def create_transport_udp(generic_options, compression_options, crypto_options): """ Validate creating udp/udpu transport options dict generic_options -- generic transport options dict compression_options -- compression options dict crypto_options -- crypto options """ # No need to support force: # * values are either an enum or numbers with no range set - nothing to # force # * names are strictly set as we cannot risk the user overwrites some # setting they should not to # * changes to names and values in corosync are very rare allowed_options = [ "ip_version", "netmtu", ] validators = [ validate.value_in("ip_version", constants.IP_VERSION_VALUES), validate.value_positive_integer("netmtu"), ] report_items = (validate.run_collection_of_option_validators( generic_options, validators) + validate.names_in( allowed_options, generic_options.keys(), "udp/udpu transport")) if compression_options: report_items.append( reports.corosync_transport_unsupported_options( "compression", "udp/udpu", ("knet", ))) if crypto_options: report_items.append( reports.corosync_transport_unsupported_options( "crypto", "udp/udpu", ("knet", ))) return report_items
def validate_new(id_provider, bundle_id, container_type, container_options, network_options, port_map, storage_map, force_options=False): """ Validate new bundle parameters, return list of report items IdProvider id_provider -- elements' ids generator and uniqueness checker string bundle_id -- id of the bundle string container_type -- bundle container type dict container_options -- container options dict network_options -- network options list of dict port_map -- list of port mapping options list of dict storage_map -- list of storage mapping options bool force_options -- return warnings instead of forceable errors """ return (validate.run_collection_of_option_validators( {"id": bundle_id}, [ # with id_provider it validates that the id is available as well validate.value_id("id", "bundle name", id_provider), ]) + validate_reset(id_provider, container_type, container_options, network_options, port_map, storage_map, force_options))
def __validate_quorum_device_update_heuristics( self, heuristics_options, force_options=False ): report_list = [] options_nonexec, options_exec = self.__split_heuristics_exec_options( heuristics_options ) validators = self.__get_heuristics_options_validators( allow_empty_values=True, force_options=force_options ) # no validation necessary for values of valid exec options - they are # either empty (meaning they should be removed) or nonempty strings exec_options_reports, dummy_valid_exec_options = ( self.__validate_heuristics_exec_option_names(options_exec) ) report_list.extend( validate.run_collection_of_option_validators( heuristics_options, validators ) + self.__validate_heuristics_noexec_option_names( options_nonexec, force_options=force_options ) + exec_options_reports ) return report_list
def _validate_sbd_options(sbd_config, allow_unknown_opts=False, allow_invalid_option_values=False): """ Validate user SBD configuration. Options 'SBD_WATCHDOG_DEV' and 'SBD_OPTS' are restricted. Returns list of ReportItem sbd_config -- dictionary in format: <SBD config option>: <value> allow_unknown_opts -- if True, accept also unknown options. """ validators = [ validate.value_nonnegative_integer("SBD_WATCHDOG_TIMEOUT"), validate.value_in( "SBD_TIMEOUT_ACTION", TIMEOUT_ACTION_ALLOWED_VALUE_LIST, code_to_allow_extra_values=report_codes.FORCE_OPTIONS, extra_values_allowed=allow_invalid_option_values, ), ] return (validate.names_in( ALLOWED_SBD_OPTION_LIST, sbd_config.keys(), option_type=None, banned_name_list=UNSUPPORTED_SBD_OPTION_LIST, code_to_allow_extra_names=report_codes.FORCE_OPTIONS, extra_names_allowed=allow_unknown_opts, ) + validate.run_collection_of_option_validators(sbd_config, validators))
def _validate_container(container_type, container_options, force_options=False): if not container_type in GENERIC_CONTAINER_TYPES: return [ reports.invalid_option_value( "container type", container_type, GENERIC_CONTAINER_TYPES, ) ] validators = [ validate.is_required("image", "container"), validate.value_not_empty("image", "image name"), validate.value_nonnegative_integer("masters"), validate.value_nonnegative_integer("promoted-max"), validate.mutually_exclusive(["masters", "promoted-max"], "container"), validate.value_positive_integer("replicas"), validate.value_positive_integer("replicas-per-host"), ] deprecation_reports = [] if "masters" in container_options: deprecation_reports.append( reports.deprecated_option("masters", ["promoted-max"], "container", severity=ReportItemSeverity.WARNING)) return (validate.run_collection_of_option_validators( container_options, validators) + deprecation_reports + validate.names_in(GENERIC_CONTAINER_OPTIONS, container_options.keys(), "container", report_codes.FORCE_OPTIONS, force_options))
