2017-02-16 00:27:52 -08:00
|
|
|
#!/usr/bin/env python
|
2016-09-01 20:16:10 +08:00
|
|
|
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
|
|
|
|
2016-10-20 02:21:35 +08:00
|
|
|
import collections
|
2016-09-01 20:16:10 +08:00
|
|
|
import fnmatch
|
2016-10-20 02:21:35 +08:00
|
|
|
import json
|
2016-09-01 20:16:10 +08:00
|
|
|
import logging
|
|
|
|
import os
|
|
|
|
import re
|
|
|
|
import sys
|
|
|
|
|
2016-10-20 02:21:35 +08:00
|
|
|
import jinja2
|
2019-04-09 13:18:35 +01:00
|
|
|
import yaml
|
2016-10-20 02:21:35 +08:00
|
|
|
|
2016-09-01 20:16:10 +08:00
|
|
|
|
2019-09-11 20:47:00 +02:00
|
|
|
from kolla_ansible.put_address_in_context import put_address_in_context
|
|
|
|
|
|
|
|
|
2016-09-01 20:16:10 +08:00
|
|
|
PROJECT_ROOT = os.path.abspath(os.path.join(os.path.dirname(__file__), '..'))
|
|
|
|
|
|
|
|
NEWLINE_EOF_INCLUDE_PATTERNS = ['*.j2', '*.yml', '*.py', '*.sh']
|
|
|
|
NEWLINE_EOF_EXCLUDE_PATTERNS = ['.tox', '.testrepository', '.git']
|
|
|
|
|
2016-10-20 02:21:35 +08:00
|
|
|
# Render json file by using jinja2 template is OK
|
|
|
|
JSON_J2_INCLUDE_PATTERNS = ['*.json.j2', '*.json']
|
|
|
|
JSON_J2_EXCLUDE_PATTERNS = ['.tox', '.testrepository', '.git']
|
|
|
|
|
2019-04-09 13:18:35 +01:00
|
|
|
YAML_INCLUDE_PATTERNS = ['*.yml']
|
|
|
|
YAML_EXCLUDE_PATTERNS = ['.tox', '.testrepository', '.git',
|
|
|
|
'defaults', 'templates', 'vars']
|
|
|
|
|
2019-09-11 20:47:00 +02:00
|
|
|
KOLLA_NETWORKS = [
|
|
|
|
'api',
|
|
|
|
'storage',
|
|
|
|
'cluster',
|
|
|
|
'swift_storage',
|
|
|
|
'swift_replication',
|
|
|
|
'migration',
|
|
|
|
'tunnel',
|
|
|
|
'octavia_network',
|
|
|
|
'bifrost_network',
|
|
|
|
'dns', # designate
|
|
|
|
]
|
|
|
|
|
2016-09-01 20:16:10 +08:00
|
|
|
logging.basicConfig()
|
|
|
|
LOG = logging.getLogger(__name__)
|
|
|
|
|
|
|
|
|
|
|
|
def check_newline_eof():
|
|
|
|
includes = r'|'.join([fnmatch.translate(x)
|
|
|
|
for x in NEWLINE_EOF_INCLUDE_PATTERNS])
|
|
|
|
excludes = r'|'.join([fnmatch.translate(x)
|
|
|
|
for x in NEWLINE_EOF_EXCLUDE_PATTERNS])
|
|
|
|
return_code = 0
|
|
|
|
|
|
|
|
def has_newline_eof(path):
|
|
|
|
with open(path, 'r') as f:
|
|
|
|
data = f.read()
|
|
|
|
if data and data[-1] != '\n':
|
|
|
|
LOG.error('%s file error: no newline at end of file', path)
|
|
|
|
return False
|
|
|
|
return True
|
|
|
|
|
|
|
|
for root, dirs, files in os.walk(PROJECT_ROOT):
|
|
|
|
dirs[:] = [d for d in dirs if not re.match(excludes, d)]
|
|
|
|
for f in files:
|
|
|
|
if not re.match(excludes, f) and re.match(includes, f):
|
|
|
|
if not has_newline_eof(os.path.join(root, f)):
|
|
|
|
return_code = 1
|
|
|
|
return return_code
|
|
|
|
|
|
|
|
|
2016-10-20 02:21:35 +08:00
|
|
|
def check_json_j2():
|
|
|
|
includes = r'|'.join([fnmatch.translate(x)
|
|
|
|
for x in JSON_J2_INCLUDE_PATTERNS])
|
|
|
|
excludes = r'|'.join([fnmatch.translate(x)
|
|
|
|
for x in JSON_J2_EXCLUDE_PATTERNS])
|
|
|
|
return_code = 0
|
|
|
|
|
|
|
|
def bool_filter(value):
|
|
|
|
return True
|
2016-09-01 20:16:10 +08:00
|
|
|
|
2018-01-11 10:39:36 +07:00
|
|
|
def basename_filter(text):
|
|
|
|
return text.split('\\')[-1]
|
|
|
|
|
2019-09-11 20:47:00 +02:00
|
|
|
def kolla_address_filter_mock(network_name, hostname=None):
|
|
|
|
# no validation is possible for the hostname
|
|
|
|
|
|
|
|
if network_name not in KOLLA_NETWORKS:
|
|
|
|
raise ValueError("{network_name} not in KOLLA_NETWORKS"
|
|
|
|
.format(network_name=network_name))
|
|
|
|
|
|
|
|
return "127.0.0.1"
|
|
|
|
|
2016-10-20 02:21:35 +08:00
|
|
|
# Mock ansible hostvars variable, which is a nested dict
|
|
|
|
def hostvars():
|
|
|
|
return collections.defaultdict(hostvars)
