def validate_config(self, repo, config, related_repos):
_LOG.info("validate_config invoked, config values are: %s" % (config.repo_plugin_config))
for key in REQUIRED_CONFIG_KEYS:
value = config.get(key)
if value is None:
msg = _("Missing required configuration key: %(key)s" % {"key":key})
_LOG.error(msg)
return False, msg
if key == 'http':
config_http = config.get('http')
if config_http is not None and not isinstance(config_http, bool):
msg = _("http should be a boolean; got %s instead" % config_http)
_LOG.error(msg)
return False, msg
if key == 'https':
config_https = config.get('https')
if config_https is not None and not isinstance(config_https, bool):
msg = _("https should be a boolean; got %s instead" % config_https)
_LOG.error(msg)
return False, msg
for key in config.keys():
if key not in REQUIRED_CONFIG_KEYS and key not in OPTIONAL_CONFIG_KEYS:
msg = _("Configuration key '%(key)s' is not supported" % {"key":key})
_LOG.error(msg)
return False, msg
if key == 'skip':
metadata_types = config.get('skip')
if metadata_types is not None and not isinstance(metadata_types, list):
msg = _("skip should be a dictionary; got %s instead" % metadata_types)
_LOG.error(msg)
return False, msg
if key == 'https_ca':
https_ca = config.get('https_ca').encode('utf-8')
if https_ca is not None and not util.validate_cert(https_ca):
msg = _("https_ca is not a valid certificate")
_LOG.error(msg)
return False, msg
if key == 'iso_prefix':
iso_prefix = config.get('iso_prefix')
if iso_prefix is not None and (not isinstance(iso_prefix, str) or not iso_util.is_valid_prefix(iso_prefix)):
msg = _("iso_prefix is not a valid string; valid supported characters include %s" % iso_util.ISO_NAME_REGEX.pattern)
_LOG.error(msg)
return False, msg
publish_dir = config.get("https_publish_dir")
if publish_dir:
if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir):
msg = _("Value for 'https_publish_dir' is not an existing directory: %(publish_dir)s" % {"publish_dir":publish_dir})
return False, msg
if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK):
msg = _("Unable to read & write to specified 'https_publish_dir': %(publish_dir)s" % {"publish_dir":publish_dir})
return False, msg
publish_dir = config.get("http_publish_dir")
if publish_dir:
if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir):
msg = _("Value for 'http_publish_dir' is not an existing directory: %(publish_dir)s" % {"publish_dir":publish_dir})
return False, msg
if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK):
msg = _("Unable to read & write to specified 'http_publish_dir': %(publish_dir)s" % {"publish_dir":publish_dir})
return False, msg
return True, None
def _validate_certificate(key, cert, error_messages):
cert = cert.encode("utf-8")
if util.validate_cert(cert):
return
msg = _("Configuration value for [%(k)s] is not a valid certificate")
error_messages.append(msg % {"k": key})
def _validate_certificate(key, cert, error_messages):
cert = cert.encode('utf-8')
if util.validate_cert(cert):
return
msg = _('Configuration value for [%(k)s] is not a valid certificate')
error_messages.append(msg % {'k': key})
def _validate_ssl_cert(config, setting_name):
"""
Ensure that the setting_name from config is a valid SSL certificate, if it is given. This setting is not
required.
:param config: The config to validate
:type config: pulp.plugins.config.PluginCallConfiguration
:param setting_name: The name of the setting that needs to be validated
:type setting_name: str
"""
ssl_cert = config.get(setting_name)
if not ssl_cert:
# The cert is not required
return
if not yum_utils.validate_cert(ssl_cert):
msg = _("The SSL certificate <%(s)s> is not a valid certificate.")
msg = msg % {"s": setting_name}
raise configuration_utils.ValidationError(msg)
def _validate_ssl_cert(config, setting_name):
"""
Ensure that the setting_name from config is a valid SSL certificate, if it is given. This
setting is not
required.
