New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add validation for build.spec.source.url #512
Add validation for build.spec.source.url #512
Conversation
/test 4.4-unit |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the validation. I think this and possible other validation can be really helpful for end-user happiness. I would like to ask you to look into an alternative solution for the actual Git interaction.
It makes a pull request much easier to review if you split it into two commits, one for the code that you are writing, and one for vendoring dependencies. Otherwise we find ourselves combing through 400+ files. |
@coreydaley Thanks for your suggestions! Now, I split it into two. Pls take a look again, thanks! |
Awesome, thank you! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@xiujuan95 nice work. There is still some pieces of this PR to improve, but we are close. Sorry for my late reply. I didn´t check the integration-tests yet, but lets address the rest of my comments first.
/test 4.4-unit |
@coreydaley @qu1queee There are many many comments. I think I have refined code according to your all comments. Pls take a look again, thanks! If I am missing anything, pls let me know! |
|
||
// AnnotationBuildRefRepository is a label key that tells the Build Controller to check whether remote repository exists or not. | ||
// If its value is true, controller checks remote repository, otherwise, it won't be checked | ||
AnnotationBuildRefRepository = "build.build.dev/verify.repository" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This constant name doesn't really signify what it is being used for, how about something like "AnnotationBuildVerifyRepository" ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done!
pkg/git/git.go
Outdated
} | ||
|
||
// ValidateGitURLFormat validates the given URL format is valid and public or not | ||
func ValidateGitURLFormat(url string) string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From what I can see, this function is not really validating anything, it is parsing the url and returning whether it is a public, private, or invalid repository, so the function name seems a bit off. How about something like "IdentifyGitURLType" or "ParseGitURLType" ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done!
// | ||
// SPDX-License-Identifier: Apache-2.0 | ||
|
||
package integration_test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't this just be "package integration"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Keep use integration_test
package name.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@xiujuan95 thanks, we should be close to finish. There is one more concern here. The current PR does not enforce the GIT validation by default. If we want the Build controller to validate a Build spec.source.url, users need to define the annotation.
I believe we need to deal with the GIT validation in the same way as we do with the secrets and strategies validation which is by default. But, because of @gabemontero concerns, we should be flexible, therefore the annotation should be a way to allow users to disable the validation if desired. I know this contradicts my statement in #464 (comment) , but now that I see the PR I think we should opt-in by default, and opt-out if desired via the annotation. @gabemontero fyi.
Just for your info, I realized this annotation will be alway added and set to be true by UI and CLI by default, so our users don't need to define this annotation by themselves. But for shipwright build users, yes, they indeed need to add this annotation by themselves. Besides, if we validate sourceURL by default, then most of our test cases will be fail unless we updates all sample cases to add this annotation and set it to be true. So @qu1queee , I think current way is fine for us. Only the value of this annotation is true, Build will go to verify sourceURL. |
@coreydaley @qu1queee I add a new commit to update build document, pls take a look, thanks! |
@xiujuan95 im not sure I fully understand your concerns.
why the above? if we validate by default, the annotation does not need to be set it at all, we would use the annotation only to disable the validation, not to enable.
I dont think is true. I think in general there is a thinking that UI/CLI can abstract complexity from users, e.g. adding an annotation in Builds or Secrets during creation , thinking which we should use only if needed. For example, for the |
@qu1queee @zhangtbj @SaschaSchwarze0 I am fine about validating sourceURL by default. But I still want to say if we validate it by default, we need to update all our test samples and add this annotation and set it to be This is because we don't set the annotation by default, that means Under this situation, because for all our test samples, sourceURLs only are fake, then Build will validate these failed because sourceURL is invalid or not found. For example, when we create a build with an invalid URL: https://github.com/shipwright-io/build/blob/master/test/catalog.go#L55-L78 , Build will validate URL by default. Then build will be fail because of Not sure if I express my concerns clearly or not? |
@bigkevmcd @SaschaSchwarze0 @gabemontero asking for re-review on this PR, we already addressed all the required changes, thanks for this, very valuable feedback. One comment is that we will be working on a second PR where we are enhancing the overall |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
Nice work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have what I think is a minor addition request .... we've certainly seen use of http
for the git protocol in some cases with openshift build v1
docs/build.md
Outdated
revision: master | ||
``` | ||
|
||
_Note_: The Build controller only validates two scenarios. The first one where the endpoint uses an `https` protocol, the second one when a `ssh` protocol (_e.g. `git@`_) is defined and none referenced secret was provided(_e.g. source.credentials.name_). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
technically speaking, users can still use http
for accessing git repositories ... especially if they are private/local ones vs. actual github.com
I think we should allow for that as well
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I also do not get why we would rule out http
at this point.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We miss this one. I added it, please take a look and resolve this conversation if possible.
