From be4166ea9114e1e77569cbf3a6fbb26bcb91dad6 Mon Sep 17 00:00:00 2001 From: elad-codefresh Date: Sun, 24 Oct 2021 11:26:08 +0300 Subject: [PATCH 01/10] bump --- package.json | 2 +- schema/1.0/validations/registry.js | 40 ++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index b6e32ea3..aa206934 100644 --- a/package.json +++ b/package.json @@ -17,7 +17,7 @@ "bin": { "cyv": "./index.js" }, - "version": "0.28.1", + "version": "0.28.2", "main": "./validator.js", "scripts": { "test": "jest --coverage --runInBand", diff --git a/schema/1.0/validations/registry.js b/schema/1.0/validations/registry.js index d8e23953..9c537e99 100644 --- a/schema/1.0/validations/registry.js +++ b/schema/1.0/validations/registry.js @@ -5,6 +5,30 @@ const BaseSchema = require('./../base-schema'); const { ErrorType, ErrorBuilder } = require('./../error-builder'); const { docBaseUrl, DocumentationLinks, IntegrationLinks } = require('./../documentation-links'); // eslint-disable-line +const AWS_REGIONS = [ + 'us-east-2', + 'us-east-1', + 'us-west-1', + 'us-west-2', + 'af-south-1', + 'ap-east-1', + 'ap-south-1', + 'ap-northeast-3', + 'ap-northeast-2', + 'ap-southeast-1', + 'ap-southeast-2', + 'ap-northeast-1', + 'ca-central-1', + 'eu-central-1', + 'eu-west-1', + 'eu-west-2', + 'eu-south-', + 'eu-west-3', + 'eu-north-1', + 'me-south-1', + 'sa-east-1', +]; + const isWebUri = function (s) { if (s) { const patterns = [ @@ -207,6 +231,22 @@ const validate = function (step, } } + if (step.region) { + if (!AWS_REGIONS.find(currentRegion => currentRegion === step.region)) { + errors.push(ErrorBuilder.buildError({ + message: `aws region is invalid`, + name, + yaml, + code: 206, + type: ErrorType.Error, + docsLink: _.get(DocumentationLinks, step.type, docBaseUrl), + errorPath, + key, + actionItems: 'Please make sure the specified region is written in the format expected by aws', + })); + } + } + return { errors, warnings }; }; From c14fe2147728b681137cbf11f00481f6bac3cc58 Mon Sep 17 00:00:00 2001 From: elad-codefresh Date: Sun, 24 Oct 2021 11:26:26 +0300 Subject: [PATCH 02/10] bump --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index aa206934..2abeecd7 100644 --- a/package.json +++ b/package.json @@ -17,7 +17,7 @@ "bin": { "cyv": "./index.js" }, - "version": "0.28.2", + "version": "0.29.0", "main": "./validator.js", "scripts": { "test": "jest --coverage --runInBand", From 2490736ad683afd7e355d1ca1a71c44257d42bec Mon Sep 17 00:00:00 2001 From: elad-codefresh Date: Sun, 24 Oct 2021 12:49:37 +0300 Subject: [PATCH 03/10] region only for ecr --- schema/1.0/validations/registry.js | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/schema/1.0/validations/registry.js b/schema/1.0/validations/registry.js index 9c537e99..a17c3ce5 100644 --- a/schema/1.0/validations/registry.js +++ b/schema/1.0/validations/registry.js @@ -232,6 +232,7 @@ const validate = function (step, } if (step.region) { + const currentRegistry = _.find(context.registries, reg => reg.name === registry); if (!AWS_REGIONS.find(currentRegion => currentRegion === step.region)) { errors.push(ErrorBuilder.buildError({ message: `aws region is invalid`, @@ -244,6 +245,18 @@ const validate = function (step, key, actionItems: 'Please make sure the specified region is written in the format expected by aws', })); + } else if (!currentRegistry.provider !