feat(app/sources): source create view (#2680)
Co-authored-by: Chaim Lev-Ari <chaim.lev-ari@portainer.io> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -8,6 +8,7 @@ import (
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
"github.com/portainer/portainer/api/dataservices"
|
||||
gittypes "github.com/portainer/portainer/api/git/types"
|
||||
"github.com/portainer/portainer/api/gitops/workflows"
|
||||
httperror "github.com/portainer/portainer/pkg/libhttp/error"
|
||||
"github.com/portainer/portainer/pkg/libhttp/request"
|
||||
"github.com/portainer/portainer/pkg/libhttp/response"
|
||||
@@ -15,10 +16,8 @@ import (
|
||||
|
||||
// GitAuthenticationPayload holds authentication parameters for a git source
|
||||
type GitAuthenticationPayload struct {
|
||||
Username string `json:"username"`
|
||||
Password string `json:"password"`
|
||||
Provider gittypes.GitProvider `json:"provider"`
|
||||
AuthorizationType gittypes.GitCredentialAuthType `json:"authorizationType"`
|
||||
Username string `json:"username"`
|
||||
Password string `json:"password"`
|
||||
}
|
||||
|
||||
// GitSourceCreatePayload holds the parameters for creating a git-backed source
|
||||
@@ -38,38 +37,10 @@ func (payload *GitSourceCreatePayload) Validate(_ *http.Request) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// BuildGitSource constructs a portainer.Source from a GitSourceCreatePayload
|
||||
func BuildGitSource(payload GitSourceCreatePayload) *portainer.Source {
|
||||
gitConfig := &gittypes.RepoConfig{
|
||||
URL: payload.URL,
|
||||
TLSSkipVerify: payload.TLSSkipVerify,
|
||||
}
|
||||
|
||||
if payload.Authentication != nil {
|
||||
gitConfig.Authentication = &gittypes.GitAuthentication{
|
||||
Username: payload.Authentication.Username,
|
||||
Password: payload.Authentication.Password,
|
||||
Provider: payload.Authentication.Provider,
|
||||
AuthorizationType: payload.Authentication.AuthorizationType,
|
||||
}
|
||||
}
|
||||
|
||||
name := payload.Name
|
||||
if strings.TrimSpace(name) == "" {
|
||||
name = gittypes.RepoName(payload.URL)
|
||||
}
|
||||
|
||||
return &portainer.Source{
|
||||
Name: name,
|
||||
Type: portainer.SourceTypeGit,
|
||||
Git: gitConfig,
|
||||
}
|
||||
}
|
||||
|
||||
// @id GitOpsSourcesCreateGit
|
||||
// @summary Create a Git source
|
||||
// @description Creates a new GitOps source backed by a Git repository.
|
||||
// @description **Access policy**: admin
|
||||
// @description **Access policy**: administrator
|
||||
// @tags gitops
|
||||
// @security ApiKeyAuth
|
||||
// @security jwt
|
||||
@@ -79,6 +50,7 @@ func BuildGitSource(payload GitSourceCreatePayload) *portainer.Source {
|
||||
// @success 201 {object} portainer.Source
|
||||
// @failure 400 "Invalid request payload"
|
||||
// @failure 403 "Access denied"
|
||||
// @failure 409 "A source with this URL and credentials already exists"
|
||||
// @failure 500 "Server error"
|
||||
// @router /gitops/sources/git [post]
|
||||
func (h *Handler) gitSourceCreate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
|
||||
@@ -88,11 +60,28 @@ func (h *Handler) gitSourceCreate(w http.ResponseWriter, r *http.Request) *httpe
|
||||
return httperror.BadRequest("Invalid request payload", err)
|
||||
}
|
||||
|
||||
src := BuildGitSource(payload)
|
||||
src, err := BuildGitSource(payload)
|
||||
if err != nil {
|
||||
return httperror.BadRequest("Invalid request payload", err)
|
||||
}
|
||||
|
||||
username, password := "", ""
|
||||
if payload.Authentication != nil {
|
||||
username = payload.Authentication.Username
|
||||
password = payload.Authentication.Password
|
||||
}
|
||||
|
||||
if err := h.dataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
|
||||
if isUnique, err := workflows.ValidateUniqueSource(tx, payload.URL, username, password, 0); err != nil {
|
||||
return err
|
||||
} else if !isUnique {
|
||||
return ErrDuplicateSource
|
||||
}
|
||||
|
||||
return tx.Source().Create(src)
|
||||
}); err != nil {
|
||||
}); errors.Is(err, ErrDuplicateSource) {
|
||||
return httperror.Conflict("A source with this URL and credentials already exists", err)
|
||||
} else if err != nil {
|
||||
return httperror.InternalServerError("Unable to create source", err)
|
||||
}
|
||||
|
||||
@@ -100,3 +89,42 @@ func (h *Handler) gitSourceCreate(w http.ResponseWriter, r *http.Request) *httpe
|
||||
|
||||
return response.JSONWithStatus(w, src, http.StatusCreated)
|
||||
}
|
||||
|
||||
// BuildGitSource constructs a portainer.Source from a GitSourceCreatePayload
|
||||
func BuildGitSource(payload GitSourceCreatePayload) (*portainer.Source, error) {
|
||||
src := BuildBaseGitSource(payload)
|
||||
src.Git.Authentication = BuildAuth(payload.Authentication)
|
||||
|
||||
return src, nil
|
||||
}
|
||||
|
||||
// BuildBaseGitSource constructs the source skeleton (name, URL, TLS) without
|
||||
// authentication.
