Skip to content

Commit 3fc463e

Browse files
Copilotprakarsh-dt
Copilot
and
prakarsh-dt
committed
Add confirmation name validation for hibernation operations
Co-authored-by: prakarsh-dt <[email protected]>
1 parent 17b9e4f commit 3fc463e

File tree

4 files changed

+124
-0
lines changed

4 files changed

+124
-0
lines changed

api/helm-app/HelmAppRestHandler.go

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -231,6 +231,13 @@ func (handler *HelmAppRestHandlerImpl) handleFluxApplicationHibernate(r *http.Re
231231
return nil, err
232232
}
233233

234+
// Validate confirmation name if provided
235+
if hibernateRequest.ConfirmationName != nil {
236+
if *hibernateRequest.ConfirmationName != appIdentifier.AppName {
237+
return nil, errors.New("confirmation name does not match application name")
238+
}
239+
}
240+
234241
if !handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionUpdate, "*") {
235242
return nil, errors.New("unauthorized")
236243
}
@@ -243,6 +250,13 @@ func (handler *HelmAppRestHandlerImpl) handleArgoApplicationHibernate(r *http.Re
243250
return nil, err
244251
}
245252

253+
// Validate confirmation name if provided
254+
if hibernateRequest.ConfirmationName != nil {
255+
if *hibernateRequest.ConfirmationName != appIdentifier.AppName {
256+
return nil, errors.New("confirmation name does not match application name")
257+
}
258+
}
259+
246260
if !handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionUpdate, "*") {
247261
return nil, errors.New("unauthorized")
248262
}
@@ -255,6 +269,14 @@ func (handler *HelmAppRestHandlerImpl) handleHelmApplicationHibernate(r *http.Re
255269
if err != nil {
256270
return nil, err
257271
}
272+
273+
// Validate confirmation name if provided
274+
if hibernateRequest.ConfirmationName != nil {
275+
if *hibernateRequest.ConfirmationName != appIdentifier.ReleaseName {
276+
return nil, errors.New("confirmation name does not match application name")
277+
}
278+
}
279+
258280
rbacObject, rbacObject2 := handler.enforcerUtil.GetHelmObjectByClusterIdNamespaceAndAppName(
259281
appIdentifier.ClusterId,
260282
appIdentifier.Namespace,
@@ -317,6 +339,14 @@ func (handler *HelmAppRestHandlerImpl) handleFluxApplicationUnHibernate(r *http.
317339
if err != nil {
318340
return nil, err
319341
}
342+
343+
// Validate confirmation name if provided
344+
if hibernateRequest.ConfirmationName != nil {
345+
if *hibernateRequest.ConfirmationName != appIdentifier.AppName {
346+
return nil, errors.New("confirmation name does not match application name")
347+
}
348+
}
349+
320350
if !handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionUpdate, "*") {
321351
return nil, errors.New("unauthorized")
322352
}
@@ -327,6 +357,14 @@ func (handler *HelmAppRestHandlerImpl) handleArgoApplicationUnHibernate(r *http.
327357
if err != nil {
328358
return nil, err
329359
}
360+
361+
// Validate confirmation name if provided
362+
if hibernateRequest.ConfirmationName != nil {
363+
if *hibernateRequest.ConfirmationName != appIdentifier.AppName {
364+
return nil, errors.New("confirmation name does not match application name")
365+
}
366+
}
367+
330368
if !handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionUpdate, "*") {
331369
return nil, errors.New("unauthorized")
332370
}
@@ -339,6 +377,13 @@ func (handler *HelmAppRestHandlerImpl) handleHelmApplicationUnHibernate(r *http.
339377
return nil, err
340378
}
341379

