Compare commits

..

1 commit

Author SHA1 Message Date
8555c8a0f9 Add endpoint for validation 2020-11-05 20:55:22 +01:00
7 changed files with 35 additions and 278 deletions

View file

@ -8,7 +8,7 @@ COPY . /git/
RUN find . -type d -name .git -exec git describe --always --dirty > /git-version.txt \; RUN find . -type d -name .git -exec git describe --always --dirty > /git-version.txt \;
FROM python:3.13 FROM python:3.8
EXPOSE 8080 EXPOSE 8080

View file

@ -200,84 +200,36 @@ paths:
'404': '404':
$ref: '#/components/responses/NotFound' $ref: '#/components/responses/NotFound'
/document/{id}/{type}: /validate:
parameters: parameters:
- in: path
name: id
required: true
schema:
type: string
description: Entity ID
- in: path
name: type
required: true
schema:
type: string
enum: [application, sepa]
description: Type of document to upload
- in: header - in: header
name: Authentication name: Authentication
schema: schema:
type: string type: string
description: Authentication token description: Authentication token
post: post:
summary: Upload a PDF document for a member summary: Validate an entity
description: Note that the entry must be updated with the URI obtained from this call
tags: tags:
- document - entities
requestBody: requestBody:
description: The document
content: content:
'application/pdf': application/json:
schema: schema:
type: string type: object
format: binary description: Entity JSON
responses:
'201':
description: File has been stored ("created") locally, returns the URI for downloading the file
content:
text/plain:
schema:
type: string
format: uri
'303':
description: The file is already in storage, returns the URI for downloading the file
content:
text/plain:
schema:
type: string
format: uri
'401':
$ref: '#/components/responses/AuthenticationRequired'
'403':
$ref: '#/components/responses/NotAllowed'
'405':
$ref: '#/components/responses/InvalidInput'
'500':
$ref: '#/components/responses/InternalError'
get:
summary: Get a PDF document for a member
tags:
- document
responses: responses:
'200': '200':
description: Returns PDF data description: Validation result
content: content:
'application/pdf': application/json:
schema: schema:
type: string $ref: '#/components/schemas/validation'
format: binary '400':
'404': $ref: '#/components/responses/InvalidInput'
$ref: '#/components/responses/NotFound'
'401': '401':
$ref: '#/components/responses/AuthenticationRequired' $ref: '#/components/responses/AuthenticationRequired'
'403': '403':
$ref: '#/components/responses/NotAllowed' $ref: '#/components/responses/NotAllowed'
'405':
$ref: '#/components/responses/InvalidInput'
'500':
$ref: '#/components/responses/InternalError'
components: components:
schemas: schemas:
health: health:
@ -293,6 +245,20 @@ components:
uptime: uptime:
type: string type: string
example: ISO8601 conforming timespan example: ISO8601 conforming timespan
validation:
type: object
properties:
valid:
type: boolean
findings:
type: array
items:
type: object
properties:
field:
type: string
message:
type: string
responses: responses:
AuthenticationRequired: AuthenticationRequired:
description: Authentication is required (401) description: Authentication is required (401)
@ -314,3 +280,4 @@ components:
schema: schema:
type: string type: string
example: error message example: error message

View file

@ -9,7 +9,4 @@ Query and manipulate the Netz39 entities database.
The service is configured via the following environment variables: The service is configured via the following environment variables:
* `PORT`: Service port. defaults to 8080 * `PORT`: Service port. defaults to 8080
* `AUTH`: Authentication tokens, defaults to None. Example Configuration : `AUTH={"token_1": "user_1", "token_2": "user_2"}` * `AUTH`: Authentication tokens, defaults to None. Example Configuration : `AUTH={"token_1": "user_1", "token_2": "user_2"}`
* `GIT_ORIGIN`: URL for the origin Git repository, including the user name
* `GIT_PASSWORD`: The git password for the user encoded in the origin URL
* `GIT_PULL_INTV`: Time interval between automated pull operations (default: 30s)
* `GIT_WC_PATH`: Set a path for the working copy. Will create a temporary checkout if not provided.

