brennen
/
blubber
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
120 Commits
2 Branches
713 KiB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
blubber/config/validation.go

245 lines
6.8 KiB
Raw Permalink Normal View History

Validate configuration after unmarshalling Summary: Implemented a validation system using the `github.com/go-playground/validator` package, extending it with custom validation tags, and implemented translation of validation errors into somewhat human-friendly messages. Fixes T175186 Depends on D845 Test Plan: Run the unit tests and try running blubber against some bad config. Reviewers: thcipriani, hashar, Jrbranaa, Joe, #release-engineering-team, mobrovac Reviewed By: thcipriani, #release-engineering-team Tags: #release-engineering-team Maniphest Tasks: T175186 Differential Revision: https://phabricator.wikimedia.org/D868
6 years ago
Introduce strict/versioned config parsing Summary: Introduced a `version` config field that must be specified and match `config.CurrentVersion`. Changed `config.ReadConfig` to use `yaml.UnmarshalStrict` to ensure that errors are surfaced when unknown/bad fields are present in the given YAML config. A smaller `config.VersionConfig` is now unmarshaled first to prevalidate the new `version` field before the entire config is parsed. Fixes T191460 Test Plan: Run `go test ./...`. Run `blubber` against some configuration containing invalid fields and ensure that it surfaces a YAML error. Reviewers: thcipriani, demon, hashar, mmodell, mobrovac, #release-engineering-team Reviewed By: thcipriani, #release-engineering-team Tags: #release-engineering-team Maniphest Tasks: T191460 Differential Revision: https://phabricator.wikimedia.org/D1021
6 years ago
Unify `copies` and `artifacts` configuration Refactored `copies` configuration to allow for greater control over when and which both local build context files and variant artifacts are copied into the target image. The new configuration introduces a "local" keyword to signify when a `copies` entry should apply to the files from the local build context as opposed to files from another variant's image during a multi-stage build. variants: build: copies: - from: local source: ./src destination: . Note that with this change, the user must now explicitly define whether _any_ files should be copied in from the local build context. None will be copied in by default. To help keep configurations succinct, especially considering this new requirement, and to approximate the old `copies: variant`, a shorthand format and sane defaults for `source` and `destination` (depending whether `from` is "local" or a variant name) were implemented. variants: build: copies: [local] development: copies: - from: build - from: local source: ./config.dev.yaml destination: ./config.yaml The shorthand: copies: [ref, ...] # is equivalent to copies: [{ from: ref }, ...] And the following defaults are used when no `source` and `destination` are specified. copies: - from: local # defaults to - from: local source: . destination: . copies: - from: variant # defaults to two entries - from: variant source: /srv/app # the lives.in dir destination: /srv/app - from: variant source: /opt/local # the shared lib dir destination: /opt/local Bug: T211625 Change-Id: I4c4217905afc0762b6bd66ed594d43cc0486e3e2
5 years ago
Introduce strict/versioned config parsing Summary: Introduced a `version` config field that must be specified and match `config.CurrentVersion`. Changed `config.ReadConfig` to use `yaml.UnmarshalStrict` to ensure that errors are surfaced when unknown/bad fields are present in the given YAML config. A smaller `config.VersionConfig` is now unmarshaled first to prevalidate the new `version` field before the entire config is parsed. Fixes T191460 Test Plan: Run `go test ./...`. Run `blubber` against some configuration containing invalid fields and ensure that it surfaces a YAML error. Reviewers: thcipriani, demon, hashar, mmodell, mobrovac, #release-engineering-team Reviewed By: thcipriani, #release-engineering-team Tags: #release-engineering-team Maniphest Tasks: T191460 Differential Revision: https://phabricator.wikimedia.org/D1021
6 years ago
Unify `copies` and `artifacts` configuration Refactored `copies` configuration to allow for greater control over when and which both local build context files and variant artifacts are copied into the target image. The new configuration introduces a "local" keyword to signify when a `copies` entry should apply to the files from the local build context as opposed to files from another variant's image during a multi-stage build. variants: build: copies: - from: local source: ./src destination: . Note that with this change, the user must now explicitly define whether _any_ files should be copied in from the local build context. None will be copied in by default. To help keep configurations succinct, especially considering this new requirement, and to approximate the