// Copyright 2019 Sorint.lab // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied // See the License for the specific language governing permissions and // limitations under the License. package action import ( "context" "fmt" "net/http" "net/url" "path" csapi "github.com/sorintlab/agola/internal/services/configstore/api" "github.com/sorintlab/agola/internal/services/types" "github.com/sorintlab/agola/internal/util" "github.com/pkg/errors" ) func (h *ActionHandler) GetProject(ctx context.Context, projectRef string) (*csapi.Project, error) { project, resp, err := h.configstoreClient.GetProject(ctx, projectRef) if err != nil { return nil, ErrFromRemote(resp, err) } isProjectMember, err := h.IsProjectMember(ctx, project.OwnerType, project.OwnerID) if err != nil { return nil, errors.Wrapf(err, "failed to determine ownership") } if project.GlobalVisibility == types.VisibilityPublic { return project, nil } if !isProjectMember { return nil, util.NewErrForbidden(errors.Errorf("user not authorized")) } return project, nil } type CreateProjectRequest struct { Name string ParentRef string Visibility types.Visibility RemoteSourceName string RepoPath string SkipSSHHostKeyCheck bool } func (h *ActionHandler) CreateProject(ctx context.Context, req *CreateProjectRequest) (*csapi.Project, error) { curUserID := h.CurrentUserID(ctx) user, resp, err := h.configstoreClient.GetUser(ctx, curUserID) if err != nil { return nil, ErrFromRemote(resp, errors.Wrapf(err, "failed to get user %q", curUserID)) } parentRef := req.ParentRef if parentRef == "" { // create project in current user namespace parentRef = path.Join("user", user.Name) } pg, resp, err := h.configstoreClient.GetProjectGroup(ctx, parentRef) if err != nil { return nil, ErrFromRemote(resp, errors.Wrapf(err, "failed to get project group %q", parentRef)) } isProjectOwner, err := h.IsProjectOwner(ctx, pg.OwnerType, pg.OwnerID) if err != nil { return nil, errors.Wrapf(err, "failed to determine ownership") } if !isProjectOwner { return nil, util.NewErrForbidden(errors.Errorf("user not authorized")) } if !util.ValidateName(req.Name) { return nil, util.NewErrBadRequest(errors.Errorf("invalid project name %q", req.Name)) } if req.RemoteSourceName == "" { return nil, util.NewErrBadRequest(errors.Errorf("empty remote source name")) } if req.RepoPath == "" { return nil, util.NewErrBadRequest(errors.Errorf("empty remote repo path")) } projectPath := path.Join(pg.Path, req.Name) _, resp, err = h.configstoreClient.GetProject(ctx, projectPath) if err != nil { if resp != nil && resp.StatusCode != http.StatusNotFound { return nil, ErrFromRemote(resp, errors.Wrapf(err, "failed to get project %q", req.Name)) } } else { return nil, util.NewErrBadRequest(errors.Errorf("project %q already exists", projectPath)) } rs, resp, err := h.configstoreClient.GetRemoteSource(ctx, req.RemoteSourceName) if err != nil { return nil, ErrFromRemote(resp, errors.Wrapf(err, "failed to get remote source %q", req.RemoteSourceName)) } h.log.Infof("rs: %s", util.Dump(rs)) var la *types.LinkedAccount for _, v := range user.LinkedAccounts { if v.RemoteSourceID == rs.ID { la = v break } } h.log.Infof("la: %s", util.Dump(la)) if la == nil { return nil, errors.Errorf("user doesn't have a linked account for remote source %q", rs.Name) } gitsource, err := h.GetGitSource(ctx, rs, user.Name, la) if err != nil { return nil, errors.Wrapf(err, "failed to create gitsource client") } repo, err := gitsource.GetRepoInfo(req.RepoPath) if err != nil { return nil, errors.Wrapf(err, "failed to get repository info from gitsource") } h.log.Infof("generating ssh key pairs") privateKey, _, err := util.GenSSHKeyPair(4096) if err != nil { return nil, errors.Wrapf(err, "failed to generate ssh key pair") } p := &types.Project{ Name: req.Name, Parent: types.Parent{ Type: types.ConfigTypeProjectGroup, ID: parentRef, }, Visibility: req.Visibility, RemoteRepositoryConfigType: types.RemoteRepositoryConfigTypeRemoteSource, RemoteSourceID: