1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
|
// Copyright (C) 2013 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.gerrit.server.git.validators;
import com.google.common.base.Joiner;
import com.google.common.collect.ImmutableList;
import com.google.common.flogger.FluentLogger;
import com.google.gerrit.entities.Account;
import com.google.gerrit.entities.BranchNameKey;
import com.google.gerrit.entities.PatchSet;
import com.google.gerrit.entities.Project;
import com.google.gerrit.entities.RefNames;
import com.google.gerrit.exceptions.StorageException;
import com.google.gerrit.extensions.api.projects.ProjectConfigEntryType;
import com.google.gerrit.extensions.registration.DynamicMap;
import com.google.gerrit.extensions.registration.Extension;
import com.google.gerrit.extensions.restapi.AuthException;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.account.AccountProperties;
import com.google.gerrit.server.config.AllProjectsName;
import com.google.gerrit.server.config.AllUsersName;
import com.google.gerrit.server.config.GerritServerConfig;
import com.google.gerrit.server.config.PluginConfig;
import com.google.gerrit.server.config.ProjectConfigEntry;
import com.google.gerrit.server.git.CodeReviewCommit;
import com.google.gerrit.server.git.CodeReviewCommit.CodeReviewRevWalk;
import com.google.gerrit.server.permissions.GlobalPermission;
import com.google.gerrit.server.permissions.PermissionBackend;
import com.google.gerrit.server.permissions.PermissionBackendException;
import com.google.gerrit.server.permissions.ProjectPermission;
import com.google.gerrit.server.plugincontext.PluginSetContext;
import com.google.gerrit.server.project.ProjectCache;
import com.google.gerrit.server.project.ProjectConfig;
import com.google.gerrit.server.project.ProjectState;
import com.google.gerrit.server.query.change.ChangeData;
import com.google.inject.Inject;
import java.io.IOException;
import java.util.List;
import java.util.Objects;
import org.eclipse.jgit.errors.ConfigInvalidException;
import org.eclipse.jgit.lib.Config;
import org.eclipse.jgit.lib.Ref;
import org.eclipse.jgit.lib.Repository;
/**
* Collection of validators that run inside Gerrit before a change is submitted. The main purpose is
* to ensure that NoteDb data is mutated in a controlled way.
*
* <p>The difference between this and {@link OnSubmitValidators} is that this validates the original
* commit. Depending on the {@link com.google.gerrit.server.submit.SubmitStrategy} that the project
* chooses, the resulting commit in the repo might differ from this original commit. In case you
* want to validate the resulting commit, use {@link OnSubmitValidators}
*/
public class MergeValidators {
private static final FluentLogger logger = FluentLogger.forEnclosingClass();
private final PluginSetContext<MergeValidationListener> mergeValidationListeners;
private final ProjectConfigValidator.Factory projectConfigValidatorFactory;
private final AccountMergeValidator.Factory accountValidatorFactory;
private final GroupMergeValidator.Factory groupValidatorFactory;
public interface Factory {
MergeValidators create();
}
@Inject
MergeValidators(
PluginSetContext<MergeValidationListener> mergeValidationListeners,
ProjectConfigValidator.Factory projectConfigValidatorFactory,
AccountMergeValidator.Factory accountValidatorFactory,
GroupMergeValidator.Factory groupValidatorFactory) {
this.mergeValidationListeners = mergeValidationListeners;
this.projectConfigValidatorFactory = projectConfigValidatorFactory;
this.accountValidatorFactory = accountValidatorFactory;
this.groupValidatorFactory = groupValidatorFactory;
}
/**
* Runs all validators and throws a {@link MergeValidationException} for the first validator that
* failed. Only the first violation is propagated and processing is stopped thereafter.
