Commit c6c33fb2 authored by Łukasz Nowak's avatar Łukasz Nowak Committed by Łukasz Nowak

caddy-frontend: Use validators to validate slave's custom_domain

Install validators dependency, which is a way to easily check if email is an
email or domain is correct.

As slave requester is able to enter any string in custom domain validate it
against being correct domain name and in case if validation fails reject that
slave.
parent 8d868048
......@@ -14,7 +14,7 @@
# not need these here).
[template]
filename = instance.cfg.in
md5sum = 8bdb588d33bf5cd059495a5c3e6dd049
md5sum = ae392fdf6e874ac12ee7e490f6fc1faa
[template-common]
filename = instance-common.cfg.in
......@@ -26,7 +26,7 @@ md5sum = 750e2b1c922bf14511a3bc8a42468b1b
[template-apache-replicate]
filename = instance-apache-replicate.cfg.in
md5sum = 1cf98844e5daf75a74514dbb292d6506
md5sum = 2f370174b18f27db5c0f9daf83df8104
[template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in
......@@ -106,7 +106,7 @@ md5sum = 455f8765a3afd39fb78562fb9e326c42
[caddyprofiledeps-setup]
filename = setup.py
md5sum = a81c679f9ce3c9c905b10de9203aad61
md5sum = d9b6476bb0b36cf463fddb00d41dfbaa
[caddyprofiledeps-dummy]
filename = caddyprofiledummy.py
......
......@@ -80,6 +80,11 @@ context =
{% set slave_ok = False %}
{% endif %}
{% endif %}
{% if slave.get('custom_domain') %}
{% if not validators.domain(slave['custom_domain']) %}
{% set slave_ok = False %}
{% endif %}
{% endif %}
{% if slave_ok %}
{% do authorized_slave_list.append(slave) %}
{% else %}
......
......@@ -5,6 +5,9 @@ parts =
dynamic-template-caddy-replicate
switch-softwaretype
[caddyprofiledeps]
recipe = caddyprofiledeps
[jinja2-template-base]
recipe = slapos.recipe.template:jinja2
rendered = ${buildout:directory}/${:filename}
......@@ -41,11 +44,13 @@ extra-context =
[dynamic-template-caddy-replicate]
< = jinja2-template-base
depends = ${caddyprofiledeps:recipe}
template = {{ template_caddy_replicate }}
filename = instance-caddy-replicate.cfg
extensions = jinja2.ext.do
extra-context =
import subprocess_module subprocess
import validators validators
raw caddy_backend_url_validator {{ caddy_backend_url_validator }}
raw template_publish_slave_information {{ template_replicate_publish_slave_information }}
# Must match the key id in [switch-softwaretype] which uses this section.
......
......@@ -6,6 +6,7 @@ from setuptools import setup
setup(
name='caddyprofiledeps',
install_requires=[
'validators',
],
entry_points={
'zc.buildout': [
......
......@@ -2,6 +2,7 @@
extends = common.cfg
[versions]
validators = 0.12.2
PyRSS2Gen = 1.1
apache-libcloud = 0.19.0
cns.recipe.symlink = 0.2.3
......
......@@ -3036,8 +3036,28 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
're6st-optimal-test':
'new\nline;rm -fr ~;,new\line\n[s${esection:eoption}',
},
'custom_domain-unsafe': {
'custom_domain': '${section:option} afterspace\nafternewline',
},
}
def test_master_partition_state(self):
parameter_dict = self.computer_partition.getConnectionParameterDict()
self.assertKeyWithPop('monitor-setup-url', parameter_dict)
expected_parameter_dict = {
'monitor-base-url': None,
'domain': 'example.com',
'accepted-slave-amount': '2',
'rejected-slave-amount': '1',
'slave-amount': '3',
'rejected-slave-list': '["_custom_domain-unsafe"]'}
self.assertEqual(
expected_parameter_dict,
parameter_dict
)
def test_re6st_optimal_test_unsafe(self):
parameter_dict = self.slave_connection_parameter_dict_dict[
're6st-optimal-test-unsafe']
......@@ -3117,3 +3137,11 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
[],
monitor_file_list
)
def test_custom_domain_unsafe(self):
parameter_dict = self.slave_connection_parameter_dict_dict[
'custom_domain-unsafe']
self.assertEqual(
parameter_dict,
{}
)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment