Search in sources :

Example 1 with ConfigProblemSetBuilder

use of com.netflix.spinnaker.halyard.config.problem.v1.ConfigProblemSetBuilder in project halyard by spinnaker.

the class GoogleProviderUtils method getCompute.

static Compute getCompute(AccountDeploymentDetails<GoogleAccount> details) {
    ConfigProblemSetBuilder problemSetBuilder = new ConfigProblemSetBuilder(null);
    GoogleNamedAccountCredentials credentials = details.getAccount().getNamedAccountCredentials("", problemSetBuilder);
    if (credentials == null) {
        throw new HalException(problemSetBuilder.build().getProblems());
    }
    return credentials.getCompute();
}
Also used : ConfigProblemSetBuilder(com.netflix.spinnaker.halyard.config.problem.v1.ConfigProblemSetBuilder) HalException(com.netflix.spinnaker.halyard.core.error.v1.HalException) GoogleNamedAccountCredentials(com.netflix.spinnaker.clouddriver.google.security.GoogleNamedAccountCredentials)

Example 2 with ConfigProblemSetBuilder

use of com.netflix.spinnaker.halyard.config.problem.v1.ConfigProblemSetBuilder in project halyard by spinnaker.

the class ValidateService method validateMatchingFilter.

ProblemSet validateMatchingFilter(NodeFilter filter) {
    DaemonTaskHandler.newStage("Running validation");
    Halconfig halconfig = parser.getHalconfig();
    ConfigProblemSetBuilder psBuilder = new ConfigProblemSetBuilder(applicationContext);
    recursiveValidate(psBuilder, halconfig, filter);
    return psBuilder.build();
}
Also used : ConfigProblemSetBuilder(com.netflix.spinnaker.halyard.config.problem.v1.ConfigProblemSetBuilder) Halconfig(com.netflix.spinnaker.halyard.config.model.v1.node.Halconfig)

Example 3 with ConfigProblemSetBuilder

use of com.netflix.spinnaker.halyard.config.problem.v1.ConfigProblemSetBuilder in project halyard by spinnaker.

the class OpenstackAccountValidator method validate.

