NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commit8187992

authored

fix: Validate template version name (#6804)

* WIP* Update* Validation

1 parente0cc4ee commit8187992Copy full SHA for 8187992

File tree

6 files changed

+105

-10

lines changed

coderd
- database/dbauthz
  - querier.go
- httpapi
  - httpapi.go
- templateversions.go
- templateversions_test.go
codersdk
- organizations.go
- templateversions.go

6 files changed

+105

-10

lines changed

`‎coderd/database/dbauthz/querier.go`

Lines changed: 13 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -859,11 +859,22 @@ func (q *querier) UpdateTemplateScheduleByID(ctx context.Context, arg database.U`
`859`	`859`	`}`
`860`	`860`
`861`	`861`	`func (q*querier)UpdateTemplateVersionByID(ctx context.Context,arg database.UpdateTemplateVersionByIDParams) (database.TemplateVersion,error) {`
`862`		`-template,err:=q.db.GetTemplateByID(ctx,arg.TemplateID.UUID)`
	`862`	`+// An actor is allowed to update the template version if they are authorized to update the template.`
	`863`	`+tv,err:=q.db.GetTemplateVersionByID(ctx,arg.ID)`
`863`	`864`	`iferr!=nil {`
`864`	`865`	`return database.TemplateVersion{},err`
`865`	`866`	`}`
`866`		`-iferr:=q.authorizeContext(ctx,rbac.ActionUpdate,template);err!=nil {`
	`867`	`+varobj rbac.Objecter`
	`868`	`+if!tv.TemplateID.Valid {`
	`869`	`+obj=rbac.ResourceTemplate.InOrg(tv.OrganizationID)`
	`870`	`+}else {`
	`871`	`+tpl,err:=q.db.GetTemplateByID(ctx,tv.TemplateID.UUID)`
	`872`	`+iferr!=nil {`
	`873`	`+return database.TemplateVersion{},err`
	`874`	`+}`
	`875`	`+obj=tpl`
	`876`	`+}`
	`877`	`+iferr:=q.authorizeContext(ctx,rbac.ActionUpdate,obj);err!=nil {`
`867`	`878`	`return database.TemplateVersion{},err`
`868`	`879`	`}`
`869`	`880`	`returnq.db.UpdateTemplateVersionByID(ctx,arg)`

`‎coderd/httpapi/httpapi.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,7 @@ func init() {`
`44`	`44`	`valid:=NameValid(str)`
`45`	`45`	`returnvalid==nil`
`46`	`46`	`}`
`47`		`-for_,tag:=range []string{"username","template_name","workspace_name"} {`
	`47`	`+for_,tag:=range []string{"username","template_name","workspace_name","template_version_name"} {`
`48`	`48`	`err:=Validate.RegisterValidation(tag,nameValidator)`
`49`	`49`	`iferr!=nil {`
`50`	`50`	`panic(err)`

