spacebar/kamal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Configuration validation

Browse Source 
Validate the Kamal configuration giving useful warning on errors.
Each section of the configuration has its own config class and a YAML
file containing documented example configuration.

You can run `kamal docs` to see the example configuration, and
`kamal docs <section>` to see the example configuration for a specific
section.

The validation matches the configuration to the example configuration
checking that there are no unknown keys and that the values are of
matching types.

Where there is more complex validation - e.g for envs and servers, we
have custom validators that implement those rules.

Additonally the configuration examples are used to generate the
configuration documentation in the kamal-site repo.

You generate them by running:

```
bundle exec bin/docs <kamal-site-checkout>
```
This commit is contained in:
Donal McBreen
2024-05-28 09:25:42 +01:00
parent 6e60ab918a
commit 4f317b8499
59 changed files with 1942 additions and 480 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
test/configuration/accessory_test.rb
View File

@@ -35,7 +35,7 @@ class ConfigurationAccessoryTest < ActiveSupport::TestCase
"hosts" => [ "1.1.1.6", "1.1.1.7" ],
"port" => "6379:6379",
"labels" => {
"cache" => true
"cache" => "true"
},
"env" => {
"SOMETHING" => "else"
@@ -44,7 +44,7 @@ class ConfigurationAccessoryTest < ActiveSupport::TestCase
"/var/lib/redis:/data"
],
"options" => {
"cpus" => 4,
"cpus" => "4",
"memory" => "2GB"
}
},
@@ -54,13 +54,13 @@ class ConfigurationAccessoryTest < ActiveSupport::TestCase
"roles" => [ "web" ],
"port" => "4321:4321",
"labels" => {
"cache" => true
"cache" => "true"
},
"env" => {
"STATSD_PORT" => "8126"
},
"options" => {
"cpus" => 4,
"cpus" => "4",
"memory" => "2GB"
}
}
@@ -89,22 +89,20 @@ class ConfigurationAccessoryTest < ActiveSupport::TestCase
test "missing host" do
@deploy[:accessories]["mysql"]["host"] = nil
@config = Kamal::Configuration.new(@deploy)
assert_raises(ArgumentError) do
@config.accessory(:mysql).hosts
assert_raises(Kamal::ConfigurationError) do
Kamal::Configuration.new(@deploy)
end
end
test "setting host, hosts and roles" do
@deploy[:accessories]["mysql"]["hosts"] = true
@deploy[:accessories]["mysql"]["roles"] = true
@config = Kamal::Configuration.new(@deploy)
@deploy[:accessories]["mysql"]["hosts"] = [ "mysql-db1" ]
@deploy[:accessories]["mysql"]["roles"] = [ "db" ]
exception = assert_raises(ArgumentError) do
@config.accessory(:mysql).hosts
exception = assert_raises(Kamal::ConfigurationError) do
Kamal::Configuration.new(@deploy)
end
assert_equal "Specify one of `host`, `hosts` or `roles` for accessory `mysql`", exception.message
assert_equal "accessories/mysql: specify one of `host`, `hosts` or `roles`", exception.message
end
test "all hosts" do