old `copies: variant`, a shorthand format and sane defaults for `source` and `destination` (depending whether `from` is "local" or a variant name) were implemented. variants: build: copies: [local] development: copies: - from: build - from: local source: ./config.dev.yaml destination: ./config.yaml The shorthand: copies: [ref, ...] # is equivalent to copies: [{ from: ref }, ...] And the following defaults are used when no `source` and `destination` are specified. copies: - from: local # defaults to - from: local source: . destination: . copies: - from: variant # defaults to two entries - from: variant source: /srv/app # the lives.in dir destination: /srv/app - from: variant source: /opt/local # the shared lib dir destination: /opt/local Bug: T211625 Change-Id: I4c4217905afc0762b6bd66ed594d43cc0486e3e2
5 years ago
Introduce strict/versioned config parsing Summary: Introduced a `version` config field that must be specified and match `config.CurrentVersion`. Changed `config.ReadConfig` to use `yaml.UnmarshalStrict` to ensure that errors are surfaced when unknown/bad fields are present in the given YAML config. A smaller `config.VersionConfig` is now unmarshaled first to prevalidate the new `version` field before the entire config is parsed. Fixes T191460 Test Plan: Run `go test ./...`. Run `blubber` against some configuration containing invalid fields and ensure that it surfaces a YAML error. Reviewers: thcipriani, demon, hashar, mmodell, mobrovac, #release-engineering-team Reviewed By: thcipriani, #release-engineering-team Tags: #release-engineering-team Maniphest Tasks: T191460 Differential Revision: https://phabricator.wikimedia.org/D1021
6 years ago
Validate configuration after unmarshalling Summary: Implemented a validation system using the `github.com/go-playground/validator` package, extending it with custom validation tags, and implemented translation of validation errors into somewhat human-friendly messages. Fixes T175186 Depends on D845 Test Plan: Run the unit tests and try running blubber against some bad config. Reviewers: thcipriani, hashar, Jrbranaa, Joe, #release-engineering-team, mobrovac Reviewed By: thcipriani, #release-engineering-team Tags: #release-engineering-team Maniphest Tasks: T175186 Differential Revision: https://phabricator.wikimedia.org/D868
6 years ago
Introduce strict/versioned config parsing Summary: Introduced a `version` config field that must be specified and match `config.CurrentVersion`. Changed `config.ReadConfig` to use `yaml.UnmarshalStrict` to ensure that errors are surfaced when unknown/bad fields are present in the given YAML config. A smaller `config.VersionConfig` is now unmarshaled first to prevalidate the new `version` field before the entire config is parsed. Fixes T191460 Test Plan: Run `go test ./...`. Run `blubber` against some configuration containing invalid fields and ensure that it surfaces a YAML error. Reviewers: thcipriani, demon, hashar, mmodell, mobrovac, #release-engineering-team Reviewed By: thcipriani, #release-engineering-team Tags: #release-engineering-team Maniphest Tasks: T191460 Differential Revision: https://phabricator.wikimedia.org/D1021
6 years ago
Validate configuration after unmarshalling Summary: Implemented a validation system using the `github.com/go-playground/validator` package, extending it with custom validation tags, and implemented translation of validation errors into somewhat human-friendly messages. Fixes T175186 Depends on D845 Test Plan: Run the unit tests and try running blubber against some bad config. Reviewers: thcipriani, hashar, Jrbranaa, Joe, #release-engineering-team, mobrovac Reviewed By: thcipriani, #release-engineering-team Tags: #release-engineering-team Maniphest Tasks: T175186 Differential Revision: https://phabricator.wikimedia.org/D868
6 years ago
Allow for configuration policies Summary: Implements a rough interface for validating configuration against arbitrary policy rules. Policies are provided as YAML and passed via the command line as file paths or remote URIs. The format of policies is: enforcements: - path: <path> rule: <rule> Where `<path>` is a YAML-ish path to a config field and `<rule>` is any expression our config validator understands (expressions built in by the validator library and custom tags defined in `config.validation.go`). Example policy: enforcements: - path: variants.production.base rule: oneof=debian:jessie debian:stretch - path: variants.production.runs.as rule: ne=foo - path: variants.production.node.dependencies rule: isfalse Command flag parsing was implemented in `main.go` to support the new `--policy=uri` flag and improve existing handling of `--version` and the usage statement. Test Plan: Run `go test ./...`. Reviewers: thcipriani, demon, hashar, mmodell, #release-engineering-team Reviewed By: thcipriani, #release-engineering-team Tags: #release-engineering-team Differential Revision: https://phabricator.wikimedia.org/D999
6 years ago
