airship
/
deckhand
Code Issues Proposed changes

Remove unused code for policy validation as feature not implemented 

Policy validation in Deckhand was not implemented completely. Refer link
below:
https://airshipit.readthedocs.io/projects/deckhand/en/latest/users/validation.html#policy-validations

This PS removes some of the code related to the feature which was being
used in a code path when a set of documents are uploaded to Deckhand.
In standard Airship deployments the number of documents could be quite
high and this leads to significant delay (more than 300seconds in some
cases). As there are no plans to implement the policy validation feature,
it makes sense to remove it from code path which could cause delay and
sometimes timeouts while uploading documents.

This has been tested on a Baremetal lab: GF and BF.

Change-Id: I2ff3f40a7fe37bed5a589fab00d829db726604fe
This commit is contained in:
Kumar, Nishant (nk613n) 2019-10-07 10:53:04 -04:00 committed by Nishant Kumar
parent 9201c9376f
commit a2606e75b1
11 changed files with 1 additions and 2142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
deckhand/client/client.py
View File

@ -30,7 +30,6 @@ from deckhand.client import buckets
from deckhand.client import exceptions
from deckhand.client import revisions
from deckhand.client import tags
from deckhand.client import validations
class SessionClient(adapter.Adapter):
@ -203,7 +202,6 @@ class Client(object):
self.buckets = buckets.BucketManager(self)
self.revisions = revisions.RevisionManager(self)
self.tags = tags.RevisionTagManager(self)
self.validations = validations.ValidationManager(self)
self.client = _construct_http_client(
api_version=api_version,

49
deckhand/client/validations.py
View File

@ -1,49 +0,0 @@
# Copyright 2017 AT&T Intellectual Property.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from deckhand.client import base
class Validation(base.Resource):
def __repr__(self):
return ("<Validation>")
class ValidationManager(base.Manager):
"""Manage :class:`Validation` resources."""
resource_class = Validation
def list(self, revision_id):
"""Get list of revision validations."""
url = '/revisions/%s/validations' % revision_id
return self._list(url)
def list_entries(self, revision_id, validation_name):
"""Get list of entries for a validation."""
url = '/revisions/%s/validations/%s' % (revision_id, validation_name)
# Call `_get` instead of `_list` because the response from the server
# is a dict of form `{"count": n, "results": []}`.
return self._get(url)
def get_entry(self, revision_id, validation_name, entry_id):
"""Get entry details for a validation."""
url = '/revisions/%s/validations/%s/entries/%s' % (
revision_id, validation_name, entry_id)
return self._get(url)
def create(self, revision_id, validation_name, data):
"""Associate a validation with a revision."""
url = '/revisions/%s/validations/%s' % (revision_id, validation_name)
return self._create(url, data=data)

11
deckhand/control/buckets.py
View File

@ -48,7 +48,7 @@ class BucketsResource(api_base.BaseResource):
try:
doc_validator = document_validation.DocumentValidation(
documents, data_schemas, pre_validate=True)
validations = doc_validator.validate_all()
doc_validator.validate_all()
except deckhand_errors.InvalidDocumentFormat as e:
with excutils.save_and_reraise_exception():
LOG.exception(e.format_message())
@ -64,10 +64,6 @@ class BucketsResource(api_base.BaseResource):
created_documents = self._create_revision_documents(
bucket_name, documents)
if created_documents:
revision_id = created_documents[0]['revision_id']
self._create_revision_validations(revision_id, validations)
resp.body = self.view_builder.list(created_documents)
resp.status = falcon.HTTP_200
@ -88,8 +84,3 @@ class BucketsResource(api_base.BaseResource):
LOG.exception(e.format_message())
return created_documents
def _create_revision_validations(self, revision_id, validations):
for validation in validations:
db_api.validation_create(revision_id, validation['name'],
validation)

23
deckhand/tests/functional/gabbits/document/document-crud-success-owned-documents.yaml
View File

@ -65,26 +65,3 @@ tests:
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].data: hunter2
- name: verify_schema_is_valid
desc: Check schema validation of the added schema
GET: /api/v1.0/revisions/$HISTORY['initialize'].$RESPONSE['$.[0].status.revision']/validations/deckhand-schema-validation
status: 200
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].results[*].status:
- success
- success
- success
- success
- success
- success
- success
- success
- success
- success
- success
- success
- success
- success
- success

