Add proto validation for ProfileService #4905
Conversation
rdimitrov
force-pushed
the
validate-profiles
branch
2 times, most recently
from
7c4398d to
bddddb6
Compare
proto/minder/v1/minder.proto
Outdated
| string version = 11; | ||
| string version = 11 [ | ||
| (buf.validate.field).string = { | ||
| pattern: "^v\\d+(\\.\\d+)?(\\.\\d+)?(?:-[\\w\\.-]+)?$", |
There was a problem hiding this comment.
Should we have this for the profiles given we might add some notion of versioning in the hopefully not so distant future?
There was a problem hiding this comment.
I think we may want only ^v\d$ (or empty) for now.
proto/minder/v1/minder.proto
Outdated
| string label_filter = 2; | ||
| string label_filter = 2 [ | ||
| (buf.validate.field).string = { | ||
| pattern: "^(\\*|[a-zA-Z][a-zA-Z0-9_]*)$", |
There was a problem hiding this comment.
I think I was unable to find a usage of this server-side (though maybe that comment was on another PR?), so I'm not sure if it's in use at the moment. I'd enforce lower-case on this for now.
| pattern: "^([a-zA-Z0-9]([-a-zA-Z0-9]{0,61}[a-zA-Z0-9])?:)?[a-zA-Z0-9]([-a-zA-Z0-9]{0,61}[a-zA-Z0-9])?$" | ||
| } |
There was a problem hiding this comment.
Not sure if you want to keep or remove the preceeding comment. Maybe keep until we can generate these in the OpenAPI doc?
There was a problem hiding this comment.
Let's leave it for now 👍
| @@ -2290,33 +2332,78 @@ message Profile { | |||
| // id is optional and use for updates to match upserts as well as read operations. It is ignored for creates. | |||
| string id = 1; | |||
| // entity is the entity to select. | |||
| string entity = 2; | |||
| string entity = 2 [ | |||
There was a problem hiding this comment.
We should have called this entity_type, huh?
There was a problem hiding this comment.
Yes, that's one of the few examples I was talking about yesterday 😃
proto/minder/v1/minder.proto
Outdated
| string selector = 4; | ||
| string selector = 4 [ | ||
| (buf.validate.field).string = { | ||
| pattern: "^[a-zA-Z_][a-zA-Z0-9_]*(?:\\.[a-zA-Z_][a-zA-Z0-9_]*)*(?:\\[\\d+\\])?$", |
There was a problem hiding this comment.
I don't understand this. This is a CEL expression, correct?
It feels like this might be a special case where we say "this will be parsed as a CEL expression", because I'm nervous about encoding the allowed CEL characters in a regex. (In particular, I suspect they allow for greater-than and less-than expressions...)
There was a problem hiding this comment.
Makes sense 👍 So we can leave it without validation for now I suppose?
proto/minder/v1/minder.proto
Outdated
| string description = 6; | ||
| string description = 6 [ | ||
| (buf.validate.field).string = { | ||
| pattern: "[A-Za-z][-/.!?,:;[:word:] ]*", |
There was a problem hiding this comment.
Why not [[:punct:][:word:] ]*? Are there specific characters we're trying to exclude from the punctuation set?
(Also, why a leading letter?)
There was a problem hiding this comment.
Yes, punct seems to include < > which we don't want right?
As for the leading letter, I thought it feels better to establish some form of common formatting for when this value is visualised.
proto/minder/v1/minder.proto
Outdated
| optional string remediate = 8; | ||
| optional string remediate = 8 [ | ||
| (buf.validate.field).string = { | ||
| pattern: "^(on|off|dry_run)$", |
proto/minder/v1/minder.proto
Outdated
| string version = 11; | ||
| string version = 11 [ | ||
| (buf.validate.field).string = { | ||
| pattern: "^v\\d+(\\.\\d+)?(\\.\\d+)?(?:-[\\w\\.-]+)?$", |
There was a problem hiding this comment.
I think we may want only ^v\d$ (or empty) for now.
rdimitrov
force-pushed
the
validate-profiles
branch
2 times, most recently
from
42e238f to
0f98428
Compare
proto/minder/v1/minder.proto
Outdated
| @@ -1847,7 +1865,7 @@ message ListEvaluationResultsRequest { | |||
| (buf.validate.field).repeated = { | |||
| items: { | |||
| string: { | |||
| pattern: "[-[:word:]]*", | |||
| pattern: "^[-[:word:]]*$", | |||
There was a problem hiding this comment.
oh, actually this should be ^[A-Za-z][-/[:word:]]*$, you're right 👍
| (buf.validate.field).string = { | ||
| pattern: "^v\\d$", | ||
| } |
There was a problem hiding this comment.
This is never empty, correct?
There was a problem hiding this comment.
Yeah, I checked all of the profiles I could find and it's set everywhere 👍
| @@ -2915,7 +2999,7 @@ message ListEvaluationHistoryRequest { | |||
| (buf.validate.field).repeated = { | |||
| items: { | |||
| string: { | |||
| pattern: "[,[:word:]]*", | |||
| pattern: "^[,[:word:]]*$", | |||
There was a problem hiding this comment.
Why do we allow "," in a repeated field?
There was a problem hiding this comment.
Because of -
minder/internal/controlplane/handlers_evalstatus.go
Lines 283 to 287 in 3872633
| @@ -2927,7 +3011,7 @@ message ListEvaluationHistoryRequest { | |||
| (buf.validate.field).repeated = { | |||
| items: { | |||
| string: { | |||
| pattern: "[,-./[:word:]]*", | |||
| pattern: "^[,-./[:word:]]*$", | |||
There was a problem hiding this comment.
Because of -
minder/internal/controlplane/handlers_evalstatus.go
Lines 283 to 287 in 3872633
| @@ -2951,7 +3035,7 @@ message ListEvaluationHistoryRequest { | |||
| (buf.validate.field).repeated = { | |||
| items: { | |||
| string: { | |||
| pattern: "[,[:word:]]*", | |||
| pattern: "^[,[:word:]]*$", | |||
There was a problem hiding this comment.
Again, , seems like an error converting to a repeated field
There was a problem hiding this comment.
Because of -
minder/internal/controlplane/handlers_evalstatus.go
Lines 283 to 287 in 3872633
| @@ -2963,7 +3047,7 @@ message ListEvaluationHistoryRequest { | |||
| (buf.validate.field).repeated = { | |||
| items: { | |||
| string: { | |||
| pattern: "[,[:word:]]*", | |||
| pattern: "^[,[:word:]]*$", | |||
There was a problem hiding this comment.
Because of -
minder/internal/controlplane/handlers_evalstatus.go
Lines 283 to 287 in 3872633
| @@ -2975,7 +3059,7 @@ message ListEvaluationHistoryRequest { | |||
| (buf.validate.field).repeated = { | |||
| items: { | |||
| string: { | |||
| pattern: "[,[:word:]]*", | |||
| pattern: "^[,[:word:]]*$", | |||
There was a problem hiding this comment.
Because of -
minder/internal/controlplane/handlers_evalstatus.go
Lines 283 to 287 in 3872633
Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>
Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>
Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>
Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>
Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>
rdimitrov
force-pushed
the
validate-profiles
branch
from
899d337 to
7dd13bb
Compare
Summary
Ref https://github.com/stacklok/minder-stories/issues/94
Change Type
Mark the type of change your PR introduces:
Testing
Outline how the changes were tested, including steps to reproduce and any relevant configurations.
Attach screenshots if helpful.
Review Checklist: