예제 #1
0
 def validate_config(self, repo, config, related_repos):
     _LOG.info("validate_config invoked, config values are: %s" % (config.repo_plugin_config))
     for key in REQUIRED_CONFIG_KEYS:
         value = config.get(key)
         if value is None:
             msg = _("Missing required configuration key: %(key)s" % {"key":key})
             _LOG.error(msg)
             return False, msg
         if key == 'http':
             config_http = config.get('http')
             if config_http is not None and not isinstance(config_http, bool):
                 msg = _("http should be a boolean; got %s instead" % config_http)
                 _LOG.error(msg)
                 return False, msg
         if key == 'https':
             config_https = config.get('https')
             if config_https is not None and not isinstance(config_https, bool):
                 msg = _("https should be a boolean; got %s instead" % config_https)
                 _LOG.error(msg)
                 return False, msg
     for key in config.keys():
         if key not in REQUIRED_CONFIG_KEYS and key not in OPTIONAL_CONFIG_KEYS:
             msg = _("Configuration key '%(key)s' is not supported" % {"key":key})
             _LOG.error(msg)
             return False, msg
         if key == 'skip':
             metadata_types = config.get('skip')
             if metadata_types is not None and not isinstance(metadata_types, list):
                 msg = _("skip should be a dictionary; got %s instead" % metadata_types)
                 _LOG.error(msg)
                 return False, msg
         if key == 'https_ca':
             https_ca = config.get('https_ca').encode('utf-8')
             if https_ca is not None and not util.validate_cert(https_ca):
                 msg = _("https_ca is not a valid certificate")
                 _LOG.error(msg)
                 return False, msg
         if key == 'iso_prefix':
             iso_prefix = config.get('iso_prefix')
             if iso_prefix is not None and (not isinstance(iso_prefix, str) or not iso_util.is_valid_prefix(iso_prefix)):
                 msg = _("iso_prefix is not a valid string; valid supported characters include %s" % iso_util.ISO_NAME_REGEX.pattern)
                 _LOG.error(msg)
                 return False, msg
     publish_dir = config.get("https_publish_dir")
     if publish_dir:
         if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir):
             msg = _("Value for 'https_publish_dir' is not an existing directory: %(publish_dir)s" % {"publish_dir":publish_dir})
             return False, msg
         if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK):
             msg = _("Unable to read & write to specified 'https_publish_dir': %(publish_dir)s" % {"publish_dir":publish_dir})
             return False, msg
     publish_dir = config.get("http_publish_dir")
     if publish_dir:
         if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir):
             msg = _("Value for 'http_publish_dir' is not an existing directory: %(publish_dir)s" % {"publish_dir":publish_dir})
             return False, msg
         if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK):
             msg = _("Unable to read & write to specified 'http_publish_dir': %(publish_dir)s" % {"publish_dir":publish_dir})
             return False, msg
     return True, None
예제 #2
0
def _validate_certificate(key, cert, error_messages):
    cert = cert.encode("utf-8")

    if util.validate_cert(cert):
        return

    msg = _("Configuration value for [%(k)s] is not a valid certificate")
    error_messages.append(msg % {"k": key})
예제 #3
0
def _validate_certificate(key, cert, error_messages):
    cert = cert.encode('utf-8')

    if util.validate_cert(cert):
        return

    msg = _('Configuration value for [%(k)s] is not a valid certificate')
    error_messages.append(msg % {'k': key})
예제 #4
0
def _validate_ssl_cert(config, setting_name):
    """
    Ensure that the setting_name from config is a valid SSL certificate, if it is given. This setting is not
    required.

