sovereign 0.25.4__tar.gz → 0.27.0__tar.gz

{sovereign-0.25.4 → sovereign-0.27.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: sovereign
-Version: 0.25.4
+Version: 0.27.0
 Summary: Envoy Proxy control-plane written in Python
 Home-page: https://pypi.org/project/sovereign/
 License: Apache-2.0
@@ -44,13 +44,15 @@ Requires-Dist: glom (>=23.3.0,<24.0.0)
 Requires-Dist: gunicorn (>=22.0.0,<23.0.0)
 Requires-Dist: httptools (>=0.6.0,<0.7.0) ; extra == "httptools"
 Requires-Dist: orjson (>=3.9.15,<4.0.0) ; extra == "orjson"
+Requires-Dist: pydantic (>=2.7.2,<3.0.0)
+Requires-Dist: pydantic-settings (>=2.3.1,<3.0.0)
 Requires-Dist: redis (<=5.0.0)
 Requires-Dist: requests (>=2.31.0,<3.0.0)
 Requires-Dist: sentry-sdk (>=1.23.1,<2.0.0) ; extra == "sentry"
 Requires-Dist: structlog (>=23.1.0,<24.0.0)
 Requires-Dist: ujson (>=5.8.0,<6.0.0) ; extra == "ujson"
 Requires-Dist: uvicorn (>=0.23.2,<0.24.0)
-Requires-Dist: uvloop (>=0.17.0,<0.18.0)
+Requires-Dist: uvloop (>=0.19.0,<0.20.0)
 Project-URL: Documentation, https://vsyrakis.bitbucket.io/sovereign/docs/
 Project-URL: Repository, https://bitbucket.org/atlassian/sovereign/src/master/
 Description-Content-Type: text/markdown

{sovereign-0.25.4 → sovereign-0.27.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "sovereign"
-version = "0.25.4"
+version = "0.27.0"
 description = "Envoy Proxy control-plane written in Python"
 license = "Apache-2.0"
 packages = [
@@ -37,7 +37,10 @@ sovereign = 'sovereign.server:main'
 "inline" = "sovereign.sources.inline:Inline"
 
 [tool.poetry.plugins."sovereign.modifiers"]
-"sovereign_3rd_party_test" = "sovereign.modifiers.test:Test"
+"sovereign_3rd_party_test" = "sovereign.testing.modifiers:Test"
+
+[tool.poetry.plugins."sovereign.loaders"]
+"example" = "sovereign.testing.loaders:Multiply"
 
 [tool.poetry.dependencies]
 python = "^3.11"
@@ -52,7 +55,7 @@ cachelib = "^0.10.2"
 glom = "^23.3.0"
 cryptography = "^42.0.5"
 fastapi = "^0.110.0"
-uvloop = "^0.17.0"
+uvloop = "^0.19.0"
 sentry-sdk = "^1.23.1"
 boto3 = {version = "^1.28.62", optional = true}
 datadog = {version = "^0.47.0", optional = true}
@@ -63,6 +66,8 @@ cashews = {extras = ["redis"], version = "^6.3.0", optional = true}
 redis = {version = "<= 5.0.0", optional = true}
 httptools = {version = "^0.6.0", optional = true}
 cachetools = "^5.3.2"
+pydantic = "^2.7.2"
+pydantic-settings = "^2.3.1"
 
 [tool.poetry.extras]
 sentry = ["sentry-sdk"]
@@ -111,6 +116,12 @@ lint        = { cmd = "pylint src/sovereign", help = "Run linter checks" }
 [tool.black]
 target-version = ['py311']
 
+[tool.mypy]
+plugins = [
+    "pydantic.mypy"
+]
+ignore_missing_imports = true
+
 [tool.coverage.run]
 omit = ["test/*"]
 

{sovereign-0.25.4 → sovereign-0.27.0}/src/sovereign/__init__.py

@@ -4,7 +4,7 @@ from importlib.metadata import version
 from typing import Any, Mapping, Type
 
 from fastapi.responses import JSONResponse
-from pydantic.error_wrappers import ValidationError
+from pydantic import ValidationError
 from starlette.templating import Jinja2Templates
 
 from sovereign import config_loader

{sovereign-0.25.4 → sovereign-0.27.0}/src/sovereign/app.py

@@ -1,9 +1,11 @@
 import asyncio
 import traceback
-import uvicorn
 from collections import namedtuple
+
+import uvicorn
 from fastapi import FastAPI, Request
 from fastapi.responses import RedirectResponse, FileResponse, Response, JSONResponse
+
 from sovereign import (
     __version__,
     config,
@@ -14,12 +16,12 @@ from sovereign import (
     logs,
 )
 from sovereign.error_info import ErrorInfo
+from sovereign.utils.resources import get_package_file
 from sovereign.views import crypto, discovery, healthchecks, admin, interface
 from sovereign.middlewares import (
     RequestContextLogMiddleware,
     LoggingMiddleware,
 )
-from sovereign.utils.resources import get_package_file
 
 Router = namedtuple("Router", "module tags prefix")
 

{sovereign-0.25.4 → sovereign-0.27.0}/src/sovereign/config_loader.py

@@ -1,7 +1,7 @@
 import os
 import json
 from enum import Enum
-from typing import Any, Dict, Callable, Union
+from typing import Any, Dict, Callable, Union, Protocol
 from types import ModuleType
 import yaml
 import jinja2
@@ -14,6 +14,11 @@ from sovereign.utils.resources import get_package_file_bytes
 
 
 class Serialization(Enum):
+    """
+    Types of deserialization available in Sovereign
+    for loading configuration field values.
+    """
+
     yaml = "yaml"
     json = "json"
     orjson = "orjson"
@@ -22,18 +27,7 @@ class Serialization(Enum):
     jinja2 = "jinja2"
     string = "string"
     raw = "raw"
-
-
-class Protocol(Enum):
-    file = "file"
-    http = "http"
-    https = "https"
-    pkgdata = "pkgdata"
-    env = "env"
-    module = "module"
-    s3 = "s3"
-    python = "python"
-    inline = "inline"
+    skip = "skip"
 
 
 jinja_env = jinja2.Environment(autoescape=True)
@@ -56,6 +50,7 @@ serializers: Dict[Serialization, Callable[[Any], Any]] = {
     Serialization.raw: passthrough,
 }
 
