users: list[str] = Field(["*"], description = "List of users allowed to access the pod when using Tapis auth.")
     tapis_auth_return_path: str = Field("/", description = "Path to redirect to when accessing the pod via Tapis auth.")
     tapis_ui_uri: str = Field("", description = "Path to redirect to when accessing the pod via Tapis UI.")
@@ -484,14 +484,14 @@ def combine_pod_and_template_recursively(input_obj, template_name, seen_template
 
             logger.debug(f"End of combine_pod_and_template_recursively for template: {template_name}, tenant: {tenant}, site: {site}")
             try:
-                if input_obj.resources:
+                if input_obj.resources and not type(input_obj.resources) == dict:
                     input_obj.resources = input_obj.resources.dict()
             except Exception as e:
                 logger.debug(f'this resources part: Got exception when attempting to combine pod and templates: {e}')
                 pass
 
             try:
-                if input_obj.networking:
+                if input_obj.networking and not type(input_obj.networking) == dict:
                     input_obj.networking = input_obj.networking.dict()
             except Exception as e:
                 logger.debug(f'this networking part: Got exception when attempting to combine pod and templates: {e}')