kamal 1.5.2 → 1.7.0

data/lib/kamal/configuration/logging.rb

@@ -0,0 +1,33 @@
+class Kamal::Configuration::Logging
+  delegate :optionize, :argumentize, to: Kamal::Utils
+
+  include Kamal::Configuration::Validation
+
+  attr_reader :logging_config
+
+  def initialize(logging_config:, context: "logging")
+    @logging_config = logging_config || {}
+    validate! @logging_config, context: context
+  end
+
+  def driver
+    logging_config["driver"]
+  end
+
+  def options
+    logging_config.fetch("options", {})
+  end
+
+  def merge(other)
+    self.class.new logging_config: logging_config.deep_merge(other.logging_config)
+  end
+
+  def args
+    if driver.present? || options.present?
+      optionize({ "log-driver" => driver }.compact) +
+        argumentize("--log-opt", options)
+    else
+      argumentize("--log-opt", { "max-size" => "10m" })
+    end
+  end
+end

data/lib/kamal/configuration/registry.rb

@@ -0,0 +1,31 @@
+class Kamal::Configuration::Registry
+  include Kamal::Configuration::Validation
+
+  attr_reader :registry_config
+
+  def initialize(config:)
+    @registry_config = config.raw_config.registry || {}
+    validate! registry_config, with: Kamal::Configuration::Validator::Registry
+  end
+
+  def server
+    registry_config["server"]
+  end
+
+  def username
+    lookup("username")
+  end
+
+  def password
+    lookup("password")
+  end
+
+  private
+    def lookup(key)
+      if registry_config[key].is_a?(Array)
+        ENV.fetch(registry_config[key].first).dup
+      else
+        registry_config[key]
+      end
+    end
+end

data/lib/kamal/configuration/role.rb

@@ -1,12 +1,33 @@
 class Kamal::Configuration::Role
+  include Kamal::Configuration::Validation
+
   CORD_FILE = "cord"
   delegate :argumentize, :optionize, to: Kamal::Utils
 
-  attr_accessor :name
+  attr_reader :name, :config, :specialized_env, :specialized_logging, :specialized_healthcheck
+
   alias to_s name
 
   def initialize(name, config:)
     @name, @config = name.inquiry, config
+    validate! \
+      specializations,
+      example: validation_yml["servers"]["workers"],
+      context: "servers/#{name}",
+      with: Kamal::Configuration::Validator::Role
+
+    @specialized_env = Kamal::Configuration::Env.new \
+      config: specializations.fetch("env", {}),
+      secrets_file: File.join(config.host_env_directory, "roles", "#{container_prefix}.env"),
+      context: "servers/#{name}/env"
+
+    @specialized_logging = Kamal::Configuration::Logging.new \
+      logging_config: specializations.fetch("logging", {}),
+      context: "servers/#{name}/logging"
+
+    @specialized_healthcheck = Kamal::Configuration::Healthcheck.new \
+      healthcheck_config: specializations.fetch("healthcheck", {}),
+      context: "servers/#{name}/healthcheck"
   end
 
   def primary_host
@@ -14,7 +35,11 @@ class Kamal::Configuration::Role
   end
 
   def hosts
-    @hosts ||= extract_hosts_from_config
+    tagged_hosts.keys
+  end
+
+  def env_tags(host)
+    tagged_hosts.fetch(host).collect { |tag| config.env_tag(tag) }
   end
 
   def cmd
@@ -38,24 +63,21 @@ class Kamal::Configuration::Role
   end
 
   def logging_args
-    args = config.logging || {}
-    args.deep_merge!(specializations["logging"]) if specializations["logging"].present?
+    logging.args
+  end
 
-    if args.any?
-      optionize({ "log-driver" => args["driver"] }.compact) +
-        argumentize("--log-opt", args["options"])
-    else
-      config.logging_args
-    end
+  def logging
+    @logging ||= config.logging.merge(specialized_logging)
   end
 
 
-  def env
-    @env ||= base_env.merge(specialized_env)
+  def env(host)
+    @envs ||= {}
+    @envs[host] ||= [ config.env, specialized_env, *env_tags(host).map(&:env) ].reduce(:merge)
   end
 
-  def env_args
-    env.args
+  def env_args(host)
+    env(host).args
   end
 
   def asset_volume_args
@@ -64,28 +86,29 @@ class Kamal::Configuration::Role
 
 
   def health_check_args(cord: true)
-    if health_check_cmd.present?
+    if running_traefik? || healthcheck.set_port_or_path?
       if cord && uses_cord?
-        optionize({ "health-cmd" => health_check_cmd_with_cord, "health-interval" => health_check_interval })
+        optionize({ "health-cmd" => health_check_cmd_with_cord, "health-interval" => healthcheck.interval })
           .concat(cord_volume.docker_args)
       else
-        optionize({ "health-cmd" => health_check_cmd, "health-interval" => health_check_interval })
+        optionize({ "health-cmd" => healthcheck.cmd, "health-interval" => healthcheck.interval })
       end
     else
       []
     end
   end
 
