cerc-io/stack-orchestrator
12
1
Fork 3
Code Issues 112 Pull Requests 22 Actions Packages Projects Releases 481 Wiki Activity

Double-check ownership.

Browse Source
This commit is contained in:
Thomas E Lackey 2023-12-21 17:31:16 -06:00
parent 1ace8ed3a1
commit 44fa85bdf0
3 changed files with 33 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
stack_orchestrator/deploy/webapp/deploy_webapp_from_registry.py
View File

@ -26,7 +26,8 @@ from stack_orchestrator.deploy.webapp import deploy_webapp
from stack_orchestrator.deploy.webapp.util import (LaconicRegistryClient, from stack_orchestrator.deploy.webapp.util import (LaconicRegistryClient,
build_container_image, push_container_image, build_container_image, push_container_image,
file_hash, deploy_to_k8s, publish_deployment, file_hash, deploy_to_k8s, publish_deployment,
hostname_for_deployment_request, generate_hostname_for_app) hostname_for_deployment_request, generate_hostname_for_app,
match_owner)
def process_app_deployment_request( def process_app_deployment_request(
@ -57,19 +58,12 @@ def process_app_deployment_request(
dns_crn = f"{dns_record_namespace}/{fqdn}" dns_crn = f"{dns_record_namespace}/{fqdn}"
dns_record = laconic.get_record(dns_crn) dns_record = laconic.get_record(dns_crn)
if dns_record: if dns_record:
dns_record_owners = dns_record.owners matched_owner = match_owner(app_deployment_request, dns_record)
dns_request_owners = [] if not matched_owner and dns_record.request:
if dns_record.request: matched_owner = match_owner(app_deployment_request, laconic.get_record(dns_record.request, require=True))
prev_request = laconic.get_record(dns_record.request, require=True)
dns_request_owners = prev_request.owners
owner_match = None if matched_owner:
print("Matched DnsRecord ownership:", matched_owner)
for owner in app_deployment_request.owners:
if owner in dns_request_owners or owner in dns_record_owners:
owner_match = owner
if owner_match:
print("Matched DnsRecord ownership to", owner)
else: else:
raise Exception("Unable to confirm ownership of DnsRecord %s for request %s" % raise Exception("Unable to confirm ownership of DnsRecord %s for request %s" %
(dns_record.id, app_deployment_request.id)) (dns_record.id, app_deployment_request.id))
@ -237,16 +231,16 @@ def command(ctx, kube_config, laconic_config, image_registry, deployment_parent_
deployments_by_request[d.attributes.request] = d deployments_by_request[d.attributes.request] = d
# Find removal requests. # Find removal requests.
removals_by_request = {} cancellation_requests = {}
removal_requests = laconic.app_deployment_removal_requests() removal_requests = laconic.app_deployment_removal_requests()
for r in removal_requests: for r in removal_requests:
if r.attributes.request: if r.attributes.request:
removals_by_request[r.attributes.request] = r cancellation_requests[r.attributes.request] = r
requests_to_execute = [] requests_to_execute = []
for r in requests_by_name.values(): for r in requests_by_name.values():
if r.id in removals_by_request: if r.id in cancellation_requests and match_owner(cancellation_requests[r.id], r):
print(f"Found removal request for {r.id} at {removals_by_request[r.id].id}") print(f"Found deployment cancellation request for {r.id} at {cancellation_requests[r.id].id}")
elif r.id in deployments_by_request: elif r.id in deployments_by_request:
print(f"Found satisfied request for {r.id} at {deployments_by_request[r.id].id}") print(f"Found satisfied request for {r.id} at {deployments_by_request[r.id].id}")
else: else:

15
stack_orchestrator/deploy/webapp/undeploy_webapp_from_registry.py
View File

@ -20,7 +20,7 @@ import sys
import click import click
from stack_orchestrator.deploy.webapp.util import LaconicRegistryClient from stack_orchestrator.deploy.webapp.util import LaconicRegistryClient, match_owner
def process_app_removal_request(ctx, def process_app_removal_request(ctx,
@ -36,6 +36,19 @@ def process_app_removal_request(ctx,
if not os.path.exists(deployment_dir): if not os.path.exists(deployment_dir):
raise Exception("Deployment directory %s does not exist." % deployment_dir) raise Exception("Deployment directory %s does not exist." % deployment_dir)
# Check if the removal request is from the owner of the DnsRecord or deployment record.
matched_owner = match_owner(app_removal_request, deployment_record, dns_record)
# Or of the original deployment request.
if not matched_owner and deployment_record.request:
matched_owner = match_owner(app_removal_request, laconic.get_record(deployment_record.request, require=True))
if matched_owner:
print("Matched deployment ownership:", matched_owner)
else:
raise Exception("Unable to confirm ownership of deployment %s for removal request %s" %
(deployment_record.id, app_removal_request.id))
# TODO(telackey): Call the function directly. The easiest way to build the correct click context is to # TODO(telackey): Call the function directly. The easiest way to build the correct click context is to
# exec the process, but it would be better to refactor so we could just call down_operation with the # exec the process, but it would be better to refactor so we could just call down_operation with the
# necessary parameters # necessary parameters

8
stack_orchestrator/deploy/webapp/util.py
View File

@ -49,6 +49,14 @@ def cmd(*vargs):
raise err raise err
def match_owner(recordA, *records):
for owner in recordA.owners:
for otherRecord in records:
if owner in otherRecord.owners:
return owner
return None
class LaconicRegistryClient: class LaconicRegistryClient:
def __init__(self, config_file): def __init__(self, config_file):
self.config_file = config_file self.config_file = config_file