Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use JSON schema for configuration #455

Merged
merged 58 commits into from
Sep 2, 2024
Merged

Use JSON schema for configuration #455

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
58 commits
Select commit Hold shift + click to select a range
f6ff68e
init
fcomte Jul 11, 2024
5aa57ae
fix
fcomte Jul 11, 2024
175c670
fix test
fcomte Jul 11, 2024
8e827c4
fix
fcomte Jul 11, 2024
8b7c1b5
fix
fcomte Jul 11, 2024
6beb5b1
fix
fcomte Jul 11, 2024
9f391b6
fix
fcomte Jul 11, 2024
c4c19f1
fix
fcomte Jul 11, 2024
cf884b8
convert to config
fcomte Jul 11, 2024
05508e2
add internal resolution
fcomte Jul 11, 2024
ba74cca
fix
fcomte Jul 11, 2024
f082b3e
fix pom
fcomte Jul 11, 2024
823beca
fix pom
fcomte Jul 11, 2024
dc70449
fix
fcomte Jul 11, 2024
c761c43
recursive resolution
fcomte Jul 11, 2024
3df369a
fix
fcomte Jul 11, 2024
43709bc
fix
fcomte Jul 11, 2024
a7e1cd2
fix
fcomte Jul 11, 2024
bee9917
fix
fcomte Jul 11, 2024
d6bc50e
fix
fcomte Jul 11, 2024
d58a73e
fix
fcomte Jul 11, 2024
419a143
add schema controller
fcomte Jul 12, 2024
deea725
Update RestExceptionHandler.java
fcomte Jul 12, 2024
016e448
fix
fcomte Jul 12, 2024
e5498c2
fix
fcomte Jul 12, 2024
3711858
add annotation postconstruct pom
fcomte Jul 12, 2024
47f1f24
fix
fcomte Jul 12, 2024
1f0f0e6
Fix frédo
olevitt Jul 12, 2024
cf528da
via vscode ajout resolution service
fcomte Jul 12, 2024
6829323
fredo fix tout seul spotless
fcomte Jul 12, 2024
f1b5935
Fix tests
olevitt Jul 12, 2024
d2d68b0
fix concurrent modif
fcomte Jul 13, 2024
a306122
relative path s3
fcomte Jul 14, 2024
ea3536b
Merge remote-tracking branch 'origin/main' into jsonnode
olevitt Jul 18, 2024
81debe0
controle schema when publishing
fcomte Jul 18, 2024
3c9b501
spot
fcomte Jul 18, 2024
30ed8f3
add overwriteSchemaWith
fcomte Jul 19, 2024
16cd389
add external schema
fcomte Jul 22, 2024
8bf5e0a
fix resolution, no merge
fcomte Jul 24, 2024
c7570ee
fix resolution
fcomte Jul 24, 2024
7a0f4ac
handle validation exception
fcomte Jul 25, 2024
590fd3a
fix exception
fcomte Jul 25, 2024
600eab8
add schemas
fcomte Jul 25, 2024
163a76d
Merge remote-tracking branch 'origin/main' into jsonnode
olevitt Jul 25, 2024
4a6b5f9
add schemas
fcomte Jul 25, 2024
088e8b6
Merge branch 'jsonnode' of https://github.com/inseefrlab/onyxia-api i…
fcomte Jul 25, 2024
32d9556
add message.json in schemas
ihiverlet Jul 26, 2024
4543b1c
add schemas
fcomte Jul 29, 2024
407facc
Merge remote-tracking branch 'origin/main' into jsonnode
olevitt Aug 1, 2024
c7ace55
Fix spotless
olevitt Aug 1, 2024
842eb8a
remove many configuration
fcomte Aug 3, 2024
c5af671
docs
fcomte Aug 3, 2024
f3e9caf
Merge remote-tracking branch 'origin/main' into jsonnode
olevitt Aug 6, 2024
81bc209
Update message.json
ihiverlet Aug 20, 2024
a2fb7d7
Update message.json
ihiverlet Aug 20, 2024
6f2ec22
Update message.json
ihiverlet Aug 20, 2024
d6544d9
Update message.json
ihiverlet Aug 20, 2024
4dd5f61
Update message.json
ihiverlet Aug 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
96 changes: 2 additions & 94 deletions docs/region-configuration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,20 +11,14 @@ See [regions.json](/onyxia-api/src/main/resources/regions.json) for a complete e
- [Region configuration](#region-configuration)
- [Main region properties](#main-region-properties)
- [Services properties](#services-properties)