+
 try:
     import ujson
 
@@ -99,8 +94,13 @@ except ImportError:
     boto3 = None
 
 
+class CustomLoader(Protocol):
+    def load(self, path: str, ser: Serialization) -> Any:
+        ...
+
+
 class Loadable(BaseModel):
-    protocol: Protocol = Protocol.http
+    protocol: str = "http"
     serialization: Serialization = Serialization.yaml
     path: str
 
@@ -113,26 +113,25 @@ class Loadable(BaseModel):
             raise
 
     @staticmethod
-    def from_legacy_fmt(s: str) -> "Loadable":
-        if "://" not in s:
+    def from_legacy_fmt(fmt_string: str) -> "Loadable":
+        if "://" not in fmt_string:
             return Loadable(
-                protocol=Protocol.inline, serialization=Serialization.string, path=s
+                protocol="inline", serialization=Serialization.string, path=fmt_string
             )
         try:
-            scheme, path = s.split("://")
+            scheme, path = fmt_string.split("://")
         except ValueError:
-            raise ValueError(s)
+            raise ValueError(fmt_string)
         try:
-            p, s = scheme.split("+")
+            proto, ser = scheme.split("+")
         except ValueError:
-            p, s = scheme, "yaml"
+            proto, ser = scheme, "yaml"
 
-        proto: Protocol = Protocol(p)
-        serialization: Serialization = Serialization(s)
-        if proto in (Protocol.python, Protocol.module):
+        serialization: Serialization = Serialization(ser)
+        if proto in ("python", "module"):
             serialization = Serialization.raw
-        if proto in (Protocol.http, Protocol.https):
-            path = "://".join([proto.value, path])
+        if proto in ("http", "https"):
+            path = "://".join([proto, path])
 
         return Loadable(
             protocol=proto,
@@ -145,32 +144,32 @@ def raise_(e: Exception) -> Exception:
     raise e
 
 
-def load_file(path: str, loader: Serialization) -> Any:
+def load_file(path: str, ser: Serialization) -> Any:
     with open(path) as f:
         contents = f.read()
         try:
-            return serializers[loader](contents)
+            return serializers[ser](contents)
         except FileNotFoundError:
             raise FileNotFoundError(f"Unable to load {path}")
 
 
-def load_package_data(path: str, loader: Serialization) -> Any:
+def load_package_data(path: str, ser: Serialization) -> Any:
     pkg, pkg_file = path.split(":")
     data = get_package_file_bytes(pkg, pkg_file)
-    return serializers[loader](data)
+    return serializers[ser](data)
 
 
-def load_http(path: str, loader: Serialization) -> Any:
+def load_http(path: str, ser: Serialization) -> Any:
     response = requests.get(path)
     response.raise_for_status()
     data = response.text
-    return serializers[loader](data)
+    return serializers[ser](data)
 
 
-def load_env(variable: str, loader: Serialization = Serialization.raw) -> Any:
+def load_env(variable: str, ser: Serialization = Serialization.raw) -> Any:
     data = os.getenv(variable)
     try:
-        return serializers[loader](data)
+        return serializers[ser](data)
     except AttributeError as e:
         raise AttributeError(
             f"Unable to read environment variable {variable}: {repr(e)}"
@@ -188,7 +187,7 @@ def load_module(name: str, _: Serialization = Serialization.raw) -> Any:
     return imported
 
 
-def load_s3(path: str, loader: Serialization = Serialization.raw) -> Any:
+def load_s3(path: str, ser: Serialization = Serialization.raw) -> Any:
     if isinstance(boto3, type(None)):
         raise ImportError(
             "boto3 must be installed to load S3 paths. Use ``pip install sovereign[boto]``"
@@ -197,7 +196,7 @@ def load_s3(path: str, loader: Serialization = Serialization.raw) -> Any:
     s3 = boto3.client("s3")
     response = s3.get_object(Bucket=bucket, Key=key)
     data = "".join([chunk.decode() for chunk in response["Body"]])
-    return serializers[loader](data)
+    return serializers[ser](data)
 
 
 def load_python(path: str, _: Serialization = Serialization.raw) -> ModuleType:
@@ -210,14 +209,14 @@ def load_inline(path: str, _: Serialization = Serialization.raw) -> Any:
     return str(path)
 
 
-loaders: Dict[Protocol, Callable[[str, Serialization], Union[str, Any]]] = {
-    Protocol.file: load_file,
-    Protocol.pkgdata: load_package_data,
-    Protocol.http: load_http,
-    Protocol.https: load_http,
-    Protocol.env: load_env,
-    Protocol.module: load_module,
-    Protocol.s3: load_s3,
-    Protocol.python: load_python,
-    Protocol.inline: load_inline,
+loaders: Dict[str, Callable[[str, Serialization], Union[str, Any]]] = {
+    "file": load_file,
+    "pkgdata": load_package_data,
+    "http": load_http,
+    "https": load_http,
+    "env": load_env,
+    "module": load_module,
+    "s3": load_s3,
+    "python": load_python,
+    "inline": load_inline,
 }

{sovereign-0.25.4 → sovereign-0.27.0}/src/sovereign/configuration.py

@@ -1,7 +1,7 @@
 import os
 from typing import Any, Mapping
 
-from pydantic.error_wrappers import ValidationError
+from pydantic import ValidationError
 
 from sovereign import config_loader
 from sovereign.context import TemplateContext

