Skip to content

Commit

Permalink
add shasum validation for upload-stemcell
Browse files Browse the repository at this point in the history
This allows a --shasum arugument to perform a shasum comparison of the stemcell trying to be uploaded.
If they don't match, then the command will fail.

[#157825231]

Signed-off-by: Kira Boyle <[email protected]>
  • Loading branch information
JT Archie authored and michelleheh committed Jul 3, 2018
1 parent 7fe9123 commit 9ba75a5
Show file tree
Hide file tree
Showing 4 changed files with 79 additions and 14 deletions.
4 changes: 2 additions & 2 deletions commands/upload_product.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,10 @@ type UploadProduct struct {
multipart multipart
logger logger
service uploadProductService
Options struct {
Options struct {
Product string `long:"product" short:"p" required:"true" description:"path to product"`
PollingInterval int `long:"polling-interval" short:"pi" description:"interval (in seconds) at which to print status" default:"1"`
Shasum string `long:"shasum" short:"s" description:"shasum of the provided product file to be used for validation"`
Shasum string `long:"shasum" short:"sha" description:"shasum of the provided product file to be used for validation"`
}
metadataExtractor metadataExtractor
}
Expand Down
11 changes: 0 additions & 11 deletions commands/upload_product_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -152,17 +152,6 @@ var _ = Describe("UploadProduct", func() {
file.WriteString("testing-shasum")

command := commands.NewUploadProduct(multipart, metadataExtractor, fakeService, logger)
metadataExtractor.ExtractMetadataReturns(extractor.Metadata{
Name: "cf",
Version: "1.5.0",
}, nil)
fakeService.CheckProductAvailabilityStub = func(name, version string) (bool, error) {
if name == "cf" && version == "1.5.0" {
return true, nil
}
return false, errors.New("unknown")
}

err = command.Execute([]string{
"--product", file.Name(),
"--shasum", "not-the-correct-shasum",
Expand Down
20 changes: 19 additions & 1 deletion commands/upload_stemcell.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,17 +7,20 @@ import (
"github.com/pivotal-cf/jhanda"
"github.com/pivotal-cf/om/api"
"github.com/pivotal-cf/om/formcontent"
"github.com/pivotal-cf/om/validator"

"strconv"
)

type UploadStemcell struct {
multipart multipart
logger logger
service uploadStemcellService
Options struct {
Options struct {
Stemcell string `long:"stemcell" short:"s" required:"true" description:"path to stemcell"`
Force bool `long:"force" short:"f" description:"upload stemcell even if it already exists on the target Ops Manager"`
Floating bool `long:"floating" default:"true" description:"assigns the stemcell to all compatible products "`
Shasum string `long:"shasum" short:"sha" description:"shasum of the provided stemcell file to be used for validation"`
}
}

Expand Down Expand Up @@ -55,6 +58,21 @@ func (us UploadStemcell) Execute(args []string) error {
return fmt.Errorf("could not parse upload-stemcell flags: %s", err)
}

if us.Options.Shasum != "" {
shaValidator := validator.NewSHA256Calculator()
shasum, err := shaValidator.Checksum(us.Options.Stemcell)

if err != nil {
return err
}

if shasum != us.Options.Shasum {
return fmt.Errorf("expected shasum %s does not match file shasum %s", us.Options.Shasum, shasum)
}

us.logger.Printf("expected shasum matches stemcell shasum.")
}

if !us.Options.Force {
us.logger.Printf("processing stemcell")
report, err := us.service.GetDiagnosticReport()
Expand Down
58 changes: 58 additions & 0 deletions commands/upload_stemcell_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"errors"
"fmt"
"io/ioutil"
"os"
"strings"

"github.com/pivotal-cf/jhanda"
Expand Down Expand Up @@ -185,6 +186,63 @@ var _ = Describe("UploadStemcell", func() {
})
})

Context("when the --shasum flag is defined", func() {
It("proceeds normally when the sha sums match", func() {
file, err := ioutil.TempFile("", "test-file.tgz")
Expect(err).ToNot(HaveOccurred())

file.Close()
defer os.Remove(file.Name())

file.WriteString("testing-shasum")

submission := formcontent.ContentSubmission{
Length: 10,
Content: ioutil.NopCloser(strings.NewReader("")),
ContentType: "some content-type",
}
multipart.FinalizeReturns(submission, nil)

fakeService.GetDiagnosticReportReturns(api.DiagnosticReport{Stemcells: []string{}}, nil)

command := commands.NewUploadStemcell(multipart, fakeService, logger)
err = command.Execute([]string{
"--stemcell", file.Name(),
"--shasum", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
})
Expect(err).NotTo(HaveOccurred())
format, v := logger.PrintfArgsForCall(0)
Expect(fmt.Sprintf(format, v...)).To(ContainSubstring("expected shasum matches stemcell shasum."))
})

It("returns an error when the sha sums don't match", func() {
file, err := ioutil.TempFile("", "test-file.tgz")
Expect(err).ToNot(HaveOccurred())

file.Close()
defer os.Remove(file.Name())

file.WriteString("testing-shasum")

command := commands.NewUploadStemcell(multipart, fakeService, logger)
err = command.Execute([]string{
"--stemcell", file.Name(),
"--shasum", "not-the-correct-shasum",
})
Expect(err).To(HaveOccurred())
Expect(err).To(MatchError("expected shasum not-the-correct-shasum does not match file shasum e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"))
})
It("fails when the file can not calculate a shasum", func() {
command := commands.NewUploadStemcell(multipart, fakeService, logger)
err := command.Execute([]string{
"--stemcell", "/path/to/testing.tgz",
"--shasum", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
})
Expect(err).To(HaveOccurred())
Expect(err).To(MatchError("open /path/to/testing.tgz: no such file or directory"))
})
})

Context("when the diagnostic report is unavailable", func() {
It("uploads the stemcell", func() {
submission := formcontent.ContentSubmission{
Expand Down

0 comments on commit 9ba75a5

Please sign in to comment.