- [CustomInitScript properties](#custominitscript-properties)
- [Server properties](#server-properties)
- [K8sPublicEndpoint properties](#k8spublicendpoint-properties)
- [Quotas properties](#quotas-properties)
- [Expose properties](#expose-properties)
- [istio](#istio)
- [CertManager](#certManager)
- [Default configuration properties](#default-configuration-properties)
- [Kafka](#kafka)
- [Sliders](#sliders)
- [Resources](#resources)
- [Data properties](#data-properties)
- [S3](#s3)
- [Atlas](#atlas)
- [Vault properties](#vault-properties)
- [Git properties](#git-properties)
- [ProxyConfiguration properties](#proxyconfiguration-properties)
Expand Down Expand Up @@ -70,34 +64,14 @@ Users can work on Onyxia as a User or as a Group to which they belong. Each user
| `groupPrefix` | | not used | |
| `authenticationMode` | serviceAccount | serviceAccount, impersonate or tokenPassthrough : on serviceAccount mode Onyxia API uses its own serviceAccount (by default admin or cluster-admin), with impersonate mode Onyxia requests the API with user's permissions (helm option `--kube-as-user`). With tokenPassthrough, the authentication token is passed to the API server. | |
| `expose` | | When users request to expose their service, only subdomain of this object domain are allowed | See [Expose properties](#expose-properties) |
| `monitoring` | | Define the URL pattern of the monitoring service that is to be launched with each service. Only for client purposes. | {URLPattern: "https://$NAMESPACE-$INSTANCE.mymonitoring.sspcloud.fr"} |
| `initScript` | | Define where to fetch a script that will be launched on some service on startup. | "https://inseefrlab.github.io/onyxia/onyxia-init.sh" |
| `monitoring` | | Define the URL pattern of the monitoring service that is to be launched with each service. Only for client purposes. | {URLPattern: "https://$NAMESPACE-$INSTANCE.mymonitoring.sspcloud.fr"} | |
| `allowedURIPattern` | "^https://" | Init scripts set by the user have to respect this pattern. | |
| `server` | | Define the configuration of the services provider API server, this value is not served on the API as it contains credentials for the API. | See [Server properties](#server-properties) |
| `k8sPublicEndpoint` | | Define external access to Kubernetes API if available. It helps Onyxia users to directly connect to Kubernetes outside the datalab | See [K8sPublicEndpoint properties](#k8sPublicEndpoint-properties) |
| `quotas` | | Properties setting quotas on how many resources a user can get on the services provider. | See [Quotas properties](#quotas-properties) |
| `defaultConfiguration` | | Default configuration on services that a user can override. For client purposes only. | See [Default Configuration](#default-configuration-properties) |
| `customInitScript` | | This can be used to customize user environments using a regional script executed by some users' pods. | See [CustomInitScript properties](#custominitscript-properties)
| `openshiftSCC` | | This can be used to inject SCC (Security Context Constraints) in openshift clusters | See [OpenshiftSCC properties](#openshiftSCC-properties) |
| `customValues` | | This can be used to specify custom values that will be available for helm chart injection in the web app. Nested values are supported. | ` "customValues": {"myCustomKey": "myValue", "myNestedCustomKey": {"nestedKey": "nestedValue"} }` |

