refactor webhooks to account for multiple sources

*fix oc describe to show multiple webhooks when defined and adapt to the new
allowenv variable for generic webhooks
*refactor and abstract logic for validating secrets and defined webhooks
*fix a bug where the webhook panics whenever the buildconfig source isn't a git
repository
*adapt current tests to account for multiple webhooks.

Signed-off-by: PI-Victor <[email protected]>

Author: PI-Victor

pkg/build/webhook/controller.go

@@ -91,9 +91,11 @@ func (c *controller) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	}
 }
 
-// parseURL retrieves the namespace from the query parameters and returns a context wrapping the namespace,
-// the parameters for the webhook call, and an error.
-// according to the docs (http://godoc.org/code.google.com/p/go.net/context) ctx is not supposed to be wrapped in another object
+// parseURL retrieves the namespace from the query parameters and returns a
+// context wrapping the namespace, the parameters for the webhook call, and an
+// error. according to the docs
+// (http://godoc.org/code.google.com/p/go.net/context) ctx is not supposed to
+// be wrapped in another object
 func parseURL(req *http.Request) (uv urlVars, err error) {
 	url := req.URL.Path
 

pkg/build/webhook/generic/fixtures/push-github-envs.json renamed to pkg/build/webhook/generic/fixtures/push-generic-envs.json

@@ -1,7 +1,6 @@
 package generic
 
 import (
-	"crypto/hmac"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -26,25 +25,25 @@ func New() *WebHookPlugin {
 
 // Extract services generic webhooks.
 func (p *WebHookPlugin) Extract(buildCfg *api.BuildConfig, secret, path string, req *http.Request) (revision *api.SourceRevision, envvars []kapi.EnvVar, proceed bool, err error) {
-	trigger, ok := webhook.FindTriggerPolicy(api.GenericWebHookBuildTriggerType, buildCfg)
-	if !ok {
-		err = webhook.ErrHookNotEnabled
-		return
+	triggers, err := webhook.FindTriggerPolicy(api.GenericWebHookBuildTriggerType, buildCfg)
+	if err != nil {
+		return revision, envvars, false, err
 	}
 	glog.V(4).Infof("Checking if the provided secret for BuildConfig %s/%s matches", buildCfg.Namespace, buildCfg.Name)
-	if !hmac.Equal([]byte(trigger.GenericWebHook.Secret), []byte(secret)) {
-		err = webhook.ErrSecretMismatch
-		return
+
+	trigger, err := webhook.ValidateWebHookSecret(triggers, secret)
+	if err != nil {
+		return revision, envvars, false, err
 	}
+
 	glog.V(4).Infof("Verifying build request for BuildConfig %s/%s", buildCfg.Namespace, buildCfg.Name)
 	if err = verifyRequest(req); err != nil {
-		return
+		return revision, envvars, false, err
 	}
 
-	git := buildCfg.Spec.Source.Git
-	if git == nil {
-		glog.V(4).Infof("No source defined for BuildConfig %s/%s, but triggering anyway", buildCfg.Namespace, buildCfg.Name)
-		return nil, envvars, true, nil
+	if buildCfg.Spec.Source.Git == nil {
+		glog.V(4).Infof("No git source defined for BuildConfig %s/%s, but triggering anyway", buildCfg.Namespace, buildCfg.Name)
+		return revision, envvars, true, err
 	}
 
 	contentType := req.Header.Get("Content-Type")
@@ -60,15 +59,17 @@ func (p *WebHookPlugin) Extract(buildCfg *api.BuildConfig, secret, path string,
 		if err != nil {
 			return nil, envvars, false, err
 		}
+
 		if len(body) == 0 {
 			return nil, envvars, true, nil
 		}
+
 		var data api.GenericWebHookEvent
 		if err = json.Unmarshal(body, &data); err != nil {
 			glog.V(4).Infof("Error unmarshaling json %v, but continuing", err)
 			return nil, envvars, true, nil
 		}
-		if len(data.Env) > 0 && trigger.GenericWebHook.AllowEnv {
+		if len(data.Env) > 0 && trigger.AllowEnv {
 			envvars = data.Env
 		}
 		if data.Git == nil {
@@ -78,17 +79,17 @@ func (p *WebHookPlugin) Extract(buildCfg *api.BuildConfig, secret, path string,
 
