harbor/make/photon/prepare/models.py

import os
import logging
from pathlib import Path
from shutil import copytree, rmtree

from g import internal_tls_dir, DEFAULT_GID, DEFAULT_UID, PG_GID, PG_UID
from utils.misc import check_permission, owner_can_read, get_realpath, port_number_valid
from utils.cert import san_existed


class InternalTLS:

    harbor_certs_filename = {
        'harbor_internal_ca.crt',
        'proxy.crt', 'proxy.key',
        'core.crt', 'core.key',
        'job_service.crt', 'job_service.key',
        'registryctl.crt', 'registryctl.key',
        'registry.crt', 'registry.key',
        'portal.crt', 'portal.key'
    }

    trivy_certs_filename = {
        'trivy_adapter.crt', 'trivy_adapter.key',
    }

    notary_certs_filename = {
        'notary_signer.crt', 'notary_signer.key',
        'notary_server.crt', 'notary_server.key'
    }

    db_certs_filename = {
        'harbor_db.crt', 'harbor_db.key'
    }

    def __init__(self, tls_enabled=False, verify_client_cert=False, tls_dir='', data_volume='', **kwargs):
        self.data_volume = data_volume
        self.verify_client_cert = verify_client_cert
        self.enabled = tls_enabled
        self.tls_dir = tls_dir
        if self.enabled:
            self.required_filenames = self.harbor_certs_filename
            if kwargs.get('with_notary'):
                self.required_filenames.update(self.notary_certs_filename)
            if kwargs.get('with_trivy'):
                self.required_filenames.update(self.trivy_certs_filename)
            if not kwargs.get('external_database'):
                self.required_filenames.update(self.db_certs_filename)

    def __getattribute__(self, name: str):
        """
        Make the call like 'internal_tls.core_crt_path' possible
        """
        # only handle when enabled tls and name ends with 'path'
        if name.endswith('_path'):
            if not (self.enabled):
                return object.__getattribute__(self, name)

            name_parts = name.split('_')
            if len(name_parts) < 3:
                return object.__getattribute__(self, name)

            filename = '{}.{}'.format('_'.join(name_parts[:-2]), name_parts[-2])

            if filename in self.required_filenames:
                return os.path.join(self.data_volume, 'secret', 'tls', filename)

        return object.__getattribute__(self, name)

    def _check(self, filename: str):
        """
        Check cert and key files are correct
        """

        path = Path(os.path.join(internal_tls_dir, filename))

        if not path.exists:
            if filename == 'harbor_internal_ca.crt':
                return
            raise Exception('File {} not exist'.format(filename))

        if not path.is_file:
            raise Exception('invalid {}'.format(filename))

        # check key file permission
        if filename.endswith('.key') and not check_permission(path, mode=0o600):
            raise Exception('key file {} permission is not 600'.format(filename))

        # check certificate file
        if filename.endswith('.crt'):
            if not owner_can_read(path.stat().st_mode):
                # check owner can read cert file
                raise Exception('File {} should readable by owner'.format(filename))
            if not san_existed(path):
                # check SAN included
                if filename == 'harbor_internal_ca.crt':
                    return
                raise Exception('cert file {} should include SAN'.format(filename))

    def validate(self):
        if not self.enabled:
            # pass the validation if not enabled
            return

        if not internal_tls_dir.exists():
            raise Exception('Internal dir for tls {} not exist'.format(internal_tls_dir))

        for filename in self.required_filenames:
            self._check(filename)

    def prepare(self):
        """
        Prepare moves certs in tls file to data volume with correct permission.
        """
        if not self.enabled:
            logging.info('internal tls NOT enabled...')
            return
        original_tls_dir = get_realpath(self.tls_dir)
        if internal_tls_dir.exists():
            rmtree(internal_tls_dir)
        copytree(original_tls_dir, internal_tls_dir, symlinks=True)

        for file in internal_tls_dir.iterdir():
            if file.name.endswith('.key'):
                file.chmod(0o600)
            elif file.name.endswith('.crt'):
                file.chmod(0o644)

            if file.name in self.db_certs_filename:
                os.chown(file, PG_UID, PG_GID)
            else:
                os.chown(file, DEFAULT_UID, DEFAULT_GID)