Unify `copies` and `artifacts` configuration Refactored `copies` configuration to allow for greater control over when and which both local build context files and variant artifacts are copied into the target image. The new configuration introduces a "local" keyword to signify when a `copies` entry should apply to the files from the local build context as opposed to files from another variant's image during a multi-stage build. variants: build: copies: - from: local source: ./src destination: . Note that with this change, the user must now explicitly define whether _any_ files should be copied in from the local build context. None will be copied in by default. To help keep configurations succinct, especially considering this new requirement, and to approximate the old `copies: variant`, a shorthand format and sane defaults for `source` and `destination` (depending whether `from` is "local" or a variant name) were implemented. variants: build: copies: [local] development: copies: - from: build - from: local source: ./config.dev.yaml destination: ./config.yaml The shorthand: copies: [ref, ...] # is equivalent to copies: [{ from: ref }, ...] And the following defaults are used when no `source` and `destination` are specified. copies: - from: local # defaults to - from: local source: . destination: . copies: - from: variant # defaults to two entries - from: variant source: /srv/app # the lives.in dir destination: /srv/app - from: variant source: /opt/local # the shared lib dir destination: /opt/local Bug: T211625 Change-Id: I4c4217905afc0762b6bd66ed594d43cc0486e3e2
5 years ago
Validate configuration after unmarshalling Summary: Implemented a validation system using the `github.com/go-playground/validator` package, extending it with custom validation tags, and implemented translation of validation errors into somewhat human-friendly messages. Fixes T175186 Depends on D845 Test Plan: Run the unit tests and try running blubber against some bad config. Reviewers: thcipriani, hashar, Jrbranaa, Joe, #release-engineering-team, mobrovac Reviewed By: thcipriani, #release-engineering-team Tags: #release-engineering-team Maniphest Tasks: T175186 Differential Revision: https://phabricator.wikimedia.org/D868
6 years ago
No need to export NewValidator Summary: It occurred to me while looking at code in another patch that there is no need to have this function be public. Test Plan: `go test ./...` Reviewers: dduvall, #release-engineering-team Reviewed By: dduvall, #release-engineering-team Tags: #release-engineering-team Differential Revision: https://phabricator.wikimedia.org/D1012
6 years ago
Allow for configuration policies Summary: Implements a rough interface for validating configuration against arbitrary policy rules. Policies are provided as YAML and passed via the command line as file paths or remote URIs. The format of policies is: enforcements: - path: <path> rule: <rule> Where `<path>` is a YAML-ish path to a config field and `<rule>` is any expression our config validator understands (expressions built in by the validator library and custom tags defined in `config.validation.go`). Example policy: enforcements: - path: variants.production.base rule: oneof=debian:jessie debian:stretch - path: variants.production.runs.as rule: ne=foo - path: variants.production.node.dependencies rule: isfalse Command flag parsing was implemented in `main.go` to support the new `--policy=uri` flag and improve existing handling of `--version` and the usage statement. Test Plan: Run `go test ./...`. Reviewers: thcipriani, demon, hashar, mmodell, #release-engineering-team Reviewed By: thcipriani, #release-engineering-team Tags: #release-engineering-team Differential Revision: https://phabricator.wikimedia.org/D999
6 years ago
Validate configuration after unmarshalling Summary: Implemented a validation system using the `github.com/go-playground/validator` package, extending it with custom validation tags, and implemented translation of validation errors into somewhat human-friendly messages. Fixes T175186 Depends on D845 Test Plan: Run the unit tests and try running blubber against some bad config. Reviewers: thcipriani, hashar, Jrbranaa, Joe, #release-engineering-team, mobrovac Reviewed By: thcipriani, #release-engineering-team Tags: #release-engineering-team Maniphest Tasks: T175186 Differential Revision: https://phabricator.wikimedia.org/D868
6 years ago
No need to export NewValidator Summary: It occurred to me while looking at code in another patch that there is no need to have this function be public. Test Plan: `go test ./...` Reviewers: dduvall, #release-engineering-team Reviewed By: dduvall, #release-engineering-team Tags: #release-engineering-team Differential Revision: https://phabricator.wikimedia.org/D1012
6 years ago