380+
// Validate confirmation name if provided
381+
if hibernateRequest.ConfirmationName != nil {
382+
if *hibernateRequest.ConfirmationName != appIdentifier.ReleaseName {
383+
return nil, errors.New("confirmation name does not match application name")
384+
}
385+
}
386+
342387
rbacObject, rbacObject2 := handler.enforcerUtil.GetHelmObjectByClusterIdNamespaceAndAppName(
343388
appIdentifier.ClusterId,
344389
appIdentifier.Namespace,

api/helm-app/openapiClient/model_hibernate_request.go

Lines changed: 37 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pkg/bulkAction/bean/bean.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -106,6 +106,8 @@ type BulkApplicationForEnvironmentPayload struct {
106106
AppNamesExcludes []string `json:"appNamesExcludes,omitempty"`
107107
UserId int32 `json:"-"`
108108
InvalidateCache bool `json:"invalidateCache"`
109+
// confirmation name - should match environment name for additional confirmation
110+
ConfirmationName *string `json:"confirmationName,omitempty"`
109111
}
110112

111113
type BulkApplicationForEnvironmentResponse struct {

pkg/bulkAction/service/BulkUpdateService.go

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1108,6 +1108,26 @@ type stopAppFunc func(ctx context.Context, req *bean5.StopAppRequest, userMetada
11081108

11091109
// bulkHibernateCommon contains the common bulk-hibernate logic.
11101110
func (impl BulkUpdateServiceImpl) bulkHibernateCommon(request *bean4.BulkApplicationForEnvironmentPayload, ctx context.Context, token string, checkAuthForBulkActions func(token, appObject, envObject string) bool, stopApp stopAppFunc, userMetadata *bean6.UserMetadata) (*bean4.BulkApplicationHibernateUnhibernateForEnvironmentResponse, error) {
1111+
// Validate confirmation name if provided
1112+
if request.ConfirmationName != nil {
1113+
var envName string
1114+
if len(request.EnvName) > 0 {
1115+
envName = request.EnvName
1116+
} else if request.EnvId != 0 {
1117+
// Fetch environment name by ID
1118+
env, err := impl.environmentRepository.FindById(request.EnvId)
1119+
if err != nil {
1120+
impl.logger.Errorw("error in fetching environment by id", "envId", request.EnvId, "err", err)
1121+
return nil, fmt.Errorf("error fetching environment details: %v", err)
1122+
}
1123+
envName = env.Name
1124+
}
1125+
1126+
if envName != "" && *request.ConfirmationName != envName {
1127+
return nil, fmt.Errorf("confirmation name does not match environment name")
1128+
}
1129+
}
1130+
11111131
// Fetch pipelines based on filters.
11121132
var pipelines []*pipelineConfig.Pipeline
11131133
var err error
@@ -1279,6 +1299,26 @@ func (impl BulkUpdateServiceImpl) buildHibernateUnHibernateRequestForHelmPipelin
12791299

12801300
func (impl BulkUpdateServiceImpl) BulkUnHibernate(ctx context.Context, request *bean4.BulkApplicationForEnvironmentPayload, checkAuthForBulkActions func(token string, appObject string, envObject string) bool,
12811301
userMetadata *bean6.UserMetadata) (*bean4.BulkApplicationHibernateUnhibernateForEnvironmentResponse, error) {
1302+
// Validate confirmation name if provided
1303+
if request.ConfirmationName != nil {
1304+
var envName string
1305+
if len(request.EnvName) > 0 {
1306+
envName = request.EnvName
1307+
} else if request.EnvId != 0 {
1308+
// Fetch environment name by ID
1309+
env, err := impl.environmentRepository.FindById(request.EnvId)
1310+
if err != nil {
1311+
impl.logger.Errorw("error in fetching environment by id", "envId", request.EnvId, "err", err)
1312+
return nil, fmt.Errorf("error fetching environment details: %v", err)
1313+
}
1314+
envName = env.Name
1315+
}
1316+
1317+
if envName != "" && *request.ConfirmationName != envName {
1318+
return nil, fmt.Errorf("confirmation name does not match environment name")
1319+
}
1320+
}
1321+
12821322
var pipelines []*pipelineConfig.Pipeline
12831323
var err error
12841324
if len(request.AppIdIncludes) > 0 {

0 commit comments

Comments
 (0)