class Metric:
    def __init__(self, enabled: bool = False, port: int = 8080, path: str = "metrics"):
        self.enabled = enabled
        self.port = port
        self.path = path

    def validate(self):
        if not port_number_valid(self.port):
            raise Exception('Port number in metrics is not valid')


class JaegerExporter:
    def __init__(self, config: dict):
        if not config:
            self.enabled = False
            return
        self.enabled = True
        self.endpoint = config.get('endpoint')
        self.username = config.get('username')
        self.password = config.get('password')
        self.agent_host = config.get('agent_host')
        self.agent_port = config.get('agent_port')

    def validate(self):
        if not self.endpoint and not self.agent_host:
            raise Exception('Jaeger Colector Endpoint or Agent host not set, must set one')
        if self.endpoint and self.agent_host:
            raise Exception('Jaeger Colector Endpoint and Agent host both set, only can set one')


class OtelExporter:
    def __init__(self, config: dict):
        if not config:
            self.enabled = False
            return
        self.enabled = True
        self.endpoint = config.get('endpoint')
        self.url_path = config.get('url_path')
        self.compression = config.get('compression') or False
        self.insecure = config.get('insecure') or False
        self.timeout = config.get('timeout') or '10s'

    def validate(self):
        if not self.endpoint:
            raise Exception('Trace endpoint not set')
        if not self.url_path:
            raise Exception('Trace url path not set')


class Trace:
    def __init__(self, config: dict):
        self.enabled = config.get('enabled') or False
        self.sample_rate = config.get('sample_rate', 1)
        self.namespace = config.get('namespace') or ''
        self.jaeger = JaegerExporter(config.get('jaeger'))
        self.otel = OtelExporter(config.get('otel'))
        self.attributes = config.get('attributes') or {}

    def validate(self):
        if not self.enabled:
            return
        if not self.jaeger.enabled and not self.otel.enabled:
            raise Exception('Trace enabled but no trace exporter set')
        elif self.jaeger.enabled and self.otel.enabled:
            raise Exception('Only can have one trace exporter at a time')
        elif self.jaeger.enabled:
            self.jaeger.validate()
        elif self.otel.enabled:
            self.otel.validate()


class PurgeUpload:
    def __init__(self, config: dict):
        if not config:
            self.enabled = False
        self.enabled = config.get('enabled')
        self.age = config.get('age') or '168h'
        self.interval = config.get('interval') or '24h'
        self.dryrun = config.get('dryrun') or False
        return

    def validate(self):
        if not self.enabled:
            return
        # age should end with h
        if not isinstance(self.age, str) or not self.age.endswith('h'):
            raise Exception('purge upload age should set with with nh, n is the number of hour')
        # interval should larger than 2h
        age = self.age[:-1]
        if not age.isnumeric() or int(age) < 2:
            raise Exception('purge upload age should set with with nh, n is the number of hour and n should not be less than 2')

        # interval should end with h
        if not isinstance(self.interval, str) or not self.interval.endswith('h'):
            raise Exception('purge upload interval should set with with nh, n is the number of hour')
        # interval should larger than 2h
        interval = self.interval[:-1]
        if not interval.isnumeric() or int(interval) < 2:
            raise Exception('purge upload interval should set with with nh, n is the number of hour and n should not beless than 2')
        return


class Cache:
    def __init__(self, config: dict):
        if not config:
            self.enabled = False
        self.enabled = config.get('enabled')
        self.expire_hours = config.get('expire_hours')

    def validate(self):
        if not self.enabled:
            return

        if not self.expire_hours or self.expire_hours <= 0:
            raise Exception('cache expire hours should be positive number')
        return
Feat: update prepare to support tls update makefile add model for prepare update jinja template for prepare Signed-off-by: DQ <dengq@vmware.com> 2020-02-11 06:47:55 +01:00			`import os`
			`import logging`
			`from pathlib import Path`
			`from shutil import copytree, rmtree`