    :param config:       The config to validate
    :type  config:       pulp.plugins.config.PluginCallConfiguration
    :param setting_name: The name of the setting that needs to be validated
    :type  setting_name: str
    """
    ssl_cert = config.get(setting_name)
    if not ssl_cert:
        # The cert is not required
        return
    if not yum_utils.validate_cert(ssl_cert):
        msg = _("The SSL certificate <%(s)s> is not a valid certificate.")
        msg = msg % {"s": setting_name}
        raise configuration_utils.ValidationError(msg)
예제 #5
0
def _validate_ssl_cert(config, setting_name):
    """
    Ensure that the setting_name from config is a valid SSL certificate, if it is given. This
    setting is not
    required.

    :param config:       The config to validate
    :type  config:       pulp.plugins.config.PluginCallConfiguration
    :param setting_name: The name of the setting that needs to be validated
    :type  setting_name: str
    """
    ssl_cert = config.get(setting_name)
    if not ssl_cert:
        # The cert is not required
        return
    if not yum_utils.validate_cert(ssl_cert):
        msg = _("The SSL certificate <%(s)s> is not a valid certificate.")
        msg = msg % {'s': setting_name}
        raise configuration_utils.ValidationError(msg)
예제 #6
0
파일: importer.py 프로젝트: stpierre/pulp
    def validate_config(self, repo, config, related_repos):
        _LOG.info("validate_config invoked, config values are: %s" % (config.repo_plugin_config))
        for key in REQUIRED_CONFIG_KEYS:
            if key not in config.keys():
                msg = _("Missing required configuration key: %(key)s" % {"key":key})
                _LOG.error(msg)
                return False, msg

        for key in config.keys():
            if key not in REQUIRED_CONFIG_KEYS and key not in OPTIONAL_CONFIG_KEYS:
                msg = _("Configuration key '%(key)s' is not supported" % {"key":key})
                _LOG.error(msg)
                return False, msg
            if key == 'feed_url':
                feed_url = config.get('feed_url')
                if not util.validate_feed(feed_url):
                    msg = _("feed_url [%s] does not start with a valid protocol" % feed_url)
                    _LOG.error(msg)
                    return False, msg
            if key == 'ssl_verify':
                ssl_verify = config.get('ssl_verify')
                if ssl_verify is not None and not isinstance(ssl_verify, bool) :
                    msg = _("ssl_verify should be a boolean; got %s instead" % ssl_verify)
                    _LOG.error(msg)
                    return False, msg

            if key == 'ssl_ca_cert':
                ssl_ca_cert = config.get('ssl_ca_cert').encode('utf-8')
                if ssl_ca_cert is not None:
                    if not util.validate_cert(ssl_ca_cert) :
                        msg = _("ssl_ca_cert is not a valid certificate")
                        _LOG.error(msg)
                        return False, msg
                    # ssl_ca_cert is valid, proceed to store it in our repo.working_dir
                    ssl_ca_cert_filename = os.path.join(repo.working_dir, "ssl_ca_cert")
                    try:
                        try:
                            ssl_ca_cert_file = open(ssl_ca_cert_filename, "w")
                            ssl_ca_cert_file.write(ssl_ca_cert)
                        finally:
                            if ssl_ca_cert_file:
                                ssl_ca_cert_file.close()
                    except Exception, e:
                        msg = _("Unable to write ssl_ca_cert to %s" % ssl_ca_cert_filename)
                        _LOG.error(e)
                        _LOG.error(msg)
                        return False, msg

            if key == 'ssl_client_cert':
                ssl_client_cert = config.get('ssl_client_cert').encode('utf-8')
                if ssl_client_cert is not None:
                    if not util.validate_cert(ssl_client_cert) :
                        msg = _("ssl_client_cert is not a valid certificate")
                        _LOG.error(msg)
                        return False, msg
                    # ssl_client_cert is valid, proceed to store it in our repo.working_dir
                    ssl_client_cert_filename = os.path.join(repo.working_dir, "ssl_client_cert")
                    try:
                        try:
                            ssl_client_cert_file = open(ssl_client_cert_filename, "w")
                            ssl_client_cert_file.write(ssl_client_cert)
                        finally:
                            if ssl_client_cert_file:
                                ssl_client_cert_file.close()
                    except Exception, e:
                        msg = _("Unable to write ssl_client_cert to %s" % ssl_client_cert_filename)
                        _LOG.error(e)
                        _LOG.error(msg)
                        return False, msg
예제 #7
0
    def validate_config(self, repo, config, config_conduit):
        """
        Validate the distributor config. A tuple of status, msg will be returned. Status indicates success or failure
        with True/False values, and in the event of failure, msg will contain an error message.

