feat(domain): add procfile_type

Author: duanhongyi

rootfs/api/migrations/0007_domain_procfile_type.py

@@ -0,0 +1,18 @@
+# Generated by Django 4.2.10 on 2024-05-01 13:29
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('api', '0006_token'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='domain',
+            name='procfile_type',
+            field=models.TextField(default='web'),
+        ),
+    ]

rootfs/api/models/domain.py

@@ -21,6 +21,7 @@ class Domain(AuditedModel):
         blank=True,
         null=True
     )
+    procfile_type = models.TextField()
 
     class Meta:
         ordering = ['domain', 'certificate']

rootfs/api/models/gateway.py

@@ -15,6 +15,8 @@
 DEFAULT_HTTP_PORT = 80
 DEFAULT_HTTPS_PORT = 443
 
+HOSTNAME_PROTOCOLS = ("TLS", "HTTP", "HTTPS")
+
 
 class Gateway(AuditedModel):
     app = models.ForeignKey('App', on_delete=models.CASCADE)
@@ -46,27 +48,27 @@ def listeners(self):
         domains = list(self._get_tls_domain(auto_tls))
         for item in self.ports:
             port, protocol = item["port"], item["protocol"]
-            if item["protocol"] in ("TLS", "HTTPS"):
+            if item["protocol"] in HOSTNAME_PROTOCOLS:
                 for domain in domains:
-                    secret_name = f"{self.app.id}-auto-tls" if auto_tls else (
-                        domain.certificate.name if domain.certificate else None)
-                    if secret_name is None:
-                        continue
-                    listeners.append({
+                    listener = {
                         "allowedRoutes": {"namespaces": {"from": "All"}},
                         "name": self._get_listener_name(port, protocol, domains.index(domain)),
                         "port": port,
                         "hostname": domain.domain,
                         "protocol": protocol,
-                        "tls": {"certificateRefs": [{"kind": "Secret", "name": secret_name}]},
-                    })
-            else:
-                listeners.append({
-                    "allowedRoutes": {"namespaces": {"from": "All"}},
-                    "name": self._get_listener_name(port, protocol, 0),
-                    "port": port,
-                    "protocol": protocol,
-                })
+                    }
+                    secret_name = f"{self.app.id}-auto-tls" if auto_tls else (
+                        domain.certificate.name if domain.certificate else None)
+                    if secret_name:
+                        listener["tls"] = {
+                            "certificateRefs": [{"kind": "Secret", "name": secret_name}]}
+                    listeners.append(listener)
+            listeners.append({
+                "allowedRoutes": {"namespaces": {"from": "All"}},
+                "name": self._get_listener_name(port, protocol, 0),
+                "port": port,
+                "protocol": protocol,
+            })
         return listeners
 
     @property
@@ -183,6 +185,11 @@ def protocols(self):
             raise NotImplementedError("this kind is not supported")
         return self.PROTOCOLS_CHOICES[self.kind]
 
+    @property
+    def hostnames(self):
+        return [domain.domain for domain in self.app.domain_set.filter(
+                procfile_type=self.procfile_type)]
+
     @property
     def default_rules(self):
         service = get_object_or_404(self.app.service_set, procfile_type=self.procfile_type)
@@ -259,7 +266,7 @@ def change_default_tls(self):
     def attach(self, gateway_name, port):
         ok, msg = self._check_parent(gateway_name, port)
         if not ok:
-            return ok, msg
+            return ok, {"detail": msg}
         parent_ref = {"name": gateway_name, "port": port}
         if parent_ref in self.parent_refs:
             return False, {"detail": "gateway and port already exist in this route"}
@@ -302,38 +309,38 @@ def _check_parent(self, gateway_name, port):
         try:
             gateway = self.app.gateway_set.filter(name=gateway_name).latest()
         except Gateway.DoesNotExist:
-            return False, {"detail": f"this gateway {gateway_name} does not exist"}
+            return False, f"this gateway {gateway_name} does not exist"
         is_listener_allowed = False
         for gateway_port in gateway.ports:
             if port == gateway_port.get("port") and \
                     self.kind.split("Route")[0] in gateway_port.get("protocol"):
                 is_listener_allowed = True
         if not is_listener_allowed:
-            return False, {"detail": f"this gateway does not allow {self.kind} port {port} bind, \nplease add gateway listener first."}  # noqa
+            return False, "listener does not exist, please add gateway listener first."
         for route in self.app.route_set.exclude(app=self.app, name=self.name):
             for parent_ref in route.parent_refs:
                 if parent_ref["name"] == gateway_name and parent_ref["port"] == port:
-                    for protocol in self.protocols:
-                        if protocol in route.protocols:
-                            return False, {"detail": "this listener has already been referenced"}
+                    if not set(route.protocols).issubset(HOSTNAME_PROTOCOLS) and (
+                            set(route.protocols).issubset(self.protocols) or
+                            set(self.protocols).issubset(route.protocols)):
+                        return False, "this listener has already been referenced"
         return True, ""
 
