[Validators] Add validator ExtraChefAttributesValidator to validate DevSettings/Cookbook/ExtraChefAttributes.

For now, it only validates that:

 1. ExtraChefAttributes is a valid JSON.
 2. the attribute `cluster.cfnhup_on_fleet_enabled` is a boolean value.
 3. if the attribute `cluster.cfnhup_on_fleet_enabled` is false, returns a warning to notify the user that disabling cfn-hup has consequences on the cluster update behavior.

Author: gmarciani

CHANGELOG.md

@@ -4,6 +4,9 @@ CHANGELOG
 3.15.0
 ------
 
+**CHANGES**
+- Add validator that warns against the downsides of disabling cfn-hup on compute and login nodes.
+
 **BUG FIXES**
 - Reduce EFA installation time for Ubuntu by ~20 minutes by only holding kernel packages for the installed kernel.
 

cli/src/pcluster/config/common.py

@@ -21,6 +21,7 @@
 from typing import List, Set
 
 from pcluster.validators.common import AsyncValidator, FailureLevel, ValidationResult, Validator, ValidatorContext
+from pcluster.validators.dev_settings_validators import ExtraChefAttributesValidator
 from pcluster.validators.iam_validators import AdditionalIamPolicyValidator
 from pcluster.validators.networking_validators import LambdaFunctionsVpcConfigValidator
 from pcluster.validators.s3_validators import UrlValidator
@@ -333,6 +334,8 @@ def __init__(self, chef_cookbook: str = None, extra_chef_attributes: str = None)
     def _register_validators(self, context: ValidatorContext = None):
         if self.chef_cookbook is not None:
             self._register_validator(UrlValidator, url=self.chef_cookbook)
+        if self.extra_chef_attributes:
+            self._register_validator(ExtraChefAttributesValidator, extra_chef_attributes=self.extra_chef_attributes)
 
 
 class LambdaFunctionsVpcConfig(Resource):

cli/src/pcluster/validators/dev_settings_validators.py

@@ -0,0 +1,54 @@
+# Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+# with the License. A copy of the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "LICENSE.txt" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
+# OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions and
+# limitations under the License.
+import json
+
+from pcluster.validators.common import FailureLevel, Validator
+from pcluster.validators.utils import dig, is_boolean_string, is_valid_json, str_to_bool
+
+EXTRA_CHEF_ATTRIBUTES_PATH = "DevSettings/Cookbook/ExtraChefAttributes"
+ATTR_CFN_HUP_ON_FLEET_ENABLED = "cfnhup_on_fleet_enabled"
+
+
+class ExtraChefAttributesValidator(Validator):
+    """Validator for DevSettings/Cookbook/ExtraChefAttributes."""
+
+    def _validate(self, extra_chef_attributes: str = None):
+        """Validate DevSettings/Cookbook/ExtraChefAttributes."""
+        if not extra_chef_attributes:
+            return
+        elif not is_valid_json(extra_chef_attributes):
+            self._add_failure(
+                f"Invalid value in {EXTRA_CHEF_ATTRIBUTES_PATH}: must be a JSON.",
+                FailureLevel.ERROR,
+            )
+        else:
+            self._validate_cfnup_on_fleet_enabled(json.loads(extra_chef_attributes))
+
+    def _validate_cfnup_on_fleet_enabled(self, extra_chef_attributes: dict = None):
+        cfnhup_on_fleet_enabled = dig(extra_chef_attributes, "cluster", ATTR_CFN_HUP_ON_FLEET_ENABLED)
+
+        if cfnhup_on_fleet_enabled is None:
+            return
+
+        if not is_boolean_string(str(cfnhup_on_fleet_enabled)):
+            self._add_failure(
+                f"Invalid value in {EXTRA_CHEF_ATTRIBUTES_PATH}: "
+                f"attribute '{ATTR_CFN_HUP_ON_FLEET_ENABLED}' must be a boolean value.",
+                FailureLevel.ERROR,
+            )
+            return
+
+        if str_to_bool(str(cfnhup_on_fleet_enabled)) is False:
+            self._add_failure(
+                "Disabling cfn-hup on compute and login nodes removes the possibility "
+                "to execute in-place cluster updates on compute and login nodes.",
+                FailureLevel.WARNING,
+            )

cli/src/pcluster/validators/utils.py

@@ -12,7 +12,38 @@
 # This module contains all the classes representing the Resources objects.
 # These objects are obtained from the configuration file through a conversion based on the Schema classes.
 #
+import json
+from typing import Any
+
+BOOLEAN_VALUES = ["true", "false"]
 