|
||||
func BuildBaseGitSource(payload GitSourceCreatePayload) *portainer.Source {
|
||||
name := payload.Name
|
||||
if strings.TrimSpace(name) == "" {
|
||||
name = gittypes.RepoName(payload.URL)
|
||||
}
|
||||
|
||||
return &portainer.Source{
|
||||
Name: name,
|
||||
Type: portainer.SourceTypeGit,
|
||||
Git: &gittypes.RepoConfig{
|
||||
URL: payload.URL,
|
||||
TLSSkipVerify: payload.TLSSkipVerify,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// BuildAuth constructs basic git authentication from the payload, returning nil
|
||||
// when no authentication is provided.
|
||||
func BuildAuth(payload *GitAuthenticationPayload) *gittypes.GitAuthentication {
|
||||
if payload == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
return &gittypes.GitAuthentication{
|
||||
Username: payload.Username,
|
||||
Password: payload.Password,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -16,9 +16,10 @@ import (
|
||||
func TestBuildGitSource_DerivesNameFromURL(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
src := BuildGitSource(GitSourceCreatePayload{
|
||||
src, err := BuildGitSource(GitSourceCreatePayload{
|
||||
URL: "https://github.com/org/my-repo.git",
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
require.Equal(t, "my-repo", src.Name)
|
||||
require.Equal(t, portainer.SourceTypeGit, src.Type)
|
||||
@@ -28,10 +29,11 @@ func TestBuildGitSource_DerivesNameFromURL(t *testing.T) {
|
||||
func TestBuildGitSource_UsesExplicitName(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
src := BuildGitSource(GitSourceCreatePayload{
|
||||
src, err := BuildGitSource(GitSourceCreatePayload{
|
||||
Name: "custom-name",
|
||||
URL: "https://github.com/org/repo.git",
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
require.Equal(t, "custom-name", src.Name)
|
||||
}
|
||||
@@ -39,13 +41,14 @@ func TestBuildGitSource_UsesExplicitName(t *testing.T) {
|
||||
func TestBuildGitSource_WithAuthentication(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
src := BuildGitSource(GitSourceCreatePayload{
|
||||
src, err := BuildGitSource(GitSourceCreatePayload{
|
||||
URL: "https://github.com/org/repo.git",
|
||||
Authentication: &GitAuthenticationPayload{
|
||||
Username: "alice",
|
||||
Password: "secret",
|
||||
},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
require.NotNil(t, src.Git.Authentication)
|
||||
require.Equal(t, "alice", src.Git.Authentication.Username)
|
||||
@@ -149,6 +152,128 @@ func TestGitSourceCreate_MissingURL(t *testing.T) {
|
||||
require.Equal(t, http.StatusBadRequest, rr.Code)
|
||||
}
|
||||
|
||||
func TestGitSourceCreate_ConflictOnDuplicateURLAndCredentials(t *testing.T) {
|
||||
t.Parallel()
|
||||
_, store := datastore.MustNewTestStore(t, false, true)
|
||||
|
||||
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
|
||||
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
|
||||
}))
|
||||
|
||||
h := newTestHandler(t, store)
|
||||
|
||||
body, err := json.Marshal(GitSourceCreatePayload{
|
||||
URL: "https://github.com/org/repo.git",
|
||||
Authentication: &GitAuthenticationPayload{
|
||||
Username: "alice",
|
||||
Password: "secret",
|
||||
},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
rr := httptest.NewRecorder()
|
||||
h.ServeHTTP(rr, buildCreateReq(t, 1, body))
|
||||
require.Equal(t, http.StatusCreated, rr.Code)
|
||||
|
||||
rr = httptest.NewRecorder()
|
||||
h.ServeHTTP(rr, buildCreateReq(t, 1, body))
