Skip to content

PR244 follow-up: allow overriding non-essential GLOBAL and SITE conf options through include sections #249

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 4 commits into from
Closed

PR244 follow-up: allow overriding non-essential GLOBAL and SITE conf options through include sections #249

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
06f72c4
Loosen restrictions on allowedGLOBAL section conf overrides in order …
jonasbardino Jun 1, 2025
cc575a4
PR244 follow-up to support certain non-essential *GLOBAL* option over…
jonasbardino Jun 2, 2025
d9a9720
Do not assume that `self.mig_server_home` is already initialized, as …
jonasbardino Jun 2, 2025
03bacef
Minor log adjustment to warn about override rejects and reduce freque…
jonasbardino Jun 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Loosen restrictions on allowedGLOBAL section conf overrides in order … 
…to support

peripheral options that we e.g. don't expose in generateconfs or can safely
override without daemon interference.
 Minor reformats to avoid autopep8 from removing line continuation markers.
  • Loading branch information
@jonasbardino
jonasbardino committed Jun 2, 2025
commit 06f72c480fea6695858583cff74240f3b1f5000b
51 changes: 38 additions & 13 deletions mig/shared/configuration.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,8 @@
print("could not import migrid modules")


def include_section_contents(logger, config, section, load_path, verbose=False):
def include_section_contents(logger, config, section, load_path, verbose=False,
reject_overrides=[]):
"""Include additional section contents from load_path in config."""
if not os.path.exists(load_path):
msg = "no such %r section config in %s" % (section, load_path)
Expand Down Expand Up @@ -90,6 +91,10 @@ def include_section_contents(logger, config, section, load_path, verbose=False):
logger.debug("add %r section to main config" % section)
config.add_section(section)
for (key, val) in section_config.items(section):
if key in reject_overrides:
logger.warning("reject override core option %r in %r section" %
(key, section))
continue
logger.debug("add config key %r in %r section" % (key, section))
config.set(section, key, val)
logger.debug("done including %r section to main config" % section)
Expand All @@ -108,7 +113,7 @@ def expand_external_sources(logger, val):
if val.find('::') == -1:
# logger.debug("nothing to expand in %r" % val)
return val
#logger.debug("expand any ENV and FILE content in %r" % val)
# logger.debug("expand any ENV and FILE content in %r" % val)
env_pattern = "[a-zA-Z][a-zA-Z0-9_]+"
cache_pattern = file_pattern = "[^ ]+"
expanded = val
Expand Down Expand Up @@ -138,7 +143,7 @@ def expand_external_sources(logger, val):
# "reading conf content from file in %r" % cache)
content = read_file(path, logger)
if cache and content:
#logger.debug("caching conf content salt in %r" % cache)
# logger.debug("caching conf content salt in %r" % cache)
write_file(content, cache, logger)
if not content:
logger.warning("salt file not found or empty: %s" % path)
Expand Down Expand Up @@ -942,8 +947,27 @@ def reload_config(self, verbose, skip_log=False, disable_auth_log=False,
self.include_sections = os.path.join(self.mig_server_home,
mig_conf_section_dirname)

# NOTE: for simplicity we do NOT allow overrides in GLOBAL section
no_override_sections = ['GLOBAL']
# NOTE: for simplicity we do NOT allow core overrides in GLOBAL section
no_override_section_options = {
'GLOBAL': ['mig_path', 'state_path', 'certs_path', 'server_fqdn',
'migserver_public_url',
'migserver_public_alias_url',
'migserver_http_url',
'migserver_https_url',
'migserver_https_mig_oid_url',
'migserver_https_ext_oid_url',
'migserver_https_mig_oidc_url',
'migserver_https_ext_oidc_url',
'migserver_https_mig_cert_url',
'migserver_https_ext_cert_url',
'migserver_https_sid_url',
'user_openid_address', 'user_openid_port',
'user_davs_address', 'user_davs_port',
'user_sftp_address', 'user_sftp_port',
'user_sftp_subsys_port',
'user_ftps_address', 'user_ftps_ctrl_port',
'user_ftps_pasv_ports']
}
self.include_sections = os.path.normpath(self.include_sections)
if os.path.isdir(self.include_sections):
msg = "read extra config sections from %s" % self.include_sections
Expand All @@ -964,15 +988,16 @@ def reload_config(self, verbose, skip_log=False, disable_auth_log=False,
section_path = os.path.join(self.include_sections,
section_filename)
section = section_filename.replace('.conf', '').upper()
if section in no_override_sections:
msg = "skip unsupported %r section override in %r" % \
(section, section_filename)
reject_overrides = []
if section in no_override_section_options:
reject_overrides = no_override_section_options[section]
msg = "filter %r section override in %r for %s" % \
(section, section_filename, reject_overrides)
if verbose:
print(msg)
logger.warning(msg)
continue
logger.debug(msg)
include_section_contents(logger, config, section, section_path,
verbose)
verbose, reject_overrides)

if config.has_option('GLOBAL', 'admin_list'):
# Parse semi-colon separated list of admins with optional spaces
Expand Down Expand Up @@ -1417,7 +1442,7 @@ def reload_config(self, verbose, skip_log=False, disable_auth_log=False,
protos = [i for i in plain_val.split() if i]
# Append missing supported protocols for AUTO and filter invalid
if keyword_auto in protos:
protos = [i for i in protos if i != keyword_auto] +\
protos = [i for i in protos if i != keyword_auto] + \
[i for i in allowed_protos if i not in protos]
valid_protos = [i for i in protos if i in allowed_protos]
if protos != valid_protos:
Expand Down Expand Up @@ -1696,7 +1721,7 @@ def reload_config(self, verbose, skip_log=False, disable_auth_log=False,
protos = [i for i in plain_val.split() if i]
# Append missing supported protocols for AUTO and filter invalid
if keyword_auto in protos:
protos = [i for i in protos if i != keyword_auto] +\
protos = [i for i in protos if i != keyword_auto] + \
[i for i in allowed_protos if i not in protos]
valid_protos = [i for i in protos if i in allowed_protos]
if protos != valid_protos:
Expand Down