85
test/configuration/builder_test.rb
View File

@@ -7,41 +7,37 @@ class ConfigurationBuilderTest < ActiveSupport::TestCase
servers: [ "1.1.1.1" ]
}
@config = Kamal::Configuration.new(@deploy)
@deploy_with_builder_option = {
service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" },
servers: [ "1.1.1.1" ],
builder: {}
}
@config_with_builder_option = Kamal::Configuration.new(@deploy_with_builder_option)
end
test "multiarch?" do
assert_equal true, @config.builder.multiarch?
assert_equal true, config.builder.multiarch?
end
test "setting multiarch to false" do
@deploy_with_builder_option[:builder] = { "multiarch" => false }
assert_equal false, @config_with_builder_option.builder.multiarch?
assert_equal false, config_with_builder_option.builder.multiarch?
end
test "local?" do
assert_equal false, @config.builder.local?
assert_equal false, config.builder.local?
end
test "remote?" do
assert_equal false, @config.builder.remote?
assert_equal false, config.builder.remote?
end
test "remote_arch" do
assert_nil @config.builder.remote_arch
assert_nil config.builder.remote_arch
end
test "remote_host" do
assert_nil @config.builder.remote_host
assert_nil config.builder.remote_host
end
test "setting both local and remote configs" do
@@ -50,112 +46,121 @@ class ConfigurationBuilderTest < ActiveSupport::TestCase
"remote" => { "arch" => "amd64", "host" => "ssh://root@192.168.0.1" }
}
assert_equal true, @config_with_builder_option.builder.local?
assert_equal true, @config_with_builder_option.builder.remote?
assert_equal true, config_with_builder_option.builder.local?
assert_equal true, config_with_builder_option.builder.remote?
assert_equal "amd64", @config_with_builder_option.builder.remote_arch
assert_equal "ssh://root@192.168.0.1", @config_with_builder_option.builder.remote_host
assert_equal "amd64", config_with_builder_option.builder.remote_arch
assert_equal "ssh://root@192.168.0.1", config_with_builder_option.builder.remote_host
assert_equal "arm64", @config_with_builder_option.builder.local_arch
assert_equal "unix:///Users/<%= `whoami`.strip %>/.docker/run/docker.sock", @config_with_builder_option.builder.local_host
assert_equal "arm64", config_with_builder_option.builder.local_arch
assert_equal "unix:///Users/<%= `whoami`.strip %>/.docker/run/docker.sock", config_with_builder_option.builder.local_host
end
test "cached?" do
assert_equal false, @config.builder.cached?
assert_equal false, config.builder.cached?
end
test "invalid cache type specified" do
@deploy_with_builder_option[:builder] = { "cache" => { "type" => "invalid" } }
assert_raises(ArgumentError) do
@config_with_builder_option.builder
assert_raises(Kamal::ConfigurationError) do
config_with_builder_option.builder
end
end
test "cache_from" do
assert_nil @config.builder.cache_from
assert_nil config.builder.cache_from
end
test "cache_to" do
assert_nil @config.builder.cache_to
assert_nil config.builder.cache_to
end
test "setting gha cache" do
@deploy_with_builder_option[:builder] = { "cache" => { "type" => "gha", "options" => "mode=max" } }
assert_equal "type=gha", @config_with_builder_option.builder.cache_from
assert_equal "type=gha,mode=max", @config_with_builder_option.builder.cache_to
assert_equal "type=gha", config_with_builder_option.builder.cache_from
assert_equal "type=gha,mode=max", config_with_builder_option.builder.cache_to
end
test "setting registry cache" do
@deploy_with_builder_option[:builder] = { "cache" => { "type" => "registry", "options" => "mode=max,image-manifest=true,oci-mediatypes=true" } }
assert_equal "type=registry,ref=dhh/app-build-cache", @config_with_builder_option.builder.cache_from
assert_equal "type=registry,mode=max,image-manifest=true,oci-mediatypes=true,ref=dhh/app-build-cache", @config_with_builder_option.builder.cache_to