:param config: The config to validate
:type config: pulp.plugins.config.PluginCallConfiguration
:param setting_name: The name of the setting that needs to be validated
:type setting_name: str
"""
ssl_cert = config.get(setting_name)
if not ssl_cert:
# The cert is not required
return
if not yum_utils.validate_cert(ssl_cert):
msg = _("The SSL certificate <%(s)s> is not a valid certificate.")
msg = msg % {'s': setting_name}
raise configuration_utils.ValidationError(msg)
def validate_config(self, repo, config, related_repos):
_LOG.info("validate_config invoked, config values are: %s" % (config.repo_plugin_config))
for key in REQUIRED_CONFIG_KEYS:
if key not in config.keys():
msg = _("Missing required configuration key: %(key)s" % {"key":key})
_LOG.error(msg)
return False, msg
for key in config.keys():
if key not in REQUIRED_CONFIG_KEYS and key not in OPTIONAL_CONFIG_KEYS:
msg = _("Configuration key '%(key)s' is not supported" % {"key":key})
_LOG.error(msg)
return False, msg
if key == 'feed_url':
feed_url = config.get('feed_url')
if not util.validate_feed(feed_url):
msg = _("feed_url [%s] does not start with a valid protocol" % feed_url)
_LOG.error(msg)
return False, msg
if key == 'ssl_verify':
ssl_verify = config.get('ssl_verify')
if ssl_verify is not None and not isinstance(ssl_verify, bool) :
msg = _("ssl_verify should be a boolean; got %s instead" % ssl_verify)
_LOG.error(msg)
return False, msg
if key == 'ssl_ca_cert':
ssl_ca_cert = config.get('ssl_ca_cert').encode('utf-8')
if ssl_ca_cert is not None:
if not util.validate_cert(ssl_ca_cert) :
msg = _("ssl_ca_cert is not a valid certificate")
_LOG.error(msg)
return False, msg
# ssl_ca_cert is valid, proceed to store it in our repo.working_dir
ssl_ca_cert_filename = os.path.join(repo.working_dir, "ssl_ca_cert")
try:
try:
ssl_ca_cert_file = open(ssl_ca_cert_filename, "w")
ssl_ca_cert_file.write(ssl_ca_cert)
finally:
if ssl_ca_cert_file:
ssl_ca_cert_file.close()
except Exception, e:
msg = _("Unable to write ssl_ca_cert to %s" % ssl_ca_cert_filename)
_LOG.error(e)
_LOG.error(msg)
return False, msg
if key == 'ssl_client_cert':
ssl_client_cert = config.get('ssl_client_cert').encode('utf-8')
if ssl_client_cert is not None:
if not util.validate_cert(ssl_client_cert) :
msg = _("ssl_client_cert is not a valid certificate")
_LOG.error(msg)
return False, msg
# ssl_client_cert is valid, proceed to store it in our repo.working_dir
ssl_client_cert_filename = os.path.join(repo.working_dir, "ssl_client_cert")
try:
try:
ssl_client_cert_file = open(ssl_client_cert_filename, "w")
ssl_client_cert_file.write(ssl_client_cert)
finally:
if ssl_client_cert_file:
ssl_client_cert_file.close()
except Exception, e:
msg = _("Unable to write ssl_client_cert to %s" % ssl_client_cert_filename)
_LOG.error(e)
_LOG.error(msg)
return False, msg
def validate_config(self, repo, config, config_conduit):
"""
Validate the distributor config. A tuple of status, msg will be returned. Status indicates success or failure
with True/False values, and in the event of failure, msg will contain an error message.
:param repo: The repo that the config is for
:type repo: pulp.server.db.model.repository.Repo
:param config: The configuration to be validated
:type config: pulp.server.content.plugins.config.PluginCallConfiguration
:param config_conduit: Configuration Conduit;
:type config_conduit: pulp.plugins.conduits.repo_validate.RepoConfigConduit
:return: tuple of status, message
:rtype: tuple
"""
auth_cert_bundle = {}
for key in REQUIRED_CONFIG_KEYS:
value = config.get(key)
if value is None:
msg = _("Missing required configuration key: %(key)s" % {"key":key})
_LOG.error(msg)
return False, msg
if key == 'relative_url':
relative_path = config.get('relative_url')
if relative_path is not None:
if not isinstance(relative_path, basestring):
msg = _("relative_url should be a basestring; got %s instead" % relative_path)
_LOG.error(msg)
return False, msg
if re.match('[^a-zA-Z0-9/_-]+', relative_path):
msg = _('relative_url must contain only alphanumerics, underscores, and dashes.')
