Add validation for build.spec.source.url #512
Conversation
|
/test 4.4-unit |
|
It makes a pull request much easier to review if you split it into two commits, one for the code that you are writing, and one for vendoring dependencies. Otherwise we find ourselves combing through 400+ files. |
@coreydaley Thanks for your suggestions! Now, I split it into two. Pls take a look again, thanks! |
Awesome, thank you! |
There was a problem hiding this comment.
@xiujuan95 nice work. There is still some pieces of this PR to improve, but we are close. Sorry for my late reply. I didn´t check the integration-tests yet, but lets address the rest of my comments first.
|
/test 4.4-unit |
|
@coreydaley @qu1queee There are many many comments. I think I have refined code according to your all comments. Pls take a look again, thanks! If I am missing anything, pls let me know! |
|
|
||
| // AnnotationBuildRefRepository is a label key that tells the Build Controller to check whether remote repository exists or not. | ||
| // If its value is true, controller checks remote repository, otherwise, it won't be checked | ||
| AnnotationBuildRefRepository = "build.build.dev/verify.repository" |
There was a problem hiding this comment.
This constant name doesn't really signify what it is being used for, how about something like "AnnotationBuildVerifyRepository" ?
pkg/git/git.go
Outdated
| } | ||
|
|
||
| // ValidateGitURLFormat validates the given URL format is valid and public or not | ||
| func ValidateGitURLFormat(url string) string { |
There was a problem hiding this comment.
From what I can see, this function is not really validating anything, it is parsing the url and returning whether it is a public, private, or invalid repository, so the function name seems a bit off. How about something like "IdentifyGitURLType" or "ParseGitURLType" ?
| // | ||
| // SPDX-License-Identifier: Apache-2.0 | ||
|
|
||
| package integration_test |
There was a problem hiding this comment.
Shouldn't this just be "package integration"?
There was a problem hiding this comment.
Keep use integration_test package name.
There was a problem hiding this comment.
@xiujuan95 thanks, we should be close to finish. There is one more concern here. The current PR does not enforce the GIT validation by default. If we want the Build controller to validate a Build spec.source.url, users need to define the annotation.
I believe we need to deal with the GIT validation in the same way as we do with the secrets and strategies validation which is by default. But, because of @gabemontero concerns, we should be flexible, therefore the annotation should be a way to allow users to disable the validation if desired. I know this contradicts my statement in #464 (comment) , but now that I see the PR I think we should opt-in by default, and opt-out if desired via the annotation. @gabemontero fyi.
Just for your info, I realized this annotation will be alway added and set to be true by UI and CLI by default, so our users don't need to define this annotation by themselves. But for shipwright build users, yes, they indeed need to add this annotation by themselves. Besides, if we validate sourceURL by default, then most of our test cases will be fail unless we updates all sample cases to add this annotation and set it to be true. So @qu1queee , I think current way is fine for us. Only the value of this annotation is true, Build will go to verify sourceURL. |
|
@coreydaley @qu1queee I add a new commit to update build document, pls take a look, thanks! |
|
@xiujuan95 im not sure I fully understand your concerns.
why the above? if we validate by default, the annotation does not need to be set it at all, we would use the annotation only to disable the validation, not to enable.
I dont think is true. I think in general there is a thinking that UI/CLI can abstract complexity from users, e.g. adding an annotation in Builds or Secrets during creation , thinking which we should use only if needed. For example, for the |
@qu1queee @zhangtbj @SaschaSchwarze0 I am fine about validating sourceURL by default. But I still want to say if we validate it by default, we need to update all our test samples and add this annotation and set it to be This is because we don't set the annotation by default, that means Under this situation, because for all our test samples, sourceURLs only are fake, then Build will validate these failed because sourceURL is invalid or not found. For example, when we create a build with an invalid URL: https://github.com/shipwright-io/build/blob/master/test/catalog.go#L55-L78 , Build will validate URL by default. Then build will be fail because of Not sure if I express my concerns clearly or not? |
openshift-ci-robot
added
needs-rebase
|
@bigkevmcd @SaschaSchwarze0 @gabemontero asking for re-review on this PR, we already addressed all the required changes, thanks for this, very valuable feedback. One comment is that we will be working on a second PR where we are enhancing the overall |
docs/build.md
Outdated
| revision: master | ||
| ``` | ||
|
|
||
| _Note_: The Build controller only validates two scenarios. The first one where the endpoint uses an `https` protocol, the second one when a `ssh` protocol (_e.g. `git@`_) is defined and none referenced secret was provided(_e.g. source.credentials.name_). |
There was a problem hiding this comment.
technically speaking, users can still use http for accessing git repositories ... especially if they are private/local ones vs. actual github.com
I think we should allow for that as well
There was a problem hiding this comment.