assert_equal "type=registry,ref=dhh/app-build-cache", config_with_builder_option.builder.cache_from
assert_equal "type=registry,mode=max,image-manifest=true,oci-mediatypes=true,ref=dhh/app-build-cache", config_with_builder_option.builder.cache_to
end
test "setting registry cache when using a custom registry" do
@config_with_builder_option.registry["server"] = "registry.example.com"
@deploy_with_builder_option[:registry]["server"] = "registry.example.com"
@deploy_with_builder_option[:builder] = { "cache" => { "type" => "registry", "options" => "mode=max,image-manifest=true,oci-mediatypes=true" } }
assert_equal "type=registry,ref=registry.example.com/dhh/app-build-cache", @config_with_builder_option.builder.cache_from
assert_equal "type=registry,mode=max,image-manifest=true,oci-mediatypes=true,ref=registry.example.com/dhh/app-build-cache", @config_with_builder_option.builder.cache_to
assert_equal "type=registry,ref=registry.example.com/dhh/app-build-cache", config_with_builder_option.builder.cache_from
assert_equal "type=registry,mode=max,image-manifest=true,oci-mediatypes=true,ref=registry.example.com/dhh/app-build-cache", config_with_builder_option.builder.cache_to
end
test "setting registry cache with image" do
@deploy_with_builder_option[:builder] = { "cache" => { "type" => "registry", "image" => "kamal", "options" => "mode=max" } }
assert_equal "type=registry,ref=kamal", @config_with_builder_option.builder.cache_from
assert_equal "type=registry,mode=max,ref=kamal", @config_with_builder_option.builder.cache_to
assert_equal "type=registry,ref=kamal", config_with_builder_option.builder.cache_from
assert_equal "type=registry,mode=max,ref=kamal", config_with_builder_option.builder.cache_to
end
test "args" do
assert_equal({}, @config.builder.args)
assert_equal({}, config.builder.args)
end
test "setting args" do
@deploy_with_builder_option[:builder] = { "args" => { "key" => "value" } }
assert_equal({ "key" => "value" }, @config_with_builder_option.builder.args)
assert_equal({ "key" => "value" }, config_with_builder_option.builder.args)
end
test "secrets" do
assert_equal [], @config.builder.secrets
assert_equal [], config.builder.secrets
end
test "setting secrets" do
@deploy_with_builder_option[:builder] = { "secrets" => [ "GITHUB_TOKEN" ] }
assert_equal [ "GITHUB_TOKEN" ], @config_with_builder_option.builder.secrets
assert_equal [ "GITHUB_TOKEN" ], config_with_builder_option.builder.secrets
end
test "dockerfile" do
assert_equal "Dockerfile", @config.builder.dockerfile
assert_equal "Dockerfile", config.builder.dockerfile
end
test "setting dockerfile" do
@deploy_with_builder_option[:builder] = { "dockerfile" => "Dockerfile.dev" }
assert_equal "Dockerfile.dev", @config_with_builder_option.builder.dockerfile
assert_equal "Dockerfile.dev", config_with_builder_option.builder.dockerfile
end
test "context" do
assert_equal ".", @config.builder.context
assert_equal ".", config.builder.context
end
test "setting context" do
@deploy_with_builder_option[:builder] = { "context" => ".." }
assert_equal "..", @config_with_builder_option.builder.context
assert_equal "..", config_with_builder_option.builder.context
end
test "ssh" do
assert_nil @config.builder.ssh
assert_nil config.builder.ssh
end
test "setting ssh params" do
@deploy_with_builder_option[:builder] = { "ssh" => "default=$SSH_AUTH_SOCK" }
assert_equal "default=$SSH_AUTH_SOCK", @config_with_builder_option.builder.ssh
assert_equal "default=$SSH_AUTH_SOCK", config_with_builder_option.builder.ssh
end
private
def config
Kamal::Configuration.new(@deploy)
end
def config_with_builder_option
Kamal::Configuration.new(@deploy_with_builder_option)
end
end