*/
public void validatePreMerge(
Repository repo,
CodeReviewRevWalk revWalk,
CodeReviewCommit commit,
ProjectState destProject,
BranchNameKey destBranch,
PatchSet.Id patchSetId,
IdentifiedUser caller)
throws MergeValidationException {
List<MergeValidationListener> validators =
ImmutableList.of(
new PluginMergeValidationListener(mergeValidationListeners),
projectConfigValidatorFactory.create(),
accountValidatorFactory.create(),
groupValidatorFactory.create(),
new DestBranchRefValidator());
for (MergeValidationListener validator : validators) {
validator.onPreMerge(repo, revWalk, commit, destProject, destBranch, patchSetId, caller);
}
}
/** Validator for any commits to {@code refs/meta/config}. */
public static class ProjectConfigValidator implements MergeValidationListener {
private static final String INVALID_CONFIG =
"Change contains an invalid project configuration.";
private static final String PARENT_NOT_FOUND =
"Change contains an invalid project configuration:\nParent project does not exist.";
private static final String PLUGIN_VALUE_NOT_EDITABLE =
"Change contains an invalid project configuration:\n"
+ "One of the plugin configuration parameters is not editable.";
private static final String PLUGIN_VALUE_NOT_PERMITTED =
"Change contains an invalid project configuration:\n"
+ "One of the plugin configuration parameters has a value that is not"
+ " permitted.";
private static final String ROOT_NO_PARENT =
"Change contains an invalid project configuration:\n"
+ "The root project cannot have a parent.";
private static final String SET_BY_ADMIN =
"Change contains a project configuration that changes the parent"
+ " project.\n"
+ "The change must be submitted by a Gerrit administrator.";
private static final String SET_BY_OWNER =
"Change contains a project configuration that changes the parent"
+ " project.\n"
+ "The change must be submitted by a Gerrit administrator or the project owner.";
private final AllProjectsName allProjectsName;
private final AllUsersName allUsersName;
private final ProjectCache projectCache;
private final PermissionBackend permissionBackend;
private final DynamicMap<ProjectConfigEntry> pluginConfigEntries;
private final ProjectConfig.Factory projectConfigFactory;
private final boolean allowProjectOwnersToChangeParent;
public interface Factory {
ProjectConfigValidator create();
}
@Inject
public ProjectConfigValidator(
AllProjectsName allProjectsName,
AllUsersName allUsersName,
ProjectCache projectCache,
PermissionBackend permissionBackend,
DynamicMap<ProjectConfigEntry> pluginConfigEntries,
ProjectConfig.Factory projectConfigFactory,
@GerritServerConfig Config config) {
this.allProjectsName = allProjectsName;
this.allUsersName = allUsersName;
this.projectCache = projectCache;
this.permissionBackend = permissionBackend;
this.pluginConfigEntries = pluginConfigEntries;
this.projectConfigFactory = projectConfigFactory;
this.allowProjectOwnersToChangeParent =
config.getBoolean("receive", "allowProjectOwnersToChangeParent", false);
}
@Override
public void onPreMerge(
Repository repo,
CodeReviewRevWalk revWalk,
CodeReviewCommit commit,
ProjectState destProject,
BranchNameKey destBranch,
PatchSet.Id patchSetId,
IdentifiedUser caller)
throws MergeValidationException {
if (RefNames.REFS_CONFIG.equals(destBranch.branch())) {
final Project.NameKey newParent;
try {
ProjectConfig cfg = projectConfigFactory.create(destProject.getNameKey());
cfg.load(destProject.getNameKey(), repo, commit);
newParent = cfg.getProject().getParent(allProjectsName);
final Project.NameKey oldParent = destProject.getProject().getParent(allProjectsName);
if (oldParent == null) {
// update of the 'All-Projects' project
if (newParent != null) {
throw new MergeValidationException(ROOT_NO_PARENT);
}
} else {
if (!oldParent.equals(newParent)) {
if (!allowProjectOwnersToChangeParent) {
try {
permissionBackend.user(caller).check(GlobalPermission.ADMINISTRATE_SERVER);
} catch (AuthException e) {
throw new MergeValidationException(SET_BY_ADMIN, e);
} catch (PermissionBackendException e) {
logger.atWarning().withCause(e).log("Cannot check ADMINISTRATE_SERVER");
throw new MergeValidationException("validation unavailable", e);
}
} else {
try {
permissionBackend
.user(caller)
.project(destProject.getNameKey())
.check(ProjectPermission.WRITE_CONFIG);
} catch (AuthException e) {
throw new MergeValidationException(SET_BY_OWNER, e);
} catch (PermissionBackendException e) {
logger.atWarning().withCause(e).log("Cannot check WRITE_CONFIG");
throw new MergeValidationException("validation unavailable", e);
}
}
if (allUsersName.equals(destProject.getNameKey())
&& !allProjectsName.equals(newParent)) {
throw new MergeValidationException(
String.format(
" %s must inherit from %s", allUsersName.get(), allProjectsName.get()));
}
if (!projectCache.get(newParent).isPresent()) {
throw new MergeValidationException(PARENT_NOT_FOUND);
}
}
}
for (Extension<ProjectConfigEntry> e : pluginConfigEntries) {
PluginConfig pluginCfg = cfg.getPluginConfig(e.getPluginName());
