Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate event context key #5339

Merged
merged 6 commits into from
Nov 15, 2024
Merged

Validate event context key #5339

merged 6 commits into from
Nov 15, 2024

Conversation

ffjlabo
Copy link
Member

@ffjlabo ffjlabo commented Nov 14, 2024

What this PR does:

Added validation for event context key.

The event context is used as --trailer. The trailer key is currently allowed to use - alphabet, number, ' ', '\t' but it is unclear the actual format.
ref: https://github.com/git/git/blob/25b0f41288718625b18495de23cc066394c09a92/trailer.c#L630-L646

Also tried some formats below.

% git commit -m "Test" --trailer "github.repository: test" --trailer "github_repository: test" --trailer "github-repository: test"
% git show                                                                                         
commit bedaed31b10c454e730a7aa06abb118a4cd3c264 (HEAD -> test-trailer)
Author: Yoshiki Fujikane <[email protected]>
Date:   Tue Nov 12 18:19:55 2024 +0900

    Test

    github.repository: test:
    github_repository: test:
    github-repository: test

So I added the restriction for the event context key format like kebab case such asTest-hoge test-hoge for now.

Why we need it:

Which issue(s) this PR fixes:

Part of #5028

Does this PR introduce a user-facing change?:

  • How are users affected by this change:
  • Is this breaking change:
  • How to migrate (if breaking change):

@ffjlabo
Copy link
Member Author

ffjlabo commented Nov 14, 2024

The pattern

OK (tried test-hoge)

% ./pipectl_v0.49.3_darwin_arm64 event register --address=localhost:8080 --api-key=xxx --name=simple --data="gcr.io/pipecd/helloworld:v0.40.0" --contexts="test-hoge=fuga" --insecure=true
Successfully registered event	{"id": "cc64b59d-82d1-4d3d-a669-b6051e9fe33b"}

Invalid key format (tried test.hoge)

% ./pipectl_v0.49.3_darwin_arm64 event register --address=localhost:8080 --api-key=xxx --name=simple --data="gcr.io/pipecd/helloworld:v0.40.0" --contexts="test.hoge=fuga" --insecure=true
2024/11/14 16:56:22 failed to register event: rpc error: code = InvalidArgument desc = invalid request: invalid RegisterEventRequest.Contexts[test.hoge]: value does not match regex pattern "^[a-zA-Z0-9]+(-[a-zA-Z0-9]+)*$"

Key is nothing

% ./pipectl_v0.49.3_darwin_arm64 event register --address=localhost:8080 --api-key=xxx --name=simple --data="gcr.io/pipecd/helloworld:v0.40.0" --contexts="=fuga" --insecure=true
2024/11/14 16:46:29 failed to register event: rpc error: code = InvalidArgument desc = invalid request: invalid RegisterEventRequest.Contexts[]: value length must be at least 1 rune

@codecov Codecov
Copy link

codecov bot commented Nov 14, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 9.09091% with 10 lines in your changes missing coverage. Please review.

Project coverage is 25.30%. Comparing base (249315b) to head (179eef2).
Report is 3 commits behind head on master.

Files with missing lines Patch % Lines
pkg/app/pipectl/cmd/event/register.go 0.00% 10 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #5339      +/-   ##
==========================================
- Coverage   25.31%   25.30%   -0.02%     
==========================================
  Files         444      444              
  Lines       47592    47601       +9     
==========================================
- Hits        12050    12044       -6     
- Misses      34600    34615      +15     
  Partials      942      942

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Warashi
Warashi reviewed Nov 14, 2024
View reviewed changes
Copy link
Contributor

@Warashi Warashi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

commented on regexp and nits.

IMHO, the error message like below is a bit confusing.
The validation error occurs at the key of the map, but the message says "value."

2024/11/14 16:46:29 failed to register event: rpc error: code = InvalidArgument desc = invalid request: invalid RegisterEventRequest.Contexts[]: value length must be at least 1 rune

pkg/model/event.go Outdated
var (
hashFunc = sha256.New

eventKeyFormatRegex = regexp.MustCompile(`^[a-zA-Z0-9]+(-[a-zA-Z0-9]+)*$`)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nits] This variable seems unused

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed 🙏 341ce20

pkg/app/server/service/apiservice/service.proto
@@ -229,7 +229,7 @@ message RegisterEventRequest {
string name = 1 [(validate.rules).string.min_len = 1];
string data = 2 [(validate.rules).string.min_len = 1];
map<string,string> labels = 3 [(validate.rules).map.keys.string.min_len = 1, (validate.rules).map.values.string.min_len = 1];
map<string,string> contexts = 4;
map<string,string> contexts = 4 [(validate.rules).map.keys.string.min_len = 1, (validate.rules).map.keys.string.pattern = "^[a-zA-Z0-9]+(-[a-zA-Z0-9]+)*$", (validate.rules).map.values.string.min_len = 1];
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The regexp might be wrong.
The git implementations seem to allow double or more hyphens continuously like test--hoge or start with a hyphen like -test.
The pattern might be like ^[\-a-zA-Z0-9]+$.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Warashi
Yes, I know that.
I don't plan to do the same as validation for git.
It is because the trailer format is not so concrete.

So I wanted to express the format like a kebab case test-hoge in PipeCD.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, I got your point.

@ffjlabo
Remove unused regex
341ce20 
Signed-off-by: Yoshiki Fujikane <[email protected]>
@ffjlabo
Copy link
Member Author

ffjlabo commented Nov 14, 2024

@Warashi

commented on regexp and nits.