{sovereign-0.25.4 → sovereign-0.27.0}/src/sovereign/context.py

@@ -13,6 +13,8 @@ from typing import (
 )
 
 from fastapi import HTTPException
+from sovereign import config_loader
+from sovereign.utils.entry_point_loader import EntryPointLoader
 from structlog.stdlib import BoundLogger
 
 from sovereign.config_loader import Loadable
@@ -53,6 +55,14 @@ class TemplateContext:
         self.stats = stats
         # initial load
         self.context: Dict[str, Any] = {}
+        entry_points = EntryPointLoader("loaders")
+        for entry_point in entry_points.groups["loaders"]:
+            custom_loader = entry_point.load()
+            try:
+                func = custom_loader.load
+            except AttributeError:
+                raise AttributeError("Custom loader does not implement .load()")
+            config_loader.loaders[entry_point.name] = func
         asyncio.run(self.load_context_variables())
 
     async def start_refresh_context(self) -> NoReturn:
@@ -60,7 +70,6 @@ class TemplateContext:
             await poll_forever_cron(self.refresh_cron, self.refresh_context)
         elif self.refresh_rate is not None:
             await poll_forever(self.refresh_rate, self.refresh_context)
-
         raise RuntimeError("Failed to start refresh_context, this should never happen")
 
     async def refresh_context(self) -> None:
@@ -68,25 +77,25 @@ class TemplateContext:
 
     async def _load_context(
         self,
-        context_name: str,
-        context_config: Loadable | str,
+        name: str,
+        loader: Loadable | str,
         refresh_num_retries: int,
         refresh_retry_interval_secs: int,
     ) -> LoadContextResponse:
         retries_left = refresh_num_retries
-        context_response = {}
+        response = {}
 
         while True:
             try:
-                if isinstance(context_config, Loadable):
-                    context_response = context_config.load()
-                elif isinstance(context_config, str):
-                    context_response = Loadable.from_legacy_fmt(context_config).load()
+                if isinstance(loader, Loadable):
+                    response = loader.load()
+                elif isinstance(loader, str):
+                    response = Loadable.from_legacy_fmt(loader).load()
                 self.stats.increment(
                     "context.refresh.success",
-                    tags=[f"context:{context_name}"],
+                    tags=[f"context:{name}"],
                 )
-                return LoadContextResponse(context_name, context_response)
+                return LoadContextResponse(name, response)
             # pylint: disable=broad-except
             except Exception as e:
                 retries_left -= 1
@@ -95,34 +104,29 @@ class TemplateContext:
                     self.logger.error(str(e), traceback=tb)
                     self.stats.increment(
                         "context.refresh.error",
-                        tags=[f"context:{context_name}"],
+                        tags=[f"context:{name}"],
                     )
-                    return LoadContextResponse(context_name, context_response, False)
+                    return LoadContextResponse(name, response, False)
                 else:
                     await asyncio.sleep(refresh_retry_interval_secs)
 
     async def load_context_variables(self) -> None:
-        context_coroutines: list[Awaitable[LoadContextResponse]] = []
-        for context_name, context_config in self.configured_context.items():
-            context_coroutines.append(
+        coroutines: list[Awaitable[LoadContextResponse]] = []
+        for name, conf in self.configured_context.items():
+            coroutines.append(
                 self._load_context(
-                    context_name,
-                    context_config,
+                    name,
+                    conf,
                     self.refresh_num_retries,
                     self.refresh_retry_interval_secs,
                 )
             )
 
-        context_results: list[LoadContextResponse] = await asyncio.gather(
-            *context_coroutines
-        )
+        results: list[LoadContextResponse] = await asyncio.gather(*coroutines)
 
-        for context_result in context_results:
-            if (
-                context_result.success
-                or context_result.context_name not in self.context
-            ):
-                self.context[context_result.context_name] = context_result.context
+        for res in results:
+            if res.success or res.context_name not in self.context:
+                self.context[res.context_name] = res.context
 
         if "crypto" not in self.context and self.crypto:
             self.context["crypto"] = self.crypto
@@ -162,7 +166,9 @@ class TemplateContext:
         ret = self.build_new_context_from_instances(
             node_value=self.poller.extract_node_key(request.node),
         )
+        ret["__hide_from_ui"] = lambda v: v
         if request.hide_private_keys:
+            ret["__hide_from_ui"] = lambda _: "(value hidden)"
             ret["crypto"] = CipherContainer.from_encryption_configs(
                 encryption_configs=[EncryptionConfig("", EncryptionType.DISABLED)],
                 logger=self.logger,

{sovereign-0.25.4 → sovereign-0.27.0}/src/sovereign/schemas.py

@@ -5,21 +5,22 @@ from dataclasses import dataclass
 from enum import Enum
 from os import getenv
 from types import ModuleType
-from typing import Any, Dict, List, Optional, Tuple, Type, Union
+from typing import Any, Dict, List, Optional, Self, Tuple, Type, Union
 
 from croniter import CroniterBadCronError, croniter
 from fastapi.responses import JSONResponse
 from jinja2 import Template, meta
 from pydantic import (
     BaseModel,
-    BaseSettings,
+    ConfigDict,
     Field,
     SecretStr,
-    root_validator,
-    validator,
+    model_validator,
+    field_validator,
 )
+from pydantic_settings import BaseSettings, SettingsConfigDict
 
-from sovereign.config_loader import Loadable, Protocol, Serialization, jinja_env
+from sovereign.config_loader import Loadable, Serialization, jinja_env
 from sovereign.utils.crypto.suites import EncryptionType
 from sovereign.utils.version_info import compute_hash
 
@@ -65,11 +66,13 @@ class StatsdConfig(BaseModel):
     enabled: bool = False
     use_ms: bool = True
 