6
test/configuration/env_test.rb
View File

@@ -19,7 +19,7 @@ class ConfigurationEnvTest < ActiveSupport::TestCase
test "secret" do
ENV["PASSWORD"] = "hello"
env = Kamal::Configuration::Env.from_config config: { "secret" => [ "PASSWORD" ] }
env = Kamal::Configuration::Env.new config: { "secret" => [ "PASSWORD" ] }
assert_config \
config: { "secret" => [ "PASSWORD" ] },
@@ -34,7 +34,7 @@ class ConfigurationEnvTest < ActiveSupport::TestCase
"secret" => [ "PASSWORD" ]
}
assert_raises(KeyError) { Kamal::Configuration::Env.from_config(config: { "secret" => [ "PASSWORD" ] }).secrets }
assert_raises(KeyError) { Kamal::Configuration::Env.new(config: { "secret" => [ "PASSWORD" ] }).secrets }
end
test "secret and clear" do
@@ -67,7 +67,7 @@ class ConfigurationEnvTest < ActiveSupport::TestCase
private
def assert_config(config:, clear:, secrets:)
env = Kamal::Configuration::Env.from_config config: config
env = Kamal::Configuration::Env.new config: config, secrets_file: "secrets.env"
assert_equal clear, env.clear
assert_equal secrets, env.secrets
end

