anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eff3e4bce758ff7da0b10bdbfe7c3a7e3eed0fdf
DECNET/tests/services/test_config_schema.py
anti 77ceb9d6f3 feat(services): config schemas for the rest of the registry + textarea base64 transport 
- Declarative config_schema on RDP, Telnet, MySQL, Redis, SMTP, SMTP_Relay
  matching the keys each service already reads at compose time.
- TODO marker on the 19 services that accept service_cfg but never read it,
  so future contributors know where to plug schemas in.
- Wizard base64-wraps all textarea values at INI emit (DeckyFleet
  buildIni); validate_cfg detects the b64: sentinel and decodes back to
  UTF-8. Plain raw strings still pass through for direct API submitters.
- HTTPS image entrypoint accepts PEM content or path in TLS_CERT/TLS_KEY:
  detects a BEGIN header, writes content to /opt/tls/, and re-exports
  the on-disk path so server.py keeps reading paths.
- Tests cover schema/compose alignment for each new service plus
  textarea base64 round-trip (incl. UTF-8) and HTTPS PEM end-to-end.
2026-04-29 12:23:56 -04:00

260 lines
8.7 KiB
Python
Raw Blame History

"""Schema-driven service config: descriptors, validation, compose round-trip."""
import base64
import pytest
from decnet.services.base import (
BaseService,
ConfigValidationError,
ServiceConfigField,
)
from decnet.services.http import HTTPService
from decnet.services.https import HTTPSService
from decnet.services.mysql import MySQLService
from decnet.services.rdp import RDPService
from decnet.services.redis import RedisService
from decnet.services.smtp import SMTPService
from decnet.services.smtp_relay import SMTPRelayService
from decnet.services.ssh import SSHService
from decnet.services.telnet import TelnetService
class _Dummy(BaseService):
name = "dummy"
ports = [9999]
default_image = "alpine"
config_schema = [
ServiceConfigField(key="text", label="Text", type="string"),
ServiceConfigField(key="port", label="Port", type="int", default=8080),
ServiceConfigField(key="enabled", label="Enabled", type="bool"),
ServiceConfigField(
key="mode",
label="Mode",
type="enum",
enum=["a", "b", "c"],
),
ServiceConfigField(key="body", label="Body", type="textarea"),
ServiceConfigField(key="pw", label="Pw", type="password", secret=True),
]
def compose_fragment(self, decky_name, log_target=None, service_cfg=None):
return {"environment": dict(service_cfg or {})}
def test_unknown_keys_are_dropped():
cfg = _Dummy().validate_cfg({"text": "hi", "wat": "nope"})
assert cfg == {"text": "hi"}
def test_empty_string_drops_optional_key():
# compose_fragment guards on `if "key" in cfg`, so empty strings must
# not slip through as the literal "".
cfg = _Dummy().validate_cfg({"text": "", "port": 1234})
assert "text" not in cfg
assert cfg["port"] == 1234
def test_int_coercion_from_string():
cfg = _Dummy().validate_cfg({"port": "8443"})
assert cfg == {"port": 8443}
def test_int_rejects_garbage():
with pytest.raises(ConfigValidationError):
_Dummy().validate_cfg({"port": "eighty"})
def test_bool_coercion():
s = _Dummy()
assert s.validate_cfg({"enabled": "true"}) == {"enabled": True}
assert s.validate_cfg({"enabled": "0"}) == {"enabled": False}
assert s.validate_cfg({"enabled": True}) == {"enabled": True}
def test_enum_rejects_out_of_set():
with pytest.raises(ConfigValidationError):
_Dummy().validate_cfg({"mode": "z"})
def test_enum_accepts_valid():
assert _Dummy().validate_cfg({"mode": "b"}) == {"mode": "b"}
def test_none_cfg_returns_empty_dict():
assert _Dummy().validate_cfg(None) == {}
def test_field_to_json_omits_unused_enum():
f = ServiceConfigField(key="x", label="X", type="string")
assert "enum" not in f.to_json()
g = ServiceConfigField(key="m", label="M", type="enum", enum=["a", "b"])
assert g.to_json()["enum"] == ["a", "b"]
# --- Real services -----------------------------------------------------------
def test_ssh_schema_keys_match_compose_reads():
# SSHService.compose_fragment reads cfg.get("password") and cfg.get("hostname")
# — the schema must expose exactly those.
keys = {f.key for f in SSHService.config_schema}
assert keys == {"password", "hostname"}
def test_ssh_compose_round_trip_through_validator():
svc = SSHService()
cfg = svc.validate_cfg({"password": "hunter2", "hostname": "mail-01"})
frag = svc.compose_fragment("decky-test", service_cfg=cfg)
env = frag["environment"]
assert env["SSH_ROOT_PASSWORD"] == "hunter2"
assert env["SSH_HOSTNAME"] == "mail-01"
assert env["NODE_NAME"] == "decky-test"
def test_ssh_default_password_when_unset():
svc = SSHService()
cfg = svc.validate_cfg({})
frag = svc.compose_fragment("decky-test", service_cfg=cfg)
# Default fallback in compose_fragment is "admin"; validator returns {}
assert frag["environment"]["SSH_ROOT_PASSWORD"] == "admin"
def test_http_schema_covers_compose_keys():