|
||||
require.Equal(t, http.StatusConflict, rr.Code)
|
||||
}
|
||||
|
||||
func TestGitSourceCreate_AllowsDuplicateURLWithDifferentCredentials(t *testing.T) {
|
||||
t.Parallel()
|
||||
_, store := datastore.MustNewTestStore(t, false, true)
|
||||
|
||||
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
|
||||
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
|
||||
}))
|
||||
|
||||
h := newTestHandler(t, store)
|
||||
|
||||
first, err := json.Marshal(GitSourceCreatePayload{
|
||||
URL: "https://github.com/org/repo.git",
|
||||
Authentication: &GitAuthenticationPayload{
|
||||
Username: "alice",
|
||||
Password: "secret",
|
||||
},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
second, err := json.Marshal(GitSourceCreatePayload{
|
||||
URL: "https://github.com/org/repo.git",
|
||||
Authentication: &GitAuthenticationPayload{
|
||||
Username: "bob",
|
||||
Password: "other",
|
||||
},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
rr := httptest.NewRecorder()
|
||||
h.ServeHTTP(rr, buildCreateReq(t, 1, first))
|
||||
require.Equal(t, http.StatusCreated, rr.Code)
|
||||
|
||||
rr = httptest.NewRecorder()
|
||||
h.ServeHTTP(rr, buildCreateReq(t, 1, second))
|
||||
require.Equal(t, http.StatusCreated, rr.Code)
|
||||
}
|
||||
|
||||
func TestGitSourceCreate_ConflictOnDuplicateAuthlessSource(t *testing.T) {
|
||||
t.Parallel()
|
||||
_, store := datastore.MustNewTestStore(t, false, true)
|
||||
|
||||
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
|
||||
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
|
||||
}))
|
||||
|
||||
h := newTestHandler(t, store)
|
||||
|
||||
body, err := json.Marshal(GitSourceCreatePayload{
|
||||
URL: "https://github.com/org/repo.git",
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
rr := httptest.NewRecorder()
|
||||
h.ServeHTTP(rr, buildCreateReq(t, 1, body))
|
||||
require.Equal(t, http.StatusCreated, rr.Code)
|
||||
|
||||
rr = httptest.NewRecorder()
|
||||
h.ServeHTTP(rr, buildCreateReq(t, 1, body))
|
||||
require.Equal(t, http.StatusConflict, rr.Code)
|
||||
}
|
||||
|
||||
func TestGitSourceCreate_AllowsAuthlessAndAuthenticatedSameURL(t *testing.T) {
|
||||
t.Parallel()
|
||||
_, store := datastore.MustNewTestStore(t, false, true)
|
||||
|
||||
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
|
||||
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
|
||||
}))
|
||||
|
||||
h := newTestHandler(t, store)
|
||||
|
||||
authless, err := json.Marshal(GitSourceCreatePayload{
|
||||
URL: "https://github.com/org/repo.git",
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
authenticated, err := json.Marshal(GitSourceCreatePayload{
|
||||
URL: "https://github.com/org/repo.git",
|
||||
Authentication: &GitAuthenticationPayload{
|
||||
Username: "alice",
|
||||
Password: "secret",
|
||||
},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
rr := httptest.NewRecorder()
|
||||
h.ServeHTTP(rr, buildCreateReq(t, 1, authless))
|
||||
require.Equal(t, http.StatusCreated, rr.Code)
|
||||
|
||||
rr = httptest.NewRecorder()
|
||||
h.ServeHTTP(rr, buildCreateReq(t, 1, authenticated))
|
||||
require.Equal(t, http.StatusCreated, rr.Code)
|
||||
}
|
||||
|
||||
func TestGitSourceCreate_MalformedJSON(t *testing.T) {
|
||||
t.Parallel()
|
||||
_, store := datastore.MustNewTestStore(t, false, true)
|
||||
|
||||
@@ -13,8 +13,7 @@ import (
|
||||
)
|
||||
|
||||
type gitAuthInfo struct {
|
||||
