diff --git a/service/api_pods.py b/service/api_pods.py index 91bd6ec..8974132 100644 --- a/service/api_pods.py +++ b/service/api_pods.py @@ -30,6 +30,7 @@ async def list_pods(): for pod in pods: pods_to_show.append(pod.display()) logger.info("Pods retrieved.") + logger.debug(f"Pods retrieved: {pods_to_show}") return ok(result=pods_to_show, msg="Pods retrieved successfully.") diff --git a/service/health_central.py b/service/health_central.py index 92abfbb..83a6c5c 100644 --- a/service/health_central.py +++ b/service/health_central.py @@ -232,7 +232,7 @@ def set_traefik_proxy(): forward_auth_info = { "tapis_auth": net_info.get('tapis_auth', False), "auth_url": f"https://{tapis_domain}/v3/pods/{pod_id}/auth", - "tapis_auth_response_headers": net_info.get('tapis_auth_response_headers', []), + "tapis_auth_response_headers": net_info.get('tapis_auth_response_headers', {}), } match net_info['protocol']: diff --git a/service/models_pods.py b/service/models_pods.py index c7a6308..8260b3c 100644 --- a/service/models_pods.py +++ b/service/models_pods.py @@ -81,7 +81,7 @@ class Networking(TapisModel): url: str = Field("", description = "URL used to access the port of the pod defined in this networking object. Generated by service.") ip_allow_list: list[str] = Field([], description = "List of IPs that are allowed to access this specific pod port. If empty, all IPs are allowed. ex. ['127.0.0.1/32', '192.168.1.7']") tapis_auth: bool = Field(False, description = "If true, will require Tapis auth to access the pod.") - tapis_auth_response_headers: Dict[str, str] = Field([], description = "Specification of headers to forward to the pod when using Tapis auth.") + tapis_auth_response_headers: Dict[str, str] = Field({}, description = "Specification of headers to forward to the pod when using Tapis auth.") tapis_auth_allowed_users: list[str] = Field(["*"], description = "List of users allowed to access the pod when using Tapis auth. Also accepts basic regex patterns to match against.") tapis_auth_return_path: str = Field("/", description = "Path to redirect to when accessing the pod via Tapis auth.") tapis_ui_uri: str = Field("", description = "Path to redirect to when accessing the pod via Tapis UI.") @@ -108,14 +108,14 @@ def check_url(cls, v): # Regex match to ensure url is safe with only [A-z0-9.-] chars. res = re.fullmatch(r'[a-z][a-z0-9.-]+', v) if not res: - raise ValueError(f"networking.url can only contain lowercase alphanumeric characters, periods, and hyphens.") + raise ValueError(f"networking.url can only contain lowercase alphanumeric characters, periods, and hyphens. Got {v}") # pod_id char limit = 64 if len(v) > 128: raise ValueError(f"networking.*.url length must be below 128 characters. Inputted length: {len(v)}") return v @validator('tapis_auth_response_headers') - def check_tapis_auth_forward_cookies(cls, v): + def check_tapis_auth_response_headers(cls, v): if v: if not isinstance(v, dict): raise TypeError(f"networking.tapis_auth_response_headers must be dict. Got '{type(v).__name__}'.") @@ -124,19 +124,19 @@ def check_tapis_auth_forward_cookies(cls, v): raise TypeError(f"networking.tapis_auth_response_headers key type must be str. Got '{type(header_name).__name__}', key: '{header_name}'.") if not isinstance(header_val, str): raise TypeError(f"networking.tapis_auth_response_headers val type must be str. Got '{type(header_val).__name__}', value: '{header_val}'.") - - return v @validator('tapis_auth_return_path') def check_tapis_auth_return_path(cls, v): if v: + if not v.startswith('/'): + raise ValueError(f"networking.tapis_auth_return_path should start with '/'. Got {v}") # Regex match to ensure url is safe with only [A-z0-9.-/] chars. - res = re.fullmatch(r'[a-z][a-z0-9.-/]+', v) + res = re.fullmatch(r'(?:[A-Za-z0-9.