`‎coderd/templateversions.go`

Lines changed: 35 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -92,12 +92,43 @@ func (api API) patchTemplateVersion(rw http.ResponseWriter, r http.Request) {`
`92`	`92`	`ifparams.Name!="" {`
`93`	`93`	`updateParams.Name=params.Name`
`94`	`94`	`}`
`95`		`-// It is not allowed to "patch" the template ID, and reassign it.`
`96`		`-updatedTemplateVersion,err:=api.Database.UpdateTemplateVersionByID(ctx,updateParams)`
	`95`	`+`
	`96`	`+errTemplateVersionNameConflict:=xerrors.New("template version name must be unique for a template")`
	`97`	`+`
	`98`	`+varupdatedTemplateVersion database.TemplateVersion`
	`99`	`+err:=api.Database.InTx(func(tx database.Store)error {`
	`100`	`+iftemplateVersion.TemplateID.Valid&&templateVersion.Name!=updateParams.Name {`
	`101`	`+// User wants to rename the template version`
	`102`	`+`
	`103`	`+_,err:=tx.GetTemplateVersionByTemplateIDAndName(ctx, database.GetTemplateVersionByTemplateIDAndNameParams{`
	`104`	`+TemplateID:templateVersion.TemplateID,`
	`105`	`+Name:updateParams.Name,`
	`106`	`+})`
	`107`	`+iferr!=nil&&!xerrors.Is(err,sql.ErrNoRows) {`
	`108`	`+returnxerrors.Errorf("error on retrieving conflicting template version: %v",err)`
	`109`	`+}`
	`110`	`+iferr==nil {`
	`111`	`+returnerrTemplateVersionNameConflict`
	`112`	`+}`
	`113`	`+}`
	`114`	`+`
	`115`	`+// It is not allowed to "patch" the template ID, and reassign it.`
	`116`	`+varerrerror`
	`117`	`+updatedTemplateVersion,err=tx.UpdateTemplateVersionByID(ctx,updateParams)`
	`118`	`+iferr!=nil {`
	`119`	`+returnxerrors.Errorf("error on patching template version: %v",err)`
	`120`	`+}`
	`121`	`+returnnil`
	`122`	`+},nil)`
	`123`	`+iferrors.Is(err,errTemplateVersionNameConflict) {`
	`124`	`+httpapi.Write(ctx,rw,http.StatusBadRequest, codersdk.Response{`
	`125`	`+Message:err.Error(),`
	`126`	`+})`
	`127`	`+return`
	`128`	`+}`
`97`	`129`	`iferr!=nil {`
`98`	`130`	`httpapi.Write(ctx,rw,http.StatusInternalServerError, codersdk.Response{`
`99`		`-Message:"Error on patching template version.",`
`100`		`-Detail:err.Error(),`
	`131`	`+Message:err.Error(),`
`101`	`132`	`})`
`102`	`133`	`return`
`103`	`134`	`}`

