USEFULL/drone
1
0
Fork 0
mirror of https://github.com/harness/drone.git synced 2025-05-02 21:55:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
drone/types/check/path.go
Johannes Batzill 3ba0f75c8d Introduce UIDs for Space / Repo / Tokens, Add Custom Harness Validation, ... (#57) 
This change adds the following:
- Space UID + Custom harness validation (accountId for top level space, harness identifier for child spaces)
- Repo UID + Custom harness validation (harness identifier)
- Store Unique casing of space / repo path and add Path.ValueUnique (with Unique index) to allow for application layer controlling the case sensitivity (case insensitive standalone vs partially case sensitive harness)
- Token UID (unique index over ownertype + ownerID + tokenUID)
- Add DisplayName for principals (replaces Name to avoid confustion)
- Store Unique casing of principal UID and add Principal.ValueUnique (with unique index) to allow for application layer, per principal type control of case sensitivity (required in embedded mode)
- Generate serviceAccount UID (+Email) Randomly (sa-{space|repo}-{ID}-{random}) - Allows to have a unique UID across all principals while reducing likelyhood of overlaps with users + avoid overlap across spaces / repos.
- Sync casing of space names (accountId orgId projectId) when creating spaces on the fly (to ensure case sensitivity of - harness code) or use the existing space to update casing.
- Update serviceaccount client to match updated NG Manager API
- in embedded mode create spaces for harness resources owning the service account
2022-11-06 23:14:47 -08:00

117 lines
3.4 KiB
Go
Raw Blame History

// Copyright 2022 Harness Inc. All rights reserved.
// Use of this source code is governed by the Polyform Free Trial License
// that can be found in the LICENSE.md file for this repository.
package check
import (
"fmt"
"strings"
"github.com/harness/gitness/types"
"github.com/pkg/errors"
)
const (
maxPathSegmentsForSpace = 9
maxPathSegments = 10
)
var (
ErrPathEmpty = &ValidationError{
"Path can't be empty.",
}
ErrPathInvalidDepth = &ValidationError{
fmt.Sprintf("A path can have at most %d segments (%d for spaces).",
maxPathSegments, maxPathSegmentsForSpace),
}
ErrEmptyPathSegment = &ValidationError{
"Empty segments are not allowed.",
}
ErrPathCantBeginOrEndWithSeparator = &ValidationError{
fmt.Sprintf("Path can't start or end with the separator ('%s').", types.PathSeparator),
}
ErrPathDifferentTopLevelSpace = &ValidationError{
"Alias paths have to stay within the same top level space.",
}
ErrTopLevelPathNotAllowed = &ValidationError{
"Top level alias paths are not allowed.",
}
)
// Path checks the provided path and returns an error in it isn't valid
// NOTE: A repository path can be one deeper than a space path (as otherwise the space would be useless).
func Path(path string, isSpace bool) error {
if path == "" {
return ErrPathEmpty
}
// ensure path doesn't begin or end with /
if path[:1] == types.PathSeparator || path[len(path)-1:] == types.PathSeparator {
return ErrPathCantBeginOrEndWithSeparator
}
// ensure path is not too deep
if err := PathDepth(path, isSpace); err != nil {
return err
}
// ensure all segments of the path are valid uids
segments := strings.Split(path, types.PathSeparator)
for _, s := range segments {
if s == "" {
return ErrEmptyPathSegment
} else if err := UID(s); err != nil {
return errors.Wrapf(err, "Invalid segment '%s'", s)
}
}
return nil
}
// PathParams validates a PathParams object that is used to create a new path.
// NOTES:
// - We don't allow top level alias paths
// - An alias path has to stay within the same top level space
//
// IMPORTANT:
// - Technically there can be a racing condition when a space is being moved in between the validation and
// path creation.
// - But that is fine, as the path could've also been created a second earlier when it was still valid and would
// then still exist.
func PathParams(path *types.PathParams, currentPath string, isSpace bool) error {
// ensure the path is valid
if err := Path(path.Path, isSpace); err != nil {
return err
}
// ensure the path is at least 1 level deep (at least one '/')
i := strings.Index(path.Path, types.PathSeparator)
if i < 0 {
return ErrTopLevelPathNotAllowed
}
// ensure the top level space doesn't change (add path separator to avoid abcd -> abc matching)
if !strings.HasPrefix(currentPath+types.PathSeparator, path.Path[:i]+types.PathSeparator) {
return ErrPathDifferentTopLevelSpace
}
return nil
}
// PathDepth Checks the depth of the provided path.
func PathDepth(path string, isSpace bool) error {
if IsPathTooDeep(path, isSpace) {
return ErrPathInvalidDepth
}
return nil
}
// IsPathTooDeep Checks if the provided path is too long.
// NOTE: A repository path can be one deeper than a space path (as otherwise the space would be useless).
func IsPathTooDeep(path string, isSpace bool) bool {
l := strings.Count(path, types.PathSeparator) + 1
return (!isSpace && l > maxPathSegments) || (isSpace && l > maxPathSegmentsForSpace)
}
Reference in New Issue View Git Blame Copy Permalink