Type gittypes.GitCredentialAuthType `json:"type"`
|
||||
Username string `json:"username"`
|
||||
Username string `json:"username"`
|
||||
}
|
||||
|
||||
type connectionInfo struct {
|
||||
@@ -23,7 +22,7 @@ type connectionInfo struct {
|
||||
Authentication *gitAuthInfo `json:"authentication,omitempty"`
|
||||
}
|
||||
|
||||
type autoUpdateInfo struct {
|
||||
type AutoUpdateInfo struct {
|
||||
Mechanism string `json:"mechanism,omitempty"`
|
||||
FetchInterval string `json:"fetchInterval,omitempty"`
|
||||
}
|
||||
@@ -32,7 +31,7 @@ type autoUpdateInfo struct {
|
||||
type SourceDetail struct {
|
||||
Source
|
||||
Connection connectionInfo `json:"connection" validate:"required"`
|
||||
AutoUpdate *autoUpdateInfo `json:"autoUpdate,omitempty"`
|
||||
AutoUpdate *AutoUpdateInfo `json:"autoUpdate,omitempty"`
|
||||
Workflows []workflows.Workflow `json:"workflows"`
|
||||
}
|
||||
|
||||
@@ -85,9 +84,9 @@ func (h *Handler) getSource(w http.ResponseWriter, r *http.Request) *httperror.H
|
||||
}
|
||||
|
||||
func BuildSourceDetail(baseSource Source, cfg *gittypes.RepoConfig, sourceWfs []workflows.Workflow) SourceDetail {
|
||||
var autoUpdate *autoUpdateInfo
|
||||
var autoUpdate *AutoUpdateInfo
|
||||
if len(sourceWfs) > 0 {
|
||||
autoUpdate = buildAutoUpdateInfo(sourceWfs[0].AutoUpdate)
|
||||
autoUpdate = BuildAutoUpdateInfo(sourceWfs[0].AutoUpdate)
|
||||
}
|
||||
|
||||
return SourceDetail{
|
||||
@@ -114,24 +113,23 @@ func buildGitAuthInfo(auth *gittypes.GitAuthentication) *gitAuthInfo {
|
||||
return nil
|
||||
}
|
||||
return &gitAuthInfo{
|
||||
Type: auth.AuthorizationType,
|
||||
Username: auth.Username,
|
||||
}
|
||||
}
|
||||
|
||||
func buildAutoUpdateInfo(autoUpdate *portainer.AutoUpdateSettings) *autoUpdateInfo {
|
||||
func BuildAutoUpdateInfo(autoUpdate *portainer.AutoUpdateSettings) *AutoUpdateInfo {
|
||||
if autoUpdate == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
switch {
|
||||
case autoUpdate.Interval != "":
|
||||
return &autoUpdateInfo{
|
||||
return &AutoUpdateInfo{
|
||||
Mechanism: "Interval",
|
||||
FetchInterval: autoUpdate.Interval,
|
||||
}
|
||||
case autoUpdate.Webhook != "":
|
||||
return &autoUpdateInfo{
|
||||
return &AutoUpdateInfo{
|
||||
Mechanism: "Webhook",
|
||||
}
|
||||
default:
|
||||
|
||||
@@ -45,6 +45,7 @@ func NewHandler(bouncer security.BouncerService, dataStore dataservices.DataStor
|
||||
adminRouter := h.PathPrefix("/gitops/sources").Subrouter()
|
||||
adminRouter.Use(bouncer.AdminAccess)
|
||||
adminRouter.Handle("/git", httperror.LoggerHandler(h.gitSourceCreate)).Methods(http.MethodPost)
|
||||
adminRouter.Handle("/test", httperror.LoggerHandler(h.gitSourceTest)).Methods(http.MethodPost)
|
||||
adminRouter.Handle("/{id}", httperror.LoggerHandler(h.getSource)).Methods(http.MethodGet)
|
||||
adminRouter.Handle("/{id}", httperror.LoggerHandler(h.gitSourceUpdate)).Methods(http.MethodPut)
|
||||
adminRouter.Handle("/{id}", httperror.LoggerHandler(h.sourceDelete)).Methods(http.MethodDelete)
|
||||
|
||||
@@ -14,10 +14,10 @@ import (
|
||||
"github.com/portainer/portainer/pkg/libhttp/response"
|
||||
)
|
||||
|
||||
// @id GitOpsSourcesTestGit
|
||||
// @summary Test a Git source connection
|
||||
// @id GitOpsSourcesTestById
|
||||
// @summary Test the connection of a stored source
|
||||
// @description Tests connectivity for a GitOps source, applying optional overrides to the stored configuration.