 		if data.Git.Refs != nil {
 			for _, ref := range data.Git.Refs {
-				if webhook.GitRefMatches(ref.Ref, git.Ref) {
+				if webhook.GitRefMatches(ref.Ref, webhook.DefaultConfigRef, &buildCfg.Spec.Source) {
 					revision = &api.SourceRevision{
 						Git: &ref.GitSourceRevision,
 					}
 					return revision, envvars, true, nil
 				}
 			}
-			glog.V(2).Infof("Skipping build for BuildConfig %s/%s. None of the supplied refs matched %q", buildCfg.Namespace, buildCfg, git.Ref)
+			glog.V(2).Infof("Skipping build for BuildConfig %s/%s. None of the supplied refs matched %q", buildCfg.Namespace, buildCfg, buildCfg.Spec.Source.Git.Ref)
 			return nil, envvars, false, nil
 		}
-		if !webhook.GitRefMatches(data.Git.Ref, git.Ref) {
+		if !webhook.GitRefMatches(data.Git.Ref, webhook.DefaultConfigRef, &buildCfg.Spec.Source) {
 			glog.V(2).Infof("Skipping build for BuildConfig %s/%s. Branch reference from %q does not match configuration", buildCfg.Namespace, buildCfg.Name, data.Git.Ref)
 			return nil, envvars, false, nil
 		}

pkg/build/webhook/generic/fixtures/push-github.json renamed to pkg/build/webhook/generic/fixtures/push-generic.json

@@ -70,7 +70,7 @@ func TestVerifyRequestForMethod(t *testing.T) {
 	revision, _, proceed, err := plugin.Extract(buildConfig, "secret100", "", req)
 
 	if err == nil || !strings.Contains(err.Error(), "Unsupported HTTP method") {
-		t.Errorf("Excepcted unsupported HTTP method, got %v!", err)
+		t.Errorf("Expected unsupported HTTP method, got %v!", err)
 	}
 	if proceed {
 		t.Error("Expected 'proceed' return value to be 'false'")
@@ -80,6 +80,157 @@ func TestVerifyRequestForMethod(t *testing.T) {
 	}
 }
 
+func TestWrongSecretMultipleGenericWebHooks(t *testing.T) {
+	req := GivenRequest("GET")
+	buildConfig := &api.BuildConfig{
+		Spec: api.BuildConfigSpec{
+			Triggers: []api.BuildTriggerPolicy{
+				{
+					Type: api.GenericWebHookBuildTriggerType,
+					GenericWebHook: &api.WebHookTrigger{
+						Secret: "secret101",
+					},
+				},
+				{
+					Type: api.GenericWebHookBuildTriggerType,
+					GenericWebHook: &api.WebHookTrigger{
+						Secret: "secret100",
+					},
+				},
+				{
+					Type: api.GenericWebHookBuildTriggerType,
+					GenericWebHook: &api.WebHookTrigger{
+						Secret: "secret102",
+					},
+				},
+			},
+		},
+	}
+
+	plugin := New()
+	revision, _, proceed, err := plugin.Extract(buildConfig, "wrongsecret", "", req)
+
+	if err != webhook.ErrSecretMismatch {
+		t.Errorf("Expected %s, got %s", webhook.ErrSecretMismatch, err)
+	}
+
+	if proceed {
+		t.Error("Expected 'proceed' to return 'false'")
+	}
+
+	if revision != nil {
+		t.Errorf("Expected the 'revision' to be nil, go %v instead", revision)
+	}
+}
+
+func TestMatchSecretMultipleGenericWebHooks(t *testing.T) {
+	req := GivenRequestWithPayload(t, "push-generic.json")
+	buildConfig := &api.BuildConfig{
+		Spec: api.BuildConfigSpec{
+			Triggers: []api.BuildTriggerPolicy{
+				{
+					Type: api.GenericWebHookBuildTriggerType,
+					GenericWebHook: &api.WebHookTrigger{
+						Secret: "secret101",
+					},
+				},
+				{
+					Type: api.GenericWebHookBuildTriggerType,
+					GenericWebHook: &api.WebHookTrigger{
+						Secret: "secret100",
+					},
+				},
+				{
+					Type: api.GenericWebHookBuildTriggerType,
+					GenericWebHook: &api.WebHookTrigger{
+						Secret: "secret102",
+					},
+				},
+			},
+			BuildSpec: api.BuildSpec{
+				Source: api.BuildSource{
+					Git: &api.GitBuildSource{
+						Ref: "master",
+					},
+				},
+				Strategy: mockBuildStrategy,
+			},
+		},
+	}
+
+	plugin := New()
+	revision, _, proceed, err := plugin.Extract(buildConfig, "secret102", "", req)
+
+	if err != nil {
+		t.Errorf("Expected no error, got %s", err)
+	}
+
+	if !proceed {
+		t.Error("Expected 'proceed' to return 'true', got 'false' instead")
+	}
+
+	if revision == nil {
+		t.Errorf("Expected the 'revision' to not be nil")
+	}
+}
+
+func TestEnvVarsMultipleGenericWebHooks(t *testing.T) {
+	req := GivenRequestWithPayload(t, "push-generic-envs.json")
+	buildConfig := &api.BuildConfig{
+		Spec: api.BuildConfigSpec{
+			Triggers: []api.BuildTriggerPolicy{
+				{
+					Type: api.GenericWebHookBuildTriggerType,
+					GenericWebHook: &api.WebHookTrigger{
+						Secret:   "secret101",
+						AllowEnv: true,
+					},
+				},
+				{
+					Type: api.GenericWebHookBuildTriggerType,
+					GenericWebHook: &api.WebHookTrigger{
+						Secret: "secret100",
+					},
+				},
+				{
+					Type: api.GenericWebHookBuildTriggerType,
+					GenericWebHook: &api.WebHookTrigger{
+						Secret: "secret102",
+					},
+				},
+			},
+			BuildSpec: api.BuildSpec{
+				Source: api.BuildSource{
+					Git: &api.GitBuildSource{
+						Ref: "master",
+					},
+				},
+				Strategy: mockBuildStrategy,
+			},
+		},
+	}
+
+	plugin := New()
+	revision, envvars, proceed, err := plugin.Extract(buildConfig, "secret101", "", req)
+
+	if err != nil {
+		t.Errorf("Expected to be able to trigger a build without a payload error: %v", err)
+	}
+
+	if !proceed {
+		t.Error("Expected 'proceed' to return 'true'")
+	}
+
+	if revision == nil {
+		t.Errorf("Expected the 'revision' to not be nil")
+	}
+
+	if len(envvars) == 0 {
+		t.Error("Expected env vars to be set")
+	}
+
+}
+
 func TestWrongSecret(t *testing.T) {
 	req := GivenRequest("POST")
 	buildConfig := &api.BuildConfig{
@@ -98,7 +249,7 @@ func TestWrongSecret(t *testing.T) {
 	revision, _, proceed, err := plugin.Extract(buildConfig, "wrongsecret", "", req)
 
