# Copyright (c) 2017-2022 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # # vim: tabstop=4 shiftwidth=4 softtabstop=4 # coding=utf-8 # import netaddr import pecan import re import wsme from oslo_log import log from six.moves.urllib.parse import urlparse from sysinv._i18n import _ from sysinv.common import constants from sysinv.common import exception from sysinv.common import utils as cutils from sysinv.common.storage_backend_conf import StorageBackendConfig LOG = log.getLogger(__name__) SERVICE_PARAMETER_DATA_FORMAT_ARRAY = 'array' SERVICE_PARAMETER_DATA_FORMAT_BOOLEAN = 'boolean' SERVICE_PARAMETER_DATA_FORMAT_DICT = 'dict' SERVICE_PARAMETER_DATA_FORMAT_SKIP = 'skip' IDENTITY_CONFIG_TOKEN_EXPIRATION_MIN = 3600 IDENTITY_CONFIG_TOKEN_EXPIRATION_MAX = 14400 def _validate_boolean(name, value): if value.lower() not in ['true', 'false']: raise wsme.exc.ClientSideError(_( "Parameter '%s' must be a boolean value." % name)) def _validate_no_update(name, value): msg = _( "Unable to configure service parameter," " %s is disabled." % name) raise wsme.exc.ClientSideError(msg) def _validate_yes_no(name, value): if value.lower() not in ['y', 'n']: raise wsme.exc.ClientSideError(_( "Parameter '%s' must be a yes/no value." % name)) def _validate_integer(name, value): try: int(value) except ValueError: raise wsme.exc.ClientSideError(_( "Parameter '%s' must be an integer value." % name)) def _validate_zero_or_positive_integer(name, value): _validate_integer(name, value) if int(value) < 0: raise wsme.exc.ClientSideError(_( "Parameter '%s' must be positive integer or zero.") % name) def _validate_float(name, value): try: float(value) except ValueError: raise wsme.exc.ClientSideError(_( "Parameter '%s' must be a float value." % name)) def _validate_not_empty(name, value): if not value or value == '': raise wsme.exc.ClientSideError(_( "Parameter '%s' must not be an empty value." % name)) def _validate_range(name, value, min, max): try: if int(value) < min or int(value) > max: raise wsme.exc.ClientSideError(_( "Parameter '%s' must be between %d and %d.") % (name, min, max)) except ValueError: raise wsme.exc.ClientSideError(_( "Parameter '%s' must be an integer value." % name)) def _validate_zero_or_range(name, value, min, max): try: if int(value) != 0: if int(value) < min or int(value) > max: raise wsme.exc.ClientSideError(_( "Parameter '%s' must be zero or between %d and %d.") % (name, min, max)) except ValueError: raise wsme.exc.ClientSideError(_( "Parameter '%s' must be an integer value." % name)) def _validate_value_in_set(name, value, _set): if value not in _set: raise wsme.exc.ClientSideError(_( "Parameter '{}' must be{}: {}".format( name, " one of" if (len(_set) > 1) else "", ", ".join(_set)))) def _validate_token_expiry_time(name, value): """Check if timeout value is valid""" try: if int(value) < IDENTITY_CONFIG_TOKEN_EXPIRATION_MIN \ or int(value) > IDENTITY_CONFIG_TOKEN_EXPIRATION_MAX: raise wsme.exc.ClientSideError(_( "Parameter '%s' must be between %d and %d seconds.") % (name, IDENTITY_CONFIG_TOKEN_EXPIRATION_MIN, IDENTITY_CONFIG_TOKEN_EXPIRATION_MAX)) except ValueError: raise wsme.exc.ClientSideError(_( "Parameter '%s' must be an integer value." % name)) def _validate_ip_address(name, value): """Check if ip value is valid""" if not cutils.is_valid_ip(value): raise wsme.exc.ClientSideError(_( "Parameter '%s' must be an IP address." % name)) def _validate_read_only(name, value): raise wsme.exc.ClientSideError(_( "Parameter '%s' is readonly" % name)) def _validate_SAN_list(name, value): """ Validate list of Subject Alternative Name for x509 certificates. Each entry must be an IP address or domain name For example: "localhost.localdomain,192.168.204.2,controller" """ san_entries = value.split(',') if len(san_entries) == 0: raise wsme.exc.ClientSideError(_( "No values provided for '%s'" % name)) for entry in san_entries: if not cutils.is_valid_domain_or_ip(entry): raise wsme.exc.ClientSideError(_( "The value provided is not a domain name or IP address. (%s)" % entry)) def _validate_oidc_issuer_url(name, value): """Check if oidc issuer address is valid""" # is_valid_domain_or_ip does not work with entire urls # for example, the 'https://' needs to be removed parsed_value = urlparse(value) if not parsed_value.netloc or not cutils.is_valid_domain_or_ip(parsed_value.netloc): raise wsme.exc.ClientSideError(_( "Parameter '%s' must be a valid address or domain." % name)) def _deprecated_oidc_params(name, value): """Check oidc deprecated parameters""" msg = "This parameter '{}' is deprecated you must use a valid parameter like " \ "(oidc-issuer-url, oidc-client-id, oidc-username-claim, oidc-groups-claim).".format(name) raise wsme.exc.ClientSideError(_(msg)) def _validate_cri_class_format(name, value): """ Validate string into cri runtimeClassName:runtimeBinary format, criHandler format: Alphanumeric plus underscore, criBinary format: Portable filename plus '/'. For example: "my_runtimeClassName:/usr/bin/my-runtimeBinary" """ msg_example = "Example: my_runtimeClassName:/usr/bin/my-runtimeBinary\n" msg_format = " format: runtimeClassName:runtimeBinaryName\n" msg_runtimeBinaryName = "runtimeBinary: Portable filename plus \'/\'\n" msg_runtimeClassName = "runtimeClassName: Alphanumeric and underscore\n" if len(value) == 0: raise wsme.exc.ClientSideError(_( "syntax: custom_container_runtime=runtimeClassName:runtimeBinary")) for cri in value.split(','): try: criHandler, criBinary = cri.split(':') except ValueError: raise wsme.exc.ClientSideError(_( "Parameter ValueError in %s" % (name + msg_format + msg_runtimeClassName + msg_runtimeBinaryName + msg_example))) if (len(criHandler) == 0 or (len(criBinary) == 0 or len(criBinary) > 4095)): raise wsme.exc.ClientSideError(_( "Parameter %s" % (name + msg_format + msg_runtimeClassName + msg_runtimeBinaryName + msg_example))) # criHandler format: Alphanumeric and underscore if len(re.findall(r"[^\w+]", criHandler)): raise wsme.exc.ClientSideError(_( "Parameter %s " % (name + msg_format + msg_runtimeClassName + "Invalid Characters in runtimeClassName: " + criHandler + "\n" + msg_example))) # criBinary format: Absolute path, portable filename if len(re.findall(r"^[^/]|[^a-zA-Z0-9-_./]|\/\.|\/$", criBinary)): raise wsme.exc.ClientSideError(_( "Parameter %s " % (name + msg_format + msg_runtimeBinaryName + "Invalid Characters in runtimeBinaryName: " + criBinary + "\n" + msg_example))) def _get_network_pool_from_ip_address(ip, networks): for name in networks: try: network = pecan.request.dbapi.network_get_by_type(name) except exception.NetworkTypeNotFound: continue pool = pecan.request.dbapi.address_pool_get(network.pool_uuid) # # IP address in the pool's network? If so, return the pool. # ipnet = netaddr.IPNetwork("%s/%u" % (pool["network"], pool["prefix"])) if ip in ipnet: return pool # # Pool not found. # return None def _validate_worker_boot_timeout(name, value): _validate_range(name, value, SERVICE_PARAM_PLAT_MTCE_WORKER_BOOT_TIMEOUT_MIN, SERVICE_PARAM_PLAT_MTCE_WORKER_BOOT_TIMEOUT_MAX) def _validate_controller_boot_timeout(name, value): _validate_range(name, value, SERVICE_PARAM_PLAT_MTCE_CONTROLLER_BOOT_TIMEOUT_MIN, SERVICE_PARAM_PLAT_MTCE_CONTROLLER_BOOT_TIMEOUT_MAX) def _validate_hbs_period(name, value): _validate_range(name, value, SERVICE_PARAM_PLAT_MTCE_HBS_PERIOD_MIN, SERVICE_PARAM_PLAT_MTCE_HBS_PERIOD_MAX) def _validate_hbs_failure_action(name, value): error = False try: if str(value) != SERVICE_PARAM_PLAT_MTCE_HBS_FAILURE_ACTION_FAIL and \ str(value) != SERVICE_PARAM_PLAT_MTCE_HBS_FAILURE_ACTION_DEGRADE and \ str(value) != SERVICE_PARAM_PLAT_MTCE_HBS_FAILURE_ACTION_ALARM and \ str(value) != SERVICE_PARAM_PLAT_MTCE_HBS_FAILURE_ACTION_NONE: error = True except ValueError: error = True if error is True: raise wsme.exc.ClientSideError(_( "Action must be one of '%s', '%s', '%s' or '%s'" % (SERVICE_PARAM_PLAT_MTCE_HBS_FAILURE_ACTION_FAIL, SERVICE_PARAM_PLAT_MTCE_HBS_FAILURE_ACTION_DEGRADE, SERVICE_PARAM_PLAT_MTCE_HBS_FAILURE_ACTION_ALARM, SERVICE_PARAM_PLAT_MTCE_HBS_FAILURE_ACTION_NONE))) def _validate_hbs_failure_threshold(name, value): _validate_range(name, value, SERVICE_PARAM_PLAT_MTCE_HBS_FAILURE_THRESHOLD_MIN, SERVICE_PARAM_PLAT_MTCE_HBS_FAILURE_THRESHOLD_MAX) def _validate_hbs_degrade_threshold(name, value): _validate_range(name, value, SERVICE_PARAM_PLAT_MTCE_HBS_DEGRADE_THRESHOLD_MIN, SERVICE_PARAM_PLAT_MTCE_HBS_DEGRADE_THRESHOLD_MAX) def _validate_mnfa_threshold(name, value): _validate_range(name, value, SERVICE_PARAM_PLAT_MTCE_MNFA_THRESHOLD_MIN, SERVICE_PARAM_PLAT_MTCE_MNFA_THRESHOLD_MAX) def _validate_mnfa_timeout(name, value): # accept zero (no timeout) or a reasonable/tested specific range _validate_zero_or_range(name, value, SERVICE_PARAM_PLAT_MTCE_MNFA_TIMEOUT_MIN, SERVICE_PARAM_PLAT_MTCE_MNFA_TIMEOUT_MAX) def _validate_ipv4(name, value): """Check if router_id value is valid""" if not netaddr.valid_ipv4(value): raise wsme.exc.ClientSideError(_( "Parameter '%s' must be a valid router_id." % name)) def _validate_mac_address(name, value): """Check if a given value is a valid MAC address.""" try: if not netaddr.valid_mac(value): raise wsme.exc.ClientSideError(_( "Parameter '%s' must be a valid MAC address" % name)) if not int(netaddr.EUI(value).oui): raise wsme.exc.ClientSideError(_( "Parameter '%s' must be a MAC address with a non-zero OUI" % name)) except netaddr.core.NotRegisteredError: pass # allow any OUI value regardless of registration def _validate_radosgw_enabled(name, value): if not cutils.is_valid_boolstr(value): raise wsme.exc.ClientSideError(_( "Parameter '%s' must be a valid bool string." % name)) def _validate_docker_proxy_address(name, value): """Check if proxy value is valid""" if not cutils.is_url(value): raise wsme.exc.ClientSideError(_( "Parameter '%s' must be a valid address." % name)) def _validate_docker_no_proxy_address(name, value): """Check if no proxy value is valid""" values = value.split(',') for item in values: # will extend to more cases if CIDR notation is supported if not cutils.is_valid_domain_or_ip(item): raise wsme.exc.ClientSideError(_( "Parameter '%s' includes an invalid address '%s'." % (name, item))) def _validate_docker_registry_address(name, value): """Check if registry address is valid""" if not