        :param repo:          The repo that the config is for
        :type  repo:          pulp.server.db.model.repository.Repo
        :param config:        The configuration to be validated
        :type  config:        pulp.server.content.plugins.config.PluginCallConfiguration
        :param config_conduit: Configuration Conduit;
        :type  config_conduit: pulp.plugins.conduits.repo_validate.RepoConfigConduit
        :return:              tuple of status, message
        :rtype:               tuple
        """
        auth_cert_bundle = {}
        for key in REQUIRED_CONFIG_KEYS:
            value = config.get(key)
            if value is None:
                msg = _("Missing required configuration key: %(key)s" % {"key":key})
                _LOG.error(msg)
                return False, msg
            if key == 'relative_url':
                relative_path = config.get('relative_url')
                if relative_path is not None:
                    if not isinstance(relative_path, basestring):
                        msg = _("relative_url should be a basestring; got %s instead" % relative_path)
                        _LOG.error(msg)
                        return False, msg
                    if re.match('[^a-zA-Z0-9/_-]+', relative_path):
                        msg = _('relative_url must contain only alphanumerics, underscores, and dashes.')
                        _LOG.error(msg)
                        return False, msg
            if key == 'http':
                config_http = config.get('http')
                if config_http is not None and not isinstance(config_http, bool):
                    msg = _("http should be a boolean; got %s instead" % config_http)
                    _LOG.error(msg)
                    return False, msg
            if key == 'https':
                config_https = config.get('https')
                if config_https is not None and not isinstance(config_https, bool):
                    msg = _("https should be a boolean; got %s instead" % config_https)
                    _LOG.error(msg)
                    return False, msg
        for key in config.keys():
            if key not in REQUIRED_CONFIG_KEYS and key not in OPTIONAL_CONFIG_KEYS:
                msg = _("Configuration key '%(key)s' is not supported" % {"key":key})
                _LOG.error(msg)
                return False, msg
            if key == 'protected':
                protected = config.get('protected')
                if not isinstance(protected, bool):
                    msg = _("protected should be a boolean; got %s instead" % protected)
                    _LOG.error(msg)
                    return False, msg
            if key == 'use_createrepo':
                use_createrepo = config.get('use_createrepo')
                if not isinstance(use_createrepo, bool):
                    msg = _("use_createrepo should be a boolean; got %s instead" % use_createrepo)
                    _LOG.error(msg)
                    return False, msg
            if key == 'checksum_type':
                checksum_type = config.get('checksum_type')
                if checksum_type is not None and not util.is_valid_checksum_type(checksum_type):
                    msg = _("%s is not a valid checksum type" % checksum_type)
