authentik/passbook/outposts/controllers/docker.py

"""Docker controller"""
from time import sleep
from typing import Dict, Tuple

from django.conf import settings
from docker import DockerClient
from docker.errors import DockerException, NotFound
from docker.models.containers import Container
from yaml import safe_dump

from passbook import __version__
from passbook.lib.config import CONFIG
from passbook.outposts.controllers.base import BaseController, ControllerException
from passbook.outposts.models import (
    DockerServiceConnection,
    Outpost,
    ServiceConnectionInvalid,
)


class DockerController(BaseController):
    """Docker controller"""

    client: DockerClient

    container: Container
    connection: DockerServiceConnection

    def __init__(self, outpost: Outpost, connection: DockerServiceConnection) -> None:
        super().__init__(outpost, connection)
        try:
            self.client = connection.client()
        except ServiceConnectionInvalid as exc:
            raise ControllerException from exc

    def _get_labels(self) -> Dict[str, str]:
        return {}

    def _get_env(self) -> Dict[str, str]:
        return {
            "PASSBOOK_HOST": self.outpost.config.passbook_host,
            "PASSBOOK_INSECURE": str(self.outpost.config.passbook_host_insecure),
            "PASSBOOK_TOKEN": self.outpost.token.key,
        }

    def _comp_env(self, container: Container) -> bool:
        """Check if container's env is equal to what we would set. Return true if container needs
        to be rebuilt."""
        should_be = self._get_env()
        container_env = container.attrs.get("Config", {}).get("Env", {})
        for key, expected_value in should_be.items():
            if key not in container_env:
                continue
            if container_env[key] != expected_value:
                return True
        return False

    def _get_container(self) -> Tuple[Container, bool]:
        container_name = f"passbook-proxy-{self.outpost.uuid.hex}"
        try:
            return self.client.containers.get(container_name), False
        except NotFound:
            self.logger.info("Container does not exist, creating")
            image_prefix = CONFIG.y("outposts.docker_image_base")
            image_name = f"{image_prefix}-{self.outpost.type}:{__version__}"
            self.client.images.pull(image_name)
            return (
                self.client.containers.create(
                    image=image_name,
                    name=f"passbook-proxy-{self.outpost.uuid.hex}",
                    detach=True,
                    ports={x: x for _, x in self.deployment_ports.items()},
                    environment=self._get_env(),
                    network_mode="host" if settings.TEST else "bridge",
                    labels=self._get_labels(),
                ),
                True,
            )

    def up(self):
        try:
            container, has_been_created = self._get_container()
            # Check if the container is out of date, delete it and retry
            if len(container.image.tags) > 0:
                tag: str = container.image.tags[0]
                _, _, version = tag.partition(":")
                if version != __version__:
                    self.logger.info(
                        "Container has mismatched version, re-creating...",
                        has=version,
                        should=__version__,
                    )
                    container.kill()
                    container.remove(force=True)
                    return self.up()
            # Check that container values match our values
            if self._comp_env(container):
                self.logger.info("Container has outdated config, re-creating...")
                container.kill()
                container.remove(force=True)
                return self.up()
            # Check that container is healthy
            if (
                container.status == "running"
                and container.attrs.get("State", {}).get("Health", {}).get("Status", "")
                != "healthy"
            ):
                # At this point we know the config is correct, but the container isn't healthy,
                # so we just restart it with the same config
                if has_been_created:
                    # Since we've just created the container, give it some time to start.
                    # If its still not up by then, restart it
                    self.logger.info(
                        "Container is unhealthy and new, giving it time to boot."
                    )
                    sleep(60)
                self.logger.info("Container is unhealthy, restarting...")
                container.restart()
                return None
            # Check that container is running
            if container.status != "running":
                self.logger.info("Container is not running, restarting...")
                container.start()
                return None
            return None
        except DockerException as exc:
            raise ControllerException from exc

    def down(self):
        try:
            container, _ = self._get_container()
            container.kill()
            container.remove()
        except DockerException as exc:
            raise ControllerException from exc

    def get_static_deployment(self) -> str:
        """Generate docker-compose yaml for proxy, version 3.5"""
        ports = [f"{x}:{x}" for _, x in self.deployment_ports.items()]
        image_prefix = CONFIG.y("outposts.docker_image_base")
        compose = {
            "version": "3.5",
            "services": {
                f"passbook_{self.outpost.type}": {
                    "image": f"{image_prefix}-{self.outpost.type}:{__version__}",
                    "ports": ports,
                    "environment": {
                        "PASSBOOK_HOST": self.outpost.config.passbook_host,
                        "PASSBOOK_INSECURE": str(
                            self.outpost.config.passbook_host_insecure
                        ),
                        "PASSBOOK_TOKEN": self.outpost.token.key,
                    },
                }
            },
        }
        return safe_dump(compose, default_flow_style=False)
outposts: implement docker controller 2020-10-03 22:36:12 +00:00			`"""Docker controller"""`
outposts: give container time to boot when newly created 2020-10-16 21:37:44 +00:00			`from time import sleep`
outpost: enable docker controller 2020-10-05 21:11:44 +00:00			`from typing import Dict, Tuple`

outposts: give container time to boot when newly created 2020-10-16 21:37:44 +00:00			`from django.conf import settings`
outposts: initial service connection implementation 2020-11-04 09:41:18 +00:00			`from docker import DockerClient`
outposts: improve controller error handling 2020-10-16 09:31:31 +00:00			`from docker.errors import DockerException, NotFound`
outposts: implement docker controller 2020-10-03 22:36:12 +00:00			`from docker.models.containers import Container`
			`from yaml import safe_dump`

