Adds validation for corredor steps in workflow

- Adds check at workflow step level for corredorExec function - Adds `disabled` flag for corredor related functions from `workflows/functions` api response if corredor is disabled
2021-05-26 20:31:55 +05:30 · 2021-05-26 20:31:55 +05:30 · a3d5b7d21e
commit a3d5b7d21e
parent aedb2aef60
9 changed files with 69 additions and 18 deletions
--- a/app/boot_levels.go
+++ b/app/boot_levels.go
@ -301,6 +301,7 @@ func (app *CortezaApp) InitServices(ctx context.Context) (err error) {
 	err = autService.Initialize(ctx, app.Log, app.Store, app.WsServer, autService.Config{
 		ActionLog: app.Opt.ActionLog,
 		Workflow:  app.Opt.Workflow,
+		Corredor:  app.Opt.Corredor,
 	})

 	if err != nil {
--- a/automation/service/registry.go
+++ b/automation/service/registry.go
@ -61,7 +61,9 @@ func (r registry) Functions() []*types.Function {
 		ff = make([]*types.Function, 0, len(r.functions))
 	)

-	for ref := range r.functions {
+	for ref, f := range r.functions {
+		// flag for UI weather this function step is disabled or not
+		f.Disabled = !DefaultWorkflow.corredorOpt.Enabled && ref == "corredorExec"
 		rr = append(rr, ref)
 	}

--- a/automation/service/service.go
+++ b/automation/service/service.go
@ -30,6 +30,7 @@ type (
 	Config struct {
 		ActionLog options.ActionLogOpt
 		Workflow  options.WorkflowOpt
+		Corredor  options.CorredorOpt
 	}

 	userService interface {
@ -97,7 +98,7 @@ func Initialize(ctx context.Context, log *zap.Logger, s store.Storer, ws websock
 	DefaultAccessControl = AccessControl(rbac.Global())

 	DefaultSession = Session(DefaultLogger.Named("session"), c.Workflow, ws)
-	DefaultWorkflow = Workflow(DefaultLogger.Named("workflow"))
+	DefaultWorkflow = Workflow(DefaultLogger.Named("workflow"), c.Corredor)
 	DefaultTrigger = Trigger(DefaultLogger.Named("trigger"), c.Workflow)

 	DefaultWorkflow.triggers = DefaultTrigger
--- a/automation/service/workflow.go
+++ b/automation/service/workflow.go
@ -2,6 +2,7 @@ package service

 import (
 	"context"
+	"github.com/cortezaproject/corteza-server/pkg/options"
 	"reflect"
 	"sync"

@ -35,7 +36,8 @@ type (
 		wfgs map[uint64]*wfexec.Graph

 		// workflow function registry
-		reg *registry
+		reg         *registry
+		corredorOpt options.CorredorOpt

 		mux    *sync.RWMutex
 		parser expr.Parsable
@ -77,19 +79,20 @@ const (
 	workflowDefChanged    workflowChanges = 4
 )

-func Workflow(log *zap.Logger) *workflow {
+func Workflow(log *zap.Logger, corredorOpt options.CorredorOpt) *workflow {
 	return &workflow{
-		log:       log,
-		actionlog: DefaultActionlog,
-		store:     DefaultStore,
-		ac:        DefaultAccessControl,
-		triggers:  DefaultTrigger,
-		session:   DefaultSession,
-		eventbus:  eventbus.Service(),
-		wfgs:      make(map[uint64]*wfexec.Graph),
-		mux:       &sync.RWMutex{},
-		parser:    expr.NewParser(),
-		reg:       Registry(),
+		log:         log,
+		actionlog:   DefaultActionlog,
+		store:       DefaultStore,
+		ac:          DefaultAccessControl,
+		triggers:    DefaultTrigger,
+		session:     DefaultSession,
+		eventbus:    eventbus.Service(),
+		wfgs:        make(map[uint64]*wfexec.Graph),
+		mux:         &sync.RWMutex{},
+		parser:      expr.NewParser(),
+		reg:         Registry(),
+		corredorOpt: corredorOpt,
 	}
 }