-  def health_check_cmd
-    health_check_options["cmd"] || http_health_check(port: health_check_options["port"], path: health_check_options["path"])
+  def healthcheck
+    @healthcheck ||=
+      if running_traefik?
+        config.healthcheck.merge(specialized_healthcheck)
+      else
+        specialized_healthcheck
+      end
   end
 
   def health_check_cmd_with_cord
-    "(#{health_check_cmd}) && (stat #{cord_container_file} > /dev/null || exit 1)"
-  end
-
-  def health_check_interval
-    health_check_options["interval"] || "1s"
+    "(#{healthcheck.cmd}) && (stat #{cord_container_file} > /dev/null || exit 1)"
   end
 
 
@@ -103,7 +126,7 @@ class Kamal::Configuration::Role
 
 
   def uses_cord?
-    running_traefik? && cord_volume && health_check_cmd.present?
+    running_traefik? && cord_volume && healthcheck.cmd.present?
   end
 
   def cord_host_directory
@@ -111,7 +134,7 @@ class Kamal::Configuration::Role
   end
 
   def cord_volume
-    if (cord = health_check_options["cord"])
+    if (cord = healthcheck.cord)
       @cord_volume ||= Kamal::Configuration::Volume.new \
         host_path: File.join(config.run_directory, "cords", [ container_prefix, config.run_id ].join("-")),
         container_path: cord
@@ -164,13 +187,24 @@ class Kamal::Configuration::Role
   end
 
   private
-    attr_accessor :config
+    def tagged_hosts
+      {}.tap do |tagged_hosts|
+        extract_hosts_from_config.map do |host_config|
+          if host_config.is_a?(Hash)
+            host, tags = host_config.first
+            tagged_hosts[host] = Array(tags)
+          elsif host_config.is_a?(String)
+            tagged_hosts[host_config] = []
+          end
+        end
+      end
+    end
 
     def extract_hosts_from_config
-      if config.servers.is_a?(Array)
-        config.servers
+      if config.raw_config.servers.is_a?(Array)
+        config.raw_config.servers
       else
-        servers = config.servers[name]
+        servers = config.raw_config.servers[name]
         servers.is_a?(Array) ? servers : Array(servers["hosts"])
       end
     end
@@ -179,6 +213,14 @@ class Kamal::Configuration::Role
       { "service" => config.service, "role" => name, "destination" => config.destination }
     end
 
+    def specializations
+      if config.raw_config.servers.is_a?(Array) || config.raw_config.servers[name].is_a?(Array)
+        {}
+      else
+        config.raw_config.servers[name]
+      end
+    end
+
     def traefik_labels
       if running_traefik?
         {
@@ -206,35 +248,4 @@ class Kamal::Configuration::Role
         labels.merge!(specializations["labels"]) if specializations["labels"].present?
       end
     end
-
-    def specializations
-      if config.servers.is_a?(Array) || config.servers[name].is_a?(Array)
-        {}
-      else
-        config.servers[name].except("hosts")
-      end
-    end
-
-    def specialized_env
-      Kamal::Configuration::Env.from_config config: specializations.fetch("env", {})
-    end
-
-    # Secrets are stored in an array, which won't merge by default, so have to do it by hand.
-    def base_env
-      Kamal::Configuration::Env.from_config \
-        config: config.env,
-        secrets_file: File.join(config.host_env_directory, "roles", "#{container_prefix}.env")
-    end
-
-    def http_health_check(port:, path:)
-      "curl -f #{URI.join("http://localhost:#{port}", path)} || exit 1" if path.present? || port.present?
-    end
-
-    def health_check_options
-      @health_check_options ||= begin
-        options = specializations["healthcheck"] || {}
-        options = config.healthcheck.merge(options) if running_traefik?
-        options
-      end
-    end
 end

data/lib/kamal/configuration/servers.rb

@@ -0,0 +1,18 @@
+class Kamal::Configuration::Servers
+  include Kamal::Configuration::Validation
+
+  attr_reader :config, :servers_config, :roles
+
+  def initialize(config:)
+    @config = config
+    @servers_config = config.raw_config.servers
+    validate! servers_config, with: Kamal::Configuration::Validator::Servers
+
+    @roles = role_names.map { |role_name| Kamal::Configuration::Role.new role_name, config: config }
+  end
+
+  private
+    def role_names
+      servers_config.is_a?(Array) ? [ "web" ] : servers_config.keys.sort
+    end
+end

data/lib/kamal/configuration/ssh.rb

@@ -1,22 +1,27 @@
 class Kamal::Configuration::Ssh
   LOGGER = ::Logger.new(STDERR)
 