 	if err != webhook.ErrSecretMismatch {
-		t.Errorf("Excepcted %v, got %v!", webhook.ErrSecretMismatch, err)
+		t.Errorf("Expected %v, got %v!", webhook.ErrSecretMismatch, err)
 	}
 	if proceed {
 		t.Error("Expected 'proceed' return value to be 'false'")
@@ -152,7 +303,7 @@ func TestExtractWithEmptyPayload(t *testing.T) {
 }
 
 func TestExtractWithUnmatchedRefGitPayload(t *testing.T) {
-	req := GivenRequestWithPayload(t, "push-github.json")
+	req := GivenRequestWithPayload(t, "push-generic.json")
 	buildConfig := &api.BuildConfig{
 		Spec: api.BuildConfigSpec{
 			Triggers: []api.BuildTriggerPolicy{
@@ -188,7 +339,7 @@ func TestExtractWithUnmatchedRefGitPayload(t *testing.T) {
 }
 
 func TestExtractWithGitPayload(t *testing.T) {
-	req := GivenRequestWithPayload(t, "push-github.json")
+	req := GivenRequestWithPayload(t, "push-generic.json")
 	buildConfig := &api.BuildConfig{
 		Spec: api.BuildConfigSpec{
 			Triggers: []api.BuildTriggerPolicy{
@@ -224,7 +375,7 @@ func TestExtractWithGitPayload(t *testing.T) {
 }
 
 func TestExtractWithGitPayloadAndUTF8Charset(t *testing.T) {
-	req := GivenRequestWithPayloadAndContentType(t, "push-github.json", "application/json; charset=utf-8")
+	req := GivenRequestWithPayloadAndContentType(t, "push-generic.json", "application/json; charset=utf-8")
 	buildConfig := &api.BuildConfig{
 		Spec: api.BuildConfigSpec{
 			Triggers: []api.BuildTriggerPolicy{
@@ -332,7 +483,7 @@ func TestExtractWithUnmatchedGitRefsPayload(t *testing.T) {
 }
 
 func TestExtractWithKeyValuePairs(t *testing.T) {
-	req := GivenRequestWithPayload(t, "push-github-envs.json")
+	req := GivenRequestWithPayload(t, "push-generic-envs.json")
 	buildConfig := &api.BuildConfig{
 		Spec: api.BuildConfigSpec{
 			Triggers: []api.BuildTriggerPolicy{
@@ -373,7 +524,7 @@ func TestExtractWithKeyValuePairs(t *testing.T) {
 }
 
 func TestExtractWithKeyValuePairsDisabled(t *testing.T) {
-	req := GivenRequestWithPayload(t, "push-github-envs.json")
+	req := GivenRequestWithPayload(t, "push-generic-envs.json")
 	buildConfig := &api.BuildConfig{
 		Spec: api.BuildConfigSpec{
 			Triggers: []api.BuildTriggerPolicy{