     def _refresh_to_k8s(self, rules, parent_refs):
         try:
             k8s_route = getattr(self.scheduler(), self.kind.lower())
-            hostnames = [domain.domain for domain in self.app.domain_set.all()]
             try:
                 data = k8s_route.get(self.app.id, self.name).json()
                 k8s_route.patch(self.app.id, self.name, **{
                     "rules": rules,
-                    "hostnames": hostnames,
+                    "hostnames": self.hostnames,
                     "parent_refs": parent_refs,
                     "version": data["metadata"]["resourceVersion"],
                 })
             except KubeException:
                 k8s_route.create(self.app.id, self.name, **{
                     "rules": rules,
-                    "hostnames": hostnames,
+                    "hostnames": self.hostnames,
                     "parent_refs": parent_refs,
                 })
         except KubeException as e:

rootfs/api/serializers/__init__.py

@@ -410,7 +410,7 @@ class DomainSerializer(serializers.ModelSerializer):
     class Meta:
         """Metadata options for a :class:`DomainSerializer`."""
         model = models.domain.Domain
-        fields = ['owner', 'created', 'updated', 'app', 'domain']
+        fields = ['owner', 'created', 'updated', 'app', 'domain', 'procfile_type']
         read_only_fields = ['uuid']
 
     @staticmethod
@@ -460,6 +460,13 @@ def ToACE(x): return idna.alabel(x).decode("utf-8", "strict")
 
         return aceValue
 
+    @staticmethod
+    def validate_procfile_type(value):
+        if not re.match(PROCTYPE_MATCH, value):
+            raise serializers.ValidationError(PROCTYPE_MISMATCH_MSG)
+
+        return value
+
 
 class ServiceSerializer(serializers.ModelSerializer):
     """Serialize a :class:`~api.models.service.Service` model."""

rootfs/api/tests/test_certificate_use_case_1.py

@@ -1,7 +1,7 @@
 from django.contrib.auth import get_user_model
 from django.core.cache import cache
 
-from api.models.app import App
+from api.models.app import App, PROCFILE_TYPE_WEB
 from api.models.certificate import Certificate
 from api.models.domain import Domain
 from api.tests import TEST_ROOT, DryccTestCase
@@ -25,7 +25,8 @@ def setUp(self):
 
         self.url = '/v2/certs'
         self.app = App.objects.create(owner=self.user, id='test-app-use-case-1')
-        self.domain = Domain.objects.create(owner=self.user, app=self.app, domain='foo.com')
+        self.domain = Domain.objects.create(
+            owner=self.user, app=self.app, domain='foo.com', procfile_type=PROCFILE_TYPE_WEB)
         self.name = 'foo-com'  # certificate name
 
         with open('{}/certs/{}.key'.format(TEST_ROOT, self.domain)) as f:

rootfs/api/tests/test_certificate_use_case_2.py

@@ -1,7 +1,7 @@
 from django.contrib.auth import get_user_model
 from django.core.cache import cache
 
-from api.models.app import App
+from api.models.app import App, PROCFILE_TYPE_WEB
 from api.models.certificate import Certificate
 from api.models.domain import Domain
 from api.tests import TEST_ROOT, DryccTestCase
@@ -26,8 +26,10 @@ def setUp(self):
         self.url = '/v2/certs'
         self.app = App.objects.create(owner=self.user, id='test-app-use-case-2')
         self.domains = {
-            'foo.com': Domain.objects.create(owner=self.user, app=self.app, domain='foo.com'),
-            'bar.com': Domain.objects.create(owner=self.user, app=self.app, domain='bar.com'),
+            'foo.com': Domain.objects.create(
+                owner=self.user, app=self.app, domain='foo.com', procfile_type=PROCFILE_TYPE_WEB),
+            'bar.com': Domain.objects.create(
+                owner=self.user, app=self.app, domain='bar.com', procfile_type=PROCFILE_TYPE_WEB),
         }
 