23
app.py
View file

@ -12,7 +12,6 @@ import json
import util import util
from auth import AuthProvider from auth import AuthProvider
from gitmgr import GitManagerConfiguration, GitManager
startup_timestamp = datetime.now() startup_timestamp = datetime.now()
@ -20,9 +19,8 @@ startup_timestamp = datetime.now()
class HealthHandler(tornado.web.RequestHandler, metaclass=ABCMeta): class HealthHandler(tornado.web.RequestHandler, metaclass=ABCMeta):
# noinspection PyAttributeOutsideInit # noinspection PyAttributeOutsideInit
def initialize(self, sources=None): def initialize(self):
self.git_version = self._load_git_version() self.git_version = self._load_git_version()
self.sources = sources
@staticmethod @staticmethod
def _load_git_version(): def _load_git_version():
@ -54,12 +52,6 @@ class HealthHandler(tornado.web.RequestHandler, metaclass=ABCMeta):
health['timestamp'] = isodate.datetime_isoformat(datetime.now()) health['timestamp'] = isodate.datetime_isoformat(datetime.now())
health['uptime'] = isodate.duration_isoformat(datetime.now() - startup_timestamp) health['uptime'] = isodate.duration_isoformat(datetime.now() - startup_timestamp)
if self.sources:
for s in self.sources:
h = s()
if h is not None:
health = {**health, **h}
self.set_header("Content-Type", "application/json") self.set_header("Content-Type", "application/json")
self.write(json.dumps(health, indent=4)) self.write(json.dumps(health, indent=4))
self.set_status(200) self.set_status(200)
@ -77,11 +69,10 @@ class Oas3Handler(tornado.web.RequestHandler, metaclass=ABCMeta):
self.finish() self.finish()
def make_app(_auth_provider=None, gitmgr=None): def make_app(_auth_provider=None):
version_path = r"/v[0-9]" version_path = r"/v[0-9]"
return tornado.web.Application([ return tornado.web.Application([
(version_path + r"/health", HealthHandler, (version_path + r"/health", HealthHandler),
{"sources": [lambda: {"git-head": gitmgr.head_sha}] if gitmgr else None}),
(version_path + r"/oas3", Oas3Handler), (version_path + r"/oas3", Oas3Handler),
]) ])
@ -92,16 +83,10 @@ def main():
# Setup # Setup
auth_provider = AuthProvider.from_environment() auth_provider = AuthProvider.from_environment()
gitcfg = GitManagerConfiguration.from_environment() util.run_tornado_server(make_app(auth_provider),
gitmgr = GitManager(configuration=gitcfg)
gitmgr.setup()
gitmgr.printout()
util.run_tornado_server(make_app(auth_provider, gitmgr),
server_port=port) server_port=port)
# Teardown # Teardown
gitmgr.teardown()
print("Server stopped") print("Server stopped")