|
||||
// @description **Access policy**: admin
|
||||
// @description **Access policy**: administrator
|
||||
// @tags gitops
|
||||
// @security ApiKeyAuth
|
||||
// @security jwt
|
||||
@@ -72,6 +72,40 @@ type ConnectionTestResult struct {
|
||||
Error string `json:"error,omitempty"`
|
||||
}
|
||||
|
||||
// @id GitOpsSourcesTest
|
||||
// @summary Test a Git source connection
|
||||
// @description Tests connectivity for Git connection details that have not been persisted yet.
|
||||
// @description **Access policy**: administrator
|
||||
// @tags gitops
|
||||
// @security ApiKeyAuth
|
||||
// @security jwt
|
||||
// @accept json
|
||||
// @produce json
|
||||
// @param body body GitSourceCreatePayload true "Git connection details"
|
||||
// @success 200 {object} ConnectionTestResult "Connection test result"
|
||||
// @failure 400 "Invalid request payload"
|
||||
// @failure 403 "Access denied"
|
||||
// @failure 500 "Server error"
|
||||
// @router /gitops/sources/test [post]
|
||||
func (h *Handler) gitSourceTest(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
|
||||
var payload GitSourceCreatePayload
|
||||
if err := request.DecodeAndValidateJSONPayload(r, &payload); err != nil {
|
||||
return httperror.BadRequest("Invalid request payload", err)
|
||||
}
|
||||
|
||||
src, err := BuildGitSource(payload)
|
||||
if err != nil {
|
||||
return httperror.BadRequest("Invalid request payload", err)
|
||||
}
|
||||
if src.Git == nil {
|
||||
return httperror.InternalServerError("Source has no git configuration", nil)
|
||||
}
|
||||
|
||||
result := testSourceConnection(r.Context(), h.gitService, src.Git)
|
||||
|
||||
return response.JSON(w, result)
|
||||
}
|
||||
|
||||
// testSourceConnection verifies that a git repository is reachable with the given config.
|
||||
func testSourceConnection(ctx context.Context, gitService portainer.GitService, config *gittypes.RepoConfig) ConnectionTestResult {
|
||||
var username, password string
|
||||
|
||||
@@ -4,22 +4,20 @@ import (
|
||||
"fmt"
|
||||
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
gittypes "github.com/portainer/portainer/api/git/types"
|
||||
"github.com/portainer/portainer/api/gitops/workflows"
|
||||
)
|
||||
|
||||
// Source represents a unique git repository used as a GitOps source across one or more workflows.
|
||||
type Source struct {
|
||||
ID portainer.SourceID `json:"id" validate:"required"`
|
||||
Name string `json:"name" validate:"required"`
|
||||
Type SourceType `json:"type" validate:"required"`
|
||||
URL string `json:"url" validate:"required"`
|
||||
Status workflows.Status `json:"status" validate:"required"`
|
||||
Error string `json:"error,omitempty"`
|
||||
Provider gittypes.GitProvider `json:"provider,omitempty"`
|
||||
UsedBy int `json:"usedBy"`
|
||||
Environments int `json:"environments"`
|
||||
LastSync int64 `json:"lastSync"`
|
||||
ID portainer.SourceID `json:"id" validate:"required"`
|
||||
Name string `json:"name" validate:"required"`
|
||||
Type SourceType `json:"type" validate:"required"`
|
||||
URL string `json:"url" validate:"required"`
|
||||
Status workflows.Status `json:"status" validate:"required"`
|
||||
Error string `json:"error,omitempty"`
|
||||
UsedBy int `json:"usedBy"`
|
||||
Environments int `json:"environments"`
|
||||
LastSync int64 `json:"lastSync"`
|
||||
}
|
||||
|
||||
type SourceType string
|
||||
|
||||
@@ -15,8 +15,8 @@ import (
|
||||
)
|
||||
|
||||
var (