_LOG.error(msg)
return False, msg
if key == 'http':
config_http = config.get('http')
if config_http is not None and not isinstance(config_http, bool):
msg = _("http should be a boolean; got %s instead" % config_http)
_LOG.error(msg)
return False, msg
if key == 'https':
config_https = config.get('https')
if config_https is not None and not isinstance(config_https, bool):
msg = _("https should be a boolean; got %s instead" % config_https)
_LOG.error(msg)
return False, msg
for key in config.keys():
if key not in REQUIRED_CONFIG_KEYS and key not in OPTIONAL_CONFIG_KEYS:
msg = _("Configuration key '%(key)s' is not supported" % {"key":key})
_LOG.error(msg)
return False, msg
if key == 'protected':
protected = config.get('protected')
if not isinstance(protected, bool):
msg = _("protected should be a boolean; got %s instead" % protected)
_LOG.error(msg)
return False, msg
if key == 'use_createrepo':
use_createrepo = config.get('use_createrepo')
if not isinstance(use_createrepo, bool):
msg = _("use_createrepo should be a boolean; got %s instead" % use_createrepo)
_LOG.error(msg)
return False, msg
if key == 'checksum_type':
checksum_type = config.get('checksum_type')
if checksum_type is not None and not util.is_valid_checksum_type(checksum_type):
msg = _("%s is not a valid checksum type" % checksum_type)
_LOG.error(msg)
return False, msg
if key == 'skip':
metadata_types = config.get('skip')
if not isinstance(metadata_types, list):
msg = _("skip should be a dictionary; got %s instead" % metadata_types)
_LOG.error(msg)
return False, msg
if key == 'auth_cert':
auth_pem = config.get('auth_cert').encode('utf-8')
if auth_pem is not None and not util.validate_cert(auth_pem):
msg = _("auth_cert is not a valid certificate")
_LOG.error(msg)
return False, msg
auth_cert_bundle['cert'] = auth_pem
if key == 'auth_ca':
auth_ca = config.get('auth_ca').encode('utf-8')
if auth_ca is not None and not util.validate_cert(auth_ca):
msg = _("auth_ca is not a valid certificate")
_LOG.error(msg)
return False, msg
auth_cert_bundle['ca'] = auth_ca
# process auth certs
repo_relative_path = self.get_repo_relative_path(repo, config)
if repo_relative_path.startswith("/"):
repo_relative_path = repo_relative_path[1:]
self.process_repo_auth_certificate_bundle(repo.id, repo_relative_path, auth_cert_bundle)
# If overriding https publish dir, be sure it exists and we can write to it
publish_dir = config.get("https_publish_dir")
if publish_dir:
if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir):
msg = _("Value for 'https_publish_dir' is not an existing directory: %(publish_dir)s" % {"publish_dir":publish_dir})
return False, msg
if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK):
msg = _("Unable to read & write to specified 'https_publish_dir': %(publish_dir)s" % {"publish_dir":publish_dir})
return False, msg
publish_dir = config.get("http_publish_dir")
if publish_dir:
if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir):
msg = _("Value for 'http_publish_dir' is not an existing directory: %(publish_dir)s" % {"publish_dir":publish_dir})
return False, msg
if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK):
msg = _("Unable to read & write to specified 'http_publish_dir': %(publish_dir)s" % {"publish_dir":publish_dir})
return False, msg
conflict_items = config_conduit.get_repo_distributors_by_relative_url(repo_relative_path, repo.id)
if conflict_items.count() > 0:
item = next(conflict_items)
conflicting_url = item["repo_id"]
if item['config']["relative_url"] is not None:
conflicting_url = item['config']["relative_url"]
conflict_msg = _("Relative url '%(rel_url)s' conflicts with existing relative_url of '%(conflict_rel_url)s' from repo '%(conflict_repo_id)s'" \
% {"rel_url": repo_relative_path, "conflict_rel_url": conflicting_url, "conflict_repo_id": item["repo_id"]})
_LOG.info(conflict_msg)
return False, conflict_msg
return True, None
def validate_config(self, repo, config, related_repos):
_LOG.info("validate_config invoked, config values are: %s" % (config.repo_plugin_config))
auth_cert_bundle = {}
for key in REQUIRED_CONFIG_KEYS:
value = config.get(key)
if value is None:
