sovereign 0.19.3__py3-none-any.whl → 1.0.0a4__py3-none-any.whl

sovereign/views/interface.py

@@ -1,77 +1,62 @@
-from typing import List, Dict, Any
+import json
+import logging
 from collections import defaultdict
-from fastapi import APIRouter, Query, Path, Cookie
+from typing import Any, Dict, List
+
+from fastapi import APIRouter, Cookie, Path, Query
 from fastapi.encoders import jsonable_encoder
 from fastapi.requests import Request
-from fastapi.responses import RedirectResponse, JSONResponse, Response
-from sovereign import html_templates, XDS_TEMPLATES
-from sovereign.discovery import DiscoveryTypes
-from sovereign import poller, json_response_class
-from sovereign.utils.mock import mock_discovery_request
-from sovereign.views.discovery import perform_discovery
+from fastapi.responses import HTMLResponse, JSONResponse, Response
+from starlette.templating import Jinja2Templates
+from structlog.typing import FilteringBoundLogger
+
+from sovereign import __version__
+from sovereign.cache import Entry
+from sovereign.configuration import XDS_TEMPLATES, ConfiguredResourceTypes, config
+from sovereign.response_class import json_response_class
+from sovereign.utils.mock import NodeExpressionError, mock_discovery_request
+from sovereign.utils.resources import get_package_file
+from sovereign.v2.logging import get_named_logger
+from sovereign.v2.web import wait_for_discovery_response
+from sovereign.views import reader
 
 router = APIRouter()
 
-all_types = [t.value for t in DiscoveryTypes]
+all_types = [t.value for t in ConfiguredResourceTypes]
+
+html_templates = Jinja2Templates(
+    directory=str(get_package_file("sovereign", "templates"))
+)
 
 
 @router.get("/")
-async def ui_main(request: Request) -> Response:
+@router.get("/resources")
+async def ui_main(request: Request) -> HTMLResponse:
     try:
         return html_templates.TemplateResponse(
+            request=request,
             name="base.html",
             media_type="text/html",
-            context={
-                "request": request,
-                "all_types": all_types,
-                "last_update": str(poller.last_updated),
-            },
+            context={"all_types": all_types, "sovereign_version": __version__},
         )
     except IndexError:
         return html_templates.TemplateResponse(
+            request=request,
             name="err.html",
             media_type="text/html",
             context={
-                "request": request,
                 "title": "No resource types configured",
-                "message": "A template should be defined for every resource "
-                "type that you want your envoy proxies to discover.",
-                "doc_link": "https://vsyrakis.bitbucket.io/sovereign/docs/tutorial/templates/",
+                "message": (
+                    "A template should be defined for every resource "
+                    "type that you want your envoy proxies to discover."
+                ),
+                "doc_link": "https://developer.atlassian.com/platform/sovereign/tutorial/templates/#templates",
+                "sovereign_version": __version__,
             },
         )
 