|
||||
ErrNotGitSource = errors.New("source is not a Git source")
|
||||
ErrDuplicateSourceURL = errors.New("a source with this URL already exists")
|
||||
ErrNotGitSource = errors.New("source is not a Git source")
|
||||
ErrDuplicateSource = errors.New("a source with this URL and credentials already exists")
|
||||
)
|
||||
|
||||
// GitSourceUpdatePayload holds the parameters for creating a git-backed source
|
||||
@@ -29,10 +29,8 @@ type GitSourceUpdatePayload struct {
|
||||
}
|
||||
|
||||
type GitAuthenticationUpdatePayload struct {
|
||||
Username *string `json:"username"`
|
||||
Password *string `json:"password"`
|
||||
Provider *gittypes.GitProvider `json:"provider" swaggertype:"integer" enums:"0,1,2,3,4,5,6"`
|
||||
AuthorizationType *gittypes.GitCredentialAuthType `json:"authorizationType" swaggertype:"integer" enums:"0,1"`
|
||||
Username *string `json:"username"`
|
||||
Password *string `json:"password"`
|
||||
}
|
||||
|
||||
// Validate implements the portainer.Validatable interface
|
||||
@@ -43,7 +41,7 @@ func (payload *GitSourceUpdatePayload) Validate(_ *http.Request) error {
|
||||
// @id GitOpsSourcesUpdateGit
|
||||
// @summary Update a Git source
|
||||
// @description Updates an existing GitOps source backed by a Git repository.
|
||||
// @description **Access policy**: admin
|
||||
// @description **Access policy**: administrator
|
||||
// @tags gitops
|
||||
// @security ApiKeyAuth
|
||||
// @security jwt
|
||||
@@ -55,7 +53,7 @@ func (payload *GitSourceUpdatePayload) Validate(_ *http.Request) error {
|
||||
// @failure 400 "Invalid request payload"
|
||||
// @failure 403 "Access denied"
|
||||
// @failure 404 "Source not found"
|
||||
// @failure 409 "A source with this URL already exists"
|
||||
// @failure 409 "A source with this URL and credentials already exists"
|
||||
// @failure 500 "Server error"
|
||||
// @router /gitops/sources/{id} [put]
|
||||
func (h *Handler) gitSourceUpdate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
|
||||
@@ -77,14 +75,6 @@ func (h *Handler) gitSourceUpdate(w http.ResponseWriter, r *http.Request) *httpe
|
||||
if err := h.dataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
|
||||
var err error
|
||||
|
||||
if payload.URL != nil {
|
||||
if isUnique, err := workflows.ValidateUniqueSourceURL(tx, *payload.URL, sourceID); err != nil {
|
||||
return err
|
||||
} else if !isUnique {
|
||||
return ErrDuplicateSourceURL
|
||||
}
|
||||
}
|
||||
|
||||
if src, err = tx.Source().Read(sourceID); err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -93,13 +83,25 @@ func (h *Handler) gitSourceUpdate(w http.ResponseWriter, r *http.Request) *httpe
|
||||
return err
|
||||
}
|
||||
|
||||
username, password := "", ""
|
||||
if src.Git != nil && src.Git.Authentication != nil {
|
||||
username = src.Git.Authentication.Username
|
||||
password = src.Git.Authentication.Password
|
||||
}
|
||||
|
||||
if isUnique, err := workflows.ValidateUniqueSource(tx, src.Git.URL, username, password, sourceID); err != nil {
|
||||
return err
|
||||
} else if !isUnique {
|
||||
return ErrDuplicateSource
|
||||
}
|
||||
|
||||
return tx.Source().Update(src.ID, src)
|
||||
}); h.dataStore.IsErrObjectNotFound(err) {
|
||||
return httperror.NotFound("Unable to find a source with the specified identifier", err)
|
||||
} else if errors.Is(err, ErrNotGitSource) {
|
||||
return httperror.BadRequest("Source is not a Git source", err)
|
||||