IMHO, the error message like below is a bit confusing.
The validation error occurs at the key of the map, but the message says "value."

I see. Thank you for finding it. This is based on the code generated by protoc-gen-validate.
In my understanding, many validations are based on it.
Is there any idea?

@Warashi
Copy link
Contributor

Warashi commented Nov 14, 2024

@ffjlabo

I see. Thank you for finding it. This is based on the code generated by protoc-gen-validate.
In my understanding, many validations are based on it.
Is there any idea?

How about implementing validations in pipectl code with go's regexp?
In my understanding, many parts of error messages from protoc-gen-validate will not be seen by users, but this is seen by users usually. So it's better that we can control the messages.

@ffjlabo
Copy link
Member Author

ffjlabo commented Nov 14, 2024

@Warashi
Thanks

In my understanding, many parts of error messages from protoc-gen-validate will not be seen by users, but this is seen by users usually. So it's better that we can control the messages.

I got it. Sounds nice!
So we would accept the message on the server side and implement the validation in pipectl.

📝 It seems that these errors occurred when using pipectl.
e.g.

./pipectl_v0.49.3_darwin_arm64 event register --address=localhost:8080 --api-key=xxx --name=simple --data="gcr.io/pipecd/helloworld:v0.40.0" --labels="=fuga" --insecure=true
2024/11/14 18:06:51 failed to register event: rpc error: code = InvalidArgument desc = invalid request: invalid RegisterEventRequest.Labels[]: value length must be at least 1 runes

@ffjlabo
Add validation to pipectl side
179eef2 
Signed-off-by: Yoshiki Fujikane <[email protected]>
@ffjlabo
Copy link
Member Author

ffjlabo commented Nov 14, 2024

@Warashi Fixed in 179eef2

like this

go run cmd/pipectl/main.go event register --address=localhost:8080 --api-key=xxx --name=simple --data="gcr.io/pipecd/helloworld:v0.40.0" --contexts="test_hoge=fuga" --insecure=true
2024/11/14 18:32:34 failed to validate event context: invalid format key 'test_hoge', should be ^[a-zA-Z0-9]+(-[a-zA-Z0-9]+)*$
exit status 1

It also works OK pattern.

go run cmd/pipectl/main.go event register --address=localhost:8080 --api-key=xxx --name=simple --data="gcr.io/pipecd/helloworld:v0.40.0" --contexts="test-hoge=fuga" --insecure=true
Successfully registered event	{"id": "c256dfc4-d301-4cad-89f7-fb5afa87f31b"}

@ffjlabo ffjlabo requested a review from Warashi November 14, 2024 09:37
Warashi
Warashi approved these changes Nov 14, 2024
View reviewed changes
Copy link
Contributor

@Warashi Warashi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ffjlabo ffjlabo enabled auto-merge (squash) November 15, 2024 01:39
khanhtc1202
khanhtc1202 reviewed Nov 15, 2024
View reviewed changes
pkg/app/pipectl/cmd/event/register.go
@@ -79,3 +86,13 @@ func (r *register) run(ctx context.Context, input cli.Input) error {
)
return nil
}

func (r *register) validateEventContexts() error {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function looks testable, please add tests for this later (another PR is ok, since this one is for rc release)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc @ffjlabo

khanhtc1202
khanhtc1202 approved these changes Nov 15, 2024
View reviewed changes
Copy link
Member

@khanhtc1202 khanhtc1202 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👌

@ffjlabo ffjlabo merged commit 519d3fc into master Nov 15, 2024
16 of 18 checks passed
@ffjlabo ffjlabo deleted the validate-event-context-key branch November 15, 2024 06:25
github-actions bot pushed a commit that referenced this pull request Nov 19, 2024
@ffjlabo @pipecd-bot
Validate event context key (#5339)
0eb357e 
Signed-off-by: pipecd-bot <[email protected]>
@github-actions github-actions bot mentioned this pull request Nov 19, 2024
Merged
ffjlabo added a commit that referenced this pull request Nov 19, 2024
@github-actions @ffjlabo
Cherry-pick #5334 #5339 (#5345)
7bbc4d5 
* Sort trailers to ensure the order (#5334)

* Sort trailers to ensure the order

Signed-off-by: Yoshiki Fujikane <[email protected]>

* Fixed to work on go1.22

Signed-off-by: Yoshiki Fujikane <[email protected]>

---------

Signed-off-by: Yoshiki Fujikane <[email protected]>
Signed-off-by: pipecd-bot <[email protected]>

* Validate event context key (#5339)

Signed-off-by: pipecd-bot <[email protected]>

---------

Signed-off-by: Yoshiki Fujikane <[email protected]>
Signed-off-by: pipecd-bot <[email protected]>
Co-authored-by: Yoshiki Fujikane <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@khanhtc1202 khanhtc1202 khanhtc1202 approved these changes

@Warashi Warashi Warashi approved these changes

@nghialv nghialv Awaiting requested review from nghialv nghialv is a code owner

@kentakozuka kentakozuka Awaiting requested review from kentakozuka kentakozuka is a code owner

@t-kikuc t-kikuc Awaiting requested review from t-kikuc t-kikuc is a code owner

Assignees
No one assigned
Labels
area/go cherry-pick v0.49.4-rc1
Projects
v0.49.4
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ffjlabo @Warashi @khanhtc1202