def validate_config(self, repo, config, related_repos): _LOG.info("validate_config invoked, config values are: %s" % (config.repo_plugin_config)) for key in REQUIRED_CONFIG_KEYS: value = config.get(key) if value is None: msg = _("Missing required configuration key: %(key)s" % {"key":key}) _LOG.error(msg) return False, msg if key == 'http': config_http = config.get('http') if config_http is not None and not isinstance(config_http, bool): msg = _("http should be a boolean; got %s instead" % config_http) _LOG.error(msg) return False, msg if key == 'https': config_https = config.get('https') if config_https is not None and not isinstance(config_https, bool): msg = _("https should be a boolean; got %s instead" % config_https) _LOG.error(msg) return False, msg for key in config.keys(): if key not in REQUIRED_CONFIG_KEYS and key not in OPTIONAL_CONFIG_KEYS: msg = _("Configuration key '%(key)s' is not supported" % {"key":key}) _LOG.error(msg) return False, msg if key == 'skip': metadata_types = config.get('skip') if metadata_types is not None and not isinstance(metadata_types, list): msg = _("skip should be a dictionary; got %s instead" % metadata_types) _LOG.error(msg) return False, msg if key == 'https_ca': https_ca = config.get('https_ca').encode('utf-8') if https_ca is not None and not util.validate_cert(https_ca): msg = _("https_ca is not a valid certificate") _LOG.error(msg) return False, msg if key == 'iso_prefix': iso_prefix = config.get('iso_prefix') if iso_prefix is not None and (not isinstance(iso_prefix, str) or not iso_util.is_valid_prefix(iso_prefix)): msg = _("iso_prefix is not a valid string; valid supported characters include %s" % iso_util.ISO_NAME_REGEX.pattern) _LOG.error(msg) return False, msg publish_dir = config.get("https_publish_dir") if publish_dir: if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir): msg = _("Value for 'https_publish_dir' is not an existing directory: %(publish_dir)s" % {"publish_dir":publish_dir}) return False, msg if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK): msg = _("Unable to read & write to specified 'https_publish_dir': %(publish_dir)s" % {"publish_dir":publish_dir}) return False, msg publish_dir = config.get("http_publish_dir") if publish_dir: if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir): msg = _("Value for 'http_publish_dir' is not an existing directory: %(publish_dir)s" % {"publish_dir":publish_dir}) return False, msg if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK): msg = _("Unable to read & write to specified 'http_publish_dir': %(publish_dir)s" % {"publish_dir":publish_dir}) return False, msg return True, None
def _validate_certificate(key, cert, error_messages): cert = cert.encode("utf-8") if util.validate_cert(cert): return msg = _("Configuration value for [%(k)s] is not a valid certificate") error_messages.append(msg % {"k": key})
def _validate_certificate(key, cert, error_messages): cert = cert.encode('utf-8') if util.validate_cert(cert): return msg = _('Configuration value for [%(k)s] is not a valid certificate') error_messages.append(msg % {'k': key})
def _validate_ssl_cert(config, setting_name): """ Ensure that the setting_name from config is a valid SSL certificate, if it is given. This setting is not required. :param config: The config to validate :type config: pulp.plugins.config.PluginCallConfiguration :param setting_name: The name of the setting that needs to be validated :type setting_name: str """ ssl_cert = config.get(setting_name) if not ssl_cert: # The cert is not required return if not yum_utils.validate_cert(ssl_cert): msg = _("The SSL certificate <%(s)s> is not a valid certificate.") msg = msg % {"s": setting_name} raise configuration_utils.ValidationError(msg)
def _validate_ssl_cert(config, setting_name): """ Ensure that the setting_name from config is a valid SSL certificate, if it is given. This setting is not required. :param config: The config to validate :type config: pulp.plugins.config.PluginCallConfiguration :param setting_name: The name of the setting that needs to be validated :type setting_name: str """ ssl_cert = config.get(setting_name) if not ssl_cert: # The cert is not required return if not yum_utils.validate_cert(ssl_cert): msg = _("The SSL certificate <%(s)s> is not a valid certificate.") msg = msg % {'s': setting_name} raise configuration_utils.ValidationError(msg)