28
deckhand/tests/functional/gabbits/document/document-crud-success-unusual-documents.yaml
View File

@ -61,31 +61,3 @@ tests:
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].data: 9000
- name: verify_document_validation_success_in_list_view
desc: Check document validation success shows in list view
GET: /api/v1.0/revisions/$HISTORY['initialize'].$RESPONSE['$.[0].status.revision']/validations
status: 200
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].count: 1
$.[0].results[0].status: success
- name: verify_document_validation_success_in_details_view
desc: Check document validation success shows in detailed view
GET: /api/v1.0/revisions/$HISTORY['initialize'].$RESPONSE['$.[0].status.revision']/validations/deckhand-schema-validation
status: 200
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].count: 9
$.[0].results[*].status:
# 9 documents are created in total, including DataSchema documents.
- success
- success
- success
- success
- success
- success
- success
- success
- success

39
deckhand/tests/functional/gabbits/schema-validation/schema-validation-success-ucp-sample.yaml
View File

@ -1,39 +0,0 @@
# Test success path for sample Airship documents
#
# 1. Purges existing data to ensure test isolation
# 2. Creates sample Airship documents and schemas
# 3. Checks that the documents pass schema validation
defaults:
request_headers:
content-type: application/x-yaml
response_headers:
content-type: application/x-yaml
verbose: true
tests:
- name: purge
desc: Begin testing from known state.
DELETE: /api/v1.0/revisions
status: 204
response_headers: null
- name: initialize
desc: Add example schema
PUT: /api/v1.0/buckets/mop/documents
status: 200
data: <@resources/ucp-sample-documents.yaml
- name: verify_schema_is_valid
desc: Check schema validation of the added schema
GET: /api/v1.0/revisions/$HISTORY['initialize'].$RESPONSE['$.[0].status.revision']/validations/deckhand-schema-validation
status: 200
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].count: 5
$.[0].results[*].status:
- success
- success
- success
- success
- success

214
deckhand/tests/functional/gabbits/schema-validation/schema-validation-success-v2.yaml
View File

