U ]1K@s`ddlmZddlmZddlZddlZddlZddlZddlZddlZddl m Z ddl m Z ddl m Z ddl mZddl mZd d lmZd d lmZd d lmZd dlmZd dlmZeeZdddddddddddddd ZdZdZdZdj edZ!dj e!d Z"d!Z#d"$d#j e#e!d$%Z&e j'ded%d&d'Z(e j'd(ed%d)d*Z)e j'd+ed,d-d.Z*d/d0Z+d1d2Z,d3d4Z-d5d6Z.d7d8Z/d9d:Z0d;d<Z1d=d>Z2d?d@Z3dAdBZ4dCdDZ5dEdFZ6dGdHZ7dIdJZ8dKdLZ9dMdNZ:dOdPZ;dQdRZdWdXZ?dYdZZ@d[d\ZAd]d^ZBd_d`ZCdadbZDdcddZEdedfZFdgdhZGdidjZHdS)k)absolute_import)unicode_literalsN) split_port)Draft4Validator) FormatChecker) RefResolver)ValidationError)COMPOSEFILE_V1)NANOCPUS_SCALEConfigurationError)VERSION_EXPLANATION)"get_service_name_from_network_modeZ cpu_sharesZ extra_hostsZdeviceslinksZ memswap_limitportsZ privilegedvolumesZ working_dir) Z cpu_shareZadd_hostZhostsZ extra_hostZdevicelinkZ memory_swapZportZ privilegeZ priviligedZ priviligeZvolumeZworkdirz[a-zA-Z0-9\._\-]z^\d+(\-\d+)?(\/[a-zA-Z]+)?$z!(\d{1,2}|1\d{2}|2[0-4]\d|25[0-5])z({IPV4_SEG}\.){{3}}{IPV4_SEG})ZIPV4_SEGz!^{IPV4_ADDR}/(\d|[1-2]\d|3[0-2])$) IPV4_ADDRz[0-9a-fA-F]{1,4}a9 ^ ( (({IPV6_SEG}:){{7}}{IPV6_SEG})| (({IPV6_SEG}:){{1,7}}:)| (({IPV6_SEG}:){{1,6}}(:{IPV6_SEG}){{1,1}})| (({IPV6_SEG}:){{1,5}}(:{IPV6_SEG}){{1,2}})| (({IPV6_SEG}:){{1,4}}(:{IPV6_SEG}){{1,3}})| (({IPV6_SEG}:){{1,3}}(:{IPV6_SEG}){{1,4}})| (({IPV6_SEG}:){{1,2}}(:{IPV6_SEG}){{1,5}})| (({IPV6_SEG}:){{1,1}}(:{IPV6_SEG}){{1,6}})| (:((:{IPV6_SEG}){{1,7}}|:))| (fe80:(:{IPV6_SEG}){{0,4}}%[0-9a-zA-Z]{{1,}})| (::(ffff(:0{{1,4}}){{0,1}}:){{0,1}}{IPV4_ADDR})| (({IPV6_SEG}:){{1,4}}:{IPV4_ADDR}) ) /(\d|[1-9]\d|1[0-1]\d|12[0-8]) $ )ZIPV6_SEGr)formatraisesc CsBz t|Wn0tk r<}ztt|W5d}~XYnXdS)NT)r ValueErrorrsix text_type)instanceer;/usr/lib/python3/dist-packages/compose/config/validation.py format_portsIs   r exposecCs$t|tjr tt|s tddS)Nz)should be of the format 'PORT[/PROTOCOL]'T) isinstancer string_typesrematchVALID_EXPOSE_FORMATrrrrr format_exposeRs   r(subnet_ip_address)rcCs0t|tjr,tt|s,tt|s,tddS)Nzshould use the CIDR formatT)r"rr#r$r%VALID_REGEX_IPV4_CIDRVALID_REGEX_IPV6_CIDRrr'rrrformat_subnet_ip_address\s    r,cCsD|dg}|D].}|jr|j|krtd||dqdS)Nrz`Named volume "{0}" is used in service "{1}" but no declaration was found in the volumes section.name)getZis_named_volumeZexternalrrrepr)Z service_dictZproject_volumesZservice_volumesZ volume_specrrrmatch_named_volumesfs r0c Cs(t|j}ddddddddd||S)NmappingZarrayZnumberZbooleanstring)dictlistintfloatboolZunicodestrbytes)type__name__r.)Ztype_Z type_namerrrpython_type_to_yaml_typers  r<c Cst|ts&tdj||tt|d|D]X\}}t|tjsVtdj|||dt|tt dfs.tdj|||tt|dq.dS)zValidate the structure of a configuration section. This must be done before interpolation so it's separate from schema validation. z>In file '{filename}', {section} must be a mapping, not {type}.)filenamesectionr:zWIn file '{filename}', the {section} name {name} must be a quoted string, i.e. '{name}'.)r=r>r-NzFIn file '{filename}', {section} '{name}' must be a mapping not {type}.)r=r>r-r:) r"r3rranglicize_json_typer<itemsrr#r:)r=configr>keyvaluerrrvalidate_config_sections4    rDcCs(t|jts$td|jt|jdS)Nz8Top level object in '{}' needs to be an object not '{}'.)r"rAr3rrr=r:) config_filerrrvalidate_top_level_objects rFcCsR|jdi}t|D]4\}}t|tr|d|dkstdj||dqdS)NZulimitsZsoftZhardzdService '{s.name}' has invalid ulimit '{ulimit}'. 