o S `M@sPddlZddlZddlZddlZddlZddlmZddlmZddlm Z ddlm Z ddlm Z ddl m Zdd l mZd d lmZd d lmZd d lmZeeZdddddddddddddd ZdZdZdZdjedZdjedZdZd d!jeed"!Z"e j#de d#d$d%Z$e j#d&e d#d'd(Z%e j#d)e d*d+d,Z&d-d.Z'd/d0Z(d1d2Z)d3d4Z*d5d6Z+d7d8Z,d9d:Z-d;d<Z.d=d>Z/d?d@Z0dAdBZ1dCdDZ2dEdFZ3dGdHZ4dIdJZ5dKdLZ6dMdNZ7dOdPZ8dQdRZ9dSdTZ:dUdVZ;dWdXZd]d^Z?d_d`Z@dadbZAdcddZBdedfZCdgdhZDdidjZEdkdlZFdS)mN) split_port)Draft4Validator) FormatChecker) RefResolver)ValidationError)COMPOSEFILE_V1)NANOCPUS_SCALEConfigurationError)VERSION_EXPLANATION)"get_service_name_from_network_mode cpu_shares extra_hostsdeviceslinks memswap_limitports privilegedvolumes working_dir) cpu_shareadd_hosthosts extra_hostdevicelink memory_swapport privilege priviliged priviligevolumeworkdirz[a-zA-Z0-9\._\-]z^\d+(\-\d+)?(\/[a-zA-Z]+)?$z!(\d{1,2}|1\d{2}|2[0-4]\d|25[0-5])z({IPV4_SEG}\.){{3}}{IPV4_SEG})IPV4_SEGz!^{IPV4_ADDR}/(\d|[1-2]\d|3[0-2])$) IPV4_ADDRz[0-9a-fA-F]{1,4}a9 ^ ( (({IPV6_SEG}:){{7}}{IPV6_SEG})| (({IPV6_SEG}:){{1,7}}:)| (({IPV6_SEG}:){{1,6}}(:{IPV6_SEG}){{1,1}})| (({IPV6_SEG}:){{1,5}}(:{IPV6_SEG}){{1,2}})| (({IPV6_SEG}:){{1,4}}(:{IPV6_SEG}){{1,3}})| (({IPV6_SEG}:){{1,3}}(:{IPV6_SEG}){{1,4}})| (({IPV6_SEG}:){{1,2}}(:{IPV6_SEG}){{1,5}})| (({IPV6_SEG}:){{1,1}}(:{IPV6_SEG}){{1,6}})| (:((:{IPV6_SEG}){{1,7}}|:))| (fe80:(:{IPV6_SEG}){{0,4}}%[0-9a-zA-Z]{{1,}})| (::(ffff(:0{{1,4}}){{0,1}}:){{0,1}}{IPV4_ADDR})| (({IPV6_SEG}:){{1,4}}:{IPV4_ADDR}) ) /(\d|[1-9]\d|1[0-1]\d|12[0-8]) $ )IPV6_SEGr&)formatraisesc Cs4zt|WdSty}ztt|d}~ww)NT)r ValueErrorrstr)instanceer/;/usr/lib/python3/dist-packages/compose/config/validation.py format_portsEs  r1exposecCs"t|trtt|stddS)Nz)should be of the format 'PORT[/PROTOCOL]'T) isinstancer,rematchVALID_EXPOSE_FORMATrr-r/r/r0 format_exposeNs  r8subnet_ip_address)r*cCs.t|trtt|stt|stddS)Nzshould use the CIDR formatT)r3r,r4r5VALID_REGEX_IPV4_CIDRVALID_REGEX_IPV6_CIDRrr7r/r/r0format_subnet_ip_addressXs   r<cCsD|dg}|D]}|jr|j|vrtd||dqdS)Nrz^Named volume "{}" is used in service "{}" but no declaration was found in the volumes section.name)getis_named_volumeexternalr r)repr) service_dictproject_volumesservice_volumes volume_specr/r/r0match_named_volumesbs rFc Cs(t|j}ddddddddd||S)Nmappingarraynumberbooleanstring)dictlistintfloatboolunicoder,bytes)type__name__r>)type_ type_namer/r/r0python_type_to_yaml_typens  rWc Cst|tstdj||tt|d|D]+\}}t|ts*tdj|||dt|ttdfsBtdj|||tt|dqdS)zValidate the structure of a configuration section. This must be done before interpolation so it's separate from schema validation. z>In file '{filename}', {section} must be a mapping, not {type}.)filenamesectionrSzWIn file '{filename}', the {section} name {name} must be a quoted string, i.e. '{name}'.)rXrYr=NzFIn file '{filename}', {section} '{name}' must be a mapping not {type}.)rXrYr=rS) r3rLr r)anglicize_json_typerWitemsr,rS)rXconfigrYkeyvaluer/r/r0validate_config_section|s>    r_cCs(t|jtstd|jt|jdS)Nz8Top level object in '{}' needs to be an object not '{}'.)r3r\rLr r)rXrS) config_filer/r/r0validate_top_level_objects racCsP|jdi}|D]\}}t|tr%|d|dks%tdj||dq dS)NulimitssofthardzdService '{s.name}' has invalid ulimit '{ulimit}'. 