 
 def get_bucket_name_from_s3_url(import_path):
     return import_path.split("/")[2]
+
+
+def str_to_bool(string: str = None) -> bool:
+    return str(string).lower() == "true"
+
+
+def is_boolean_string(value: str) -> bool:
+    return str(value).lower() in BOOLEAN_VALUES
+
+
+def is_valid_json(string: str = None) -> bool:
+    try:
+        json.loads(string)
+        return True
+    except (ValueError, TypeError):
+        return False
+
+
+def dig(dictionary: dict, *keys: str) -> dict | None | Any:
+    if dictionary is None:
+        return None
+    value = dictionary
+    for key in keys:
+        if value is None or not isinstance(value, dict):
+            return None
+        value = value.get(key)
+    return value

cli/tests/pcluster/validators/test_all_validators.py

@@ -19,6 +19,7 @@
 from pcluster.validators import (
     cluster_validators,
     database_validators,
+    dev_settings_validators,
     ebs_validators,
     ec2_validators,
     feature_validators,
@@ -67,6 +68,7 @@ async def _validate_async(*args, **kwargs):
     modules = [
         cluster_validators,
         database_validators,
+        dev_settings_validators,
         ebs_validators,
         ec2_validators,
         fsx_validators,
@@ -282,6 +284,10 @@ def test_slurm_validators_are_called_with_correct_argument(test_datadir, mocker)
     compute_resource_tags_validator = mocker.patch(
         tags_validators + ".ComputeResourceTagsValidator._validate", return_value=[]
     )
+    dev_settings_validators = validators_path + ".dev_settings_validators"
+    extra_chef_attributes_validator = mocker.patch(
+        dev_settings_validators + ".ExtraChefAttributesValidator._validate", return_value=[]
+    )
     mocker.patch(
         "pcluster.config.cluster_config.HeadNode.architecture", new_callable=PropertyMock(return_value="x86_64")
     )
@@ -451,6 +457,8 @@ def test_slurm_validators_are_called_with_correct_argument(test_datadir, mocker)
         any_order=True,
     )
 
+    extra_chef_attributes_validator.assert_has_calls([call(extra_chef_attributes='{"attr1": {"attr2": "value"}}')])
+
     # No assertion on the argument for minor validators
     name_validator.assert_called()
     feature_region_validator.assert_called()

cli/tests/pcluster/validators/test_all_validators/test_slurm_validators_are_called_with_correct_argument/slurm.yaml

@@ -101,3 +101,7 @@ Tags:
     Value: String
   - Key: cluster_tag2
     Value: String
+DevSettings:
+  Cookbook:
+    ExtraChefAttributes: |
+      {"attr1": {"attr2": "value"}}

cli/tests/pcluster/validators/test_dev_settings_validators.py

@@ -0,0 +1,70 @@
+# Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+# with the License. A copy of the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "LICENSE.txt" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
+# OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions and
+# limitations under the License.
+import pytest
+
+from pcluster.validators.common import FailureLevel
+from pcluster.validators.dev_settings_validators import ExtraChefAttributesValidator
+from tests.pcluster.validators.utils import assert_failure_level, assert_failure_messages
+
+
+@pytest.mark.parametrize(
+    "extra_chef_attributes, expected_message, expected_failure_level",
+    [
+        # cfn-hup enabled, implicitly
+        (None, None, None),
+        ('{"other_attribute": "value"}', None, None),
+        # cfn-hup enabled, explicitly
+        ('{"cluster": {"cfnhup_on_fleet_enabled": "true"}}', None, None),
+        ('{"cluster": {"cfnhup_on_fleet_enabled": true}}', None, None),
+        # cfn-hup disabled
+        (
+            '{"cluster": {"cfnhup_on_fleet_enabled": "false"}}',
+            "Disabling cfn-hup on compute and login nodes removes the possibility "
+            "to execute in-place cluster updates on compute and login nodes.",
+            FailureLevel.WARNING,
+        ),
+        (
+            '{"cluster": {"cfnhup_on_fleet_enabled": false}}',
+            "Disabling cfn-hup on compute and login nodes removes the possibility "
+            "to execute in-place cluster updates on compute and login nodes.",
+            FailureLevel.WARNING,
+        ),
+        # cfnhup_on_fleet_enabled: invalid values
+        (
+            '{"cluster": {"cfnhup_on_fleet_enabled": "invalid"}}',
+            "Invalid value in DevSettings/Cookbook/ExtraChefAttributes: "
+            "attribute 'cfnhup_on_fleet_enabled' must be a boolean value.",
+            FailureLevel.ERROR,
+        ),
+        (
+            '{"cluster": {"cfnhup_on_fleet_enabled": 123}}',
+            "Invalid value in DevSettings/Cookbook/ExtraChefAttributes: "
+            "attribute 'cfnhup_on_fleet_enabled' must be a boolean value.",
+            FailureLevel.ERROR,
+        ),
+        # ExtraChefAttributes: invalid values
+        (
+            "invalid json",
+            "Invalid value in DevSettings/Cookbook/ExtraChefAttributes: must be a JSON.",
+            FailureLevel.ERROR,
+        ),
+        (
+            "{invalid: json}",
+            "Invalid value in DevSettings/Cookbook/ExtraChefAttributes: must be a JSON.",
+            FailureLevel.ERROR,
+        ),
+    ],
+)
+def test_extra_chef_attributes_validator(extra_chef_attributes, expected_message, expected_failure_level):
+    actual_failures = ExtraChefAttributesValidator().execute(extra_chef_attributes=extra_chef_attributes)
+    assert_failure_messages(actual_failures, expected_message)
+    if expected_failure_level:
+        assert_failure_level(actual_failures, expected_failure_level)