                    _LOG.error(msg)
                    return False, msg
            if key == 'skip':
                metadata_types = config.get('skip')
                if not isinstance(metadata_types, list):
                    msg = _("skip should be a dictionary; got %s instead" % metadata_types)
                    _LOG.error(msg)
                    return False, msg
            if key == 'auth_cert':
                auth_pem = config.get('auth_cert').encode('utf-8')
                if auth_pem is not None and not util.validate_cert(auth_pem):
                    msg = _("auth_cert is not a valid certificate")
                    _LOG.error(msg)
                    return False, msg
                auth_cert_bundle['cert'] = auth_pem
            if key == 'auth_ca':
                auth_ca = config.get('auth_ca').encode('utf-8')
                if auth_ca is not None and not util.validate_cert(auth_ca):
                    msg = _("auth_ca is not a valid certificate")
                    _LOG.error(msg)
                    return False, msg
                auth_cert_bundle['ca'] = auth_ca
        # process auth certs
        repo_relative_path = self.get_repo_relative_path(repo, config)
        if repo_relative_path.startswith("/"):
            repo_relative_path = repo_relative_path[1:]
        self.process_repo_auth_certificate_bundle(repo.id, repo_relative_path, auth_cert_bundle)
        # If overriding https publish dir, be sure it exists and we can write to it
        publish_dir = config.get("https_publish_dir")
        if publish_dir:
            if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir):
                msg = _("Value for 'https_publish_dir' is not an existing directory: %(publish_dir)s" % {"publish_dir":publish_dir})
                return False, msg
            if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK):
                msg = _("Unable to read & write to specified 'https_publish_dir': %(publish_dir)s" % {"publish_dir":publish_dir})
                return False, msg
        publish_dir = config.get("http_publish_dir")
        if publish_dir:
            if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir):
                msg = _("Value for 'http_publish_dir' is not an existing directory: %(publish_dir)s" % {"publish_dir":publish_dir})
                return False, msg
            if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK):
                msg = _("Unable to read & write to specified 'http_publish_dir': %(publish_dir)s" % {"publish_dir":publish_dir})
                return False, msg
        conflict_items = config_conduit.get_repo_distributors_by_relative_url(repo_relative_path, repo.id)
        if conflict_items.count() > 0:
            item = next(conflict_items)
            conflicting_url = item["repo_id"]
            if item['config']["relative_url"] is not None:
                conflicting_url = item['config']["relative_url"]
            conflict_msg = _("Relative url '%(rel_url)s' conflicts with existing relative_url of '%(conflict_rel_url)s' from repo '%(conflict_repo_id)s'" \
            % {"rel_url": repo_relative_path, "conflict_rel_url": conflicting_url, "conflict_repo_id": item["repo_id"]})
            _LOG.info(conflict_msg)
            return False, conflict_msg