Validate configuration after unmarshalling Summary: Implemented a validation system using the `github.com/go-playground/validator` package, extending it with custom validation tags, and implemented translation of validation errors into somewhat human-friendly messages. Fixes T175186 Depends on D845 Test Plan: Run the unit tests and try running blubber against some bad config. Reviewers: thcipriani, hashar, Jrbranaa, Joe, #release-engineering-team, mobrovac Reviewed By: thcipriani, #release-engineering-team Tags: #release-engineering-team Maniphest Tasks: T175186 Differential Revision: https://phabricator.wikimedia.org/D868
6 years ago
Use JSON as canonical config format Uses the github.com/ghodss/yaml library to convert YAML to JSON before unmarshaling for the purposes of supporting YAML and JSON input while converting to only support JSON internally. Bug: T207694 Change-Id: I00668014907e9ea54917f5d5067cac08d0668053
5 years ago
Validate configuration after unmarshalling Summary: Implemented a validation system using the `github.com/go-playground/validator` package, extending it with custom validation tags, and implemented translation of validation errors into somewhat human-friendly messages. Fixes T175186 Depends on D845 Test Plan: Run the unit tests and try running blubber against some bad config. Reviewers: thcipriani, hashar, Jrbranaa, Joe, #release-engineering-team, mobrovac Reviewed By: thcipriani, #release-engineering-team Tags: #release-engineering-team Maniphest Tasks: T175186 Differential Revision: https://phabricator.wikimedia.org/D868
6 years ago
Allow for configuration policies Summary: Implements a rough interface for validating configuration against arbitrary policy rules. Policies are provided as YAML and passed via the command line as file paths or remote URIs. The format of policies is: enforcements: - path: <path> rule: <rule> Where `<path>` is a YAML-ish path to a config field and `<rule>` is any expression our config validator understands (expressions built in by the validator library and custom tags defined in `config.validation.go`). Example policy: enforcements: - path: variants.production.base rule: oneof=debian:jessie debian:stretch - path: variants.production.runs.as rule: ne=foo - path: variants.production.node.dependencies rule: isfalse Command flag parsing was implemented in `main.go` to support the new `--policy=uri` flag and improve existing handling of `--version` and the usage statement. Test Plan: Run `go test ./...`. Reviewers: thcipriani, demon, hashar, mmodell, #release-engineering-team Reviewed By: thcipriani, #release-engineering-team Tags: #release-engineering-team Differential Revision: https://phabricator.wikimedia.org/D999
6 years ago
Introduce strict/versioned config parsing Summary: Introduced a `version` config field that must be specified and match `config.CurrentVersion`. Changed `config.ReadConfig` to use `yaml.UnmarshalStrict` to ensure that errors are surfaced when unknown/bad fields are present in the given YAML config. A smaller `config.VersionConfig` is now unmarshaled first to prevalidate the new `version` field before the entire config is parsed. Fixes T191460 Test Plan: Run `go test ./...`. Run `blubber` against some configuration containing invalid fields and ensure that it surfaces a YAML error. Reviewers: thcipriani, demon, hashar, mmodell, mobrovac, #release-engineering-team Reviewed By: thcipriani, #release-engineering-team Tags: #release-engineering-team Maniphest Tasks: T191460 Differential Revision: https://phabricator.wikimedia.org/D1021
6 years ago
No need to export NewValidator Summary: It occurred to me while looking at code in another patch that there is no need to have this function be public. Test Plan: `go test ./...` Reviewers: dduvall, #release-engineering-team Reviewed By: dduvall, #release-engineering-team Tags: #release-engineering-team Differential Revision: https://phabricator.wikimedia.org/D1012
6 years ago
Allow for configuration policies Summary: Implements a rough interface for validating configuration against arbitrary policy rules. Policies are provided as YAML and passed via the command line as file paths or remote URIs. The format of policies is: enforcements: - path: <path> rule: <rule> Where `<path>` is a YAML-ish path to a config field and `<rule>` is any expression our config validator understands (expressions built in by the validator library and custom tags defined in `config.validation.go`). Example policy: enforcements: - path: variants.production.base rule: oneof=debian:jessie debian:stretch - path: variants.production.runs.as rule: ne=foo - path: variants.production.node.dependencies rule: isfalse Command flag parsing was implemented in `main.go` to support the new `--policy=uri` flag and improve existing handling of `--version` and the usage statement. Test Plan: Run `go test ./...`. Reviewers: thcipriani, demon, hashar, mmodell, #release-engineering-team Reviewed By: thcipriani, #release-engineering-team Tags: #release-engineering-team Differential Revision: https://phabricator.wikimedia.org/D999
6 years ago
