forked from GoogleCloudPlatform/python-runtime
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathgen_dockerfile.py
More file actions
executable file
·277 lines (229 loc) · 9.43 KB
/
gen_dockerfile.py
File metadata and controls
executable file
·277 lines (229 loc) · 9.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
#!/usr/bin/env python3
# Copyright 2017 Google Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Generate a Dockerfile and helper files for a Python application."""
import argparse
import collections
import collections.abc
import functools
import io
import os
import re
import sys
import yaml
import validation_utils
# Validate characters for dockerfile image names.
#
# This roots out obvious mistakes, the full gory details are here:
# https://github.com/docker/distribution/blob/master/reference/regexp.go
IMAGE_REGEX = re.compile(r"""(?x)
^
[a-zA-Z0-9] # First char must be alphanumeric
[a-zA-Z0-9-_./:@+]* # Punctuation allowed after that
$
""")
# `entrypoint` is specified as free-form text parsed as a unix shell
# command line, which limits the sanity checking possible. We
# disallow newlines and control characters which would break the
# Dockerfile format.
PRINTABLE_REGEX = re.compile(r"""^[^\x00-\x1f]*$""")
# Map from app.yaml "python_version" to {python_version} in Dockerfile
PYTHON_INTERPRETER_VERSION_MAP = {
'': '', # == 2.7
'2': '', # == 2.7
'3': '3.6',
'3.4': '3.4',
'3.5': '3.5',
'3.6': '3.6',
'3.7': '3.7',
}
# Name of environment variable potentially set by gcloud
GAE_APPLICATION_YAML_PATH = 'GAE_APPLICATION_YAML_PATH'
# Validated application configuration
AppConfig = collections.namedtuple(
'AppConfig',
'base_image dockerfile_python_version entrypoint has_requirements_txt is_python_compat'
)
def get_app_config(raw_config, base_image, config_file, source_dir):
"""Read and validate the application runtime configuration.
We validate the user input for security and better error messages.
Consider parsing a yaml file which has a string value where we
expected a list. Python will happily use the string as a sequence
of individual characters, at least for a while, leading to
confusing results when it finally fails.
We also try to prevent Dockerfile and Bash injection attacks. For
example, specifying entrypoint as "true\\nADD /etc/passwd /pwned"
would allow the user to inject arbitrary directives into the
Dockerfile, which is a support problem if nothing else.
Args:
raw_config (dict): deserialized app.yaml
base_image (str): Docker image name to build on top of
config_file (str): Path to user's app.yaml (might be <service>.yaml)
source_dir (str): Directory containing user's source code
Returns:
AppConfig: valid configuration
"""
# Examine app.yaml
if not isinstance(raw_config, collections.abc.Mapping):
raise ValueError(
'Expected {} contents to be a Mapping type, but found type "{}"'.
format(config_file, type(raw_config)))
# Short circuit for python compat.
if validation_utils.get_field_value(
raw_config, 'runtime', str) == 'python-compat':
return AppConfig(
base_image=None,
dockerfile_python_version=None,
entrypoint=None,
has_requirements_txt=None,
is_python_compat=True)
entrypoint = validation_utils.get_field_value(
raw_config, 'entrypoint', str)
if not PRINTABLE_REGEX.match(entrypoint):
raise ValueError(
'Invalid "entrypoint" value in app.yaml: {!r}'.format(entrypoint))
# Mangle entrypoint in the same way as the Cloud SDK
# (googlecloudsdk/third_party/appengine/api/validation.py)
#
# We could handle both string ("shell form") and list ("exec
# form") but it appears that gcloud only handles string form.
if entrypoint and not entrypoint.startswith('exec '):
entrypoint = 'exec ' + entrypoint
raw_runtime_config = validation_utils.get_field_value(
raw_config, 'runtime_config', dict)
python_version = validation_utils.get_field_value(
raw_runtime_config, 'python_version', str)
dockerfile_python_version = PYTHON_INTERPRETER_VERSION_MAP.get(
python_version)
if dockerfile_python_version is None:
valid_versions = str(sorted(PYTHON_INTERPRETER_VERSION_MAP.keys()))
raise ValueError(
'Invalid "python_version" field in "runtime_config" section '
'of app.yaml: {!r}. Valid options are: {}'.
format(python_version, valid_versions))
# Examine user's files
has_requirements_txt = os.path.isfile(
os.path.join(source_dir, 'requirements.txt'))
return AppConfig(
base_image=base_image,
dockerfile_python_version=dockerfile_python_version,
entrypoint=entrypoint,
has_requirements_txt=has_requirements_txt,
is_python_compat=False)
def get_data(name):
"""Return the contents of the named data resource
These templates are copied from the Google Cloud SDK at
google-cloud-sdk/platform/ext-runtime/python/data
and the two should be kept in sync.
