Validate settings before running Pulp instance

When token authentization is enabled, 4 additional variables have to be set. The state of these variables is now checked, while properly informing the user, instead of relying on exceptions raised later during the instance's run. closes pulp#1550
MichalPysik · Jun 27, 2024 · 838f607 · 838f607
1 parent 05c2f1c
commit 838f607
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 1 deletion.
diff --git a/.ci/ansible/settings.py.j2 b/.ci/ansible/settings.py.j2
@@ -4,7 +4,6 @@ ANSIBLE_CONTENT_HOSTNAME = "{{ pulp_scheme }}://pulp:{{ 443 if pulp_scheme == 'h
 PRIVATE_KEY_PATH = "/etc/pulp/certs/token_private_key.pem"
 PUBLIC_KEY_PATH = "/etc/pulp/certs/token_public_key.pem"
 TOKEN_SERVER = "{{ pulp_scheme }}://pulp:{{ 443 if pulp_scheme == 'https' else 80 }}/token/"
-TOKEN_SIGNATURE_ALGORITHM = "ES256"
 CACHE_ENABLED = True
 REDIS_HOST = "localhost"
 REDIS_PORT = 6379

diff --git a/CHANGES/1550.bugfix b/CHANGES/1550.bugfix
@@ -0,0 +1 @@
+Pulp Container specific settings are now properly validated at startup of a Pulp instance.
diff --git a/pulp_container/app/__init__.py b/pulp_container/app/__init__.py
@@ -11,3 +11,4 @@ class PulpContainerPluginAppConfig(PulpPluginAppConfig):
 
     def ready(self):
         super().ready()
+        from . import checks
diff --git a/pulp_container/app/checks.py b/pulp_container/app/checks.py
@@ -0,0 +1,41 @@
+from django.conf import settings
+from django.core.checks import Error as CheckError, register
+
+
+@register(deploy=True)
+def container_settings_check(app_configs, **kwargs):
+    errors = []
+
+    # Other checks only apply if token auth is enabled
+    if str(getattr(settings, "TOKEN_AUTH_DISABLED", False)).lower() == "true":
+        return errors
+
+    if getattr(settings, "TOKEN_SERVER", None) is None:
+        errors.append(
+            CheckError("TOKEN_SERVER variable has to be set when token authentification is enabled"),
+            id="pulp_container.E001",
+        )
+    if getattr(settings, "TOKEN_SIGNATURE_ALGORITHM", None) is None:
+        errors.append(
+            CheckError(
+                "TOKEN_SIGNATURE_ALGORITHM variable has to be set when token authentification"
+                " is enabled",
+                id="pulp_container.E002",
+            )
+        )
+    if getattr(settings, "PUBLIC_KEY_PATH", None) is None:
+        errors.append(
+            CheckError(
+                "PUBLIC_KEY_PATH variable has to be set when token authentification is enabled",
+                id="pulp_container.E003",
+            )
+        )
+    if getattr(settings, "PRIVATE_KEY_PATH", None) is None:
+        errors.append(
+            CheckError(
+                "PRIVATE_KEY_PATH variable has to be set when token authentification is enabled",
+                id="pulp_container.E004",
+            )
+        )
+
+    return errors
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Pulp Container specific settings are now properly validated at startup of a Pulp instance.
Original file line number	Diff line number	Diff line change
Expand Up		@@ -11,3 +11,4 @@ class PulpContainerPluginAppConfig(PulpPluginAppConfig):

		def ready(self):
		super().ready()
		from . import checks