feat(sources): allow user to edit source [BE-12956] (#2748)
This commit is contained in:
@@ -24,7 +24,7 @@ type GitAuthenticationPayload struct {
|
||||
// GitSourceCreatePayload holds the parameters for creating a git-backed source
|
||||
type GitSourceCreatePayload struct {
|
||||
Name string `json:"name"`
|
||||
URL string `json:"url"`
|
||||
URL string `json:"url" validate:"required"`
|
||||
TLSSkipVerify bool `json:"tlsSkipVerify"`
|
||||
Authentication *GitAuthenticationPayload `json:"authentication"`
|
||||
}
|
||||
|
||||
@@ -0,0 +1,54 @@
|
||||
package sources
|
||||
|
||||
import (
|
||||
"slices"
|
||||
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
"github.com/portainer/portainer/api/dataservices"
|
||||
ce "github.com/portainer/portainer/api/gitops/workflows"
|
||||
"github.com/portainer/portainer/api/set"
|
||||
"github.com/portainer/portainer/api/slicesx"
|
||||
)
|
||||
|
||||
// FetchSourceWorkflows returns the workflows and stats for a single source.
|
||||
func FetchSourceWorkflows(tx dataservices.DataStoreTx, src *portainer.Source) ([]ce.Workflow, ce.SourceStats, error) {
|
||||
wfs, err := tx.Workflow().ReadAll(func(wf portainer.Workflow) bool {
|
||||
return slices.ContainsFunc(wf.Artifacts, func(artifact portainer.ArtifactSources) bool {
|
||||
return slices.Contains(artifact.SourceIDs, src.ID)
|
||||
})
|
||||
})
|
||||
if err != nil {
|
||||
return nil, ce.SourceStats{}, err
|
||||
}
|
||||
|
||||
if len(wfs) == 0 {
|
||||
return nil, ce.SourceStats{}, nil
|
||||
}
|
||||
|
||||
wfIDSet := set.ToSet(slicesx.Map(wfs, func(wf portainer.Workflow) portainer.WorkflowID { return wf.ID }))
|
||||
|
||||
stacks, err := tx.Stack().ReadAll(func(s portainer.Stack) bool {
|
||||
_, ok := wfIDSet[s.WorkflowID]
|
||||
return ok
|
||||
})
|
||||
if err != nil {
|
||||
return nil, ce.SourceStats{}, err
|
||||
}
|
||||
|
||||
unknown := ce.WorkflowPhaseStatus{Status: ce.StatusUnknown}
|
||||
items := make([]ce.Workflow, 0, len(stacks))
|
||||
stats := ce.SourceStats{EndpointIDs: set.Set[portainer.EndpointID]{}}
|
||||
|
||||
for _, stacks := range stacks {
|
||||
items = append(items, ce.MapStackToWorkflow(stacks, src.GitConfig, unknown, unknown))
|
||||
stats.WorkflowCount++
|
||||
if stacks.EndpointID != 0 {
|
||||
stats.EndpointIDs.Add(stacks.EndpointID)
|
||||
}
|
||||
if lastSync := ce.StackLastSyncDate(stacks); lastSync > stats.LastSync {
|
||||
stats.LastSync = lastSync
|
||||
}
|
||||
}
|
||||
|
||||
return items, stats, nil
|
||||
}
|
||||
@@ -2,23 +2,25 @@ package sources
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"strconv"
|
||||
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
"github.com/portainer/portainer/api/dataservices"
|
||||
gittypes "github.com/portainer/portainer/api/git/types"
|
||||
ce "github.com/portainer/portainer/api/gitops/workflows"
|
||||
"github.com/portainer/portainer/api/http/security"
|
||||
"github.com/portainer/portainer/api/gitops/workflows"
|
||||
httperror "github.com/portainer/portainer/pkg/libhttp/error"
|
||||
"github.com/portainer/portainer/pkg/libhttp/request"
|
||||
"github.com/portainer/portainer/pkg/libhttp/response"
|
||||
)
|
||||
|
||||
type gitAuthInfo struct {
|
||||
Type gittypes.GitCredentialAuthType `json:"type"`
|
||||
Username string `json:"username"`
|
||||
}
|
||||
|
||||
type connectionInfo struct {
|
||||
ReferenceName string `json:"referenceName"`
|
||||
ConfigFilePath string `json:"configFilePath"`
|
||||
TLSSkipVerify bool `json:"tlsSkipVerify"`
|
||||
Authentication bool `json:"authentication,omitempty"`
|
||||
ConfigFilePath string `json:"configFilePath"`
|
||||
TLSSkipVerify bool `json:"tlsSkipVerify"`
|
||||
Authentication *gitAuthInfo `json:"authentication,omitempty"`
|
||||
}
|
||||
|
||||
type autoUpdateInfo struct {
|
||||
@@ -29,9 +31,9 @@ type autoUpdateInfo struct {
|
||||
// SourceDetail extends Source with connection settings and linked workflows.