ProjectConfigEntry configEntry = e.getProvider().get();
String value = pluginCfg.getString(e.getExportName());
String oldValue =
destProject.getPluginConfig(e.getPluginName()).getString(e.getExportName());
if ((!Objects.equals(value, oldValue)) && !configEntry.isEditable(destProject)) {
throw new MergeValidationException(PLUGIN_VALUE_NOT_EDITABLE);
}
if (ProjectConfigEntryType.LIST.equals(configEntry.getType())
&& value != null
&& !configEntry.getPermittedValues().contains(value)) {
throw new MergeValidationException(PLUGIN_VALUE_NOT_PERMITTED);
}
}
} catch (ConfigInvalidException | IOException e) {
throw new MergeValidationException(INVALID_CONFIG, e);
}
}
}
}
/** Validator that calls to plugins that provide additional validators. */
public static class PluginMergeValidationListener implements MergeValidationListener {
private final PluginSetContext<MergeValidationListener> mergeValidationListeners;
public PluginMergeValidationListener(
PluginSetContext<MergeValidationListener> mergeValidationListeners) {
this.mergeValidationListeners = mergeValidationListeners;
}
@Override
public void onPreMerge(
Repository repo,
CodeReviewRevWalk revWalk,
CodeReviewCommit commit,
ProjectState destProject,
BranchNameKey destBranch,
PatchSet.Id patchSetId,
IdentifiedUser caller)
throws MergeValidationException {
mergeValidationListeners.runEach(
l -> l.onPreMerge(repo, revWalk, commit, destProject, destBranch, patchSetId, caller),
MergeValidationException.class);
}
}
public static class AccountMergeValidator implements MergeValidationListener {
public interface Factory {
AccountMergeValidator create();
}
private final AllUsersName allUsersName;
private final ChangeData.Factory changeDataFactory;
private final AccountValidator accountValidator;
@Inject
public AccountMergeValidator(
AllUsersName allUsersName,
ChangeData.Factory changeDataFactory,
AccountValidator accountValidator) {
this.allUsersName = allUsersName;
this.changeDataFactory = changeDataFactory;
this.accountValidator = accountValidator;
}
@Override
public void onPreMerge(
Repository repo,
CodeReviewRevWalk revWalk,
CodeReviewCommit commit,
ProjectState destProject,
BranchNameKey destBranch,
PatchSet.Id patchSetId,
IdentifiedUser caller)
throws MergeValidationException {
Account.Id accountId = Account.Id.fromRef(destBranch.branch());
if (!allUsersName.equals(destProject.getNameKey()) || accountId == null) {
return;
}
ChangeData cd =
changeDataFactory.create(destProject.getProject().getNameKey(), patchSetId.changeId());
try {
if (!cd.currentFilePaths().contains(AccountProperties.ACCOUNT_CONFIG)) {
return;
}
} catch (StorageException e) {
logger.atSevere().withCause(e).log("Cannot validate account update");
throw new MergeValidationException("account validation unavailable", e);
}
try {
List<String> errorMessages =
accountValidator.validate(accountId, repo, revWalk, null, commit);
if (!errorMessages.isEmpty()) {
throw new MergeValidationException(
"invalid account configuration: " + Joiner.on("; ").join(errorMessages));
}
} catch (IOException e) {
logger.atSevere().withCause(e).log("Cannot validate account update");
throw new MergeValidationException("account validation unavailable", e);
}
}
}
/** Validator to ensure that group refs are not mutated. */
public static class GroupMergeValidator implements MergeValidationListener {
public interface Factory {
GroupMergeValidator create();
}
private final AllUsersName allUsersName;
@Inject
public GroupMergeValidator(AllUsersName allUsersName) {
this.allUsersName = allUsersName;
}
@Override
public void onPreMerge(
Repository repo,
CodeReviewRevWalk revWalk,
CodeReviewCommit commit,
ProjectState destProject,
BranchNameKey destBranch,
PatchSet.Id patchSetId,
IdentifiedUser caller)
throws MergeValidationException {
// Groups are stored inside the 'All-Users' repository.
if (!allUsersName.equals(destProject.getNameKey())
|| !RefNames.isGroupRef(destBranch.branch())) {
return;
}
throw new MergeValidationException("group update not allowed");
}
}
/**
* Validator to ensure that destBranch is not a symbolic reference (an attempt to merge into a
* symbolic ref branch leads to LOCK_FAILURE exception).
*/
private static class DestBranchRefValidator implements MergeValidationListener {
@Override
public void onPreMerge(
Repository repo,
CodeReviewRevWalk revWalk,
CodeReviewCommit commit,
ProjectState destProject,
BranchNameKey destBranch,
PatchSet.Id patchSetId,
IdentifiedUser caller)
throws MergeValidationException {
try {
Ref ref = repo.exactRef(destBranch.branch());
// Usually the target branch exists, but there is an exception for some branches (see
// {@link com.google.gerrit.server.git.receive.ReceiveCommits} for details).
// Such non-existing branches should be ignored.
if (ref != null && ref.isSymbolic()) {
throw new MergeValidationException("the target branch is a symbolic ref");
}
} catch (IOException e) {
logger.atSevere().withCause(e).log("Cannot validate destination branch");
throw new MergeValidationException("symref validation unavailable", e);
}
}
}
}
|