@ -1,214 +0,0 @@
# Test success path for rollback with a single bucket.
#
# 1. Purges existing data to ensure test isolation
# 2. Creates a v2 DataSchema
# 3. Checks that schema validation for the DataSchema passes
# 4. Puts a valid document (and LayeringPolicy)
# 5. Checks that the document passes schema pre-validation
# 6. Checks that the document passes schema post-validation
# 7. Puts an invalid document
# 8. Checks that the document fails schema pre-validation
# 9. Checks that the document fails schema post-validation by raising expected
# exception
# 10. Checks that the document entry details adhere to expected validation
# format
# 11. Re-puts the same invalid document with substitutions
# 12. Verify that the substitutions were sanitized in the validation output
defaults:
request_headers:
content-type: application/x-yaml
response_headers:
content-type: application/x-yaml
verbose: true
tests:
- name: purge
desc: Begin testing from known state.
DELETE: /api/v1.0/revisions
status: 204
response_headers: null
- name: create_schema
desc: Add example schema
PUT: /api/v1.0/buckets/mop/documents
status: 200
data: <@resources/sample-schema-v2.yaml
- name: verify_schema_is_valid
desc: Check schema validation of the added schema
GET: /api/v1.0/revisions/$HISTORY['create_schema'].$RESPONSE['$.[0].status.revision']/validations/deckhand-schema-validation
status: 200
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].count: 1
$.[0].results[0].id: 0
$.[0].results[0].status: success
- name: verify_schema_validation_in_list_view
desc: Check schema validation success shows in list view
GET: /api/v1.0/revisions/$HISTORY['create_schema'].$RESPONSE['$.[0].status.revision']/validations
status: 200
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].count: 1
$.[0].results[0].name: deckhand-schema-validation
$.[0].results[0].status: success
- name: add_valid_document
desc: Add a document that follows the schema
PUT: /api/v1.0/buckets/good/documents
status: 200
data: |-
---
schema: deckhand/LayeringPolicy/v1
metadata:
schema: metadata/Control/v1
name: layering-policy
data:
layerOrder:
- site
---
schema: example/Doc/v2
metadata:
schema: metadata/Document/v1
name: good
storagePolicy: cleartext
layeringDefinition:
abstract: false
layer: site
data:
a: this-one-is-required
b: 77
- name: verify_document_is_valid_pre_validation
desc: Check schema pre-validation of the added document
GET: /api/v1.0/revisions/$HISTORY['add_valid_document'].$RESPONSE['$.[0].status.revision']/validations/deckhand-schema-validation
status: 200
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].count: 2
$.[0].results[0].id: 0
$.[0].results[0].status: success
- name: verify_document_pre_validation_success_in_list_view
desc: Check document pre-validation success shows in list view
GET: /api/v1.0/revisions/$HISTORY['add_valid_document'].$RESPONSE['$.[0].status.revision']/validations
status: 200
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].count: 1
$.[0].results[*].name: deckhand-schema-validation
$.[0].results[*].status: success
- name: verify_document_is_valid_post_validation
desc: Check that the document passes post-validation
GET: /api/v1.0/revisions/$HISTORY['add_valid_document'].$RESPONSE['$.[0].status.revision']/rendered-documents
status: 200
- name: add_invalid_document
desc: Add a document that does not follow the schema
PUT: /api/v1.0/buckets/bad/documents
status: 200
data: |-
schema: example/Doc/v2
metadata:
schema: metadata/Document/v1
name: bad
storagePolicy: cleartext
layeringDefinition:
abstract: false
layer: site
data:
a: this-one-is-required-and-can-be-different
b: 177
- name: verify_invalid_document_is_valid_pre_validation
desc: Check success of schema pre-validation of the added document
GET: /api/v1.0/revisions/$HISTORY['add_invalid_document'].$RESPONSE['$.[0].status.revision']/validations/deckhand-schema-validation
status: 200
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].count: 1
$.[0].results[*].status: success
- name: verify_document_pre_validation_failure_in_list_view
desc: Check document pre-validation success shows in list view
GET: /api/v1.0/revisions/$HISTORY['add_invalid_document'].$RESPONSE['$.[0].status.revision']/validations
status: 200
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].count: 1
$.[0].results[0].name: deckhand-schema-validation
$.[0].results[0].status: success
- name: verify_document_is_invalid_post_validation
desc: Check that the document fails post-validation
GET: /api/v1.0/revisions/$HISTORY['add_invalid_document'].$RESPONSE['$.[0].status.revision']/rendered-documents
status: 400
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].apiVersion: v1.0
$.[0].code: 400 Bad Request
$.[0].details.errorCount: 1
$.[0].details.errorType: InvalidDocumentFormat
$.[0].details.messageList[0].documents:
- layer: site
name: bad
schema: example/Doc/v2
$.[0].details.messageList[0].error: true
$.[0].details.messageList[0].kind: ValidationMessage
$.[0].details.messageList[0].level: Error
$.[0].details.messageList[0].name: D002
$.[0].kind: Status
$.[0].message: The provided documents failed schema validation
$.[0].reason: Validation
$.[0].status: Failure
- name: add_invalid_document_with_substitutions
desc: Add a document that does not follow the schema
PUT: /api/v1.0/buckets/bad/documents
status: 200
data: |-
---
schema: example/Doc/v2
metadata:
schema: metadata/Document/v1
name: bad
storagePolicy: cleartext
layeringDefinition:
abstract: false
layer: site
substitutions:
- src:
schema: deckhand/Certificate/v1
name: test-certificate
path: .
dest:
path: .a
data:
a: this-one-is-required-and-can-be-different
b: 177
---
schema: deckhand/Certificate/v1
metadata:
name: test-certificate
schema: metadata/Document/v1
storagePolicy: cleartext
layeringDefinition:
layer: site
storagePolicy: cleartext
data: this-should-definitely-be-sanitized
- name: verify_document_post_validation_failure_entry_details_hides_secrets
desc: Check document validation failure hides secrets
GET: /api/v1.0/revisions/$HISTORY['add_invalid_document_with_substitutions'].$RESPONSE['$.[0].status.revision']/rendered-documents
status: 400
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].code: 400 Bad Request
$.[0].details.errorCount: 1
$.[0].details.errorType: InvalidDocumentFormat
$.[0].details.messageList[0].diagnostic.error_section:
a: 'Sanitized to avoid exposing secret.'
b: 177

214
deckhand/tests/functional/gabbits/schema-validation/schema-validation-success.yaml
View File