|
||||
type SourceDetail struct {
|
||||
Source
|
||||
Connection *connectionInfo `json:"connection,omitempty"`
|
||||
AutoUpdate *autoUpdateInfo `json:"autoUpdate,omitempty"`
|
||||
Workflows []ce.Workflow `json:"workflows"`
|
||||
Connection connectionInfo `json:"connection" validate:"required"`
|
||||
AutoUpdate *autoUpdateInfo `json:"autoUpdate,omitempty"`
|
||||
Workflows []workflows.Workflow `json:"workflows"`
|
||||
}
|
||||
|
||||
// @id GitOpsSourceGet
|
||||
@@ -55,64 +57,65 @@ func (h *Handler) getSource(w http.ResponseWriter, r *http.Request) *httperror.H
|
||||
return httperror.BadRequest("Invalid source identifier route variable", err)
|
||||
}
|
||||
|
||||
securityContext, err := security.RetrieveRestrictedRequestContext(r)
|
||||
if err != nil {
|
||||
return httperror.InternalServerError("Unable to retrieve info from request context", err)
|
||||
}
|
||||
sourceID := portainer.SourceID(srcID)
|
||||
|
||||
var src *portainer.Source
|
||||
var workflows []ce.Workflow
|
||||
var source *portainer.Source
|
||||
var sourceWfs []workflows.Workflow
|
||||
var stats workflows.SourceStats
|
||||
|
||||
if err := h.dataStore.ViewTx(func(tx dataservices.DataStoreTx) error {
|
||||
err = h.dataStore.ViewTx(func(tx dataservices.DataStoreTx) error {
|
||||
var err error
|
||||
src, err = tx.Source().Read(portainer.SourceID(srcID))
|
||||
source, err = tx.Source().Read(sourceID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
workflows, err = ce.FetchWorkflows(r.Context(), tx, h.gitService, h.k8sFactory, securityContext, nil)
|
||||
|
||||
sourceWfs, stats, err = FetchSourceWorkflows(tx, source)
|
||||
return err
|
||||
}); h.dataStore.IsErrObjectNotFound(err) {
|
||||
return httperror.NotFound("Unable to find a source with the specified identifier", err)
|
||||
})
|
||||
|
||||
if h.dataStore.IsErrObjectNotFound(err) {
|
||||
return httperror.NotFound("Source not found", err)
|
||||
} else if err != nil {
|
||||
return httperror.InternalServerError("Unable to retrieve source", err)
|
||||
}
|
||||
|
||||
byID := workflowsBySourceID(workflows)
|
||||
|
||||
var wfs []ce.Workflow
|
||||
if src.GitConfig != nil {
|
||||
wfs = byID[sourceID(gitSourceKey(src.GitConfig))]
|
||||
}
|
||||
|
||||
var autoUpdate *portainer.AutoUpdateSettings
|
||||
if len(wfs) > 0 {
|
||||
autoUpdate = wfs[0].AutoUpdate
|
||||
}
|
||||
|
||||
id := strconv.Itoa(int(src.ID))
|
||||
url := ""
|
||||
if src.GitConfig != nil {
|
||||
url = src.GitConfig.URL
|
||||
}
|
||||
|
||||
detail := SourceDetail{
|
||||
Source: buildSource(id, url, wfs),
|
||||
Connection: buildConnectionInfo(src.GitConfig),
|
||||
AutoUpdate: buildAutoUpdateInfo(autoUpdate),
|
||||
Workflows: redactWorkflowCredentials(wfs),
|
||||
}
|
||||
detail := BuildSourceDetail(h.buildSource(r.Context(), source, stats), source.GitConfig, sourceWfs)
|
||||
return response.JSON(w, detail)
|
||||
}
|
||||
|
||||
func buildConnectionInfo(cfg *gittypes.RepoConfig) *connectionInfo {
|
||||
if cfg == nil {
|
||||
return nil
|
||||
func BuildSourceDetail(baseSource Source, cfg *gittypes.RepoConfig, sourceWfs []workflows.Workflow) SourceDetail {
|
||||
var autoUpdate *autoUpdateInfo
|
||||
if len(sourceWfs) > 0 {
|
||||
autoUpdate = buildAutoUpdateInfo(sourceWfs[0].AutoUpdate)
|
||||
}
|
||||
return &connectionInfo{
|
||||
ReferenceName: cfg.ReferenceName,
|
||||
|
||||
return SourceDetail{
|
||||
Source: baseSource,
|
||||
Connection: buildConnectionInfo(cfg),
|
||||
AutoUpdate: autoUpdate,
|
||||
Workflows: redactWorkflowCredentials(sourceWfs),
|
||||
}
|
||||
}
|
||||
|
||||
func buildConnectionInfo(cfg *gittypes.RepoConfig) connectionInfo {
|
||||
if cfg == nil {
|
||||
return connectionInfo{}
|
||||
}
|
||||
return connectionInfo{
|
||||
ConfigFilePath: cfg.ConfigFilePath,
|
||||
TLSSkipVerify: cfg.TLSSkipVerify,
|
||||
Authentication: cfg.Authentication != nil,
|
||||
Authentication: buildGitAuthInfo(cfg.Authentication),
|
||||
}
|
||||
}
|
||||
|
||||
func buildGitAuthInfo(auth *gittypes.GitAuthentication) *gitAuthInfo {
|
||||
if auth == nil {
|
||||
return nil
|
||||
}
|
||||
return &gitAuthInfo{
|
||||
Type: auth.AuthorizationType,
|
||||
Username: auth.Username,
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -41,7 +41,6 @@ func TestGetSource_ReturnsDetail(t *testing.T) {
|
||||
}
|
||||
|
||||
var srcID portainer.SourceID
|
||||
|
||||
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
|
||||
stack := &portainer.Stack{ID: 1, Name: "my-stack"}
|
||||
srcID = createGitWorkflow(t, tx, stack, cfg)
|