### CustomInitScript properties

These properties define how to reach the **service provider API**.

| Key | Description | Example |
| --------------------- | ------------------------------------------------------------------ | ---- |
| `URL` | URL of the init script | "api.kub.sspcloud.fr" |
| `checksum` | checksum of the init script | |

### OpenshiftSCC properties

These properties define if SCC should be injected in services for openshift clusters

| Key | Description | Example |
| --------------------- | ------------------------------------------------------------------ | ---- |
| `enabled` | defaults to `false` | `true` |
| `scc` | name of the SCC | `anyuid` |

### Server properties

Expand Down Expand Up @@ -168,62 +142,6 @@ A quota follows the Kubernetes model which is composed of:



### Default configuration properties

| Key | Default | Description |
| --------------------- | ------- | ------------------------------------------------------------------ |
| `IPProtection` | false | Whether or not the default behavior of the reverse proxy serving the service is to block a request from an IP other than the one from which it has been created. For client purposes only. |
| `networkPolicy` | false | Whether or not services can be reached by pods outside of the current namespace. For client purposes only. |
| `from` | NA | List of allowed sources (Kubernetes network policies format for from) to reach user HTTP services. Used to allow ingress access to users' services |
| `nodeSelector` | NA | This node selector can be injected in a service to restrain on which node it can be launched |
| `tolerations` | NA | This node selector can be injected in a service to force it to run on nodes with this taint |
| `startupProbe` | NA | This startup probe can be injected into a service. It can help you in an environment with a slow network to specify a long duration before killing a container |
| `kafka` | | See [Kafka](#kafka) |
| `sliders` | | See [Sliders](#sliders) |
| `Resources` | | See [Resources](#resources) |

#### Kafka

Kafka can be used to get some events in the user chart like Hive metastore.

| Key | Default | Description |
| --------------------- | ------- | ------------------------------------------------------------------ |
| `URL` | N.A | brokerURL |
| `topicName` | N.A | topic name for those events |

#### Sliders

Sliders specify some slider parameters that may overwrite some defaults.

| Key | Default | Description |
| --------------------- | ------- | ------------------------------------------------------------------ |
| `cpu` | N.A | cpu slider parameters |
| `memory` | N.A | memory slider parameters |
| `gpu` | N.A | gpu slider parameters |
| `disk` | N.A | disk slider parameters |


| Key | Default | Description |
| --------------------- | ------- | ------------------------------------------------------------------ |
| `sliderMin` | N.A | sliderMin |
| `sliderMax` | N.A | sliderMax |
| `sliderStep` | N.A | sliderStep |
| `sliderUnit` | N.A | sliderUnit |

#### Resources

Resources specify some values that may overwrite some defaults.

| Key | Default | Description |
| --------------------- | ------- | ------------------------------------------------------------------ |
| `cpuRequest` | N.A | overwrite default CPU request if asked by helm-charts |
| `cpuLimit` | N.A | overwrite default CPU limit if asked by helm-charts |
| `memoryRequest` | N.A | overwrite default memory request if asked by helm-charts |
| `memoryLimit` | N.A | overwrite default memory limit if asked by helm-charts |
| `disk` | N.A | overwrite default disk size if asked by helm-charts |
| `gpu` | N.A | overwrite default GPU if asked by helm-charts |