			`from passbook import __version__`
outposts: make docker image prefix configurable 2020-11-15 23:34:51 +00:00			`from passbook.lib.config import CONFIG`
outposts: improve controller error handling 2020-10-16 09:31:31 +00:00			`from passbook.outposts.controllers.base import BaseController, ControllerException`
outposts: save state of outposts 2020-11-08 20:02:52 +00:00			`from passbook.outposts.models import (`
			`DockerServiceConnection,`
			`Outpost,`
			`ServiceConnectionInvalid,`
			`)`
outposts: implement docker controller 2020-10-03 22:36:12 +00:00

			`class DockerController(BaseController):`
			`"""Docker controller"""`

			`client: DockerClient`

			`container: Container`
outposts: initial service connection implementation 2020-11-04 09:41:18 +00:00			`connection: DockerServiceConnection`
outposts: implement docker controller 2020-10-03 22:36:12 +00:00
outposts: fix defaults and tests for outposts 2020-11-04 09:54:44 +00:00			`def __init__(self, outpost: Outpost, connection: DockerServiceConnection) -> None:`
			`super().__init__(outpost, connection)`
outposts: handle docker connection error on init 2020-10-22 10:49:48 +00:00			`try:`
outposts: save state of outposts 2020-11-08 20:02:52 +00:00			`self.client = connection.client()`
			`except ServiceConnectionInvalid as exc:`
outposts: handle docker connection error on init 2020-10-22 10:49:48 +00:00			`raise ControllerException from exc`
outposts: implement docker controller 2020-10-03 22:36:12 +00:00
providers/proxy: add traefik labels to outposts deployed with docker integration 2020-10-18 15:46:20 +00:00			`def _get_labels(self) -> Dict[str, str]:`
			`return {}`

outpost: enable docker controller 2020-10-05 21:11:44 +00:00			`def _get_env(self) -> Dict[str, str]:`
			`return {`
			`"PASSBOOK_HOST": self.outpost.config.passbook_host,`
			`"PASSBOOK_INSECURE": str(self.outpost.config.passbook_host_insecure),`
core: add key field to token for easier rotation 2020-10-18 12:34:22 +00:00			`"PASSBOOK_TOKEN": self.outpost.token.key,`
outpost: enable docker controller 2020-10-05 21:11:44 +00:00			`}`

			`def _comp_env(self, container: Container) -> bool:`
			`"""Check if container's env is equal to what we would set. Return true if container needs`
			`to be rebuilt."""`
			`should_be = self._get_env()`
			`container_env = container.attrs.get("Config", {}).get("Env", {})`
			`for key, expected_value in should_be.items():`
			`if key not in container_env:`
			`continue`
			`if container_env[key] != expected_value:`
			`return True`
			`return False`

			`def _get_container(self) -> Tuple[Container, bool]:`
outposts: implement docker controller 2020-10-03 22:36:12 +00:00			`container_name = f"passbook-proxy-{self.outpost.uuid.hex}"`
			`try:`
outpost: enable docker controller 2020-10-05 21:11:44 +00:00			`return self.client.containers.get(container_name), False`
outposts: implement docker controller 2020-10-03 22:36:12 +00:00			`except NotFound:`
outpost: enable docker controller 2020-10-05 21:11:44 +00:00			`self.logger.info("Container does not exist, creating")`
outposts: make docker image prefix configurable 2020-11-15 23:34:51 +00:00			`image_prefix = CONFIG.y("outposts.docker_image_base")`
			`image_name = f"{image_prefix}-{self.outpost.type}:{__version__}"`
outpost: enable docker controller 2020-10-05 21:11:44 +00:00			`self.client.images.pull(image_name)`
			`return (`
			`self.client.containers.create(`
			`image=image_name,`
			`name=f"passbook-proxy-{self.outpost.uuid.hex}",`
			`detach=True,`
			`ports={x: x for _, x in self.deployment_ports.items()},`
			`environment=self._get_env(),`
outposts: give container time to boot when newly created 2020-10-16 21:37:44 +00:00			`network_mode="host" if settings.TEST else "bridge",`
providers/proxy: add traefik labels to outposts deployed with docker integration 2020-10-18 15:46:20 +00:00			`labels=self._get_labels(),`
outpost: enable docker controller 2020-10-05 21:11:44 +00:00			`),`
			`True,`
outposts: implement docker controller 2020-10-03 22:36:12 +00:00			`)`