'soft' value can not be greater than 'hard' value )sulimit)r\r>r[r3rLr r))service_config ulimit_config limit_namesoft_hard_valuesr/r/r0validate_ulimitss rkcCs,d|}d|vr|durtd|dSdS)zo The service to be extended must either be defined in the config key 'file', or within 'filename'. z'Invalid 'extends' configuration for %s:fileNz;%s you need to specify a 'file', e.g. 'file: something.yml'r ) service_nameextends_optionsrX error_prefixr/r/r0validate_extends_file_paths rpcCsT|jd}|s dSd|jvrtdt|}|sdS||vr(tdj||ddS)N network_modenetworksz0'network_mode' and 'networks' cannot be combinedzPService '{s.name}' uses the network stack of service '{dep}' which is undefined.redep)r\r>r rr))rg service_namesrq dependencyr/r/r0validate_network_modes  rwcCB|jd}|s dSt|}|sdS||vrtdj||ddS)NpidzPService '{s.name}' uses the PID namespace of service '{dep}' which is undefined.rsr\r>rr r))rgrupid_modervr/r/r0validate_pid_mode r|cCrx)NipczPService '{s.name}' uses the IPC namespace of service '{dep}' which is undefined.rsrz)rgruipc_modervr/r/r0validate_ipc_moder}rcCs<|jdgD]}|dd|vrtdj||dqdS)Nr:rzEService '{s.name}' has a link to service '{link}' which is undefined.)rer)r\r>splitr r))rgrurr/r/r0validate_linkssrcCs:|jdi}|D]}||vrtdj||dq dS)N depends_onzAService '{s.name}' depends on service '{dep}' which is undefined.rs)r\r>keysr r))rgrudepsrvr/r/r0validate_depends_ons rcCs<|jd}|s dSd|vrd|vrtdj|ddSdS)Ncredential_specregistryrlzQService '{s.name}' is missing 'credential_spec.file' or credential_spec.registry')re)r\r>r r))rgrr/r/r0validate_credential_specs rcCs.dt||}|tvr|dt|7}|S)Nz&Unsupported config option for {}: '{}'z (did you mean '{}'?))r) path_stringDOCKER_CONFIG_HINTS)path error_keymsgr/r/r0get_unsupported_config_msg srcCs|dr d|Sd|S)N)ar.iouzan za ) startswith) json_typer/r/r0rZs rZcCs|dvS)N)zconfig_schema_v1.jsonz#/properties/servicesr/) schema_idr/r/r0is_service_dict_schemasrcCs|jd}t|r|jdkrdddt|jDdtS|jdkrS|dkr0t|}t||S| drIt|}d j|d |jd  t d S|j sUd |jt SdSdS)NidadditionalPropertiesz:Invalid service name '{}' - only {} characters are allowedcSs&g|]}|rttdd|r|qS)cSstt| SN)r4r5VALID_NAME_CHARS)cr/r/r0"sz..)anyfilter).0rr/r/r0 !sz3handle_error_for_schema_with_id..rz#/definitions/serviceconfig_schema_zInvalid top-level property "{key}". Valid top-level sections for this Compose file are: {properties}, and extensions starting with "x-". {explanation}, properties)r]r explanationz{} {})schemar validatorr)rMr-rparse_key_from_error_msgrrjoinrr rmessage)errorrrinvalid_config_keyr/r/r0handle_error_for_schema_with_ids0    rcCsd}|j}|jdkrd}t|\}}|r||nO|jdkr'd}t|j}nB|jdkr5d|j}d}n4|jdkrYt|jd }d |j|}d }||d ||}n|j rdt |j }d }n|j rid }|rt|j t ||dS|jS)NoneOfz {path} {msg}rSz3{path} contains an invalid type, it should be {msg}requiredrz%{path} is invalid, {msg} is required. dependenciesr,z{path} is invalid: {msg}z,when defining '{}' you must set '{}' as wellz{path} value {msg})rr)rr_parse_oneof_validatorappend!_parse_valid_types_from_validatorvalidator_valuerrMrr)causer,rr)rr msg_format error_msg config_key required_keysr/r/r0handle_generic_error:s>          rcCsFz |jddWSty"|jdddddYSw)N'r ( r)rr IndexErrorstrip)rr/r/r0rcs  $rcCsddd|DS)N.css|] }t|tr|VqdSr)r3r,)rrr/r/r0 kszpath_string..)r)rr/r/r0rjrcCsZt|ts t|St|dkrt|dSddt|dg|ddt|dS)zA validator value can be either an array of valid types or a string of a valid type. Parse the valid types and prefix with the correct article. r rz {}, or {}r)r3rMrZlenr)r)rr/r/r0rns    