         # only foo.com has a cert

rootfs/api/tests/test_certificate_use_case_3.py

@@ -1,7 +1,7 @@
 from django.contrib.auth import get_user_model
 from django.core.cache import cache
 
-from api.models.app import App
+from api.models.app import App, PROCFILE_TYPE_WEB
 from api.models.certificate import Certificate
 from api.models.domain import Domain
 from api.tests import TEST_ROOT, DryccTestCase
@@ -26,8 +26,10 @@ def setUp(self):
         self.url = '/v2/certs'
         self.app = App.objects.create(owner=self.user, id='test-app-use-case-3')
         self.domains = {
-            'foo.com': Domain.objects.create(owner=self.user, app=self.app, domain='foo.com'),
-            'bar.com': Domain.objects.create(owner=self.user, app=self.app, domain='bar.com'),
+            'foo.com': Domain.objects.create(
+                owner=self.user, app=self.app, domain='foo.com', procfile_type=PROCFILE_TYPE_WEB),
+            'bar.com': Domain.objects.create(
+                owner=self.user, app=self.app, domain='bar.com', procfile_type=PROCFILE_TYPE_WEB),
         }
 
         self.certificates = {}

rootfs/api/tests/test_certificate_use_case_4.py

@@ -1,7 +1,7 @@
 from django.contrib.auth import get_user_model
 from django.core.cache import cache
 
-from api.models.app import App
+from api.models.app import App, PROCFILE_TYPE_WEB
 from api.models.certificate import Certificate
 from api.models.domain import Domain
 from api.tests import TEST_ROOT, DryccTestCase
@@ -26,9 +26,13 @@ def setUp(self):
         self.url = '/v2/certs'
         self.app = App.objects.create(owner=self.user, id='test-app-use-case-3')
         self.domains = {
-            '*.foo.com': Domain.objects.create(owner=self.user, app=self.app, domain='*.foo.com'),
-            'foo.com': Domain.objects.create(owner=self.user, app=self.app, domain='foo.com'),
-            'bar.com': Domain.objects.create(owner=self.user, app=self.app, domain='bar.com'),
+            '*.foo.com': Domain.objects.create(
+                owner=self.user, app=self.app, domain='*.foo.com',
+                procfile_type=PROCFILE_TYPE_WEB),
+            'foo.com': Domain.objects.create(
+                owner=self.user, app=self.app, domain='foo.com', procfile_type=PROCFILE_TYPE_WEB),
+            'bar.com': Domain.objects.create(
+                owner=self.user, app=self.app, domain='bar.com', procfile_type=PROCFILE_TYPE_WEB),
         }
 
         self.certificates = {}

rootfs/api/tests/test_certificate_use_case_5.py

@@ -1,7 +1,7 @@
 from django.contrib.auth import get_user_model
 from django.core.cache import cache
 
-from api.models.app import App
+from api.models.app import App, PROCFILE_TYPE_WEB
 from api.models.certificate import Certificate
 from api.models.domain import Domain
 from api.tests import TEST_ROOT, DryccTestCase
@@ -26,10 +26,14 @@ def setUp(self):
         self.url = '/v2/certs'
         self.app = App.objects.create(owner=self.user, id='test-app-use-case-5')
         # Done out of scope as it gets the same cert as the wildcard
-        Domain.objects.create(owner=self.user, app=self.app, domain='foo.com')
+        Domain.objects.create(
+            owner=self.user, app=self.app, domain='foo.com', procfile_type=PROCFILE_TYPE_WEB)
         self.domains = {
-            '*.foo.com': Domain.objects.create(owner=self.user, app=self.app, domain='*.foo.com'),
-            'bar.com': Domain.objects.create(owner=self.user, app=self.app, domain='bar.com'),
+            '*.foo.com': Domain.objects.create(
+                owner=self.user, app=self.app, domain='*.foo.com',
+                procfile_type=PROCFILE_TYPE_WEB),
+            'bar.com': Domain.objects.create(
+                owner=self.user, app=self.app, domain='bar.com', procfile_type=PROCFILE_TYPE_WEB),
         }
 
         self.certificates = {}