Merge branch 'pivotal-cf:main' into main

pivotal-cf · Oct 4, 2024 · 0a839a7 · 0a839a7
2 parents 3484e12 + e589cc1
commit 0a839a7
Show file tree

Hide file tree

Showing 17 changed files with 502 additions and 19 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -20,7 +20,7 @@ jobs:
  go-version-file: go.mod
 
  - name: golangci-lint
- uses: golangci/golangci-lint-action@v3
+ uses: golangci/golangci-lint-action@v6
 
  - name: Ensure Generate Succeeds and Does Not Make Changes
  run: |

diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/pivotal-cf/kiln
 
-go 1.21
+go 1.22.6
 
 require (
  github.com/Masterminds/semver/v3 v3.2.1

diff --git a/internal/acceptance/workflows/baking_a_tile.feature b/internal/acceptance/workflows/baking_a_tile.feature
@@ -13,11 +13,11 @@ Feature: As a developer, I want to bake a tile
  | releases/bpm-1.2.12.tgz |
  | releases/hello-release-0.2.3.tgz |
  And "bake_records/0.2.0-dev.json" contains substring: "version": "0.2.0-dev"
- And "bake_records/0.2.0-dev.json" contains substring: "source_revision": "bc3ac24e192ba06a2eca19381ad785ec7069e0d0"
+ And "bake_records/0.2.0-dev.json" contains substring: "source_revision": "6d5069f9dfb954ff77bb16c5aee670b9909f154a"
  And "bake_records/0.2.0-dev.json" contains substring: "tile_directory": "."
  And "bake_records/0.2.0-dev.json" contains substring: "kiln_version": "0.0.0+acceptance-tests"
- And "bake_records/0.2.0-dev.json" contains substring: "file_checksum": "5f8abc7a3272a70fa716cdf120f6976f6b78e16a01a4b3e085ced7f51d6c7691"
- And "tile-0.2.0-dev.pivotal" has sha256 sum "5f8abc7a3272a70fa716cdf120f6976f6b78e16a01a4b3e085ced7f51d6c7691"
+ And "bake_records/0.2.0-dev.json" contains substring: "file_checksum": "c94e5749bf676f03ff10539956e9445d309647c5299b16dfe71cb522e9258f0d"
+ And "tile-0.2.0-dev.pivotal" has sha256 sum "c94e5749bf676f03ff10539956e9445d309647c5299b16dfe71cb522e9258f0d"
 
  Scenario: it reads directory configuration from Kilnfile
  Given I have a tile source directory "testdata/tiles/non-standard-paths"

diff --git a/internal/acceptance/workflows/testdata/tiles/v2/go.mod b/internal/acceptance/workflows/testdata/tiles/v2/go.mod
@@ -1,6 +1,6 @@
 module github.com/crhntr/hello-tile
 
-go 1.20
+go 1.22.6
 
 require (
  github.com/cppforlife/go-patch v0.2.0 // indirect

diff --git a/internal/commands/find_stemcell_version.go b/internal/commands/find_stemcell_version.go
@@ -2,6 +2,7 @@ package commands
 
 import (
  "encoding/json"
+ "errors"
  "fmt"
  "log"
 
@@ -57,7 +58,7 @@ func (cmd FindStemcellVersion) Execute(args []string) error {
  }
 
  if kilnfile.Stemcell.Version == "" {
- return fmt.Errorf(ErrStemcellMajorVersionMustBeValid)
+ return errors.New(ErrStemcellMajorVersionMustBeValid)
  }
 
  // Get stemcell version from pivnet

diff --git a/internal/commands/update_release.go b/internal/commands/update_release.go
@@ -78,7 +78,6 @@ func (u UpdateRelease) Execute(args []string) error {
  StemcellOS: kilnfileLock.Stemcell.OS,
  GitHubRepository: releaseSpec.GitHubRepository,
  }, false)
-
  if err != nil {
  if component.IsErrNotFound(err) {
  return fmt.Errorf("error finding the release: %w", err)
@@ -99,7 +98,6 @@ func (u UpdateRelease) Execute(args []string) error {
  StemcellVersion: kilnfileLock.Stemcell.Version,
  GitHubRepository: releaseSpec.GitHubRepository,
  })
-
  if err != nil {
  if component.IsErrNotFound(err) {
  return fmt.Errorf("error finding the release: %w", err)

diff --git a/internal/commands/update_stemcell.go b/internal/commands/update_stemcell.go
@@ -48,7 +48,6 @@ func (update UpdateStemcell) Execute(args []string) error {
 
  kilnStemcellVersion := kilnfile.Stemcell.Version
  releaseVersionConstraint, err = semver.NewConstraint(kilnStemcellVersion)
-
  if err != nil {
  return fmt.Errorf("invalid stemcell constraint in kilnfile: %w", err)
  }

diff --git a/internal/commands/validate.go b/internal/commands/validate.go
@@ -14,6 +14,7 @@ import (
 type Validate struct {
  Options struct {
  flags.Standard
+ ReleaseSourceTypeAllowList []string `long:"allow-release-source-type"`
  }
 