+  include Kamal::Configuration::Validation
+
+  attr_reader :ssh_config
+
   def initialize(config:)
-    @config = config.raw_config.ssh || {}
+    @ssh_config = config.raw_config.ssh || {}
+    validate! ssh_config
   end
 
   def user
-    config.fetch("user", "root")
+    ssh_config.fetch("user", "root")
   end
 
   def port
-    config.fetch("port", 22)
+    ssh_config.fetch("port", 22)
   end
 
   def proxy
-    if (proxy = config["proxy"])
+    if (proxy = ssh_config["proxy"])
       Net::SSH::Proxy::Jump.new(proxy.include?("@") ? proxy : "root@#{proxy}")
-    elsif (proxy_command = config["proxy_command"])
+    elsif (proxy_command = ssh_config["proxy_command"])
       Net::SSH::Proxy::Command.new(proxy_command)
     end
   end
@@ -30,13 +35,11 @@ class Kamal::Configuration::Ssh
   end
 
   private
-    attr_accessor :config
-
     def logger
       LOGGER.tap { |logger| logger.level = log_level }
     end
 
     def log_level
-      config.fetch("log_level", :fatal)
+      ssh_config.fetch("log_level", :fatal)
     end
 end

data/lib/kamal/configuration/sshkit.rb

@@ -1,20 +1,22 @@
 class Kamal::Configuration::Sshkit
+  include Kamal::Configuration::Validation
+
+  attr_reader :sshkit_config
+
   def initialize(config:)
-    @options = config.raw_config.sshkit || {}
+    @sshkit_config = config.raw_config.sshkit || {}
+    validate! sshkit_config
   end
 
   def max_concurrent_starts
-    options.fetch("max_concurrent_starts", 30)
+    sshkit_config.fetch("max_concurrent_starts", 30)
   end
 
   def pool_idle_timeout
-    options.fetch("pool_idle_timeout", 900)
+    sshkit_config.fetch("pool_idle_timeout", 900)
   end
 
   def to_h
-    options
+    sshkit_config
   end
-
-  private
-    attr_accessor :options
 end

data/lib/kamal/configuration/traefik.rb

@@ -0,0 +1,60 @@
+class Kamal::Configuration::Traefik
+  DEFAULT_IMAGE = "traefik:v2.10"
+  CONTAINER_PORT = 80
+  DEFAULT_ARGS = {
+    "log.level" => "DEBUG"
+  }
+  DEFAULT_LABELS = {
+    # These ensure we serve a 502 rather than a 404 if no containers are available
+    "traefik.http.routers.catchall.entryPoints" => "http",
+    "traefik.http.routers.catchall.rule" => "PathPrefix(`/`)",
+    "traefik.http.routers.catchall.service" => "unavailable",
+    "traefik.http.routers.catchall.priority" => 1,
+    "traefik.http.services.unavailable.loadbalancer.server.port" => "0"
+  }
+
+  include Kamal::Configuration::Validation
+
+  attr_reader :config, :traefik_config
+
+  def initialize(config:)
+    @config = config
+    @traefik_config = config.raw_config.traefik || {}
+    validate! traefik_config
+  end
+
+  def publish?
+    traefik_config["publish"] != false
+  end
+
+  def labels
+    DEFAULT_LABELS.merge(traefik_config["labels"] || {})
+  end
+
+  def env
+    Kamal::Configuration::Env.new \
+      config: traefik_config.fetch("env", {}),
+      secrets_file: File.join(config.host_env_directory, "traefik", "traefik.env"),
+      context: "traefik/env"
+  end
+
+  def host_port
+    traefik_config.fetch("host_port", CONTAINER_PORT)
+  end
+
+  def options
+    traefik_config.fetch("options", {})
+  end
+
+  def port
+    "#{host_port}:#{CONTAINER_PORT}"
+  end
+
+  def args
+    DEFAULT_ARGS.merge(traefik_config.fetch("args", {}))
+  end
+
+  def image
+    traefik_config.fetch("image", DEFAULT_IMAGE)
+  end
+end

