Source code for

# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.
Validator for body fields sent via Google Cloud API.

The validator performs validation of the body (being dictionary of fields) that
is sent in the API request to Google Cloud (via ``googleclient`` API usually).

The specification mostly focuses on helping Airflow DAG developers in the development
phase. You can build your own Google Cloud operator (such as GcfDeployOperator for example) which
can have built-in validation specification for the particular API. It's super helpful
when developer plays with different fields and their values at the initial phase of
DAG development. Most of the Google Cloud APIs perform their own validation on the
server side, but most of the requests are asynchronous and you need to wait for result
of the operation. This takes precious times and slows
down iteration over the API. BodyFieldValidator is meant to be used on the client side
and it should therefore provide an instant feedback to the developer on misspelled or
wrong type of parameters.

The validation should be performed in "execute()" method call in order to allow
template parameters to be expanded before validation is performed.

Types of fields

Specification is an array of dictionaries - each dictionary describes field, its type,
validation, optionality, api_version supported and nested fields (for unions and dicts).

Typically (for clarity and in order to aid syntax highlighting) the array of
dicts should be defined as series of dict() executions. Fragment of example
specification might look as follows::

       dict(name="an_union", type="union", optional=True, fields=[
           dict(name="variant_1", type="dict"),
           dict(name="variant_2", regexp=r'^.+$', api_version='v1beta2'),
       dict(name="an_union", type="dict", fields=[
           dict(name="field_1", type="dict"),
           dict(name="field_2", regexp=r'^.+$'),

Each field should have key = "name" indicating field name. The field can be of one of the
following types:

* Dict fields: (key = "type", value="dict"):
  Field of this type should contain nested fields in form of an array of dicts.
  Each of the fields in the array is then expected (unless marked as optional)
  and validated recursively. If an extra field is present in the dictionary, warning is
  printed in log file (but the validation succeeds - see the Forward-compatibility notes)
* List fields: (key = "type", value="list"):
  Field of this type should be a list. Only the type correctness is validated.
  The contents of a list are not subject to validation.
* Union fields (key = "type", value="union"): field of this type should contain nested
  fields in form of an array of dicts. One of the fields (and only one) should be
  present (unless the union is marked as optional). If more than one union field is
  present, FieldValidationException is raised. If none of the union fields is
  present - warning is printed in the log (see below Forward-compatibility notes).
* Fields validated for non-emptiness: (key = "allow_empty") - this applies only to
  fields the value of which is a string, and it allows to check for non-emptiness of
  the field (allow_empty=False).
* Regexp-validated fields: (key = "regexp") - fields of this type are assumed to be
  strings and they are validated with the regexp specified. Remember that the regexps
  should ideally contain ^ at the beginning and $ at the end to make sure that
  the whole field content is validated. Typically such regexp
  validations should be used carefully and sparingly (see Forward-compatibility
  notes below).
* Custom-validated fields: (key = "custom_validation") - fields of this type are validated
  using method specified via custom_validation field. Any exception thrown in the custom
  validation will be turned into FieldValidationException and will cause validation to
  fail. Such custom validations might be used to check numeric fields (including
  ranges of values), booleans or any other types of fields.
* API version: (key="api_version") if API version is specified, then the field will only
  be validated when api_version used at field validator initialization matches exactly the
  version specified. If you want to declare fields that are available in several
  versions of the APIs, you should specify the field as many times as many API versions
  should be supported (each time with different API version).
* if none of the keys ("type", "regexp", "custom_validation" - the field is not validated

You can see some of the field examples in EXAMPLE_VALIDATION_SPECIFICATION.

Forward-compatibility notes
Certain decisions are crucial to allow the client APIs to work also with future API
versions. Since body attached is passed to the API's call, this is entirely
possible to pass-through any new fields in the body (for future API versions) -
albeit without validation on the client side - they can and will still be validated
on the server side usually.

Here are the guidelines that you should follow to make validation forward-compatible:

* most of the fields are not validated for their content. It's possible to use regexp
  in some specific cases that are guaranteed not to change in the future, but for most
  fields regexp validation should be r'^.+$' indicating check for non-emptiness
* api_version is not validated - user can pass any future version of the api here. The API
  version is only used to filter parameters that are marked as present in this api version
  any new (not present in the specification) fields in the body are allowed (not verified)
  For dictionaries, new fields can be added to dictionaries by future calls. However if an
  unknown field in dictionary is added, a warning is logged by the client (but validation
  remains successful). This is very nice feature to protect against typos in names.
* For unions, newly added union variants can be added by future calls and they will
  pass validation, however the content or presence of those fields will not be validated.
  This means that it's possible to send a new non-validated union field together with an
  old validated field and this problem will not be detected by the client. In such case
  warning will be printed.
* When you add validator to an operator, you should also add ``validate_body`` parameter
  (default = True) to __init__ of such operators - when it is set to False,
  no validation should be performed. This is a safeguard for totally unpredicted and
  backwards-incompatible changes that might sometimes occur in the APIs.