||||
@@ -54,11 +53,9 @@ func TestGetSource_ReturnsDetail(t *testing.T) {
|
||||
h.ServeHTTP(rr, buildGetReq(t, 1, strconv.Itoa(int(srcID))))
|
||||
|
||||
detail := decodeSourceDetail(t, rr)
|
||||
assert.Equal(t, strconv.Itoa(int(srcID)), detail.ID)
|
||||
assert.Equal(t, srcID, detail.ID)
|
||||
assert.Equal(t, "repo", detail.Name)
|
||||
assert.Equal(t, 1, detail.UsedBy)
|
||||
require.NotNil(t, detail.Connection)
|
||||
assert.Equal(t, "refs/heads/main", detail.Connection.ReferenceName)
|
||||
assert.Equal(t, "docker-compose.yml", detail.Connection.ConfigFilePath)
|
||||
assert.True(t, detail.Connection.TLSSkipVerify)
|
||||
require.Len(t, detail.Workflows, 1)
|
||||
@@ -75,7 +72,6 @@ func TestGetSource_RedactsCredentials(t *testing.T) {
|
||||
}
|
||||
|
||||
var srcID portainer.SourceID
|
||||
|
||||
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
|
||||
stack := &portainer.Stack{ID: 1, Name: "secure-stack"}
|
||||
srcID = createGitWorkflow(t, tx, stack, cfg)
|
||||
@@ -102,7 +98,6 @@ func TestGetSource_AutoUpdate(t *testing.T) {
|
||||
cfg := gitCfg("https://github.com/org/polled")
|
||||
|
||||
var srcID portainer.SourceID
|
||||
|
||||
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
|
||||
stack := &portainer.Stack{
|
||||
ID: 1,
|
||||
|
||||
@@ -48,5 +48,6 @@ func NewHandler(bouncer security.BouncerService, dataStore dataservices.DataStor
|
||||
adminRouter.Handle("/{id}", httperror.LoggerHandler(h.getSource)).Methods(http.MethodGet)
|
||||
adminRouter.Handle("/{id}", httperror.LoggerHandler(h.gitSourceUpdate)).Methods(http.MethodPut)
|
||||
adminRouter.Handle("/{id}", httperror.LoggerHandler(h.sourceDelete)).Methods(http.MethodDelete)
|
||||
adminRouter.Handle("/{id}/test", httperror.LoggerHandler(h.sourceTestConnection)).Methods(http.MethodPost)
|
||||
return h
|
||||
}
|
||||
|
||||
@@ -9,7 +9,6 @@ import (
|
||||
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
"github.com/portainer/portainer/api/dataservices"
|
||||
gittypes "github.com/portainer/portainer/api/git/types"
|
||||
ceWorkflows "github.com/portainer/portainer/api/gitops/workflows"
|
||||
"github.com/portainer/portainer/api/http/security"
|
||||
"github.com/portainer/portainer/api/http/utils/filters"
|
||||
@@ -79,7 +78,7 @@ func (h *Handler) list(w http.ResponseWriter, r *http.Request) *httperror.Handle
|
||||
SortBindings: []filters.SortBinding[Source]{
|
||||
{Key: "name", Fn: func(a, b Source) int { return strings.Compare(a.Name, b.Name) }},
|
||||
{Key: "status", Fn: func(a, b Source) int { return strings.Compare(string(a.Status), string(b.Status)) }},
|
||||
{Key: "type", Fn: func(a, b Source) int { return strings.Compare(a.Type, b.Type) }},
|
||||
{Key: "type", Fn: func(a, b Source) int { return strings.Compare(string(a.Type), string(b.Type)) }},
|
||||
},
|
||||
})
|
||||
|
||||
@@ -129,32 +128,7 @@ func (h *Handler) fetchSources(ctx context.Context, sc *security.RestrictedReque
|
||||
continue
|
||||
}
|
||||
|
||||
var status ceWorkflows.Status
|
||||
var sourceErr string
|
||||
if src.GitConfig != nil {
|
||||
phase, _ := ceWorkflows.ComputeGitPhasesForConfig(ctx, h.gitService, src.GitConfig)
|
||||
status = phase.Status
|
||||
sourceErr = phase.Error
|
||||
} else {
|
||||
status = ceWorkflows.StatusUnknown
|
||||
}
|
||||
|
||||
url := ""
|
||||
if src.GitConfig != nil {
|
||||
url = gittypes.SanitizeURL(src.GitConfig.URL)
|
||||
}
|
||||
|
||||
result = append(result, Source{
|
||||
ID: strconv.Itoa(int(src.ID)),
|
||||
Name: src.Name,
|
||||
Type: sourceTypeString(src.Type),
|
||||
URL: url,
|
||||
Status: status,
|
||||
Error: sourceErr,
|
||||
UsedBy: s.WorkflowCount,
|
||||
Environments: len(s.EndpointIDs),
|
||||
LastSync: s.LastSync,
|
||||
})
|
||||
result = append(result, h.buildSource(ctx, &src, s))
|
||||
}
|
||||
|
||||
return result, nil
|
||||
|
||||
@@ -0,0 +1,89 @@
|
||||
package sources
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"io"
|
||||
"net/http"
|
||||
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
"github.com/portainer/portainer/api/dataservices"
|
||||
gittypes "github.com/portainer/portainer/api/git/types"
|
||||
httperror "github.com/portainer/portainer/pkg/libhttp/error"
|
||||
"github.com/portainer/portainer/pkg/libhttp/request"
|
||||
"github.com/portainer/portainer/pkg/libhttp/response"
|
||||
)
|
||||
|
||||
// @id GitOpsSourcesTestGit
|
||||
// @summary Test a Git source connection
|
||||
// @description Tests connectivity for a GitOps source, applying optional overrides to the stored configuration.