 
-@router.get(
-    "/set-version", summary="Filter the UI by a certain Envoy Version (stores a Cookie)"
-)
-async def set_envoy_version(
-    request: Request,
-    version: str = Query(
-        "__any__", title="The clients envoy version to emulate in this XDS request"
-    ),
-) -> Response:
-    url = request.headers.get("Referer", "/ui")
-    response = RedirectResponse(url=url)
-    response.set_cookie(key="envoy_version", value=version)
-    return response
-
-
-@router.get(
-    "/set-service-cluster",
-    summary="Filter the UI by a certain service cluster (stores a Cookie)",
-)
-async def set_service_cluster(
-    request: Request,
-    service_cluster: str = Query(
-        "__any__", title="The clients envoy version to emulate in this XDS request"
-    ),
-) -> Response:
-    url = request.headers.get("Referer", "/ui")
-    response = RedirectResponse(url=url)
-    response.set_cookie(key="service_cluster", value=service_cluster)
-    return response
-
-
+# noinspection DuplicatedCode
 @router.get(
     "/resources/{xds_type}", summary="List available resources for a given xDS type"
 )
@@ -82,47 +67,84 @@ async def resources(
         None, title="The clients region to emulate in this XDS request"
     ),
     api_version: str = Query("v2", title="The desired Envoy API version"),
-    service_cluster: str = Cookie(
-        "*", title="The clients service cluster to emulate in this XDS request"
+    node_expression: str = Cookie(
+        "cluster=*", title="Node expression to filter resources with"
     ),
     envoy_version: str = Cookie(
         "__any__", title="The clients envoy version to emulate in this XDS request"
     ),
-) -> Response:
+    debug: int = Query(0, title="Show debug information on errors"),
+) -> HTMLResponse:
+    logger: FilteringBoundLogger = get_named_logger(
+        f"{__name__}.{resources.__qualname__} ({__file__})",
+        level=logging.DEBUG,
+    )
+
     ret: Dict[str, List[Dict[str, Any]]] = defaultdict(list)
     try:
-        response = await perform_discovery(
-            req=mock_discovery_request(
-                service_cluster=service_cluster,
-                resource_names=[],
-                version=envoy_version,
-                region=region,
-            ),
-            api_version=api_version,
-            resource_type=xds_type,
-            skip_auth=True,
+        mock_request = mock_discovery_request(
+            api_version,
+            xds_type,
+            version=envoy_version,
+            region=region,
+            expressions=node_expression.split(),
         )
-    except KeyError:
-        ret["resources"] = []
+        clear_cookie = False
+        error = None
+    except NodeExpressionError as e:
+        mock_request = mock_discovery_request(
+            api_version,
+            xds_type,
+            version=envoy_version,
+            region=region,
+        )
+        clear_cookie = True
+        error = str(e)
+
+    logger.debug("Making mock request", mock_request=mock_request)
+
+    entry: Entry | None = None
+
+    if config.worker_v2_enabled:
+        # we're set up to use v2 of the worker
+        discovery_response = await wait_for_discovery_response(mock_request)
+        if discovery_response is not None:
+            entry = Entry(
+                text=discovery_response.model_dump_json(indent=None),
+                len=len(discovery_response.resources),
+                version=discovery_response.version_info,
+                node=mock_request.node,
+            )
+
     else:
-        ret["resources"] += response.deserialize_resources()
-    return html_templates.TemplateResponse(
+        entry = await reader.blocking_read(mock_request)  # ty: ignore[possibly-missing-attribute]
+
+    if entry:
+        ret["resources"] = json.loads(entry.text).get("resources", [])
+
+    resp = html_templates.TemplateResponse(
+        request=request,
         name="resources.html",
         media_type="text/html",
         context={
+            "show_debuginfo": True if debug else False,
+            "discovery_response": entry,
+            "discovery_request": mock_request,
             "resources": ret["resources"],
-            "request": request,
             "resource_type": xds_type,
             "all_types": all_types,
             "version": envoy_version,
             "available_versions": list(XDS_TEMPLATES.keys()),
-            "service_cluster": service_cluster,
-            "available_service_clusters": poller.match_keys,
-            "last_update": str(poller.last_updated),
+            "error": error,
+            "sovereign_version": __version__,
         },
     )
+    if clear_cookie:
+        resp.delete_cookie("node_expression", path="/ui/resources/")
+    return resp
 
 
+# noinspection DuplicatedCode
 @router.get(
     "/resources/{xds_type}/{resource_name}",
     summary="Return JSON representation of a resource",
@@ -134,25 +156,56 @@ async def resource(
         None, title="The clients region to emulate in this XDS request"
     ),
     api_version: str = Query("v2", title="The desired Envoy API version"),
-    service_cluster: str = Cookie(
-        "*", title="The clients service cluster to emulate in this XDS request"
+    node_expression: str = Cookie(
+        "cluster=*", title="Node expression to filter resources with"
     ),
     envoy_version: str = Cookie(
         "__any__", title="The clients envoy version to emulate in this XDS request"
     ),
 ) -> Response:
-    response = await perform_discovery(
-        req=mock_discovery_request(
-            service_cluster=service_cluster,
-            resource_names=[resource_name],
-            version=envoy_version,
-            region=region,
-        ),
-        api_version=api_version,
-        resource_type=xds_type,
-        skip_auth=True,
+    logger: FilteringBoundLogger = get_named_logger(
+        f"{__name__}.{resources.__qualname__} ({__file__})",
+        level=logging.DEBUG,
+    )
+
+    mock_request = mock_discovery_request(
+        api_version,
+        xds_type,
+        version=envoy_version,
+        region=region,
+        expressions=node_expression.split(),
+    )
+
+    logger.debug("Making mock request", mock_request=mock_request)
+
+    entry: Entry | None = None
+
+    if config.worker_v2_enabled:
+        # we're set up to use v2 of the worker
+        discovery_response = await wait_for_discovery_response(mock_request)
+        if discovery_response is not None:
+            entry = Entry(
+                text=discovery_response.model_dump_json(indent=None),
+                len=len(discovery_response.resources),
+                version=discovery_response.version_info,
+                node=mock_request.node,
+            )
+
+    else:
+        entry = await reader.blocking_read(mock_request)  # ty: ignore[possibly-missing-attribute]
+
+    if entry:
+        for res in json.loads(entry.text).get("resources", []):
+            if res.get("name", res.get("cluster_name")) == resource_name:
+                safe_response = jsonable_encoder(res)
+                try:
+                    return json_response_class(content=safe_response)
+                except TypeError:
+                    return JSONResponse(content=safe_response)
+    return Response(
+        json.dumps({"title": "No resources found", "status": 404}),
+        media_type="application/json+problem",
     )
-    return Response(response.rendered, media_type="application/json")
 