def _qdevice_add_heuristics_options(options, force_options=False): """ Validate quorum device heuristics options when adding a quorum device dict options -- heuristics options bool force_options -- turn forceable errors into warnings """ options_nonexec, options_exec = _split_heuristics_exec_options(options) validators = _get_qdevice_heuristics_options_validators( force_options=force_options ) exec_options_reports, valid_exec_options = ( _validate_heuristics_exec_option_names(options_exec) ) for option in valid_exec_options: validators.append( validate.value_not_empty(option, "a command to be run") ) return ( validate.run_collection_of_option_validators(options, validators) + _validate_heuristics_noexec_option_names( options_nonexec, force_options=force_options ) + exec_options_reports )
def initialize_block_devices(lib_env, device_list, option_dict): """ Initialize SBD devices in device_list with options_dict. lib_env -- LibraryEnvironment device_list -- list of strings option_dict -- dictionary """ report_item_list = [] if not device_list: report_item_list.append(reports.required_option_is_missing(["device"])) supported_options = sbd.DEVICE_INITIALIZATION_OPTIONS_MAPPING.keys() report_item_list += names_in(supported_options, option_dict.keys()) validator_list = [ value_nonnegative_integer(key) for key in supported_options ] report_item_list += run_collection_of_option_validators( option_dict, validator_list ) lib_env.report_processor.process_list(report_item_list) sbd.initialize_block_devices( lib_env.report_processor, lib_env.cmd_runner(), device_list, option_dict )
def initialize_block_devices(lib_env, device_list, option_dict): """ Initialize SBD devices in device_list with options_dict. lib_env -- LibraryEnvironment device_list -- list of strings option_dict -- dictionary """ report_item_list = [] if not device_list: report_item_list.append(reports.required_option_is_missing(["device"])) supported_options = sbd.DEVICE_INITIALIZATION_OPTIONS_MAPPING.keys() report_item_list += names_in(supported_options, option_dict.keys()) validator_list = [ value_nonnegative_integer(key) for key in supported_options ] report_item_list += run_collection_of_option_validators( option_dict, validator_list ) lib_env.report_processor.process_list(report_item_list) sbd.initialize_block_devices( lib_env.report_processor, lib_env.cmd_runner(), device_list, option_dict )
def _qdevice_update_model_net_options(options, node_ids, force_options=False): """ Validate quorum device model options when updating a quorum device dict options -- model options list node_ids -- list of existing node ids bool force_options -- turn forceable errors into warnings """ allowed_options = ( _QDEVICE_NET_REQUIRED_OPTIONS + _QDEVICE_NET_OPTIONAL_OPTIONS ) option_type = "quorum device model" validators = _get_qdevice_model_net_options_validators( node_ids, allow_empty_values=True, force_options=force_options ) return ( validate.run_collection_of_option_validators(options, validators) + validate.names_in( allowed_options, options.keys(), option_type, **validate.allow_extra_names( report_codes.FORCE_OPTIONS, force_options ) ) )
def test_no_wrap(self): validators = validate.wrap_with_empty_or_valid(self.validators, wrap=False) validators.append(validate.value_port_number("c")) assert_report_item_list_equal( validate.run_collection_of_option_validators( { "a": "", "b": "", "c": "" }, validators), [ fixture.error( report_codes.INVALID_OPTION_VALUE, option_name="a", option_value="", allowed_values=["x", "y", "z"], ), fixture.error( report_codes.INVALID_OPTION_VALUE, option_name="b", option_value="", allowed_values="0..9", ), fixture.error( report_codes.INVALID_OPTION_VALUE, option_name="c", option_value="", allowed_values="a port number (1-65535)", ), ])