Validate configuration after unmarshalling Summary: Implemented a validation system using the `github.com/go-playground/validator` package, extending it with custom validation tags, and implemented translation of validation errors into somewhat human-friendly messages. Fixes T175186 Depends on D845 Test Plan: Run the unit tests and try running blubber against some bad config. Reviewers: thcipriani, hashar, Jrbranaa, Joe, #release-engineering-team, mobrovac Reviewed By: thcipriani, #release-engineering-team Tags: #release-engineering-team Maniphest Tasks: T175186 Differential Revision: https://phabricator.wikimedia.org/D868
6 years ago
Allow for configuration policies Summary: Implements a rough interface for validating configuration against arbitrary policy rules. Policies are provided as YAML and passed via the command line as file paths or remote URIs. The format of policies is: enforcements: - path: <path> rule: <rule> Where `<path>` is a YAML-ish path to a config field and `<rule>` is any expression our config validator understands (expressions built in by the validator library and custom tags defined in `config.validation.go`). Example policy: enforcements: - path: variants.production.base rule: oneof=debian:jessie debian:stretch - path: variants.production.runs.as rule: ne=foo - path: variants.production.node.dependencies rule: isfalse Command flag parsing was implemented in `main.go` to support the new `--policy=uri` flag and improve existing handling of `--version` and the usage statement. Test Plan: Run `go test ./...`. Reviewers: thcipriani, demon, hashar, mmodell, #release-engineering-team Reviewed By: thcipriani, #release-engineering-team Tags: #release-engineering-team Differential Revision: https://phabricator.wikimedia.org/D999
6 years ago
Unify `copies` and `artifacts` configuration Refactored `copies` configuration to allow for greater control over when and which both local build context files and variant artifacts are copied into the target image. The new configuration introduces a "local" keyword to signify when a `copies` entry should apply to the files from the local build context as opposed to files from another variant's image during a multi-stage build. variants: build: copies: - from: local source: ./src destination: . Note that with this change, the user must now explicitly define whether _any_ files should be copied in from the local build context. None will be copied in by default. To help keep configurations succinct, especially considering this new requirement, and to approximate the old `copies: variant`, a shorthand format and sane defaults for `source` and `destination` (depending whether `from` is "local" or a variant name) were implemented. variants: build: copies: [local] development: copies: - from: build - from: local source: ./config.dev.yaml destination: ./config.yaml The shorthand: copies: [ref, ...] # is equivalent to copies: [{ from: ref }, ...] And the following defaults are used when no `source` and `destination` are specified. copies: - from: local # defaults to - from: local source: . destination: . copies: - from: variant # defaults to two entries - from: variant source: /srv/app # the lives.in dir destination: /srv/app - from: variant source: /opt/local # the shared lib dir destination: /opt/local Bug: T211625 Change-Id: I4c4217905afc0762b6bd66ed594d43cc0486e3e2
5 years ago
Allow for configuration policies Summary: Implements a rough interface for validating configuration against arbitrary policy rules. Policies are provided as YAML and passed via the command line as file paths or remote URIs. The format of policies is: enforcements: - path: <path> rule: <rule> Where `<path>` is a YAML-ish path to a config field and `<rule>` is any expression our config validator understands (expressions built in by the validator library and custom tags defined in `config.validation.go`). Example policy: enforcements: - path: variants.production.base rule: oneof=debian:jessie debian:stretch - path: variants.production.runs.as rule: ne=foo - path: variants.production.node.dependencies rule: isfalse Command flag parsing was implemented in `main.go` to support the new `--policy=uri` flag and improve existing handling of `--version` and the usage statement. Test Plan: Run `go test ./...`. Reviewers: thcipriani, demon, hashar, mmodell, #release-engineering-team Reviewed By: thcipriani, #release-engineering-team Tags: #release-engineering-team Differential Revision: https://phabricator.wikimedia.org/D999
6 years ago
Validate configuration after unmarshalling Summary: Implemented a validation system using the `github.com/go-playground/validator` package, extending it with custom validation tags, and implemented translation of validation errors into somewhat human-friendly messages. Fixes T175186 Depends on D845 Test Plan: Run the unit tests and try running blubber against some bad config. Reviewers: thcipriani, hashar, Jrbranaa, Joe, #release-engineering-team, mobrovac Reviewed By: thcipriani, #release-engineering-team Tags: #release-engineering-team Maniphest Tasks: T175186 Differential Revision: https://phabricator.wikimedia.org/D868