@ -1,214 +0,0 @@
# Test success path for rollback with a single bucket.
#
# 1. Purges existing data to ensure test isolation
# 2. Creates a DataSchema
# 3. Checks that schema validation for the DataSchema passes
# 4. Puts a valid document (and LayeringPolicy)
# 5. Checks that the document passes schema pre-validation
# 6. Checks that the document passes schema post-validation
# 7. Puts an invalid document
# 8. Checks that the document fails schema pre-validation
# 9. Checks that the document fails schema post-validation by raising expected
# exception
# 10. Checks that the document entry details adhere to expected validation
# format
# 11. Re-puts the same invalid document with substitutions
# 12. Verify that the substitutions were sanitized in the validation output
defaults:
request_headers:
content-type: application/x-yaml
response_headers:
content-type: application/x-yaml
verbose: true
tests:
- name: purge
desc: Begin testing from known state.
DELETE: /api/v1.0/revisions
status: 204
response_headers: null
- name: create_schema
desc: Add example schema
PUT: /api/v1.0/buckets/mop/documents
status: 200
data: <@resources/sample-schema.yaml
- name: verify_schema_is_valid
desc: Check schema validation of the added schema
GET: /api/v1.0/revisions/$HISTORY['create_schema'].$RESPONSE['$.[0].status.revision']/validations/deckhand-schema-validation
status: 200
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].count: 1
$.[0].results[0].id: 0
$.[0].results[0].status: success
- name: verify_schema_validation_in_list_view
desc: Check schema validation success shows in list view
GET: /api/v1.0/revisions/$HISTORY['create_schema'].$RESPONSE['$.[0].status.revision']/validations
status: 200
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].count: 1
$.[0].results[0].name: deckhand-schema-validation
$.[0].results[0].status: success
- name: add_valid_document
desc: Add a document that follows the schema
PUT: /api/v1.0/buckets/good/documents
status: 200
data: |-
---
schema: deckhand/LayeringPolicy/v1
metadata:
schema: metadata/Control/v1
name: layering-policy
data:
layerOrder:
- site
---
schema: example/Doc/v1
metadata:
schema: metadata/Document/v1
name: good
storagePolicy: cleartext
layeringDefinition:
abstract: false
layer: site
data:
a: this-one-is-required
b: 77
- name: verify_document_is_valid_pre_validation
desc: Check schema pre-validation of the added document
GET: /api/v1.0/revisions/$HISTORY['add_valid_document'].$RESPONSE['$.[0].status.revision']/validations/deckhand-schema-validation
status: 200
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].count: 2
$.[0].results[0].id: 0
$.[0].results[0].status: success
- name: verify_document_pre_validation_success_in_list_view
desc: Check document pre-validation success shows in list view
GET: /api/v1.0/revisions/$HISTORY['add_valid_document'].$RESPONSE['$.[0].status.revision']/validations
status: 200
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].count: 1
$.[0].results[*].name: deckhand-schema-validation
$.[0].results[*].status: success
- name: verify_document_is_valid_post_validation
desc: Check that the document passes post-validation
GET: /api/v1.0/revisions/$HISTORY['add_valid_document'].$RESPONSE['$.[0].status.revision']/rendered-documents
status: 200
- name: add_invalid_document
desc: Add a document that does not follow the schema
PUT: /api/v1.0/buckets/bad/documents
status: 200
data: |-
schema: example/Doc/v1
metadata:
schema: metadata/Document/v1
name: bad
storagePolicy: cleartext
layeringDefinition:
abstract: false
layer: site
data:
a: this-one-is-required-and-can-be-different
b: 177
- name: verify_invalid_document_is_valid_pre_validation
desc: Check success of schema pre-validation of the added document
GET: /api/v1.0/revisions/$HISTORY['add_invalid_document'].$RESPONSE['$.[0].status.revision']/validations/deckhand-schema-validation
status: 200
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].count: 1
$.[0].results[*].status: success
- name: verify_document_pre_validation_failure_in_list_view
desc: Check document pre-validation success shows in list view
GET: /api/v1.0/revisions/$HISTORY['add_invalid_document'].$RESPONSE['$.[0].status.revision']/validations
status: 200
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].count: 1
$.[0].results[0].name: deckhand-schema-validation
$.[0].results[0].status: success
- name: verify_document_is_invalid_post_validation
desc: Check that the document fails post-validation
GET: /api/v1.0/revisions/$HISTORY['add_invalid_document'].$RESPONSE['$.[0].status.revision']/rendered-documents
status: 400
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].apiVersion: v1.0
$.[0].code: 400 Bad Request
$.[0].details.errorCount: 1
$.[0].details.errorType: InvalidDocumentFormat
$.[0].details.messageList[0].documents:
- layer: site
name: bad
schema: example/Doc/v1
$.[0].details.messageList[0].error: true
$.[0].details.messageList[0].kind: ValidationMessage
$.[0].details.messageList[0].level: Error
$.[0].details.messageList[0].name: D002
$.[0].kind: Status
$.[0].message: The provided documents failed schema validation
$.[0].reason: Validation
$.[0].status: Failure
- name: add_invalid_document_with_substitutions
desc: Add a document that does not follow the schema
PUT: /api/v1.0/buckets/bad/documents
status: 200
data: |-
---
schema: example/Doc/v1
metadata:
schema: metadata/Document/v1
name: bad
storagePolicy: cleartext
layeringDefinition:
abstract: false
layer: site
substitutions:
- src:
schema: deckhand/Certificate/v1
name: test-certificate
path: .
dest:
path: .a
data:
a: this-one-is-required-and-can-be-different
b: 177
---
schema: deckhand/Certificate/v1
metadata:
name: test-certificate
schema: metadata/Document/v1
storagePolicy: cleartext
layeringDefinition:
layer: site
storagePolicy: cleartext
data: this-should-definitely-be-sanitized
- name: verify_document_post_validation_failure_entry_details_hides_secrets
desc: Check document validation failure hides secrets
GET: /api/v1.0/revisions/$HISTORY['add_invalid_document_with_substitutions'].$RESPONSE['$.[0].status.revision']/rendered-documents
status: 400
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].code: 400 Bad Request
$.[0].details.errorCount: 1
$.[0].details.errorType: InvalidDocumentFormat
$.[0].details.messageList[0].diagnostic.error_section:
a: 'Sanitized to avoid exposing secret.'
b: 177

