sovereign 0.19.3__py3-none-any.whl → 1.0.0b148__py3-none-any.whl

sovereign/views/healthchecks.py

@@ -1,38 +1,107 @@
-from typing import List
-from fastapi import Response
+import asyncio
+from typing_extensions import Annotated, Literal
+
+import requests
+import pydantic
+from fastapi import Request, Response, Query
 from fastapi.routing import APIRouter
-from fastapi.responses import PlainTextResponse
-from sovereign import XDS_TEMPLATES, __version__, json_response_class
+from fastapi.responses import JSONResponse, PlainTextResponse
+
+from sovereign import __version__
+from sovereign.views import reader
+from sovereign.configuration import XDS_TEMPLATES
 from sovereign.utils.mock import mock_discovery_request
-from sovereign.views.discovery import perform_discovery
+from sovereign.response_class import json_response_class
 
 
 router = APIRouter()
 
+State = Literal["FAIL"] | Literal["OK"]
+Message = str
+CheckResult = tuple[State, Message] | State
+
+
+class DeepCheckResult(pydantic.BaseModel):
+    templates: dict[str, CheckResult] = pydantic.Field(default_factory=dict)
+    worker: CheckResult = pydantic.Field(default=("FAIL", "Worker unavailable"))
+
+    def response(self) -> PlainTextResponse:
+        return PlainTextResponse(content=self.message, status_code=self.status)
+
+    def json_response(self) -> JSONResponse:
+        return json_response_class(content=self.model_dump(), status_code=self.status)
+
+    @property
+    def message(self) -> str:
+        msg = "Templates:\n"
+        for template, result in sorted(self.templates.items()):
+            msg += f"* {template} {result}\n"
+        msg += f"Worker: {self.worker}\n"
+        return msg
+
+    @property
+    def status(self) -> int:
+        if self.is_err():
+            return 500
+        return 200
+
+    def is_err(self):
+        for result in self.templates.values():
+            if result[0] == "FAIL":
+                return True
+        if self.worker[0] == "FAIL":
+            return True
+        return False
+
 
 @router.get("/healthcheck", summary="Healthcheck (Does the server respond to HTTP?)")
 async def health_check() -> Response:
-    return PlainTextResponse("OK")
+    return PlainTextResponse("OK", status_code=200)
 
 
 @router.get(
     "/deepcheck",
-    summary="Deepcheck (Can the server render all configured templates?)",
-    response_class=json_response_class,
+    summary="Deepcheck (Can the server render all default templates?)",
 )
-async def deep_check(response: Response) -> List[str]:
-    response.status_code = 200
-    ret = list()
+async def deep_check(
+    request: Request,
+    worker_attempts: Annotated[
+        int,
+        Query(
+            description="How many times to try to contact the worker before giving up",
+        ),
+    ] = 5,
+    envoy_service_cluster: Annotated[
+        str,
+        Query(
+            description="Which service cluster to use when checking if a template can be rendered",
+        ),
+    ] = "*",
+) -> Response:
+    result = DeepCheckResult()
     for template in list(XDS_TEMPLATES["default"].keys()):
         try:
-            req = mock_discovery_request(service_cluster="*")
-            await perform_discovery(req, "v3", resource_type=template, skip_auth=True)
-        # pylint: disable=broad-except
+            req = mock_discovery_request(
+                "v3",
+                template,
+                expressions=[f"cluster={envoy_service_cluster}"],
+            )
+            _ = await reader.blocking_read(req)
+            result.templates[template] = "OK"
+        except Exception as e:
+            result.templates[template] = ("FAIL", f"Failed {template}: {str(e)}")
+    for attempt in range(worker_attempts):
+        try:
+            worker_health = requests.get("http://localhost:9080/health")
+            if worker_health.ok:
+                result.worker = "OK"
+                break
         except Exception as e:
-            ret.append(f"Failed {template}: {str(e)}")
-        else:
-            ret.append(f"Rendered {template} OK")
-    return ret
+            result.worker = ("FAIL", str(e))
+            await asyncio.sleep(attempt)
+    if "json" in request.headers.get("Accept", ""):
+        return result.json_response()
+    return result.response()
 