-    @validator("host", pre=True)
+    @field_validator("host", mode="before")
+    @classmethod
     def load_host(cls, v: str) -> Any:
         return Loadable.from_legacy_fmt(v).load()
 
-    @validator("port", pre=True)
+    @field_validator("port", mode="before")
+    @classmethod
     def load_port(cls, v: Union[int, str]) -> Any:
         if isinstance(v, int):
             return v
@@ -78,7 +81,8 @@ class StatsdConfig(BaseModel):
         else:
             raise ValueError(f"Received an invalid port: {v}")
 
-    @validator("tags", pre=True)
+    @field_validator("tags", mode="before")
+    @classmethod
     def load_tags(cls, v: Dict[str, Union[Loadable, str]]) -> Dict[str, Any]:
         ret = dict()
         for key, value in v.items():
@@ -108,14 +112,14 @@ class DiscoveryCacheConfig(BaseModel):
     socket_keepalive: bool = True  # Try to keep connections to redis around.
     ttl: int = 60
 
-    @root_validator
-    def set_default_protocol(cls, values: Dict[str, Any]) -> Dict[str, Any]:
-        secure = values.get("secure")
-        if secure:
-            values["protocol"] = "rediss://"
-        return values
+    @model_validator(mode="after")
+    def set_default_protocol(self) -> Self:
+        if self.secure:
+            self.protocol = "rediss://"
+        return self
 
-    @root_validator
+    @model_validator(mode="before")
+    @classmethod
     def set_environmental_variables(cls, values: Dict[str, Any]) -> Dict[str, Any]:
         if host := getenv("SOVEREIGN_DISCOVERY_CACHE_REDIS_HOST"):
             values["host"] = host
@@ -132,7 +136,7 @@ class XdsTemplate:
             self.loadable: Loadable = Loadable.from_legacy_fmt(path)
         elif isinstance(path, Loadable):
             self.loadable = path
-        self.is_python_source = self.loadable.protocol == Protocol.python
+        self.is_python_source = self.loadable.protocol == "python"
         self.source = self.load_source()
         template_ast = jinja_env.parse(self.source)
         self.jinja_variables = meta.find_undeclared_variables(template_ast)
@@ -177,7 +181,7 @@ class XdsTemplate:
             # we can simply read and return the source of it.
             old_protocol = self.loadable.protocol
             old_serialization = self.loadable.serialization
-            self.loadable.protocol = Protocol("inline")
+            self.loadable.protocol = "inline"
             self.loadable.serialization = Serialization("string")
             ret = self.loadable.load()
             self.loadable.protocol = old_protocol
@@ -221,9 +225,9 @@ class ProcessedTemplate:
 
 
 class Locality(BaseModel):
-    region: str = Field(None)
-    zone: str = Field(None)
-    sub_zone: str = Field(None)
+    region: Optional[str] = Field(None)
+    zone: Optional[str] = Field(None)
+    sub_zone: Optional[str] = Field(None)
 
 
 class SemanticVersion(BaseModel):
@@ -255,8 +259,8 @@ class Node(BaseModel):
         description="The ``--service-cluster`` configured by the Envoy client",
     )
     metadata: Dict[str, Any] = Field(default_factory=dict, title="Key:value metadata")
-    locality: Locality = Field(Locality(), title="Locality")  # type: ignore
-    build_version: str = Field(
+    locality: Locality = Field(Locality(), title="Locality")
+    build_version: Optional[str] = Field(
         None,  # Optional in the v3 Envoy API
         title="Envoy build/release version string",
         description="Used to identify what version of Envoy the "
@@ -269,7 +273,7 @@ class Node(BaseModel):
     client_features: List[str] = []
 
     @property
-    def common(self) -> Tuple[str, str, str, BuildVersion, Locality]:
+    def common(self) -> Tuple[str, Optional[str], str, BuildVersion, Locality]:
         """
         Returns fields that are the same in adjacent proxies
         ie. proxies that are part of the same logical group
@@ -292,7 +296,7 @@ class Resources(List[str]):
     def __contains__(self, item: object) -> bool:
         if len(self) == 0:
             return True
-        return item in list(self)
+        return super().__contains__(item)
 
 
 class Status(BaseModel):
@@ -306,19 +310,20 @@ class DiscoveryRequest(BaseModel):
     version_info: str = Field(
         "0", title="The version of the envoy clients current configuration"
     )
-    resource_names: Resources = Field(
+    resource_names: list[str] | Resources = Field(
         Resources(), title="List of requested resource names"
     )
     hide_private_keys: bool = False
     type_url: Optional[str] = Field(
         None, title="The corresponding type_url for the requested resource"
     )
-    desired_controlplane: str = Field(
+    desired_controlplane: Optional[str] = Field(
         None, title="The host header provided in the Discovery Request"
     )
-    error_detail: Status = Field(
+    error_detail: Optional[Status] = Field(
         None, title="Error details from the previous xDS request"
     )
+    model_config = ConfigDict(arbitrary_types_allowed=True)
 