cutils.is_valid_domain_or_ip(value): raise wsme.exc.ClientSideError(_( "Parameter '%s' must be a valid address." % name)) def _validate_docker_registry_auth_secret(name, value): """Check if registry auth secret is a valid UUID""" if not cutils.is_uuid_like(value): raise wsme.exc.ClientSideError(_( "Parameter '%s' must be a valid UUID." % name)) def _validate_docker_registry_type(name, value): """Check if registry type is supported or not""" if value not in [constants.DOCKER_REGISTRY_TYPE_DOCKER, constants.DOCKER_REGISTRY_TYPE_AWS_ECR]: raise wsme.exc.ClientSideError(_( "%s is not supported. Parameter %s must be one of %s or %s") % (value, constants.DOCKER_REGISTRY_TYPE_DOCKER, constants.DOCKER_REGISTRY_TYPE_AWS_ECR)) def _validate_docker_insecure_registry_bool(name, value): """Check if insecure registry is a valid bool""" if not cutils.is_valid_boolstr(value): raise wsme.exc.ClientSideError(_( "Parameter '%s' must be a valid bool string." % name)) def _validate_domain(name, value): """Check if domain name is valid""" if not cutils.is_valid_domain_name(value): raise wsme.exc.ClientSideError(_( "Parameter '%s' includes an invalid domain name '%s'." % (name, value))) def _validate_pod_max_pids(name, value): """Check if specified value is supported""" _validate_range(name, value, constants.SERVICE_PARAM_KUBERNETES_POD_MAX_PIDS_MIN, constants.SERVICE_PARAM_KUBERNETES_POD_MAX_PIDS_MAX) def _validate_kernel_audit(name, value): """Check if specified value is supported""" try: if str(value) in [constants.SERVICE_PARAM_PLATFORM_AUDITD_DISABLED, constants.SERVICE_PARAM_PLATFORM_AUDITD_ENABLED]: return except ValueError: pass raise wsme.exc.ClientSideError(_( "Parameter '%s' value must be either '%s' or '%s'" % (name, constants.SERVICE_PARAM_PLATFORM_AUDITD_DISABLED, constants.SERVICE_PARAM_PLATFORM_AUDITD_ENABLED))) def _byte_transform(param_value, param_name): format1 = re.search(r"^(-*[0-9]+([\.][0-9]+)*)([B|K|M|G|T|P|E])$", str(param_value)) format2 = re.search(r"^(0)$", str(param_value)) if not (format1 or format2): raise wsme.exc.ClientSideError("Parameter '%s' has invalid value format." % param_name) if format1: size_greatness = format1.group(3) if format1.group(2): size_value = float(format1.group(1)) else: size_value = int(format1.group(1)) greatness_list = ['B', 'K', 'M', 'G', 'T', 'P', 'E'] if size_greatness in greatness_list: index = greatness_list.index(size_greatness) size_in_bytes = (1024**index) * size_value else: size_in_bytes = int(format2.group(1)) return size_in_bytes def _validate_minimum_value(name, value, min_value): min_value_in_bytes = _byte_transform(min_value, name) if value < min_value_in_bytes: raise wsme.exc.ClientSideError(_( "Parameter '%s' must be greater than or equal to %s.") % (name, min_value)) def _validate_process_size_max(name, value): _validate_not_empty(name, value) size_in_bytes = _byte_transform(value, name) _validate_minimum_value(name, size_in_bytes, constants.SERVICE_PARAM_PLAT_PROCESS_SIZE_MAX_MINSIZE) def _validate_external_size_max(name, value): _validate_not_empty(name, value) size_in_bytes = _byte_transform(value, name) _validate_minimum_value(name, size_in_bytes, constants.SERVICE_PARAM_PLAT_EXTERNAL_SIZE_MAX_MINSIZE) def _validate_max_use(name, value): _validate_not_empty(name, value) size_in_bytes = _byte_transform(value, name) _validate_minimum_value(name, size_in_bytes, constants.SERVICE_PARAM_PLAT_MAX_USE_MINSIZE) def _validate_keep_free(name, value): _validate_not_empty(name, value) size_in_bytes = _byte_transform(value, name) _validate_minimum_value(name, size_in_bytes, constants.SERVICE_PARAM_PLAT_KEEP_FREE_MINSIZE) def _validate_regex(name, value): """Check if specified regex is valid""" try: re.compile(value) except re.error: raise wsme.exc.ClientSideError(_( "Parameter %s must be a valid regex" % name)) def _validate_auth_id_reclaim_enabled(name, value): if not StorageBackendConfig.has_backend_configured( pecan.request.dbapi, constants.CINDER_BACKEND_CEPH): raise wsme.exc.ClientSideError(_( "A Ceph backend must be configured before trying to set '%s' parameter." % name)) if not cutils.is_valid_boolstr(value): raise wsme.exc.ClientSideError(_( "Parameter '%s' must be a valid bool string." % name)) def _validate_max_cpu_min_percentage(name, value): return _validate_range(name, value, 60, 100) PLATFORM_CONFIG_PARAMETER_OPTIONAL = [ constants.SERVICE_PARAM_NAME_PLAT_CONFIG_VIRTUAL, constants.SERVICE_PARAM_NAME_PLATFORM_MAX_CPU_PERCENTAGE, ] PLATFORM_CONFIG_PARAMETER_READONLY = [ constants.SERVICE_PARAM_NAME_PLAT_CONFIG_VIRTUAL, ] PLATFORM_CONFIG_PARAMETER_VALIDATOR = { constants.SERVICE_PARAM_NAME_PLAT_CONFIG_VIRTUAL: _validate_boolean, constants.SERVICE_PARAM_NAME_PLATFORM_MAX_CPU_PERCENTAGE: _validate_max_cpu_min_percentage } PLATFORM_CONFIG_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_NAME_PLAT_CONFIG_VIRTUAL: 'platform::params::virtual_system', } IDENTITY_CONFIG_PARAMETER_OPTIONAL = [ constants.SERVICE_PARAM_IDENTITY_CONFIG_TOKEN_EXPIRATION, ] IDENTITY_CONFIG_PARAMETER_VALIDATOR = { constants.SERVICE_PARAM_IDENTITY_CONFIG_TOKEN_EXPIRATION: _validate_token_expiry_time, } IDENTITY_CONFIG_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_IDENTITY_CONFIG_TOKEN_EXPIRATION: 'openstack::keystone::params::token_expiration', } # Maintenance Service Parameters PLATFORM_MTCE_PARAMETER_MANDATORY = [ constants.SERVICE_PARAM_PLAT_MTCE_WORKER_BOOT_TIMEOUT, constants.SERVICE_PARAM_PLAT_MTCE_CONTROLLER_BOOT_TIMEOUT, constants.SERVICE_PARAM_PLAT_MTCE_HBS_PERIOD, constants.SERVICE_PARAM_PLAT_MTCE_HBS_FAILURE_ACTION, constants.SERVICE_PARAM_PLAT_MTCE_HBS_FAILURE_THRESHOLD, constants.SERVICE_PARAM_PLAT_MTCE_HBS_DEGRADE_THRESHOLD, constants.SERVICE_PARAM_PLAT_MTCE_MNFA_THRESHOLD, constants.SERVICE_PARAM_PLAT_MTCE_MNFA_TIMEOUT, ] PLATFORM_SYSINV_PARAMETER_PROTECTED = ['firewall_rules_id'] PLATFORM_CRI_PARAMETER_OPTIONAL = [ constants.SERVICE_PARAM_NAME_PLATFORM_CRI_RUNTIME_CLASS, ] PLATFORM_CRI_PARAMETER_VALIDATOR = { constants.SERVICE_PARAM_NAME_PLATFORM_CRI_RUNTIME_CLASS: _validate_cri_class_format, } PLATFORM_CRI_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_NAME_PLATFORM_CRI_RUNTIME_CLASS: 'platform::containerd::params::custom_container_runtime', } PLATFORM_CRI_PARAMETER_DATA_FORMAT = { constants.SERVICE_PARAM_NAME_PLATFORM_CRI_RUNTIME_CLASS: SERVICE_PARAMETER_DATA_FORMAT_DICT, } SERVICE_PARAM_PLAT_MTCE_WORKER_BOOT_TIMEOUT_MIN = 720 SERVICE_PARAM_PLAT_MTCE_WORKER_BOOT_TIMEOUT_MAX = 1800 SERVICE_PARAM_PLAT_MTCE_CONTROLLER_BOOT_TIMEOUT_MIN = 1200 SERVICE_PARAM_PLAT_MTCE_CONTROLLER_BOOT_TIMEOUT_MAX = 1800 SERVICE_PARAM_PLAT_MTCE_HBS_PERIOD_MIN = 100 SERVICE_PARAM_PLAT_MTCE_HBS_PERIOD_MAX = 1000 SERVICE_PARAM_PLAT_MTCE_HBS_FAILURE_THRESHOLD_MIN = 10 SERVICE_PARAM_PLAT_MTCE_HBS_FAILURE_THRESHOLD_MAX = 100 SERVICE_PARAM_PLAT_MTCE_HBS_DEGRADE_THRESHOLD_MIN = 4 SERVICE_PARAM_PLAT_MTCE_HBS_DEGRADE_THRESHOLD_MAX = 100 SERVICE_PARAM_PLAT_MTCE_HBS_FAILURE_ACTION_FAIL = 'fail' SERVICE_PARAM_PLAT_MTCE_HBS_FAILURE_ACTION_DEGRADE = 'degrade' SERVICE_PARAM_PLAT_MTCE_HBS_FAILURE_ACTION_ALARM = 'alarm' SERVICE_PARAM_PLAT_MTCE_HBS_FAILURE_ACTION_NONE = 'none' SERVICE_PARAM_PLAT_MTCE_MNFA_THRESHOLD_MIN = 2 SERVICE_PARAM_PLAT_MTCE_MNFA_THRESHOLD_MAX = 100 SERVICE_PARAM_PLAT_MTCE_MNFA_TIMEOUT_MIN = 100 SERVICE_PARAM_PLAT_MTCE_MNFA_TIMEOUT_MAX = 86400 PLATFORM_MTCE_PARAMETER_VALIDATOR = { constants.SERVICE_PARAM_PLAT_MTCE_WORKER_BOOT_TIMEOUT: _validate_worker_boot_timeout, constants.SERVICE_PARAM_PLAT_MTCE_CONTROLLER_BOOT_TIMEOUT: _validate_controller_boot_timeout, constants.SERVICE_PARAM_PLAT_MTCE_HBS_PERIOD: _validate_hbs_period, constants.SERVICE_PARAM_PLAT_MTCE_HBS_FAILURE_ACTION: _validate_hbs_failure_action, constants.SERVICE_PARAM_PLAT_MTCE_HBS_FAILURE_THRESHOLD: _validate_hbs_failure_threshold, constants.SERVICE_PARAM_PLAT_MTCE_HBS_DEGRADE_THRESHOLD: _validate_hbs_degrade_threshold, constants.SERVICE_PARAM_PLAT_MTCE_MNFA_THRESHOLD: _validate_mnfa_threshold, constants.SERVICE_PARAM_PLAT_MTCE_MNFA_TIMEOUT: _validate_mnfa_timeout, } PLATFORM_MTCE_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_PLAT_MTCE_WORKER_BOOT_TIMEOUT: 'platform::mtce::params::worker_boot_timeout', constants.SERVICE_PARAM_PLAT_MTCE_CONTROLLER_BOOT_TIMEOUT: 'platform::mtce::params::controller_boot_timeout', constants.SERVICE_PARAM_PLAT_MTCE_HBS_PERIOD: 'platform::mtce::params::heartbeat_period', constants.SERVICE_PARAM_PLAT_MTCE_HBS_FAILURE_ACTION: 'platform::mtce::params::heartbeat_failure_action', constants.SERVICE_PARAM_PLAT_MTCE_HBS_FAILURE_THRESHOLD: 'platform::mtce::params::heartbeat_failure_threshold', constants.SERVICE_PARAM_PLAT_MTCE_HBS_DEGRADE_THRESHOLD: 'platform::mtce::params::heartbeat_degrade_threshold', constants.SERVICE_PARAM_PLAT_MTCE_MNFA_THRESHOLD: 'platform::mtce::params::mnfa_threshold', constants.SERVICE_PARAM_PLAT_MTCE_MNFA_TIMEOUT: 'platform::mtce::params::mnfa_timeout', } PLATFORM_KERNEL_PARAMETER_OPTIONAL = [ constants.SERVICE_PARAM_NAME_PLATFORM_AUDITD, ] PLATFORM_KEYSTONE_PARAMETER_OPTIONAL = [ constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_UNIQUE_LAST_PASSWORD_COUNT, constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_PASSWORD_REGEX, constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_PASSWORD_REGEX_DESCRIPTION, constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_LOCKOUT_DURATION, constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_LOCKOUT_FAILURE_ATTEMPTS, ] PLATFORM_COREDUMP_PARAMETER_OPTIONAL = [ constants.SERVICE_PARAM_NAME_PLATFORM_PROCESS_SIZE_MAX, constants.SERVICE_PARAM_NAME_PLATFORM_EXTERNAL_SIZE_MAX, constants.SERVICE_PARAM_NAME_PLATFORM_MAX_USE, constants.SERVICE_PARAM_NAME_PLATFORM_KEEP_FREE ] PLATFORM_KERNEL_PARAMETER_VALIDATOR = { constants.SERVICE_PARAM_NAME_PLATFORM_AUDITD: _validate_kernel_audit, } PLATFORM_KEYSTONE_PARAMETER_VALIDATOR = { constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_UNIQUE_LAST_PASSWORD_COUNT: _validate_zero_or_positive_integer, constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_PASSWORD_REGEX: _validate_regex, constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_PASSWORD_REGEX_DESCRIPTION: _validate_not_empty, constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_LOCKOUT_DURATION: _validate_integer, constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_LOCKOUT_FAILURE_ATTEMPTS: _validate_integer, } PLATFORM_COREDUMP_PARAMETER_VALIDATOR = { constants.SERVICE_PARAM_NAME_PLATFORM_PROCESS_SIZE_MAX: _validate_process_size_max, constants.SERVICE_PARAM_NAME_PLATFORM_EXTERNAL_SIZE_MAX: _validate_external_size_max, constants.SERVICE_PARAM_NAME_PLATFORM_MAX_USE: _validate_max_use, constants.SERVICE_PARAM_NAME_PLATFORM_KEEP_FREE: _validate_keep_free, } PLATFORM_KERNEL_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_NAME_PLATFORM_AUDITD: 'platform::compute::grub::params::g_audit', } PLATFORM_KEYSTONE_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_UNIQUE_LAST_PASSWORD_COUNT: 'keystone::security_compliance::unique_last_password_count', constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_PASSWORD_REGEX: 'keystone::security_compliance::password_regex', constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_PASSWORD_REGEX_DESCRIPTION: 'keystone::security_compliance::password_regex_description', constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_LOCKOUT_DURATION: 'openstack::keystone::params::lockout_period', constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_LOCKOUT_FAILURE_ATTEMPTS: 'openstack::keystone::params::lockout_retries', } PLATFORM_COREDUMP_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_NAME_PLATFORM_PROCESS_SIZE_MAX: 'platform::coredump::params::process_size_max', constants.SERVICE_PARAM_NAME_PLATFORM_EXTERNAL_SIZE_MAX: 'platform::coredump::params::external_size_max', constants.SERVICE_PARAM_NAME_PLATFORM_MAX_USE: 'platform::coredump::params::max_use', constants.SERVICE_PARAM_NAME_PLATFORM_KEEP_FREE: 'platform::coredump::params::keep_free', } RADOSGW_CONFIG_PARAMETER_MANDATORY = [ constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED, ] RADOSGW_CONFIG_PARAMETER_OPTIONAL = [ constants.SERVICE_PARAM_NAME_RADOSGW_FS_SIZE_MB, ] RADOSGW_CONFIG_PARAMETER_VALIDATOR = { constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED: _validate_radosgw_enabled, constants.SERVICE_PARAM_NAME_RADOSGW_FS_SIZE_MB: _validate_integer, } RADOSGW_CONFIG_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED: 'openstack::radosgw::params::service_enabled', constants.SERVICE_PARAM_NAME_RADOSGW_FS_SIZE_MB: 'openstack::radosgw::params::fs_size_mb', } RADOSGW_CONFIG_PARAMETER_DATA_FORMAT = { constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED: SERVICE_PARAMETER_DATA_FORMAT_BOOLEAN, } DOCKER_PROXY_PARAMETER_OPTIONAL = [ constants.SERVICE_PARAM_NAME_DOCKER_HTTP_PROXY, constants.SERVICE_PARAM_NAME_DOCKER_HTTPS_PROXY, constants.SERVICE_PARAM_NAME_DOCKER_NO_PROXY, ] DOCKER_PROXY_PARAMETER_VALIDATOR = { constants.SERVICE_PARAM_NAME_DOCKER_HTTP_PROXY: _validate_docker_proxy_address, constants.SERVICE_PARAM_NAME_DOCKER_HTTPS_PROXY: _validate_docker_proxy_address, constants.SERVICE_PARAM_NAME_DOCKER_NO_PROXY: _validate_docker_no_proxy_address, } DOCKER_PROXY_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_NAME_DOCKER_HTTP_PROXY: 'platform::docker::params::http_proxy', constants.SERVICE_PARAM_NAME_DOCKER_HTTPS_PROXY: 'platform::docker::params::https_proxy', constants.SERVICE_PARAM_NAME_DOCKER_NO_PROXY: 'platform::docker::params::no_proxy', } DOCKER_REGISTRIES_PARAMETER_OPTIONAL = [ constants.SERVICE_PARAM_NAME_DOCKER_URL, constants.SERVICE_PARAM_NAME_DOCKER_AUTH_SECRET, constants.SERVICE_PARAM_NAME_DOCKER_TYPE, constants.SERVICE_PARAM_NAME_DOCKER_ADDITIONAL_OVERRIDES, constants.SERVICE_PARAM_NAME_DOCKER_SECURE_REGISTRY ] DOCKER_REGISTRIES_PARAMETER_VALIDATOR = { constants.SERVICE_PARAM_NAME_DOCKER_URL: _validate_docker_registry_address, constants.SERVICE_PARAM_NAME_DOCKER_AUTH_SECRET: _validate_docker_registry_auth_secret, constants.SERVICE_PARAM_NAME_DOCKER_TYPE: _validate_docker_registry_type, constants.SERVICE_PARAM_NAME_DOCKER_ADDITIONAL_OVERRIDES: _validate_docker_registry_address, constants.SERVICE_PARAM_NAME_DOCKER_SECURE_REGISTRY: _validate_docker_insecure_registry_bool } DOCKER_DOCKER_REGISTRY_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_NAME_DOCKER_URL: 'platform::docker::params::docker_registry', constants.SERVICE_PARAM_NAME_DOCKER_SECURE_REGISTRY: 'platform::docker::params::docker_registry_secure', } DOCKER_GCR_REGISTRY_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_NAME_DOCKER_URL: 'platform::docker::params::gcr_registry', constants.SERVICE_PARAM_NAME_DOCKER_SECURE_REGISTRY: 'platform::docker::params::gcr_registry_secure', } DOCKER_K8S_REGISTRY_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_NAME_DOCKER_URL: 'platform::docker::params::k8s_registry', constants.SERVICE_PARAM_NAME_DOCKER_SECURE_REGISTRY: 'platform::docker::params::k8s_registry_secure', } DOCKER_QUAY_REGISTRY_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_NAME_DOCKER_URL: 'platform::docker::params::quay_registry', constants.SERVICE_PARAM_NAME_DOCKER_SECURE_REGISTRY: 'platform::docker::params::quay_registry_secure', } DOCKER_ELASTIC_REGISTRY_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_NAME_DOCKER_URL: 'platform::docker::params::elastic_registry', constants.SERVICE_PARAM_NAME_DOCKER_SECURE_REGISTRY: 