			`from g import internal_tls_dir, DEFAULT_GID, DEFAULT_UID, PG_GID, PG_UID`
Add prepare file for exporter prepare env for exporter Signed-off-by: DQ <dengq@vmware.com> 2020-11-17 13:14:11 +01:00			`from utils.misc import check_permission, owner_can_read, get_realpath, port_number_valid`
Add sen existed check for internal cert fali ealier when there is no san Signed-off-by: DQ <dengq@vmware.com> 2021-01-27 10:16:31 +01:00			`from utils.cert import san_existed`
Feat: update prepare to support tls update makefile add model for prepare update jinja template for prepare Signed-off-by: DQ <dengq@vmware.com> 2020-02-11 06:47:55 +01:00
feat: add cache layer for artifact (#16739) Implement cache layer for resource artifact and define common cache manager and workflow. Also add cache related options to configuration yaml. Signed-off-by: chlins <chenyuzh@vmware.com> 2022-03-25 10:59:37 +01:00
Feat: update prepare to support tls update makefile add model for prepare update jinja template for prepare Signed-off-by: DQ <dengq@vmware.com> 2020-02-11 06:47:55 +01:00			`class InternalTLS:`

			`harbor_certs_filename = {`
			`'harbor_internal_ca.crt',`
			`'proxy.crt', 'proxy.key',`
			`'core.crt', 'core.key',`
			`'job_service.crt', 'job_service.key',`
			`'registryctl.crt', 'registryctl.key',`
Add internal tls configs for portal add related file, config, command to enabled https for portal Signed-off-by: DQ <dengq@vmware.com> 2020-04-28 07:17:24 +02:00			`'registry.crt', 'registry.key',`
			`'portal.crt', 'portal.key'`
Feat: update prepare to support tls update makefile add model for prepare update jinja template for prepare Signed-off-by: DQ <dengq@vmware.com> 2020-02-11 06:47:55 +01:00			`}`

Add switch to https use switch to make decision whether mTLS or server TLS Signed-off-by: DQ <dengq@vmware.com> 2020-03-16 16:20:05 +01:00			`trivy_certs_filename = {`
			`'trivy_adapter.crt', 'trivy_adapter.key',`
			`}`

Feat: update prepare to support tls update makefile add model for prepare update jinja template for prepare Signed-off-by: DQ <dengq@vmware.com> 2020-02-11 06:47:55 +01:00			`notary_certs_filename = {`
			`'notary_signer.crt', 'notary_signer.key',`
			`'notary_server.crt', 'notary_server.key'`
			`}`

			`db_certs_filename = {`
			`'harbor_db.crt', 'harbor_db.key'`
			`}`

Add switch to https use switch to make decision whether mTLS or server TLS Signed-off-by: DQ <dengq@vmware.com> 2020-03-16 16:20:05 +01:00			`def __init__(self, tls_enabled=False, verify_client_cert=False, tls_dir='', data_volume='', **kwargs):`
Feat: update prepare to support tls update makefile add model for prepare update jinja template for prepare Signed-off-by: DQ <dengq@vmware.com> 2020-02-11 06:47:55 +01:00			`self.data_volume = data_volume`
Add switch to https use switch to make decision whether mTLS or server TLS Signed-off-by: DQ <dengq@vmware.com> 2020-03-16 16:20:05 +01:00			`self.verify_client_cert = verify_client_cert`
			`self.enabled = tls_enabled`
			`self.tls_dir = tls_dir`
			`if self.enabled:`
Feat: update prepare to support tls update makefile add model for prepare update jinja template for prepare Signed-off-by: DQ <dengq@vmware.com> 2020-02-11 06:47:55 +01:00			`self.required_filenames = self.harbor_certs_filename`
			`if kwargs.get('with_notary'):`
			`self.required_filenames.update(self.notary_certs_filename)`
Add tls for trivy Add trivy tls cert files Add tivey tls env and config enhance gencert Signed-off-by: DQ <dengq@vmware.com> 2020-03-17 10:30:25 +01:00			`if kwargs.get('with_trivy'):`
			`self.required_filenames.update(self.trivy_certs_filename)`
Feat: update prepare to support tls update makefile add model for prepare update jinja template for prepare Signed-off-by: DQ <dengq@vmware.com> 2020-02-11 06:47:55 +01:00			`if not kwargs.get('external_database'):`
			`self.required_filenames.update(self.db_certs_filename)`

