Skip to content

Commit

Permalink
feat: Prevent unallowed internal/beta module installation (kyma-proje…
Browse files Browse the repository at this point in the history 
…ct#2111)

* feat: Prevent unallowed internal/beta module installation

* fix linting

* tests to allow ireturn

* refactor mrm fetching

* fix tests

* revert receiver to normal func

* remove unnecessary context

* add missing testcases
# Conflicts:
#	pkg/templatelookup/regular.go
  • Loading branch information
@medmes @c-pius
medmes authored and c-pius committed Dec 17, 2024
1 parent 7169967 commit b9574fa
Showing 1 changed file with 37 additions and 15 deletions.
52 changes: 37 additions & 15 deletions pkg/templatelookup/regular.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,9 @@ import (

"github.com/kyma-project/lifecycle-manager/api/shared"
"github.com/kyma-project/lifecycle-manager/api/v1beta2"

"github.com/kyma-project/lifecycle-manager/internal/descriptor/provider"
"github.com/kyma-project/lifecycle-manager/internal/remote"
"github.com/kyma-project/lifecycle-manager/pkg/log"
"github.com/kyma-project/lifecycle-manager/pkg/util"
)

var (
Expand Down Expand Up @@ -48,7 +47,7 @@ type ModuleTemplatesByModuleName map[string]*ModuleTemplateInfo

func (t *TemplateLookup) GetRegularTemplates(ctx context.Context, kyma *v1beta2.Kyma) ModuleTemplatesByModuleName {
templates := make(ModuleTemplatesByModuleName)
for _, module := range FetchModuleStatusInfo(kyma) {
for _, module := range FindAvailableModules(kyma) {
_, found := templates[module.Name]
if found {
continue
Expand All @@ -58,8 +57,14 @@ func (t *TemplateLookup) GetRegularTemplates(ctx context.Context, kyma *v1beta2.
continue
}

templateInfo := t.PopulateModuleTemplateInfo(ctx, module, kyma.Namespace, kyma.Spec.Channel)
templateInfo = ValidateTemplateMode(templateInfo, kyma)
moduleReleaseMeta, err := GetModuleReleaseMeta(ctx, t, module.Name, kyma.Namespace)
if client.IgnoreNotFound(err) != nil {
templates[module.Name] = &ModuleTemplateInfo{Err: err}
continue
}

templateInfo := t.PopulateModuleTemplateInfo(ctx, module, kyma.Namespace, kyma.Spec.Channel, moduleReleaseMeta)
templateInfo = ValidateTemplateMode(templateInfo, kyma, moduleReleaseMeta)
if templateInfo.Err != nil {
templates[module.Name] = &templateInfo
continue
Expand Down Expand Up @@ -87,22 +92,17 @@ func (t *TemplateLookup) GetRegularTemplates(ctx context.Context, kyma *v1beta2.
}

func (t *TemplateLookup) PopulateModuleTemplateInfo(ctx context.Context,
module ModuleStatusInfo, namespace, kymaChannel string,
module AvailableModule, namespace, kymaChannel string, moduleReleaseMeta *v1beta2.ModuleReleaseMeta,
) ModuleTemplateInfo {
moduleReleaseMeta, err := GetModuleReleaseMeta(ctx, t, module.Name, namespace)
if util.IsNotFound(err) {
if moduleReleaseMeta == nil {
return t.populateModuleTemplateInfoWithoutModuleReleaseMeta(ctx, module, kymaChannel)
}

if err != nil {
return ModuleTemplateInfo{Err: err}
}

return t.populateModuleTemplateInfoUsingModuleReleaseMeta(ctx, module, moduleReleaseMeta, kymaChannel, namespace)
}

func (t *TemplateLookup) populateModuleTemplateInfoWithoutModuleReleaseMeta(ctx context.Context,
module ModuleStatusInfo, kymaChannel string,
module AvailableModule, kymaChannel string,
) ModuleTemplateInfo {
var templateInfo ModuleTemplateInfo
if module.IsInstalledByVersion() {
Expand All @@ -114,7 +114,7 @@ func (t *TemplateLookup) populateModuleTemplateInfoWithoutModuleReleaseMeta(ctx
}

func (t *TemplateLookup) populateModuleTemplateInfoUsingModuleReleaseMeta(ctx context.Context,
module ModuleStatusInfo,
module AvailableModule,
moduleReleaseMeta *v1beta2.ModuleReleaseMeta, kymaChannel, namespace string,
) ModuleTemplateInfo {
var templateInfo ModuleTemplateInfo
Expand All @@ -136,10 +136,22 @@ func (t *TemplateLookup) populateModuleTemplateInfoUsingModuleReleaseMeta(ctx co
return templateInfo
}

func ValidateTemplateMode(template ModuleTemplateInfo, kyma *v1beta2.Kyma) ModuleTemplateInfo {
func ValidateTemplateMode(template ModuleTemplateInfo,
kyma *v1beta2.Kyma,
moduleReleaseMeta *v1beta2.ModuleReleaseMeta,
) ModuleTemplateInfo {
if template.Err != nil {
return template
}

if moduleReleaseMeta == nil {
return validateTemplateModeWithoutModuleReleaseMeta(template, kyma)
}

return validateTemplateModeWithModuleReleaseMeta(template, kyma, moduleReleaseMeta)
}

func validateTemplateModeWithoutModuleReleaseMeta(template ModuleTemplateInfo, kyma *v1beta2.Kyma) ModuleTemplateInfo {
if template.IsInternal() && !kyma.IsInternal() {
template.Err = fmt.Errorf("%w: internal module", ErrTemplateNotAllowed)
return template
Expand All @@ -151,6 +163,16 @@ func ValidateTemplateMode(template ModuleTemplateInfo, kyma *v1beta2.Kyma) Modul
return template
}

func validateTemplateModeWithModuleReleaseMeta(template ModuleTemplateInfo, kyma *v1beta2.Kyma,
moduleReleaseMeta *v1beta2.ModuleReleaseMeta,
) ModuleTemplateInfo {
if !remote.IsAllowedModuleReleaseMeta(*moduleReleaseMeta, kyma) {
template.Err = fmt.Errorf("%w: module is beta or internal", ErrTemplateNotAllowed)
}

return template
}

func (t *TemplateLookup) getTemplateByVersion(ctx context.Context,
moduleName, moduleVersion, namespace string,
) (*v1beta2.ModuleTemplate, error) {
Expand Down

0 comments on commit b9574fa

Please sign in to comment.