def validate_config(self, repo, config, related_repos): _LOG.info("validate_config invoked, config values are: %s" % (config.repo_plugin_config)) for key in REQUIRED_CONFIG_KEYS: if key not in config.keys(): msg = _("Missing required configuration key: %(key)s" % {"key":key}) _LOG.error(msg) return False, msg for key in config.keys(): if key not in REQUIRED_CONFIG_KEYS and key not in OPTIONAL_CONFIG_KEYS: msg = _("Configuration key '%(key)s' is not supported" % {"key":key}) _LOG.error(msg) return False, msg if key == 'feed_url': feed_url = config.get('feed_url') if not util.validate_feed(feed_url): msg = _("feed_url [%s] does not start with a valid protocol" % feed_url) _LOG.error(msg) return False, msg if key == 'ssl_verify': ssl_verify = config.get('ssl_verify') if ssl_verify is not None and not isinstance(ssl_verify, bool) : msg = _("ssl_verify should be a boolean; got %s instead" % ssl_verify) _LOG.error(msg) return False, msg if key == 'ssl_ca_cert': ssl_ca_cert = config.get('ssl_ca_cert').encode('utf-8') if ssl_ca_cert is not None: if not util.validate_cert(ssl_ca_cert) : msg = _("ssl_ca_cert is not a valid certificate") _LOG.error(msg) return False, msg # ssl_ca_cert is valid, proceed to store it in our repo.working_dir ssl_ca_cert_filename = os.path.join(repo.working_dir, "ssl_ca_cert") try: try: ssl_ca_cert_file = open(ssl_ca_cert_filename, "w") ssl_ca_cert_file.write(ssl_ca_cert) finally: if ssl_ca_cert_file: ssl_ca_cert_file.close() except Exception, e: msg = _("Unable to write ssl_ca_cert to %s" % ssl_ca_cert_filename) _LOG.error(e) _LOG.error(msg) return False, msg if key == 'ssl_client_cert': ssl_client_cert = config.get('ssl_client_cert').encode('utf-8') if ssl_client_cert is not None: if not util.validate_cert(ssl_client_cert) : msg = _("ssl_client_cert is not a valid certificate") _LOG.error(msg) return False, msg # ssl_client_cert is valid, proceed to store it in our repo.working_dir ssl_client_cert_filename = os.path.join(repo.working_dir, "ssl_client_cert") try: try: ssl_client_cert_file = open(ssl_client_cert_filename, "w") ssl_client_cert_file.write(ssl_client_cert) finally: if ssl_client_cert_file: ssl_client_cert_file.close() except Exception, e: msg = _("Unable to write ssl_client_cert to %s" % ssl_client_cert_filename) _LOG.error(e) _LOG.error(msg) return False, msg
def validate_config(self, repo, config, config_conduit): """ Validate the distributor config. A tuple of status, msg will be returned. Status indicates success or failure with True/False values, and in the event of failure, msg will contain an error message. :param repo: The repo that the config is for :type repo: pulp.server.db.model.repository.Repo :param config: The configuration to be validated :type config: pulp.server.content.plugins.config.PluginCallConfiguration :param config_conduit: Configuration Conduit; :type config_conduit: pulp.plugins.conduits.repo_validate.RepoConfigConduit :return: tuple of status, message :rtype: tuple """ auth_cert_bundle = {} for key in REQUIRED_CONFIG_KEYS: value = config.get(key) if value is None: msg = _("Missing required configuration key: %(key)s" % {"key":key}) _LOG.error(msg) return False, msg if key == 'relative_url': relative_path = config.get('relative_url') if relative_path is not None: if not isinstance(relative_path, basestring): msg = _("relative_url should be a basestring; got %s instead" % relative_path) _LOG.error(msg) return False, msg if re.match('[^a-zA-Z0-9/_-]+', relative_path): msg = _('relative_url must contain only alphanumerics, underscores, and dashes.') _LOG.error(msg) return False, msg if key == 'http': config_http = config.get('http') if config_http is not None and not isinstance(config_http, bool): msg = _("http should be a boolean; got %s instead" % config_http) _LOG.error(msg) return False, msg if key == 'https': config_https = config.get('https') if config_https is not None and not