|
||||
// @description **Access policy**: admin
|
||||
// @tags gitops
|
||||
// @security ApiKeyAuth
|
||||
// @security jwt
|
||||
// @accept json
|
||||
// @produce json
|
||||
// @param id path int true "Source identifier"
|
||||
// @param body body GitSourceUpdatePayload false "Optional connection overrides; omitted fields fall back to stored values"
|
||||
// @success 200 {object} ConnectionTestResult "Connection test result"
|
||||
// @failure 400 "Invalid request payload"
|
||||
// @failure 403 "Access denied"
|
||||
// @failure 404 "Source not found"
|
||||
// @failure 500 "Server error"
|
||||
// @router /gitops/sources/{id}/test [post]
|
||||
func (h *Handler) sourceTestConnection(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
|
||||
sourceID, err := request.RetrieveNumericRouteVariableValue(r, "id")
|
||||
if err != nil {
|
||||
return httperror.BadRequest("Invalid source identifier route variable", err)
|
||||
}
|
||||
|
||||
var payload GitSourceUpdatePayload
|
||||
if err := request.DecodeAndValidateJSONPayload(r, &payload); err != nil && !errors.Is(err, io.EOF) {
|
||||
return httperror.BadRequest("Invalid request payload", err)
|
||||
}
|
||||
|
||||
var src *portainer.Source
|
||||
if err := h.dataStore.ViewTx(func(tx dataservices.DataStoreTx) error {
|
||||
src, err = tx.Source().Read(portainer.SourceID(sourceID))
|
||||
return err
|
||||
}); h.dataStore.IsErrObjectNotFound(err) {
|
||||
return httperror.NotFound("Unable to find a source with the specified identifier", err)
|
||||
} else if err != nil {
|
||||
return httperror.InternalServerError("Unable to find source", err)
|
||||
}
|
||||
|
||||
if err := ApplyGitSourceChanges(src, payload); errors.Is(err, ErrNotGitSource) {
|
||||
return httperror.BadRequest("Source is not a Git source", err)
|
||||
} else if err != nil {
|
||||
return httperror.InternalServerError("Unable to apply source changes", err)
|
||||
}
|
||||
|
||||
if src.GitConfig == nil {
|
||||
return httperror.InternalServerError("Source has no git configuration", nil)
|
||||
}
|
||||
|
||||
result := testSourceConnection(r.Context(), h.gitService, src.GitConfig)
|
||||
|
||||
return response.JSON(w, result)
|
||||
}
|
||||
|
||||
type ConnectionTestResult struct {
|
||||
Success bool `json:"success"`
|
||||
Error string `json:"error,omitempty"`
|
||||
}
|
||||
|
||||
// testSourceConnection verifies that a git repository is reachable with the given config.
|
||||
func testSourceConnection(ctx context.Context, gitService portainer.GitService, config *gittypes.RepoConfig) ConnectionTestResult {
|
||||
var username, password string
|
||||
if config.Authentication != nil {
|
||||
username = config.Authentication.Username
|
||||
password = config.Authentication.Password
|
||||
}
|
||||
|
||||
_, err := gitService.ListRefs(ctx, config.URL, username, password, false, config.TLSSkipVerify)
|
||||
if err != nil {
|
||||
return ConnectionTestResult{Success: false, Error: err.Error()}
|
||||
}
|
||||
|
||||
return ConnectionTestResult{Success: true}
|
||||
}
|
||||
@@ -1,11 +1,7 @@
|
||||
package sources
|
||||
|
||||
import (
|
||||
"crypto/sha256"
|
||||
"encoding/hex"
|
||||
"fmt"
|
||||
"path"
|
||||
"strings"
|
||||
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
gittypes "github.com/portainer/portainer/api/git/types"
|
||||
@@ -14,15 +10,16 @@ import (
|
||||
|
||||
// Source represents a unique git repository used as a GitOps source across one or more workflows.
|
||||
type Source struct {
|
||||
ID string `json:"id"`
|
||||
Name string `json:"name"`
|
||||
Type string `json:"type"`
|
||||
URL string `json:"url"`
|
||||
Status workflows.Status `json:"status"`
|
||||
Error string `json:"error,omitempty"`
|
||||
UsedBy int `json:"usedBy"`
|
||||
Environments int `json:"environments"`
|
||||
LastSync int64 `json:"lastSync"`
|
||||
ID portainer.SourceID `json:"id" validate:"required"`
|
||||
Name string `json:"name" validate:"required"`
|
||||
Type SourceType `json:"type" validate:"required"`
|
||||
URL string `json:"url" validate:"required"`
|
||||
Status workflows.Status `json:"status" validate:"required"`
|
||||
Error string `json:"error,omitempty"`
|
||||
Provider gittypes.GitProvider `json:"provider,omitempty"`
|
||||
UsedBy int `json:"usedBy"`
|
||||
Environments int `json:"environments"`
|
||||
LastSync int64 `json:"lastSync"`
|
||||
}
|
||||
|
||||
type SourceType string
|
||||
@@ -33,67 +30,24 @@ const (
|
||||
SourceTypeOCI SourceType = "oci"
|
||||
)
|
||||
|
||||
func parseSourceType(s string) (string, error) {
|
||||
func parseSourceType(s string) (SourceType, error) {
|
||||
switch SourceType(s) {
|
||||
case SourceTypeGit, SourceTypeHelm, SourceTypeOCI:
|
||||
return s, nil
|
||||
return SourceType(s), nil
|
||||
default:
|
||||
return "", fmt.Errorf("invalid source type %q: must be git, helm, or oci", s)
|
||||
}
|
||||
}
|
||||
|
||||
func sourceTypeString(t portainer.SourceType) string {
|
||||
func sourceTypeString(t portainer.SourceType) SourceType {
|
||||
switch t {
|
||||
case portainer.SourceTypeGit:
|
||||
return string(SourceTypeGit)
|
||||
return SourceTypeGit
|
||||
case portainer.SourceTypeHelm:
|
||||
return string(SourceTypeHelm)
|
||||
return SourceTypeHelm
|
||||
case portainer.SourceTypeRegistry:
|
||||
return string(SourceTypeOCI)
|
||||
return SourceTypeOCI
|
||||
default:
|
||||
return string(SourceTypeGit)
|
||||
return SourceTypeGit
|
||||
}
|
||||
}
|
||||
|
||||
type sourceGroupKey struct {
|
||||
URL string
|
||||
Username string
|
||||
Password string
|
||||
}
|
||||
|
||||
func gitSourceKey(cfg *gittypes.RepoConfig) sourceGroupKey {
|
||||
key := sourceGroupKey{URL: cfg.URL}
|
||||
if cfg.Authentication != nil {
|
||||
key.Username = cfg.Authentication.Username
|
||||
key.Password = cfg.Authentication.Password
|
||||
}
|
||||
|
||||
return key
|
||||
}
|
||||
|
||||
func sourceID(key sourceGroupKey) string {
|
||||
h := sha256.Sum256([]byte(key.URL + "\x00" + key.Username + "\x00" + key.Password))
|
||||
return hex.EncodeToString(h[:8])
|
||||
}
|
||||
|
||||
func repoName(rawURL string) string {
|
||||
return strings.TrimSuffix(path.Base(rawURL), ".git")
|
||||
}
|
||||
|
||||
func worstCaseStatus(statuses []workflows.Status) workflows.Status {
|
||||
priority := map[workflows.Status]int{
|
||||
workflows.StatusError: 4,
|
||||
workflows.StatusSyncing: 3,
|
||||
workflows.StatusPaused: 2,
|
||||
workflows.StatusHealthy: 1,
|
||||
workflows.StatusUnknown: 0,
|
||||
}
|
||||
worst := workflows.StatusUnknown
|
||||
for _, s := range statuses {
|
||||
if priority[s] > priority[worst] {
|
||||
worst = s
|
||||
}
|
||||
}
|
||||
|
||||
return worst
|
||||
}
|
||||
|
||||
@@ -3,10 +3,12 @@ package sources
|
||||
import (
|
||||
"errors"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
"github.com/portainer/portainer/api/dataservices"
|
||||
gittypes "github.com/portainer/portainer/api/git/types"
|
||||
"github.com/portainer/portainer/api/gitops/workflows"
|
||||
httperror "github.com/portainer/portainer/pkg/libhttp/error"
|
||||
"github.com/portainer/portainer/pkg/libhttp/request"
|
||||
"github.com/portainer/portainer/pkg/libhttp/response"
|
||||
@@ -17,6 +19,27 @@ var (
|
||||
ErrDuplicateSourceURL = errors.New("a source with this URL already exists")
|
||||
)
|
||||
|
||||
// GitSourceUpdatePayload holds the parameters for creating a git-backed source
|
||||
type GitSourceUpdatePayload struct {
|
||||
Name *string `json:"name"`
|
||||
URL *string `json:"url"`
|
||||
ReferenceName *string `json:"referenceName"`
|
||||
TLSSkipVerify *bool `json:"tlsSkipVerify"`
|
||||
Authentication *GitAuthenticationUpdatePayload `json:"authentication"`
|
||||
}
|
||||
|
||||
type GitAuthenticationUpdatePayload struct {
|
||||
Username *string `json:"username"`
|
||||
Password *string `json:"password"`
|
||||
Provider *gittypes.GitProvider `json:"provider" swaggertype:"integer" enums:"0,1,2,3,4,5,6"`
|
||||
AuthorizationType *gittypes.GitCredentialAuthType `json:"authorizationType" swaggertype:"integer" enums:"0,1"`
|
||||
}
|
||||
|
||||
// Validate implements the portainer.Validatable interface
|
||||
func (payload *GitSourceUpdatePayload) Validate(_ *http.Request) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// @id GitOpsSourcesUpdateGit
|
||||
// @summary Update a Git source
|
||||
// @description Updates an existing GitOps source backed by a Git repository.
|
||||
@@ -27,7 +50,7 @@ var (
|
||||
// @accept json
|
||||
// @produce json
|
||||
// @param id path int true "Source identifier"
|
||||
// @param body body GitSourceCreatePayload true "Git source details"
|
||||
// @param body body GitSourceUpdatePayload true "Git source details"
|
||||
// @success 200 {object} portainer.Source
|
||||
// @failure 400 "Invalid request payload"
|
||||
// @failure 403 "Access denied"
|
||||
@@ -36,65 +59,38 @@ var (
|
||||
// @failure 500 "Server error"
|
||||
// @router /gitops/sources/{id} [put]
|
||||
func (h *Handler) gitSourceUpdate(w http.ResponseWriter, r *http.Request) *httperror.HandlerError {
|
||||
sourceID, err := request.RetrieveNumericRouteVariableValue(r, "id")
|
||||
id, err := request.RetrieveNumericRouteVariableValue(r, "id")
|
||||
if err != nil {
|
||||
return httperror.BadRequest("Invalid source identifier route variable", err)
|
||||
}
|
||||
|
||||
var payload GitSourceCreatePayload
|
||||
var payload GitSourceUpdatePayload
|
||||
|
||||
if err := request.DecodeAndValidateJSONPayload(r, &payload); err != nil {
|
||||
return httperror.BadRequest("Invalid request payload", err)
|
||||
}
|
||||
|
||||
sourceID := portainer.SourceID(id)
|
||||
|
||||
var src *portainer.Source
|
||||
|
||||
if err := h.dataStore.UpdateTx(func(tx dataservices.DataStoreTx) error {
|
||||
var err error
|
||||
|
||||
if src, err = tx.Source().Read(portainer.SourceID(sourceID)); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if src.Type != portainer.SourceTypeGit {
|
||||
return ErrNotGitSource
|
||||
}
|
||||
|
||||
normalizedURL, err := gittypes.NormalizeURL(payload.URL)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
existing, err := tx.Source().ReadAll(func(s portainer.Source) bool {
|
||||
if s.ID == src.ID || s.Type != portainer.SourceTypeGit || s.GitConfig == nil {
|
||||
return false
|
||||
if payload.URL != nil {
|
||||