\-_\/]+)', v) if not res: - raise ValueError(f"networking.tapis_auth_return_path can only contain lowercase alphanumeric characters, periods, forward-slash, and hyphens.") + raise ValueError(f"networking.tapis_auth_return_path should start with '/' and can contain alphanumeric characters, periods, forward-slash, underscores, and hyphens. Got {v}") if len(v) > 180: - raise ValueError(f"networking.tapis_auth_return_path length must be below 180 characters. Inputted length: {len(v)}") + raise ValueError(f"networking.tapis_auth_return_path length must be below 180 characters. Got length: {len(v)}") return v @validator('tapis_auth_allowed_users') @@ -155,7 +155,7 @@ def check_tapis_ui_uri(cls, v): # Regex match to ensure url is safe with only [A-z0-9.-/] chars. res = re.fullmatch(r'[a-z][a-z0-9.-/]+', v) if not res: - raise ValueError(f"networking.tapis_ui_uri can only contain lowercase alphanumeric characters, periods, forward-slash, and hyphens.") + raise ValueError(f"networking.tapis_ui_uri can only contain lowercase alphanumeric characters, periods, forward-slash, and hyphens. Got {v}") # pod_id char limit = 64 if len(v) > 128: raise ValueError(f"networking.tapis_ui_uri length must be below 128 characters. Inputted length: {len(v)}") @@ -165,7 +165,7 @@ def check_tapis_ui_uri(cls, v): def check_tapis_ui_uri_description(cls, v): # ensure tapis_ui_uri_description is all ascii if not v.isascii(): - raise ValueError(f"networking.tapis_ui_uri_description field may only contain ASCII characters.") + raise ValueError(f"networking.tapis_ui_uri_description field may only contain ASCII characters. Got {v}") # make sure tapis_ui_uri_description < 255 characters if len(v) > 255: raise ValueError(f"networking.tapis_ui_uri_description field must be less than 255 characters. Inputted length: {len(v)}") @@ -177,7 +177,7 @@ def check_tapis_auth_fields(cls, values): tapis_auth = values.get('tapis_auth') if tapis_auth and protocol != "http": - raise ValueError(f"networking.tapis_auth can only be used with protocol 'http'.") + raise ValueError(f"networking.tapis_auth can only be used with protocol 'http'. Got protocol {protocol}.") return values diff --git a/service/models_templates_tags.py b/service/models_templates_tags.py index b3caed3..21a2489 100644 --- a/service/models_templates_tags.py +++ b/service/models_templates_tags.py @@ -103,7 +103,7 @@ class Networking(TapisModel): url: str = Field("", description = "URL used to access the port of the pod defined in this networking object. Generated by service.") ip_allow_list: list[str] = Field([], description = "List of IPs that are allowed to access this specific pod port. If empty, all IPs are allowed. ex. ['127.0.0.1/32', '192.168.1.7']") tapis_auth: bool = Field(False, description = "If true, will require Tapis auth to access the pod.") - tapis_auth_response_headers: Dict[str, str] = Field([], description = "Specification of headers to forward to the pod when using Tapis auth.") + tapis_auth_response_headers: Dict[str, str] = Field({}, description = "Specification of headers to forward to the pod when using Tapis auth.") tapis_auth_allowed_users: list[str] = Field(["*"], description = "List of users allowed to access the pod when using Tapis auth.") tapis_auth_return_path: str = Field("/", description = "Path to redirect to when accessing the pod via Tapis auth.") tapis_ui_uri: str = Field("", description = "Path to redirect to when accessing the pod via Tapis UI.") @@ -484,14 +484,14 @@ def combine_pod_and_template_recursively(input_obj, template_name, seen_template logger.debug(f"End of combine_pod_and_template_recursively for template: {template_name}, tenant: {tenant}, site: {site}") try: - if input_obj.resources: + if input_obj.resources and not type(input_obj.resources) == dict: input_obj.resources = input_obj.resources.dict() except Exception as e: logger.debug(f'this resources part: Got exception when attempting to combine pod and templates: {e}') pass try: - if input_obj.networking: + if input_obj.networking and not type(input_obj.networking) == dict: input_obj.networking = input_obj.networking.dict() except Exception as e: logger.debug(f'this networking part: Got exception when attempting to combine pod and templates: {e}')