tag checking and validation complete.

8 years ago · 95955f17a3
parent 40c8aae584
commit 95955f17a3
6 changed files with 101 additions and 73 deletions
--- a/commits.go
+++ b/commits.go
@ -71,9 +71,38 @@ func get_valid_keys(commit *git.Commit, keys *map[string]openpgp.KeyRing) []stri
 	return ret
 }

-func exec_tag(tag SCORSHtag, valid_keys []string) error {
+func intersect_keys(ref map[string]bool, keys []string) []string {

-	return nil
+	var ret []string
+
+	for _, k := range keys {
+
+		if _, ok := ref[k]; ok {
+			ret = append(ret, k)
+		}
+	}
+	return ret
+}
+
+func find_tag_config(tag_name string, w *SCORSHworker) (*SCORSHtag_cfg, bool) {
+
+	for _, c := range w.Tags {
+		if c.Name == tag_name {
+			return &c, true
+		}
+	}
+	return nil, false
+}
+
+func exec_tag(tag *SCORSHtag_cfg) []error {
+
+	var ret []error
+
+	for _, c := range tag.Commands {
+		debug.log("[tag: %s] attempting command: %s\n", tag.Name, c.URL)
+		ret = append(ret, nil)
+	}
+	return ret
 }

 // traverse all the commits between two references, looking for scorsh
@ -143,18 +172,32 @@ func walk_commits(msg SCORSHmsg, w *SCORSHworker) error {

 				// 1) get the list of all the keys which verify the message
 				valid_keys := get_valid_keys(commit, &(w.Keys))
-				debug.log("validated keyrings on commit: %s\n", valid_keys)
-				// 2) Try to execute each of the tag included in the message
+				debug.log("[worker: %s] validated keyrings on commit: %s\n", w.Name, valid_keys)

+				// 2) then for each tag in the message
 				for _, t := range tags.Tags {
-					err = exec_tag(t, valid_keys)
-					if err != nil {
-						log.Printf("[worker: %s] unable to execute tag: %s : %s", w.Name, t.Tag, err)
-					} else {
-						log.Printf("[worker: %s] tag %s executed\n", w.Name, t.Tag)
+					// a) check that the tag is among those accepted by the worker
+					tag_cfg, good_tag := find_tag_config(t.Tag, w)
+					debug.log("[worker: %s] good_tag: %s\n", w.Name, good_tag)
+
+					if !good_tag {
+						continue
+					}
+
+					// b) check that at least one of the accepted tag keys is in valid_keys
+					good_keys := intersect_keys(w.TagKeys[t.Tag], valid_keys) != nil
+					debug.log("[worker: %s] good_keys: %s\n", w.Name, good_keys)
+
+					if !good_keys {
+						continue
 					}
-				}

+					// c) If everything is OK, execute the tag
+					if good_tag && good_keys {
+						errs := exec_tag(tag_cfg)
+						debug.log("[worker: %s] errors in tag %s: %s\n", w.Name, t.Tag, errs)
+					}
+				}
 			}

 			//signature, signed, err := check_signature(commit, &w.Keys)
--- a/examples/worker1/allowed_users.asc
+++ b/examples/worker1/allowed_users.asc
@ -1,62 +1,30 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----