 
 @router.get("/version", summary="Display the current version of Sovereign")

sovereign/views/interface.py

@@ -1,77 +1,56 @@
-from typing import List, Dict, Any
+import json
 from collections import defaultdict
-from fastapi import APIRouter, Query, Path, Cookie
+from typing import Any, Dict, List
+
+from fastapi import APIRouter, Cookie, Path, Query
 from fastapi.encoders import jsonable_encoder
 from fastapi.requests import Request
-from fastapi.responses import RedirectResponse, JSONResponse, Response
-from sovereign import html_templates, XDS_TEMPLATES
-from sovereign.discovery import DiscoveryTypes
-from sovereign import poller, json_response_class
-from sovereign.utils.mock import mock_discovery_request
-from sovereign.views.discovery import perform_discovery
+from fastapi.responses import HTMLResponse, JSONResponse, Response
+from starlette.templating import Jinja2Templates
+
+from sovereign import __version__
+from sovereign.views import reader
+from sovereign.configuration import ConfiguredResourceTypes, XDS_TEMPLATES
+from sovereign.response_class import json_response_class
+from sovereign.utils.mock import NodeExpressionError, mock_discovery_request
+from sovereign.utils.resources import get_package_file
 
 router = APIRouter()
 
-all_types = [t.value for t in DiscoveryTypes]
+all_types = [t.value for t in ConfiguredResourceTypes]
+
+html_templates = Jinja2Templates(
+    directory=str(get_package_file("sovereign", "templates"))
+)
 
 
 @router.get("/")
-async def ui_main(request: Request) -> Response:
+@router.get("/resources")
+async def ui_main(request: Request) -> HTMLResponse:
     try:
         return html_templates.TemplateResponse(
+            request=request,
             name="base.html",
             media_type="text/html",
-            context={
-                "request": request,
-                "all_types": all_types,
-                "last_update": str(poller.last_updated),
-            },
+            context={"all_types": all_types, "sovereign_version": __version__},
         )
     except IndexError:
         return html_templates.TemplateResponse(
+            request=request,
             name="err.html",
             media_type="text/html",
             context={
-                "request": request,
                 "title": "No resource types configured",
-                "message": "A template should be defined for every resource "
-                "type that you want your envoy proxies to discover.",
-                "doc_link": "https://vsyrakis.bitbucket.io/sovereign/docs/tutorial/templates/",
+                "message": (
+                    "A template should be defined for every resource "
+                    "type that you want your envoy proxies to discover."
+                ),
+                "doc_link": "https://developer.atlassian.com/platform/sovereign/tutorial/templates/#templates",
+                "sovereign_version": __version__,
             },
         )
 