238
deckhand/tests/functional/gabbits/schema-validation/schema-validation-with-validation-policy-success.yaml
View File

@ -1,238 +0,0 @@
# Test success path Validations API in conjunction with Validation Policy.
#
# 1. Purge existing data to ensure test isolation
# 2. Create a Validation Policy.
# 3. Verifies that the revision is success.
# 4. Creates a Validation Policy with two validations, one which requires an
# an external validation result from Promenade.
# 5. Register success result for promenade-schema-validation.
# 6. Validate that the revision is success.
# 7. Create a Validation Policy with two validations, same as before.
# 8. Intentionally do not register promenade-schema-validation.
# 9. Validate that promenade-schema-validation defaults to failure for
# get and list views.
# 10. Create a Validation Policy with one validation
# (deckhand-schema-validation) only.
# 11. Register extra promenade-schema-validation (not included in VP) as
# failure.
# 12. Validate that promenade-schema-validation is ignored for
# get and list views.
# 13. Validate that detail view for promenade-schema-validation indicates it
# is ignored, with detailed message.
defaults:
request_headers:
content-type: application/x-yaml
response_headers:
content-type: application/x-yaml
verbose: true
tests:
- name: purge
desc: Begin testing from known state.
DELETE: /api/v1.0/revisions
status: 204
response_headers: null
- name: create_validation_policy
desc: Create an example validation policy.
PUT: /api/v1.0/buckets/mop/documents
status: 200
data: |-
---
schema: deckhand/ValidationPolicy/v1
metadata:
schema: metadata/Control/v1
name: site-deploy-ready
layeringDefinition:
abstract: true
data:
validations:
- name: deckhand-schema-validation
...
- name: verify_revision_is_success
desc: |
Validate that the Validation Policy itself passed
deckhand-schema-validation.
GET: /api/v1.0/revisions/$HISTORY['create_validation_policy'].$RESPONSE['$.[0].status.revision']/validations/deckhand-schema-validation
status: 200
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].count: 1
$.[0].results[0].id: 0
$.[0].results[0].status: success
- name: create_vp_two_validations
desc: Add a validation policy with two validations.
PUT: /api/v1.0/buckets/mop/documents
status: 200
data: |-
---
schema: deckhand/ValidationPolicy/v1
metadata:
schema: metadata/Control/v1
name: site-deploy-ready
layeringDefinition:
abstract: true
data:
validations:
- name: deckhand-schema-validation
- name: promenade-schema-validation
...
- name: register_promenade_validation_as_success
desc: Externally register the result for promenade-schema-validation.
POST: /api/v1.0/revisions/$HISTORY['create_vp_two_validations'].$RESPONSE['$.[0].status.revision']/validations/promenade-schema-validation
status: 201
data: |-
---
status: success
errors: []
validator:
name: promenade
version: 1.1.2
...
- name: verify_revision_with_two_validations_list_view_is_success
desc: Verify that both validations are marked as success.
GET: /api/v1.0/revisions/$HISTORY['create_vp_two_validations'].$RESPONSE['$.[0].status.revision']/validations
status: 200
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].count: 2
# Sort the results by name alphabetically for reliable assertions.
$.[0].results[/name][0].name: deckhand-schema-validation
$.[0].results[/name][0].status: success
$.[0].results[/name][1].name: promenade-schema-validation
$.[0].results[/name][1].status: success
- name: create_vp_two_validations_missing
desc: Add a validation policy with two validations.
PUT: /api/v1.0/buckets/mop/documents
status: 200
data: |-
---
schema: deckhand/ValidationPolicy/v1
metadata:
schema: metadata/Control/v1
name: site-deploy-ready
layeringDefinition:
abstract: true
data:
validations:
- name: deckhand-schema-validation
- name: promenade-schema-validation
...