'soft' value can not be greater than 'hard' value )sZulimit)rAr.rZ iteritemsr"r3rr)service_configZ ulimit_configZ limit_nameZsoft_hard_valuesrrrvalidate_ulimitss rIcCs(d|}d|kr$|dkr$td|dS)zo The service to be extended must either be defined in the config key 'file', or within 'filename'. z'Invalid 'extends' configuration for %s:fileNz;%s you need to specify a 'file', e.g. 'file: something.yml'r ) service_nameZextends_optionsr=Z error_prefixrrrvalidate_extends_file_paths rLcCsT|jd}|sdSd|jkr&tdt|}|s6dS||krPtdj||ddS)N network_modeZnetworksz0'network_mode' and 'networks' cannot be combinedzPService '{s.name}' uses the network stack of service '{dep}' which is undefined.rGZdep)rAr.rrr)rH service_namesrM dependencyrrrvalidate_network_modes  rQcCsB|jd}|sdSt|}|s$dS||kr>tdj||ddS)NpidzPService '{s.name}' uses the PID namespace of service '{dep}' which is undefined.rN)rAr.rrr)rHrOZpid_moderPrrrvalidate_pid_modes rScCs<|jdgD](}|dd|krtdj||dqdS)Nr:rzEService '{s.name}' has a link to service '{link}' which is undefined.)rGr)rAr.splitrr)rHrOrrrrvalidate_linkssrVcCs:|jdi}|D]}||krtdj||dqdS)NZ depends_onzAService '{s.name}' depends on service '{dep}' which is undefined.rN)rAr.keysrr)rHrOZdepsrPrrrvalidate_depends_ons rXcCs8|jd}|sdSd|kr4d|kr4tdj|ddS)Ncredential_specregistryrJzQService '{s.name}' is missing 'credential_spec.file' or credential_spec.registry')rG)rAr.rr)rHrYrrrvalidate_credential_specs r[cCs.dt||}|tkr*|dt|7}|S)Nz&Unsupported config option for {}: '{}'z (did you mean '{}'?))r path_stringDOCKER_CONFIG_HINTS)pathZ error_keymsgrrrget_unsupported_config_msgsr`cCs|drd|Sd|S)N)ariouzan za ) startswith)Z json_typerrrr?s r?cCs|dkS)N)zconfig_schema_v1.jsonz#/properties/servicesr) schema_idrrris_service_dict_schema srgcCs|jd}t|r<|jdkrz..)anyfilter).0rbrrr sz3handle_error_for_schema_with_id..rz#/definitions/serviceZconfig_schema_vzInvalid top-level property "{key}". Valid top-level sections for this Compose file are: {properties}, and extensions starting with "x-". {explanation}, properties)rBrtZ explanationz{} {})schemarg validatorrr4rrkparse_key_from_error_msgr`rejoinrWrr^message)errorr^rfinvalid_config_keyrrrhandle_error_for_schema_with_ids*    r|cCsd}|j}|jdkr4d}t|\}}|r||n|jdkrNd}t|j}n|jdkrjd|j}d}nj|jdkrt|jd }d |j|}d }||d ||}n"|j rt |j }d }n |j rd }|r|j t||dS|jS)NoneOfz {path} {msg}r:z3{path} contains an invalid type, it should be {msg}requiredrsz%{path} is invalid, {msg} is required.Z dependenciesr,z{path} is invalid: {msg}z,when defining '{}' you must set '{}' as wellz{path} value {msg})r^r_)ryrv_parse_oneof_validatorappend!_parse_valid_types_from_validatorvalidator_valuerxr4rWrcauserrr^r\)rzr^Z msg_format error_msgZ config_keyZ required_keysrrrhandle_generic_error/s<          rcCsLz|jddWStk rF|jdddddYSXdS)N'r ( r)ryrU IndexErrorstrip)rzrrrrwXsrwcCsddd|DS)N.css|]}t|tjr|VqdSrj)r"rr#)rqrlrrr `s zpath_string..)rx)r^rrrr\_sr\cCsZt|tst|St|dkr*t|dSddt|dg|ddt|dS)zA validator value can be either an array of valid types or a string of a valid type. Parse the valid types and prefix with the correct article. r rz {}, or {}rs)r"r4r?lenrrx)rvrrrrcs    