if isUnique, err := workflows.ValidateUniqueSourceURL(tx, *payload.URL, sourceID); err != nil {
|
||||
return err
|
||||
} else if !isUnique {
|
||||
return ErrDuplicateSourceURL
|
||||
}
|
||||
}
|
||||
|
||||
normalized, err := gittypes.NormalizeURL(s.GitConfig.URL)
|
||||
|
||||
return err == nil && normalized == normalizedURL
|
||||
})
|
||||
if err != nil {
|
||||
if src, err = tx.Source().Read(sourceID); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if len(existing) > 0 {
|
||||
return ErrDuplicateSourceURL
|
||||
}
|
||||
|
||||
var existingAuth *gittypes.GitAuthentication
|
||||
if src.GitConfig != nil {
|
||||
existingAuth = src.GitConfig.Authentication
|
||||
}
|
||||
|
||||
updated := BuildGitSource(payload)
|
||||
src.Name = updated.Name
|
||||
src.GitConfig = updated.GitConfig
|
||||
|
||||
if payload.Authentication == nil {
|
||||
src.GitConfig.Authentication = existingAuth
|
||||
} else if *payload.Authentication == (GitAuthenticationPayload{}) {
|
||||
src.GitConfig.Authentication = nil
|
||||
if err := ApplyGitSourceChanges(src, payload); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return tx.Source().Update(src.ID, src)
|
||||
@@ -112,3 +108,66 @@ func (h *Handler) gitSourceUpdate(w http.ResponseWriter, r *http.Request) *httpe
|
||||
|
||||
return response.JSON(w, src)
|
||||
}
|
||||
|
||||
// ApplyGitSourceChanges applies the payload changes to the source in place
|
||||
func ApplyGitSourceChanges(src *portainer.Source, payload GitSourceUpdatePayload) error {
|
||||
if src.Type != portainer.SourceTypeGit {
|
||||
return ErrNotGitSource
|
||||
}
|
||||
|
||||
if payload.Name != nil && strings.TrimSpace(*payload.Name) != "" {
|
||||
src.Name = *payload.Name
|
||||
}
|
||||
|
||||
gitConfig := src.GitConfig
|
||||
if gitConfig == nil {
|
||||
gitConfig = &gittypes.RepoConfig{}
|
||||
}
|
||||
|
||||
if payload.URL != nil {
|
||||
gitConfig.URL = *payload.URL
|
||||
}
|
||||
|
||||
if payload.ReferenceName != nil {
|
||||
gitConfig.ReferenceName = *payload.ReferenceName
|
||||
}
|
||||
|
||||
if payload.TLSSkipVerify != nil {
|
||||
gitConfig.TLSSkipVerify = *payload.TLSSkipVerify
|
||||
}
|
||||
|
||||
var auth *gittypes.GitAuthentication
|
||||
if payload.Authentication == nil {
|
||||
auth = gitConfig.Authentication
|
||||
} else if *payload.Authentication != (GitAuthenticationUpdatePayload{}) {
|
||||
existing := gitConfig.Authentication
|
||||
if existing != nil {
|
||||
copied := *existing
|
||||
auth = &copied
|
||||
} else {
|
||||
auth = &gittypes.GitAuthentication{}
|
||||
}
|
||||
|
||||
authPayload := *payload.Authentication
|
||||
if authPayload.AuthorizationType != nil {
|
||||
auth.AuthorizationType = *authPayload.AuthorizationType
|
||||
}
|
||||
|
||||
if authPayload.Username != nil {
|
||||
auth.Username = *authPayload.Username
|
||||
}
|
||||
|
||||
if authPayload.Password != nil {
|
||||
auth.Password = *authPayload.Password
|
||||
}
|
||||
|
||||
if authPayload.Provider != nil {
|
||||
auth.Provider = *authPayload.Provider
|
||||
}
|
||||
}
|
||||
|
||||
gitConfig.Authentication = auth
|
||||
src.GitConfig = gitConfig
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -30,9 +30,9 @@ func TestGitSourceUpdate_Success(t *testing.T) {
|
||||
|
||||
h := newTestHandler(t, store)
|
||||
|
||||
body, err := json.Marshal(GitSourceCreatePayload{
|
||||
URL: "https://github.com/org/new.git",
|
||||
Name: "new-name",
|
||||
body, err := json.Marshal(GitSourceUpdatePayload{
|
||||
URL: new("https://github.com/org/new.git"),
|
||||
Name: new("new-name"),
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -49,38 +49,6 @@ func TestGitSourceUpdate_Success(t *testing.T) {
|
||||
require.Equal(t, "https://github.com/org/new.git", src.GitConfig.URL)
|
||||
}
|
||||
|
||||
func TestGitSourceUpdate_DerivesNameFromURL(t *testing.T) {
|
||||
t.Parallel()
|
||||
_, store := datastore.MustNewTestStore(t, false, true)
|
||||
|
||||
var srcID portainer.SourceID
|
||||
require.NoError(t, store.UpdateTx(func(tx dataservices.DataStoreTx) error {
|
||||
src := &portainer.Source{Name: "old-name", Type: portainer.SourceTypeGit}
|
||||
err := tx.Source().Create(src)
|
||||
require.NoError(t, err)
|
||||
srcID = src.ID
|
||||
|
||||
return tx.User().Create(&portainer.User{ID: 1, Role: portainer.AdministratorRole})
|
||||
}))
|
||||
|
||||
h := newTestHandler(t, store)
|
||||
|
||||
body, err := json.Marshal(GitSourceCreatePayload{
|
||||
URL: "https://github.com/org/my-project.git",
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
rr := httptest.NewRecorder()
|
||||
h.ServeHTTP(rr, buildUpdateReq(t, 1, int(srcID), body))
|
||||
|
||||
require.Equal(t, http.StatusOK, rr.Code)
|
||||
|
||||
var src portainer.Source
|
||||
err = json.NewDecoder(rr.Body).Decode(&src)
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, "my-project", src.Name)
|
||||
}
|
||||
|
||||
func TestGitSourceUpdate_PreservesAuthWhenNotProvided(t *testing.T) {
|
||||
t.Parallel()
|
||||
_, store := datastore.MustNewTestStore(t, false, true)
|
||||
@@ -107,9 +75,9 @@ func TestGitSourceUpdate_PreservesAuthWhenNotProvided(t *testing.T) {
|
||||
|
||||
h := newTestHandler(t, store)