data/lib/kamal/configuration/validation.rb

@@ -0,0 +1,27 @@
+require "yaml"
+require "active_support/inflector"
+
+module Kamal::Configuration::Validation
+  extend ActiveSupport::Concern
+
+  class_methods do
+    def validation_doc
+      @validation_doc ||= File.read(File.join(File.dirname(__FILE__), "docs", "#{validation_config_key}.yml"))
+    end
+
+    def validation_config_key
+      @validation_config_key ||= name.demodulize.underscore
+    end
+  end
+
+  def validate!(config, example: nil, context: nil, with: Kamal::Configuration::Validator)
+    context ||= self.class.validation_config_key
+    example ||= validation_yml[self.class.validation_config_key]
+
+    with.new(config, example: example, context: context).validate!
+  end
+
+  def validation_yml
+    @validation_yml ||= YAML.load(self.class.validation_doc)
+  end
+end

data/lib/kamal/configuration/validator/accessory.rb

@@ -0,0 +1,9 @@
+class Kamal::Configuration::Validator::Accessory < Kamal::Configuration::Validator
+  def validate!
+    super
+
+    if (config.keys & [ "host", "hosts", "roles" ]).size != 1
+      error "specify one of `host`, `hosts` or `roles`"
+    end
+  end
+end

data/lib/kamal/configuration/validator/builder.rb

@@ -0,0 +1,9 @@
+class Kamal::Configuration::Validator::Builder < Kamal::Configuration::Validator
+  def validate!
+    super
+
+    if config["cache"] && config["cache"]["type"]
+      error "Invalid cache type: #{config["cache"]["type"]}" unless [ "gha", "registry" ].include?(config["cache"]["type"])
+    end
+  end
+end

data/lib/kamal/configuration/validator/env.rb

@@ -0,0 +1,54 @@
+class Kamal::Configuration::Validator::Env < Kamal::Configuration::Validator
+  SPECIAL_KEYS = [ "clear", "secret", "tags" ]
+
+  def validate!
+    if known_keys.any?
+      validate_complex_env!
+    else
+      validate_simple_env!
+    end
+  end
+
+  private
+    def validate_simple_env!
+      validate_hash_of!(config, String)
+    end
+
+    def validate_complex_env!
+      unknown_keys_error unknown_keys if unknown_keys.any?
+
+      with_context("clear") { validate_hash_of!(config["clear"], String) } if config.key?("clear")
+      with_context("secret") { validate_array_of!(config["secret"], String) } if config.key?("secret")
+      validate_tags! if config.key?("tags")
+    end
+
+    def known_keys
+      @known_keys ||= config.keys & SPECIAL_KEYS
+    end
+
+    def unknown_keys
+      @unknown_keys ||= config.keys - SPECIAL_KEYS
+    end
+
+    def validate_tags!
+      if context == "env"
+        with_context("tags") do
+          validate_type! config["tags"], Hash
+
+          config["tags"].each do |tag, value|
+            with_context(tag) do
+              validate_type! value, Hash
+
+              Kamal::Configuration::Validator::Env.new(
+                value,
+                example: example["tags"].values[1],
+                context: context
+              ).validate!
+            end
+          end
+        end
+      else
+        error "tags are only allowed in the root env"
+      end
+    end
+end

data/lib/kamal/configuration/validator/registry.rb

@@ -0,0 +1,25 @@
+class Kamal::Configuration::Validator::Registry < Kamal::Configuration::Validator
+  STRING_OR_ONE_ITEM_ARRAY_KEYS = [ "username", "password" ]
+
+  def validate!
+    validate_against_example! \
+      config.except(*STRING_OR_ONE_ITEM_ARRAY_KEYS),
+      example.except(*STRING_OR_ONE_ITEM_ARRAY_KEYS)
+
+    validate_string_or_one_item_array! "username"
+    validate_string_or_one_item_array! "password"
+  end
+
+  private
+    def validate_string_or_one_item_array!(key)
+      with_context(key) do
+        value = config[key]
+
+        error "is required" unless value.present?
+
+        unless value.is_a?(String) || (value.is_a?(Array) && value.size == 1 && value.first.is_a?(String))
+          error "should be a string or an array with one string (for secret lookup)"
+        end
+      end
+    end
+end

data/lib/kamal/configuration/validator/role.rb

@@ -0,0 +1,11 @@
+class Kamal::Configuration::Validator::Role < Kamal::Configuration::Validator
+  def validate!
+    validate_type! config, Array, Hash
+
+    if config.is_a?(Array)
+      validate_servers! "servers", config
+    else
+      super
+    end
+  end
+end

data/lib/kamal/configuration/validator/servers.rb

@@ -0,0 +1,7 @@
+class Kamal::Configuration::Validator::Servers < Kamal::Configuration::Validator
+  def validate!
+    validate_type! config, Array, Hash
+
+    validate_servers! config if config.is_a?(Array)
+  end
+end