-mQGiBEFi1/MRBADTOYQBLugy99OG588zPBaOhDPaCfeeB/XiMbMLdO6RzCCZtuU7
-e1G3I+8yIOLNUhfkmIT5Q7aU7FQA6OEexMvA3hijma7uLWs0GPGBC6U2XWEGVCcM
-NNCVgZXv8JAEGdyWZmYBO+StYzp7tPhoujUMbY3ChPFes2IB1tlpJeYkuwCglKi6
-ENT7n1pp0ZL02HyW7sUeFIED/3X1G6hKpcO12KXhdl70bI1ELBEoXW8S6E5+zN9v
-bj/3SDVMMc99k7vmxd8MVhQviCuwHdX9115fiuUcb6atSdtbXMvCR729rlH+QfCA
-aEdJ5O784zcpaTaplRlSVhqbkqU0O0qs2Uwpzyq2YOmqOWaUoxWjaAEZ3MTinJ05
-FOIrA/4xN/kC0xJmqtAYg+IXnEM91pJaHVn1tlG0Us/ZUcV3qOBVzlxbELiYJY/P
-f0RdSdJpsCglMeHMvKXYWDYeUwCxVnrX9QdY5U+o7jajW3CY+QXyiUOyB6Oxp1ZB
-R9/Kzch8ZDG1efvhPS6Yl6c4VzrOEfmYfq0zA8dD81Q7fKoWKrQ0VmluY2Vuem8g
-Tmljb3NpYSAoS2F0b2xhWikgPG1lQGthdG9sYXouaG9tZXVuaXgubmV0PoheBBMR
-AgAeBQJBhMseAhsDBgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEF8gs64LXwYv3+EA
-n0DltQTOk4+jUcxj/EsAqlWRCeuwAJ0doTEepP8DZSP5CTdd6NFB1PdmzLQtVmlu
-Y2Vuem8gTmljb3NpYSAoS2F0b2xhWikgPGthdG9sYXpAeWFob28uaXQ+iF4EExEC
-AB4FAkFi1/MCGwMGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQXyCzrgtfBi+8mQCf
-X/yJFPgwIwxh4DKNgaklCqp54sYAn0Y9gGbbx6GXgKq3HuUotw10uf5giEYEEBEC
-AAYFAkFz0mYACgkQodsYiAfnHNnmGACfdDSOopfIhJ6QeoXO70s374CpTGMAn13h
-Fo1L15WsRDGVmltPCyxgIkSWiEYEExECAAYFAkF0QPUACgkQAYe00nZD+a+ZSgCf
-X/MNObMst8iZqavGJRQjWiHmJOUAn1SlDmC4El2Mv6UJB/MxZxDkoDcPiEYEExEC
-AAYFAkF0CCkACgkQWDOBDtzNIgVcfgCgxIGF1+W/FNAavZ75fWBAgJXxdTcAoJFr
-7rYllKXuaUbgzKRVgdO9JT9diEYEExECAAYFAkFz8ewACgkQnFc9aLrD67HS7wCg
-nOXXrI+nJuMbyYIEejF2IOC0l/EAoKEfdFk5zx90P4qi/N0tyRsOARlmiEYEExEC
-AAYFAkFzkv8ACgkQ6tyjHCMzLlp5DACfQLvi/Ob1x8Fs2YnRqSFlHvj7hh4AnAx2
-plP6AOvDL7VpB54Y7aAVN/55iEYEExECAAYFAkFyyqwACgkQTSZ6jadyvDFJegCf
-UBEzE6Rct4w4wANQhiAbm2RSwYkAnj+mfaUghdVj6LjgqQn8d5+VmzBZiEYEExEC
-AAYFAkFyMxQACgkQ9QhEMx2jMUK/FgCgodHF1MRE0r/MLNwv1IIrxCpncrkAn3vC
-sEmGt3B41mc40kfmj+Pi30zViEYEEBECAAYFAkF4EroACgkQLUrLvHBE1gFRuQCf
-ahlJgXhfpIJ2esi1taT5NtNSlncAoJhYo47lMvkRCIx25RUUoHl5GHH9iEYEEBEC
-AAYFAkIkxE0ACgkQ02jWMQa6YLzHoACeOTBEUZKQjNf4BHLzW3TXizFOBqoAoJ+w
-do4hRB2tJFdI3i1aVGQIju8aiEYEExECAAYFAkLz1FAACgkQG+p9XIlFCSBHjQCe
-OJehivpP+jhioDeBKsPcNfK/7PgAmwTcEAkHzPTEcQcvLAxGMmV4KWnsiEYEEBEC
-AAYFAkLEIWYACgkQeL/ecPnD1vDS+ACgsBa09BSGMVppYWkbsQKs1JpaWYwAn33Z
-Z/Z9FbqVguZwbdjaA13VH08oiF4EExECAB4FAkFi1/MCGwMGCwkIBwMCAxUCAwMW
-AgECHgECF4AACgkQXyCzrgtfBi+8mQCfUk2WzM0p3pM+MVeILWmKVemvwzgAniY+
-pALW1rL2IbIinW+1XtgIBa8NtDFWaW5jZW56byAoS2F0b2xhWikgTmljb3NpYSA8
-a2F0b2xhekBmcmVha25ldC5vcmc+iGIEExECACIFAlhnsMwCGwMGCwkIBwMCBhUI
-AgkKCwQWAgMBAh4BAheAAAoJEF8gs64LXwYvdukAnjKbYH4UvZKVpVRkEpYidnWF
-7ecNAJ4gcHdh+tYoqBlIIyDj/6X+p4CaA7QeS2F0b2xhWiA8a2F0b2xhekBmcmVh
-a25ldC5vcmc+iGAEExECACAFAkT0JDcCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIX
-gAAKCRBfILOuC18GL2wlAJ9s3FnaoAgftFyzkpWXHbguXqc+2QCggZKrTK+Z6b30
-3M5bpwkVPFO2tkm0I0Vuem8gTmljb3NpYSA8a2F0b2xhekBmcmVha25ldC5vcmc+
-iGAEExECACAFAkT0Sl4CGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRBfILOu
-C18GL9WmAJ9am98TX/t2THTAJlLrLqKC2+IKkgCfQBmOXi9B0rlucPfG5tc1ATop
-Ice0LkVuem8gTmljb3NpYSAtLSBLYXRvbGFaIDxrYXRvbGF6QGZyZWFrbmV0Lm9y
-Zz6IYAQTEQIAIAUCRPQmDAIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEF8g
-s64LXwYvJXUAnAm9EXFMUqbKQHpPptu1bevyXGieAJ0QuIFhr4CqcLIBt6eEYDOk
-/Abhb7kCDQRBYtf/EAgAkRtE9UbyNVoZgBmctRNn1rZGOGh0D0pg7f7DhoNZfsel
-CvzYTb6NN+CK4TPFE820nfi86xu6rBxL0NBmXMuhEQImSLZ3J5RbHpc6k+dXu8G7