outposts: rename run to up, add down method for deleting 2020-10-16 20:22:15 +00:00			`def up(self):`
outposts: improve controller error handling 2020-10-16 09:31:31 +00:00			`try:`
			`container, has_been_created = self._get_container()`
			`# Check if the container is out of date, delete it and retry`
			`if len(container.image.tags) > 0:`
			`tag: str = container.image.tags[0]`
			`_, _, version = tag.partition(":")`
			`if version != __version__:`
			`self.logger.info(`
			`"Container has mismatched version, re-creating...",`
			`has=version,`
			`should=__version__,`
			`)`
			`container.kill()`
			`container.remove(force=True)`
outposts: rename run to up, add down method for deleting 2020-10-16 20:22:15 +00:00			`return self.up()`
outposts: improve controller error handling 2020-10-16 09:31:31 +00:00			`# Check that container values match our values`
			`if self._comp_env(container):`
			`self.logger.info("Container has outdated config, re-creating...")`
outposts: implement docker controller 2020-10-03 22:36:12 +00:00			`container.kill()`
			`container.remove(force=True)`
outposts: rename run to up, add down method for deleting 2020-10-16 20:22:15 +00:00			`return self.up()`
outposts: improve controller error handling 2020-10-16 09:31:31 +00:00			`# Check that container is healthy`
			`if (`
			`container.status == "running"`
			`and container.attrs.get("State", {}).get("Health", {}).get("Status", "")`
			`!= "healthy"`
			`):`
			`# At this point we know the config is correct, but the container isn't healthy,`
			`# so we just restart it with the same config`
outposts: give container time to boot when newly created 2020-10-16 21:37:44 +00:00			`if has_been_created:`
			`# Since we've just created the container, give it some time to start.`
			`# If its still not up by then, restart it`
outposts: kill container on down 2020-10-17 14:33:38 +00:00			`self.logger.info(`
			`"Container is unhealthy and new, giving it time to boot."`
			`)`
outposts: give container time to boot when newly created 2020-10-16 21:37:44 +00:00			`sleep(60)`
outposts: improve controller error handling 2020-10-16 09:31:31 +00:00			`self.logger.info("Container is unhealthy, restarting...")`
			`container.restart()`
outposts: give container time to boot when newly created 2020-10-16 21:37:44 +00:00			`return None`
outposts: improve controller error handling 2020-10-16 09:31:31 +00:00			`# Check that container is running`
			`if container.status != "running":`
			`self.logger.info("Container is not running, restarting...")`
			`container.start()`
outposts: give container time to boot when newly created 2020-10-16 21:37:44 +00:00			`return None`
outposts: improve controller error handling 2020-10-16 09:31:31 +00:00			`return None`
			`except DockerException as exc:`
			`raise ControllerException from exc`
outposts: implement docker controller 2020-10-03 22:36:12 +00:00
outposts: rename run to up, add down method for deleting 2020-10-16 20:22:15 +00:00			`def down(self):`
			`try:`
			`container, _ = self._get_container()`
			`container.kill()`
e2e: use dockercontroller to test proxy 2020-10-17 15:03:10 +00:00			`container.remove()`
outposts: rename run to up, add down method for deleting 2020-10-16 20:22:15 +00:00			`except DockerException as exc:`
			`raise ControllerException from exc`

outposts: implement docker controller 2020-10-03 22:36:12 +00:00			`def get_static_deployment(self) -> str:`
			`"""Generate docker-compose yaml for proxy, version 3.5"""`
			`ports = [f"{x}:{x}" for _, x in self.deployment_ports.items()]`
outposts: make docker image prefix configurable 2020-11-15 23:34:51 +00:00			`image_prefix = CONFIG.y("outposts.docker_image_base")`
outposts: implement docker controller 2020-10-03 22:36:12 +00:00			`compose = {`
			`"version": "3.5",`
			`"services": {`
			`f"passbook_{self.outpost.type}": {`
outposts: make docker image prefix configurable 2020-11-15 23:34:51 +00:00			`"image": f"{image_prefix}-{self.outpost.type}:{__version__}",`
outposts: implement docker controller 2020-10-03 22:36:12 +00:00			`"ports": ports,`
			`"environment": {`
			`"PASSBOOK_HOST": self.outpost.config.passbook_host,`
			`"PASSBOOK_INSECURE": str(`
			`self.outpost.config.passbook_host_insecure`
			`),`
core: add key field to token for easier rotation 2020-10-18 12:34:22 +00:00			`"PASSBOOK_TOKEN": self.outpost.token.key,`
outposts: implement docker controller 2020-10-03 22:36:12 +00:00			`},`
			`}`
			`},`
			`}`
			`return safe_dump(compose, default_flow_style=False)`