        return True, None
예제 #8
0
 def validate_config(self, repo, config, related_repos):
     _LOG.info("validate_config invoked, config values are: %s" % (config.repo_plugin_config))
     auth_cert_bundle = {}
     for key in REQUIRED_CONFIG_KEYS:
         value = config.get(key)
         if value is None:
             msg = _("Missing required configuration key: %(key)s" % {"key":key})
             _LOG.error(msg)
             return False, msg
         if key == 'relative_url':
             relative_path = config.get('relative_url')
             if relative_path is not None and not isinstance(relative_path, basestring):
                 msg = _("relative_url should be a basestring; got %s instead" % relative_path)
                 _LOG.error(msg)
                 return False, msg
         if key == 'http':
             config_http = config.get('http')
             if config_http is not None and not isinstance(config_http, bool):
                 msg = _("http should be a boolean; got %s instead" % config_http)
                 _LOG.error(msg)
                 return False, msg
         if key == 'https':
             config_https = config.get('https')
             if config_https is not None and not isinstance(config_https, bool):
                 msg = _("https should be a boolean; got %s instead" % config_https)
                 _LOG.error(msg)
                 return False, msg
     for key in config.keys():
         if key not in REQUIRED_CONFIG_KEYS and key not in OPTIONAL_CONFIG_KEYS:
             msg = _("Configuration key '%(key)s' is not supported" % {"key":key})
             _LOG.error(msg)
             return False, msg
         if key == 'protected':
             protected = config.get('protected')
             if protected is not None and not isinstance(protected, bool):
                 msg = _("protected should be a boolean; got %s instead" % protected)
                 _LOG.error(msg)
                 return False, msg
         if key == 'generate_metadata':
             generate_metadata = config.get('generate_metadata')
             if generate_metadata is not None and not isinstance(generate_metadata, bool):
                 msg = _("generate_metadata should be a boolean; got %s instead" % generate_metadata)
                 _LOG.error(msg)
                 return False, msg
         if key == 'checksum_type':
             checksum_type = config.get('checksum_type')
             if checksum_type is not None and not util.is_valid_checksum_type(checksum_type):
                 msg = _("%s is not a valid checksum type" % checksum_type)
                 _LOG.error(msg)
                 return False, msg
         if key == 'skip':
             metadata_types = config.get('skip')
             if metadata_types is not None and not isinstance(metadata_types, list):
                 msg = _("skip should be a dictionary; got %s instead" % metadata_types)
                 _LOG.error(msg)
                 return False, msg
         if key == 'auth_cert':
             auth_pem = config.get('auth_cert').encode('utf-8')
             if auth_pem is not None and not util.validate_cert(auth_pem):
                 msg = _("auth_cert is not a valid certificate")
                 _LOG.error(msg)
                 return False, msg
             auth_cert_bundle['cert'] = auth_pem
         if key == 'auth_ca':
             auth_ca = config.get('auth_ca').encode('utf-8')
             if auth_ca is not None and not util.validate_cert(auth_ca):
                 msg = _("auth_ca is not a valid certificate")
                 _LOG.error(msg)
                 return False, msg
             auth_cert_bundle['ca'] = auth_ca
     # process auth certs
     repo_relative_path = self.get_repo_relative_path(repo, config)
     if repo_relative_path.startswith("/"):
         repo_relative_path = repo_relative_path[1:]
     self.process_repo_auth_certificate_bundle(repo.id, repo_relative_path, auth_cert_bundle)
     # If overriding https publish dir, be sure it exists and we can write to it
     publish_dir = config.get("https_publish_dir")
     if publish_dir:
         if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir):
             msg = _("Value for 'https_publish_dir' is not an existing directory: %(publish_dir)s" % {"publish_dir":publish_dir})
             return False, msg
         if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK):
             msg = _("Unable to read & write to specified 'https_publish_dir': %(publish_dir)s" % {"publish_dir":publish_dir})
             return False, msg
     publish_dir = config.get("http_publish_dir")
     if publish_dir:
         if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir):
             msg = _("Value for 'http_publish_dir' is not an existing directory: %(publish_dir)s" % {"publish_dir":publish_dir})
             return False, msg
         if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK):
             msg = _("Unable to read & write to specified 'http_publish_dir': %(publish_dir)s" % {"publish_dir":publish_dir})
             return False, msg
     rel_url =  config.get("relative_url")
     if rel_url:
         conflict_status, conflict_msg = self.does_rel_url_conflict(rel_url, related_repos)
         if conflict_status:
             _LOG.info(conflict_msg)
             return False, conflict_msg
     return True, None
예제 #9
0
    def validate_config(self, repo, config, related_repos):
        """
        Validate the distributor config. A tuple of status, msg will be returned. Status indicates success or failure
        with True/False values, and in the event of failure, msg will contain an error message.