-qbH8eWiee+vaebrMou4j5zJE5KZBeTa/IV0fGf9U9JxGMQvQfgPMiEEjMf4BpxCd
-xyA4Y7MxfcNlTrsK0D2N9oO54L4OtBMyLQicj9vCGX9idXkstpFnu6XywrlFpzCM
-t0j4DVTOFom4goYneTimoZvkhAmTsU9WUHdQF7bSEdzCLirD+eHwkq/EVk8x84tC
-IxfzaRqRnPAD1OcCeoRqRbyJX7f5gEWqDUVGj9howwADBgf/RrEDF75RhVaqLbU0
-99wGe4pY5YpeZ44J0fO6LY44nu/0amDQ6Ijb9Bx2h31+z+/90Fm2b3o/AVoVbkj3
-D5qElFPLPJq3znaLeHVP3nV53qLYZqEgbkUFeyVTauavquy27Wrf7UQGZexGBjLb
-ppJcsm27hswBZwDdkubiHiA5VcxJIhk2SyBgvjSiwLa9nVsPpp8P1PlGH7e8ijTk
-ynF2rI4+P9tGkskagHPbs7gLSbpfHDiex/U3p1V9ry6OsoIKcrZAx5do5PQi7iaz
-JGXmPPu/XM9XR1+Gj9vCoxg56AHgAE9RAX6SH99ECtRLiCVbwGpVj98A0LRy7Nf9
-SMX7gYhJBBgRAgAJBQJBYtf/AhsMAAoJEF8gs64LXwYvwWkAnAnoHai6n3a3WnM1
-zIolhmQMfsj3AJ4i/olraFAACc1BCJESK6dVFiSvoQ==
-=aSn2
+mQENBFltDTcBCAC+ngq5DpxpDMJEnQUsB9m1CNE8Em8Fox24FzFLvcUiC3Gf9w2c
+Pmh6EJSwrEuwzqGIJ+VRPxB+uVBZ2IJvwgCuQ6N4itBVsuCjduhkDZafRvsX1Tuh
+6/DJiWcA/WYMtBJ8EacdxYMM8dwo4rt+8nffq1tZiDNzAfR5ezYnqi/ICmbdjVoA
+oR0BW/gmXbaxSDc/CIotU2Z7omBS+44qVI6W4fi9RnbwRSl8C0dp+FJQcfkYBnP7
+GDNKdIZKARCUFJUz++HLvKneRXi0y+fZeQ/w7uQ8BO1lNoxRep3TpfztqnpMHUmC
+S02InQFdebJRmywR88q32WB747sQ9OXQYM/PABEBAAG0EFNDT1JTSCB0ZXN0IHVz
+ZXKJAVQEEwEIAD4WIQTFTNpoZyy96GDiAmtAyPC1m+DXVAUCWW0NNwIbAwUJA8Jn
+AAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBAyPC1m+DXVKzBB/953d7i50CC
+WyJwI4lYk0IeO7jFR9ml24Sm+5Cl/Wz8khPwVuT2qgCR6y3G0AUBtVpnVCMifPXX
+CRi4IwKi3rnlhqeKzqXiffkzxD4pZW4fKM9dOT92j+97qvmacNj4eS5qO8gFea0W
+dGuoUzd+/JJxfyVCL8hs14Fan1qzgpVB60OANKLWatljdAHwrAaaWQMGBd7RI0Et
+Z0f6TNIzT2DUVnzoDRvcQpm4svrjJqcLnBbOJyGHrQPOQXBWsVroyPAg3Ho0bkdm
+kZY4QdTlEmvPqtHAfc5bMvUXScOAzW5tbUPmFDHz4gBluoj7sBC93u0K2Y6hAh9+
+4+UPTBmygBoQuQENBFltDTcBCADB9qmGAMeJsDSiNbph/b9K2SYF3X6DXW2FShBo
+mdYVElIQD56zub8wtZ70RZKIYogHjnudX7pMrLRZ/PeI7c2JPYnEUDq/zBoh8MfL
+MFURyAaAmoXt4X1vUMIi8MDHawjPwnDbixoItT+jxO5WmjbSGRZT0fFZYeWwwCjh
+IRSB8ufYffYnl2m01UMJ3M+a+PQY0UQA9znoaN0C9gt66IibgO6C1txppvG6QTAD
+CuFH7UVs8J4RgL45+lCPo38zifhvxn5hhc8tR5L3eCKy4MXQofq2rHNDJc1Kak3u
+SlFGX9LxrBe+53awCwzNPbMDhod0d0HlPdfjMw7X0dMLJdHJABEBAAGJATwEGAEI
+ACYWIQTFTNpoZyy96GDiAmtAyPC1m+DXVAUCWW0NNwIbDAUJA8JnAAAKCRBAyPC1
+m+DXVKD/CACrxoPZ9on/cfNyxXHaNbTAJhEx7p6wQqTe4rnEIMGvn7STDhNKqYnn
+5Fu2fqb5SWT5eN8V5tqHd8u09o+wtgSlVhhV+7LeYS9GwheTOSBBZtGFbKoUEx2y
+6clGN7A/gSKjD/8y309c6eRPx+Jg3wv2lS6eZDurottV5Z2SV6MejsT/+8Mn792X
+ff5zHO1sglFoK0GWb8yNyvv8l1UrhqwIm3LBGQcDDflN4Vgff6H2OxWaGw+gbVhC
+TnHJWLj0HetmU+kTUrdRo1WAHndwZ7VP7IL7ePTq+8MfdOcqF2pGJhnQJsrIQ24D
+thViyvX/Vq1G6UAEV2vP8xPxQ6rkJ40O
+=rzVr
 -----END PGP PUBLIC KEY BLOCK-----
--- a/examples/worker1/allowed_users.pgp
+++ b/examples/worker1/allowed_users.pgp
--- a/examples/worker1/worker1.cfg
+++ b/examples/worker1/worker1.cfg
@ -19,6 +19,16 @@ w_tags:
 ##                     c_hash: "12da324fb76s924acbce"
                    }
                   ]
+      },
+     {
+       t_name: "build",
+       t_keyrings: ["allowed_users.asc"],
+       t_commands: [
+                    {
+                     c_url: "file:///home/katolaz/bin/scorsh_build.sh"
+                    }
+                   ]
      }
+      
    ]
 ...
--- a/types.go
+++ b/types.go
@ -45,6 +45,7 @@ type SCORSHworker_cfg struct {
 	Tagfile  string          `yaml:"w_tagfile"`
 	Keyrings []string        `yaml:"w_keyrings"`
 	Tags     []SCORSHtag_cfg `yaml:"w_tags"`
+	TagKeys  map[string]map[string]bool
 }