 
-@router.get(
-    "/set-version", summary="Filter the UI by a certain Envoy Version (stores a Cookie)"
-)
-async def set_envoy_version(
-    request: Request,
-    version: str = Query(
-        "__any__", title="The clients envoy version to emulate in this XDS request"
-    ),
-) -> Response:
-    url = request.headers.get("Referer", "/ui")
-    response = RedirectResponse(url=url)
-    response.set_cookie(key="envoy_version", value=version)
-    return response
-
-
-@router.get(
-    "/set-service-cluster",
-    summary="Filter the UI by a certain service cluster (stores a Cookie)",
-)
-async def set_service_cluster(
-    request: Request,
-    service_cluster: str = Query(
-        "__any__", title="The clients envoy version to emulate in this XDS request"
-    ),
-) -> Response:
-    url = request.headers.get("Referer", "/ui")
-    response = RedirectResponse(url=url)
-    response.set_cookie(key="service_cluster", value=service_cluster)
-    return response
-
-
 @router.get(
     "/resources/{xds_type}", summary="List available resources for a given xDS type"
 )
@@ -82,45 +61,60 @@ async def resources(
         None, title="The clients region to emulate in this XDS request"
     ),
     api_version: str = Query("v2", title="The desired Envoy API version"),
-    service_cluster: str = Cookie(
-        "*", title="The clients service cluster to emulate in this XDS request"
+    node_expression: str = Cookie(
+        "cluster=*", title="Node expression to filter resources with"
     ),
     envoy_version: str = Cookie(
         "__any__", title="The clients envoy version to emulate in this XDS request"
     ),
-) -> Response:
+    debug: int = Query(0, title="Show debug information on errors"),
+) -> HTMLResponse:
     ret: Dict[str, List[Dict[str, Any]]] = defaultdict(list)
+    response = None
     try:
-        response = await perform_discovery(
-            req=mock_discovery_request(
-                service_cluster=service_cluster,
-                resource_names=[],
-                version=envoy_version,
-                region=region,
-            ),
-            api_version=api_version,
-            resource_type=xds_type,
-            skip_auth=True,
+        mock_request = mock_discovery_request(
+            api_version,
+            xds_type,
+            version=envoy_version,
+            region=region,
+            expressions=node_expression.split(),
+        )
+        clear_cookie = False
+        error = None
+    except NodeExpressionError as e:
+        mock_request = mock_discovery_request(
+            api_version,
+            xds_type,
+            version=envoy_version,
+            region=region,
         )
-    except KeyError:
-        ret["resources"] = []
-    else:
-        ret["resources"] += response.deserialize_resources()
-    return html_templates.TemplateResponse(
+        clear_cookie = True
+        error = str(e)
+
+    response = await reader.blocking_read(mock_request)
+    if response:
+        ret["resources"] = json.loads(response.text).get("resources", [])
+
+    resp = html_templates.TemplateResponse(
+        request=request,
         name="resources.html",
         media_type="text/html",
         context={
+            "show_debuginfo": True if debug else False,
+            "discovery_response": response,
+            "discovery_request": mock_request,
             "resources": ret["resources"],
-            "request": request,
             "resource_type": xds_type,
             "all_types": all_types,
             "version": envoy_version,
             "available_versions": list(XDS_TEMPLATES.keys()),
-            "service_cluster": service_cluster,
-            "available_service_clusters": poller.match_keys,
-            "last_update": str(poller.last_updated),
+            "error": error,
+            "sovereign_version": __version__,
         },
     )
+    if clear_cookie:
+        resp.delete_cookie("node_expression", path="/ui/resources/")
+    return resp
 
 
 @router.get(
@@ -134,25 +128,32 @@ async def resource(
         None, title="The clients region to emulate in this XDS request"
     ),
     api_version: str = Query("v2", title="The desired Envoy API version"),
-    service_cluster: str = Cookie(
-        "*", title="The clients service cluster to emulate in this XDS request"
+    node_expression: str = Cookie(
+        "cluster=*", title="Node expression to filter resources with"
     ),
     envoy_version: str = Cookie(
         "__any__", title="The clients envoy version to emulate in this XDS request"
     ),
 ) -> Response:
-    response = await perform_discovery(
-        req=mock_discovery_request(
-            service_cluster=service_cluster,
-            resource_names=[resource_name],
-            version=envoy_version,
-            region=region,
-        ),
-        api_version=api_version,
-        resource_type=xds_type,
-        skip_auth=True,
+    mock_request = mock_discovery_request(
+        api_version,
+        xds_type,
+        version=envoy_version,
+        region=region,
+        expressions=node_expression.split(),
+    )
+    if response := await reader.blocking_read(mock_request):
+        for res in json.loads(response.text).get("resources", []):
+            if res.get("name", res.get("cluster_name")) == resource_name:
+                safe_response = jsonable_encoder(res)
+                try:
+                    return json_response_class(content=safe_response)
+                except TypeError:
+                    return JSONResponse(content=safe_response)
+    return Response(
+        json.dumps({"title": "No resources found", "status": 404}),
+        media_type="application/json+problem",
     )
-    return Response(response.rendered, media_type="application/json")
 