# Do not register promenade-schema-validation.
- name: verify_promenade_schema_validation_is_failure
desc: |
Verify that promenade-schema-validation status is failure because
it should default to failure as it was never externally registered.
GET: /api/v1.0/revisions/$HISTORY['create_vp_two_validations_missing'].$RESPONSE['$.[0].status.revision']/validations/promenade-schema-validation
status: 200
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].count: 1
$.[0].results[0].id: 0
$.[0].results[0].status: failure
- name: verify_revision_with_missing_validation_list_view_is_failure
desc: Verify promenade-schema-validation is failure.
GET: /api/v1.0/revisions/$HISTORY['create_vp_two_validations_missing'].$RESPONSE['$.[0].status.revision']/validations
status: 200
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].count: 2
# Sort the results by name alphabetically for reliable assertions.
$.[0].results[/name][0].name: deckhand-schema-validation
$.[0].results[/name][0].status: success
$.[0].results[/name][1].name: promenade-schema-validation
$.[0].results[/name][1].status: failure
- name: create_vp_one_validation_extra
desc: |
Add a validation policy with only one validation but later on register
an extra validation.
PUT: /api/v1.0/buckets/mop/documents
status: 200
data: |-
---
schema: deckhand/ValidationPolicy/v1
metadata:
schema: metadata/Control/v1
name: site-deploy-ready
layeringDefinition:
abstract: true
data:
validations:
- name: deckhand-schema-validation
...
- name: register_extra_promenade_validation_as_failure
desc: |
Externally register the result for extra promenade-schema-validation as
failure.
POST: /api/v1.0/revisions/$HISTORY['create_vp_one_validation_extra'].$RESPONSE['$.[0].status.revision']/validations/promenade-schema-validation
status: 201
data: |-
---
status: failure
errors:
- documents:
- schema: promenade/Node/v1
name: node-document-name
- schema: promenade/Masters/v1
name: kubernetes-masters
message: Node has master role, but not included in cluster masters list.
validator:
name: promenade
version: 1.1.2
...
- name: verify_promenade_schema_validation_is_ignored
desc: |
Verify that promenade-schema-validation is ignored.
GET: /api/v1.0/revisions/$HISTORY['create_vp_one_validation_extra'].$RESPONSE['$.[0].status.revision']/validations/promenade-schema-validation
status: 200
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].count: 1
$.[0].results[0].id: 0
$.[0].results[0].status: ignored [failure]
- name: verify_revision_with_extra_validation_list_view_is_ignored
desc: |
Verify that the list view shows that promenade-schema-validation is
ignored.
GET: /api/v1.0/revisions/$HISTORY['create_vp_one_validation_extra'].$RESPONSE['$.[0].status.revision']/validations
status: 200
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].count: 2
# Sort the results by name alphabetically for reliable assertions.
$.[0].results[/name][0].name: deckhand-schema-validation
$.[0].results[/name][0].status: success
$.[0].results[/name][1].name: promenade-schema-validation
$.[0].results[/name][1].status: ignored [failure]
- name: verify_revision_with_extra_validation_detail_view_is_ignored
desc: |
Verify that details view for promenade-schema-validation indicates it
has been ignored, with a detailed message.
GET: /api/v1.0/revisions/$HISTORY['create_vp_one_validation_extra'].$RESPONSE['$.[0].status.revision']/validations/promenade-schema-validation/entries/0
status: 200
response_multidoc_jsonpaths:
$.`len`: 1
$.[0].name: promenade-schema-validation
$.[0].status: ignored [failure]
$.[0].createdAt: null
$.[0].expiresAfter: null
$.[0].errors.`len`: 2
$.[0].errors[/message][1].message: >-
The result for this validation was externally registered but has been
ignored because it is not found in the validations for
ValidationPolicy [deckhand/ValidationPolicy/v1, None]
site-deploy-ready: deckhand-schema-validation.