def test_no_wrap(self): validators = validate.wrap_with_empty_or_valid( self.validators, wrap=False ) validators.append(validate.value_port_number("c")) assert_report_item_list_equal( validate.run_collection_of_option_validators( {"a": "", "b": "", "c": ""}, validators ), [ fixture.error( report_codes.INVALID_OPTION_VALUE, option_name="a", option_value="", allowed_values=["x", "y", "z"], ), fixture.error( report_codes.INVALID_OPTION_VALUE, option_name="b", option_value="", allowed_values="0..9", ), fixture.error( report_codes.INVALID_OPTION_VALUE, option_name="c", option_value="", allowed_values="a port number (1-65535)", ), ] )
def _qdevice_update_heuristics_options(options, force_options=False): """ Validate quorum device heuristics options when updating a quorum device dict options -- heuristics options bool force_options -- turn forceable errors into warnings """ options_nonexec, options_exec = _split_heuristics_exec_options(options) validators = _get_qdevice_heuristics_options_validators( allow_empty_values=True, force_options=force_options ) # No validation necessary for values of valid exec options - they are # either empty (meaning they will be removed) or nonempty strings. exec_options_reports, dummy_valid_exec_options = ( _validate_heuristics_exec_option_names(options_exec) ) return ( validate.run_collection_of_option_validators(options, validators) + _validate_heuristics_noexec_option_names( options_nonexec, force_options=force_options ) + exec_options_reports )
def _validate_storage_map_list(options_list, id_provider, force_options): allowed_options = [ "id", "options", "source-dir", "source-dir-root", "target-dir", ] source_dir_options = ["source-dir", "source-dir-root"] validators = [ validate.value_id("id", "storage-map id", id_provider), validate.is_required_some_of(source_dir_options, "storage-map"), validate.mutually_exclusive(source_dir_options, "storage-map"), validate.is_required("target-dir", "storage-map"), ] report_list = [] for options in options_list: report_list.extend( validate.run_collection_of_option_validators(options, validators) + validate.names_in( allowed_options, options.keys(), "storage-map", report_codes.FORCE_OPTIONS, force_options ) ) return report_list
def _validate_port_map_list(options_list, id_provider, force_options): allowed_options = [ "id", "port", "internal-port", "range", ] validators = [ validate.value_id("id", "port-map id", id_provider), validate.depends_on_option("internal-port", "port", "port-map", "port-map"), validate.is_required_some_of(["port", "range"], "port-map"), validate.mutually_exclusive(["port", "range"], "port-map"), validate.value_port_number("port"), validate.value_port_number("internal-port"), validate.value_port_range( "range", code_to_allow_extra_values=report_codes.FORCE_OPTIONS, allow_extra_values=force_options), ] report_list = [] for options in options_list: report_list.extend( validate.run_collection_of_option_validators(options, validators) + validate.names_in(allowed_options, options.keys(), "port-map", report_codes.FORCE_OPTIONS, force_options)) return report_list
def _validate_container_docker_options_update( docker_el, options, force_options ): validators = [ # image is a mandatory attribute and cannot be removed validate.value_not_empty("image", "image name"), validate.value_empty_or_valid( "masters", validate.value_nonnegative_integer("masters") ), validate.value_empty_or_valid( "replicas", validate.value_positive_integer("replicas") ), validate.value_empty_or_valid( "replicas-per-host", validate.value_positive_integer("replicas-per-host") ), ] return ( validate.run_collection_of_option_validators(options, validators) + validate.names_in( # allow to remove options even if they are not allowed _docker_options | _options_to_remove(options), options.keys(), "container", report_codes.FORCE_OPTIONS, force_options ) )
def _validate_sbd_options( sbd_config, allow_unknown_opts=False, allow_invalid_option_values=False ): """ Validate user SBD configuration. Options 'SBD_WATCHDOG_DEV' and 'SBD_OPTS' are restricted. Returns list of ReportItem sbd_config -- dictionary in format: <SBD config option>: <value> allow_unknown_opts -- if True, accept also unknown options. """ validators = [ validate.value_nonnegative_integer("SBD_WATCHDOG_TIMEOUT"), validate.value_in( "SBD_TIMEOUT_ACTION", TIMEOUT_ACTION_ALLOWED_VALUE_LIST, code_to_allow_extra_values=report_codes.FORCE_OPTIONS, extra_values_allowed=allow_invalid_option_values, ), ] return ( validate.names_in( ALLOWED_SBD_OPTION_LIST, sbd_config.keys(), option_type=None, banned_name_list=UNSUPPORTED_SBD_OPTION_LIST, code_to_allow_extra_names=report_codes.FORCE_OPTIONS, extra_names_allowed=allow_unknown_opts, ) + validate.run_collection_of_option_validators(sbd_config, validators) )