     @property
     def envoy_version(self) -> str:
@@ -328,6 +333,8 @@ class DiscoveryRequest(BaseModel):
         except AssertionError:
             try:
                 build_version = self.node.build_version
+                if build_version is None:
+                    return "default"
                 _, version, *_ = build_version.split("/")
             except (AttributeError, ValueError):
                 # TODO: log/metric this?
@@ -355,33 +362,35 @@ class DiscoveryResponse(BaseModel):
 
 
 class SovereignAsgiConfig(BaseSettings):
-    host: str = "0.0.0.0"
-    port: int = 8080
-    keepalive: int = 5
-    workers: int = multiprocessing.cpu_count() * 2 + 1
-    threads: int = 1
+    host: str = Field("0.0.0.0", alias="SOVEREIGN_HOST")
+    port: int = Field(8080, alias="SOVEREIGN_PORT")
+    keepalive: int = Field(5, alias="SOVEREIGN_KEEPALIVE")
+    workers: int = Field(
+        default_factory=lambda: multiprocessing.cpu_count() * 2 + 1,
+        alias="SOVEREIGN_WORKERS",
+    )
+    threads: int = Field(1, alias="SOVEREIGN_THREADS")
     reuse_port: bool = True
-    preload_app: bool = True
+    preload_app: bool = Field(True, alias="SOVEREIGN_PRELOAD")
     log_level: str = "warning"
     worker_class: str = "uvicorn.workers.UvicornWorker"
-    worker_timeout: int = 30
+    worker_timeout: int = Field(30, alias="SOVEREIGN_WORKER_TIMEOUT")
     worker_tmp_dir: str = "/dev/shm"
-    graceful_timeout: int = worker_timeout * 2
-    max_requests: int = 0
-    max_requests_jitter: int = 0
-
-    class Config:
-        fields = {
-            "host": {"env": "SOVEREIGN_HOST"},
-            "port": {"env": "SOVEREIGN_PORT"},
-            "keepalive": {"env": "SOVEREIGN_KEEPALIVE"},
-            "workers": {"env": "SOVEREIGN_WORKERS"},
-            "threads": {"env": "SOVEREIGN_THREADS"},
-            "preload_app": {"env": "SOVEREIGN_PRELOAD"},
-            "worker_timeout": {"env": "SOVEREIGN_WORKER_TIMEOUT"},
-            "max_requests": {"env": "SOVEREIGN_MAX_REQUESTS"},
-            "max_requests_jitter": {"env": "SOVEREIGN_MAX_REQUESTS_JITTER"},
-        }
+    graceful_timeout: Optional[int] = Field(None)
+    max_requests: int = Field(0, alias="SOVEREIGN_MAX_REQUESTS")
+    max_requests_jitter: int = Field(0, alias="SOVEREIGN_MAX_REQUESTS_JITTER")
+    model_config = SettingsConfigDict(
+        env_file=".env",
+        extra="ignore",
+        env_file_encoding="utf-8",
+        populate_by_name=True,
+    )
+
+    @model_validator(mode="after")
+    def validate_graceful_timeout(self) -> Self:
+        if self.graceful_timeout is None:
+            self.graceful_timeout = self.worker_timeout * 2
+        return self
 
     def as_gunicorn_conf(self) -> Dict[str, Any]:
         return {
@@ -405,54 +414,45 @@ class SovereignConfig(BaseSettings):
     sources: List[ConfiguredSource]
     templates: Dict[str, Dict[str, Union[str, Loadable]]]
     template_context: Dict[str, Any] = {}
-    eds_priority_matrix: Dict[str, Dict[str, str]] = {}
+    eds_priority_matrix: Dict[str, Dict[str, int]] = {}
     modifiers: List[str] = []
     global_modifiers: List[str] = []
     regions: List[str] = []
     statsd: StatsdConfig = StatsdConfig()
-    auth_enabled: bool = False
-    auth_passwords: str = ""
-    encryption_key: str = ""
-    environment: str = "local"
-    debug_enabled: bool = False
-    sentry_dsn: str = ""
-    node_match_key: str = "cluster"
-    node_matching: bool = True
-    source_match_key: str = "service_clusters"
-    sources_refresh_rate: int = 30
-    cache_strategy: str = "context"
-    refresh_context: bool = False
-    context_refresh_rate: Optional[int]
-    context_refresh_cron: Optional[str]
-    dns_hard_fail: bool = False
-    enable_application_logs: bool = True
-    enable_access_logs: bool = True
-    log_fmt: Optional[str] = ""
-    ignore_empty_log_fields: bool = False
+    auth_enabled: bool = Field(False, alias="SOVEREIGN_AUTH_ENABLED")
+    auth_passwords: str = Field("", alias="SOVEREIGN_AUTH_PASSWORDS")
+    encryption_key: str = Field("", alias="SOVEREIGN_ENCRYPTION_KEY")
+    environment: str = Field("local", alias="SOVEREIGN_ENVIRONMENT")
+    debug_enabled: bool = Field(False, alias="SOVEREIGN_DEBUG_ENABLED")
+    sentry_dsn: str = Field("", alias="SOVEREIGN_SENTRY_DSN")
+    node_match_key: str = Field("cluster", alias="SOVEREIGN_NODE_MATCH_KEY")
+    node_matching: bool = Field(True, alias="SOVEREIGN_NODE_MATCHING")
+    source_match_key: str = Field(
+        "service_clusters", alias="SOVEREIGN_SOURCE_MATCH_KEY"
+    )
+    sources_refresh_rate: int = Field(30, alias="SOVEREIGN_SOURCES_REFRESH_RATE")
+    cache_strategy: str = Field("context", alias="SOVEREIGN_CACHE_STRATEGY")
+    refresh_context: bool = Field(False, alias="SOVEREIGN_REFRESH_CONTEXT")
+    context_refresh_rate: Optional[int] = Field(
+        None, alias="SOVEREIGN_CONTEXT_REFRESH_RATE"
+    )
+    context_refresh_cron: Optional[str] = Field(
+        None, alias="SOVEREIGN_CONTEXT_REFRESH_CRON"
+    )
+    dns_hard_fail: bool = Field(False, alias="SOVEREIGN_DNS_HARD_FAIL")
+    enable_application_logs: bool = Field(
+        True, alias="SOVEREIGN_ENABLE_APPLICATION_LOGS"
+    )
+    enable_access_logs: bool = Field(True, alias="SOVEREIGN_ENABLE_ACCESS_LOGS")
+    log_fmt: Optional[str] = Field("", alias="SOVEREIGN_LOG_FORMAT")
+    ignore_empty_log_fields: bool = Field(False, alias="SOVEREIGN_LOG_IGNORE_EMPTY")
     discovery_cache: DiscoveryCacheConfig = DiscoveryCacheConfig()
-
-    class Config:
-        fields = {
-            "auth_enabled": {"env": "SOVEREIGN_AUTH_ENABLED"},
-            "auth_passwords": {"env": "SOVEREIGN_AUTH_PASSWORDS"},
-            "encryption_key": {"env": "SOVEREIGN_ENCRYPTION_KEY"},
-            "environment": {"env": "SOVEREIGN_ENVIRONMENT"},
-            "debug_enabled": {"env": "SOVEREIGN_DEBUG_ENABLED"},
-            "sentry_dsn": {"env": "SOVEREIGN_SENTRY_DSN"},
-            "node_match_key": {"env": "SOVEREIGN_NODE_MATCH_KEY"},
-            "node_matching": {"env": "SOVEREIGN_NODE_MATCHING"},
-            "source_match_key": {"env": "SOVEREIGN_SOURCE_MATCH_KEY"},
-            "sources_refresh_rate": {"env": "SOVEREIGN_SOURCES_REFRESH_RATE"},
-            "cache_strategy": {"env": "SOVEREIGN_CACHE_STRATEGY"},
-            "refresh_context": {"env": "SOVEREIGN_REFRESH_CONTEXT"},
-            "context_refresh_rate": {"env": "SOVEREIGN_CONTEXT_REFRESH_RATE"},
-            "context_refresh_cron": {"env": "SOVEREIGN_CONTEXT_REFRESH_CRON"},
-            "dns_hard_fail": {"env": "SOVEREIGN_DNS_HARD_FAIL"},
-            "enable_application_logs": {"env": "SOVEREIGN_ENABLE_APPLICATION_LOGS"},
-            "enable_access_logs": {"env": "SOVEREIGN_ENABLE_ACCESS_LOGS"},
-            "log_fmt": {"env": "SOVEREIGN_LOG_FORMAT"},
-            "ignore_empty_fields": {"env": "SOVEREIGN_LOG_IGNORE_EMPTY"},
-        }
+    model_config = SettingsConfigDict(
+        env_file=".env",
+        extra="ignore",
+        env_file_encoding="utf-8",
+        populate_by_name=True,
+    )
 