21
test/configuration/role_test.rb
View File

@@ -18,7 +18,7 @@ class ConfigurationRoleTest < ActiveSupport::TestCase
"cmd" => "bin/jobs",
"env" => {
"REDIS_URL" => "redis://a/b",
"WEB_CONCURRENCY" => 4
"WEB_CONCURRENCY" => "4"
}
}
}
@@ -53,7 +53,7 @@ class ConfigurationRoleTest < ActiveSupport::TestCase
test "custom labels via role specialization" do
@deploy_with_roles[:labels] = { "my.custom.label" => "50" }
@deploy_with_roles[:servers]["workers"]["labels"] = { "my.custom.label" => "70" }
assert_equal "70", @config_with_roles.role(:workers).labels["my.custom.label"]
assert_equal "70", Kamal::Configuration.new(@deploy_with_roles).role(:workers).labels["my.custom.label"]
end
test "overwriting default traefik label" do
@@ -63,7 +63,7 @@ class ConfigurationRoleTest < ActiveSupport::TestCase
test "default traefik label on non-web role" do
config = Kamal::Configuration.new(@deploy_with_roles.tap { |c|
c[:servers]["beta"] = { "traefik" => "true", "hosts" => [ "1.1.1.5" ] }
c[:servers]["beta"] = { "traefik" => true, "hosts" => [ "1.1.1.5" ] }
})
assert_equal [ "--label", "service=\"app\"", "--label", "role=\"beta\"", "--label", "destination", "--label", "traefik.http.services.app-beta.loadbalancer.server.scheme=\"http\"", "--label", "traefik.http.routers.app-beta.rule=\"PathPrefix(\\`/\\`)\"", "--label", "traefik.http.routers.app-beta.priority=\"2\"", "--label", "traefik.http.middlewares.app-beta-retry.retry.attempts=\"5\"", "--label", "traefik.http.middlewares.app-beta-retry.retry.initialinterval=\"500ms\"", "--label", "traefik.http.routers.app-beta.middlewares=\"app-beta-retry@docker\"" ], config.role(:beta).label_args
@@ -102,7 +102,7 @@ class ConfigurationRoleTest < ActiveSupport::TestCase
@deploy_with_roles[:servers]["workers"]["env"] = {
"clear" => {
"REDIS_URL" => "redis://a/b",
"WEB_CONCURRENCY" => 4
"WEB_CONCURRENCY" => "4"
},
"secret" => [
"DB_PASSWORD"
@@ -117,7 +117,7 @@ class ConfigurationRoleTest < ActiveSupport::TestCase
DB_PASSWORD=secret&\"123
ENV
assert_equal expected_secrets_file, @config_with_roles.role(:workers).env("1.1.1.3").secrets_io.string
assert_equal expected_secrets_file, Kamal::Configuration.new(@deploy_with_roles).role(:workers).env("1.1.1.3").secrets_io.string
assert_equal [ "--env-file", ".kamal/env/roles/app-workers.env", "--env", "REDIS_URL=\"redis://a/b\"", "--env", "WEB_CONCURRENCY=\"4\"" ], @config_with_roles.role(:workers).env_args("1.1.1.3")
ensure
ENV["REDIS_PASSWORD"] = nil
@@ -128,7 +128,7 @@ class ConfigurationRoleTest < ActiveSupport::TestCase
@deploy_with_roles[:servers]["workers"]["env"] = {
"clear" => {
"REDIS_URL" => "redis://a/b",
"WEB_CONCURRENCY" => 4
"WEB_CONCURRENCY" => "4"
},
"secret" => [
"DB_PASSWORD"
@@ -141,7 +141,7 @@ class ConfigurationRoleTest < ActiveSupport::TestCase
DB_PASSWORD=secret123
ENV
assert_equal expected_secrets_file, @config_with_roles.role(:workers).env("1.1.1.3").secrets_io.string
assert_equal expected_secrets_file, Kamal::Configuration.new(@deploy_with_roles).role(:workers).env("1.1.1.3").secrets_io.string
assert_equal [ "--env-file", ".kamal/env/roles/app-workers.env", "--env", "REDIS_URL=\"redis://a/b\"", "--env", "WEB_CONCURRENCY=\"4\"" ], @config_with_roles.role(:workers).env_args("1.1.1.3")
ensure
ENV["DB_PASSWORD"] = nil
@@ -163,7 +163,7 @@ class ConfigurationRoleTest < ActiveSupport::TestCase
REDIS_PASSWORD=secret456
ENV
assert_equal expected_secrets_file, @config_with_roles.role(:workers).env("1.1.1.3").secrets_io.string
assert_equal expected_secrets_file, Kamal::Configuration.new(@deploy_with_roles).role(:workers).env("1.1.1.3").secrets_io.string
assert_equal [ "--env-file", ".kamal/env/roles/app-workers.env", "--env", "REDIS_URL=\"redis://a/b\"", "--env", "WEB_CONCURRENCY=\"4\"" ], @config_with_roles.role(:workers).env_args("1.1.1.3")
ensure
ENV["REDIS_PASSWORD"] = nil
@@ -191,8 +191,9 @@ class ConfigurationRoleTest < ActiveSupport::TestCase
REDIS_PASSWORD=secret456
ENV
assert_equal expected_secrets_file, @config_with_roles.role(:workers).env("1.1.1.3").secrets_io.string
assert_equal [ "--env-file", ".kamal/env/roles/app-workers.env", "--env", "REDIS_URL=\"redis://c/d\"" ], @config_with_roles.role(:workers).env_args("1.1.1.3")
config = Kamal::Configuration.new(@deploy_with_roles)
assert_equal expected_secrets_file, config.role(:workers).env("1.1.1.3").secrets_io.string
assert_equal [ "--env-file", ".kamal/env/roles/app-workers.env", "--env", "REDIS_URL=\"redis://c/d\"" ], config.role(:workers).env_args("1.1.1.3")
ensure
ENV["REDIS_PASSWORD"] = nil
end