keys = {f.key for f in HTTPService.config_schema}
# These are the keys HTTPService.compose_fragment branches on.
assert {"server_header", "response_code", "fake_app", "extra_headers", "custom_body"} <= keys
def test_http_response_code_int_coercion():
svc = HTTPService()
cfg = svc.validate_cfg({"response_code": "418"})
frag = svc.compose_fragment("decky-test", service_cfg=cfg)
assert frag["environment"]["RESPONSE_CODE"] == "418"
def test_https_schema_includes_tls_fields():
keys = {f.key for f in HTTPSService.config_schema}
assert {"tls_cn", "tls_cert", "tls_key"} <= keys
secrets = {f.key for f in HTTPSService.config_schema if f.secret}
assert {"tls_cert", "tls_key"} <= secrets
# --- Schemas added in this batch --------------------------------------------
def test_telnet_schema_keys_match_compose_reads():
assert {f.key for f in TelnetService.config_schema} == {"password", "hostname"}
def test_telnet_compose_round_trip():
svc = TelnetService()
cfg = svc.validate_cfg({"password": "hunter2", "hostname": "mail-01"})
frag = svc.compose_fragment("decky-test", service_cfg=cfg)
env = frag["environment"]
assert env["TELNET_ROOT_PASSWORD"] == "hunter2"
assert env["TELNET_HOSTNAME"] == "mail-01"
def test_rdp_schema_matches_and_bool_coerces():
assert {f.key for f in RDPService.config_schema} == {"nla"}
svc = RDPService()
cfg = svc.validate_cfg({"nla": "true"})
assert cfg == {"nla": True}
frag = svc.compose_fragment("decky-test", service_cfg=cfg)
assert frag["environment"]["RDP_ENABLE_NLA"] == "true"
def test_rdp_nla_off_drops_env_var():
svc = RDPService()
cfg = svc.validate_cfg({"nla": "false"})
frag = svc.compose_fragment("decky-test", service_cfg=cfg)
assert "RDP_ENABLE_NLA" not in frag["environment"]
def test_mysql_schema_and_round_trip():
assert {f.key for f in MySQLService.config_schema} == {"version"}
svc = MySQLService()
cfg = svc.validate_cfg({"version": "8.0.36"})
frag = svc.compose_fragment("decky-test", service_cfg=cfg)
assert frag["environment"]["MYSQL_VERSION"] == "8.0.36"
def test_redis_schema_and_round_trip():
assert {f.key for f in RedisService.config_schema} == {"version", "os_string"}
svc = RedisService()
cfg = svc.validate_cfg({"version": "7.2.4", "os_string": "Linux 5.15.0 x86_64"})
frag = svc.compose_fragment("decky-test", service_cfg=cfg)
assert frag["environment"]["REDIS_VERSION"] == "7.2.4"
assert frag["environment"]["REDIS_OS"] == "Linux 5.15.0 x86_64"
def test_smtp_schema_and_round_trip():
assert {f.key for f in SMTPService.config_schema} == {"banner", "mta"}
svc = SMTPService()
cfg = svc.validate_cfg({"banner": "mail.corp ESMTP", "mta": "exim"})
frag = svc.compose_fragment("decky-test", service_cfg=cfg)
assert frag["environment"]["SMTP_BANNER"] == "mail.corp ESMTP"
assert frag["environment"]["SMTP_MTA"] == "exim"
def test_smtp_mta_enum_rejects_unknown():
with pytest.raises(ConfigValidationError):
SMTPService().validate_cfg({"mta": "qmail"})
def test_smtp_relay_schema_matches_smtp():
assert (
{f.key for f in SMTPRelayService.config_schema}
== {f.key for f in SMTPService.config_schema}
)
svc = SMTPRelayService()
frag = svc.compose_fragment(
"decky-test", service_cfg=svc.validate_cfg({"banner": "x", "mta": "postfix"})
)
assert frag["environment"]["SMTP_OPEN_RELAY"] == "1"
assert frag["environment"]["SMTP_BANNER"] == "x"
# --- Textarea base64 transport ----------------------------------------------
def _b64(s: str) -> str:
return "b64:" + base64.b64encode(s.encode("utf-8")).decode("ascii")
def test_textarea_b64_decoded():
cfg = _Dummy().validate_cfg({"body": _b64("line1\nline2\nline3")})
assert cfg == {"body": "line1\nline2\nline3"}
def test_textarea_b64_malformed_rejected():
with pytest.raises(ConfigValidationError):
_Dummy().validate_cfg({"body": "b64:not-valid-base64!!"})
def test_textarea_plain_passthrough_for_api_callers():
# Direct API submitters don't base64-wrap; raw multi-line strings
# must pass through unchanged.
cfg = _Dummy().validate_cfg({"body": "raw\nstuff"})
assert cfg == {"body": "raw\nstuff"}
def test_https_pem_round_trip_through_b64():
pem = (
"-----BEGIN CERTIFICATE-----\n"
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxxx\n"
"-----END CERTIFICATE-----\n"
)
svc = HTTPSService()
cfg = svc.validate_cfg({"tls_cert": _b64(pem)})
assert cfg["tls_cert"] == pem # newlines restored
frag = svc.compose_fragment("decky-test", service_cfg=cfg)
assert frag["environment"]["TLS_CERT"] == pem
def test_textarea_b64_handles_utf8():
s = "héllo\nwörld\n"
cfg = _Dummy().validate_cfg({"body": _b64(s)})
assert cfg == {"body": s}
Reference in New Issue View Git Blame Copy Permalink