== 'ecr') { + errors.push(ErrorBuilder.buildError({ + message: `Unable to specify region with a ${currentRegistry.provider} type registry`, + name, + yaml, + code: 206, + type: ErrorType.Error, + docsLink: _.get(DocumentationLinks, step.type, docBaseUrl), + errorPath, + key, + actionItems: 'Cross-region pushes are currently supported only for ECR', + })); } } From f4e0ee53c24cbf5da83a554b5e906afb692c8c46 Mon Sep 17 00:00:00 2001 From: elad-codefresh Date: Sun, 24 Oct 2021 13:03:56 +0300 Subject: [PATCH 04/10] accountId validation --- schema/1.0/validations/registry.js | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/schema/1.0/validations/registry.js b/schema/1.0/validations/registry.js index a17c3ce5..ce1413f7 100644 --- a/schema/1.0/validations/registry.js +++ b/schema/1.0/validations/registry.js @@ -231,8 +231,9 @@ const validate = function (step, } } + const integrationDefinedProvider = (_.find(context.registries, reg => reg.name === registry) || {}).provider; + if (step.region) { - const currentRegistry = _.find(context.registries, reg => reg.name === registry); if (!AWS_REGIONS.find(currentRegion => currentRegion === step.region)) { errors.push(ErrorBuilder.buildError({ message: `aws region is invalid`, @@ -245,9 +246,9 @@ const validate = function (step, key, actionItems: 'Please make sure the specified region is written in the format expected by aws', })); - } else if (!currentRegistry.provider !== 'ecr') { + } else if (integrationDefinedProvider !== 'ecr') { errors.push(ErrorBuilder.buildError({ - message: `Unable to specify region with a ${currentRegistry.provider} type registry`, + message: `Unable to specify region with a registry of type: ${integrationDefinedProvider}`, name, yaml, code: 206, @@ -260,6 +261,22 @@ const validate = function (step, } } + if (step.accountId) { + if (integrationDefinedProvider !== 'ecr') { + errors.push(ErrorBuilder.buildError({ + message: `Unable to specify accountId with a registry of type: ${integrationDefinedProvider} `, + name, + yaml, + code: 206, + type: ErrorType.Error, + docsLink: _.get(DocumentationLinks, step.type, docBaseUrl), + errorPath, + key, + actionItems: 'Cross-account pushes are currently supported only for ECR', + })); + } + } + return { errors, warnings }; }; From 05b85f54447127c02651bc9e622a50e2d2a21eed Mon Sep 17 00:00:00 2001 From: elad-codefresh Date: Sun, 24 Oct 2021 13:10:47 +0300 Subject: [PATCH 05/10] trailing space --- schema/1.0/validations/registry.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/schema/1.0/validations/registry.js b/schema/1.0/validations/registry.js index ce1413f7..65069089 100644 --- a/schema/1.0/validations/registry.js +++ b/schema/1.0/validations/registry.js @@ -232,7 +232,7 @@ const validate = function (step, } const integrationDefinedProvider = (_.find(context.registries, reg => reg.name === registry) || {}).provider; - + if (step.region) { if (!AWS_REGIONS.find(currentRegion => currentRegion === step.region)) { errors.push(ErrorBuilder.buildError({ From 4f11995948397b0d0c07fbefacd98b3a9bb56f3f Mon Sep 17 00:00:00 2001 From: elad-codefresh Date: Sun, 24 Oct 2021 13:14:33 +0300 Subject: [PATCH 06/10] ut --- __tests__/validator.unit.spec.js | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/__tests__/validator.unit.spec.js b/__tests__/validator.unit.spec.js