116
test/configuration/validation_test.rb Normal file
View File

@@ -0,0 +1,116 @@
require "test_helper"
class ConfigurationValidationTest < ActiveSupport::TestCase
test "unknown root key" do
assert_error "unknown key: unknown", unknown: "value"
assert_error "unknown keys: unknown, unknown2", unknown: "value", unknown2: "value"
end
test "wrong root types" do
[ :service, :image, :asset_path, :hooks_path, :primary_role, :minimum_version, :run_directory ].each do |key|
assert_error "#{key}: should be a string", **{ key => [] }
end
[ :require_destination, :allow_empty_roles ].each do |key|
assert_error "#{key}: should be a boolean", **{ key => "foo" }
end
[ :stop_wait_time, :retain_containers, :readiness_delay ].each do |key|
assert_error "#{key}: should be an integer", **{ key => "foo" }
end
assert_error "volumes: should be an array", volumes: "foo"
assert_error "servers: should be an array or a hash", servers: "foo"
[ :labels, :registry, :accessories, :env, :ssh, :sshkit, :builder, :traefik, :boot, :healthcheck, :logging ].each do |key|
assert_error "#{key}: should be a hash", **{ key =>[] }
end
end
test "servers" do
assert_error "servers: should be an array or a hash", servers: "foo"
assert_error "servers/0: should be a string or a hash", servers: [ [] ]
assert_error "servers/0: multiple hosts found", servers: [ { "a" => "b", "c" => "d" } ]
assert_error "servers/0/foo: should be a string or an array", servers: [ { "foo" => {} } ]
assert_error "servers/0/foo/0: should be a string", servers: [ { "foo" => [ [] ] } ]
end
test "roles" do
assert_error "servers/web: should be an array or a hash", servers: { "web" => "foo" }
assert_error "servers/web/hosts: should be an array", servers: { "web" => { "hosts" => "" } }
assert_error "servers/web/hosts/0: should be a string or a hash", servers: { "web" => { "hosts" => [ [] ] } }
assert_error "servers/web/options: should be a hash", servers: { "web" => { "options" => "" } }
assert_error "servers/web/logging/options: should be a hash", servers: { "web" => { "logging" => { "options" => "" } } }
assert_error "servers/web/logging/driver: should be a string", servers: { "web" => { "logging" => { "driver" => [] } } }
assert_error "servers/web/labels: should be a hash", servers: { "web" => { "labels" => [] } }
assert_error "servers/web/env: should be a hash", servers: { "web" => { "env" => [] } }
assert_error "servers/web/env: tags are only allowed in the root env", servers: { "web" => { "hosts" => [ "1.1.1.1" ], "env" => { "tags" => {} } } }
end
test "registry" do
assert_error "registry/username: is required", registry: {}
assert_error "registry/password: is required", registry: { "username" => "foo" }
assert_error "registry/password: should be a string or an array with one string (for secret lookup)", registry: { "username" => "foo", "password" => [ "SECRET1", "SECRET2" ] }
assert_error "registry/server: should be a string", registry: { "username" => "foo", "password" => "bar", "server" => [] }
end
test "accessories" do
assert_error "accessories/accessory1: should be a hash", accessories: { "accessory1" => [] }
assert_error "accessories/accessory1: unknown key: unknown", accessories: { "accessory1" => { "unknown" => "baz" } }
assert_error "accessories/accessory1/options: should be a hash", accessories: { "accessory1" => { "options" => [] } }
assert_error "accessories/accessory1/host: should be a string", accessories: { "accessory1" => { "host" => [] } }
assert_error "accessories/accessory1/env: should be a hash", accessories: { "accessory1" => { "env" => [] } }
assert_error "accessories/accessory1/env: tags are only allowed in the root env", accessories: { "accessory1" => { "host" => "host", "env" => { "tags" => {} } } }
end
test "env" do
assert_error "env: should be a hash", env: []
assert_error "env/FOO: should be a string", env: { "FOO" => [] }
assert_error "env/clear/FOO: should be a string", env: { "clear" => { "FOO" => [] } }
assert_error "env/secret: should be an array", env: { "secret" => { "FOO" => [] } }
assert_error "env/secret/0: should be a string", env: { "secret" => [ [] ] }
assert_error "env/tags: should be a hash", env: { "tags" => [] }
assert_error "env/tags/tag1: should be a hash", env: { "tags" => { "tag1" => "foo" } }
assert_error "env/tags/tag1/FOO: should be a string", env: { "tags" => { "tag1" => { "FOO" => [] } } }
assert_error "env/tags/tag1/clear/FOO: should be a string", env: { "tags" => { "tag1" => { "clear" => { "FOO" => [] } } } }
assert_error "env/tags/tag1/secret: should be an array", env: { "tags" => { "tag1" => { "secret" => {} } } }
assert_error "env/tags/tag1/secret/0: should be a string", env: { "tags" => { "tag1" => { "secret" => [ [] ] } } }
assert_error "env/tags/tag1: tags are only allowed in the root env", env: { "tags" => { "tag1" => { "tags" => {} } } }
end
test "ssh" do
assert_error "ssh: unknown key: foo", ssh: { "foo" => "bar" }
assert_error "ssh/user: should be a string", ssh: { "user" => [] }
end
test "sshkit" do
assert_error "sshkit: unknown key: foo", sshkit: { "foo" => "bar" }
assert_error "sshkit/max_concurrent_starts: should be an integer", sshkit: { "max_concurrent_starts" => "foo" }
end
test "builder" do
assert_error "builder: unknown key: foo", builder: { "foo" => "bar" }
assert_error "builder/remote: should be a hash", builder: { "remote" => true }
assert_error "builder/remote: unknown key: foo", builder: { "remote" => { "foo" => "bar" } }
assert_error "builder/local: unknown key: foo", builder: { "local" => { "foo" => "bar" } }
assert_error "builder/remote/arch: should be a string", builder: { "remote" => { "arch" => [] } }
assert_error "builder/args/foo: should be a string", builder: { "args" => { "foo" => [] } }
assert_error "builder/cache/options: should be a string", builder: { "cache" => { "options" => [] } }
end
private
def assert_error(message, **invalid_config)
valid_config = {
service: "app",
image: "app",
registry: { "username" => "user", "password" => "secret" },
servers: [ "1.1.1.1" ]
}
error = assert_raises Kamal::ConfigurationError do
Kamal::Configuration.new(valid_config.merge(invalid_config))
end
assert_equal message, error.message
end
end