def __validate_quorum_device_add_heuristics( self, heuristics_options, force_options=False ): report_list = [] options_nonexec, options_exec = self.__split_heuristics_exec_options( heuristics_options ) validators = self.__get_heuristics_options_validators( force_options=force_options ) exec_options_reports, valid_exec_options = ( self.__validate_heuristics_exec_option_names(options_exec) ) for option in valid_exec_options: validators.append( validate.value_not_empty(option, "a command to be run") ) report_list.extend( validate.run_collection_of_option_validators( heuristics_options, validators ) + self.__validate_heuristics_noexec_option_names( options_nonexec, force_options=force_options ) + exec_options_reports ) return report_list
def validate_set_as_guest(tree, nodes, node_name, options): report_list = validate.names_in( GUEST_OPTIONS, options.keys(), "guest", ) validator_list = [ validate.value_time_interval("remote-connect-timeout"), validate.value_port_number("remote-port"), ] report_list.extend( validate.run_collection_of_option_validators(options, validator_list)) report_list.extend(validate_conflicts(tree, nodes, node_name, options)) if not node_name.strip(): report_list.append( reports.invalid_option_value( "node name", node_name, "no empty value", )) return report_list
def _validate_network_options_update(bundle_el, network_el, options, force_options): report_list = [] inner_primitive = get_inner_resource(bundle_el) if (inner_primitive is not None and not _is_pcmk_remote_acccessible_after_update(network_el, options)): report_list.append( reports.get_problem_creator( report_codes.FORCE_OPTIONS, force_options)(reports.resource_in_bundle_not_accessible, bundle_el.get("id"), inner_primitive.get("id"))) validators = [ # TODO add validators for other keys (ip-range-start - IPv4) validate.value_empty_or_valid( "control-port", validate.value_port_number("control-port"), ), validate.value_empty_or_valid( "host-netmask", _value_host_netmask("host-netmask", force_options), ), ] return (report_list + validate.run_collection_of_option_validators(options, validators) + validate.names_in( # allow to remove options even if they are not allowed _network_options | _options_to_remove(options), options.keys(), "network", report_codes.FORCE_OPTIONS, force_options))
def create_totem(options): """ Validate creating the "totem" section dict options -- totem options """ # No need to support force: # * values are either bool or numbers with no range set - nothing to force # * names are strictly set as we cannot risk the user overwrites some # setting they should not to # * changes to names and values in corosync are very rare allowed_options = [ "consensus", "downcheck", "fail_recv_const", "heartbeat_failures_allowed", "hold", "join", "max_messages", "max_network_delay", "merge", "miss_count_const", "send_join", "seqno_unchanged_const", "token", "token_coefficient", "token_retransmit", "token_retransmits_before_loss_const", "window_size", ] validators = [ validate.value_nonnegative_integer("consensus"), validate.value_nonnegative_integer("downcheck"), validate.value_nonnegative_integer("fail_recv_const"), validate.value_nonnegative_integer("heartbeat_failures_allowed"), validate.value_nonnegative_integer("hold"), validate.value_nonnegative_integer("join"), validate.value_nonnegative_integer("max_messages"), validate.value_nonnegative_integer("max_network_delay"), validate.value_nonnegative_integer("merge"), validate.value_nonnegative_integer("miss_count_const"), validate.value_nonnegative_integer("send_join"), validate.value_nonnegative_integer("seqno_unchanged_const"), validate.value_nonnegative_integer("token"), validate.value_nonnegative_integer("token_coefficient"), validate.value_nonnegative_integer("token_retransmit"), validate.value_nonnegative_integer( "token_retransmits_before_loss_const" ), validate.value_nonnegative_integer("window_size"), ] report_items = ( validate.run_collection_of_option_validators(options, validators) + validate.names_in(allowed_options, options.keys(), "totem") ) return report_items