 
 @router.get(
@@ -166,36 +167,35 @@ async def virtual_hosts(
         None, title="The clients region to emulate in this XDS request"
     ),
     api_version: str = Query("v2", title="The desired Envoy API version"),
-    service_cluster: str = Cookie(
-        "*", title="The clients service cluster to emulate in this XDS request"
+    node_expression: str = Cookie(
+        "cluster=*", title="Node expression to filter resources with"
     ),
     envoy_version: str = Cookie(
         "__any__", title="The clients envoy version to emulate in this XDS request"
     ),
 ) -> Response:
-    response = await perform_discovery(
-        req=mock_discovery_request(
-            service_cluster=service_cluster,
-            resource_names=[route_configuration],
-            version=envoy_version,
-            region=region,
-        ),
-        api_version=api_version,
-        resource_type="routes",
-        skip_auth=True,
+    mock_request = mock_discovery_request(
+        api_version,
+        "routes",
+        version=envoy_version,
+        region=region,
+        expressions=node_expression.split(),
+    )
+    if response := await reader.blocking_read(mock_request):
+        route_configs = [
+            resource_
+            for resource_ in json.loads(response.text).get("resources", [])
+            if resource_["name"] == route_configuration
+        ]
+        for route_config in route_configs:
+            for vhost in route_config["virtual_hosts"]:
+                if vhost["name"] == virtual_host:
+                    safe_response = jsonable_encoder(vhost)
+                    try:
+                        return json_response_class(content=safe_response)
+                    except TypeError:
+                        return JSONResponse(content=safe_response)
+    return Response(
+        json.dumps({"title": "No resources found", "status": 404}),
+        media_type="application/json+problem",
     )
-    route_configs = [
-        resource_
-        for resource_ in response.deserialize_resources()
-        if resource_["name"] == route_configuration
-    ]
-    for route_config in route_configs:
-        for vhost in route_config["virtual_hosts"]:
-            if vhost["name"] == virtual_host:
-                safe_response = jsonable_encoder(vhost)
-                try:
-                    return json_response_class(content=safe_response)
-                except TypeError:
-                    return JSONResponse(content=safe_response)
-        break
-    return JSONResponse(content={})

