[lxc-devel] [lxd/master] Add project config validation and documentation

stgraber on Github lxc-bot at linuxcontainers.org
Tue Nov 20 17:10:35 UTC 2018 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20181120/ba6963e0/attachment.bin>
-------------- next part --------------
From d35ce769552fd58c9ad9dbf51f5a435e43a56a5f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Tue, 20 Nov 2018 12:00:58 -0500
Subject: [PATCH 1/2] lxd/projects: Add config validation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/api_project.go | 44 +++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 43 insertions(+), 1 deletion(-)

diff --git a/lxd/api_project.go b/lxd/api_project.go
index 0c5d6fc605..0ae5a7fe17 100644
--- a/lxd/api_project.go
+++ b/lxd/api_project.go
@@ -92,6 +92,12 @@ func apiProjectsPost(d *Daemon, r *http.Request) Response {
 		return BadRequest(fmt.Errorf("Invalid project name '%s'", project.Name))
 	}
 
+	// Validate the configuration
+	err = projectValidateConfig(project.Config)
+	if err != nil {
+		return BadRequest(err)
+	}
+
 	err = d.cluster.Transaction(func(tx *db.ClusterTx) error {
 		_, err := tx.ProjectCreate(project)
 		if err != nil {
@@ -266,8 +272,14 @@ func apiProjectChange(d *Daemon, project *api.Project, req api.ProjectPut) Respo
 		return BadRequest(fmt.Errorf("Features can only be changed on empty projects"))
 	}
 
+	// Validate the configuration
+	err := projectValidateConfig(req.Config)
+	if err != nil {
+		return BadRequest(err)
+	}
+
 	// Update the database entry
-	err := d.cluster.Transaction(func(tx *db.ClusterTx) error {
+	err = d.cluster.Transaction(func(tx *db.ClusterTx) error {
 		err := tx.ProjectUpdate(project.Name, req)
 		if err != nil {
 			return errors.Wrap(err, "Persist profile changes")
@@ -396,3 +408,33 @@ func projectPrefix(project string, s string) string {
 	}
 	return s
 }
+
+// Validate the project configuration
+var projectConfigKeys = map[string]func(value string) error{
+	"features.profiles": shared.IsBool,
+	"features.images":   shared.IsBool,
+}
+
+func projectValidateConfig(config map[string]string) error {
+	for k, v := range config {
+		key := k
+
+		// User keys are free for all
+		if strings.HasPrefix(key, "user.") {
+			continue
+		}
+
+		// Then validate
+		validator, ok := projectConfigKeys[key]
+		if !ok {
+			return fmt.Errorf("Invalid project configuration key: %s", k)
+		}
+
+		err := validator(v)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}

From d7151bb2959037a5915468f55f2b6249f5f043e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Tue, 20 Nov 2018 12:07:03 -0500
Subject: [PATCH 2/2] doc: Add project documentation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 doc/projects.md | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 doc/projects.md

diff --git a/doc/projects.md b/doc/projects.md
new file mode 100644
index 0000000000..798e5af37c
--- /dev/null
+++ b/doc/projects.md
@@ -0,0 +1,27 @@
+# Project configuration
+LXD supports projects as a way to split your LXD server.
+Each project holds its own set of containers and may also have its own images and profiles.
+
+What a project contains is defined through the `features` configuration keys.
+When a feature is disabled, the project inherits from the `default` project.
+
+By default all new projects get the entire feature set, on upgrade,
+existing projects do not get new features enabled.
+
+The key/value configuration is namespaced with the following namespaces
+currently supported:
+
+ - `features` (What part of the project featureset is in use)
+ - `user` (free form key/value for user metadata)
+
+Key                             | Type      | Condition             | Default                   | Description
+:--                             | :--       | :--                   | :--                       | :--
+features.images                 | boolean   | -                     | true                      | Seperate set of images and image aliases for the project
+features.profiles               | boolean   | -                     | true                      | Seperate set of profiles for the project
+
+
+Those keys can be set using the lxc tool with:
+
+```bash
+lxc project set <project> <key> <value>
+```

More information about the lxc-devel mailing list