def _validate_network_options_new(options, force_options): validators = [ # TODO add validators for other keys (ip-range-start - IPv4) validate.value_port_number("control-port"), _value_host_netmask("host-netmask", force_options), ] return (validate.run_collection_of_option_validators(options, validators) + validate.names_in(_network_options, options.keys(), "network", report_codes.FORCE_OPTIONS, force_options))
def test_collect_all_errors_from_specifications(self): specification = [ lambda option_dict: ["A{0}".format(option_dict["x"])], lambda option_dict: ["B"], ] self.assertEqual(["Ay", "B"], validate.run_collection_of_option_validators( {"x": "y"}, specification))
def _validate_generic_container_options_update(docker_el, options, force_options): validators = [ # image is a mandatory attribute and cannot be removed validate.value_not_empty("image", "image name"), validate.value_empty_or_valid( "masters", validate.value_nonnegative_integer("masters")), validate.value_empty_or_valid( "promoted-max", validate.value_nonnegative_integer("promoted-max")), validate.value_empty_or_valid( "replicas", validate.value_positive_integer("replicas")), validate.value_empty_or_valid( "replicas-per-host", validate.value_positive_integer("replicas-per-host")), ] # CIB does not allow both to be set. Deleting both is not a problem, # though. Deleting one while setting another also works and is further # checked bellow. if not (options.get("masters", "") == "" or options.get("promoted-max", "") == ""): validators.append( validate.mutually_exclusive(["masters", "promoted-max"], "container")) deprecation_reports = [] if options.get("masters"): # If the user wants to delete the masters option, do not report it is # deprecated. They may be removing it because they just found out it is # deprecated. deprecation_reports.append( reports.deprecated_option("masters", ["promoted-max"], "container", severity=ReportItemSeverity.WARNING)) # Do not allow to set masters if promoted-max is set unless promoted-max is # going to be removed now. Do the same check also the other way around. CIB # only allows one of them to be set. if (options.get("masters") and docker_el.get("promoted-max") and options.get("promoted-max") != ""): deprecation_reports.append( reports.prerequisite_option_must_not_be_set( "masters", "promoted-max", "container", "container")) if (options.get("promoted-max") and docker_el.get("masters") and options.get("masters") != ""): deprecation_reports.append( reports.prerequisite_option_must_not_be_set( "promoted-max", "masters", "container", "container")) return (validate.run_collection_of_option_validators(options, validators) + deprecation_reports + validate.names_in( # allow to remove options even if they are not allowed _generic_container_options | _options_to_remove(options), options.keys(), "container", report_codes.FORCE_OPTIONS, force_options))
def _validate_container_docker_options_new(options, force_options): validators = [ validate.is_required("image", "container"), validate.value_not_empty("image", "image name"), validate.value_nonnegative_integer("masters"), validate.value_positive_integer("replicas"), validate.value_positive_integer("replicas-per-host"), ] return (validate.run_collection_of_option_validators(options, validators) + validate.names_in(_docker_options, options.keys(), "container", report_codes.FORCE_OPTIONS, force_options))
def test_collect_all_errors_from_specifications(self): specification = [ lambda option_dict: ["A{0}".format(option_dict["x"])], lambda option_dict: ["B"], ] self.assertEqual( ["Ay", "B"], validate.run_collection_of_option_validators( {"x": "y"}, specification ) )
def create_link_list_udp(link_list): """ Validate creating udp/udpu link (interface) list options iterable link_list -- list of link options """ if not link_list: # It is not mandatory to set link options. If an empty link list is # provided, everything is fine and we have nothing to validate. return [] allowed_options = [ "bindnetaddr", "broadcast", "mcastaddr", "mcastport", "ttl", ] validators = [ validate.value_ip_address("bindnetaddr"), validate.value_in("broadcast", ("0", "1")), validate.value_ip_address("mcastaddr"), validate.value_port_number("mcastport"), validate.value_integer_in_range("ttl", 0, 255), ] options = link_list[0] report_items = ( validate.run_collection_of_option_validators(options, validators) + validate.names_in(allowed_options, options.keys(), "link") ) # default values taken from `man corosync.conf` if options.get("broadcast", "0") == "1" and "mcastaddr" in options: report_items.append( reports.prerequisite_option_must_be_disabled( "mcastaddr", "broadcast", option_type="link", prerequisite_type="link" ) ) link_count = len(link_list) if link_count > constants.LINKS_UDP_MAX: report_items.append( reports.corosync_too_many_links( link_count, constants.LINKS_UDP_MAX, "udp/udpu" ) ) return report_items