 
 @router.get(
@@ -166,36 +219,43 @@ async def virtual_hosts(
         None, title="The clients region to emulate in this XDS request"
     ),
     api_version: str = Query("v2", title="The desired Envoy API version"),
-    service_cluster: str = Cookie(
-        "*", title="The clients service cluster to emulate in this XDS request"
+    node_expression: str = Cookie(
+        "cluster=*", title="Node expression to filter resources with"
     ),
     envoy_version: str = Cookie(
         "__any__", title="The clients envoy version to emulate in this XDS request"
     ),
 ) -> Response:
-    response = await perform_discovery(
-        req=mock_discovery_request(
-            service_cluster=service_cluster,
-            resource_names=[route_configuration],
-            version=envoy_version,
-            region=region,
-        ),
-        api_version=api_version,
-        resource_type="routes",
-        skip_auth=True,
+    logger: FilteringBoundLogger = get_named_logger(
+        f"{__name__}.{virtual_hosts.__qualname__} ({__file__})",
+        level=logging.DEBUG,
+    )
+
+    mock_request = mock_discovery_request(
+        api_version,
+        "routes",
+        version=envoy_version,
+        region=region,
+        expressions=node_expression.split(),
+    )
+
+    logger.debug("Making mock request", mock_request=mock_request)
+
+    if response := await reader.blocking_read(mock_request):  # ty: ignore[possibly-missing-attribute]
+        route_configs = [
+            resource_
+            for resource_ in json.loads(response.text).get("resources", [])
+            if resource_["name"] == route_configuration
+        ]
+        for route_config in route_configs:
+            for vhost in route_config["virtual_hosts"]:
+                if vhost["name"] == virtual_host:
+                    safe_response = jsonable_encoder(vhost)
+                    try:
+                        return json_response_class(content=safe_response)
+                    except TypeError:
+                        return JSONResponse(content=safe_response)
+    return Response(
+        json.dumps({"title": "No resources found", "status": 404}),
+        media_type="application/json+problem",
     )
-    route_configs = [
-        resource_
-        for resource_ in response.deserialize_resources()
-        if resource_["name"] == route_configuration
-    ]
-    for route_config in route_configs:
-        for vhost in route_config["virtual_hosts"]:
-            if vhost["name"] == virtual_host:
-                safe_response = jsonable_encoder(vhost)
-                try:
-                    return json_response_class(content=safe_response)
-                except TypeError:
-                    return JSONResponse(content=safe_response)
-        break
-    return JSONResponse(content={})