6 years ago
Unify `copies` and `artifacts` configuration Refactored `copies` configuration to allow for greater control over when and which both local build context files and variant artifacts are copied into the target image. The new configuration introduces a "local" keyword to signify when a `copies` entry should apply to the files from the local build context as opposed to files from another variant's image during a multi-stage build. variants: build: copies: - from: local source: ./src destination: . Note that with this change, the user must now explicitly define whether _any_ files should be copied in from the local build context. None will be copied in by default. To help keep configurations succinct, especially considering this new requirement, and to approximate the old `copies: variant`, a shorthand format and sane defaults for `source` and `destination` (depending whether `from` is "local" or a variant name) were implemented. variants: build: copies: [local] development: copies: - from: build - from: local source: ./config.dev.yaml destination: ./config.yaml The shorthand: copies: [ref, ...] # is equivalent to copies: [{ from: ref }, ...] And the following defaults are used when no `source` and `destination` are specified. copies: - from: local # defaults to - from: local source: . destination: . copies: - from: variant # defaults to two entries - from: variant source: /srv/app # the lives.in dir destination: /srv/app - from: variant source: /opt/local # the shared lib dir destination: /opt/local Bug: T211625 Change-Id: I4c4217905afc0762b6bd66ed594d43cc0486e3e2
5 years ago
Validate configuration after unmarshalling Summary: Implemented a validation system using the `github.com/go-playground/validator` package, extending it with custom validation tags, and implemented translation of validation errors into somewhat human-friendly messages. Fixes T175186 Depends on D845 Test Plan: Run the unit tests and try running blubber against some bad config. Reviewers: thcipriani, hashar, Jrbranaa, Joe, #release-engineering-team, mobrovac Reviewed By: thcipriani, #release-engineering-team Tags: #release-engineering-team Maniphest Tasks: T175186 Differential Revision: https://phabricator.wikimedia.org/D868
6 years ago
Unify `copies` and `artifacts` configuration Refactored `copies` configuration to allow for greater control over when and which both local build context files and variant artifacts are copied into the target image. The new configuration introduces a "local" keyword to signify when a `copies` entry should apply to the files from the local build context as opposed to files from another variant's image during a multi-stage build. variants: build: copies: - from: local source: ./src destination: . Note that with this change, the user must now explicitly define whether _any_ files should be copied in from the local build context. None will be copied in by default. To help keep configurations succinct, especially considering this new requirement, and to approximate the old `copies: variant`, a shorthand format and sane defaults for `source` and `destination` (depending whether `from` is "local" or a variant name) were implemented. variants: build: copies: [local] development: copies: - from: build - from: local source: ./config.dev.yaml destination: ./config.yaml The shorthand: copies: [ref, ...] # is equivalent to copies: [{ from: ref }, ...] And the following defaults are used when no `source` and `destination` are specified. copies: - from: local # defaults to - from: local source: . destination: . copies: - from: variant # defaults to two entries - from: variant source: /srv/app # the lives.in dir destination: /srv/app - from: variant source: /opt/local # the shared lib dir destination: /opt/local Bug: T211625 Change-Id: I4c4217905afc0762b6bd66ed594d43cc0486e3e2
5 years ago
Use JSON as canonical config format Uses the github.com/ghodss/yaml library to convert YAML to JSON before unmarshaling for the purposes of supporting YAML and JSON input while converting to only support JSON internally. Bug: T207694 Change-Id: I00668014907e9ea54917f5d5067cac08d0668053
5 years ago
Validate configuration after unmarshalling Summary: Implemented a validation system using the `github.com/go-playground/validator` package, extending it with custom validation tags, and implemented translation of validation errors into somewhat human-friendly messages. Fixes T175186 Depends on D845 Test Plan: Run the unit tests and try running blubber against some bad config. Reviewers: thcipriani, hashar, Jrbranaa, Joe, #release-engineering-team, mobrovac Reviewed By: thcipriani, #release-engineering-team Tags: #release-engineering-team Maniphest Tasks: T175186 Differential Revision: https://phabricator.wikimedia.org/D868
6 years ago
 
