feat(#227): add keys validation and silently drop forbidden keys

internal/service/repositories/repositories.go

@@ -152,6 +152,21 @@ func (s *Impl) GetRepository(ctx context.Context, repoKey string) (openapi.Repos
 		}
 	}
 
+	if err == nil && repositoryDto.Filecategory != nil {
+		// filter by allowed keys
+		allowedKeys := s.CustomConfiguration.AllowedFileCategories()
+		for key, _ := range *repositoryDto.Filecategory {
+			if !sliceContains(allowedKeys, key) {
+				delete(*repositoryDto.Filecategory, key)
+			}
+		}
+
+		if len(*repositoryDto.Filecategory) == 0 {
+			// drop empty map completely
+			repositoryDto.Filecategory = nil
+		}
+	}
+
 	return repositoryDto, err
 }
 
@@ -240,6 +255,9 @@ func (s *Impl) validateRepositoryCreateDto(ctx context.Context, key string, dto
 	if dto.JiraIssue == "" {
 		messages = append(messages, "field jiraIssue is mandatory")
 	}
+	if dto.Filecategory != nil {
+		messages = s.validateFilecategory(messages, *dto.Filecategory)
+	}
 
 	if len(messages) > 0 {
 		details := strings.Join(messages, ", ")
@@ -306,6 +324,9 @@ func (s *Impl) validateExistingRepositoryDto(ctx context.Context, key string, dt
 	if dto.JiraIssue == "" {
 		messages = append(messages, "field jiraIssue is mandatory for updates")
 	}
+	if dto.Filecategory != nil {
+		messages = s.validateFilecategory(messages, *dto.Filecategory)
+	}
 
 	if len(messages) > 0 {
 		details := strings.Join(messages, ", ")
@@ -370,6 +391,9 @@ func (s *Impl) validateRepositoryPatchDto(ctx context.Context, key string, patch
 	messages = validateOwner(messages, dto.Owner)
 	messages = validateUrl(messages, dto.Url)
 	messages = validateMainline(messages, dto.Mainline)
+	if dto.Filecategory != nil {
+		messages = s.validateFilecategory(messages, *dto.Filecategory)
+	}
 
 	if patchDto.CommitHash == "" {
 		messages = append(messages, "field commitHash is mandatory for patching")
@@ -380,6 +404,7 @@ func (s *Impl) validateRepositoryPatchDto(ctx context.Context, key string, patch
 	if patchDto.JiraIssue == "" {
 		messages = append(messages, "field jiraIssue is mandatory for patching")
 	}
+
 	if len(messages) > 0 {
 		details := strings.Join(messages, ", ")
 		s.Logging.Logger().Ctx(ctx).Info().Printf("repository values invalid: %s", details)
@@ -616,3 +641,24 @@ func validateMainline(messages []string, mainline string) []string {
 	}
 	return messages
 }
+
+func (s *Impl) validateFilecategory(messages []string, filecategories map[string][]string) []string {
+	allowedCategories := s.CustomConfiguration.AllowedFileCategories()
+
+	for category, _ := range filecategories {
+		if !sliceContains(allowedCategories, category) {
+			messages = append(messages, fmt.Sprintf("filecategory keys must be one of %s", strings.Join(allowedCategories, ",")))
+		}
+	}
+
+	return messages
+}
+
+func sliceContains[T comparable](haystack []T, needle T) bool {
+	for _, e := range haystack {
+		if e == needle {
+			return true
+		}
+	}
+	return false
+}

test/mock/metadatamock/metadata.go

@@ -108,6 +108,9 @@ configuration:
 const deployment2 = `mainline: main
 url: ssh://[email protected]:7999/PROJECT/whatever-deployment.git
 generator: third-party-software
+filecategory:
+  forbidden-key:
+    - some/interesting/file.txt
 `
 
 const implementation = `mainline: master

test/resources/valid-config-unique.yaml

@@ -49,4 +49,4 @@ REPOSITORY_TYPES: 'some-type,some-other-type'
 
 NOTIFICATION_CONSUMER_CONFIGS: "{}"
 
-ALLOWED_FILE_CATEGORIES: '["yaml-template"]'
+ALLOWED_FILE_CATEGORIES: ''

test/resources/valid-config.yaml

@@ -65,4 +65,4 @@ NOTIFICATION_CONSUMER_CONFIGS: >-
     }
   }
 
-ALLOWED_FILE_CATEGORIES: '["a","b"]'
+ALLOWED_FILE_CATEGORIES: '["cached-template"]'