     @property
     def passwords(self) -> List[str]:
@@ -492,16 +492,15 @@ class TemplateSpecification(BaseModel):
 
 
 class NodeMatching(BaseSettings):
-    enabled: bool = True
-    source_key: str = "service_clusters"
-    node_key: str = "cluster"
-
-    class Config:
-        fields = {
-            "enabled": {"env": "SOVEREIGN_NODE_MATCHING_ENABLED"},
-            "source_key": {"env": "SOVEREIGN_SOURCE_MATCH_KEY"},
-            "node_key": {"env": "SOVEREIGN_NODE_MATCH_KEY"},
-        }
+    enabled: bool = Field(True, alias="SOVEREIGN_NODE_MATCHING_ENABLED")
+    source_key: str = Field("service_clusters", alias="SOVEREIGN_SOURCE_MATCH_KEY")
+    node_key: str = Field("cluster", alias="SOVEREIGN_NODE_MATCH_KEY")
+    model_config = SettingsConfigDict(
+        env_file=".env",
+        extra="ignore",
+        env_file_encoding="utf-8",
+        populate_by_name=True,
+    )
 
 
 @dataclass
@@ -511,9 +510,15 @@ class EncryptionConfig:
 
 
 class AuthConfiguration(BaseSettings):
-    enabled: bool = False
-    auth_passwords: SecretStr = SecretStr("")
-    encryption_key: SecretStr = SecretStr("")
+    enabled: bool = Field(False, alias="SOVEREIGN_AUTH_ENABLED")
+    auth_passwords: SecretStr = Field(SecretStr(""), alias="SOVEREIGN_AUTH_PASSWORDS")
+    encryption_key: SecretStr = Field(SecretStr(""), alias="SOVEREIGN_ENCRYPTION_KEY")
+    model_config = SettingsConfigDict(
+        env_file=".env",
+        extra="ignore",
+        env_file_encoding="utf-8",
+        populate_by_name=True,
+    )
 
     @staticmethod
     def _create_encryption_config(encryption_key_setting: str) -> EncryptionConfig:
@@ -534,37 +539,29 @@ class AuthConfiguration(BaseSettings):
         )
         return configs
 
-    class Config:
-        fields = {
-            "enabled": {"env": "SOVEREIGN_AUTH_ENABLED"},
-            "auth_passwords": {"env": "SOVEREIGN_AUTH_PASSWORDS"},
-            "encryption_key": {"env": "SOVEREIGN_ENCRYPTION_KEY"},
-        }
-
 
 class ApplicationLogConfiguration(BaseSettings):
-    enabled: bool = False
-    log_fmt: Optional[str] = None
+    enabled: bool = Field(False, alias="SOVEREIGN_ENABLE_APPLICATION_LOGS")
+    log_fmt: Optional[str] = Field(None, alias="SOVEREIGN_APPLICATION_LOG_FORMAT")
     # currently only support /dev/stdout as JSON
-
-    class Config:
-        fields = {
-            "enabled": {"env": "SOVEREIGN_ENABLE_APPLICATION_LOGS"},
-            "log_fmt": {"env": "SOVEREIGN_APPLICATION_LOG_FORMAT"},
-        }
+    model_config = SettingsConfigDict(
+        env_file=".env",
+        extra="ignore",
+        env_file_encoding="utf-8",
+        populate_by_name=True,
+    )
 