Args:
name (str): Name of file, without directory
Returns:
str: Contents of data file
"""
filename = os.path.join(os.path.dirname(__file__), 'data', name)
with io.open(filename, 'r', encoding='utf8') as template_file:
return template_file.read()
def generate_files(app_config):
"""Generate a Dockerfile and helper files for an application.
Args:
app_config (AppConfig): Validated configuration
Returns:
dict: Map of filename to desired file contents
"""
if app_config.has_requirements_txt:
optional_requirements_txt = get_data('Dockerfile.requirements_txt')
else:
optional_requirements_txt = ''
if app_config.entrypoint:
optional_entrypoint = get_data(
'Dockerfile.entrypoint.template').format(
entrypoint=app_config.entrypoint)
else:
optional_entrypoint = ''
if app_config.is_python_compat:
dockerfile = get_data('Dockerfile.python_compat')
dockerignore = get_data('dockerignore.python_compat')
else:
dockerfile = ''.join([
get_data('Dockerfile.preamble.template').format(
base_image=app_config.base_image),
get_data('Dockerfile.virtualenv.template').format(
python_version=app_config.dockerfile_python_version),
optional_requirements_txt,
get_data('Dockerfile.install_app'),
optional_entrypoint,
])
dockerignore = get_data('dockerignore')
return {
'Dockerfile': dockerfile,
'.dockerignore': dockerignore,
}
def generate_dockerfile_command(base_image, config_file, source_dir):
"""Write a Dockerfile and helper files for an application.
Args:
base_image (str): Docker image name to build on top of
config_file (str): Path to user's app.yaml (might be <service>.yaml)
source_dir (str): Directory container user's source code
"""
# Read yaml file. Does not currently support multiple services
# with configuration filenames besides app.yaml
with io.open(config_file, 'r', encoding='utf8') as yaml_config_file:
raw_config = yaml.safe_load(yaml_config_file)
# Determine complete configuration
app_config = get_app_config(raw_config, base_image, config_file,
source_dir)
# Generate list of filenames and their textual contents
files = generate_files(app_config)
# Write files
for filename, contents in files.items():
full_filename = os.path.join(source_dir, filename)
with io.open(full_filename, 'w', encoding='utf8') as outfile:
outfile.write(contents)
def parse_args(argv):
"""Parse and validate command line flags"""
parser = argparse.ArgumentParser()
parser.add_argument(
'--base-image',
type=functools.partial(
validation_utils.validate_arg_regex, flag_regex=IMAGE_REGEX),
default='gcr.io/google-appengine/python:latest',
help='Name of Docker image to use as base')
# In some cases, gcloud sets an environment variable to indicate
# the location of the application configuration file, rather than
# using the --config flag. The order of precedence from highest
# to lowest is:
#
# 1) --config flag
# 2) $GAE_APPLICATION_YAML_PATH environment variable
# 3) a file named "app.yaml" in the current working directory
parser.add_argument(
'--config',
type=functools.partial(
validation_utils.validate_arg_regex, flag_regex=PRINTABLE_REGEX),
default=(os.environ.get(GAE_APPLICATION_YAML_PATH) or 'app.yaml'),
help='Path to application configuration file'
)
parser.add_argument(
'--source-dir',
type=functools.partial(
validation_utils.validate_arg_regex, flag_regex=PRINTABLE_REGEX),
default='.',
help=('Application source and output directory'))
args = parser.parse_args(argv[1:])
return args
def main():
args = parse_args(sys.argv)
generate_dockerfile_command(args.base_image, args.config, args.source_dir)
if __name__ == '__main__':
main()