rs.ID, LinkedAccountID: la.ID, RepositoryID: repo.ID, RepositoryPath: req.RepoPath, SkipSSHHostKeyCheck: req.SkipSSHHostKeyCheck, SSHPrivateKey: string(privateKey), } h.log.Infof("creating project") rp, resp, err := h.configstoreClient.CreateProject(ctx, p) if err != nil { return nil, ErrFromRemote(resp, errors.Wrapf(err, "failed to create project")) } h.log.Infof("project %s created, ID: %s", p.Name, p.ID) return rp, h.SetupProject(ctx, rs, user, la, rp) } func (h *ActionHandler) SetupProject(ctx context.Context, rs *types.RemoteSource, user *types.User, la *types.LinkedAccount, project *csapi.Project) error { gitsource, err := h.GetGitSource(ctx, rs, user.Name, la) if err != nil { return errors.Wrapf(err, "failed to create gitsource client") } pubKey, err := util.ExtractPublicKey([]byte(project.SSHPrivateKey)) if err != nil { return errors.Wrapf(err, "failed to extract public key") } webhookURL, err := url.Parse(fmt.Sprintf("%s/webhooks", h.apiExposedURL)) if err != nil { return errors.Wrapf(err, "failed to generate webhook url") } q := url.Values{} q.Add("projectid", project.ID) q.Add("agolaid", h.agolaID) webhookURL.RawQuery = q.Encode() // generate deploy keys and webhooks containing the agola project id so we // can have multiple projects referencing the same remote repository and this // will trigger multiple different runs deployKeyName := fmt.Sprintf("agola deploy key - %s", project.ID) h.log.Infof("creating/updating deploy key: %s", string(pubKey)) if err := gitsource.UpdateDeployKey(project.RepositoryPath, deployKeyName, string(pubKey), true); err != nil { return errors.Wrapf(err, "failed to create deploy key") } h.log.Infof("deleting existing webhooks") if err := gitsource.DeleteRepoWebhook(project.RepositoryPath, webhookURL.String()); err != nil { return errors.Wrapf(err, "failed to delete repository webhook") } h.log.Infof("creating webhook to url: %s", webhookURL) if err := gitsource.CreateRepoWebhook(project.RepositoryPath, webhookURL.String(), project.WebhookSecret); err != nil { return errors.Wrapf(err, "failed to create repository webhook") } return nil } func (h *ActionHandler) ReconfigProject(ctx context.Context, projectRef string) error { p, resp, err := h.configstoreClient.GetProject(ctx, projectRef) if err != nil { return ErrFromRemote(resp, errors.Wrapf(err, "failed to get project %q", projectRef)) } isProjectOwner, err := h.IsProjectOwner(ctx, p.OwnerType, p.OwnerID) if err != nil { return errors.Wrapf(err, "failed to determine ownership") } if !isProjectOwner { return util.NewErrForbidden(errors.Errorf("user not authorized")) } user, resp, err := h.configstoreClient.GetUserByLinkedAccount(ctx, p.LinkedAccountID) if err != nil { return ErrFromRemote(resp, errors.Wrapf(err, "failed to get user with linked account id %q", p.LinkedAccountID)) } la := user.LinkedAccounts[p.LinkedAccountID] h.log.Infof("la: %s", util.Dump(la)) if la == nil { return errors.Errorf("linked account %q in user %q doesn't exist", p.LinkedAccountID, user.Name) } rs, resp, err := h.configstoreClient.GetRemoteSource(ctx, la.RemoteSourceID) if err != nil { return ErrFromRemote(resp, errors.Wrapf(err, "failed to get remote source %q", la.RemoteSourceID)) } // TODO(sgotti) update project repo path if the remote let us query by repository id return h.SetupProject(ctx, rs, user, la, p) } func (h *ActionHandler) DeleteProject(ctx context.Context, projectRef string) error { p, resp, err := h.configstoreClient.GetProject(ctx, projectRef) if err != nil { return ErrFromRemote(resp, errors.Wrapf(err, "failed to get project %q", projectRef)) } isProjectOwner, err := h.IsProjectOwner(ctx, p.OwnerType, p.OwnerID) if err != nil { return errors.Wrapf(err, "failed to determine ownership") } if !isProjectOwner { return util.NewErrForbidden(errors.Errorf("user not authorized")) } resp, err = h.configstoreClient.DeleteProject(ctx, projectRef) if err != nil { return ErrFromRemote(resp, err) } return nil }