Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Checks catalog openapi #536

Merged
merged 5 commits into from
May 17, 2022
Merged

Checks catalog openapi #536

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
d3f3fa5
Added a Checks Tag for OpenApi operations
nelsonkopliku May 16, 2022
4e8c524
Added Check related OpenApi schemas
nelsonkopliku May 16, 2022
4e5d683
Wire up OpenApi operation definition in the Catalog controller
nelsonkopliku May 16, 2022
f3b1404
Added missing bad request case doc
nelsonkopliku May 17, 2022
ed5b4de
Adjust provider schema
nelsonkopliku May 17, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
30 changes: 30 additions & 0 deletions lib/trento_web/controllers/catalog_controller.ex
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,36 @@ defmodule TrentoWeb.CatalogController do

alias Trento.Integration.Checks

alias TrentoWeb.OpenApi.Schema.{ChecksCatalog, Provider}

use OpenApiSpex.ControllerSpecs

tags(["Checks"])

operation(:checks_catalog,
summary: "Checks Catalog",
description:
"The list of the available checks that can be configured to run on the target SAP infrastructure",
parameters: [
flat: [
in: :query,
type: :string,
description:
"Whether to output a flat catalog or not. Just provide the flag, not the value. eg /api/checks/catalog?flat"
],
provider: [
in: :query,
type: Provider.FilterableProviders,
description: "Whether to filter by a specific provider"
]
],
responses: [
ok: {"A Collection of the available Checks", "application/json", ChecksCatalog.Catalog},
arbulu89 marked this conversation as resolved.
Show resolved Hide resolved
not_found: {"Not found", "application/json", ChecksCatalog.CatalogNotfound},
bad_request: {"Bad Request", "application/json", ChecksCatalog.UnableToLoadCatalog}
]
)

@spec checks_catalog(Plug.Conn.t(), map) :: Plug.Conn.t()
def checks_catalog(conn, params) do
with {:ok, content} <- get_catalog(params),
Expand Down
4 changes: 4 additions & 0 deletions lib/trento_web/openapi/api_spec.ex
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,10 @@ defmodule TrentoWeb.OpenApi.ApiSpec do
%Tag{
name: "Landscape",
description: "Providing access to the discovered target infrastructure"
},
%Tag{
name: "Checks",
description: "Providing Checks related feature"
}
]
}
Expand Down
191 changes: 191 additions & 0 deletions lib/trento_web/openapi/schema/checks_catalog.ex
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,191 @@
defmodule TrentoWeb.OpenApi.Schema.ChecksCatalog do
@moduledoc false

require OpenApiSpex
alias OpenApiSpex.Schema

alias TrentoWeb.OpenApi.Schema.Provider

defmodule Check do
@moduledoc false

OpenApiSpex.schema(%{
title: "Check",
description: "An available check to be executed on the target infrastructure",
type: :object,
properties: %{
id: %Schema{type: :string, description: "Check ID", format: :uuid},
name: %Schema{type: :string, description: "Check Name"},
description: %Schema{type: :string, description: "Check Description"},
remediation: %Schema{type: :string, description: "Check Remediation"},
implementation: %Schema{type: :string, description: "Check Implementation"},
labels: %Schema{type: :string, description: "Check Labels"},
premium: %Schema{
type: :boolean,
description: "Indicates whether the current check is a Premium check"
},
group: %Schema{
type: :string,
description: "Check Group, available when requiring a Flat Catalog"
},
provider: Provider.SupportedProviders
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where is this SupportedProviders specified?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's defined in lib/trento_web/openapi/schema/provider.ex:7

defmodule SupportedProviders do
  @moduledoc false

  OpenApiSpex.schema(%{
    title: "SupportedProviders",
    type: :string,
    description: "Detected Provider where the resource is running",
    enum: [:azure, :aws, :gcp, :unknown]
  })
end

And now that I see it I think:

  • should we consider default part of that list?
  • is :unknown actually a SupportedProvider?

I believe we can iterate more on these details.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:unknown is not supported in the checks catalog. We have in the code as an incoming provider in hosts, as we will have hosts that are not running in our known providers, and they will have this value.
So, in this SupportedProviders I see it totally right.
default is not part of this list, as I don't see any provider option as default

}
})
end

defmodule FlatCatalog do
@moduledoc false

OpenApiSpex.schema(%{
title: "FlatCatalog",
description: "A flat list of the available Checks",
type: :array,
items: Check
})
end

defmodule ChecksGroup do
@moduledoc false

OpenApiSpex.schema(%{
title: "ChecksGroup",
description: "A Group of related Checks (Corosync, Pacemaker ...)",
type: :object,
properties: %{
group: %Schema{type: :string, description: "Group Name"},
checks: FlatCatalog
}
})
end

defmodule ProviderCatalog do
@moduledoc false

OpenApiSpex.schema(%{
title: "ProviderCatalog",
description: "A Provider specific Catalog, and respective values",
type: :object,
properties: %{
provider: %Schema{
arbulu89 marked this conversation as resolved.
Show resolved Hide resolved
title: "ChecksProvider",
type: :string,
description:
"The provider determining the values for the attached checks (azure, aws ...)",
enum: [:azure, :aws, :gcp, :default]
},
groups: %Schema{
title: "ChecksGroups",
description: "A list of ChecksGroup for the respective provider",
type: :array,
items: ChecksGroup
}
}
})
end