'platform::docker::params::elastic_registry_secure', } DOCKER_GHCR_REGISTRY_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_NAME_DOCKER_URL: 'platform::docker::params::ghcr_registry', constants.SERVICE_PARAM_NAME_DOCKER_SECURE_REGISTRY: 'platform::docker::params::ghcr_registry_secure', } KUBERNETES_CERTIFICATES_PARAMETER_OPTIONAL = [ constants.SERVICE_PARAM_NAME_KUBERNETES_API_SAN_LIST, ] KUBERNETES_CERTIFICATES_PARAMETER_VALIDATOR = { constants.SERVICE_PARAM_NAME_KUBERNETES_API_SAN_LIST: _validate_SAN_list, } KUBERNETES_CERTIFICATES_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_NAME_KUBERNETES_API_SAN_LIST: 'platform::kubernetes::params::apiserver_cert_san', } KUBERNETES_CERTIFICATES_PARAMETER_DATA_FORMAT = { constants.SERVICE_PARAM_NAME_KUBERNETES_API_SAN_LIST: SERVICE_PARAMETER_DATA_FORMAT_ARRAY, } KUBERNETES_CONFIG_PARAMETER_OPTIONAL = [ constants.SERVICE_PARAM_NAME_KUBERNETES_POD_MAX_PIDS, constants.SERVICE_PARAM_NAME_KUBERNETES_AUTOMATIC_RECOVERY ] KUBERNETES_CONFIG_PARAMETER_VALIDATOR = { constants.SERVICE_PARAM_NAME_KUBERNETES_POD_MAX_PIDS: _validate_pod_max_pids, constants.SERVICE_PARAM_NAME_KUBERNETES_AUTOMATIC_RECOVERY: _validate_boolean } KUBERNETES_CONFIG_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_NAME_KUBERNETES_POD_MAX_PIDS: 'platform::kubernetes::params::k8s_pod_max_pids', constants.SERVICE_PARAM_NAME_KUBERNETES_AUTOMATIC_RECOVERY: 'platform::kubernetes::config::params::automatic_recovery', } KUBERNETES_APISERVER_PARAMETER_OPTIONAL = [ constants.SERVICE_PARAM_NAME_OIDC_ISSUER_URL, constants.SERVICE_PARAM_NAME_OIDC_CLIENT_ID, constants.SERVICE_PARAM_NAME_OIDC_USERNAME_CLAIM, constants.SERVICE_PARAM_NAME_OIDC_GROUPS_CLAIM, constants.SERVICE_PARAM_NAME_AUDIT_POLICY_FILE, constants.SERVICE_PARAM_NAME_WILDCARD, ] KUBERNETES_APISERVER_PARAMETER_VALIDATOR = { constants.SERVICE_PARAM_NAME_OIDC_ISSUER_URL: _validate_oidc_issuer_url, constants.SERVICE_PARAM_DEPRECATED_NAME_OIDC_ISSUER_URL: _deprecated_oidc_params, constants.SERVICE_PARAM_DEPRECATED_NAME_OIDC_CLIENT_ID: _deprecated_oidc_params, constants.SERVICE_PARAM_DEPRECATED_NAME_OIDC_USERNAME_CLAIM: _deprecated_oidc_params, constants.SERVICE_PARAM_DEPRECATED_NAME_OIDC_GROUPS_CLAIM: _deprecated_oidc_params, constants.SERVICE_PARAM_NAME_WILDCARD: _validate_not_empty, constants.SERVICE_PARAM_NAME_AUDIT_POLICY_FILE: _validate_not_empty } KUBERNETES_APISERVER_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_NAME_OIDC_ISSUER_URL: 'platform::kubernetes::kube_apiserver::params::oidc_issuer_url', constants.SERVICE_PARAM_NAME_OIDC_CLIENT_ID: 'platform::kubernetes::kube_apiserver::params::oidc_client_id', constants.SERVICE_PARAM_NAME_OIDC_USERNAME_CLAIM: 'platform::kubernetes::kube_apiserver::params::oidc_username_claim', constants.SERVICE_PARAM_NAME_OIDC_GROUPS_CLAIM: 'platform::kubernetes::kube_apiserver::params::oidc_groups_claim', constants.SERVICE_PARAM_NAME_WILDCARD: 'platform::kubernetes::kube_apiserver::params', constants.SERVICE_PARAM_NAME_AUDIT_POLICY_FILE: 'platform::kubernetes::params::audit_policy_file' } KUBERNETES_CONTROLLER_MANAGER_PARAMETER_OPTIONAL = [ constants.SERVICE_PARAM_NAME_OIDC_ISSUER_URL, constants.SERVICE_PARAM_NAME_OIDC_CLIENT_ID, constants.SERVICE_PARAM_NAME_OIDC_USERNAME_CLAIM, constants.SERVICE_PARAM_NAME_OIDC_GROUPS_CLAIM, constants.SERVICE_PARAM_NAME_WILDCARD ] KUBERNETES_CONTROLLER_MANAGER_PARAMETER_VALIDATOR = { constants.SERVICE_PARAM_NAME_WILDCARD: _validate_not_empty } KUBERNETES_CONTROLLER_MANAGER_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_NAME_WILDCARD: 'platform::kubernetes::kube_controller_manager::params', } KUBERNETES_SCHEDULER_PARAMETER_OPTIONAL = [ constants.SERVICE_PARAM_NAME_WILDCARD ] KUBERNETES_SCHEDULER_PARAMETER_VALIDATOR = { constants.SERVICE_PARAM_NAME_WILDCARD: _validate_not_empty } KUBERNETES_SCHEDULER_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_NAME_WILDCARD: 'platform::kubernetes::kube_scheduler::params', } KUBERNETES_KUBELET_PARAMETER_OPTIONAL = [ constants.SERVICE_PARAM_NAME_WILDCARD ] KUBERNETES_KUBELET_PARAMETER_VALIDATOR = { constants.SERVICE_PARAM_NAME_WILDCARD: _validate_not_empty } KUBERNETES_KUBELET_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_NAME_WILDCARD: 'platform::kubernetes::kubelet::params', } HTTPD_PORT_PARAMETER_OPTIONAL = [ constants.SERVICE_PARAM_HTTP_PORT_HTTP, constants.SERVICE_PARAM_HTTP_PORT_HTTPS, ] HTTPD_PORT_PARAMETER_VALIDATOR = { constants.SERVICE_PARAM_HTTP_PORT_HTTP: _validate_integer, constants.SERVICE_PARAM_HTTP_PORT_HTTPS: _validate_integer, } HTTPD_PORT_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_HTTP_PORT_HTTP: 'openstack::horizon::params::http_port', constants.SERVICE_PARAM_HTTP_PORT_HTTPS: 'openstack::horizon::params::https_port', } OPENSTACK_HELM_PARAMETER_OPTIONAL = [ constants.SERVICE_PARAM_NAME_ENDPOINT_DOMAIN, ] OPENSTACK_HELM_PARAMETER_VALIDATOR = { constants.SERVICE_PARAM_NAME_ENDPOINT_DOMAIN: _validate_domain, } OPENSTACK_HELM_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_NAME_ENDPOINT_DOMAIN: 'openstack::helm::params::endpoint_domain', } COLLECTD_NETWORK_SERVERS_PARAMETER_DATA_FORMAT = { constants.SERVICE_PARAM_COLLECTD_NETWORK_SERVERS: SERVICE_PARAMETER_DATA_FORMAT_ARRAY, } COLLECTD_PARAMETER_OPTIONAL = [ constants.SERVICE_PARAM_COLLECTD_NETWORK_SERVERS, ] COLLECTD_PARAMETER_VALIDATOR = { constants.SERVICE_PARAM_COLLECTD_NETWORK_SERVERS: _validate_SAN_list, } COLLECTD_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_COLLECTD_NETWORK_SERVERS: 'platform::collectd::params::network_servers', } PTP_GLOBAL_PARAMETER_OPTIONAL = [ constants.SERVICE_PARAM_NAME_WILDCARD ] PTP_GLOBAL_PARAMETER_VALIDATOR = { constants.SERVICE_PARAM_NAME_WILDCARD: _validate_not_empty } PTP_PHC2SYS_PARAMETER_OPTIONAL = [ constants.SERVICE_PARAM_NAME_PTP_UPDATE_RATE, constants.SERVICE_PARAM_NAME_PTP_SUMMARY_UPDATES ] PTP_PHC2SYS_PARAMETER_VALIDATOR = { constants.SERVICE_PARAM_NAME_PTP_UPDATE_RATE: _validate_float, # phc2sys summary-updates accepts a range of 0 to UNIT_MAX (ie 2^32 - 1) constants.SERVICE_PARAM_NAME_PTP_SUMMARY_UPDATES: lambda name, value: _validate_range(name, value, 0, 2 ** 32 - 1) } CEPH_MONITOR_PARAMETER_OPTIONAL = [ constants.SERVICE_PARAM_NAME_CEPH_MONITOR_AUTH_ID_RECLAIM ] CEPH_MONITOR_PARAMETER_VALIDATOR = { constants.SERVICE_PARAM_NAME_CEPH_MONITOR_AUTH_ID_RECLAIM: _validate_auth_id_reclaim_enabled, } CEPH_MONITOR_PARAMETER_RESOURCE = { constants.SERVICE_PARAM_NAME_CEPH_MONITOR_AUTH_ID_RECLAIM: 'platform::ceph::params::auth_id_reclaim', } CEPH_MONITOR_PARAMETER_DATA_FORMAT = { constants.SERVICE_PARAM_NAME_CEPH_MONITOR_AUTH_ID_RECLAIM: SERVICE_PARAMETER_DATA_FORMAT_BOOLEAN, } # Service Parameter Schema SERVICE_PARAM_MANDATORY = 'mandatory' SERVICE_PARAM_OPTIONAL = 'optional' SERVICE_PARAM_VALIDATOR = 'validator' SERVICE_PARAM_RESOURCE = 'resource' SERVICE_PARAM_DATA_FORMAT = 'format' SERVICE_PARAM_READONLY = 'readonly' SERVICE_PARAM_PROTECTED = 'protected' SERVICE_VALUE_PROTECTION_MASK = "****" SERVICE_PARAMETER_SCHEMA = { constants.SERVICE_TYPE_IDENTITY: { constants.SERVICE_PARAM_SECTION_IDENTITY_CONFIG: { SERVICE_PARAM_OPTIONAL: IDENTITY_CONFIG_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: IDENTITY_CONFIG_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: IDENTITY_CONFIG_PARAMETER_RESOURCE, }, constants.SERVICE_PARAM_SECTION_SECURITY_COMPLIANCE: { SERVICE_PARAM_OPTIONAL: PLATFORM_KEYSTONE_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: PLATFORM_KEYSTONE_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: PLATFORM_KEYSTONE_PARAMETER_RESOURCE, } }, constants.SERVICE_TYPE_PLATFORM: { constants.SERVICE_PARAM_SECTION_PLATFORM_CONFIG: { SERVICE_PARAM_OPTIONAL: PLATFORM_CONFIG_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: PLATFORM_CONFIG_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: PLATFORM_CONFIG_PARAMETER_RESOURCE, SERVICE_PARAM_READONLY: PLATFORM_CONFIG_PARAMETER_READONLY, }, constants.SERVICE_PARAM_SECTION_PLATFORM_MAINTENANCE: { SERVICE_PARAM_MANDATORY: PLATFORM_MTCE_PARAMETER_MANDATORY, SERVICE_PARAM_VALIDATOR: PLATFORM_MTCE_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: PLATFORM_MTCE_PARAMETER_RESOURCE, }, constants.SERVICE_PARAM_SECTION_PLATFORM_SYSINV: { SERVICE_PARAM_PROTECTED: PLATFORM_SYSINV_PARAMETER_PROTECTED, }, constants.SERVICE_PARAM_SECTION_PLATFORM_CRI_RUNTIME_CLASS: { SERVICE_PARAM_OPTIONAL: PLATFORM_CRI_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: PLATFORM_CRI_PARAMETER_VALIDATOR, SERVICE_PARAM_DATA_FORMAT: PLATFORM_CRI_PARAMETER_DATA_FORMAT, SERVICE_PARAM_RESOURCE: PLATFORM_CRI_PARAMETER_RESOURCE, }, constants.SERVICE_PARAM_SECTION_COLLECTD: { SERVICE_PARAM_OPTIONAL: COLLECTD_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: COLLECTD_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: COLLECTD_PARAMETER_RESOURCE, SERVICE_PARAM_DATA_FORMAT: COLLECTD_NETWORK_SERVERS_PARAMETER_DATA_FORMAT, }, constants.SERVICE_PARAM_SECTION_PLATFORM_KERNEL: { SERVICE_PARAM_OPTIONAL: PLATFORM_KERNEL_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: PLATFORM_KERNEL_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: PLATFORM_KERNEL_PARAMETER_RESOURCE, }, constants.SERVICE_PARAM_SECTION_PLATFORM_COREDUMP: { SERVICE_PARAM_OPTIONAL: PLATFORM_COREDUMP_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: PLATFORM_COREDUMP_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: PLATFORM_COREDUMP_PARAMETER_RESOURCE, }, }, constants.SERVICE_TYPE_RADOSGW: { constants.SERVICE_PARAM_SECTION_RADOSGW_CONFIG: { SERVICE_PARAM_MANDATORY: RADOSGW_CONFIG_PARAMETER_MANDATORY, SERVICE_PARAM_OPTIONAL: RADOSGW_CONFIG_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: RADOSGW_CONFIG_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: RADOSGW_CONFIG_PARAMETER_RESOURCE, SERVICE_PARAM_DATA_FORMAT: RADOSGW_CONFIG_PARAMETER_DATA_FORMAT, }, }, constants.SERVICE_TYPE_DOCKER: { constants.SERVICE_PARAM_SECTION_DOCKER_PROXY: { SERVICE_PARAM_OPTIONAL: DOCKER_PROXY_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: DOCKER_PROXY_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: DOCKER_PROXY_PARAMETER_RESOURCE, }, constants.SERVICE_PARAM_SECTION_DOCKER_DOCKER_REGISTRY: { SERVICE_PARAM_OPTIONAL: DOCKER_REGISTRIES_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: DOCKER_REGISTRIES_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: DOCKER_DOCKER_REGISTRY_PARAMETER_RESOURCE }, constants.SERVICE_PARAM_SECTION_DOCKER_GCR_REGISTRY: { SERVICE_PARAM_OPTIONAL: DOCKER_REGISTRIES_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: DOCKER_REGISTRIES_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: DOCKER_GCR_REGISTRY_PARAMETER_RESOURCE }, constants.SERVICE_PARAM_SECTION_DOCKER_K8S_REGISTRY: { SERVICE_PARAM_OPTIONAL: DOCKER_REGISTRIES_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: DOCKER_REGISTRIES_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: DOCKER_K8S_REGISTRY_PARAMETER_RESOURCE }, constants.SERVICE_PARAM_SECTION_DOCKER_QUAY_REGISTRY: { SERVICE_PARAM_OPTIONAL: DOCKER_REGISTRIES_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: DOCKER_REGISTRIES_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: DOCKER_QUAY_REGISTRY_PARAMETER_RESOURCE }, constants.SERVICE_PARAM_SECTION_DOCKER_ELASTIC_REGISTRY: { SERVICE_PARAM_OPTIONAL: DOCKER_REGISTRIES_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: DOCKER_REGISTRIES_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: DOCKER_ELASTIC_REGISTRY_PARAMETER_RESOURCE }, constants.SERVICE_PARAM_SECTION_DOCKER_GHCR_REGISTRY: { SERVICE_PARAM_OPTIONAL: DOCKER_REGISTRIES_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: DOCKER_REGISTRIES_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: DOCKER_GHCR_REGISTRY_PARAMETER_RESOURCE } }, constants.SERVICE_TYPE_KUBERNETES: { constants.SERVICE_PARAM_SECTION_KUBERNETES_CERTIFICATES: { SERVICE_PARAM_OPTIONAL: KUBERNETES_CERTIFICATES_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: KUBERNETES_CERTIFICATES_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: KUBERNETES_CERTIFICATES_PARAMETER_RESOURCE, SERVICE_PARAM_DATA_FORMAT: KUBERNETES_CERTIFICATES_PARAMETER_DATA_FORMAT, }, constants.SERVICE_PARAM_SECTION_KUBERNETES_APISERVER: { SERVICE_PARAM_OPTIONAL: KUBERNETES_APISERVER_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: KUBERNETES_APISERVER_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: KUBERNETES_APISERVER_PARAMETER_RESOURCE, }, constants.SERVICE_PARAM_SECTION_KUBERNETES_CONFIG: { SERVICE_PARAM_OPTIONAL: KUBERNETES_CONFIG_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: KUBERNETES_CONFIG_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: KUBERNETES_CONFIG_PARAMETER_RESOURCE, }, constants.SERVICE_PARAM_SECTION_KUBERNETES_CONTROLLER_MANAGER: { SERVICE_PARAM_OPTIONAL: KUBERNETES_CONTROLLER_MANAGER_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: KUBERNETES_CONTROLLER_MANAGER_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: KUBERNETES_CONTROLLER_MANAGER_PARAMETER_RESOURCE }, constants.SERVICE_PARAM_SECTION_KUBERNETES_SCHEDULER: { SERVICE_PARAM_OPTIONAL: KUBERNETES_SCHEDULER_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: KUBERNETES_SCHEDULER_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: KUBERNETES_SCHEDULER_PARAMETER_RESOURCE, }, constants.SERVICE_PARAM_SECTION_KUBERNETES_KUBELET: { SERVICE_PARAM_OPTIONAL: KUBERNETES_KUBELET_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: KUBERNETES_KUBELET_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: KUBERNETES_KUBELET_PARAMETER_RESOURCE, }, }, constants.SERVICE_TYPE_PTP: { constants.SERVICE_PARAM_SECTION_PTP_GLOBAL: { SERVICE_PARAM_OPTIONAL: PTP_GLOBAL_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: PTP_GLOBAL_PARAMETER_VALIDATOR }, constants.SERVICE_PARAM_SECTION_PTP_PHC2SYS: { SERVICE_PARAM_OPTIONAL: PTP_PHC2SYS_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: PTP_PHC2SYS_PARAMETER_VALIDATOR }, }, constants.SERVICE_TYPE_HTTP: { constants.SERVICE_PARAM_SECTION_HTTP_CONFIG: { SERVICE_PARAM_OPTIONAL: HTTPD_PORT_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: HTTPD_PORT_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: HTTPD_PORT_PARAMETER_RESOURCE, }, }, constants.SERVICE_TYPE_OPENSTACK: { constants.SERVICE_PARAM_SECTION_OPENSTACK_HELM: { SERVICE_PARAM_OPTIONAL: OPENSTACK_HELM_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: OPENSTACK_HELM_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: OPENSTACK_HELM_PARAMETER_RESOURCE, }, }, constants.SERVICE_TYPE_CEPH: { constants.SERVICE_PARAM_SECTION_CEPH_MONITOR: { SERVICE_PARAM_OPTIONAL: CEPH_MONITOR_PARAMETER_OPTIONAL, SERVICE_PARAM_VALIDATOR: CEPH_MONITOR_PARAMETER_VALIDATOR, SERVICE_PARAM_RESOURCE: CEPH_MONITOR_PARAMETER_RESOURCE, SERVICE_PARAM_DATA_FORMAT: CEPH_MONITOR_PARAMETER_DATA_FORMAT, }, }, } SERVICE_PARAMETER_MAX_LENGTH = 4096 DB_ONLY_SERVICE_PARAMETERS = [ constants.SERVICE_PARAM_NAME_PLATFORM_MAX_CPU_PERCENTAGE ] MANAGED_RESOURCES_MAP = None def map_resource(resource_query): global MANAGED_RESOURCES_MAP if MANAGED_RESOURCES_MAP is None: MANAGED_RESOURCES_MAP = {} # Populate the map once and cache it for service in SERVICE_PARAMETER_SCHEMA.keys(): for section, schema in SERVICE_PARAMETER_SCHEMA[service].items(): for name, resource in schema.get(SERVICE_PARAM_RESOURCE, {}).items(): if resource is not None: MANAGED_RESOURCES_MAP[resource] = { 'service': service, 'section': section, 'name': name, } return MANAGED_RESOURCES_MAP.get(resource_query)