--- a/automation/service/workflow_actions.gen.go
+++ b/automation/service/workflow_actions.gen.go
@ -882,6 +882,38 @@ func WorkflowErrHandleNotUnique(mm ...*workflowActionProps) *errors.Error {
 	return e
 }

+// WorkflowErrNotAllowedToExecuteCorredorStep returns "automation:workflow.notAllowedToExecuteCorredorStep" as *errors.Error
+//
+//
+// This function is auto-generated.
+//
+func WorkflowErrNotAllowedToExecuteCorredorStep(mm ...*workflowActionProps) *errors.Error {
+	var p = &workflowActionProps{}
+	if len(mm) > 0 {
+		p = mm[0]
+	}
+
+	var e = errors.New(
+		errors.KindInternal,
+
+		p.Format("not allowed to run corredorExec function, corredor is disabled", nil),
+
+		errors.Meta("type", "notAllowedToExecuteCorredorStep"),
+		errors.Meta("resource", "automation:workflow"),
+
+		// action log entry; no formatting, it will be applied inside recordAction fn.
+		errors.Meta(workflowLogMetaKey{}, "failed to execute {workflow} with corredorExec function step; corredor is disabled"),
+		errors.Meta(workflowPropsMetaKey{}, p),
+
+		errors.StackSkip(1),
+	)
+
+	if len(mm) > 0 {
+	}
+
+	return e
+}
+
 // *********************************************************************************************************************
 // *********************************************************************************************************************

--- a/automation/service/workflow_actions.yaml
+++ b/automation/service/workflow_actions.yaml
@ -107,3 +107,7 @@ errors:
  - error: handleNotUnique
    message: "workflow handle not unique"
    log: "duplicate handle used for workflow ({workflow})"
+
+  - error: notAllowedToExecuteCorredorStep
+    message: "not allowed to run corredorExec function, corredor is disabled"
+    log: "failed to execute {workflow} with corredorExec function step; corredor is disabled"
--- a/automation/service/workflow_converter.go
+++ b/automation/service/workflow_converter.go
@ -567,6 +567,14 @@ func verifyStep(s *types.WorkflowStep, in, out types.WorkflowPathSet) types.Work
 			return nil
 		}

+		// check for corredor function step(s) are allowed or not
+		checkDisabledFunc = func() error {
+			if !DefaultWorkflow.corredorOpt.Enabled && s.Ref == "corredorExec" {
+				return WorkflowErrNotAllowedToExecuteCorredorStep()
+			}
+			return nil
+		}
+
 		// checks if argument is present
 		checkArg = func(argName string, typ expr.Type) func() error {
 			return func() error {
@ -664,6 +672,7 @@ func verifyStep(s *types.WorkflowStep, in, out types.WorkflowPathSet) types.Work
 	case types.WorkflowStepKindFunction:
 		checks = append(checks,
 			requiredRef,
+			checkDisabledFunc,
 			count(0, 1, outbound),
 		)

--- a/automation/types/function.go
+++ b/automation/types/function.go
@ -25,7 +25,8 @@ type (
 		Handler  FunctionHandler `json:"-"`
 		Iterator IteratorHandler `json:"-"`

-		Labels map[string]string `json:"labels,omitempty"`
+		Labels   map[string]string `json:"labels,omitempty"`
+		Disabled bool              `json:"disabled,omitempty"`
 	}

 	FunctionMeta struct {
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -229,8 +229,6 @@ github.com/prometheus/common/model
 # github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084
 github.com/prometheus/procfs
 github.com/prometheus/procfs/internal/fs
-# github.com/quasoft/memstore v0.0.0-20191010062613-2bce066d2b0b
-## explicit
 # github.com/russellhaering/goxmldsig v1.1.0
 github.com/russellhaering/goxmldsig
 github.com/russellhaering/goxmldsig/etreeutils