defmodule GroupedCatalog do
@moduledoc false

OpenApiSpex.schema(%{
title: "GroupedCatalog",
description:
"A list of available Checks: grouped by provider (azure, aws ...) and checks groups (Corosync, Pacemaker ...)",
type: :array,
items: ProviderCatalog
})
end

defmodule Catalog do
@moduledoc false

OpenApiSpex.schema(%{
title: "ChecksCatalog",
description: "A representation of the Checks Catalog",
oneOf: [
GroupedCatalog,
FlatCatalog
],
example: [
%{
groups: [
%{
checks: [
%{
description: "Corosync `token` timeout is set to `5000`\n",
id: "156F64",
implementation:
"---\n\n- name: \"{{ name }}.check\"\n lineinfile:\n path: /etc/corosync/corosync.conf\n regexp: '^(\\s+){{ key_name }}:'\n line: \"\\t{{ key_name }}: {{ expected[name] }}\"\n insertafter: 'totem {'\n register: config_updated\n when:\n - ansible_check_mode\n\n- block:\n - name: Post results\n import_role:\n name: post-results\n when:\n - ansible_check_mode\n vars:\n status: \"{{ config_updated is not changed }}\"",
labels: "generic",
name: "1.1.1",
premium: false,
remediation:
"## Abstract\nThe value of the Corosync `token` timeout is not set as recommended.\n\n## Remediation\n\nAdjust the corosync `token` timeout as recommended on the best practices, and reload the corosync configuration\n\n1. Set the correct `token` timeout in the totem session in the corosync config file `/etc/corosync/corosync.conf`. This action must be repeated in all nodes of the cluster.\n ```\n [...]\n totem { \n token: <timeout value> \n }\n [...]\n ``` \n2. Reload the corosync configuration:\n `crm corosync reload`\n\n## References\n- https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/high-availability-guide-suse-pacemaker\n"
},
%{
description: "Corosync is running with `token` timeout set to `5000`\n",
id: "53D035",
implementation:
"---\n\n- name: \"{{ name }}.check\"\n shell: 'corosync-cmapctl | grep \"runtime.config.totem.token (u32) = \" | sed \"s/^.*= //\"'\n check_mode: false\n register: config_updated\n changed_when: config_updated.stdout != expected['1.1.1']\n\n- block:\n - name: Post results\n import_role:\n name: post-results\n when:\n - ansible_check_mode\n vars:\n status: \"{{ config_updated is not changed }}\"",
labels: "generic",
name: "1.1.1.runtime",
premium: false,
remediation:
"## Abstract\nThe runtime value of the Corosync `token` timeout is not set as recommended.\n\n## Remediation\n\nAdjust the corosync `token` timeout as recommended on the best practices, and reload the corosync configuration\n\n\n1. Set the correct `token` timeout in the totem session in the corosync config file `/etc/corosync/corosync.conf`. This action must be repeated in all nodes of the cluster.\n ```\n [...]\n totem { \n token: <timeout value> \n }\n [...]\n ``` \n2. Reload the corosync configuration:\n `crm corosync reload`\n\n## References\n- https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/high-availability-guide-suse-pacemaker\n"
}
],
group: "Corosync"
},
%{
checks: [
%{
description: "Fencing is enabled in the cluster attributes\n",
id: "205AF7",
implementation:
"---\n\n- name: \"{{ name }}.check\"\n command: 'crm_attribute -t crm_config -G -n stonith-enabled --quiet'\n check_mode: false\n register: config_updated\n changed_when: config_updated.stdout != expected[name]\n\n- block:\n - name: Post results\n import_role:\n name: post-results\n when:\n - ansible_check_mode\n vars:\n status: \"{{ config_updated is not changed }}\"",
labels: "generic",
name: "1.2.1",
premium: false,
remediation:
"## Abstract\nFencing is mandatory to guarantee data integrity for your SAP Applications.\nRunning a HA Cluster without fencing is not supported and might cause data loss.\n\n## Remediation\nExecute the following command to enable it:\n```\ncrm configure property stonith-enabled=true\n```\n\n## References\n- https://documentation.suse.com/sle-ha/15-SP3/html/SLE-HA-all/cha-ha-fencing.html#sec-ha-fencing-recommend\n"
}
],
group: "Pacemaker"
}
],
provider: "aws"
}
]
})
end

defmodule CatalogNotfound do
@moduledoc false

OpenApiSpex.schema(%{
title: "CatalogNotfound",
description: "No Catalog was found for the provided query",
type: :object,
properties: %{
error: %Schema{
type: :string,
enum: [:not_found]
}
},
example: %{error: "not_found"}
})
end

defmodule UnableToLoadCatalog do
@moduledoc false

OpenApiSpex.schema(%{
title: "UnableToLoadCatalog",
description: "Something wrong happened while loading the catalog. ie: it is not ready yet",
type: :object,
properties: %{
error: %Schema{type: :string, description: "The error message"}
},
example: %{error: "(not_ready|some other error message)"}
})
end
end
11 changes: 11 additions & 0 deletions lib/trento_web/openapi/schema/provider.ex
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,17 @@ defmodule TrentoWeb.OpenApi.Schema.Provider do
})
end

defmodule FilterableProviders do
@moduledoc false

OpenApiSpex.schema(%{
title: "FilterableProvider",
type: :string,
description: "A provider that can be used to filter the Catalog",
enum: [:azure, :aws, :gcp, :default]
})
end

defmodule AzureProviderData do
@moduledoc false

Expand Down