I also do not get why we would rule out http at this point.
There was a problem hiding this comment.
We miss this one. I added it, please take a look and resolve this conversation if possible.
pkg/git/git.go
Outdated
| } | ||
|
|
||
| switch endpoint.Protocol { | ||
| case httpsProtocol: |
There was a problem hiding this comment.
yeah correlating with my comment in the doc section, http is a valid, if not primary, use case, that should be easy to add
and this would be the spot, correct?
There was a problem hiding this comment.
I'd suggest that it should log out that it's insecurely accessing the repository when using plain HTTP.
It could be a typo.
There was a problem hiding this comment.
I added it. Thanks for the feedback. @bigkevmcd somehow I cannot re-request a review to you, not sure why.
docs/build.md
Outdated
| revision: master | ||
| ``` | ||
|
|
||
| _Note_: The Build controller only validates two scenarios. The first one where the endpoint uses an `https` protocol, the second one when a `ssh` protocol (_e.g. `git@`_) is defined and none referenced secret was provided(_e.g. source.credentials.name_). |
There was a problem hiding this comment.
I also do not get why we would rule out http at this point.
| } | ||
|
|
||
| switch endpoint.Protocol { | ||
| case httpsProtocol, httpProtocol: |
There was a problem hiding this comment.
I think @bigkevmcd 's suggestion at #512 (comment) is a good idea
So have a case httpProtocol: that prints that message, and then fallsthrough to the httpsProtocol block.
Othwerise I'm good @qu1queee
There was a problem hiding this comment.
@bigkevmcd this can only be logged out if the validation fails. Just to be clear, you say that if an http protocol is used, we should enhance remote repository unreachable to be something like insecurely accessing the repository failed, repository unreachable ?
There was a problem hiding this comment.
I think any time we parse an httpProtocol case, we should log this out as a possibly insecure case.
There was a problem hiding this comment.
@bigkevmcd thanks. I see. Do you mind if I take this enhancement into the other PR we are gonna make available soon for review, which is #536 . At the moment Build have only a Status.Reason which is a message, what we are gonna do is to make Status.Reason a one-word camelCase and introduce Status.Message, see field changes .With Status.Message, we can then embed there the as a possibly insecure case whenever we validate an httpProtocol. I think we have more flexibility on that pr for this suggested change.
There was a problem hiding this comment.
I like the idea of incorporating this into the #536 work @qu1queee - good idea
That said, I don't see why that would preclude us from still providing a simple informational log here. Catch the user's attention both in real time (via the log) and post-mortem (via the Build status).
That would be my preference.
…alidates spec.source.url refine the main logic of build validates sourceURL return validate error and update error only return updateError when validate sourceURL failed rename verify sourceURL annotation and make verifySourceURL by default update test cases again revert verifySourceURL verify sourceURL by default add unit test for validateSourceURL return a same error when list remote repo failed output different errors and update tests Signed-off-by: Enrique Encalada <encalada@de.ibm.com>
Signed-off-by: Enrique Encalada <encalada@de.ibm.com>
Change verify sourceURL by default Signed-off-by: Enrique Encalada <encalada@de.ibm.com>
|
/approve still have some discussion between @qu1queee @bigkevmcd and myself on the http vs. https validation |
@xiujuan95 I feel this may not be a fair assumption 🤔 |
@sbose78 Aha, maybe I am missing something, please correct me about this and put your thoughts, thanks a lot! |
Not sure why there is no /lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: gabemontero, SaschaSchwarze0 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
Fix issue: #464
gitto verify if remote repository exists. Here, leveragego-gitpackage and callListfunc to do the same thing withgit ls-remote -p ${source_url}command to check it;If a valid remote public repository exists, nothing will be returned when run this command. Otherwise, it will return an error like below:
Introduce a new annotation
build.build.dev/verify.repository. If the value of it istrue, then build controller will go to check sourceUrl, otherwise, it won't check it;Introduce two new build failed reasons
repository not foundandinvalid source url:Add two unit tests to verify valid remote public repositories exist or not;
Add several integration tests, mainly cover below scenario:
foobar;Note: this PR mainly focus on verifying a
publicrepo.