From 1f328cd4f2ac64cd4def15edae3c11d0503c4df1 Mon Sep 17 00:00:00 2001
From: MichalPysik <n3r0x541@gmail.com>
Date: Fri, 21 Jun 2024 15:00:07 +0200
Subject: [PATCH] Validate settings before running Pulp instance

When token authentization is enabled, 4 additional variables have to be
set. The state of these variables is now checked, while properly
informing the user, instead of relying on exceptions raised later during
the instance's run.

closes #1550
---
 CHANGES/1550.bugfix                  |  1 +
 pulp_container/app/__init__.py       |  2 +-
 pulp_container/app/dynaconf_hooks.py | 28 ++++++++++++++++++++++++++++
 3 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 CHANGES/1550.bugfix
 create mode 100644 pulp_container/app/dynaconf_hooks.py

diff --git a/CHANGES/1550.bugfix b/CHANGES/1550.bugfix
new file mode 100644
index 000000000..f3554617a
--- /dev/null
+++ b/CHANGES/1550.bugfix
@@ -0,0 +1 @@
+Pulp Container specific settings are now properly validated at startup of a Pulp instance.
diff --git a/pulp_container/app/__init__.py b/pulp_container/app/__init__.py
index 669f62a21..ea996157c 100644
--- a/pulp_container/app/__init__.py
+++ b/pulp_container/app/__init__.py
@@ -10,4 +10,4 @@ class PulpContainerPluginAppConfig(PulpPluginAppConfig):
     python_package_name = "pulp-container"
 
     def ready(self):
-        super().ready()
+        super().ready()
\ No newline at end of file
diff --git a/pulp_container/app/dynaconf_hooks.py b/pulp_container/app/dynaconf_hooks.py
new file mode 100644
index 000000000..5a54aa10a
--- /dev/null
+++ b/pulp_container/app/dynaconf_hooks.py
@@ -0,0 +1,28 @@
+from dynaconf import Validator
+
+
+token_auth_disabled_validator = Validator("TOKEN_AUTH_DISABLED", eq=True)
+token_server_validator = Validator("TOKEN_SERVER", must_exist=True)
+token_signature_algorithm_validator = Validator("TOKEN_SIGNATURE_ALGORITHM", must_exist=True)
+public_key_path_validator = Validator("PUBLIC_KEY_PATH", must_exist=True)
+private_key_path_validator = Validator("PRIVATE_KEY_PATH", must_exist=True)
+
+
+def post(settings) -> dict:
+    """
+    Post load hook for Pulp settings to validate Container-specific variables.
+    """
+    container_settings_validator = token_auth_disabled_validator | (
+        token_server_validator
+        & token_signature_algorithm_validator
+        & public_key_path_validator
+        & private_key_path_validator
+    )
+    container_settings_validator.messages["combined"] = (
+        "When token authentification is enabled ('TOKEN_AUTH_DISABLED=False'), all of the "
+        "following settings variables must be set: 'TOKEN_SERVER', 'TOKEN_SIGNATURE_ALGORITHM', "
+        "'PUBLIC_KEY_PATH', 'PRIVATE_KEY_PATH'. Please check your Pulp config file."
+    )
+    container_settings_validator.validate(settings)
+
+    return {}