|
||||
|
||||
body, err := json.Marshal(GitSourceCreatePayload{
|
||||
URL: "https://github.com/org/repo.git",
|
||||
Name: "renamed",
|
||||
body, err := json.Marshal(GitSourceUpdatePayload{
|
||||
URL: new("https://github.com/org/repo.git"),
|
||||
Name: new("renamed"),
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -156,9 +124,9 @@ func TestGitSourceUpdate_ClearsAuthWhenRequested(t *testing.T) {
|
||||
|
||||
h := newTestHandler(t, store)
|
||||
|
||||
body, err := json.Marshal(GitSourceCreatePayload{
|
||||
URL: "https://github.com/org/repo.git",
|
||||
Authentication: &GitAuthenticationPayload{},
|
||||
body, err := json.Marshal(GitSourceUpdatePayload{
|
||||
URL: new("https://github.com/org/repo.git"),
|
||||
Authentication: &GitAuthenticationUpdatePayload{},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -203,11 +171,11 @@ func TestGitSourceUpdate_ReplacesAuthWhenProvided(t *testing.T) {
|
||||
|
||||
h := newTestHandler(t, store)
|
||||
|
||||
body, err := json.Marshal(GitSourceCreatePayload{
|
||||
URL: "https://github.com/org/repo.git",
|
||||
Authentication: &GitAuthenticationPayload{
|
||||
Username: "bob",
|
||||
Password: "new-secret",
|
||||
body, err := json.Marshal(GitSourceUpdatePayload{
|
||||
URL: new("https://github.com/org/repo.git"),
|
||||
Authentication: &GitAuthenticationUpdatePayload{
|
||||
Username: new("bob"),
|
||||
Password: new("new-secret"),
|
||||
},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
@@ -239,7 +207,7 @@ func TestGitSourceUpdate_NotFound(t *testing.T) {
|
||||
|
||||
h := newTestHandler(t, store)
|
||||
|
||||
body, err := json.Marshal(GitSourceCreatePayload{URL: "https://github.com/org/repo.git"})
|
||||
body, err := json.Marshal(GitSourceUpdatePayload{URL: new("https://github.com/org/repo.git")})
|
||||
require.NoError(t, err)
|
||||
|
||||
rr := httptest.NewRecorder()
|
||||
@@ -274,8 +242,8 @@ func TestGitSourceUpdate_ConflictOnDuplicateURL(t *testing.T) {
|
||||
|
||||
h := newTestHandler(t, store)
|
||||
|
||||
body, err := json.Marshal(GitSourceCreatePayload{
|
||||
URL: "https://github.com/org/existing.git",
|
||||
body, err := json.Marshal(GitSourceUpdatePayload{
|
||||
URL: new("https://github.com/org/existing.git"),
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -301,7 +269,7 @@ func TestGitSourceUpdate_NotGitSource(t *testing.T) {
|
||||
|
||||
h := newTestHandler(t, store)
|
||||
|
||||
body, err := json.Marshal(GitSourceCreatePayload{URL: "https://github.com/org/repo.git"})
|
||||
body, err := json.Marshal(GitSourceUpdatePayload{URL: new("https://github.com/org/repo.git")})
|
||||
require.NoError(t, err)
|
||||
|
||||
rr := httptest.NewRecorder()
|
||||
@@ -342,7 +310,7 @@ func TestGitSourceUpdate_NonNumericID(t *testing.T) {
|
||||
|
||||
h := newTestHandler(t, store)
|
||||
|
||||
body, err := json.Marshal(GitSourceCreatePayload{URL: "https://github.com/org/repo.git"})
|
||||
body, err := json.Marshal(GitSourceUpdatePayload{URL: new("https://github.com/org/repo.git")})
|
||||
require.NoError(t, err)
|
||||
|
||||
req := buildUpdateReqWithRawID(t, 1, "not-a-number", body)
|
||||
|
||||
@@ -1,51 +1,44 @@
|
||||
package sources
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
portainer "github.com/portainer/portainer/api"
|
||||
gittypes "github.com/portainer/portainer/api/git/types"
|
||||
ce "github.com/portainer/portainer/api/gitops/workflows"
|
||||
"github.com/portainer/portainer/api/set"
|
||||
)
|
||||
|
||||
func workflowsBySourceID(workflows []ce.Workflow) map[string][]ce.Workflow {
|
||||
byID := make(map[string][]ce.Workflow)
|
||||
for _, wf := range workflows {
|
||||
if wf.GitConfig != nil {
|
||||
id := sourceID(gitSourceKey(wf.GitConfig))
|
||||
byID[id] = append(byID[id], wf)
|
||||
}
|
||||
func (h *Handler) buildSource(ctx context.Context, src *portainer.Source, stats ce.SourceStats) Source {
|
||||
var status ce.Status
|
||||
var sourceErr string
|
||||
if src.GitConfig != nil {
|
||||
phase, _ := ce.ComputeGitPhasesForConfig(ctx, h.gitService, src.GitConfig)
|
||||
status = phase.Status
|
||||
sourceErr = phase.Error
|
||||
} else {
|
||||
status = ce.StatusUnknown
|
||||
}
|
||||
return byID
|
||||
}
|
||||
|
||||
func buildSource(id, url string, wfs []ce.Workflow) Source {
|
||||
statuses := make([]ce.Status, 0, len(wfs))
|
||||
var sourceError string
|
||||
var lastSync int64
|
||||
endpointIDs := make(set.Set[portainer.EndpointID])
|
||||
for _, wf := range wfs {
|
||||
statuses = append(statuses, wf.Status.Source.Status)
|
||||
if sourceError == "" && wf.Status.Source.Status == ce.StatusError {
|
||||
sourceError = wf.Status.Source.Error
|
||||
}
|
||||
lastSync = max(lastSync, wf.LastSyncDate)
|
||||
if wf.Target.EndpointID != 0 {
|
||||
endpointIDs.Add(wf.Target.EndpointID)
|
||||
}
|
||||
for _, id := range wf.Target.ResolvedEndpointIDs {
|
||||
endpointIDs.Add(id)
|
||||
url := ""
|
||||
var provider gittypes.GitProvider
|
||||
if src.GitConfig != nil {
|
||||
url = gittypes.SanitizeURL(src.GitConfig.URL)
|
||||
if src.GitConfig.Authentication != nil {
|
||||
provider = src.GitConfig.Authentication.Provider
|
||||
}
|
||||
}