msg = _("Missing required configuration key: %(key)s" % {"key":key})
_LOG.error(msg)
return False, msg
if key == 'relative_url':
relative_path = config.get('relative_url')
if relative_path is not None and not isinstance(relative_path, basestring):
msg = _("relative_url should be a basestring; got %s instead" % relative_path)
_LOG.error(msg)
return False, msg
if key == 'http':
config_http = config.get('http')
if config_http is not None and not isinstance(config_http, bool):
msg = _("http should be a boolean; got %s instead" % config_http)
_LOG.error(msg)
return False, msg
if key == 'https':
config_https = config.get('https')
if config_https is not None and not isinstance(config_https, bool):
msg = _("https should be a boolean; got %s instead" % config_https)
_LOG.error(msg)
return False, msg
for key in config.keys():
if key not in REQUIRED_CONFIG_KEYS and key not in OPTIONAL_CONFIG_KEYS:
msg = _("Configuration key '%(key)s' is not supported" % {"key":key})
_LOG.error(msg)
return False, msg
if key == 'protected':
protected = config.get('protected')
if protected is not None and not isinstance(protected, bool):
msg = _("protected should be a boolean; got %s instead" % protected)
_LOG.error(msg)
return False, msg
if key == 'generate_metadata':
generate_metadata = config.get('generate_metadata')
if generate_metadata is not None and not isinstance(generate_metadata, bool):
msg = _("generate_metadata should be a boolean; got %s instead" % generate_metadata)
_LOG.error(msg)
return False, msg
if key == 'checksum_type':
checksum_type = config.get('checksum_type')
if checksum_type is not None and not util.is_valid_checksum_type(checksum_type):
msg = _("%s is not a valid checksum type" % checksum_type)
_LOG.error(msg)
return False, msg
if key == 'skip':
metadata_types = config.get('skip')
if metadata_types is not None and not isinstance(metadata_types, list):
msg = _("skip should be a dictionary; got %s instead" % metadata_types)
_LOG.error(msg)
return False, msg
if key == 'auth_cert':
auth_pem = config.get('auth_cert').encode('utf-8')
if auth_pem is not None and not util.validate_cert(auth_pem):
msg = _("auth_cert is not a valid certificate")
_LOG.error(msg)
return False, msg
auth_cert_bundle['cert'] = auth_pem
if key == 'auth_ca':
auth_ca = config.get('auth_ca').encode('utf-8')
if auth_ca is not None and not util.validate_cert(auth_ca):
msg = _("auth_ca is not a valid certificate")
_LOG.error(msg)
return False, msg
auth_cert_bundle['ca'] = auth_ca
# process auth certs
repo_relative_path = self.get_repo_relative_path(repo, config)
if repo_relative_path.startswith("/"):
repo_relative_path = repo_relative_path[1:]
self.process_repo_auth_certificate_bundle(repo.id, repo_relative_path, auth_cert_bundle)
# If overriding https publish dir, be sure it exists and we can write to it
publish_dir = config.get("https_publish_dir")
if publish_dir:
if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir):
msg = _("Value for 'https_publish_dir' is not an existing directory: %(publish_dir)s" % {"publish_dir":publish_dir})
return False, msg
if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK):
msg = _("Unable to read & write to specified 'https_publish_dir': %(publish_dir)s" % {"publish_dir":publish_dir})
return False, msg
publish_dir = config.get("http_publish_dir")
if publish_dir:
if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir):
msg = _("Value for 'http_publish_dir' is not an existing directory: %(publish_dir)s" % {"publish_dir":publish_dir})
return False, msg
if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK):
msg = _("Unable to read & write to specified 'http_publish_dir': %(publish_dir)s" % {"publish_dir":publish_dir})
return False, msg
rel_url = config.get("relative_url")
if rel_url:
conflict_status, conflict_msg = self.does_rel_url_conflict(rel_url, related_repos)
if conflict_status:
_LOG.info(conflict_msg)
return False, conflict_msg
return True, None
def validate_config(self, repo, config, related_repos):
"""
Validate the distributor config. A tuple of status, msg will be returned. Status indicates success or failure
with True/False values, and in the event of failure, msg will contain an error message.
