8311: Reject invalid/unsupported git mounts. Default to path="/".

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg@veritasgenetics.com>

diff --git a/sdk/go/arvados/container.go b/sdk/go/arvados/container.go
index 16726b76d2bd249bb6e773278c9f91f66719dfc3..a541a8dca77fb03b9d6728fd8c9c13c5836414c8 100644 (file)
--- a/sdk/go/arvados/container.go
+++ b/sdk/go/arvados/container.go
@@ -32,7 +32,9 @@ type Mount struct {
        Content           interface{} `json:"content"`
        ExcludeFromOutput bool        `json:"exclude_from_output"`
        Capacity          int64       `json:"capacity"`
-       Commit            string      `json:"commit"` // only if kind=="git_tree"
+       Commit            string      `json:"commit"`          // only if kind=="git_tree"
+       RepositoryName    string      `json:"repository_name"` // only if kind=="git_tree"
+       GitURL            string      `json:"git_url"`         // only if kind=="git_tree"
 }
 
 // RuntimeConstraints specify a container's compute resources (RAM,

diff --git a/services/crunch-run/git_mount.go b/services/crunch-run/git_mount.go
index 110a81b853f7c62295146371f06cb0158fb748fb..d24c43259f99fdf5167f6f6ea8d80c5e17ff0186 100644 (file)
--- a/services/crunch-run/git_mount.go
+++ b/services/crunch-run/git_mount.go
@@ -3,6 +3,7 @@ package main
 import (
        "fmt"
        "net/url"
+       "regexp"
 
        "git.curoverse.com/arvados.git/sdk/go/arvados"
        "git.curoverse.com/arvados.git/sdk/go/arvadostest"
@@ -16,9 +17,23 @@ import (
 
 type gitMount arvados.Mount
 
+var (
+       sha1re     = regexp.MustCompile(`^[0-9a-f]{40}$`)
+       repoUUIDre = regexp.MustCompile(`^[0-9a-z]{5}-s0uqq-[0-9a-z]{15}$`)
+)
+
 func (gm gitMount) validate() error {
-       if gm.Path != "/" {
-               return fmt.Errorf("cannot mount git_tree path %q -- only \"/\" is supported", gm.Path)
+       if gm.Path != "" && gm.Path != "/" {
+               return fmt.Errorf("cannot mount git_tree with path %q -- only \"/\" is supported", gm.Path)
+       }
+       if !sha1re.MatchString(gm.Commit) {
+               return fmt.Errorf("cannot mount git_tree with commit %q -- must be a 40-char SHA1", gm.Commit)
+       }
+       if gm.RepositoryName != "" || gm.GitURL != "" {
+               return fmt.Errorf("cannot mount git_tree -- repository_name and git_url must be empty")
+       }
+       if !repoUUIDre.MatchString(gm.UUID) {
+               return fmt.Errorf("cannot mount git_tree with uuid %q -- must be a repository UUID", gm.UUID)
        }
        return nil
 }

diff --git a/services/crunch-run/git_mount_test.go b/services/crunch-run/git_mount_test.go
index e984000fb8352bb6eb9c9bef74b482c70b4c120b..82dce3ac26b57d44b2d902c13a859e12f3c2db41 100644 (file)
--- a/services/crunch-run/git_mount_test.go
+++ b/services/crunch-run/git_mount_test.go
@@ -73,7 +73,6 @@ func (s *GitMountSuite) TestextractTree(c *check.C) {
 // reachable in branch "crunch-run-non-tip-test".
 func (s *GitMountSuite) TestExtractNonTipCommit(c *check.C) {
        gm := gitMount{
-               Path:   "/",
                UUID:   arvadostest.Repository2UUID,
                Commit: "5ebfab0522851df01fec11ec55a6d0f4877b542e",
        }
@@ -134,7 +133,24 @@ func (s *GitMountSuite) TestInvalid(c *check.C) {
                                UUID:   arvadostest.Repository2UUID,
                                Commit: "abc123",
                        },
-                       matcher: ".*sha1.*",
+                       matcher: ".*SHA1.*",
+               },
+               {
+                       gm: gitMount{
+                               Path:           "/",
+                               UUID:           arvadostest.Repository2UUID,
+                               RepositoryName: arvadostest.Repository2Name,
+                               Commit:         "5ebfab0522851df01fec11ec55a6d0f4877b542e",
+                       },
+                       matcher: ".*repository_name.*",
+               },
+               {
+                       gm: gitMount{
+                               Path:   "/",
+                               GitURL: "https://localhost:0/" + arvadostest.Repository2Name + ".git",
+                               Commit: "5ebfab0522851df01fec11ec55a6d0f4877b542e",
+                       },
+                       matcher: ".*git_url.*",
                },
                {
                        gm: gitMount{