        :param repo:          The repo that the config is for
        :type  repo:          pulp.server.db.model.repository.Repo
        :param config:        The configuration to be validated
        :type  config:        pulp.server.content.plugins.config.PluginCallConfiguration
        :param related_repos: Repositories that are related to repo
        :type  related_repos: list
        :return:              tuple of status, message
        :rtype:               tuple
        """
        auth_cert_bundle = {}
        for key in REQUIRED_CONFIG_KEYS:
            value = config.get(key)
            if value is None:
                msg = _("Missing required configuration key: %(key)s" % {"key": key})
                _LOG.error(msg)
                return False, msg
            if key == "relative_url":
                relative_path = config.get("relative_url")
                if relative_path is not None:
                    if not isinstance(relative_path, basestring):
                        msg = _("relative_url should be a basestring; got %s instead" % relative_path)
                        _LOG.error(msg)
                        return False, msg
                    if re.match("[^a-zA-Z0-9/_-]+", relative_path):
                        msg = _("relative_url must contain only alphanumerics, underscores, and dashes.")
                        _LOG.error(msg)
                        return False, msg
            if key == "http":
                config_http = config.get("http")
                if config_http is not None and not isinstance(config_http, bool):
                    msg = _("http should be a boolean; got %s instead" % config_http)
                    _LOG.error(msg)
                    return False, msg
            if key == "https":
                config_https = config.get("https")
                if config_https is not None and not isinstance(config_https, bool):
                    msg = _("https should be a boolean; got %s instead" % config_https)
                    _LOG.error(msg)
                    return False, msg
        for key in config.keys():
            if key not in REQUIRED_CONFIG_KEYS and key not in OPTIONAL_CONFIG_KEYS:
                msg = _("Configuration key '%(key)s' is not supported" % {"key": key})
                _LOG.error(msg)
                return False, msg
            if key == "protected":
                protected = config.get("protected")
                if not isinstance(protected, bool):
                    msg = _("protected should be a boolean; got %s instead" % protected)
                    _LOG.error(msg)
                    return False, msg
            if key == "use_createrepo":
                use_createrepo = config.get("use_createrepo")
                if not isinstance(use_createrepo, bool):
                    msg = _("use_createrepo should be a boolean; got %s instead" % use_createrepo)
                    _LOG.error(msg)
                    return False, msg
            if key == "checksum_type":
                checksum_type = config.get("checksum_type")
                if checksum_type is not None and not util.is_valid_checksum_type(checksum_type):
                    msg = _("%s is not a valid checksum type" % checksum_type)
                    _LOG.error(msg)
                    return False, msg
            if key == "skip":
                metadata_types = config.get("skip")
                if not isinstance(metadata_types, list):
                    msg = _("skip should be a dictionary; got %s instead" % metadata_types)
                    _LOG.error(msg)
                    return False, msg
            if key == "auth_cert":
                auth_pem = config.get("auth_cert").encode("utf-8")
                if auth_pem is not None and not util.validate_cert(auth_pem):
                    msg = _("auth_cert is not a valid certificate")
                    _LOG.error(msg)
                    return False, msg
                auth_cert_bundle["cert"] = auth_pem
            if key == "auth_ca":
                auth_ca = config.get("auth_ca").encode("utf-8")
                if auth_ca is not None and not util.validate_cert(auth_ca):
                    msg = _("auth_ca is not a valid certificate")
                    _LOG.error(msg)
                    return False, msg
                auth_cert_bundle["ca"] = auth_ca
        # process auth certs
        repo_relative_path = self.get_repo_relative_path(repo, config)
        if repo_relative_path.startswith("/"):
            repo_relative_path = repo_relative_path[1:]
        self.process_repo_auth_certificate_bundle(repo.id, repo_relative_path, auth_cert_bundle)
        # If overriding https publish dir, be sure it exists and we can write to it
        publish_dir = config.get("https_publish_dir")
        if publish_dir:
            if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir):
                msg = _(
                    "Value for 'https_publish_dir' is not an existing directory: %(publish_dir)s"
                    % {"publish_dir": publish_dir}
                )
                return False, msg
            if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK):
                msg = _(
                    "Unable to read & write to specified 'https_publish_dir': %(publish_dir)s"
                    % {"publish_dir": publish_dir}
                )
                return False, msg
        publish_dir = config.get("http_publish_dir")
        if publish_dir:
            if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir):
                msg = _(
                    "Value for 'http_publish_dir' is not an existing directory: %(publish_dir)s"
                    % {"publish_dir": publish_dir}
                )
                return False, msg
            if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK):
                msg = _(
                    "Unable to read & write to specified 'http_publish_dir': %(publish_dir)s"
                    % {"publish_dir": publish_dir}
                )
                return False, msg
        rel_url = config.get("relative_url")
        if rel_url:
            conflict_status, conflict_msg = self.does_rel_url_conflict(rel_url, related_repos)
            if conflict_status:
                _LOG.info(conflict_msg)
                return False, conflict_msg
        return True, None