@Override
public void validate(ConfigProblemSetBuilder psBuilder, OpenstackAccount account) {
    DaemonTaskHandler.message("Validating " + account.getNodeName() + " with " + OpenstackAccountValidator.class.getSimpleName());
    String environment = account.getEnvironment();
    String accountType = account.getAccountType();
    String username = account.getUsername();
    String password = account.getPassword();
    String projectName = account.getPassword();
    String domainName = account.getDomainName();
    String authUrl = account.getAuthUrl();
    List<String> regions = account.getRegions();
    Boolean insecure = account.getInsecure();
    String heatTemplateLocation = account.getHeatTemplateLocation();
    OpenstackAccount.OpenstackLbaasOptions lbaas = account.getLbaas();
    ConsulConfig consulConfig = new ConsulConfig();
    String userDataFile = account.getUserDataFile();
    if (StringUtils.isEmpty(environment)) {
        psBuilder.addProblem(Problem.Severity.ERROR, "You must provide an environment name");
    }
    if (StringUtils.isEmpty(password) || StringUtils.isEmpty(username)) {
        psBuilder.addProblem(Problem.Severity.ERROR, "You must provide a both a username and a password");
    }
    if (StringUtils.isEmpty(projectName)) {
        psBuilder.addProblem(Problem.Severity.ERROR, "You must provide a project name");
    }
    if (!StringUtils.endsWith(authUrl, "/v3")) {
        psBuilder.addProblem(Problem.Severity.WARNING, "You must use Keystone v3. The default auth url will be of the format IP:5000/v3.");
    }
    if (StringUtils.isEmpty(domainName)) {
        psBuilder.addProblem(Problem.Severity.ERROR, "You must provide a domain name");
    }
    if (regions.size() == 0 || StringUtils.isEmpty(regions.get(0))) {
        psBuilder.addProblem(Problem.Severity.ERROR, "You must provide one region");
    }
    if (insecure) {
        psBuilder.addProblem(Problem.Severity.WARNING, "You've chosen to not validate SSL connections. This setup is not recommended in production deployments.");
    }
    if (heatTemplateLocation != null && heatTemplateLocation.isEmpty()) {
        psBuilder.addProblem(Problem.Severity.ERROR, "Not a valid Heat template location: ''");
    }
    if (lbaas.getPollInterval() < 0) {
        psBuilder.addProblem(Problem.Severity.ERROR, "Poll interval cannot be less than 0.").setRemediation("Update this value to be reasonable. Default is 5.");
    }
    if (lbaas.getPollTimeout() < 0) {
        psBuilder.addProblem(Problem.Severity.ERROR, "Poll timeout cannot be less than 0.").setRemediation("Update this value to be reasonable. Default is 60.");
    }
    boolean userDataProvided = userDataFile != null && !userDataFile.isEmpty();
    if (userDataProvided) {
        String resolvedUserData = ValidatingFileReader.contents(psBuilder, userDataFile);
        if (resolvedUserData == null) {
            return;
        } else if (resolvedUserData.isEmpty()) {
            psBuilder.addProblem(Problem.Severity.WARNING, "The supplied user data file is empty.").setRemediation("Please provide a non empty file, or remove the user data file.");
        }
        List<String> validTokens = Arrays.asList("account", "accounttype", "env", "region", "group", "autogrp", "cluster", "stack", "detail", "launchconfig");
        List<String> tokens = Arrays.asList(StringUtils.substringsBetween(resolvedUserData, "%%", "%%"));
        List<String> invalidTokens = tokens.stream().filter(t -> !validTokens.contains(t)).collect(Collectors.toList());
        if (invalidTokens.size() != 0) {
            psBuilder.addProblem(Problem.Severity.WARNING, "The supplied user data file contains tokens that won't be replaced. " + "Tokens \"" + StringUtils.join(invalidTokens, ", ") + "\" are not supported.").setRemediation("Please use only the supported tokens \"" + StringUtils.join(validTokens, ", ") + "\".");
        }
    }
    OpenstackConfigurationProperties.LbaasConfig lbaasConfig = new OpenstackConfigurationProperties.LbaasConfig();
    lbaasConfig.setPollInterval(lbaas.getPollInterval());
    lbaasConfig.setPollTimeout(lbaas.getPollTimeout());
    try {
        OpenstackNamedAccountCredentials openstackCredentials = new OpenstackNamedAccountCredentials.Builder().name(account.getName()).environment(environment).accountType(accountType).authUrl(authUrl).username(username).password(password).projectName(projectName).domainName(domainName).regions(regions).insecure(insecure).heatTemplateLocation(heatTemplateLocation).consulConfig(consulConfig).lbaasConfig(lbaasConfig).userDataFile(userDataFile).build();
        credentialsList.add(openstackCredentials);
    // TODO(emjburns) verify that these credentials can connect w/o error to the openstack instance
    } catch (Exception e) {
        psBuilder.addProblem(Problem.Severity.ERROR, "Failed to instantiate openstack credentials for account \"" + account.getName() + "\".");
    }
}
Also used : OpenstackNamedAccountCredentials(com.netflix.spinnaker.clouddriver.openstack.security.OpenstackNamedAccountCredentials) Arrays(java.util.Arrays) OpenstackConfigurationProperties(com.netflix.spinnaker.clouddriver.openstack.config.OpenstackConfigurationProperties) OpenstackAccount(com.netflix.spinnaker.halyard.config.model.v1.providers.openstack.OpenstackAccount) EqualsAndHashCode(lombok.EqualsAndHashCode) ConfigProblemSetBuilder(com.netflix.spinnaker.halyard.config.problem.v1.ConfigProblemSetBuilder) StringUtils(org.apache.commons.lang3.StringUtils) Collectors(java.util.stream.Collectors) DaemonTaskHandler(com.netflix.spinnaker.halyard.core.tasks.v1.DaemonTaskHandler) ConsulConfig(com.netflix.spinnaker.clouddriver.consul.config.ConsulConfig) List(java.util.List) Validator(com.netflix.spinnaker.halyard.config.model.v1.node.Validator) Data(lombok.Data) Problem(com.netflix.spinnaker.halyard.core.problem.v1.Problem) ValidatingFileReader(com.netflix.spinnaker.halyard.config.validate.v1.util.ValidatingFileReader) ConsulConfig(com.netflix.spinnaker.clouddriver.consul.config.ConsulConfig) OpenstackConfigurationProperties(com.netflix.spinnaker.clouddriver.openstack.config.OpenstackConfigurationProperties) OpenstackNamedAccountCredentials(com.netflix.spinnaker.clouddriver.openstack.security.OpenstackNamedAccountCredentials) OpenstackAccount(com.netflix.spinnaker.halyard.config.model.v1.providers.openstack.OpenstackAccount)

Example 4 with ConfigProblemSetBuilder

use of com.netflix.spinnaker.halyard.config.problem.v1.ConfigProblemSetBuilder in project halyard by spinnaker.

the class Node method fieldOptions.