1246
deckhand/tests/unit/control/test_validations_controller.py
View File

File diff suppressed because it is too large Load Diff

79
doc/source/users/validation.rst
View File

@ -41,10 +41,6 @@ Here is a list of internal validations:
* ``deckhand-document-schema-validation`` - All concrete documents in the
revision successfully pass their JSON schema validations. Will cause
this to report an error.
* ``deckhand-policy-validation`` (TODO) - All required policy documents are in-place,
and existing documents conform to those policies. E.g. if a 3rd party
document specifies a ``layer`` that is not present in the layering policy,
that will cause this validation to report an error.
Externally Provided Validations
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@ -84,81 +80,6 @@ Schema validations are controlled by two mechanisms:
document's ``data`` section to *additional* validations, validations
specified by the ``data`` section of the ``DataSchema`` document.
Policy Validations
------------------
*Not yet implemented*.
Validation Policies
-------------------
Validation policies are optional. Deckhand will perform all internal and
externally registered schema validations against all documents, with or without
any Validation Policies.
All ``ValidationPolicy`` documents in Deckhand are externally registered. They
allow services to report success or failure of named validations for a given
revision. The intended purpose is to allow a simple mapping that enables
consuming services to be able to quickly check whether the configuration in
Deckhand is in a valid state for performing a specific action.
``ValidationPolicy`` documents are not the same as ``DataSchema`` documents.
A ``ValidationPolicy`` document can reference a list of internal Deckhand
validations in addition to externally registered ``DataSchema`` documents.
Whereas a ``DataSchema`` document specifies a new set of validations to check
against relevant documents, a ``ValidationPolicy`` is a bookkeeping device
that merely lists the set of validations in a revision that need to succeed
in order for the revision itself to be valid.
For example, given Revision 1 which contains a ``ValidationPolicy`` of:
::
---
schema: deckhand/ValidationPolicy/v1
metadata:
schema: metadata/Control/v1
name: later-validation
layeringDefinition:
abstract: False
layer: site
data:
validations:
- name: deckhand-schema-validation
- name: drydock-site-validation
Deckhand automatically creates ``deckhand-schema-validation`` as soon as the
revision itself is created. Afterward, Drydock can POST its result for
``drydock-site-validation`` using Deckhand's Validations API. Finally, Shipyard
query Deckhand's Validations API which in turn checks whether all validations
contained in the ``ValidationPolicy`` above are successful, before it proceeds
to the next stage in its workflow.
Missing Validations
^^^^^^^^^^^^^^^^^^^
Validations contained in a ``ValidationPolicy`` but which were never created
in Deckhand for a given revision are considered missing. Missing validations
result in the entire validation result reporting "failure".
If, for example, Drydock never POSTed a result for ``drydock-site-validation``
then the Deckhand Validations API will return a "failure" result, even if
``deckhand-schema-validation`` reports "success".
Extra Validations
^^^^^^^^^^^^^^^^^
Validations that are registered in Deckhand via the Validations API
but are not included in the ``ValidationPolicy`` (if one exists) for a given
revision are **ignored** (with the original status reported as
"ignored [failure]" or "ignored [success]").
For example, given the ``ValidationPolicy`` example above, if Promenade POSTs
``promenade-schema-validation`` with a result of "failure", then the *overall*
validation status for the given revision returned by Deckhand will be *success*
because the "failure" result from Promenade, since it was never registered,
will be ignored.
Validation Stages
-----------------