 
 class AccessLogConfiguration(BaseSettings):
-    enabled: bool = True
-    log_fmt: Optional[str] = None
-    ignore_empty_fields: bool = False
-
-    class Config:
-        fields = {
-            "enabled": {"env": "SOVEREIGN_ENABLE_ACCESS_LOGS"},
-            "log_fmt": {"env": "SOVEREIGN_LOG_FORMAT"},
-            "ignore_empty_fields": {"env": "SOVEREIGN_LOG_IGNORE_EMPTY"},
-        }
+    enabled: bool = Field(True, alias="SOVEREIGN_ENABLE_ACCESS_LOGS")
+    log_fmt: Optional[str] = Field(None, alias="SOVEREIGN_LOG_FORMAT")
+    ignore_empty_fields: bool = Field(False, alias="SOVEREIGN_LOG_IGNORE_EMPTY")
+    model_config = SettingsConfigDict(
+        env_file=".env",
+        extra="ignore",
+        env_file_encoding="utf-8",
+        populate_by_name=True,
+    )
 
 
 class LoggingConfiguration(BaseSettings):
@@ -574,11 +571,19 @@ class LoggingConfiguration(BaseSettings):
 
 class ContextConfiguration(BaseSettings):
     context: Dict[str, Loadable] = {}
-    refresh: bool = False
-    refresh_rate: Optional[int] = None
-    refresh_cron: Optional[str] = None
-    refresh_num_retries: int = 3
-    refresh_retry_interval_secs: int = 10
+    refresh: bool = Field(False, alias="SOVEREIGN_REFRESH_CONTEXT")
+    refresh_rate: Optional[int] = Field(None, alias="SOVEREIGN_CONTEXT_REFRESH_RATE")
+    refresh_cron: Optional[str] = Field(None, alias="SOVEREIGN_CONTEXT_REFRESH_CRON")
+    refresh_num_retries: int = Field(3, alias="SOVEREIGN_CONTEXT_REFRESH_NUM_RETRIES")
+    refresh_retry_interval_secs: int = Field(
+        10, alias="SOVEREIGN_CONTEXT_REFRESH_RETRY_INTERVAL_SECS"
+    )
+    model_config = SettingsConfigDict(
+        env_file=".env",
+        extra="ignore",
+        env_file_encoding="utf-8",
+        populate_by_name=True,
+    )
 
     @staticmethod
     def context_from_legacy(context: Dict[str, str]) -> Dict[str, Loadable]:
@@ -587,20 +592,16 @@ class ContextConfiguration(BaseSettings):
             ret[key] = Loadable.from_legacy_fmt(value)
         return ret
 
-    @root_validator(pre=False)
-    def validate_single_use_refresh_method(
-        cls, values: Dict[str, Any]
-    ) -> Dict[str, Any]:
-        refresh_rate = values.get("refresh_rate")
-        refresh_cron = values.get("refresh_cron")
-
-        if (refresh_rate is not None) and (refresh_cron is not None):
+    @model_validator(mode="after")
+    def validate_single_use_refresh_method(self) -> Self:
+        if (self.refresh_rate is not None) and (self.refresh_cron is not None):
             raise RuntimeError(
-                f"Only one of SOVEREIGN_CONTEXT_REFRESH_RATE or SOVEREIGN_CONTEXT_REFRESH_CRON can be defined. Got {refresh_rate=} and {refresh_cron=}"
+                f"Only one of SOVEREIGN_CONTEXT_REFRESH_RATE or SOVEREIGN_CONTEXT_REFRESH_CRON can be defined. Got {self.refresh_rate=} and {self.refresh_cron=}"
             )
-        return values
+        return self
 
-    @root_validator
+    @model_validator(mode="before")
+    @classmethod
     def set_default_refresh_rate(cls, values: Dict[str, Any]) -> Dict[str, Any]:
         refresh_rate = values.get("refresh_rate")
         refresh_cron = values.get("refresh_cron")
@@ -609,7 +610,8 @@ class ContextConfiguration(BaseSettings):
             values["refresh_rate"] = 3600
         return values
 
-    @validator("refresh_cron")
+    @field_validator("refresh_cron")
+    @classmethod
     def validate_refresh_cron(cls, v: Optional[str]) -> Optional[str]:
         if v is None:
             return v
@@ -617,36 +619,34 @@ class ContextConfiguration(BaseSettings):
             raise CroniterBadCronError(f"'{v}' is not a valid cron expression")
         return v
 
-    class Config:
-        fields = {
-            "refresh": {"env": "SOVEREIGN_REFRESH_CONTEXT"},
-            "refresh_rate": {"env": "SOVEREIGN_CONTEXT_REFRESH_RATE"},
-            "refresh_cron": {"env": "SOVEREIGN_CONTEXT_REFRESH_CRON"},
-            "refresh_num_retries": {"env": "SOVEREIGN_CONTEXT_REFRESH_NUM_RETRIES"},
-            "refresh_retry_interval_secs": {
-                "env": "SOVEREIGN_CONTEXT_REFRESH_RETRY_INTERVAL_SECS"
-            },
-        }
-
 
 class SourcesConfiguration(BaseSettings):
-    refresh_rate: int = 30
-    cache_strategy: CacheStrategy = CacheStrategy.context
-
-    class Config:
-        fields = {
-            "refresh_rate": {"env": "SOVEREIGN_SOURCES_REFRESH_RATE"},
-            "cache_strategy": {"env": "SOVEREIGN_CACHE_STRATEGY"},
-        }
+    refresh_rate: int = Field(30, alias="SOVEREIGN_SOURCES_REFRESH_RATE")
+    cache_strategy: CacheStrategy = Field(
+        CacheStrategy.context, alias="SOVEREIGN_CACHE_STRATEGY"
+    )
+    model_config = SettingsConfigDict(
+        env_file=".env",
+        extra="ignore",
+        env_file_encoding="utf-8",
+        populate_by_name=True,
+    )
 
 
 class LegacyConfig(BaseSettings):
     regions: Optional[List[str]] = None
-    eds_priority_matrix: Optional[Dict[str, Dict[str, str]]] = None
-    dns_hard_fail: Optional[bool] = None
-    environment: Optional[str] = None
+    eds_priority_matrix: Optional[Dict[str, Dict[str, int]]] = None
+    dns_hard_fail: Optional[bool] = Field(None, alias="SOVEREIGN_DNS_HARD_FAIL")
+    environment: Optional[str] = Field(None, alias="SOVEREIGN_ENVIRONMENT")
+    model_config = SettingsConfigDict(
+        env_file=".env",
+        extra="ignore",
+        env_file_encoding="utf-8",
+        populate_by_name=True,
+    )
 