			`def __getattribute__(self, name: str):`
			`"""`
			`Make the call like 'internal_tls.core_crt_path' possible`
			`"""`
			`# only handle when enabled tls and name ends with 'path'`
			`if name.endswith('_path'):`
			`if not (self.enabled):`
			`return object.__getattribute__(self, name)`

			`name_parts = name.split('_')`
			`if len(name_parts) < 3:`
			`return object.__getattribute__(self, name)`

			`filename = '{}.{}'.format('_'.join(name_parts[:-2]), name_parts[-2])`

			`if filename in self.required_filenames:`
			`return os.path.join(self.data_volume, 'secret', 'tls', filename)`

			`return object.__getattribute__(self, name)`

			`def _check(self, filename: str):`
			`"""`
Add sen existed check for internal cert fali ealier when there is no san Signed-off-by: DQ <dengq@vmware.com> 2021-01-27 10:16:31 +01:00			`Check cert and key files are correct`
Feat: update prepare to support tls update makefile add model for prepare update jinja template for prepare Signed-off-by: DQ <dengq@vmware.com> 2020-02-11 06:47:55 +01:00			`"""`

			`path = Path(os.path.join(internal_tls_dir, filename))`

			`if not path.exists:`
			`if filename == 'harbor_internal_ca.crt':`
			`return`
			`raise Exception('File {} not exist'.format(filename))`

			`if not path.is_file:`
			`raise Exception('invalid {}'.format(filename))`

			`# check key file permission`
			`if filename.endswith('.key') and not check_permission(path, mode=0o600):`
			`raise Exception('key file {} permission is not 600'.format(filename))`

Add sen existed check for internal cert fali ealier when there is no san Signed-off-by: DQ <dengq@vmware.com> 2021-01-27 10:16:31 +01:00			`# check certificate file`
			`if filename.endswith('.crt'):`
			`if not owner_can_read(path.stat().st_mode):`
			`# check owner can read cert file`
Feat: update prepare to support tls update makefile add model for prepare update jinja template for prepare Signed-off-by: DQ <dengq@vmware.com> 2020-02-11 06:47:55 +01:00			`raise Exception('File {} should readable by owner'.format(filename))`
Add sen existed check for internal cert fali ealier when there is no san Signed-off-by: DQ <dengq@vmware.com> 2021-01-27 10:16:31 +01:00			`if not san_existed(path):`
			`# check SAN included`
			`if filename == 'harbor_internal_ca.crt':`
			`return`
			`raise Exception('cert file {} should include SAN'.format(filename))`

Add trace related configs * Update harbor config template * Update python config parsing * Update env template Signed-off-by: Qian Deng <dengq@vmware.com> 2021-08-23 09:08:49 +02:00			`def validate(self):`
Feat: update prepare to support tls update makefile add model for prepare update jinja template for prepare Signed-off-by: DQ <dengq@vmware.com> 2020-02-11 06:47:55 +01:00			`if not self.enabled:`
Add sen existed check for internal cert fali ealier when there is no san Signed-off-by: DQ <dengq@vmware.com> 2021-01-27 10:16:31 +01:00			`# pass the validation if not enabled`
Add trace related configs * Update harbor config template * Update python config parsing * Update env template Signed-off-by: Qian Deng <dengq@vmware.com> 2021-08-23 09:08:49 +02:00			`return`
Feat: update prepare to support tls update makefile add model for prepare update jinja template for prepare Signed-off-by: DQ <dengq@vmware.com> 2020-02-11 06:47:55 +01:00
			`if not internal_tls_dir.exists():`
			`raise Exception('Internal dir for tls {} not exist'.format(internal_tls_dir))`

			`for filename in self.required_filenames:`
			`self._check(filename)`

			`def prepare(self):`
			`"""`
			`Prepare moves certs in tls file to data volume with correct permission.`
			`"""`
			`if not self.enabled:`
			`logging.info('internal tls NOT enabled...')`
			`return`
			`original_tls_dir = get_realpath(self.tls_dir)`
Feat: enable tls in registryctlAdd tls related code in registryctl Signed-off-by: DQ <dengq@vmware.com> 2020-02-11 07:39:19 +01:00			`if internal_tls_dir.exists():`
			`rmtree(internal_tls_dir)`
Feat: update prepare to support tls update makefile add model for prepare update jinja template for prepare Signed-off-by: DQ <dengq@vmware.com> 2020-02-11 06:47:55 +01:00			`copytree(original_tls_dir, internal_tls_dir, symlinks=True)`

