chore(helmbroker): verify parameters

Author: jianxiaoguo

rootfs/helmbroker/broker.py

@@ -17,7 +17,7 @@
 from .utils import get_instance_path, get_chart_path, get_plan_path, \
     get_addon_path, get_addon_updateable, get_addon_bindable, InstanceLock, \
     load_instance_meta, load_binding_meta, dump_instance_meta, \
-    load_addons_meta
+    load_addons_meta, get_addon_allow_paras, verify_parameters
 from .tasks import provision, bind, deprovision, update
 
 logger = logging.getLogger(__name__)
@@ -46,6 +46,11 @@ def provision(self,
             raise ErrInstanceAlreadyExists()
         if not async_allowed:
             raise ErrAsyncRequired()
+        allow_paras = get_addon_allow_paras(details.service_id)
+        not_allow_keys = verify_parameters(allow_paras, details.parameters)
+        if not_allow_keys:
+            raise ErrBadRequest(
+                msg="Instance parameters %s does not allowed" % not_allow_keys)
         os.makedirs(instance_path, exist_ok=True)
         chart_path, plan_path = (
             get_chart_path(instance_id), get_plan_path(instance_id))
@@ -140,6 +145,11 @@ def update(self,
         if not is_plan_updateable:
             raise ErrBadRequest(
                 msg="Instance %s does not updateable" % instance_id)
+        allow_paras = get_addon_allow_paras(details.service_id)
+        not_allow_keys = verify_parameters(allow_paras, details.parameters)
+        if not_allow_keys:
+            raise ErrBadRequest(
+                msg="Instance parameters %s does not allowed" % not_allow_keys)
         if not async_allowed:
             raise ErrAsyncRequired()
         if details.plan_id is not None:

rootfs/helmbroker/utils.py

@@ -217,6 +217,11 @@ def get_addon_bindable(service_id):
     return service.get('bindable', False)
 
 
+def get_addon_allow_parameters(service_id):
+    service = get_addon_meta(service_id)
+    return service.get('allow_parameters', [])
+
+
 def get_cred_value(ns, source):
     if source.get('serviceRef'):
         return get_service_key_value(ns, source['serviceRef'])
@@ -271,3 +276,20 @@ def __exit__(self, exc_type, exc_value, traceback):
     def __del__(self):
         if hasattr(self, "fileno"):
             fcntl.flock(self.fileno, fcntl.LOCK_UN)
+
+
+def verify_parameters(allow_paras, paras):
+    """verify parameters allowed or not"""
+    if not paras or not allow_paras:
+        return ""
+    else:
+        not_allow_paras = []
+        allow_para_keys = [allow_para["name"] + "." for allow_para in allow_paras] # noqa
+        para_keys = [k + "." for k in paras]
+        for para_key in para_keys:
+            for allow_para_key in allow_para_keys:
+                # sub string Inclusion relationship
+                if not para_key.startswith(allow_para_key):
+                    not_allow_paras.append(para_key)
+        not_allow_keys = ",".split(not_allow_paras)
+        return not_allow_keys