@JsonIgnore
public List<String> fieldOptions(ConfigProblemSetBuilder problemSetBuilder, String fieldName) {
    if (fieldName == null || fieldName.isEmpty()) {
        throw new IllegalArgumentException("Input fieldName may not be empty");
    }
    log.info("Looking for options for field " + fieldName + " in node " + getNodeName() + " for type " + getClass().getSimpleName());
    String fieldOptions = fieldName + "Options";
    Method optionsMethod = null;
    try {
        optionsMethod = this.getClass().getDeclaredMethod(fieldOptions, ConfigProblemSetBuilder.class);
        optionsMethod.setAccessible(true);
        return (List<String>) optionsMethod.invoke(this, problemSetBuilder);
    } catch (IllegalAccessException | InvocationTargetException e) {
        log.warn("Failed to call " + fieldOptions + "() on " + this.getClass().getSimpleName());
        throw new RuntimeException(e);
    } catch (NoSuchMethodException e) {
        // It's expected that many fields won't supply options endpoints.
        return new ArrayList<>();
    } finally {
        if (optionsMethod != null) {
            optionsMethod.setAccessible(false);
        }
    }
}
Also used : ConfigProblemSetBuilder(com.netflix.spinnaker.halyard.config.problem.v1.ConfigProblemSetBuilder) ArrayList(java.util.ArrayList) List(java.util.List) Method(java.lang.reflect.Method) InvocationTargetException(java.lang.reflect.InvocationTargetException) JsonIgnore(com.fasterxml.jackson.annotation.JsonIgnore)

Example 5 with ConfigProblemSetBuilder

use of com.netflix.spinnaker.halyard.config.problem.v1.ConfigProblemSetBuilder in project halyard by spinnaker.

the class DockerRegistryAccountValidator method validate.