|
||||
|
||||
return Source{
|
||||
ID: id,
|
||||
Name: repoName(url),
|
||||
Type: "git",
|
||||
URL: gittypes.SanitizeURL(url),
|
||||
Status: worstCaseStatus(statuses),
|
||||
Error: sourceError,
|
||||
UsedBy: len(wfs),
|
||||
Environments: len(endpointIDs),
|
||||
LastSync: lastSync,
|
||||
ID: src.ID,
|
||||
Name: src.Name,
|
||||
Type: sourceTypeString(src.Type),
|
||||
URL: url,
|
||||
Status: status,
|
||||
Error: sourceErr,
|
||||
Provider: provider,
|
||||
UsedBy: stats.WorkflowCount,
|
||||
Environments: len(stats.EndpointIDs),
|
||||
LastSync: stats.LastSync,
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -11,90 +11,6 @@ import (
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestWorkflowsBySourceID(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
t.Run("groups workflows with same URL and credentials", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
cfg := gitCfg("https://github.com/org/repo")
|
||||
wfs := []ce.Workflow{{GitConfig: cfg}, {GitConfig: cfg}}
|
||||
byID := workflowsBySourceID(wfs)
|
||||
assert.Len(t, byID, 1)
|
||||
for _, group := range byID {
|
||||
assert.Len(t, group, 2)
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("separates workflows with same URL but different credentials", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
wfs := []ce.Workflow{
|
||||
{GitConfig: &gittypes.RepoConfig{URL: "https://github.com/org/repo",
|
||||
Authentication: &gittypes.GitAuthentication{Username: "alice", Password: "pass1"}}},
|
||||
{GitConfig: &gittypes.RepoConfig{URL: "https://github.com/org/repo",
|
||||
Authentication: &gittypes.GitAuthentication{Username: "bob", Password: "pass2"}}},
|
||||
}
|
||||
byID := workflowsBySourceID(wfs)
|
||||
assert.Len(t, byID, 2)
|
||||
})
|
||||
|
||||
t.Run("skips workflows with nil GitConfig", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
wfs := []ce.Workflow{{}, {GitConfig: gitCfg("https://github.com/org/repo")}}
|
||||
byID := workflowsBySourceID(wfs)
|
||||
assert.Len(t, byID, 1)
|
||||
})
|
||||
}
|
||||
|
||||
func TestBuildSource(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
t.Run("status is the worst across all workflows", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
wfs := []ce.Workflow{
|
||||
{Status: ce.WorkflowStatusObject{Source: ce.WorkflowPhaseStatus{Status: ce.StatusHealthy}}},
|
||||
{Status: ce.WorkflowStatusObject{Source: ce.WorkflowPhaseStatus{Status: ce.StatusError, Error: "boom"}}},
|
||||
}
|
||||
s := buildSource("id", "https://github.com/org/repo.git", wfs)
|
||||
assert.Equal(t, ce.StatusError, s.Status)
|
||||
assert.Equal(t, "boom", s.Error)
|
||||
})
|
||||
|
||||
t.Run("usedBy equals the number of workflows", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
wfs := make([]ce.Workflow, 3)
|
||||
s := buildSource("id", "https://github.com/org/repo", wfs)
|
||||
assert.Equal(t, 3, s.UsedBy)
|
||||
})
|
||||
|
||||
t.Run("environments deduplicates endpoint IDs", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
wfs := []ce.Workflow{
|
||||
{Target: ce.Target{EndpointID: portainer.EndpointID(1)}},
|
||||
{Target: ce.Target{EndpointID: portainer.EndpointID(1)}}, // duplicate
|
||||
{Target: ce.Target{EndpointID: portainer.EndpointID(2)}},
|
||||
}
|
||||
s := buildSource("id", "https://github.com/org/repo", wfs)
|
||||
assert.Equal(t, 2, s.Environments)
|
||||
})
|
||||
|
||||
t.Run("name is extracted from URL", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
s := buildSource("id", "https://github.com/org/my-app.git", []ce.Workflow{{}})
|
||||
assert.Equal(t, "my-app", s.Name)
|
||||
})
|
||||
|
||||
t.Run("lastSync is the maximum across all workflows", func(t *testing.T) {
|
||||
t.Parallel()
|
||||
wfs := []ce.Workflow{
|
||||
{LastSyncDate: 100},
|
||||
{LastSyncDate: 300},
|
||||
{LastSyncDate: 200},
|
||||
}
|
||||
s := buildSource("id", "https://github.com/org/repo", wfs)
|
||||
assert.Equal(t, int64(300), s.LastSync)
|
||||
})
|
||||
}
|
||||
|
||||
func TestRedactWorkflowCredentials(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
@@ -150,21 +66,19 @@ func TestBuildAutoUpdateInfo(t *testing.T) {
|
||||
func TestBuildConnectionInfo(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
assert.Nil(t, buildConnectionInfo(nil))
|
||||
assert.Equal(t, connectionInfo{}, buildConnectionInfo(nil))
|
||||
|
||||
cfg := &gittypes.RepoConfig{
|
||||
ReferenceName: "refs/heads/main",
|
||||
ConfigFilePath: "docker-compose.yml",
|
||||
TLSSkipVerify: true,
|
||||
Authentication: &gittypes.GitAuthentication{Username: "user"},
|
||||
}
|
||||
got := buildConnectionInfo(cfg)
|
||||
require.NotNil(t, got)
|
||||
assert.Equal(t, "refs/heads/main", got.ReferenceName)
|
||||
assert.Equal(t, "docker-compose.yml", got.ConfigFilePath)
|
||||
assert.True(t, got.TLSSkipVerify)
|
||||
assert.True(t, got.Authentication)
|
||||
require.NotNil(t, got.Authentication)
|
||||
assert.Equal(t, "user", got.Authentication.Username)
|
||||
|
||||
got = buildConnectionInfo(&gittypes.RepoConfig{})
|
||||
assert.False(t, got.Authentication)
|
||||
assert.Nil(t, got.Authentication)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user