rcCsg}|jD]}|jdkr6t|\}}t|j|fS|jdkrNd|jfS|jdkrrt|}dd|fS|jdkr|jrt|jndd|jfS|jrt|jdt |jt |j fS|jd kr | |j q t |}dd |fS) aoneOf has multiple schemas, so we need to reason about which schema, sub schema or constraint the validation is failing on. Inspecting the context value of a ValidationError gives us information about which sub schema failed and which kind of error it is. r}r~Nriz!contains unsupported option: '{}'Z uniqueItemsz;contains non-unique items, please remove duplicates from {}z6contains {}, which is an invalid type, it should be {}r:z)contains an invalid type, it should be {})contextrvrr\r^ryrwrrjsondumpsrrr)rztypesr_rr{Z valid_typesrrrrrs6        rcCsf|tkrDd|jkr&d|jkr&d|Sd|jkrDd|jkrDd|Sd|jkrbd|jkrbd|SdS)NZimageZbuildzService {} has both an image and build path specified. A service can either be built to image or use an existing image, not both.Z dockerfilezService {} has both an image and alternate Dockerfile. A service can either be built to image or use an existing image, not both.z]Service {} has neither an image nor a build context specified. At least one must be provided.)V1rr)rzrKversionrrr!process_service_constraint_errorss rcCs0t|j}d|jkr&t||}|r&|St||S)Nrh)r4r^rur|r)rzr^rrrrprocess_config_schema_errorss    rcCsFt|}tdddg}t|tt||d}t||jt|j dS)Nrr!r))Zresolverformat_checker) load_jsonschemarrrget_resolver_path handle_errors iter_errorsrArr=)rErurrvrrrvalidate_against_config_schemas  rcs@fdd}t}t|ddd}t|||ddS)Ncst|jSrj)rr)errorsrErKrrhandlers z-validate_service_constraints..handlerZ definitionsZ constraintsservice)rrrr)rArKrErrurvrrrvalidate_service_constraintssrcCs:|jd}|sdS|t}t|tr6|s6tddS)Ncpusz6cpus must have nine or less digits after decimal point)rAr.r r"r6 is_integerr)rHrZ nano_cpusrrr validate_cpus rcCstjtjtSrj)osr^dirnameabspath__file__rrrrget_schema_pathsrc Csbtjtd|j}tj|s6td|jt t |d}t |W5QRSQRXdS)Nzconfig_schema_v{0}.jsonz"Version in "{}" is unsupported. {}r) rr^rxrrrexistsrr=ropenrload)rEr=Zfhrrrrs   rcCs2t}tjdkr"d}|dd}nd}d||S)NZwin32z///\/z//z file:{}{}/)rsysplatformreplacer)Z schema_pathZschemerrrrs  rcsTtt|td}|sdSdfdd|D}tdj|rDd|nd|d dS) zjsonschema returns an error tree full of information to explain what has gone wrong. Process each error and pull out relevant information and re-write helpful error messages that are relevant. )rBN c3s|]}|VqdSrjr)rqrzformat_error_funcrrrsz handle_errors..z:The Compose file{file_msg} is invalid because: {error_msg}z '{}'r)Zfile_msgr)r4sortedr8rxrr)rrr=rrrrrsrcCs|jdi}d|krt|dtrt|ddkrFtd|jnN|dddkrtt|dkrttd|jn |dddkrtd |jdS) N healthcheckZtestrzDService "{}" defines an invalid healthcheck: "test" is an empty listNONEr zbService "{}" defines an invalid healthcheck: "disable: true" cannot be combined with other options)rZCMDz CMD-SHELLzwService "{}" defines an invalid healthcheck: when "test" is a list the first item must be either NONE, CMD or CMD-SHELL)rAr.r"r4rrrr-)rHrrrrvalidate_healthchecks(r)IZ __future__rrrZloggingrr$rrZdocker.utils.portsrZ jsonschemarrrrZconstr rr rrrZ sort_servicesrZ getLoggerr;logr]rkr&ZVALID_IPV4_SEGrZVALID_IPV4_ADDRr*ZVALID_IPV6_SEGrxrUr+Z cls_checksr r(r,r0r<rDrFrIrLrQrSrVrXr[r`r?rgr|rrwr\rrrrrrrrrrrrrrrrs                          ))