def validate_new( id_provider, bundle_id, container_type, container_options, network_options, port_map, storage_map, force_options=False ): """ Validate new bundle parameters, return list of report items IdProvider id_provider -- elements' ids generator and uniqueness checker string bundle_id -- id of the bundle string container_type -- bundle container type dict container_options -- container options dict network_options -- network options list of dict port_map -- list of port mapping options list of dict storage_map -- list of storage mapping options bool force_options -- return warnings instead of forceable errors """ report_list = [] report_list.extend( validate.run_collection_of_option_validators( {"id": bundle_id}, [ # with id_provider it validates that the id is available as well validate.value_id("id", "bundle name", id_provider), ] ) ) aux_reports = _validate_container_type(container_type) report_list.extend(aux_reports) if not ReportListAnalyzer(aux_reports).error_list: report_list.extend( # TODO call the proper function once more container_types are # supported by pacemaker _validate_container_docker_options_new( container_options, force_options ) ) report_list.extend( _validate_network_options_new(network_options, force_options) ) report_list.extend( _validate_port_map_list(port_map, id_provider, force_options) ) report_list.extend( _validate_storage_map_list(storage_map, id_provider, force_options) ) return report_list
def _qdevice_update_generic_options(options, force_options=False): """ Validate quorum device generic options when updating a quorum device dict options -- generic options bool force_options -- turn forceable errors into warnings """ validators = _get_qdevice_generic_options_validators( allow_empty_values=True, force_options=force_options) report_items = validate.run_collection_of_option_validators( options, validators) report_items.extend( _validate_qdevice_generic_options_names(options, force_options=force_options)) return report_items
def _validate_quorum_options(options, has_qdevice, allow_empty_values): validators = _get_quorum_options_validators(allow_empty_values) report_items = ( validate.run_collection_of_option_validators(options, validators) + validate.names_in(constants.QUORUM_OPTIONS, options.keys(), "quorum")) if has_qdevice: qdevice_incompatible_options = [ name for name in options if name in constants.QUORUM_OPTIONS_INCOMPATIBLE_WITH_QDEVICE ] if qdevice_incompatible_options: report_items.append( reports.corosync_options_incompatible_with_qdevice( qdevice_incompatible_options)) return report_items
def add_quorum_device( model, model_options, generic_options, heuristics_options, node_ids, force_model=False, force_options=False ): """ Validate adding a quorum device string model -- quorum device model dict model_options -- model specific options dict generic_options -- generic quorum device options dict heuristics_options -- heuristics options list node_ids -- list of existing node ids bool force_model -- continue even if the model is not valid bool force_options -- turn forceable errors into warnings """ report_items = [] model_validators = { "net": lambda: _qdevice_add_model_net_options( model_options, node_ids, force_options ), } if model in model_validators: report_items += model_validators[model]() else: report_items += validate.run_collection_of_option_validators( {"model": model}, [ validate.value_in( "model", list(model_validators.keys()), **validate.allow_extra_values( report_codes.FORCE_QDEVICE_MODEL, force_model ) ) ] ) return ( report_items + _qdevice_add_generic_options(generic_options, force_options) + _qdevice_add_heuristics_options(heuristics_options, force_options) )