  1. package config
  2. 

  3. import (
  4. 	"bytes"
  5. 	"context"
  6. 	"fmt"
  7. 	"path"
  8. 	"reflect"
  9. 	"regexp"
  10. 	"strings"
  11. 	"text/template"
  12. 

  13. 	"github.com/docker/distribution/reference"
  14. 	"gopkg.in/go-playground/validator.v9"
  15. )
  16. 

  17. var (
  18. 	// See Debian Policy

  19. 	//  https://www.debian.org/doc/debian-policy/#s-f-source

  20. 	//  https://www.debian.org/doc/debian-policy/#s-f-version

  21. 	debianPackageName   = `[a-z0-9][a-z0-9+.-]+`
  22. 	debianVersionSpec   = `(?:[0-9]+:)?[0-9]+[a-zA-Z0-9\.\+\-~]*`
  23. 	debianReleaseName   = `[a-zA-Z](?:[a-zA-Z0-9\-]*[a-zA-Z0-9]+)?`
  24. 	debianPackageRegexp = regexp.MustCompile(fmt.Sprintf(
  25. 		`^%s(?:=%s|/%s)?$`, debianPackageName, debianVersionSpec, debianReleaseName))
  26. 

  27. 	// See IEEE Std 1003.1-2008 (http://pubs.opengroup.org/onlinepubs/9699919799/)

  28. 	environmentVariableRegexp = regexp.MustCompile(`^[a-zA-Z_][a-zA-Z0-9_]+$`)
  29. 

  30. 	// Pattern for valid variant names

  31. 	variantNameRegexp = regexp.MustCompile(`^[a-zA-Z][a-zA-Z0-9\-\.]+[a-zA-Z0-9]$`)
  32. 

  33. 	humanizedErrors = map[string]string{
  34. 		"abspath":        `{{.Field}}: "{{.Value}}" is not a valid absolute non-root path`,
  35. 		"baseimage":      `{{.Field}}: "{{.Value}}" is not a valid base image reference`,
  36. 		"currentversion": `{{.Field}}: config version "{{.Value}}" is unsupported`,
  37. 		"debianpackage":  `{{.Field}}: "{{.Value}}" is not a valid Debian package name`,
  38. 		"envvars":        `{{.Field}}: contains invalid environment variable names`,
  39. 		"nodeenv":        `{{.Field}}: "{{.Value}}" is not a valid Node environment name`,
  40. 		"relativelocal":  `{{.Field}}: path must be relative when "from" is "local"`,
  41. 		"required":       `{{.Field}}: is required`,
  42. 		"requiredwith":   `{{.Field}}: is required if "{{.Param}}" is also set`,
  43. 		"unique":         `{{.Field}}: cannot contain duplicates`,
  44. 		"username":       `{{.Field}}: "{{.Value}}" is not a valid user name`,
  45. 		"variantref":     `{{.Field}}: references an unknown variant "{{.Value}}"`,
  46. 		"variants":       `{{.Field}}: contains a bad variant name`,
  47. 	}
  48. 

  49. 	validatorAliases = map[string]string{
  50. 		"currentversion": "eq=" + CurrentVersion,
  51. 		"nodeenv":        "alphanum",
  52. 		"username":       "hostname,ne=root",
  53. 	}
  54. 

  55. 	validatorFuncs = map[string]validator.FuncCtx{
  56. 		"abspath":       isAbsNonRootPath,
  57. 		"baseimage":     isBaseImage,
  58. 		"debianpackage": isDebianPackage,
  59. 		"envvars":       isEnvironmentVariables,
  60. 		"isfalse":       isFalse,
  61. 		"istrue":        isTrue,
  62. 		"relativelocal": isRelativePathForLocalArtifact,
  63. 		"requiredwith":  isSetIfOtherFieldIsSet,
  64. 		"variantref":    isVariantReference,
  65. 		"variants":      hasVariantNames,
  66. 	}
  67. )
  68. 

  69. type ctxKey uint8
  70. 

  71. const rootCfgCtx ctxKey = iota
  72. 

  73. // newValidator returns a validator instance for which our custom aliases and

  74. // functions are registered.

  75. //

  76. func newValidator() *validator.Validate {
  77. 	validate := validator.New()
  78. 

  79. 	validate.RegisterTagNameFunc(resolveJSONTagName)
  80. 

  81. 	for name, tags := range validatorAliases {
  82. 		validate.RegisterAlias(name, tags)
  83. 	}
  84. 

  85. 	for name, f := range validatorFuncs {
  86. 		validate.RegisterValidationCtx(name, f)
  87. 	}
  88. 

  89. 	return validate
  90. }
  91. 

  92. // Validate runs all validations defined for config fields against the given

  93. // Config value. If the returned error is not nil, it will contain a

  94. // user-friendly message describing all invalid field values.

  95. //

  96. func Validate(config interface{}) error {
  97. 	validate := newValidator()
  98. 

  99. 	ctx := context.WithValue(context.Background(), rootCfgCtx, config)
  100. 

  101. 	return validate.StructCtx(ctx, config)
  102. }
  103. 

  104. // HumanizeValidationError transforms the given validator.ValidationErrors

  105. // into messages more likely to be understood by human beings.

  106. //

  107. func HumanizeValidationError(err error) string {
  108. 	var message bytes.Buffer
  109. 

  110. 	if err == nil {
  111. 		return ""
  112. 	} else if !IsValidationError(err) {
  113. 		return err.Error()
  114. 	}
  115. 

  116. 	templates := map[string]*template.Template{}
  117. 

  118. 	for name, tmplString := range humanizedErrors {
  119. 		if tmpl, err := template.New(name).Parse(tmplString); err == nil {
  120. 			templates[name] = tmpl
  121. 		}
  122. 	}
  123. 