index 2f985a58..3bab9232 100644 --- a/__tests__/validator.unit.spec.js +++ b/__tests__/validator.unit.spec.js @@ -5164,7 +5164,10 @@ describe('Validate Codefresh YAML with context', () => { git: [], registries: [{ name: 'reg' }, { name: 'reg2', default: true }], clusters: [], - variables: { AWS_API_REGISTRY: '123456789012.dkr.ecr.eu-west-1.amazonaws.com/test-api/web' } + variables: { + AWS_API_REGISTRY: '123456789012.dkr.ecr.eu-west-1.amazonaws.com/test-api/web', + AWS_REGION: 'us-east-1' + } }; validateWithContext(model, 'message', yaml, context); done(); @@ -5241,7 +5244,7 @@ describe('Validate Codefresh YAML with context', () => { git: [], registries: [], clusters: [], - variables: [] + variables: { AWS_REGION: 'us-east-1' } }; validateForErrorWithContext(model, expectedError, done, 'message', yaml, context); done(); From bcbcc94ce6959141c6b74fe90e6d6b471269e732 Mon Sep 17 00:00:00 2001 From: elad-codefresh Date: Sun, 24 Oct 2021 13:21:40 +0300 Subject: [PATCH 07/10] added ut --- __tests__/validator.unit.spec.js | 97 +++++++++++++++++++++++++++++++- 1 file changed, 96 insertions(+), 1 deletion(-) diff --git a/__tests__/validator.unit.spec.js b/__tests__/validator.unit.spec.js index 3bab9232..031e4843 100644 --- a/__tests__/validator.unit.spec.js +++ b/__tests__/validator.unit.spec.js @@ -5250,7 +5250,6 @@ describe('Validate Codefresh YAML with context', () => { done(); }); - it('validate yaml when integrations not found', async (done) => { const yaml = fs.readFileSync(path.join(currentPath, './test-yamls/default-yaml.yml'), 'utf8'); const model = { @@ -6834,6 +6833,102 @@ describe('Validate Codefresh YAML with context', () => { validateForErrorWithContext(model, expectedMessage, done, 'message', yaml, context, { ignoreValidation: false }); }); + it('validate yaml with wrong aws region', async (done) => { + const yaml = fs.readFileSync(path.join(currentPath, './test-yamls/yaml-with-registry-catastrophic-value.yml'), 'utf8'); + const model = { + version: '1.0', + steps: { + push: { + title: 'Pushing image to ecr', + type: 'push', + image_name: 'codefresh/test', + registry: 'hobsons-platform-docker-sandbox-local-append', + accessKeyId: '${{AWS_ACCESS_KEY_ID}}', + secretAccessKey: '${{AWS_SECRET_ACCESS_KEY}}', + region: '${{AWS_REGION}}', + candidate: '${{build}}', + tags: [ + '${{CF_BRANCH_TAG_NORMALIZED}}', + '${{CF_REVISION}}'] + }, + } + }; + const expectedError = { + details: [ + { + actionItems: 'Please make sure the specified region is written in the format expected by aws', + code: 206, + context: { key: undefined }, + docsLink: 'https://codefresh.io/docs/docs/docker-registries/external-docker-registries/', + level: 'workflow', + lines: 3, + message: 'aws region is invalid', + path: 'registry', + stepName: 'push', + type: 'Error' + } + ], + warningDetails: [], + }; + const context = { + git: [], + registries: [], + clusters: [], + variables: { AWS_REGION: 'invalid' } + }; + validateForErrorWithContext(model, expectedError, done, 'message', yaml, context); + done(); + }); + + it('validate yaml with correct aws region but a non-ecr integration', async (done) => { + const yaml = fs.readFileSync(path.join(currentPath, './test-yamls/yaml-with-registry-catastrophic-value.yml'), 'utf8'); + const model = { + version: '1.0', + steps: { + push: { + title: 