sovereign/worker.py

@@ -0,0 +1,193 @@
+import asyncio
+from contextlib import asynccontextmanager
+from typing import final
+
+from fastapi import Body, FastAPI
+
+from sovereign import (
+    application_logger as log,
+)
+from sovereign import (
+    cache,
+    disabled_ciphersuite,
+    rendering,
+    server_cipher_container,
+    stats,
+)
+from sovereign.configuration import config
+from sovereign.context import TemplateContext
+from sovereign.events import Topic, bus
+from sovereign.types import DiscoveryRequest, RegisterClientRequest
+
+
+# noinspection PyUnusedLocal
+def hidden_field(*args, **kwargs):
+    return "(value hidden)"
+
+
+def inject_builtin_items(request, output):
+    output["__hide_from_ui"] = lambda v: v
+    output["crypto"] = server_cipher_container
+    if request.is_internal_request:
+        output["__hide_from_ui"] = hidden_field
+        output["crypto"] = disabled_ciphersuite
+
+
+template_context = TemplateContext.from_config()
+context_middleware = [inject_builtin_items]
+template_context.middleware = context_middleware
+writer = cache.CacheWriter()
+
+ClientId = str
+OnDemandJob = tuple[ClientId, DiscoveryRequest]
+
+
+@final
+class RenderQueue:
+    def __init__(self, maxsize: int = 0):
+        self._queue: asyncio.Queue[OnDemandJob] = asyncio.Queue(maxsize)
+        self._set: set[ClientId] = set()
+        self._lock = asyncio.Lock()
+
+    async def put(self, item: OnDemandJob):
+        cid = item[0]
+        async with self._lock:
+            if cid not in self._set:
+                await self._queue.put(item)
+                self._set.add(cid)
+
+    def put_nowait(self, item: OnDemandJob):
+        cid = item[0]
+        if cid in self._set:
+            return
+        if self._queue.full():
+            raise asyncio.QueueFull
+        self._queue.put_nowait(item)
+        self._set.add(cid)
+
+    async def get(self):
+        return await self._queue.get()
+
+    def full(self):
+        return self._queue.full()
+
+    async def task_done(self, cid):
+        async with self._lock:
+            self._set.remove(cid)
+        self._queue.task_done()
+
+
+ONDEMAND = RenderQueue()
+
+
+poller = None
+if config.sources is not None:
+    if config.matching is not None:
+        matching_enabled = config.matching.enabled
+        node_key: str | None = config.matching.node_key
+        source_key: str | None = config.matching.source_key
+    else:
+        matching_enabled = False
+        node_key = None
+        source_key = None
+
+
+async def render_on_event(ctx):
+    subscription = bus.subscribe(Topic.CONTEXT)
+    while True:
+        # block forever until new context arrives
+        event = await subscription.get()
+        context_name = event.metadata.get("name")
+
+        log.debug(event.message)
+        try:
+            if registered := writer.get_registered_clients():
+                size = len(registered)
+                stats.increment("template.render_on_event", tags=[f"batch_size:{size}"])
+
+                for client, request in registered:
+                    if context_name in request.template.depends_on:
+                        log.info(
+                            f"Rendering template on-event for {request} because {context_name} was updated"
+                        )
+                        job = rendering.RenderJob(
+                            id=client,
+                            request=request,
+                            context=ctx.get_context(request),
+                        )
+                        job.submit()
+
+        finally:
+            await asyncio.sleep(config.template_context.cooldown)
+
+
+async def render_on_demand(ctx):
+    while True:
+        cid, request = await ONDEMAND.get()
+        stats.increment("template.render_on_demand")
+        log.debug(
+            f"Received on-demand request to render templates for {cid} ({request})"
+        )
+        job = rendering.RenderJob(
+            id=cid, request=request, context=ctx.get_context(request)
+        )
+        _ = job.submit()
+        await ONDEMAND.task_done(cid)
+
+
+# noinspection PyProtectedMember
+async def monitor_render_queue():
+    """Periodically report render queue size metrics"""
+    while True:
+        await asyncio.sleep(10)
+        stats.gauge("template.on_demand_queue_size", ONDEMAND._queue.qsize())
+
+
+@asynccontextmanager
+async def lifespan(_: FastAPI):
+    # Template Rendering
+    log.debug("Starting rendering loops")
+    asyncio.create_task(render_on_event(template_context))
+    asyncio.create_task(render_on_demand(template_context))
+    asyncio.create_task(monitor_render_queue())
+
+    # Template context
+    subscription = bus.subscribe(Topic.CONTEXT)
+    log.debug("Starting context loop")
+    asyncio.create_task(template_context.start())
+    event = await subscription.get()
+    log.debug(event.message)
+
+    log.debug("Worker lifespan initialized")
+    yield
+
+
+worker = FastAPI(lifespan=lifespan)
+if dsn := config.sentry_dsn.get_secret_value():
+    try:
+        # noinspection PyUnusedImports
+        import sentry_sdk
+
+        # noinspection PyUnusedImports
+        from sentry_sdk.integrations.asgi import SentryAsgiMiddleware
+
+        sentry_sdk.init(dsn)
+        worker.add_middleware(SentryAsgiMiddleware)  # type: ignore
+    except ImportError:  # pragma: no cover
+        log.error("Sentry DSN configured but failed to attach to worker")
+
+
+@worker.get("/health")
+def health():
+    return "OK"
+
+
+@worker.put("/client")
+async def client_add(
+    registration: RegisterClientRequest = Body(...),
+):
+    log.info(f"Received registration: {registration.request}")
+    xds = registration.request
+    client_id, req = writer.register(xds)
+    ONDEMAND.put_nowait((client_id, req))
+    return "Registered", 200