Skip to content

Commit

Permalink
Updating regex and improved debug
Browse files Browse the repository at this point in the history
  • Loading branch information
NotChristianGarcia committed Nov 27, 2024
1 parent e69feb6 commit 73d2fa9
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 12 deletions.
2 changes: 1 addition & 1 deletion service/health_central.py
Original file line number Diff line number Diff line change
Expand Up @@ -232,7 +232,7 @@ def set_traefik_proxy():
forward_auth_info = {
"tapis_auth": net_info.get('tapis_auth', False),
"auth_url": f"https://{tapis_domain}/v3/pods/{pod_id}/auth",
"tapis_auth_response_headers": net_info.get('tapis_auth_response_headers', []),
"tapis_auth_response_headers": net_info.get('tapis_auth_response_headers', {}),
}

match net_info['protocol']:
Expand Down
18 changes: 10 additions & 8 deletions service/models_pods.py
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ class Networking(TapisModel):
url: str = Field("", description = "URL used to access the port of the pod defined in this networking object. Generated by service.")
ip_allow_list: list[str] = Field([], description = "List of IPs that are allowed to access this specific pod port. If empty, all IPs are allowed. ex. ['127.0.0.1/32', '192.168.1.7']")
tapis_auth: bool = Field(False, description = "If true, will require Tapis auth to access the pod.")
tapis_auth_response_headers: Dict[str, str] = Field([], description = "Specification of headers to forward to the pod when using Tapis auth.")
tapis_auth_response_headers: Dict[str, str] = Field({}, description = "Specification of headers to forward to the pod when using Tapis auth.")
tapis_auth_allowed_users: list[str] = Field(["*"], description = "List of users allowed to access the pod when using Tapis auth. Also accepts basic regex patterns to match against.")
tapis_auth_return_path: str = Field("/", description = "Path to redirect to when accessing the pod via Tapis auth.")
tapis_ui_uri: str = Field("", description = "Path to redirect to when accessing the pod via Tapis UI.")
Expand All @@ -108,7 +108,7 @@ def check_url(cls, v):
# Regex match to ensure url is safe with only [A-z0-9.-] chars.
res = re.fullmatch(r'[a-z][a-z0-9.-]+', v)
if not res:
raise ValueError(f"networking.url can only contain lowercase alphanumeric characters, periods, and hyphens.")
raise ValueError(f"networking.url can only contain lowercase alphanumeric characters, periods, and hyphens. Got {v}")
# pod_id char limit = 64
if len(v) > 128:
raise ValueError(f"networking.*.url length must be below 128 characters. Inputted length: {len(v)}")
Expand All @@ -131,12 +131,14 @@ def check_tapis_auth_forward_cookies(cls, v):
@validator('tapis_auth_return_path')
def check_tapis_auth_return_path(cls, v):
if v:
if not v.startswith('/'):
raise ValueError(f"networking.tapis_auth_return_path should start with '/'. Got {v}")
# Regex match to ensure url is safe with only [A-z0-9.-/] chars.
res = re.fullmatch(r'[a-z][a-z0-9.-/]+', v)
res = re.fullmatch(r'(?:[A-Za-z0-9.\-_\/]+)', v)
if not res:
raise ValueError(f"networking.tapis_auth_return_path can only contain lowercase alphanumeric characters, periods, forward-slash, and hyphens.")
raise ValueError(f"networking.tapis_auth_return_path should start with '/' and can contain alphanumeric characters, periods, forward-slash, underscores, and hyphens. Got {v}")
if len(v) > 180:
raise ValueError(f"networking.tapis_auth_return_path length must be below 180 characters. Inputted length: {len(v)}")
raise ValueError(f"networking.tapis_auth_return_path length must be below 180 characters. Got length: {len(v)}")
return v

@validator('tapis_auth_allowed_users')
Expand All @@ -155,7 +157,7 @@ def check_tapis_ui_uri(cls, v):
# Regex match to ensure url is safe with only [A-z0-9.-/] chars.
res = re.fullmatch(r'[a-z][a-z0-9.-/]+', v)
if not res:
raise ValueError(f"networking.tapis_ui_uri can only contain lowercase alphanumeric characters, periods, forward-slash, and hyphens.")
raise ValueError(f"networking.tapis_ui_uri can only contain lowercase alphanumeric characters, periods, forward-slash, and hyphens. Got {v}")
# pod_id char limit = 64
if len(v) > 128:
raise ValueError(f"networking.tapis_ui_uri length must be below 128 characters. Inputted length: {len(v)}")
Expand All @@ -165,7 +167,7 @@ def check_tapis_ui_uri(cls, v):
def check_tapis_ui_uri_description(cls, v):
# ensure tapis_ui_uri_description is all ascii
if not v.isascii():
raise ValueError(f"networking.tapis_ui_uri_description field may only contain ASCII characters.")
raise ValueError(f"networking.tapis_ui_uri_description field may only contain ASCII characters. Got {v}")
# make sure tapis_ui_uri_description < 255 characters
if len(v) > 255:
raise ValueError(f"networking.tapis_ui_uri_description field must be less than 255 characters. Inputted length: {len(v)}")
Expand All @@ -177,7 +179,7 @@ def check_tapis_auth_fields(cls, values):
tapis_auth = values.get('tapis_auth')

if tapis_auth and protocol != "http":
raise ValueError(f"networking.tapis_auth can only be used with protocol 'http'.")
raise ValueError(f"networking.tapis_auth can only be used with protocol 'http'. Got protocol {protocol}.")

return values

Expand Down
6 changes: 3 additions & 3 deletions service/models_templates_tags.py
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ class Networking(TapisModel):
url: str = Field("", description = "URL used to access the port of the pod defined in this networking object. Generated by service.")
ip_allow_list: list[str] = Field([], description = "List of IPs that are allowed to access this specific pod port. If empty, all IPs are allowed. ex. ['127.0.0.1/32', '192.168.1.7']")
tapis_auth: bool = Field(False, description = "If true, will require Tapis auth to access the pod.")
tapis_auth_response_headers: Dict[str, str] = Field([], description = "Specification of headers to forward to the pod when using Tapis auth.")
tapis_auth_response_headers: Dict[str, str] = Field({}, description = "Specification of headers to forward to the pod when using Tapis auth.")
tapis_auth_allowed_users: list[str] = Field(["*"], description = "List of users allowed to access the pod when using Tapis auth.")
tapis_auth_return_path: str = Field("/", description = "Path to redirect to when accessing the pod via Tapis auth.")
tapis_ui_uri: str = Field("", description = "Path to redirect to when accessing the pod via Tapis UI.")
Expand Down Expand Up @@ -484,14 +484,14 @@ def combine_pod_and_template_recursively(input_obj, template_name, seen_template

logger.debug(f"End of combine_pod_and_template_recursively for template: {template_name}, tenant: {tenant}, site: {site}")
try:
if input_obj.resources:
if input_obj.resources and not type(input_obj.resources) == dict:
input_obj.resources = input_obj.resources.dict()
except Exception as e:
logger.debug(f'this resources part: Got exception when attempting to combine pod and templates: {e}')
pass

try:
if input_obj.networking:
if input_obj.networking and not type(input_obj.networking) == dict:
input_obj.networking = input_obj.networking.dict()
except Exception as e:
logger.debug(f'this networking part: Got exception when attempting to combine pod and templates: {e}')
Expand Down

0 comments on commit 73d2fa9

Please sign in to comment.