sovereign/worker.py

@@ -0,0 +1,204 @@
+import asyncio
+from typing import final
+from contextlib import asynccontextmanager
+
+from fastapi import FastAPI, Body
+
+from sovereign import (
+    cache,
+    rendering,
+    server_cipher_container,
+    disabled_ciphersuite,
+    application_logger as log,
+    stats,
+)
+from sovereign.context import TemplateContext
+from sovereign.sources import SourcePoller
+from sovereign.configuration import config
+from sovereign.types import RegisterClientRequest, DiscoveryRequest
+from sovereign.events import bus, Topic
+
+
+def hidden_field(*args, **kwargs):
+    return "(value hidden)"
+
+
+def inject_builtin_items(request, output):
+    output["__hide_from_ui"] = lambda v: v
+    output["crypto"] = server_cipher_container
+    if request.is_internal_request:
+        output["__hide_from_ui"] = hidden_field
+        output["crypto"] = disabled_ciphersuite
+
+
+template_context = TemplateContext.from_config()
+context_middleware = [inject_builtin_items]
+template_context.middleware = context_middleware
+writer = cache.CacheWriter()
+
+ClientId = str
+OnDemandJob = tuple[ClientId, DiscoveryRequest]
+
+
+@final
+class RenderQueue:
+    def __init__(self, maxsize: int = 0):
+        self._queue: asyncio.Queue[OnDemandJob] = asyncio.Queue(maxsize)
+        self._set: set[ClientId] = set()
+        self._lock = asyncio.Lock()
+
+    async def put(self, item: OnDemandJob):
+        cid = item[0]
+        async with self._lock:
+            if cid not in self._set:
+                await self._queue.put(item)
+                self._set.add(cid)
+
+    def put_nowait(self, item: OnDemandJob):
+        cid = item[0]
+        if cid in self._set:
+            return
+        if self._queue.full():
+            raise asyncio.QueueFull
+        self._queue.put_nowait(item)
+        self._set.add(cid)
+
+    async def get(self):
+        return await self._queue.get()
+
+    def full(self):
+        return self._queue.full()
+
+    async def task_done(self, cid):
+        async with self._lock:
+            self._set.remove(cid)
+        self._queue.task_done()
+
+
+ONDEMAND = RenderQueue()
+
+
+poller = None
+if config.sources is not None:
+    if config.matching is not None:
+        matching_enabled = config.matching.enabled
+        node_key: str | None = config.matching.node_key
+        source_key: str | None = config.matching.source_key
+    else:
+        matching_enabled = False
+        node_key = None
+        source_key = None
+    poller = SourcePoller(
+        sources=config.sources,
+        matching_enabled=matching_enabled,
+        node_match_key=node_key,
+        source_match_key=source_key,
+        source_refresh_rate=config.source_config.refresh_rate,
+        logger=log,
+        stats=stats,
+    )
+    context_middleware.append(poller.add_to_context)
+
+
+async def render_on_event(ctx):
+    subscription = bus.subscribe(Topic.CONTEXT)
+    while True:
+        # block forever until new context arrives
+        event = await subscription.get()
+        context_name = event.metadata.get("name")
+
+        log.debug(event.message)
+        try:
+            if registered := writer.get_registered_clients():
+                size = len(registered)
+                stats.increment("template.render_on_event", tags=[f"batch_size:{size}"])
+
+                for client, request in registered:
+                    if context_name in request.template.depends_on:
+                        log.info(
+                            f"Rendering template on-event for {request} because {context_name} was updated"
+                        )
+                        job = rendering.RenderJob(
+                            id=client,
+                            request=request,
+                            context=ctx.get_context(request),
+                        )
+                        job.submit()
+
+        finally:
+            await asyncio.sleep(config.template_context.cooldown)
+
+
+async def render_on_demand(ctx):
+    while True:
+        id, request = await ONDEMAND.get()
+        stats.increment("template.render_on_demand")
+        log.debug(
+            f"Received on-demand request to render templates for {id} ({request})"
+        )
+        job = rendering.RenderJob(
+            id=id, request=request, context=ctx.get_context(request)
+        )
+        _ = job.submit()
+        await ONDEMAND.task_done(id)
+
+
+async def monitor_render_queue():
+    """Periodically report render queue size metrics"""
+    while True:
+        await asyncio.sleep(10)
+        stats.gauge("template.on_demand_queue_size", ONDEMAND._queue.qsize())
+
+
+@asynccontextmanager
+async def lifespan(_: FastAPI):
+    # Template Rendering
+    log.debug("Starting rendering loops")
+    asyncio.create_task(render_on_event(template_context))
+    asyncio.create_task(render_on_demand(template_context))
+    asyncio.create_task(monitor_render_queue())
+
+    # Template context
+    subscription = bus.subscribe(Topic.CONTEXT)
+    log.debug("Starting context loop")
+    asyncio.create_task(template_context.start())
+    event = await subscription.get()
+    log.debug(event.message)
+
+    # Source polling
+    if poller is not None:
+        log.debug("Starting source poller")
+        poller.lazy_load_modifiers(config.modifiers)
+        poller.lazy_load_global_modifiers(config.global_modifiers)
+        asyncio.create_task(poller.poll_forever())
+
+    log.debug("Worker lifespan initialized")
+    yield
+
+
+worker = FastAPI(lifespan=lifespan)
+if dsn := config.sentry_dsn.get_secret_value():
+    try:
+        import sentry_sdk
+        from sentry_sdk.integrations.asgi import SentryAsgiMiddleware
+
+        sentry_sdk.init(dsn)
+        worker.add_middleware(SentryAsgiMiddleware)  # type: ignore
+    except ImportError:  # pragma: no cover
+        log.error("Sentry DSN configured but failed to attach to worker")
+
+
+@worker.get("/health")
+def health():
+    return "OK"
+
+
+@worker.put("/client")
+async def client_add(
+    registration: RegisterClientRequest = Body(...),
+):
+    log.info(f"Received registration: {registration.request}")
+    xds = registration.request
+    id, req = writer.register(xds)
+    ONDEMAND.put_nowait((id, req))
+    return "Registered", 200