isinstance(config_https, bool): msg = _("https should be a boolean; got %s instead" % config_https) _LOG.error(msg) return False, msg for key in config.keys(): if key not in REQUIRED_CONFIG_KEYS and key not in OPTIONAL_CONFIG_KEYS: msg = _("Configuration key '%(key)s' is not supported" % {"key":key}) _LOG.error(msg) return False, msg if key == 'protected': protected = config.get('protected') if not isinstance(protected, bool): msg = _("protected should be a boolean; got %s instead" % protected) _LOG.error(msg) return False, msg if key == 'use_createrepo': use_createrepo = config.get('use_createrepo') if not isinstance(use_createrepo, bool): msg = _("use_createrepo should be a boolean; got %s instead" % use_createrepo) _LOG.error(msg) return False, msg if key == 'checksum_type': checksum_type = config.get('checksum_type') if checksum_type is not None and not util.is_valid_checksum_type(checksum_type): msg = _("%s is not a valid checksum type" % checksum_type) _LOG.error(msg) return False, msg if key == 'skip': metadata_types = config.get('skip') if not isinstance(metadata_types, list): msg = _("skip should be a dictionary; got %s instead" % metadata_types) _LOG.error(msg) return False, msg if key == 'auth_cert': auth_pem = config.get('auth_cert').encode('utf-8') if auth_pem is not None and not util.validate_cert(auth_pem): msg = _("auth_cert is not a valid certificate") _LOG.error(msg) return False, msg auth_cert_bundle['cert'] = auth_pem if key == 'auth_ca': auth_ca = config.get('auth_ca').encode('utf-8') if auth_ca is not None and not util.validate_cert(auth_ca): msg = _("auth_ca is not a valid certificate") _LOG.error(msg) return False, msg auth_cert_bundle['ca'] = auth_ca # process auth certs repo_relative_path = self.get_repo_relative_path(repo, config) if repo_relative_path.startswith("/"): repo_relative_path = repo_relative_path[1:] self.process_repo_auth_certificate_bundle(repo.id, repo_relative_path, auth_cert_bundle) # If overriding https publish dir, be sure it exists and we can write to it publish_dir = config.get("https_publish_dir") if publish_dir: if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir): msg = _("Value for 'https_publish_dir' is not an existing directory: %(publish_dir)s" % {"publish_dir":publish_dir}) return False, msg if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK): msg = _("Unable to read & write to specified 'https_publish_dir': %(publish_dir)s" % {"publish_dir":publish_dir}) return False, msg publish_dir = config.get("http_publish_dir") if publish_dir: if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir): msg = _("Value for 'http_publish_dir' is not an existing directory: %(publish_dir)s" % {"publish_dir":publish_dir}) return False, msg if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK): msg = _("Unable to read & write to specified 'http_publish_dir': %(publish_dir)s" % {"publish_dir":publish_dir}) return False, msg conflict_items = config_conduit.get_repo_distributors_by_relative_url(repo_relative_path, repo.id) if conflict_items.count() > 0: item = next(conflict_items) conflicting_url = item["repo_id"] if item['config']["relative_url"] is not None: conflicting_url = item['config']["relative_url"] conflict_msg = _("Relative url '%(rel_url)s' conflicts with existing relative_url of '%(conflict_rel_url)s' from repo '%(conflict_repo_id)s'" \ % {"rel_url": repo_relative_path, "conflict_rel_url": conflicting_url, "conflict_repo_id": item["repo_id"]}) _LOG.info(conflict_msg) return False, conflict_msg return True, None