pkg/git/git.go
Outdated
} | ||
|
||
switch endpoint.Protocol { | ||
case httpsProtocol: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah correlating with my comment in the doc section, http
is a valid, if not primary, use case, that should be easy to add
and this would be the spot, correct?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd suggest that it should log out that it's insecurely accessing the repository when using plain HTTP.
It could be a typo.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added it. Thanks for the feedback. @bigkevmcd somehow I cannot re-request a review to you, not sure why.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should consider allowing http
if possible.
docs/build.md
Outdated
revision: master | ||
``` | ||
|
||
_Note_: The Build controller only validates two scenarios. The first one where the endpoint uses an `https` protocol, the second one when a `ssh` protocol (_e.g. `git@`_) is defined and none referenced secret was provided(_e.g. source.credentials.name_). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I also do not get why we would rule out http
at this point.
} | ||
|
||
switch endpoint.Protocol { | ||
case httpsProtocol, httpProtocol: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think @bigkevmcd 's suggestion at #512 (comment) is a good idea
So have a case httpProtocol:
that prints that message, and then fallsthrough to the httpsProtocol
block.
Othwerise I'm good @qu1queee
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bigkevmcd this can only be logged out if the validation fails. Just to be clear, you say that if an http
protocol is used, we should enhance remote repository unreachable
to be something like insecurely accessing the repository failed, repository unreachable
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think any time we parse an httpProtocol
case, we should log this out as a possibly insecure case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bigkevmcd thanks. I see. Do you mind if I take this enhancement into the other PR we are gonna make available soon for review, which is #536 . At the moment Build have only a Status.Reason
which is a message, what we are gonna do is to make Status.Reason
a one-word camelCase and introduce Status.Message
, see field changes .With Status.Message
, we can then embed there the as a possibly insecure case
whenever we validate an httpProtocol
. I think we have more flexibility on that pr for this suggested change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like the idea of incorporating this into the #536 work @qu1queee - good idea
That said, I don't see why that would preclude us from still providing a simple informational log here. Catch the user's attention both in real time (via the log) and post-mortem (via the Build status).
That would be my preference.
…alidates spec.source.url refine the main logic of build validates sourceURL return validate error and update error only return updateError when validate sourceURL failed rename verify sourceURL annotation and make verifySourceURL by default update test cases again revert verifySourceURL verify sourceURL by default add unit test for validateSourceURL return a same error when list remote repo failed output different errors and update tests Signed-off-by: Enrique Encalada <encalada@de.ibm.com>
Signed-off-by: Enrique Encalada <encalada@de.ibm.com>
Change verify sourceURL by default Signed-off-by: Enrique Encalada <encalada@de.ibm.com>
/approve still have some discussion between @qu1queee @bigkevmcd and myself on the http vs. https validation |
@xiujuan95 I feel this may not be a fair assumption 🤔 |
@sbose78 Aha, maybe I am missing something, please correct me about this and put your thoughts, thanks a lot! |
Not sure why there is no /lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: gabemontero, SaschaSchwarze0 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Fix issue: #464
git
to verify if remote repository exists. Here, leveragego-git
package and callList
func to do the same thing withgit ls-remote -p ${source_url}
command to check it;If a valid remote public repository exists, nothing will be returned when run this command. Otherwise, it will return an error like below:
Introduce a new annotation
build.build.dev/verify.repository
. If the value of it istrue
, then build controller will go to check sourceUrl, otherwise, it won't check it;Introduce two new build failed reasons
repository not found
andinvalid source url
:Add two unit tests to verify valid remote public repositories exist or not;
Add several integration tests, mainly cover below scenario:
foobar
;Note: this PR mainly focus on verifying a
public
repo.