'Pushing image to quay', + type: 'push', + image_name: 'codefresh/test', + registry: 'non-ecr', + accessKeyId: '${{AWS_ACCESS_KEY_ID}}', + secretAccessKey: '${{AWS_SECRET_ACCESS_KEY}}', + region: '${{AWS_REGION}}', + candidate: '${{build}}', + tags: [ + '${{CF_BRANCH_TAG_NORMALIZED}}', + '${{CF_REVISION}}'] + }, + } + }; + const expectedError = { + details: [ + { + actionItems: 'Cross-region pushes are currently supported only for ECR', + code: 206, + context: { key: undefined }, + docsLink: 'https://codefresh.io/docs/docs/docker-registries/external-docker-registries/', + level: 'workflow', + lines: 3, + message: 'Unable to specify region with a registry of type: ', + path: 'registry', + stepName: 'push', + type: 'Error' + } + ], + warningDetails: [], + }; + const context = { + git: [], + registries: [{ + name: 'non-ecr' + }], + clusters: [], + variables: { AWS_REGION: 'us-east-1' } + }; + validateForErrorWithContext(model, expectedError, done, 'message', yaml, context); + done(); + }); + }); describe('lint mode', () => { From 12f7d6eff982a6ed26d99390598251bc2e361144 Mon Sep 17 00:00:00 2001 From: elad-codefresh Date: Sun, 24 Oct 2021 13:29:07 +0300 Subject: [PATCH 08/10] ut --- __tests__/validator.unit.spec.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/__tests__/validator.unit.spec.js b/__tests__/validator.unit.spec.js index 031e4843..1f969be8 100644 --- a/__tests__/validator.unit.spec.js +++ b/__tests__/validator.unit.spec.js @@ -5152,7 +5152,7 @@ describe('Validate Codefresh YAML with context', () => { registry: '${{AWS_API_REGISTRY}}', accessKeyId: '${{AWS_ACCESS_KEY_ID}}', secretAccessKey: '${{AWS_SECRET_ACCESS_KEY}}', - region: '${{AWS_REGION}}', + region: 'us-east-1', candidate: '${{build}}', tags: [ '${{CF_BRANCH_TAG_NORMALIZED}}', @@ -5165,8 +5165,7 @@ describe('Validate Codefresh YAML with context', () => { registries: [{ name: 'reg' }, { name: 'reg2', default: true }], clusters: [], variables: { - AWS_API_REGISTRY: '123456789012.dkr.ecr.eu-west-1.amazonaws.com/test-api/web', - AWS_REGION: 'us-east-1' + AWS_API_REGISTRY: '123456789012.dkr.ecr.eu-west-1.amazonaws.com/test-api/web' } }; validateWithContext(model, 'message', yaml, context); From 83bece01d5195bb2c6be3c9673443f24d054ad36 Mon Sep 17 00:00:00 2001 From: elad-codefresh Date: Sun, 24 Oct 2021 13:45:44 +0300 Subject: [PATCH 09/10] fixed ut --- __tests__/validator.unit.spec.js | 36 ++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/__tests__/validator.unit.spec.js b/__tests__/validator.unit.spec.js index 1f969be8..f2099a56 100644 --- a/__tests__/validator.unit.spec.js +++ b/__tests__/validator.unit.spec.js @@ -5152,7 +5152,6 @@ describe('Validate Codefresh YAML with context', () => { registry: '${{AWS_API_REGISTRY}}', accessKeyId: '${{AWS_ACCESS_KEY_ID}}', secretAccessKey: '${{AWS_SECRET_ACCESS_KEY}}', - region: 'us-east-1', candidate: '${{build}}', tags: [ '${{CF_BRANCH_TAG_NORMALIZED}}', @@ -5214,7 +5213,6 @@ describe('Validate Codefresh YAML with context', () => { registry: 'hobsons-platform-docker-sandbox-local-append', accessKeyId: '${{AWS_ACCESS_KEY_ID}}', secretAccessKey: '${{AWS_SECRET_ACCESS_KEY}}', - region: '${{AWS_REGION}}', candidate: '${{build}}', tags: [ '${{CF_BRANCH_TAG_NORMALIZED}}', @@ -5243,7 +5241,7 @@ describe('Validate Codefresh YAML with context', () => { git: [], registries: [], clusters: [], - variables: { AWS_REGION: 'us-east-1' } + variables: [], }; validateForErrorWithContext(model, expectedError, done, 'message', yaml, context); done(); @@ -6841,7 +6839,7 @@ describe('Validate Codefresh YAML with context', () => { title: 'Pushing image to ecr', type: 'push', image_name: 'codefresh/test', - registry: 'hobsons-platform-docker-sandbox-local-append', + registry: 'myecr', accessKeyId: '${{AWS_ACCESS_KEY_ID}}', secretAccessKey: '${{AWS_SECRET_ACCESS_KEY}}', region: '${{AWS_REGION}}', @@ -6857,10 +6855,10 @@ describe('Validate Codefresh YAML with context', () => { { actionItems: 'Please make sure the specified region is written in the format expected by aws', code: 206, - context: { key: undefined }, - docsLink: 'https://codefresh.io/docs/docs/docker-registries/external-docker-registries/', + context: { key: 'registry' }, + docsLink: 'https://codefresh.io/docs/docs/codefresh-yaml/steps/push/', level: 'workflow', - lines: 3, + lines: 7, message: 'aws region is invalid', path: 'registry', stepName: 'push', @@ -6871,7 +6869,12 @@ describe('Validate Codefresh YAML with context', () => { }; const context = { git: [], - registries: [], + registries: [ + { + name: 'myecr', + provider: 'ecr', + } + ], clusters: [], variables: { AWS_REGION: 'invalid' } }; @@ -6891,7 +6894,7 @@ describe('Validate Codefresh YAML with context', () => { registry: 'non-ecr', accessKeyId: '${{AWS_ACCESS_KEY_ID}}', secretAccessKey: '${{AWS_SECRET_ACCESS_KEY}}', - region: '${{AWS_REGION}}', + region: 'us-east-1', candidate: '${{build}}', tags: [ '${{CF_BRANCH_TAG_NORMALIZED}}', @@ -6904,14 +6907,14 @@ describe('Validate Codefresh YAML with context', () => { { actionItems: 'Cross-region pushes are currently supported only for ECR', code: 206, - context: { key: undefined }, - docsLink: 'https://codefresh.io/docs/docs/docker-registries/external-docker-registries/', + context: { key: 'registry' }, + docsLink: 'https://codefresh.io/docs/docs/codefresh-yaml/steps/push/', level: 'workflow', - lines: 3, - message: 'Unable to specify region with a registry of type: ', + lines: 7, + message: 'Unable to specify region with a registry of type: non-ecr', path: 'registry', stepName: 'push', - type: 'Error' + type: 'Error', } ], warningDetails: [], @@ -6919,10 +6922,11 @@ describe('Validate Codefresh YAML with context', () => { const context = { git: [], registries: [{ - name: 'non-ecr' + name: 'non-ecr', + provider: 'non-ecr' }], clusters: [], - variables: { AWS_REGION: 'us-east-1' } + variables: [], }; validateForErrorWithContext(model, expectedError, done, 'message', yaml, context); done(); From 31b7e4de745d93a597b7f0a327287bc8d7a6ad08 Mon Sep 17 00:00:00 2001 From: elad-codefresh Date: Tue, 26 Oct 2021 11:53:14 +0300 Subject: [PATCH 10/10] region in build step --- schema/1.0/steps/build.js | 1 + 1 file changed, 1 insertion(+) diff --git a/schema/1.0/steps/build.js b/schema/1.0/steps/build.js index fa430958..b15dff27 100644 --- a/schema/1.0/steps/build.js +++ b/schema/1.0/steps/build.js @@ -53,6 +53,7 @@ class Build extends BaseSchema { ...(opts.buildVersion === BUILD_VERSION && { disable_push: Joi.boolean() }), provider: Build._getProviderSchema(), registry_contexts: Joi.array().items(Joi.string()), + region: Joi.string(), }; return this._createSchema(buildProperties); }