 // State of a worker
--- a/workers.go
+++ b/workers.go
@ -9,7 +9,6 @@ import (
 	"os"
 	"regexp"
 	"strings"
-	"time"
 )

 func (worker *SCORSHworker) Matches(repo, branch string) bool {
@ -96,9 +95,6 @@ func Worker(w *SCORSHworker) {
 			if err != nil {
 				log.Printf("[worker: %s] error in walk_commits: %s", err)
 			}
-			debug.log("[worker: %s] Received message: %s", w.Name, msg)
-			debug.log("[worker: %s] StatusChan: %s\n", w.Name, w.StatusChan)
-			time.Sleep(1000 * time.Millisecond)
 			w.StatusChan <- msg
 			debug.log("[worker: %s] Sent message back: %s", w.Name, msg)
 		}
@ -133,6 +129,16 @@ func StartWorkers(master *SCORSHmaster) error {
 			close(worker.MsgChan)
 			return fmt.Errorf("[Starting worker: %s] Unable to load tags: %s\n", worker.Name, err)
 		}
+
+		// Create the map of keyring for each tag
+		worker.TagKeys = make(map[string]map[string]bool)
+		for _, t := range worker.Tags {
+			worker.TagKeys[t.Name] = make(map[string]bool)
+			for _, k := range t.Keyrings {
+				worker.TagKeys[t.Name][k] = true
+			}
+		}
+
 		// Add the repos definitions to the map master.Repos
 		for _, repo_name := range worker.Repos {
 			master.Repos[repo_name] = append(master.Repos[repo_name], worker)