188
gitmgr.py
View file

@ -1,188 +0,0 @@
import git
import os
import shutil
import tempfile
import time
from util import load_env
class GitManagerConfiguration:
@staticmethod
def from_environment():
origin = load_env("GIT_ORIGIN", None)
wc_path = load_env("GIT_WC_PATH", None)
git_pw = load_env("GIT_PASSWORD", None)
pull_intv = load_env("GIT_PULL_INTV", None)
return GitManagerConfiguration(origin=origin,
git_pw=git_pw,
wc_path=wc_path,
pull_intv=pull_intv)
def __init__(self, origin, git_pw=None, wc_path=None, pull_intv=None):
if not origin:
raise ValueError("Git origin cannot be empty!")
self._origin = origin
self._git_pw = git_pw
self._wc_path = wc_path
self._pull_intv = 30 if pull_intv is None else int(pull_intv)
@property
def origin(self):
return self._origin
@property
def git_pw(self):
return self._git_pw
@property
def wc_path(self):
return self._wc_path
@property
def pull_intv(self):
return self._pull_intv
class GitManager:
def __init__(self, configuration):
if configuration is None:
raise ValueError("GitManager must be initialized with a configuration!")
self._configuration = configuration
self._wc = None
self._last_pull = 0
@property
def configuration(self):
return self._configuration
def _setup_wc(self):
if self._wc is not None:
return
_wc = self.configuration.wc_path
if _wc is None:
_wc = tempfile.mkdtemp(prefix='entities_git_')
if not os.path.isdir(_wc):
raise ValueError("Configured directory for the working copy does not exist!")
self._wc = _wc
def _teardown_wc(self):
if self._wc is None:
return
if self.configuration.wc_path is not None:
print("NOTE: Not tearing down externally configured working copy.")
return
shutil.rmtree(self._wc)
self._wc = None
def _assert_wc(self):
"""Assert working copy matches origin and is a valid repository.
A failed assertion will throw exceptions and lead to service abort,
as this error is not recoverable.
Returns False if the WC path is an empty directory"""
# Check if WC is empty
if not os.listdir(self._wc):
return False
# Create a repository object
# This fails if there is no valid repository
repo = git.Repo(self._wc)
# Assert that this is not a bare repo
if repo.bare:
raise ValueError("WC path points to a bare git repository!")
origin = repo.remote('origin')
if self.configuration.origin not in origin.urls:
raise ValueError("Origin URL does not match!")
# We're good here.
return True
def _askpass_script(self):
# Passwords are impossible to store in scripts, as they may contain any character ...
# We convert the password into a list of integers and create a little script
# that reconstructs the password and writes it to the console.
# Python will be installed anyways.
pw_chars = [ord(c) for c in self.configuration.git_pw]
script = "#!/usr/bin/env python3\n"
script += "l = %s\n" % str(list(pw_chars))
script += "p = [chr(c) for c in l]\n"
script += f"print(\"\".join(p))\n"
return script
def _init_repo(self):
# Assert working copy is valid,
# return false if cloning is necessary
if not self._assert_wc():
print("Cloning new git working copy ...")
# Create a temporary script file for GIT_ASKPASS
with tempfile.NamedTemporaryFile(mode='w+t') as askpass:
askpass.write(self._askpass_script())
askpass.file.close()
os.chmod(path=askpass.name, mode=0o700)
self.repo = git.Repo.clone_from(url=self.configuration.origin,
to_path=self._wc,
env={'GIT_ASKPASS': askpass.name})
else:
print("Reusing existing git working copy ...")
self.repo = git.Repo(self._wc)
def setup(self):
self._setup_wc()
self._init_repo()
self.pull(force=True)
def teardown(self):
self._teardown_wc()
def printout(self):
print("Git Manager:")
print(f"\tGit origin is %s" % self.configuration.origin)
print(f"\tUsing working copy path %s" % self._wc)
if not self._wc == self.configuration.wc_path:
print("\tUsing a temporary working copy.")
@property
def head_sha(self):
return None if self.repo is None else self.repo.head.object.hexsha
def pull(self, force=False):
"""Pull from origin.
Arguments:
`force` -- Do a pull even though the pull interval has not elapsed
Returns: True if pull was executed
"""
if not force and (time.time() - self._last_pull < self.configuration.pull_intv):
return False
self._last_pull = time.time()
old_head = self.head_sha
# get the origin
# (We verified during initialization that this origin exists.)
origin = self.repo.remote('origin')
origin.pull(rebase=True)
return self.head_sha != old_head

View file

@ -1,3 +0,0 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json"
}

View file

@ -1,4 +1,3 @@
tornado==6.4.1 tornado==6.0.4
isodate==0.7.2 isodate==0.6.0
pytest==8.3.3 pytest==5.4.1
GitPython==3.1.43