87 lines
2.2 KiB
Go
87 lines
2.2 KiB
Go
package user
|
|
|
|
import (
|
|
"context"
|
|
"crypto/x509"
|
|
"encoding/pem"
|
|
"fmt"
|
|
virtuslabv1alpha1 "github.com/VirtusLab/jenkins-operator/pkg/apis/virtuslab/v1alpha1"
|
|
"github.com/VirtusLab/jenkins-operator/pkg/log"
|
|
"k8s.io/api/core/v1"
|
|
"k8s.io/apimachinery/pkg/types"
|
|
"strings"
|
|
)
|
|
|
|
// Validate validates Jenkins CR Spec section
|
|
func (r *ReconcileUserConfiguration) Validate(jenkins *virtuslabv1alpha1.Jenkins) bool {
|
|
if !r.validateSeedJobs(jenkins) {
|
|
return false
|
|
}
|
|
return true
|
|
}
|
|
|
|
func (r *ReconcileUserConfiguration) validateSeedJobs(jenkins *virtuslabv1alpha1.Jenkins) bool {
|
|
if jenkins.Spec.SeedJobs != nil {
|
|
for _, seedJob := range jenkins.Spec.SeedJobs {
|
|
logger := r.logger.WithValues("seedJob", fmt.Sprintf("%+v", seedJob)).V(log.VWarn)
|
|
|
|
// validate seed job id is not empty
|
|
if len(seedJob.ID) == 0 {
|
|
logger.Info("seed job id can't be empty")
|
|
return false
|
|
}
|
|
|
|
// validate repository url match private key
|
|
if strings.Contains(seedJob.RepositoryURL, "git@") {
|
|
if seedJob.PrivateKey.SecretKeyRef == nil {
|
|
logger.Info("private key can't be empty while using ssh repository url")
|
|
return false
|
|
}
|
|
}
|
|
|
|
// validate private key from secret
|
|
if seedJob.PrivateKey.SecretKeyRef != nil {
|
|
deployKeySecret := &v1.Secret{}
|
|
namespaceName := types.NamespacedName{Namespace: jenkins.Namespace, Name: seedJob.PrivateKey.SecretKeyRef.Name}
|
|
err := r.k8sClient.Get(context.TODO(), namespaceName, deployKeySecret)
|
|
//TODO(bantoniak) handle error properly
|
|
if err != nil {
|
|
logger.Info("couldn't read private key secret")
|
|
return false
|
|
}
|
|
|
|
privateKey := string(deployKeySecret.Data[seedJob.PrivateKey.SecretKeyRef.Key])
|
|
if privateKey == "" {
|
|
logger.Info("private key is empty")
|
|
return false
|
|
}
|
|
|
|
if !validatePrivateKey(privateKey) {
|
|
logger.Info("private key is invalid")
|
|
return false
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return true
|
|
}
|
|
|
|
func validatePrivateKey(privateKey string) bool {
|
|
block, _ := pem.Decode([]byte(privateKey))
|
|
if block == nil {
|
|
return false
|
|
}
|
|
|
|
priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
err = priv.Validate()
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
return true
|
|
}
|