Double-check ownership.

2023-12-21 17:31:16 -06:00 · 2023-12-21 17:31:16 -06:00 · 44fa85bdf0
commit 44fa85bdf0
parent 1ace8ed3a1
3 changed files with 33 additions and 18 deletions
--- a/stack_orchestrator/deploy/webapp/deploy_webapp_from_registry.py
+++ b/stack_orchestrator/deploy/webapp/deploy_webapp_from_registry.py
@ -26,7 +26,8 @@ from stack_orchestrator.deploy.webapp import deploy_webapp
 from stack_orchestrator.deploy.webapp.util import (LaconicRegistryClient,
                                                   build_container_image, push_container_image,
                                                   file_hash, deploy_to_k8s, publish_deployment,
-                                                   hostname_for_deployment_request, generate_hostname_for_app)
+                                                   hostname_for_deployment_request, generate_hostname_for_app,
+                                                   match_owner)


 def process_app_deployment_request(
@ -57,19 +58,12 @@ def process_app_deployment_request(
    dns_crn = f"{dns_record_namespace}/{fqdn}"
    dns_record = laconic.get_record(dns_crn)
    if dns_record:
-        dns_record_owners = dns_record.owners
-        dns_request_owners = []
-        if dns_record.request:
-            prev_request = laconic.get_record(dns_record.request, require=True)
-            dns_request_owners = prev_request.owners
+        matched_owner = match_owner(app_deployment_request, dns_record)
+        if not matched_owner and dns_record.request:
+            matched_owner = match_owner(app_deployment_request, laconic.get_record(dns_record.request, require=True))

-        owner_match = None
-
-        for owner in app_deployment_request.owners:
-            if owner in dns_request_owners or owner in dns_record_owners:
-                owner_match = owner
-        if owner_match:
-            print("Matched DnsRecord ownership to", owner)
+        if matched_owner:
+            print("Matched DnsRecord ownership:", matched_owner)
        else:
            raise Exception("Unable to confirm ownership of DnsRecord %s for request %s" %
                            (dns_record.id, app_deployment_request.id))
@ -237,16 +231,16 @@ def command(ctx, kube_config, laconic_config, image_registry, deployment_parent_
            deployments_by_request[d.attributes.request] = d

    # Find removal requests.
-    removals_by_request = {}
+    cancellation_requests = {}
    removal_requests = laconic.app_deployment_removal_requests()
    for r in removal_requests:
        if r.attributes.request:
-            removals_by_request[r.attributes.request] = r
+            cancellation_requests[r.attributes.request] = r

    requests_to_execute = []
    for r in requests_by_name.values():
-        if r.id in removals_by_request:
-            print(f"Found removal request for {r.id} at {removals_by_request[r.id].id}")
+        if r.id in cancellation_requests and match_owner(cancellation_requests[r.id], r):
+            print(f"Found deployment cancellation request for {r.id} at {cancellation_requests[r.id].id}")
        elif r.id in deployments_by_request:
            print(f"Found satisfied request for {r.id} at {deployments_by_request[r.id].id}")
        else:
--- a/stack_orchestrator/deploy/webapp/undeploy_webapp_from_registry.py
+++ b/stack_orchestrator/deploy/webapp/undeploy_webapp_from_registry.py
@ -20,7 +20,7 @@ import sys

 import click

-from stack_orchestrator.deploy.webapp.util import LaconicRegistryClient
+from stack_orchestrator.deploy.webapp.util import LaconicRegistryClient, match_owner


 def process_app_removal_request(ctx,
@ -36,6 +36,19 @@ def process_app_removal_request(ctx,
    if not os.path.exists(deployment_dir):
        raise Exception("Deployment directory %s does not exist." % deployment_dir)

+    # Check if the removal request is from the owner of the DnsRecord or deployment record.
+    matched_owner = match_owner(app_removal_request, deployment_record, dns_record)
+
+    # Or of the original deployment request.
+    if not matched_owner and deployment_record.request:
+        matched_owner = match_owner(app_removal_request, laconic.get_record(deployment_record.request, require=True))
+
+    if matched_owner:
+        print("Matched deployment ownership:", matched_owner)
+    else:
+        raise Exception("Unable to confirm ownership of deployment %s for removal request %s" %
+                        (deployment_record.id, app_removal_request.id))
+
    # TODO(telackey): Call the function directly.  The easiest way to build the correct click context is to
    # exec the process, but it would be better to refactor so we could just call down_operation with the
    # necessary parameters
--- a/stack_orchestrator/deploy/webapp/util.py
+++ b/stack_orchestrator/deploy/webapp/util.py
@ -49,6 +49,14 @@ def cmd(*vargs):
        raise err


+def match_owner(recordA, *records):
+    for owner in recordA.owners:
+        for otherRecord in records:
+            if owner in otherRecord.owners:
+                return owner
+    return None
+
+
 class LaconicRegistryClient:
    def __init__(self, config_file):
        self.config_file = config_file