  FS billy.Filesystem
@@ -38,7 +39,7 @@ func (v Validate) Execute(args []string) error {
  return fmt.Errorf("failed to load kilnfiles: %w", err)
  }
 
- errs := cargo.Validate(kf, lock)
+ errs := cargo.Validate(kf, lock, cargo.ValidateResourceTypeAllowList(v.Options.ReleaseSourceTypeAllowList...))
  if len(errs) > 0 {
  return errorList(errs)
  }

diff --git a/internal/commands/validate_test.go b/internal/commands/validate_test.go
@@ -0,0 +1,72 @@
+package commands_test
+
+import (
+ "io"
+
+ . "github.com/onsi/ginkgo"
+ . "github.com/onsi/gomega"
+
+ "github.com/go-git/go-billy/v5"
+ "github.com/go-git/go-billy/v5/memfs"
+
+ "github.com/pivotal-cf/kiln/internal/commands"
+)
+
+var _ = Describe("validate", func() {
+ var (
+ validate commands.Validate
+ directory billy.Filesystem
+ )
+
+ BeforeEach(func() {
+ directory = memfs.New()
+ })
+
+ JustBeforeEach(func() {
+ validate = commands.NewValidate(directory)
+ })
+
+ When("the kilnfile has two release_sources", func() {
+ BeforeEach(func() {
+ f, err := directory.Create("Kilnfile")
+ Expect(err).NotTo(HaveOccurred())
+ // language=yaml
+ _, _ = io.WriteString(f, `---
+release_sources:
+ - type: "bosh.io"
+ - type: "github"
+`)
+ _ = f.Close()
+ })
+
+ BeforeEach(func() {
+ f, err := directory.Create("Kilnfile.lock")
+ Expect(err).NotTo(HaveOccurred())
+ _ = f.Close()
+ })
+
+ When("both types are in the allow list", func() {
+ It("it does fail", func() {
+ err := validate.Execute([]string{
+ "--allow-release-source-type=bosh.io",
+ "--allow-release-source-type=github",
+ })
+ Expect(err).NotTo(HaveOccurred())
+ })
+ })
+ When("both one of the types is not in the allow list", func() {
+ It("it does fail", func() {
+ err := validate.Execute([]string{
+ "--allow-release-source-type=bosh.io",
+ })
+ Expect(err).To(MatchError(ContainSubstring("release source type not allowed: github")))
+ })
+ })
+ When("the allow list is empty", func() {
+ It("it does not fail", func() {
+ err := validate.Execute([]string{})
+ Expect(err).NotTo(HaveOccurred())
+ })
+ })
+ })
+})
diff --git a/internal/component/artifactory.go b/internal/component/artifactory.go
@@ -311,7 +311,7 @@ func (ars *ArtifactoryReleaseSource) UploadRelease(spec cargo.BOSHReleaseTarball
  switch response.StatusCode {
  case http.StatusCreated:
  default:
- return cargo.BOSHReleaseTarballLock{}, fmt.Errorf(response.Status)
+ return cargo.BOSHReleaseTarballLock{}, fmt.Errorf("response contained errror status code: %d %s", response.StatusCode, response.Status)
  }
 
  return cargo.BOSHReleaseTarballLock{

diff --git a/internal/test/testdata/happy-tile/go.mod b/internal/test/testdata/happy-tile/go.mod
@@ -1,6 +1,6 @@
 module github.com/pivotal-cf/kiln/internal/commands/testdata/tas_fake/tas
 
-go 1.20
+go 1.22.6
 
 require (
  github.com/onsi/ginkgo v1.16.4

diff --git a/pkg/cargo/validate.go b/pkg/cargo/validate.go
@@ -3,13 +3,51 @@ package cargo
 import (
  "fmt"
  "slices"
+ "text/template/parse"
 
  "github.com/Masterminds/semver/v3"
 )
 