`‎coderd/templateversions_test.go`

Lines changed: 54 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1347,7 +1347,7 @@ func TestTemplateVersionPatch(t *testing.T) {`
`1347`	`1347`	`ctx,cancel:=context.WithTimeout(context.Background(),testutil.WaitLong)`
`1348`	`1348`	`defercancel()`
`1349`	`1349`
`1350`		`-constnewName="new_name"`
	`1350`	`+constnewName="new-name"`
`1351`	`1351`	`updatedVersion,err:=client.UpdateTemplateVersion(ctx,version.ID, codersdk.PatchTemplateVersionRequest{`
`1352`	`1352`	`Name:newName,`
`1353`	`1353`	`})`
`@@ -1376,6 +1376,7 @@ func TestTemplateVersionPatch(t *testing.T) {`
`1376`	`1376`	`t.Parallel()`
`1377`	`1377`	`client:=coderdtest.New(t,nil)`
`1378`	`1378`	`user:=coderdtest.CreateFirstUser(t,client)`
	`1379`	`+`
`1379`	`1380`	`version1:=coderdtest.CreateTemplateVersion(t,client,user.OrganizationID,nil)`
`1380`	`1381`	`coderdtest.CreateTemplate(t,client,user.OrganizationID,version1.ID)`
`1381`	`1382`	`version2:=coderdtest.CreateTemplateVersion(t,client,user.OrganizationID,nil)`
`@@ -1398,4 +1399,56 @@ func TestTemplateVersionPatch(t *testing.T) {`
`1398`	`1399`	`assert.NotEqual(t,updatedVersion1.ID,updatedVersion2.ID)`
`1399`	`1400`	`assert.Equal(t,updatedVersion1.Name,updatedVersion2.Name)`
`1400`	`1401`	`})`
	`1402`	`+`
	`1403`	`+t.Run("Use the same name for two versions for the same templates",func(t*testing.T) {`
	`1404`	`+t.Parallel()`
	`1405`	`+client:=coderdtest.New(t,nil)`
	`1406`	`+user:=coderdtest.CreateFirstUser(t,client)`
	`1407`	`+version1:=coderdtest.CreateTemplateVersion(t,client,user.OrganizationID,nil)`
	`1408`	`+template:=coderdtest.CreateTemplate(t,client,user.OrganizationID,version1.ID)`
	`1409`	`+`
	`1410`	`+version2:=coderdtest.CreateTemplateVersion(t,client,user.OrganizationID,nil,func(ctvr*codersdk.CreateTemplateVersionRequest) {`
	`1411`	`+ctvr.TemplateID=template.ID`
	`1412`	`+})`
	`1413`	`+`
	`1414`	`+ctx,cancel:=context.WithTimeout(context.Background(),testutil.WaitLong)`
	`1415`	`+defercancel()`
	`1416`	`+_,err:=client.UpdateTemplateVersion(ctx,version2.ID, codersdk.PatchTemplateVersionRequest{`
	`1417`	`+Name:version1.Name,`
	`1418`	`+})`
	`1419`	`+require.Error(t,err)`
	`1420`	`+})`
	`1421`	`+`
	`1422`	`+t.Run("Rename the unassigned template",func(t*testing.T) {`
	`1423`	`+t.Parallel()`
	`1424`	`+client:=coderdtest.New(t,nil)`
	`1425`	`+user:=coderdtest.CreateFirstUser(t,client)`
	`1426`	`+version1:=coderdtest.CreateTemplateVersion(t,client,user.OrganizationID,nil)`
	`1427`	`+`
	`1428`	`+ctx,cancel:=context.WithTimeout(context.Background(),testutil.WaitLong)`
	`1429`	`+defercancel()`
	`1430`	`+`
	`1431`	`+constcommonTemplateVersionName="common-template-version-name"`
	`1432`	`+updatedVersion1,err:=client.UpdateTemplateVersion(ctx,version1.ID, codersdk.PatchTemplateVersionRequest{`
	`1433`	`+Name:commonTemplateVersionName,`
	`1434`	`+})`
	`1435`	`+require.NoError(t,err)`
	`1436`	`+assert.Equal(t,commonTemplateVersionName,updatedVersion1.Name)`
	`1437`	`+})`
	`1438`	`+`
	`1439`	`+t.Run("Use incorrect template version name",func(t*testing.T) {`
	`1440`	`+t.Parallel()`
	`1441`	`+client:=coderdtest.New(t,nil)`
	`1442`	`+user:=coderdtest.CreateFirstUser(t,client)`
	`1443`	`+version1:=coderdtest.CreateTemplateVersion(t,client,user.OrganizationID,nil)`
	`1444`	`+`
	`1445`	`+ctx,cancel:=context.WithTimeout(context.Background(),testutil.WaitLong)`
	`1446`	`+defercancel()`
	`1447`	`+`
	`1448`	`+constincorrectTemplateVersionName="incorrect/name"`
	`1449`	`+_,err:=client.UpdateTemplateVersion(ctx,version1.ID, codersdk.PatchTemplateVersionRequest{`
	`1450`	`+Name:incorrectTemplateVersionName,`
	`1451`	`+})`
	`1452`	`+require.Error(t,err)`
	`1453`	`+})`
`1401`	`1454`	`}`

`‎codersdk/organizations.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ type OrganizationMember struct {`
`42`	`42`
`43`	`43`	`// CreateTemplateVersionRequest enables callers to create a new Template Version.`
`44`	`44`	`typeCreateTemplateVersionRequeststruct {`
`45`		-Namestring`json:"name,omitempty" validate:"omitempty,template_name"`
	`45`	+Namestring`json:"name,omitempty" validate:"omitempty,template_version_name"`
`46`	`46`	`// TemplateID optionally associates a version with a template.`
`47`	`47`	TemplateID uuid.UUID`json:"template_id,omitempty" format:"uuid"`
`48`	`48`	StorageMethodProvisionerStorageMethod`json:"storage_method" validate:"oneof=file,required" enums:"file"`

`‎codersdk/templateversions.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,7 @@ type TemplateVersionVariable struct {`
`77`	`77`	`}`
`78`	`78`
`79`	`79`	`typePatchTemplateVersionRequeststruct {`
`80`		-Namestring`json:"name"`
	`80`	+Namestring`json:"name" validate:"omitempty,template_version_name"`
`81`	`81`	`}`
`82`	`82`
`83`	`83`	`// TemplateVersion returns a template version by ID.`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit8187992

File tree

6 files changed

6 files changed

`‎coderd/database/dbauthz/querier.go`

`‎coderd/httpapi/httpapi.go`

`‎coderd/templateversions.go`

`‎coderd/templateversions_test.go`

`‎codersdk/organizations.go`

`‎codersdk/templateversions.go`

0 commit comments