@Override
public void validate(ConfigProblemSetBuilder p, DockerRegistryAccount n) {
    String resolvedPassword = null;
    String password = n.getPassword();
    String passwordFile = n.getPasswordFile();
    String username = n.getUsername();
    boolean passwordProvided = password != null && !password.isEmpty();
    boolean passwordFileProvided = passwordFile != null && !passwordFile.isEmpty();
    if (passwordProvided && passwordFileProvided) {
        p.addProblem(Severity.ERROR, "You have provided both a password and a password file for your docker registry. You can specify at most one.");
        return;
    }
    if (passwordProvided) {
        resolvedPassword = password;
    } else if (passwordFileProvided) {
        resolvedPassword = ValidatingFileReader.contents(p, passwordFile);
        if (resolvedPassword == null) {
            return;
        }
        if (resolvedPassword.isEmpty()) {
            p.addProblem(Severity.WARNING, "The supplied password file is empty.");
        }
    } else {
        resolvedPassword = "";
    }
    if (!resolvedPassword.isEmpty()) {
        if (username == null || username.isEmpty()) {
            p.addProblem(Severity.WARNING, "You have supplied a password but no username.");
        }
    } else {
        if (username != null && !username.isEmpty()) {
            p.addProblem(Severity.WARNING, "You have a supplied a username but no password.");
        }
    }
    DockerRegistryNamedAccountCredentials credentials;
    try {
        credentials = (new DockerRegistryNamedAccountCredentials.Builder()).accountName(n.getName()).address(n.getAddress()).email(n.getEmail()).password(n.getPassword()).passwordFile(n.getPasswordFile()).dockerconfigFile(n.getDockerconfigFile()).username(n.getUsername()).clientTimeoutMillis(n.getClientTimeoutMillis()).cacheThreads(n.getCacheThreads()).paginateSize(n.getPaginateSize()).sortTagsByDate(n.getSortTagsByDate()).trackDigests(n.getTrackDigests()).insecureRegistry(n.getInsecureRegistry()).build();
    } catch (Exception e) {
        p.addProblem(Severity.ERROR, "Failed to instantiate docker credentials for account \"" + n.getName() + "\".");
        return;
    }
    ConfigProblemBuilder authFailureProblem = null;
    if (n.getRepositories() == null || n.getRepositories().size() == 0) {
        try {
            DockerRegistryCatalog catalog = credentials.getCredentials().getClient().getCatalog();
            if (catalog.getRepositories() == null || catalog.getRepositories().size() == 0) {
                p.addProblem(Severity.WARNING, "Your docker registry has no repositories specified, and the registry's catalog is empty. Spinnaker will not be able to deploy any images until some are pushed to this registry.").setRemediation("Manually specify some repositories for this docker registry to index.");
            }
        } catch (Exception e) {
            if (n.getAddress().endsWith("gcr.io")) {
                p.addProblem(Severity.ERROR, "The GCR service requires the Resource Manager API to be enabled for the catalog endpoint to work.").setRemediation("Visit https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview to enable the API.");
            }
            authFailureProblem = p.addProblem(Severity.ERROR, "Unable to connect the registries catalog endpoint: " + e.getMessage() + ".");
        }
    } else {
        try {
            // effectively final
            int[] tagCount = new int[1];
            tagCount[0] = 0;
            n.getRepositories().forEach(r -> tagCount[0] += credentials.getCredentials().getClient().getTags(r).getTags().size());
            if (tagCount[0] == 0) {
                p.addProblem(Severity.WARNING, "None of your supplied repositories contain any tags. Spinnaker will not be able to deploy anything.").setRemediation("Push some images to your registry.");
            }
        } catch (Exception e) {
            authFailureProblem = p.addProblem(Severity.ERROR, "Unable to reach repository: " + e.getMessage() + ".");
        }
    }
    if (authFailureProblem != null && !StringUtils.isEmpty(resolvedPassword)) {
        String message = "Your registry password has %s whitespace; if this is unintentional, this may be the cause of failed authentication.";
        if (Character.isWhitespace(resolvedPassword.charAt(0))) {
            authFailureProblem.setRemediation(String.format(message, "leading"));
        }
        char c = resolvedPassword.charAt(resolvedPassword.length() - 1);
        if (Character.isWhitespace(c)) {
            authFailureProblem.setRemediation(String.format(message, "trailing"));
            if (passwordFileProvided && c == '\n')
                authFailureProblem.setRemediation("Your password file has a trailing newline; many text editors append a newline to files they open." + " If you think this is causing authentication issues, you can strip the newline with the command:\n\n" + " tr -d '\\n' < PASSWORD_FILE | tee PASSWORD_FILE");
        }
    }
}
Also used : ConfigProblemBuilder(com.netflix.spinnaker.halyard.config.problem.v1.ConfigProblemBuilder) ConfigProblemBuilder(com.netflix.spinnaker.halyard.config.problem.v1.ConfigProblemBuilder) ConfigProblemSetBuilder(com.netflix.spinnaker.halyard.config.problem.v1.ConfigProblemSetBuilder) DockerRegistryCatalog(com.netflix.spinnaker.clouddriver.docker.registry.api.v2.client.DockerRegistryCatalog) DockerRegistryNamedAccountCredentials(com.netflix.spinnaker.clouddriver.docker.registry.security.DockerRegistryNamedAccountCredentials)

Aggregations

ConfigProblemSetBuilder (com.netflix.spinnaker.halyard.config.problem.v1.ConfigProblemSetBuilder)11 List (java.util.List)6 Validator (com.netflix.spinnaker.halyard.config.model.v1.node.Validator)5 Component (org.springframework.stereotype.Component)4 DeploymentConfiguration (com.netflix.spinnaker.halyard.config.model.v1.node.DeploymentConfiguration)3 Node (com.netflix.spinnaker.halyard.config.model.v1.node.Node)3 ConfigProblemBuilder (com.netflix.spinnaker.halyard.config.problem.v1.ConfigProblemBuilder)3 ValidatingFileReader (com.netflix.spinnaker.halyard.config.validate.v1.util.ValidatingFileReader)3 Problem (com.netflix.spinnaker.halyard.core.problem.v1.Problem)3 Collectors (java.util.stream.Collectors)3 Data (lombok.Data)3 StringUtils (org.apache.commons.lang3.StringUtils)3 GoogleNamedAccountCredentials (com.netflix.spinnaker.clouddriver.google.security.GoogleNamedAccountCredentials)2 Provider (com.netflix.spinnaker.halyard.config.model.v1.node.Provider)2 DockerRegistryReference (com.netflix.spinnaker.halyard.config.model.v1.providers.containers.DockerRegistryReference)2 DockerRegistryReferenceValidation.validateDockerRegistries (com.netflix.spinnaker.halyard.config.validate.v1.providers.dockerRegistry.DockerRegistryReferenceValidation.validateDockerRegistries)2 ERROR (com.netflix.spinnaker.halyard.core.problem.v1.Problem.Severity.ERROR)2 WARNING (com.netflix.spinnaker.halyard.core.problem.v1.Problem.Severity.WARNING)2 File (java.io.File)2 IOException (java.io.IOException)2