			`for file in internal_tls_dir.iterdir():`
			`if file.name.endswith('.key'):`
			`file.chmod(0o600)`
			`elif file.name.endswith('.crt'):`
			`file.chmod(0o644)`

			`if file.name in self.db_certs_filename:`
			`os.chown(file, PG_UID, PG_GID)`
			`else:`
			`os.chown(file, DEFAULT_UID, DEFAULT_GID)`

feat: add cache layer for artifact (#16739) Implement cache layer for resource artifact and define common cache manager and workflow. Also add cache related options to configuration yaml. Signed-off-by: chlins <chenyuzh@vmware.com> 2022-03-25 10:59:37 +01:00
Add metrics to Harbor Core 1. Add configs in prepare 2. Add models and config items in Core 3. Encapdulate getting metric in commom package 4. Add a middleware for global request to collect 3 metrics Signed-off-by: DQ <dengq@vmware.com> 2020-10-18 18:16:02 +02:00			`class Metric:`
feat: add cache layer for artifact (#16739) Implement cache layer for resource artifact and define common cache manager and workflow. Also add cache related options to configuration yaml. Signed-off-by: chlins <chenyuzh@vmware.com> 2022-03-25 10:59:37 +01:00			`def __init__(self, enabled: bool = False, port: int = 8080, path: str = "metrics"):`
Add metrics to Harbor Core 1. Add configs in prepare 2. Add models and config items in Core 3. Encapdulate getting metric in commom package 4. Add a middleware for global request to collect 3 metrics Signed-off-by: DQ <dengq@vmware.com> 2020-10-18 18:16:02 +02:00			`self.enabled = enabled`
			`self.port = port`
			`self.path = path`
Add prepare file for exporter prepare env for exporter Signed-off-by: DQ <dengq@vmware.com> 2020-11-17 13:14:11 +01:00
			`def validate(self):`
			`if not port_number_valid(self.port):`
Add trace related configs * Update harbor config template * Update python config parsing * Update env template Signed-off-by: Qian Deng <dengq@vmware.com> 2021-08-23 09:08:49 +02:00			`raise Exception('Port number in metrics is not valid')`


			`class JaegerExporter:`
			`def __init__(self, config: dict):`
			`if not config:`
Refactor trace code * use lib trace helper function * add gracefull shutdown * Add commens for new added exposed function * Add licence on top of new created files * Update trace library * Update configs * Add attribute and namespance in config Signed-off-by: Qian Deng <dengq@vmware.com> 2021-08-27 18:24:14 +02:00			`self.enabled = False`
			`return`
			`self.enabled = True`
Add trace related configs * Update harbor config template * Update python config parsing * Update env template Signed-off-by: Qian Deng <dengq@vmware.com> 2021-08-23 09:08:49 +02:00			`self.endpoint = config.get('endpoint')`
			`self.username = config.get('username')`
			`self.password = config.get('password')`
			`self.agent_host = config.get('agent_host')`
			`self.agent_port = config.get('agent_port')`

