This repository has been archived by the owner on Jan 8, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 327
/
job.go
177 lines (149 loc) · 4.67 KB
/
job.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
package ptypes
import (
"errors"
"path/filepath"
"reflect"
"strings"
"github.com/go-git/go-git/v5/plumbing/transport/ssh"
validation "github.com/go-ozzo/ozzo-validation/v4"
"github.com/imdario/mergo"
"github.com/mitchellh/go-testing-interface"
"github.com/stretchr/testify/require"
"github.com/hashicorp/waypoint/internal/pkg/validationext"
pb "github.com/hashicorp/waypoint/pkg/server/gen"
)
func TestJobNew(t testing.T, src *pb.Job) *pb.Job {
t.Helper()
if src == nil {
src = &pb.Job{}
}
require.NoError(t, mergo.Merge(src, &pb.Job{
Application: &pb.Ref_Application{
Application: "a_test",
Project: "p_test",
},
Workspace: &pb.Ref_Workspace{
Workspace: "w_test",
},
TargetRunner: &pb.Ref_Runner{
Target: &pb.Ref_Runner_Any{
Any: &pb.Ref_RunnerAny{},
},
},
DataSource: &pb.Job_DataSource{
Source: &pb.Job_DataSource_Local{
Local: &pb.Job_Local{},
},
},
Operation: &pb.Job_Noop_{
Noop: &pb.Job_Noop{},
},
}))
return src
}
// ValidateJob validates the job structure.
// TODO: This still fails if the job passed in to be validated is nil
func ValidateJob(job *pb.Job) error {
return validationext.Error(validation.ValidateStruct(job,
validation.Field(&job.Id, validation.By(isEmpty)),
validation.Field(&job.Application, validation.Required),
validation.Field(&job.Workspace, validation.Required),
validation.Field(&job.TargetRunner, validation.Required),
validation.Field(&job.Operation, validation.Required),
validationext.StructField(&job.DataSource, func() []*validation.FieldRules {
return ValidateJobDataSourceRules(job.DataSource)
}),
))
}
// ValidateJobDataSourceRules
func ValidateJobDataSourceRules(v *pb.Job_DataSource) []*validation.FieldRules {
return []*validation.FieldRules{
validation.Field(&v.Source, validation.Required),
validationext.StructOneof(&v.Source, (*pb.Job_DataSource_Git)(nil),
func() []*validation.FieldRules {
v := v.Source.(*pb.Job_DataSource_Git)
return validateJobDataSourceGitRules(v)
}),
}
}
// validateJobDataSourceGitRules
func validateJobDataSourceGitRules(v *pb.Job_DataSource_Git) []*validation.FieldRules {
return []*validation.FieldRules{
validation.Field(&v.Git.Url, validation.Required),
validation.Field(&v.Git.Path, validation.By(hasNoDotDot), validation.By(isGitPath)),
validationext.StructOneof(&v.Git.Auth, (*pb.Job_Git_Basic_)(nil),
func() []*validation.FieldRules {
v := v.Git.Auth.(*pb.Job_Git_Basic_)
return []*validation.FieldRules{
validation.Field(&v.Basic.Username, validation.Required),
validation.Field(&v.Basic.Password, validation.Required),
}
}),
validationext.StructOneof(&v.Git.Auth, (*pb.Job_Git_Ssh)(nil),
func() []*validation.FieldRules {
v := v.Git.Auth.(*pb.Job_Git_Ssh)
return []*validation.FieldRules{
validation.Field(&v.Ssh.PrivateKeyPem,
validation.Required, isSSHKey(v)),
}
}),
}
}
func isEmpty(v interface{}) error {
if reflect.ValueOf(v).IsZero() {
return nil
}
return errors.New("must be empty")
}
// isGitPath validates the Git path.
func isGitPath(v interface{}) error {
path := v.(string)
if len(path) == 0 {
return nil
}
if filepath.IsAbs(path) {
return errors.New("must be relative")
}
// We do this so we can just assume that all slashes are filepath.Sep
path = filepath.ToSlash(path)
// Verify we don't start with ./ or .\
if len(path) >= 2 && path[0] == '.' && path[1] == filepath.Separator {
return errors.New("relative path shouldn't start with " + path[:2])
}
// Verify we don't have any '//' in there. This also catches anything
// more than 2 since any grouping of 3 or more is also a grouping of at least 2
multisep := strings.Repeat(string(filepath.Separator), 2)
if strings.Contains(path, multisep) {
return errors.New("path should not contain repeated separator characters such as '//'")
}
// We also don't want '..' anywhere in the path, but that
// is validated with hasNoDotDot.
// We also want paths to end with / but that seems overly
// pedantic so that is something we'll add ourselves in our
// data source anytime we need the path to end with a slash.
return nil
}
// isGitSSHKey validates the SSH key given.
func isSSHKey(v *pb.Job_Git_Ssh) validation.Rule {
return validation.By(func(_ interface{}) error {
if len(v.Ssh.PrivateKeyPem) == 0 {
return nil
}
_, err := ssh.NewPublicKeys(
"git",
[]byte(v.Ssh.PrivateKeyPem),
v.Ssh.Password,
)
return err
})
}
func hasNoDotDot(v interface{}) error {
path := v.(string)
path = filepath.ToSlash(path)
for _, part := range strings.Split(path, string(filepath.Separator)) {
if part == ".." {
return errors.New("must not contain '..'")
}
}
return nil
}