:param repo: The repo that the config is for
:type repo: pulp.server.db.model.repository.Repo
:param config: The configuration to be validated
:type config: pulp.server.content.plugins.config.PluginCallConfiguration
:param related_repos: Repositories that are related to repo
:type related_repos: list
:return: tuple of status, message
:rtype: tuple
"""
auth_cert_bundle = {}
for key in REQUIRED_CONFIG_KEYS:
value = config.get(key)
if value is None:
msg = _("Missing required configuration key: %(key)s" % {"key": key})
_LOG.error(msg)
return False, msg
if key == "relative_url":
relative_path = config.get("relative_url")
if relative_path is not None:
if not isinstance(relative_path, basestring):
msg = _("relative_url should be a basestring; got %s instead" % relative_path)
_LOG.error(msg)
return False, msg
if re.match("[^a-zA-Z0-9/_-]+", relative_path):
msg = _("relative_url must contain only alphanumerics, underscores, and dashes.")
_LOG.error(msg)
return False, msg
if key == "http":
config_http = config.get("http")
if config_http is not None and not isinstance(config_http, bool):
msg = _("http should be a boolean; got %s instead" % config_http)
_LOG.error(msg)
return False, msg
if key == "https":
config_https = config.get("https")
if config_https is not None and not isinstance(config_https, bool):
msg = _("https should be a boolean; got %s instead" % config_https)
_LOG.error(msg)
return False, msg
for key in config.keys():
if key not in REQUIRED_CONFIG_KEYS and key not in OPTIONAL_CONFIG_KEYS:
msg = _("Configuration key '%(key)s' is not supported" % {"key": key})
_LOG.error(msg)
return False, msg
if key == "protected":
protected = config.get("protected")
if not isinstance(protected, bool):
msg = _("protected should be a boolean; got %s instead" % protected)
_LOG.error(msg)
return False, msg
if key == "use_createrepo":
use_createrepo = config.get("use_createrepo")
if not isinstance(use_createrepo, bool):
msg = _("use_createrepo should be a boolean; got %s instead" % use_createrepo)
_LOG.error(msg)
return False, msg
if key == "checksum_type":
checksum_type = config.get("checksum_type")
if checksum_type is not None and not util.is_valid_checksum_type(checksum_type):
msg = _("%s is not a valid checksum type" % checksum_type)
_LOG.error(msg)
return False, msg
if key == "skip":
metadata_types = config.get("skip")
if not isinstance(metadata_types, list):
msg = _("skip should be a dictionary; got %s instead" % metadata_types)
_LOG.error(msg)
return False, msg
if key == "auth_cert":
auth_pem = config.get("auth_cert").encode("utf-8")
if auth_pem is not None and not util.validate_cert(auth_pem):
msg = _("auth_cert is not a valid certificate")
_LOG.error(msg)
return False, msg
auth_cert_bundle["cert"] = auth_pem
if key == "auth_ca":
auth_ca = config.get("auth_ca").encode("utf-8")
if auth_ca is not None and not util.validate_cert(auth_ca):
msg = _("auth_ca is not a valid certificate")
_LOG.error(msg)
return False, msg
auth_cert_bundle["ca"] = auth_ca
# process auth certs
repo_relative_path = self.get_repo_relative_path(repo, config)
if repo_relative_path.startswith("/"):
repo_relative_path = repo_relative_path[1:]
self.process_repo_auth_certificate_bundle(repo.id, repo_relative_path, auth_cert_bundle)
# If overriding https publish dir, be sure it exists and we can write to it
publish_dir = config.get("https_publish_dir")
if publish_dir:
if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir):
msg = _(
"Value for 'https_publish_dir' is not an existing directory: %(publish_dir)s"
% {"publish_dir": publish_dir}
)
return False, msg
if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK):
msg = _(
"Unable to read & write to specified 'https_publish_dir': %(publish_dir)s"
% {"publish_dir": publish_dir}
)
return False, msg
publish_dir = config.get("http_publish_dir")
if publish_dir:
if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir):
msg = _(
"Value for 'http_publish_dir' is not an existing directory: %(publish_dir)s"
% {"publish_dir": publish_dir}
)
return False, msg
if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK):
msg = _(
"Unable to read & write to specified 'http_publish_dir': %(publish_dir)s"
% {"publish_dir": publish_dir}
)
return False, msg
rel_url = config.get("relative_url")
if rel_url:
conflict_status, conflict_msg = self.does_rel_url_conflict(rel_url, related_repos)
if conflict_status:
_LOG.info(conflict_msg)
return False, conflict_msg
return True, None