} else if errors.Is(err, ErrDuplicateSourceURL) {
|
||||
return httperror.Conflict("A source with this URL already exists", err)
|
||||
} else if errors.Is(err, ErrDuplicateSource) {
|
||||
return httperror.Conflict("A source with this URL and credentials already exists", err)
|
||||
} else if err != nil {
|
||||
return httperror.InternalServerError("Unable to update source", err)
|
||||
}
|
||||
@@ -111,6 +113,27 @@ func (h *Handler) gitSourceUpdate(w http.ResponseWriter, r *http.Request) *httpe
|
||||
|
||||
// ApplyGitSourceChanges applies the payload changes to the source in place
|
||||
func ApplyGitSourceChanges(src *portainer.Source, payload GitSourceUpdatePayload) error {
|
||||
if err := ApplyBaseGitSourceChanges(src, payload); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if payload.Authentication == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
if *payload.Authentication == (GitAuthenticationUpdatePayload{}) {
|
||||
src.Git.Authentication = nil
|
||||
return nil
|
||||
}
|
||||
|
||||
src.Git.Authentication = ApplyAuthChanges(src.Git.Authentication, *payload.Authentication)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// ApplyBaseGitSourceChanges applies the non-authentication field changes (name,
|
||||
// URL, reference, TLS) to the source in place, ensuring src.Git is set
|
||||
func ApplyBaseGitSourceChanges(src *portainer.Source, payload GitSourceUpdatePayload) error {
|
||||
if src.Type != portainer.SourceTypeGit {
|
||||
return ErrNotGitSource
|
||||
}
|
||||
@@ -119,55 +142,41 @@ func ApplyGitSourceChanges(src *portainer.Source, payload GitSourceUpdatePayload
|
||||
src.Name = *payload.Name
|
||||
}
|
||||
|
||||
gitConfig := src.Git
|
||||
if gitConfig == nil {
|
||||
gitConfig = &gittypes.RepoConfig{}
|
||||
if src.Git == nil {
|
||||
src.Git = &gittypes.RepoConfig{}
|
||||
}
|
||||
|
||||
if payload.URL != nil {
|
||||
gitConfig.URL = *payload.URL
|
||||
src.Git.URL = *payload.URL
|
||||
}
|
||||
|
||||
if payload.ReferenceName != nil {
|
||||
gitConfig.ReferenceName = *payload.ReferenceName
|
||||
src.Git.ReferenceName = *payload.ReferenceName
|
||||
}
|
||||
|
||||
if payload.TLSSkipVerify != nil {
|
||||
gitConfig.TLSSkipVerify = *payload.TLSSkipVerify
|
||||
src.Git.TLSSkipVerify = *payload.TLSSkipVerify
|
||||
}
|
||||
|
||||
var auth *gittypes.GitAuthentication
|
||||
if payload.Authentication == nil {
|
||||
auth = gitConfig.Authentication
|
||||
} else if *payload.Authentication != (GitAuthenticationUpdatePayload{}) {
|
||||
existing := gitConfig.Authentication
|
||||
if existing != nil {
|
||||
copied := *existing
|
||||
auth = &copied
|
||||
} else {
|
||||
auth = &gittypes.GitAuthentication{}
|
||||
}
|
||||
|
||||
authPayload := *payload.Authentication
|
||||
if authPayload.AuthorizationType != nil {
|
||||
auth.AuthorizationType = *authPayload.AuthorizationType
|
||||
}
|
||||
|
||||
if authPayload.Username != nil {
|
||||
auth.Username = *authPayload.Username
|
||||
}
|
||||
|
||||
if authPayload.Password != nil {
|
||||
auth.Password = *authPayload.Password
|
||||
}
|
||||
|
||||
if authPayload.Provider != nil {
|
||||
auth.Provider = *authPayload.Provider
|
||||
}
|
||||
}
|
||||
|
||||
gitConfig.Authentication = auth
|
||||
src.Git = gitConfig
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// ApplyAuthChanges returns a copy of the existing authentication (or a fresh
|
||||
// one) with the basic credential changes applied.