|
|
|
|
|
2017-02-21 19:22:28 +00:00
|
|
|
# Mock Ansible groups variable, which is a dict of lists.
|
|
|
|
def groups():
|
|
|
|
return collections.defaultdict(list)
|
|
|
|
|
2016-10-20 02:21:35 +08:00
|
|
|
def validate_json_j2(root, filename):
|
|
|
|
env = jinja2.Environment( # nosec: not used to render HTML
|
|
|
|
loader=jinja2.FileSystemLoader(root))
|
|
|
|
env.filters['bool'] = bool_filter
|
2018-01-11 10:39:36 +07:00
|
|
|
env.filters['basename'] = basename_filter
|
2019-09-11 20:47:00 +02:00
|
|
|
env.filters['kolla_address'] = kolla_address_filter_mock
|
|
|
|
env.filters['put_address_in_context'] = \
|
|
|
|
put_address_in_context
|
2016-10-20 02:21:35 +08:00
|
|
|
template = env.get_template(filename)
|
|
|
|
# Mock ansible variables.
|
|
|
|
context = {
|
|
|
|
'hostvars': hostvars(),
|
2017-02-21 19:22:28 +00:00
|
|
|
'groups': groups(),
|
2016-10-20 02:21:35 +08:00
|
|
|
'cluster_interface': 'cluster_interface',
|
|
|
|
'storage_interface': 'storage_interface',
|
|
|
|
'inventory_hostname': 'hostname'
|
|
|
|
}
|
|
|
|
data = template.render(**context)
|
|
|
|
json.loads(data)
|
|
|
|
for root, dirs, files in os.walk(PROJECT_ROOT):
|
|
|
|
dirs[:] = [d for d in dirs if not re.match(excludes, d)]
|
|
|
|
for filename in files:
|
|
|
|
if not re.match(excludes, filename) and \
|
|
|
|
re.match(includes, filename):
|
|
|
|
fullpath = os.path.join(root, filename)
|
|
|
|
try:
|
|
|
|
validate_json_j2(root, filename)
|
|
|
|
except (ValueError, jinja2.exceptions.TemplateError):
|
|
|
|
return_code = 1
|
|
|
|
LOG.exception('%s file error', fullpath)
|
|
|
|
return return_code
|
|
|
|
|
|
|
|
|
2019-04-09 13:18:35 +01:00
|
|
|
def check_docker_become():
|
|
|
|
"""All tasks that use Docker should have 'become: true'."""
|
|
|
|
includes = r'|'.join([fnmatch.translate(x)
|
|
|
|
for x in YAML_INCLUDE_PATTERNS])
|
|
|
|
excludes = r'|'.join([fnmatch.translate(x)
|
|
|
|
for x in YAML_EXCLUDE_PATTERNS])
|
2020-01-27 12:28:59 +01:00
|
|
|
docker_modules = ('kolla_docker', 'kolla_container_facts', 'kolla_toolbox')
|
2019-04-09 13:18:35 +01:00
|
|
|
cmd_modules = ('command', 'shell')
|
|
|
|
return_code = 0
|
|
|
|
roles_path = os.path.join(PROJECT_ROOT, 'ansible', 'roles')
|
|
|
|
for root, dirs, files in os.walk(roles_path):
|
|
|
|
dirs[:] = [d for d in dirs if not re.match(excludes, d)]
|
|
|
|
for filename in files:
|
|
|
|
if not re.match(excludes, filename) and \
|
|
|
|
re.match(includes, filename):
|
|
|
|
fullpath = os.path.join(root, filename)
|
|
|
|
with open(fullpath) as fp:
|
|
|
|
tasks = yaml.safe_load(fp)
|
|
|
|
tasks = tasks or []
|
|
|
|
for task in tasks:
|
|
|
|
for module in docker_modules:
|
|
|
|
if module in task and not task.get('become'):
|
|
|
|
return_code = 1
|
|
|
|
LOG.error("Use of %s module without become in "
|
|
|
|
"task %s in %s",
|
|
|
|
module, task['name'], fullpath)
|
|
|
|
for module in cmd_modules:
|
2019-11-19 09:34:23 +00:00
|
|
|
docker_without_become = False
|
|
|
|
if (module in task and not task.get('become')):
|
|
|
|
if (isinstance(task[module], str) and
|
|
|
|
(task[module]).startswith('docker')):
|
|
|
|
docker_without_become = True
|
|
|
|
if (isinstance(task[module], dict) and
|
|
|
|
task[module]['cmd'].startswith('docker')):
|
|
|
|
docker_without_become = True
|
|
|
|
if docker_without_become:
|
|
|
|
return_code = 1
|
|
|
|
LOG.error("Use of docker in %s module without "
|
|
|
|
"become in task %s in %s",
|
|
|
|
module, task['name'], fullpath)
|
2019-04-09 13:18:35 +01:00
|
|
|
|
|
|
|
return return_code
|
|
|
|
|
|
|
|
|
2016-10-20 02:21:35 +08:00
|
|
|
def main():
|
|
|
|
checks = (
|
|
|
|
check_newline_eof,
|
2019-04-09 13:18:35 +01:00
|
|
|
check_json_j2,
|
|
|
|
check_docker_become,
|
2016-10-20 02:21:35 +08:00
|
|
|
)
|
|
|
|
return sum([check() for check in checks])
|
2016-09-01 20:16:10 +08:00
|
|
|
|
|
|
|
if __name__ == "__main__":
|
|
|
|
sys.exit(main())
|