			`def validate(self):`
Add validation for tracing * add validation of tracing in validating process Signed-off-by: Qian Deng <dengq@vmware.com> 2021-09-27 09:38:29 +02:00			`if not self.endpoint and not self.agent_host:`
			`raise Exception('Jaeger Colector Endpoint or Agent host not set, must set one')`
			`if self.endpoint and self.agent_host:`
			`raise Exception('Jaeger Colector Endpoint and Agent host both set, only can set one')`
Add trace related configs * Update harbor config template * Update python config parsing * Update env template Signed-off-by: Qian Deng <dengq@vmware.com> 2021-08-23 09:08:49 +02:00
feat: add cache layer for artifact (#16739) Implement cache layer for resource artifact and define common cache manager and workflow. Also add cache related options to configuration yaml. Signed-off-by: chlins <chenyuzh@vmware.com> 2022-03-25 10:59:37 +01:00
Add trace related configs * Update harbor config template * Update python config parsing * Update env template Signed-off-by: Qian Deng <dengq@vmware.com> 2021-08-23 09:08:49 +02:00			`class OtelExporter:`
			`def __init__(self, config: dict):`
			`if not config:`
Refactor trace code * use lib trace helper function * add gracefull shutdown * Add commens for new added exposed function * Add licence on top of new created files * Update trace library * Update configs * Add attribute and namespance in config Signed-off-by: Qian Deng <dengq@vmware.com> 2021-08-27 18:24:14 +02:00			`self.enabled = False`
			`return`
			`self.enabled = True`
Add trace related configs * Update harbor config template * Update python config parsing * Update env template Signed-off-by: Qian Deng <dengq@vmware.com> 2021-08-23 09:08:49 +02:00			`self.endpoint = config.get('endpoint')`
			`self.url_path = config.get('url_path')`
			`self.compression = config.get('compression') or False`
			`self.insecure = config.get('insecure') or False`
			`self.timeout = config.get('timeout') or '10s'`

			`def validate(self):`
			`if not self.endpoint:`
			`raise Exception('Trace endpoint not set')`
			`if not self.url_path:`
			`raise Exception('Trace url path not set')`

feat: add cache layer for artifact (#16739) Implement cache layer for resource artifact and define common cache manager and workflow. Also add cache related options to configuration yaml. Signed-off-by: chlins <chenyuzh@vmware.com> 2022-03-25 10:59:37 +01:00
Add trace related configs * Update harbor config template * Update python config parsing * Update env template Signed-off-by: Qian Deng <dengq@vmware.com> 2021-08-23 09:08:49 +02:00			`class Trace:`
			`def __init__(self, config: dict):`
Refactor trace code * use lib trace helper function * add gracefull shutdown * Add commens for new added exposed function * Add licence on top of new created files * Update trace library * Update configs * Add attribute and namespance in config Signed-off-by: Qian Deng <dengq@vmware.com> 2021-08-27 18:24:14 +02:00			`self.enabled = config.get('enabled') or False`
Add trace related configs * Update harbor config template * Update python config parsing * Update env template Signed-off-by: Qian Deng <dengq@vmware.com> 2021-08-23 09:08:49 +02:00			`self.sample_rate = config.get('sample_rate', 1)`
Refactor trace code * use lib trace helper function * add gracefull shutdown * Add commens for new added exposed function * Add licence on top of new created files * Update trace library * Update configs * Add attribute and namespance in config Signed-off-by: Qian Deng <dengq@vmware.com> 2021-08-27 18:24:14 +02:00			`self.namespace = config.get('namespace') or ''`
			`self.jaeger = JaegerExporter(config.get('jaeger'))`
			`self.otel = OtelExporter(config.get('otel'))`
			`self.attributes = config.get('attributes') or {}`
Add trace related configs * Update harbor config template * Update python config parsing * Update env template Signed-off-by: Qian Deng <dengq@vmware.com> 2021-08-23 09:08:49 +02:00
			`def validate(self):`
Add validation for tracing * add validation of tracing in validating process Signed-off-by: Qian Deng <dengq@vmware.com> 2021-09-27 09:38:29 +02:00			`if not self.enabled:`
			`return`
			`if not self.jaeger.enabled and not self.otel.enabled:`
Add trace related configs * Update harbor config template * Update python config parsing * Update env template Signed-off-by: Qian Deng <dengq@vmware.com> 2021-08-23 09:08:49 +02:00			`raise Exception('Trace enabled but no trace exporter set')`
Add validation for tracing * add validation of tracing in validating process Signed-off-by: Qian Deng <dengq@vmware.com> 2021-09-27 09:38:29 +02:00			`elif self.jaeger.enabled and self.otel.enabled:`
			`raise Exception('Only can have one trace exporter at a time')`
			`elif self.jaeger.enabled:`
			`self.jaeger.validate()`
			`elif self.otel.enabled:`
			`self.otel.validate()`
Add upload purge config to registry/config.yml Enable the uploadpurging by default Fixes #15641 Signed-off-by: stonezdj <stonezdj@gmail.com> 2021-12-16 09:00:07 +01:00
feat: add cache layer for artifact (#16739) Implement cache layer for resource artifact and define common cache manager and workflow. Also add cache related options to configuration yaml. Signed-off-by: chlins <chenyuzh@vmware.com> 2022-03-25 10:59:37 +01:00
Add upload purge config to registry/config.yml Enable the uploadpurging by default Fixes #15641 Signed-off-by: stonezdj <stonezdj@gmail.com> 2021-12-16 09:00:07 +01:00			`class PurgeUpload:`
			`def __init__(self, config: dict):`
			`if not config:`
			`self.enabled = False`
			`self.enabled = config.get('enabled')`
			`self.age = config.get('age') or '168h'`
			`self.interval = config.get('interval') or '24h'`
			`self.dryrun = config.get('dryrun') or False`
			`return`