  124. 	for _, ferr := range err.(validator.ValidationErrors) {
  125. 		if tmpl, ok := templates[ferr.Tag()]; ok {
  126. 			tmpl.Execute(&message, ferr)
  127. 		} else if trueErr, ok := err.(error); ok {
  128. 			message.WriteString(trueErr.Error())
  129. 		}
  130. 

  131. 		message.WriteString("\n")
  132. 	}
  133. 

  134. 	return strings.TrimSpace(message.String())
  135. }
  136. 

  137. // IsValidationError tests whether the given error is a

  138. // validator.ValidationErrors and can be safely iterated over as such.

  139. //

  140. func IsValidationError(err error) bool {
  141. 	if err == nil {
  142. 		return false
  143. 	} else if _, ok := err.(*validator.InvalidValidationError); ok {
  144. 		return false
  145. 	} else if _, ok := err.(validator.ValidationErrors); ok {
  146. 		return true
  147. 	}
  148. 

  149. 	return false
  150. }
  151. 

  152. func hasVariantNames(_ context.Context, fl validator.FieldLevel) bool {
  153. 	for _, name := range fl.Field().MapKeys() {
  154. 		if !variantNameRegexp.MatchString(name.String()) {
  155. 			return false
  156. 		}
  157. 	}
  158. 

  159. 	return true
  160. }
  161. 

  162. func isAbsNonRootPath(_ context.Context, fl validator.FieldLevel) bool {
  163. 	value := fl.Field().String()
  164. 

  165. 	return path.IsAbs(value) && path.Base(path.Clean(value)) != "/"
  166. }
  167. 

  168. func isBaseImage(_ context.Context, fl validator.FieldLevel) bool {
  169. 	value := fl.Field().String()
  170. 

  171. 	return reference.ReferenceRegexp.MatchString(value)
  172. }
  173. 

  174. func isDebianPackage(_ context.Context, fl validator.FieldLevel) bool {
  175. 	value := fl.Field().String()
  176. 

  177. 	return debianPackageRegexp.MatchString(value)
  178. }
  179. 

  180. func isEnvironmentVariables(_ context.Context, fl validator.FieldLevel) bool {
  181. 	for _, key := range fl.Field().MapKeys() {
  182. 		if !environmentVariableRegexp.MatchString(key.String()) {
  183. 			return false
  184. 		}
  185. 	}
  186. 

  187. 	return true
  188. }
  189. 

  190. func isFalse(_ context.Context, fl validator.FieldLevel) bool {
  191. 	val, ok := fl.Field().Interface().(bool)
  192. 

  193. 	return ok && val == false
  194. }
  195. 

  196. func isRelativePathForLocalArtifact(_ context.Context, fl validator.FieldLevel) bool {
  197. 	value := fl.Field().String()
  198. 	from := fl.Parent().FieldByName("From").String()
  199. 

  200. 	if value == "" || from != LocalArtifactKeyword {
  201. 		return true
  202. 	}
  203. 

  204. 	// path must be relative and do no "../" funny business

  205. 	return !(path.IsAbs(value) || strings.HasPrefix(path.Clean(value), ".."))
  206. }
  207. 

  208. func isSetIfOtherFieldIsSet(_ context.Context, fl validator.FieldLevel) bool {
  209. 	if otherField, err := ResolveJSONPath(fl.Param(), fl.Parent().Interface()); err == nil {
  210. 		return isZeroValue(reflect.ValueOf(otherField)) || !isZeroValue(fl.Field())
  211. 	}
  212. 

  213. 	return false
  214. }
  215. 

  216. func isTrue(_ context.Context, fl validator.FieldLevel) bool {
  217. 	val, ok := fl.Field().Interface().(bool)
  218. 

  219. 	return ok && val == true
  220. }
  221. 

  222. func isVariantReference(ctx context.Context, fl validator.FieldLevel) bool {
  223. 	cfg := ctx.Value(rootCfgCtx).(Config)
  224. 	ref := fl.Field().String()
  225. 

  226. 	if ref == LocalArtifactKeyword {
  227. 		return true
  228. 	}
  229. 

  230. 	for name := range cfg.Variants {
  231. 		if name == ref {
  232. 			return true
  233. 		}
  234. 	}
  235. 

  236. 	return false
  237. }
  238. 

  239. func isZeroValue(v reflect.Value) bool {
  240. 	return reflect.DeepEqual(v.Interface(), reflect.Zero(v.Type()).Interface())
  241. }
  242. 

  243. func resolveJSONTagName(field reflect.StructField) string {
  244. 	return strings.SplitN(field.Tag.Get("json"), ",", 2)[0]
  245. }