def validate_config(self, repo, config, related_repos): _LOG.info("validate_config invoked, config values are: %s" % (config.repo_plugin_config)) auth_cert_bundle = {} for key in REQUIRED_CONFIG_KEYS: value = config.get(key) if value is None: msg = _("Missing required configuration key: %(key)s" % {"key":key}) _LOG.error(msg) return False, msg if key == 'relative_url': relative_path = config.get('relative_url') if relative_path is not None and not isinstance(relative_path, basestring): msg = _("relative_url should be a basestring; got %s instead" % relative_path) _LOG.error(msg) return False, msg if key == 'http': config_http = config.get('http') if config_http is not None and not isinstance(config_http, bool): msg = _("http should be a boolean; got %s instead" % config_http) _LOG.error(msg) return False, msg if key == 'https': config_https = config.get('https') if config_https is not None and not isinstance(config_https, bool): msg = _("https should be a boolean; got %s instead" % config_https) _LOG.error(msg) return False, msg for key in config.keys(): if key not in REQUIRED_CONFIG_KEYS and key not in OPTIONAL_CONFIG_KEYS: msg = _("Configuration key '%(key)s' is not supported" % {"key":key}) _LOG.error(msg) return False, msg if key == 'protected': protected = config.get('protected') if protected is not None and not isinstance(protected, bool): msg = _("protected should be a boolean; got %s instead" % protected) _LOG.error(msg) return False, msg if key == 'generate_metadata': generate_metadata = config.get('generate_metadata') if generate_metadata is not None and not isinstance(generate_metadata, bool): msg = _("generate_metadata should be a boolean; got %s instead" % generate_metadata) _LOG.error(msg) return False, msg if key == 'checksum_type': checksum_type = config.get('checksum_type') if checksum_type is not None and not util.is_valid_checksum_type(checksum_type): msg = _("%s is not a valid checksum type" % checksum_type) _LOG.error(msg) return False, msg if key == 'skip': metadata_types = config.get('skip') if metadata_types is not None and not isinstance(metadata_types, list): msg = _("skip should be a dictionary; got %s instead" % metadata_types) _LOG.error(msg) return False, msg if key == 'auth_cert': auth_pem = config.get('auth_cert').encode('utf-8') if auth_pem is not None and not util.validate_cert(auth_pem): msg = _("auth_cert is not a valid certificate") _LOG.error(msg) return False, msg auth_cert_bundle['cert'] = auth_pem if key == 'auth_ca': auth_ca = config.get('auth_ca').encode('utf-8') if auth_ca is not None and not util.validate_cert(auth_ca): msg = _("auth_ca is not a valid certificate") _LOG.error(msg) return False, msg auth_cert_bundle['ca'] = auth_ca # process auth certs repo_relative_path = self.get_repo_relative_path(repo, config) if repo_relative_path.startswith("/"): repo_relative_path = repo_relative_path[1:] self.process_repo_auth_certificate_bundle(repo.id, repo_relative_path, auth_cert_bundle) # If overriding https publish dir, be sure it exists and we can write to it publish_dir = config.get("https_publish_dir") if publish_dir: if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir): msg = _("Value for 'https_publish_dir' is not an existing directory: %(publish_dir)s" % {"publish_dir":publish_dir}) return False, msg if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK): msg = _("Unable to read & write to specified 'https_publish_dir': %(publish_dir)s" % {"publish_dir":publish_dir}) return False, msg publish_dir = config.get("http_publish_dir") if publish_dir: if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir): msg = _("Value for 'http_publish_dir' is not an existing directory: %(publish_dir)s" % {"publish_dir":publish_dir}) return False, msg if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK): msg = _("Unable to read & write to specified 'http_publish_dir': %(publish_dir)s" % {"publish_dir":publish_dir}) return False, msg rel_url = config.get("relative_url") if rel_url: conflict_status, conflict_msg = self.does_rel_url_conflict(rel_url, related_repos) if conflict_status: _LOG.info(conflict_msg) return False, conflict_msg return True, None