def validate_operation(operation, options_validator_list): """ Return a list with reports (ReportItems) about problems inside operation. dict operation contains attributes of operation """ report_list = validate.names_in( ATTRIBUTES, operation.keys(), "resource operation", ) report_list.extend( validate.run_collection_of_option_validators(operation, options_validator_list)) return report_list
def validate_operation(operation, options_validator_list): """ Return a list with reports (ReportItems) about problems inside operation. dict operation contains attributes of operation """ report_list = validate.names_in( ATTRIBUTES, operation.keys(), "resource operation", ) report_list.extend(validate.run_collection_of_option_validators( operation, options_validator_list )) return report_list
def _validate_generic_container_options_new(options, force_options): validators = [ validate.is_required("image", "container"), validate.value_not_empty("image", "image name"), validate.value_nonnegative_integer("masters"), validate.value_nonnegative_integer("promoted-max"), validate.mutually_exclusive(["masters", "promoted-max"], "container"), validate.value_positive_integer("replicas"), validate.value_positive_integer("replicas-per-host"), ] deprecation_reports = [] if "masters" in options: deprecation_reports.append( reports.deprecated_option("masters", ["promoted-max"], "container", severity=ReportItemSeverity.WARNING)) return (validate.run_collection_of_option_validators(options, validators) + deprecation_reports + validate.names_in( _generic_container_options, options.keys(), "container", report_codes.FORCE_OPTIONS, force_options))
def _validate_network_options_update(network_el, options, force_options): validators = [ # TODO add validators for other keys (ip-range-start - IPv4) validate.value_empty_or_valid( "control-port", validate.value_port_number("control-port"), ), validate.value_empty_or_valid( "host-netmask", _value_host_netmask("host-netmask", force_options), ), ] return (validate.run_collection_of_option_validators(options, validators) + validate.names_in( # allow to remove options even if they are not allowed _network_options | _options_to_remove(options), options.keys(), "network", report_codes.FORCE_OPTIONS, force_options))
def create_transport_knet(generic_options, compression_options, crypto_options): """ Validate creating knet transport options dict generic_options -- generic transport options dict compression_options -- compression options dict crypto_options -- crypto options """ # No need to support force: # * values are either an enum or numbers with no range set - nothing to force # * names are strictly set as we cannot risk the user overwrites some # setting they should not to # * changes to names and values in corosync are very rare generic_allowed = [ "ip_version", # It tells knet which IP to prefer. "knet_pmtud_interval", "link_mode", ] generic_validators = [ validate.value_in("ip_version", ("ipv4", "ipv6")), validate.value_nonnegative_integer("knet_pmtud_interval"), validate.value_in("link_mode", ("active", "passive", "rr")), ] compression_allowed = [ "level", "model", "threshold", ] compression_validators = [ validate.value_nonnegative_integer("level"), validate.value_not_empty( "model", "a compression model e.g. zlib, lz4 or bzip2" ), validate.value_nonnegative_integer("threshold"), ] crypto_type = "crypto" crypto_allowed = [ "cipher", "hash", "model", ] crypto_validators = [ validate.value_in( "cipher", ("none", "aes256", "aes192", "aes128", "3des") ), validate.value_in( "hash", ("none", "md5", "sha1", "sha256", "sha384", "sha512") ), validate.value_in("model", ("nss", "openssl")), ] report_items = ( validate.run_collection_of_option_validators( generic_options, generic_validators ) + validate.names_in( generic_allowed, generic_options.keys(), "knet transport" ) + validate.run_collection_of_option_validators( compression_options, compression_validators ) + validate.names_in( compression_allowed, compression_options.keys(), "compression" ) + validate.run_collection_of_option_validators( crypto_options, crypto_validators ) + validate.names_in( crypto_allowed, crypto_options.keys(), crypto_type ) ) if ( # default values taken from `man corosync.conf` crypto_options.get("cipher", "aes256") != "none" and crypto_options.get("hash", "sha1") == "none" ): report_items.append( reports.prerequisite_option_must_be_enabled_as_well( "cipher", "hash", option_type="crypto", prerequisite_type="crypto" ) ) return report_items