-func Validate(spec Kilnfile, lock KilnfileLock) []error {
+type ValidationOptions struct {
+ resourceTypeAllowList []string
+}
+
+func NewValidateOptions() ValidationOptions {
+ return ValidationOptions{}
+}
+
+// ValidateResourceTypeAllowList calls ValidationOptions.SetValidateResourceTypeAllowList on the result of NewValidateOptions
+func ValidateResourceTypeAllowList(allowList ...string) ValidationOptions {
+ return NewValidateOptions().SetValidateResourceTypeAllowList(allowList)
+}
+
+func (o ValidationOptions) SetValidateResourceTypeAllowList(allowList []string) ValidationOptions {
+ o.resourceTypeAllowList = allowList
+ return o
+}
+
+func mergeOptions(options []ValidationOptions) ValidationOptions {
+ var opt ValidationOptions
+ for _, o := range options {
+ if o.resourceTypeAllowList != nil {
+ opt.resourceTypeAllowList = o.resourceTypeAllowList
+ }
+ }
+ return opt
+}
+
+func Validate(spec Kilnfile, lock KilnfileLock, options ...ValidationOptions) []error {
+ opt := mergeOptions(options)
  var result []error
 
+ if len(opt.resourceTypeAllowList) > 0 {
+ for _, s := range spec.ReleaseSources {
+ if !slices.Contains(opt.resourceTypeAllowList, s.Type) {
+ result = append(result, fmt.Errorf("release source type not allowed: %s", s.Type))
+ }
+ }
+ }
+
  for index, componentSpec := range spec.Releases {
  if componentSpec.Name == "" {
  result = append(result, fmt.Errorf("release at index %d missing name in spec", index))
@@ -43,6 +81,7 @@ func Validate(spec Kilnfile, lock KilnfileLock) []error {
  }
 
  result = append(result, ensureRemoteSourceExistsForEachReleaseLock(spec, lock)...)
+ result = append(result, ensureReleaseSourceConfiguration(spec.ReleaseSources)...)
 
  if len(result) > 0 {
  return result
@@ -51,6 +90,64 @@ func Validate(spec Kilnfile, lock KilnfileLock) []error {
  return nil
 }
 
+func ensureReleaseSourceConfiguration(sources []ReleaseSourceConfig) []error {
+ var errs []error
+ for _, source := range sources {
+ switch source.Type {
+ case BOSHReleaseTarballSourceTypeArtifactory:
+ if source.ArtifactoryHost == "" {
+ errs = append(errs, fmt.Errorf("missing required field artifactory_host"))
+ }
+ if source.Username == "" {
+ errs = append(errs, fmt.Errorf("missing required field username"))
+ }
+ if source.Password == "" {
+ errs = append(errs, fmt.Errorf("missing required field password"))
+ }
+ if source.Repo == "" {
+ errs = append(errs, fmt.Errorf("missing required field repo"))
+ }
+ if source.PathTemplate == "" {
+ errs = append(errs, fmt.Errorf("missing required field path_template"))
+ } else {
+ p := parse.New("path_template")
+ p.Mode |= parse.SkipFuncCheck
+ if _, err := p.Parse(source.PathTemplate, "", "", make(map[string]*parse.Tree)); err != nil {
+ errs = append(errs, fmt.Errorf("failed to parse path_template: %w", err))
+ }
+ }
+ if source.Bucket != "" {
+ errs = append(errs, fmt.Errorf("artifactory has unexpected field bucket"))
+ }
+ if source.Region != "" {
+ errs = append(errs, fmt.Errorf("artifactory has unexpected field region"))
+ }
+ if source.AccessKeyId != "" {
+ errs = append(errs, fmt.Errorf("artifactory has unexpected field access_key_id"))
+ }
+ if source.SecretAccessKey != "" {
+ errs = append(errs, fmt.Errorf("artifactory has unexpected field secret_access_key"))
+ }
+ if source.RoleARN != "" {
+ errs = append(errs, fmt.Errorf("artifactory has unexpected field role_arn"))
+ }
+ if source.Endpoint != "" {
+ errs = append(errs, fmt.Errorf("artifactory has unexpected field endpoint"))
+ }
+ if source.Org != "" {
+ errs = append(errs, fmt.Errorf("artifactory has unexpected field org"))
+ }
+ if source.GithubToken != "" {
+ errs = append(errs, fmt.Errorf("artifactory has unexpected field github_token"))
+ }
+ case BOSHReleaseTarballSourceTypeBOSHIO:
+ case BOSHReleaseTarballSourceTypeS3:
+ case BOSHReleaseTarballSourceTypeGithub:
+ }
+ }
+ return errs
+}
+
 func ensureRemoteSourceExistsForEachReleaseLock(spec Kilnfile, lock KilnfileLock) []error {
  var result []error
  for _, release := range lock.Releases {