cli/tests/pcluster/validators/test_utils.py

@@ -0,0 +1,103 @@
+# Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
+# with the License. A copy of the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "LICENSE.txt" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
+# OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions and
+# limitations under the License.
+import pytest
+
+from pcluster.validators.utils import dig, is_boolean_string, is_valid_json, str_to_bool
+
+
+@pytest.mark.parametrize(
+    "string_value, expected_result",
+    [
+        ("true", True),
+        ("True", True),
+        ("TRUE", True),
+        ("false", False),
+        ("False", False),
+        ("FALSE", False),
+        ("yes", False),
+        ("no", False),
+        ("1", False),
+        ("0", False),
+        (None, False),
+        ("", False),
+    ],
+)
+def test_str_to_bool(string_value, expected_result):
+    assert str_to_bool(string_value) == expected_result
+
+
+@pytest.mark.parametrize(
+    "value, expected_result",
+    [
+        ("true", True),
+        ("True", True),
+        ("TRUE", True),
+        ("false", True),
+        ("False", True),
+        ("FALSE", True),
+        (True, True),
+        (False, True),
+        (None, False),
+        ("", False),
+        ("yes", False),
+        ("no", False),
+        ("1", False),
+        ("0", False),
+        (1, False),
+        (0, False),
+    ],
+)
+def test_is_boolean_string(value, expected_result):
+    assert is_boolean_string(value) == expected_result
+
+
+@pytest.mark.parametrize(
+    "json_string, expected_result",
+    [
+        ('{"key": "value"}', True),
+        ('{"nested": {"key": "value"}}', True),
+        ("[]", True),
+        ('[{"key": "value"}]', True),
+        ("null", True),
+        ("true", True),
+        ("false", True),
+        ('"string"', True),
+        ("123", True),
+        ("invalid json", False),
+        ("{invalid: json}", False),
+        ('{"unclosed": "json"', False),
+        (None, False),
+        ("", False),
+    ],
+)
+def test_is_valid_json(json_string, expected_result):
+    assert is_valid_json(json_string) == expected_result
+
+
+@pytest.mark.parametrize(
+    "dictionary, keys, expected_result",
+    [
+        ({"a": {"b": {"c": "value"}}}, ("a", "b", "c"), "value"),
+        ({"a": {"b": "value"}}, ("a", "b"), "value"),
+        ({"a": "value"}, ("a",), "value"),
+        ({"a": {"b": {"c": "value"}}}, ("a", "b"), {"c": "value"}),
+        ({"a": {"b": {"c": "value"}}}, ("a", "nonexistent"), None),
+        ({"a": {"b": {"c": "value"}}}, ("nonexistent",), None),
+        ({"a": {"b": {"c": "value"}}}, ("a", "b", "c", "d"), None),
+        ({}, ("a",), None),
+        (None, ("a",), None),
+        ({"a": None}, ("a", "b"), None),
+        ({"a": "not_dict"}, ("a", "b"), None),
+        ({"a": {"b": None}}, ("a", "b", "c"), None),
+    ],
+)
+def test_dig(dictionary, keys, expected_result):
+    assert dig(dictionary, *keys) == expected_result