from __future__ import annotations

import re
from typing import Callable, Sequence

from airflow.exceptions import AirflowException
from airflow.utils.log.logging_mixin import LoggingMixin

[docs]COMPOSITE_FIELD_TYPES = ["union", "dict", "list"]
[docs]class GcpFieldValidationException(AirflowException): """Thrown when validation finds dictionary field not valid according to specification."""
[docs]class GcpValidationSpecificationException(AirflowException): """ Thrown when validation specification is wrong. This should only happen during development as ideally specification itself should not be invalid ;) . """
def _int_greater_than_zero(value): if int(value) <= 0: raise GcpFieldValidationException("The available memory has to be greater than 0")
[docs]EXAMPLE_VALIDATION_SPECIFICATION = [ {"name": "name", "allow_empty": False}, {"name": "description", "allow_empty": False, "optional": True}, {"name": "availableMemoryMb", "custom_validation": _int_greater_than_zero, "optional": True}, {"name": "labels", "optional": True, "type": "dict"}, { "name": "an_union", "type": "union", "fields": [ {"name": "variant_1", "regexp": r"^.+$"}, {"name": "variant_2", "regexp": r"^.+$", "api_version": "v1beta2"}, {"name": "variant_3", "type": "dict", "fields": [{"name": "url", "regexp": r"^.+$"}]}, {"name": "variant_4"}, ], }, ]
[docs]class GcpBodyFieldValidator(LoggingMixin): """ Validates correctness of request body according to specification. The specification can describe various type of fields including custom validation, and union of fields. This validator is to be reusable by various operators. See the EXAMPLE_VALIDATION_SPECIFICATION for some examples and explanations of how to create specification. :param validation_specs: dictionary describing validation specification :param api_version: Version of the api used (for example v1) """ def __init__(self, validation_specs: Sequence[dict], api_version: str) -> None: super().__init__() self._validation_specs = validation_specs self._api_version = api_version @staticmethod def _get_field_name_with_parent(field_name, parent): if parent: return parent + "." + field_name return field_name @staticmethod def _sanity_checks( children_validation_specs: dict, field_type: str, full_field_path: str, regexp: str, allow_empty: bool, custom_validation: Callable | None, value, ) -> None: if value is None and field_type != "union": raise GcpFieldValidationException( f"The required body field '{full_field_path}' is missing. Please add it." ) if regexp and field_type: raise GcpValidationSpecificationException( f"The validation specification entry '{full_field_path}' has both type and regexp. " "The regexp is only allowed without type (i.e. assume type is 'str' that can be " "validated with regexp)" ) if allow_empty is not None and field_type: raise GcpValidationSpecificationException( f"The validation specification entry '{full_field_path}' has both type and allow_empty. " "The allow_empty is only allowed without type (i.e. assume type is 'str' that can " "be validated with allow_empty)" ) if children_validation_specs and field_type not in COMPOSITE_FIELD_TYPES: raise GcpValidationSpecificationException( f"Nested fields are specified in field '{full_field_path}' of type '{field_type}'. " f"Nested fields are only allowed for fields of those types: ('{COMPOSITE_FIELD_TYPES}')." ) if custom_validation and field_type: raise GcpValidationSpecificationException( f"The validation specification field '{full_field_path}' has both type and " f"custom_validation. Custom validation is only allowed without type." ) @staticmethod def _validate_regexp(full_field_path: str, regexp: str, value: str) -> None: if not re.match(regexp, value): # Note matching of only the beginning as we assume the regexps all-or-nothing raise GcpFieldValidationException( f"The body field '{full_field_path}' of value '{value}' does not match the field " f"specification regexp: '{regexp}'." ) @staticmethod def _validate_is_empty(full_field_path: str, value: str) -> None: if not value: raise GcpFieldValidationException( f"The body field '{full_field_path}' can't be empty. Please provide a value." ) def _validate_dict(self, children_validation_specs: dict, full_field_path: str, value: dict) -> None: for child_validation_spec in children_validation_specs: self._validate_field( validation_spec=child_validation_spec, dictionary_to_validate=value, parent=full_field_path ) all_dict_keys = {spec["name"] for spec in children_validation_specs} for field_name in value: if field_name not in all_dict_keys: self.log.warning( "The field '%s' is in the body, but is not specified in the " "validation specification '%s'. " "This might be because you are using newer API version and " "new field names defined for that version. Then the warning " "can be safely ignored, or you might want to upgrade the operator" "to the version that supports the new API version.", self._get_field_name_with_parent(field_name, full_field_path), children_validation_specs, ) def _validate_union( self, children_validation_specs: dict, full_field_path: str, dictionary_to_validate: dict ) -> None: field_found = False found_field_name = None for child_validation_spec in children_validation_specs: # Forcing optional so that we do not have to type optional = True # in specification for all union fields new_field_found = self._validate_field( validation_spec=child_validation_spec, dictionary_to_validate=dictionary_to_validate, parent=full_field_path, force_optional=True, ) field_name = child_validation_spec["name"] if new_field_found and field_found: raise GcpFieldValidationException( f"The mutually exclusive fields '{field_name}' and '{found_field_name}' belonging to " f"the union '{full_field_path}' are both present. Please remove one" ) if new_field_found: field_found = True found_field_name = field_name if not field_found: self.log.warning( "There is no '%s' union defined in the body %s. " "Validation expected one of '%s' but could not find any. It's possible " "that you are using newer API version and there is another union variant " "defined for that version. Then the warning can be safely ignored, " "or you might want to upgrade the operator to the version that " "supports the new API version.", full_field_path, dictionary_to_validate, [field["name"] for field in children_validation_specs], ) def _validate_field(self, validation_spec, dictionary_to_validate, parent=None, force_optional=False): """ Validate if field is OK. :param validation_spec: specification of the field :param dictionary_to_validate: dictionary where the field should be present :param parent: full path of parent field :param force_optional: forces the field to be optional (all union fields have force_optional set to True) :return: True if the field is present """ field_name = validation_spec["name"] field_type = validation_spec.get("type") optional = validation_spec.get("optional") regexp = validation_spec.get("regexp") allow_empty = validation_spec.get("allow_empty") children_validation_specs = validation_spec.get("fields") required_api_version = validation_spec.get("api_version") custom_validation = validation_spec.get("custom_validation") full_field_path = self._get_field_name_with_parent(field_name=field_name, parent=parent) if required_api_version and required_api_version != self._api_version: self.log.debug( "Skipping validation of the field '%s' for API version '%s' " "as it is only valid for API version '%s'", field_name, self._api_version, required_api_version, ) return False value = dictionary_to_validate.get(field_name) if (optional or force_optional) and value is None: self.log.debug("The optional field '%s' is missing. That's perfectly OK.", full_field_path) return False # Certainly down from here the field is present (value is not None) # so we should only return True from now on self._sanity_checks( children_validation_specs=children_validation_specs, field_type=field_type, full_field_path=full_field_path, regexp=regexp, allow_empty=allow_empty, custom_validation=custom_validation, value=value, ) if allow_empty is False: self._validate_is_empty(full_field_path, value) if regexp: self._validate_regexp(full_field_path, regexp, value) elif field_type == "dict": if not isinstance(value, dict): raise GcpFieldValidationException( f"The field '{full_field_path}' should be of dictionary type according to " f"the specification '{validation_spec}' but it is '{value}'" ) if children_validation_specs is None: self.log.debug( "The dict field '%s' has no nested fields defined in the " "specification '%s'. That's perfectly ok - it's content will " "not be validated.", full_field_path, validation_spec, ) else: self._validate_dict(children_validation_specs, full_field_path, value) elif field_type == "union": if not children_validation_specs: raise GcpValidationSpecificationException( f"The union field '{full_field_path}' has no nested fields defined in " f"specification '{validation_spec}'. " "Unions should have at least one nested field defined." ) self._validate_union(children_validation_specs, full_field_path, dictionary_to_validate) elif field_type == "list": if not isinstance(value, list): raise GcpFieldValidationException( f"The field '{full_field_path}' should be of list type according to " f"the specification '{validation_spec}' but it is '{value}'" ) elif custom_validation: try: custom_validation(value) except Exception as e: raise GcpFieldValidationException( f"Error while validating custom field '{full_field_path}' " f"specified by '{validation_spec}': '{e}'" ) elif field_type is None: self.log.debug( "The type of field '%s' is not specified in '%s'. Not validating its content.", full_field_path, validation_spec, ) else: raise GcpValidationSpecificationException( f"The field '{full_field_path}' is of type '{field_type}' in " f"specification '{validation_spec}'.This type is unknown to validation!" ) return True
[docs] def validate(self, body_to_validate: dict) -> None: """ Validate if the body (dictionary) follows specification that the validator was instantiated with. Raises ValidationSpecificationException or ValidationFieldException in case of problems with specification or the body not conforming to the specification respectively. :param body_to_validate: body that must follow the specification :return: None """ if body_to_validate is None: raise RuntimeError("The body to validate is `None`. Please provide a dictionary to validate.") try: for validation_spec in self._validation_specs: self._validate_field(validation_spec=validation_spec, dictionary_to_validate=body_to_validate) except GcpFieldValidationException as e: raise GcpFieldValidationException( f"There was an error when validating: body '{body_to_validate}': '{e}'" ) all_field_names = { spec["name"] for spec in self._validation_specs if spec.get("type") != "union" and spec.get("api_version") != self._api_version } all_union_fields = [spec for spec in self._validation_specs if spec.get("type") == "union"] for union_field in all_union_fields: all_field_names.update( nested_union_spec["name"] for nested_union_spec in union_field["fields"] if nested_union_spec.get("type") != "union" and nested_union_spec.get("api_version") != self._api_version ) for field_name in body_to_validate: if field_name not in all_field_names: self.log.warning( "The field '%s' is in the body, but is not specified in the " "validation specification '%s'. " "This might be because you are using newer API version and " "new field names defined for that version. Then the warning " "can be safely ignored, or you might want to upgrade the operator" "to the version that supports the new API version.", field_name, self._validation_specs, )

Was this entry helpful?