			`def validate(self):`
			`if not self.enabled:`
			`return`
			`# age should end with h`
			`if not isinstance(self.age, str) or not self.age.endswith('h'):`
			`raise Exception('purge upload age should set with with nh, n is the number of hour')`
			`# interval should larger than 2h`
			`age = self.age[:-1]`
feat: add cache layer for artifact (#16739) Implement cache layer for resource artifact and define common cache manager and workflow. Also add cache related options to configuration yaml. Signed-off-by: chlins <chenyuzh@vmware.com> 2022-03-25 10:59:37 +01:00			`if not age.isnumeric() or int(age) < 2:`
Add upload purge config to registry/config.yml Enable the uploadpurging by default Fixes #15641 Signed-off-by: stonezdj <stonezdj@gmail.com> 2021-12-16 09:00:07 +01:00			`raise Exception('purge upload age should set with with nh, n is the number of hour and n should not be less than 2')`
feat: add cache layer for artifact (#16739) Implement cache layer for resource artifact and define common cache manager and workflow. Also add cache related options to configuration yaml. Signed-off-by: chlins <chenyuzh@vmware.com> 2022-03-25 10:59:37 +01:00
Add upload purge config to registry/config.yml Enable the uploadpurging by default Fixes #15641 Signed-off-by: stonezdj <stonezdj@gmail.com> 2021-12-16 09:00:07 +01:00			`# interval should end with h`
			`if not isinstance(self.interval, str) or not self.interval.endswith('h'):`
			`raise Exception('purge upload interval should set with with nh, n is the number of hour')`
			`# interval should larger than 2h`
			`interval = self.interval[:-1]`
feat: add cache layer for artifact (#16739) Implement cache layer for resource artifact and define common cache manager and workflow. Also add cache related options to configuration yaml. Signed-off-by: chlins <chenyuzh@vmware.com> 2022-03-25 10:59:37 +01:00			`if not interval.isnumeric() or int(interval) < 2:`
Add upload purge config to registry/config.yml Enable the uploadpurging by default Fixes #15641 Signed-off-by: stonezdj <stonezdj@gmail.com> 2021-12-16 09:00:07 +01:00			`raise Exception('purge upload interval should set with with nh, n is the number of hour and n should not beless than 2')`
			`return`
feat: add cache layer for artifact (#16739) Implement cache layer for resource artifact and define common cache manager and workflow. Also add cache related options to configuration yaml. Signed-off-by: chlins <chenyuzh@vmware.com> 2022-03-25 10:59:37 +01:00

			`class Cache:`
			`def __init__(self, config: dict):`
			`if not config:`
			`self.enabled = False`
			`self.enabled = config.get('enabled')`
			`self.expire_hours = config.get('expire_hours')`

			`def validate(self):`
			`if not self.enabled:`
			`return`

fix(prepare): validate expire hours when enable cache (#16949) (#16953) Signed-off-by: chlins <chenyuzh@vmware.com> 2022-06-07 07:21:47 +02:00			`if not self.expire_hours or self.expire_hours <= 0:`
			`raise Exception('cache expire hours should be positive number')`
feat: add cache layer for artifact (#16739) Implement cache layer for resource artifact and define common cache manager and workflow. Also add cache related options to configuration yaml. Signed-off-by: chlins <chenyuzh@vmware.com> 2022-03-25 10:59:37 +01:00			`return`