From 1ced1ec2b9cdeb2fa05764982b46974ab92c62fa Mon Sep 17 00:00:00 2001
From: Don Penney <don.penney@windriver.com>
Date: Sun, 14 Jul 2019 23:52:18 -0400
Subject: [PATCH] Adding version check support to application-upload

This update adds support for an application version_check plugin,
which is called during the system application-upload command as
a validation step. This verifies that the application being loaded
is supported by the current application plugin code.

Change-Id: I9b854ff5d74065812cde90a6531e1be21fc73adb
Closes-Bug: 1833425
Signed-off-by: Don Penney <don.penney@windriver.com>
---
 .../stx-openstack-helm/centos/build_srpm.data |  5 +++++
 sysinv/sysinv/sysinv/setup.cfg                |  1 +
 .../sysinv/sysinv/conductor/kube_app.py       |  9 ++++++++
 sysinv/sysinv/sysinv/sysinv/helm/base.py      |  8 +++++++
 sysinv/sysinv/sysinv/sysinv/helm/helm.py      | 13 +++++++++++
 .../sysinv/helm/openstack_version_check.py    | 22 +++++++++++++++++++
 6 files changed, 58 insertions(+)
 create mode 100644 sysinv/sysinv/sysinv/sysinv/helm/openstack_version_check.py

diff --git a/kubernetes/applications/stx-openstack/stx-openstack-helm/centos/build_srpm.data b/kubernetes/applications/stx-openstack/stx-openstack-helm/centos/build_srpm.data
index 537be89893..b03f264d66 100644
--- a/kubernetes/applications/stx-openstack/stx-openstack-helm/centos/build_srpm.data
+++ b/kubernetes/applications/stx-openstack/stx-openstack-helm/centos/build_srpm.data
@@ -1,4 +1,9 @@
 SRC_DIR="stx-openstack-helm"
 COPY_LIST_TO_TAR="$PKG_BASE/../../../helm-charts/garbd \
     $PKG_BASE/../../../helm-charts/nginx-ports-control"
+
+# This version is used as a component of the stx-openstack application
+# version. Any change to this version must also be reflected in the
+# SUPPORTED_VERSIONS list in sysinv/helm/openstack_version_check.py
+#
 TIS_PATCH_VER=17
diff --git a/sysinv/sysinv/sysinv/setup.cfg b/sysinv/sysinv/sysinv/setup.cfg
index 30c44fe459..e7a519c646 100644
--- a/sysinv/sysinv/sysinv/setup.cfg
+++ b/sysinv/sysinv/sysinv/setup.cfg
@@ -103,6 +103,7 @@ systemconfig.helm_plugins.stx_openstack =
     024_ironic = sysinv.helm.ironic:IronicHelm
     025_placement = sysinv.helm.placement:PlacementHelm
     026_nginx-ports-control = sysinv.helm.nginx_ports_control:NginxPortsControlHelm
+    027_version_check = sysinv.helm.openstack_version_check:StxOpenstackVersionCheckHelm
 
 sysinv.agent.lldp.drivers =
     lldpd = sysinv.agent.lldp.drivers.lldpd.driver:SysinvLldpdAgentDriver
diff --git a/sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py b/sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py
index a3abecf61f..af4416c8aa 100644
--- a/sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py
+++ b/sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py
@@ -1397,9 +1397,18 @@ class AppOperator(object):
 
         app = AppOperator.Application(rpc_app,
             rpc_app.get('name') in self._helm.get_helm_applications())
+
         LOG.info("Application %s (%s) upload started." % (app.name, app.version))
 
         try:
+            if not self._helm.version_check(app.name, app.version):
+                LOG.info("Application %s (%s) upload rejected. Unsupported version."
+                         % (app.name, app.version))
+                raise exception.KubeAppUploadFailure(
+                    name=app.name,
+                    version=app.version,
+                    reason="Unsupported application version.")
+
             app.tarfile = tarfile
 
             if cutils.is_url(app.tarfile):
diff --git a/sysinv/sysinv/sysinv/sysinv/helm/base.py b/sysinv/sysinv/sysinv/sysinv/helm/base.py
index 81464ff0ec..f09a45fe29 100644
--- a/sysinv/sysinv/sysinv/sysinv/helm/base.py
+++ b/sysinv/sysinv/sysinv/sysinv/helm/base.py
@@ -253,3 +253,11 @@ class BaseHelm(object):
         May be left blank to indicate that there are no additional overrides.
         """
         return {}
+
+    def version_check(self, app_version):
+        """
+        Validate application version
+
+        Return False if version is not supported by the plugin.
+        """
+        return True
diff --git a/sysinv/sysinv/sysinv/sysinv/helm/helm.py b/sysinv/sysinv/sysinv/sysinv/helm/helm.py
index 0764536a81..f07707488b 100644
--- a/sysinv/sysinv/sysinv/sysinv/helm/helm.py
+++ b/sysinv/sysinv/sysinv/sysinv/helm/helm.py
@@ -665,6 +665,19 @@ class HelmOperator(object):
             LOG.exception("failed to delete overrides file: %s" % filepath)
             raise
 
+    @helm_context
+    def version_check(self, app_name, app_version):
+        """Validate application version"""
+        if app_name in self.helm_system_applications:
+            for chart_name in self.helm_system_applications[app_name]:
+                if not self.chart_operators[chart_name].version_check(app_version):
+                    LOG.info("Unsupported version reported by %s: %s %s" % (
+                             chart_name, app_name, app_version))
+                    return False
+
+        # Return True by default
+        return True
+
 
 class HelmOperatorData(HelmOperator):
     """Class to allow retrieval of helm managed data"""
diff --git a/sysinv/sysinv/sysinv/sysinv/helm/openstack_version_check.py b/sysinv/sysinv/sysinv/sysinv/helm/openstack_version_check.py
new file mode 100644
index 0000000000..a58270ecf7
--- /dev/null
+++ b/sysinv/sysinv/sysinv/sysinv/helm/openstack_version_check.py
@@ -0,0 +1,22 @@
+#
+# Copyright (c) 2019 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+from sysinv.helm import base
+
+SUPPORTED_VERSIONS = {
+    '1.0-17-centos-stable-versioned',
+    '1.0-17-centos-stable-latest',
+}
+
+
+class StxOpenstackVersionCheckHelm(base.BaseHelm):
+    """Class to provide application version check"""
+
+    def _get_supported_versions(self):
+        return SUPPORTED_VERSIONS
+
+    def version_check(self, app_version):
+        return app_version in self._get_supported_versions()