-    @validator("regions")
+    @field_validator("regions")
+    @classmethod
     def regions_is_set(cls, v: Optional[List[str]]) -> List[str]:
         if v is not None:
             warnings.warn(
@@ -659,7 +659,8 @@ class LegacyConfig(BaseSettings):
         else:
             return []
 
-    @validator("eds_priority_matrix")
+    @field_validator("eds_priority_matrix")
+    @classmethod
     def eds_priority_matrix_is_set(
         cls, v: Optional[Dict[str, Dict[str, Any]]]
     ) -> Dict[str, Dict[str, Any]]:
@@ -674,7 +675,8 @@ class LegacyConfig(BaseSettings):
         else:
             return {}
 
-    @validator("dns_hard_fail")
+    @field_validator("dns_hard_fail")
+    @classmethod
     def dns_hard_fail_is_set(cls, v: Optional[bool]) -> bool:
         if v is not None:
             warnings.warn(
@@ -688,7 +690,8 @@ class LegacyConfig(BaseSettings):
         else:
             return False
 
-    @validator("environment")
+    @field_validator("environment")
+    @classmethod
     def environment_is_set(cls, v: Optional[str]) -> Optional[str]:
         if v is not None:
             warnings.warn(
@@ -701,12 +704,6 @@ class LegacyConfig(BaseSettings):
         else:
             return None
 
-    class Config:
-        fields = {
-            "dns_hard_fail": {"env": "SOVEREIGN_DNS_HARD_FAIL"},
-            "environment": {"env": "SOVEREIGN_ENVIRONMENT"},
-        }
-
 
 class SovereignConfigv2(BaseSettings):
     sources: List[ConfiguredSource]
@@ -719,16 +716,16 @@ class SovereignConfigv2(BaseSettings):
     authentication: AuthConfiguration = AuthConfiguration()
     logging: LoggingConfiguration = LoggingConfiguration()
     statsd: StatsdConfig = StatsdConfig()
-    sentry_dsn: SecretStr = SecretStr("")
-    debug: bool = False
+    sentry_dsn: SecretStr = Field(SecretStr(""), alias="SOVEREIGN_SENTRY_DSN")
+    debug: bool = Field(False, alias="SOVEREIGN_DEBUG")
     legacy_fields: LegacyConfig = LegacyConfig()
     discovery_cache: DiscoveryCacheConfig = DiscoveryCacheConfig()
-
-    class Config:
-        fields = {
-            "sentry_dsn": {"env": "SOVEREIGN_SENTRY_DSN"},
-            "debug": {"env": "SOVEREIGN_DEBUG"},
-        }
+    model_config = SettingsConfigDict(
+        env_file=".env",
+        extra="ignore",
+        env_file_encoding="utf-8",
+        populate_by_name=True,
+    )
 
     @property
     def passwords(self) -> List[str]:
@@ -751,10 +748,10 @@ class SovereignConfigv2(BaseSettings):
         return self.__repr__()
 
     def __repr__(self) -> str:
-        return f"SovereignConfigv2({self.dict()})"
+        return f"SovereignConfigv2({self.model_dump()})"
 
     def show(self) -> Dict[str, Any]:
-        return self.dict()
+        return self.model_dump()
 
     @staticmethod
     def from_legacy_config(other: SovereignConfig) -> "SovereignConfigv2":

sovereign-0.27.0/src/sovereign/testing/loaders.py

@@ -0,0 +1,9 @@
+from typing import Any
+from sovereign.config_loader import CustomLoader, Serialization
+
+
+class Multiply(CustomLoader):
+    @staticmethod
+    def load(path: str, ser: Serialization) -> Any:
+        result = path * 2
+        return f"{ser}:{result}"

{sovereign-0.25.4 → sovereign-0.27.0}/src/sovereign/utils/crypto/crypto.py

@@ -79,6 +79,8 @@ class CipherContainer:
 
     @property
     def key_available(self) -> bool:
+        if not self.suites:
+            return False
         return self.suites[0].key_available
 
     AVAILABLE_CIPHERS: dict[EncryptionType | Literal["default"], type[CipherSuite]] = {

{sovereign-0.25.4 → sovereign-0.27.0}/src/sovereign/views/admin.py

@@ -16,7 +16,7 @@ router = APIRouter()
 @router.get("/xds_dump", summary="Displays all xDS resources as JSON")
 async def display_config(
     xds_type: str = Query(
-        ..., title="xDS type", description="The type of request", example="clusters"
+        ..., title="xDS type", description="The type of request", examples=["clusters"]
     ),
     service_cluster: str = Query(
         "*", title="The clients service cluster to emulate in this XDS request"
@@ -48,7 +48,7 @@ async def display_config(
 )
 async def debug_template(
     xds_type: str = Query(
-        ..., title="xDS type", description="The type of request", example="clusters"
+        ..., title="xDS type", description="The type of request", examples=["clusters"]
     ),
     service_cluster: str = Query(
         "*", title="The clients service cluster to emulate in this XDS request"