## Data properties

### S3
Expand Down Expand Up @@ -367,17 +285,7 @@ type Region = {
};
};
```

### Atlas

Atlas is a data management tool.

It can be used to add additional features to the file explorer to transform it into a data explorer

| Key | Default | Description | Example |
| --------------------- | ------- | ------------------------------------------------------------------ | ---- |
| `URL` | | URL of the atlas service for the region. | "https://atlas.change.me" |
| `oidcConfiguration` | | Allow override of openidconnect authentication for this specific service. If not defined then global Onyxia authentication will be used. | {clientID: "onyxia", issuerURI: "https://auth.lab.sspcloud.fr/auth"} |
|

## Vault properties

Expand Down
12 changes: 12 additions & 0 deletions onyxia-api/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,18 @@
<artifactId>jackson-databind</artifactId>
</dependency>

<dependency>
<groupId>com.github.erosb</groupId>
<artifactId>everit-json-schema</artifactId>
<version>1.14.2</version>
</dependency>

<dependency>
<groupId>javax.annotation</groupId>
<artifactId>javax.annotation-api</artifactId>
<version>1.3.2</version>
</dependency>

<dependency>
<groupId>io.fabric8</groupId>
<artifactId>kubernetes-server-mock</artifactId>
Expand Down
60 changes: 60 additions & 0 deletions onyxia-api/src/main/java/fr/insee/onyxia/api/controller/RestExceptionHandler.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
package fr.insee.onyxia.api.controller;

import fr.insee.onyxia.api.controller.exception.SchemaNotFoundException;
import java.util.List;
import java.util.stream.Collectors;
import org.everit.json.schema.ValidationException;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.ResponseStatus;
Expand All @@ -12,4 +17,59 @@ public class RestExceptionHandler {
@ResponseStatus(value = HttpStatus.FORBIDDEN)
@ExceptionHandler(AccessDeniedException.class)
public void handleAccessDeniedException(Exception ignored) {}

@ExceptionHandler(SchemaNotFoundException.class)
public ResponseEntity<String> handleSchemaNotFoundException(SchemaNotFoundException ex) {
return new ResponseEntity<>(ex.getMessage(), HttpStatus.NOT_FOUND);
}

@ExceptionHandler(ValidationException.class)
public ResponseEntity<ErrorResponse> handleValidationException(ValidationException ex) {
List<String> errors =
ex.getCausingExceptions().stream()
.map(ValidationException::getMessage)
.collect(Collectors.toList());

ErrorResponse errorResponse =
new ErrorResponse(HttpStatus.BAD_REQUEST.value(), "Validation failed", errors);

return new ResponseEntity<>(errorResponse, HttpStatus.BAD_REQUEST);
}

// Define the ErrorResponse class within the GlobalExceptionHandler
public static class ErrorResponse {
private int status;
private String message;
private List<String> errors;

public ErrorResponse(int status, String message, List<String> errors) {
this.status = status;
this.message = message;
this.errors = errors;
}

public int getStatus() {
return status;
}

public void setStatus(int status) {
this.status = status;
}

public String getMessage() {
return message;
}

public void setMessage(String message) {
this.message = message;
}

public List<String> getErrors() {
return errors;
}

public void setErrors(List<String> errors) {
this.errors = errors;
}
}
}
8 changes: 8 additions & 0 deletions ...a-api/src/main/java/fr/insee/onyxia/api/controller/exception/SchemaNotFoundException.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
package fr.insee.onyxia.api.controller.exception;

public class SchemaNotFoundException extends RuntimeException {

public SchemaNotFoundException(String schemaName) {
super("Schema not found: " + schemaName);
}
}
37 changes: 37 additions & 0 deletions onyxia-api/src/main/java/fr/insee/onyxia/api/controller/pub/JsonSchemaController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
package fr.insee.onyxia.api.controller.pub;

import com.fasterxml.jackson.databind.JsonNode;
import fr.insee.onyxia.api.controller.exception.SchemaNotFoundException;
import fr.insee.onyxia.api.services.JsonSchemaRegistryService;
import java.util.Map;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/public/schemas")
public class JsonSchemaController {

private final JsonSchemaRegistryService jsonSchemaRegistryService;

@Autowired
public JsonSchemaController(JsonSchemaRegistryService jsonSchemaRegistryService) {
this.jsonSchemaRegistryService = jsonSchemaRegistryService;
}

@GetMapping
public Map<String, JsonNode> listSchemas() {
return jsonSchemaRegistryService.listSchemas();
}

@GetMapping("/{schemaName}")
public JsonNode getSchema(@PathVariable String schemaName) {
JsonNode schema = jsonSchemaRegistryService.getSchema(schemaName);
if (schema == null) {
throw new SchemaNotFoundException(schemaName);
}
return schema;
}
}
Loading
Loading