def validate_config(self, repo, config, related_repos): """ Validate the distributor config. A tuple of status, msg will be returned. Status indicates success or failure with True/False values, and in the event of failure, msg will contain an error message. :param repo: The repo that the config is for :type repo: pulp.server.db.model.repository.Repo :param config: The configuration to be validated :type config: pulp.server.content.plugins.config.PluginCallConfiguration :param related_repos: Repositories that are related to repo :type related_repos: list :return: tuple of status, message :rtype: tuple """ auth_cert_bundle = {} for key in REQUIRED_CONFIG_KEYS: value = config.get(key) if value is None: msg = _("Missing required configuration key: %(key)s" % {"key": key}) _LOG.error(msg) return False, msg if key == "relative_url": relative_path = config.get("relative_url") if relative_path is not None: if not isinstance(relative_path, basestring): msg = _("relative_url should be a basestring; got %s instead" % relative_path) _LOG.error(msg) return False, msg if re.match("[^a-zA-Z0-9/_-]+", relative_path): msg = _("relative_url must contain only alphanumerics, underscores, and dashes.") _LOG.error(msg) return False, msg if key == "http": config_http = config.get("http") if config_http is not None and not isinstance(config_http, bool): msg = _("http should be a boolean; got %s instead" % config_http) _LOG.error(msg) return False, msg if key == "https": config_https = config.get("https") if config_https is not None and not isinstance(config_https, bool): msg = _("https should be a boolean; got %s instead" % config_https) _LOG.error(msg) return False, msg for key in config.keys(): if key not in REQUIRED_CONFIG_KEYS and key not in OPTIONAL_CONFIG_KEYS: msg = _("Configuration key '%(key)s' is not supported" % {"key": key}) _LOG.error(msg) return False, msg if key == "protected": protected = config.get("protected") if not isinstance(protected, bool): msg = _("protected should be a boolean; got %s instead" % protected) _LOG.error(msg) return False, msg if key == "use_createrepo": use_createrepo = config.get("use_createrepo") if not isinstance(use_createrepo, bool): msg = _("use_createrepo should be a boolean; got %s instead" % use_createrepo) _LOG.error(msg) return False, msg if key == "checksum_type": checksum_type = config.get("checksum_type") if checksum_type is not None and not util.is_valid_checksum_type(checksum_type): msg = _("%s is not a valid checksum type" % checksum_type) _LOG.error(msg) return False, msg if key == "skip": metadata_types = config.get("skip") if not isinstance(metadata_types, list): msg = _("skip should be a dictionary; got %s instead" % metadata_types) _LOG.error(msg) return False, msg if key == "auth_cert": auth_pem = config.get("auth_cert").encode("utf-8") if auth_pem is not None and not util.validate_cert(auth_pem): msg = _("auth_cert is not a valid certificate") _LOG.error(msg) return False, msg auth_cert_bundle["cert"] = auth_pem if key == "auth_ca": auth_ca = config.get("auth_ca").encode("utf-8") if auth_ca is not None and not util.validate_cert(auth_ca): msg = _("auth_ca is not a valid certificate") _LOG.error(msg) return False, msg auth_cert_bundle["ca"] = auth_ca # process auth certs repo_relative_path = self.get_repo_relative_path(repo, config) if repo_relative_path.startswith("/"): repo_relative_path = repo_relative_path[1:] self.process_repo_auth_certificate_bundle(repo.id, repo_relative_path, auth_cert_bundle) # If overriding https publish dir, be sure it exists and we can write to it publish_dir = config.get("https_publish_dir") if publish_dir: if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir): msg = _( "Value for 'https_publish_dir' is not an existing directory: %(publish_dir)s" % {"publish_dir": publish_dir} ) return False, msg if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK): msg = _( "Unable to read & write to specified 'https_publish_dir': %(publish_dir)s" % {"publish_dir": publish_dir} ) return False, msg publish_dir = config.get("http_publish_dir") if publish_dir: if not os.path.exists(publish_dir) or not os.path.isdir(publish_dir): msg = _( "Value for 'http_publish_dir' is not an existing directory: %(publish_dir)s" % {"publish_dir": publish_dir} ) return False, msg if not os.access(publish_dir, os.R_OK) or not os.access(publish_dir, os.W_OK): msg = _( "Unable to read & write to specified 'http_publish_dir': %(publish_dir)s" % {"publish_dir": publish_dir} ) return False, msg rel_url = config.get("relative_url") if rel_url: conflict_status, conflict_msg = self.does_rel_url_conflict(rel_url, related_repos) if conflict_status: _LOG.info(conflict_msg) return False, conflict_msg return True, None