|
||||
func ApplyAuthChanges(existing *gittypes.GitAuthentication, payload GitAuthenticationUpdatePayload) *gittypes.GitAuthentication {
|
||||
auth := &gittypes.GitAuthentication{}
|
||||
if existing != nil {
|
||||
copied := *existing
|
||||
auth = &copied
|
||||
}
|
||||
|
||||
if payload.Username != nil {
|
||||
auth.Username = *payload.Username
|
||||
}
|
||||
|
||||
if payload.Password != nil {
|
||||
auth.Password = *payload.Password
|
||||
}
|
||||
|
||||
return auth
|
||||
}
|
||||
|
||||
@@ -300,6 +300,57 @@ func TestGitSourceUpdate_MalformedJSON(t *testing.T) {
|
||||
require.Equal(t, http.StatusBadRequest, rr.Code)
|
||||
}
|
||||
|
||||
func TestGitSourceUpdate_ConflictWhenAuthChangesMatchAnotherSource(t *testing.T) {
|
||||
t.Parallel()
|
||||
_, store := datastore.MustNewTestStore(t, false, true)
|
||||
|
||||
var srcID portainer.SourceID
|
||||
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
|
||||
existing := &portainer.Source{
|
||||
Name: "existing",
|
||||
Type: portainer.SourceTypeGit,
|
||||
Git: &gittypes.RepoConfig{
|
||||
URL: "https://github.com/org/repo.git",
|
||||
Authentication: &gittypes.GitAuthentication{
|
||||
Username: "alice",
|
||||
Password: "secret",
|
||||
},
|
||||
},
|
||||
}
|
||||
if err := tx.Source().Create(existing); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
other := &portainer.Source{
|
||||
Name: "other",
|
||||
Type: portainer.SourceTypeGit,
|
||||
Git: &gittypes.RepoConfig{URL: "https://github.com/org/repo.git"},
|
||||
}
|
||||
if err := tx.Source().Create(other); err != nil {
|
||||
return err
|
||||
}
|
||||
srcID = other.ID
|
||||
|
||||
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
|
||||
}))
|
||||
|
||||
h := newTestHandler(t, store)
|
||||
|
||||
alice := "alice"
|
||||
secret := "secret"
|
||||
body, err := json.Marshal(GitSourceUpdatePayload{
|
||||
Authentication: &GitAuthenticationUpdatePayload{
|
||||
Username: &alice,
|
||||
Password: &secret,
|
||||
},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
rr := httptest.NewRecorder()
|
||||
h.ServeHTTP(rr, buildUpdateReq(t, 1, int(srcID), body))
|
||||
require.Equal(t, http.StatusConflict, rr.Code)
|
||||
}
|
||||
|
||||
func TestGitSourceUpdate_NonNumericID(t *testing.T) {
|
||||
t.Parallel()
|
||||
_, store := datastore.MustNewTestStore(t, false, true)
|
||||
|
||||
@@ -20,12 +20,8 @@ func (h *Handler) buildSource(ctx context.Context, src *portainer.Source, stats
|
||||
}
|
||||
|
||||
url := ""
|
||||
var provider gittypes.GitProvider
|
||||
if src.Git != nil {
|
||||
url = gittypes.SanitizeURL(src.Git.URL)
|
||||
if src.Git.Authentication != nil {
|
||||
provider = src.Git.Authentication.Provider
|
||||
}
|
||||
}
|
||||
|
||||
return Source{
|
||||
@@ -35,7 +31,6 @@ func (h *Handler) buildSource(ctx context.Context, src *portainer.Source, stats
|
||||
URL: url,
|
||||
Status: status,
|
||||
Error: sourceErr,
|
||||
Provider: provider,
|
||||
UsedBy: stats.WorkflowCount,
|
||||
Environments: len(stats.EndpointIDs),
|
||||
LastSync: stats.LastSync,
|
||||
|
||||
@@ -49,15 +49,15 @@ func TestRedactWorkflowCredentials(t *testing.T) {
|
||||
func TestBuildAutoUpdateInfo(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
assert.Nil(t, buildAutoUpdateInfo(nil))
|
||||
assert.Nil(t, buildAutoUpdateInfo(&portainer.AutoUpdateSettings{}))
|
||||
assert.Nil(t, BuildAutoUpdateInfo(nil))
|
||||
assert.Nil(t, BuildAutoUpdateInfo(&portainer.AutoUpdateSettings{}))
|
||||
|
||||
got := buildAutoUpdateInfo(&portainer.AutoUpdateSettings{Interval: "5m"})
|
||||
got := BuildAutoUpdateInfo(&portainer.AutoUpdateSettings{Interval: "5m"})
|
||||
require.NotNil(t, got)
|
||||
assert.Equal(t, "Interval", got.Mechanism)
|
||||
assert.Equal(t, "5m", got.FetchInterval)
|
||||
|
||||
got = buildAutoUpdateInfo(&portainer.AutoUpdateSettings{Webhook: "abc123"})
|
||||
got = BuildAutoUpdateInfo(&portainer.AutoUpdateSettings{Webhook: "abc123"})
|
||||
require.NotNil(t, got)
|
||||
assert.Equal(t, "Webhook", got.Mechanism)
|
||||
assert.Empty(t, got.FetchInterval)
|
||||
|
||||
Reference in New Issue
Block a user