rcCsg}|jD]m}|jdkrt|\}}t|j|fS|jdkr'd|jfS|jdkr9t|}dd|fS|jdkrP|jrFt|jndd|jfS|jrgt|jdt |jt |j fS|jd krr| |j qt |}dd |fS) aoneOf has multiple schemas, so we need to reason about which schema, sub schema or constraint the validation is failing on. Inspecting the context value of a ValidationError gives us information about which sub schema failed and which kind of error it is. rrNrz!contains unsupported option: '{}' uniqueItemsz;contains non-unique items, please remove duplicates from {}z6contains {}, which is an invalid type, it should be {}rSz)contains an invalid type, it should be {})contextrrrrrrr)r-jsondumpsrrr)rtypesr_rr valid_typesr/r/r0r}s8         rcCsj|tkr"d|jvrd|jvrd|Sd|jvr"d|jvr"d|Sd|jvr1d|jvr3d|SdSdS)NimagebuildzService {} has both an image and build path specified. A service can either be built to image or use an existing image, not both. dockerfilezService {} has both an image and alternate Dockerfile. A service can either be built to image or use an existing image, not both.z]Service {} has neither an image nor a build context specified. At least one must be provided.)V1r-r))rrmversionr/r/r0!process_service_constraint_errorssrcCs0t|j}d|jvrt||}|r|St||S)Nr)rMrrrr)rrrr/r/r0process_config_schema_errorss    rcCs@i}|D]\}}||t|<t|trt||t|<q|S)zH Non-string keys may break validator with patterned fields. )r[r,r3rL keys_to_str)r`dkvr/r/r0rs  rcCsLt|}t|j}tgd}t|tt||d}t||t |j dS)N)rr2r9)resolverformat_checker) load_jsonschemarr\rrrget_resolver_path handle_errors iter_errorsrrX)r`rrr\rrr/r/r0validate_against_config_schemas   rcsBfdd}tj}t|ddd}t|||ddS)Ncst|jSr)rr)errorsr`rmr/r0handlersz-validate_service_constraints..handler definitions constraintsservice)rrrrr)r\rmr`rrrr/rr0validate_service_constraintss rcCs>|jd}|s dS|t}t|tr|stddSdS)Ncpusz6cpus must have nine or less digits after decimal point)r\r>r r3rO is_integerr )rgr nano_cpusr/r/r0 validate_cpus rcCstjtjtSr)osrdirnameabspath__file__r/r/r/r0get_schema_pathrrcCsxd}|tkrd}tjtd|}tj|s!td|tt | }t |WdS1s5wYdS)N compose_specconfig_schema_v1z{}.jsonz"Version in "{}" is unsupported. {}) rrrrrr)existsr r openrload)rr=rXfhr/r/r0rs  $rcCs2t}tjdkrd}|dd}nd}d||S)Nwin32z///\/z//z file:{}{}/)rsysplatformreplacer)) schema_pathschemer/r/r0r s   rcsLt|td}|s dSdfdd|D}tdj|r d|nd|d ) zjsonschema returns an error tree full of information to explain what has gone wrong. Process each error and pull out relevant information and re-write helpful error messages that are relevant. )r]N c3s|]}|VqdSrr/)rrformat_error_funcr/r0rsz handle_errors..z:The Compose file{file_msg} is invalid because: {error_msg}z '{}'r')file_msgr)sortedr,rr r))rrrXrr/rr0rs rcCs|jdi}d|vrHt|dtrJt|ddkr"td|j|dddkr8t|dkr8td|j|dddvrLtd |jdSdSdS) N healthchecktestrzDService "{}" defines an invalid healthcheck: "test" is an empty listNONEr zbService "{}" defines an invalid healthcheck: "disable: true" cannot be combined with other options)rCMDz CMD-SHELLzwService "{}" defines an invalid healthcheck: when "test" is a list the first item must be either NONE, CMD or CMD-SHELL)r\r>r3rMrr r)r=)rgrr/r/r0validate_healthcheck$s&r)Grloggingrr4rdocker.utils.portsr jsonschemarrrrconstrrr rr r sort_servicesr getLoggerrTlogrrr6VALID_IPV4_SEGr)VALID_IPV4_ADDRr:VALID_IPV6_SEGrrr; cls_checksr1r8r<rFrWr_rarkrprwr|rrrrrrZrrrrrrrrrrrrrrrrrrr/r/r/r0s                        ))