Merge pull request #157 from Cray-HPE/develop

1.23.0 for CSM 1.6.n (n>=1)

CHANGELOG.md

@@ -6,6 +6,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.23.0] - 11/14/2024
+### Added
+- CASMCMS-9202: Add POST option to v3/sources/{source_id} endpoint to allow restoring a previous
+  source by specifying its Vault secret name rather than a username/password.
+
+### Fixed
+- CASMCMS-9200: Make Options class thread-safe and prevent redundant initialization
+
 ## [1.22.0] - 11/13/2024
 ### Changed
 - Do not make database call to look for configuration with null name

api/openapi.yaml

@@ -211,6 +211,13 @@ components:
         application/json:
           schema:
             $ref: '#/components/schemas/V3SourceCreateData'
+    V3SourceRestoreRequest:
+      description: A source
+      required: true
+      content:
+        application/json:
+          schema:
+            $ref: '#/components/schemas/V3SourceRestoreData'
     V3SourceUpdateRequest:
       description: A source
       required: true
@@ -1614,15 +1621,34 @@ components:
         username:
           type: string
           description: The username for authenticating to git
+          minLength: 1
           writeOnly: true
         password:
           type: string
           description: The password for authenticating to git
+          minLength: 1
           writeOnly: true
       additionalProperties: false
       required:
         - username
         - password
+    V3SourceRestoreCredentials:
+      description: Information on a secret containing the username and password for accessing the git content
+      type: object
+      properties:
+        authentication_method:
+          type: string
+          description: The git authentication method used.
+          enum:
+            - password
+        secret_name:
+          type: string
+          description: The name of the credentials vault secret.
+          minLength: 1
+      required:
+        - authentication_method
+        - secret_name
+      additionalProperties: false
     V3SourceCreateData:
       description: Information for retrieving git content from a source.
       type: object
@@ -1631,12 +1657,14 @@ components:
           type: string
           description: The name of the source.  This field is optional and will default to the clone_url if not specified.
           example: sample-source
+          minLength: 1
         description:
           type: string
           description: A user-defined description. This field is not used by CFS.
         clone_url:
           type: string
           description: The url to access the git content
+          minLength: 1
         credentials:
           $ref: '#/components/schemas/V3SourceCreateCredentials'
         ca_cert:
@@ -1645,6 +1673,25 @@ components:
       required:
         - clone_url
         - credentials
+    V3SourceRestoreData:
+      description: Information for retrieving git content from a source.
+      type: object
+      properties:
+        description:
+          type: string
+          description: A user-defined description. This field is not used by CFS.
+        clone_url:
+          type: string
+          description: The url to access the git content
+          minLength: 1
+        credentials:
+          $ref: '#/components/schemas/V3SourceRestoreCredentials'
+        ca_cert:
+          $ref: '#/components/schemas/V3SourceCert'
+      additionalProperties: false
+      required:
+        - clone_url
+        - credentials
     V3SourceUpdateData:
       description: Information for retrieving git content from a source.
       type: object
@@ -1655,6 +1702,7 @@ components:
         clone_url:
           type: string
           description: The url to access the git content
+          minLength: 1
         credentials:
           $ref: '#/components/schemas/V3SourceCredentials'
         ca_cert:
@@ -2942,6 +2990,29 @@ paths:
           $ref: '#/components/responses/BadRequest'
         404:
           $ref: '#/components/responses/ResourceNotFound'
+    post:
+      summary: Restore a source
+      tags:
+        - sources
+        - v3
+        - cli_ignore
+      x-openapi-router-controller: cray.cfs.api.controllers.sources
+      description:  >-
+        Restore a CFS source by providing the name of the Vault secret that contains the credentials.
+        This does NOT create the secret in Vault, nor does it validate that the secret exists.
+        This is intended to be used to restore CFS data in the case that it is lost or corrupted.
+        This will NOT recover a source that has been deleted using CFS, because when CFS deletes a
+        source, it also deletes its corresponding Vault secret.
+      operationId: restore_source_v3
+      requestBody:
+        $ref: '#/components/requestBodies/V3SourceRestoreRequest'
+      responses:
+        200:
+          $ref: '#/components/responses/V3SourceData'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        409:
+          $ref: '#/components/responses/ConflictingSourceName'
     delete:
       tags:
         - sources

src/server/cray/cfs/api/controllers/options.py

@@ -1,7 +1,7 @@
 #
 # MIT License
 #
-# (C) Copyright 2020-2023 Hewlett Packard Enterprise Development LP
+# (C) Copyright 2020-2024 Hewlett Packard Enterprise Development LP
 #
 # Permission is hereby granted, free of charge, to any person obtaining a
 # copy of this software and associated documentation files (the "Software"),
@@ -132,15 +132,27 @@ def patch_options_v3():
 
 class Options:
     """Helper class for other endpoints that need access to options"""
+    _create_lock = threading.Lock()
+
     def __new__(cls):
         """This override makes the class a singleton"""
         if not hasattr(cls, 'instance'):
-            cls.instance = super(Options, cls).__new__(cls)
-            cls.instance.__init__()
+            # Make sure that no other thread has beaten us to the punch
+            with cls._create_lock:
+                if not hasattr(cls, 'instance'):
+                    new_instance = super(Options, cls).__new__(cls)
+                    new_instance.__init__(_initialize=True)
+                    # Only assign to cls.instance after all work has been done, to ensure
+                    # no other threads access it prematurely
+                    cls.instance = new_instance
         return cls.instance
 
-    def __init__(self):
-        self.options = None
+    def __init__(self, _initialize: bool=False):
+        """
+        We only want this singleton to be initialized once
+        """
+        if _initialize:
+            self.options = None
 
     def refresh(self):
         self.options = get_options_data()

src/server/cray/cfs/api/controllers/sources.py

@@ -182,6 +182,30 @@ def patch_source_v3(source_id):
     return response_data, 200
 
 
+@dbutils.redis_error_handler
+def restore_source_v3(source_id):
+    """Used by the POST /sources/{source_id} API operation"""
+    LOGGER.debug(f"POST /sources/{source_id} invoked restore_source_v3")
+    try:
+        data = connexion.request.get_json()
+    except Exception as err:
+        return connexion.problem(
+            status=400, title="Error parsing the data provided.",
+            detail=str(err))
+
+    data = _set_auto_fields(data)
+    data["name"] = source_id
+
+    if data["name"] in DB:
+        return connexion.problem(
+            detail="A source with the name {} already exists".format(data["name"]),
+            status=409,
+            title="Conflicting source name"
+        )
+
+    return DB.put(data.get("name"), data), 201
+
+
 def _validate_source(source):
     source_credentials = source.get("credentials")
     if source_credentials: