Merge branch 'master' into snyk-fix-8a7055fff721e53f29f0d76c4643a85c

Author: matt-royal

.codeclimate.yml

@@ -43,4 +43,4 @@ ratings:
   - "**.sh"
 exclude_paths:
 - docs/v3/node_modules/
-- vendor/
+- errors/

.github/dependabot.yml

@@ -0,0 +1,20 @@
+version: 2
+updates:
+- package-ecosystem: bundler
+  directory: "/"
+  schedule:
+    interval: daily
+    time: '11:00'
+  open-pull-requests-limit: 100
+- package-ecosystem: bundler
+  directory: "/docs/v3"
+  schedule:
+    interval: daily
+    time: '11:00'
+  open-pull-requests-limit: 10
+- package-ecosystem: npm
+  directory: "/docs/v3"
+  schedule:
+    interval: daily
+    time: '11:00'
+  open-pull-requests-limit: 10

.rubocop.yml

@@ -7,7 +7,7 @@ require:
 AllCops:
   TargetRubyVersion: 2.5
   Exclude:
-    - vendor/**/*
+    - errors/**/*
     - lib/diego/bbs/models/**/*
     - lib/logcache/v2/**/*
 

.snyk

@@ -2,9 +2,8 @@
 include:
 - "**/*.rb"
 exclude:
-- spec/**/*
 - test/**/*
-- vendor/**/*
+- errors/**/*
 - ".bundle/**/*"
 require: []
 domains: []

.solargraph.yml

@@ -0,0 +1,5 @@
+{
+  "solargraph.symbols": true,
+  "solargraph.definitions": true,
+  "solargraph.references": true
+}

.vim/coc-settings.json

@@ -7,9 +7,11 @@ gem 'clockwork', require: false
 gem 'cloudfront-signer'
 gem 'em-http-request', '~> 1.1'
 gem 'eventmachine', '~> 1.0.9'
+gem 'fluent-logger'
 gem 'googleapis-common-protos'
 gem 'hashdiff'
 gem 'httpclient'
+gem 'json-diff'
 gem 'json-schema'
 gem 'json_pure'
 gem 'kubeclient'

Gemfile

@@ -57,10 +57,13 @@ GEM
       tzinfo (~> 1.1)
     addressable (2.6.0)
       public_suffix (>= 2.0.2, < 4.0)
+    aliyun-sdk (0.7.3)
+      nokogiri (~> 1.6)
+      rest-client (~> 2.0)
     allowy (2.1.0)
       activesupport (>= 3.2)
       i18n
-    ast (2.4.0)
+    ast (2.4.1)
     awesome_print (1.8.0)
     azure-core (0.1.14)
       faraday (~> 0.9)
@@ -87,9 +90,10 @@ GEM
       ms_rest_azure (~> 0.7.0)
     azure_mgmt_traffic_manager (0.9.0)
       ms_rest_azure (~> 0.7.0)
-    backport (1.1.1)
+    backport (1.1.2)
     backports (3.11.4)
     beefcake (1.0.0)
+    benchmark (0.1.0)
     bit-struct (0.16)
     bits_service_client (3.4.0)
       activesupport
@@ -130,6 +134,7 @@ GEM
     docile (1.1.5)
     domain_name (0.5.20180417)
       unf (>= 0.0.5, < 1.0.0)
+    e2mmap (0.1.0)
     em-http-request (1.1.5)
       addressable (>= 2.3.4)
       cookiejar (!= 0.3.1)
@@ -154,7 +159,8 @@ GEM
       rake
     fluent-logger (0.8.2)
       msgpack (>= 1.0.0, < 2)
-    fog-aliyun (0.3.10)
+    fog-aliyun (0.3.17)
+      aliyun-sdk (~> 0.7.3)
       fog-core
       fog-json
       ipaddress (~> 0.8)
@@ -220,7 +226,6 @@ GEM
       google-protobuf (~> 3.1)
       googleapis-common-protos-types (~> 1.0.0)
     hashdiff (0.3.8)
-    htmlentities (4.3.4)
     http (4.2.0)
       addressable (~> 2.3)
       http-cookie (~> 1.0)
@@ -239,11 +244,11 @@ GEM
     ipaddress (0.8.3)
     jaro_winkler (1.5.4)
     json (2.3.0)
+    json-diff (0.4.1)
     json-schema (2.8.0)
       addressable (>= 2.4)
     json_pure (2.1.0)
     jwt (2.2.1)
-    kramdown (1.17.0)
     kubeclient (4.5.0)
       http (>= 3.0, < 5.0)
       recursive-open-struct (~> 1.0, >= 1.0.4)
@@ -258,6 +263,7 @@ GEM
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     machinist (1.0.6)
+    maruku (0.7.3)
     membrane (1.1.0)
     memoist (0.16.0)
     method_source (0.9.2)
@@ -294,7 +300,7 @@ GEM
     parallel (1.19.1)
     parallel_tests (2.27.1)
       parallel
-    parser (2.7.0.2)
+    parser (2.7.1.3)
       ast (~> 2.4.0)
     pg (1.0.0)
     posix-spawn (0.3.13)
@@ -310,7 +316,7 @@ GEM
       byebug (~> 10.0)
       pry (~> 0.10)
     public_suffix (3.1.0)
-    rack (2.2.2)
+    rack (2.2.3)
     rack-protection (2.0.5)
       rack
     rack-test (1.1.0)
@@ -342,7 +348,7 @@ GEM
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
     retriable (3.1.2)
-    reverse_markdown (1.1.0)
+    reverse_markdown (2.0.0)
       nokogiri
     rfc822 (0.1.5)
     roodi (5.0.0)
@@ -422,18 +428,20 @@ GEM
       rack-protection (= 2.0.5)
       sinatra (= 2.0.5)
       tilt (>= 1.3, < 3)
-    solargraph (0.34.3)
+    solargraph (0.39.8)
       backport (~> 1.1)
+      benchmark
       bundler (>= 1.17.2)
-      htmlentities (~> 4.3, >= 4.3.4)
+      e2mmap
       jaro_winkler (~> 1.5)
-      kramdown (~> 1.16)
+      maruku (~> 0.7, >= 0.7.3)
+      nokogiri (~> 1.9, >= 1.9.1)
       parser (~> 2.3)
-      reverse_markdown (~> 1.0, >= 1.0.5)
+      reverse_markdown (>= 1.0.5, < 3)
       rubocop (~> 0.52)
-      thor (~> 0.19, >= 0.19.4)
+      thor (~> 1.0)
       tilt (~> 2.0)
-      yard (~> 0.9)
+      yard (~> 0.9, >= 0.9.24)
     spring (2.1.0)
     spring-commands-rspec (1.0.4)
       spring (>= 0.9.1)
@@ -450,11 +458,11 @@ GEM
       daemons (~> 1.0, >= 1.0.9)
       eventmachine (~> 1.0, >= 1.0.4)
       rack (>= 1, < 3)
-    thor (0.20.3)
+    thor (1.0.1)
     thread_safe (0.3.6)
-    tilt (2.0.9)
+    tilt (2.0.10)
     timecop (0.9.1)
-    timeliness (0.3.8)
+    timeliness (0.3.10)
     tzinfo (1.2.7)
       thread_safe (~> 0.1)
     uber (0.1.0)
@@ -471,7 +479,7 @@ GEM
       hashdiff
     xml-simple (1.1.5)
     yajl-ruby (1.4.1)
-    yard (0.9.20)
+    yard (0.9.25)
 
 PLATFORMS
   ruby
@@ -500,6 +508,7 @@ DEPENDENCIES
   debase (>= 0.2.2.beta14)
   em-http-request (~> 1.1)
   eventmachine (~> 1.0.9)
+  fluent-logger
   fog-aliyun
   fog-aws
   fog-azure-rm!
@@ -509,6 +518,7 @@ DEPENDENCIES
   googleapis-common-protos
   hashdiff
   httpclient
+  json-diff
   json-schema
   json_pure
   kubeclient

Gemfile.lock

@@ -9,6 +9,7 @@
 
 module VCAP::CloudController
   class AppApplyManifest
+    class Error < StandardError; end
     class NoDefaultDomain < StandardError; end
     class ServiceBindingError < StandardError; end
 
@@ -105,6 +106,7 @@ def update_routes(app, message)
       end
 
       if update_message.default_route && existing_routes.empty?
+        validate_name_dns_compliant!(app.name)
         domain_name = get_default_domain_name(app)
 
         route = "#{app.name}.#{domain_name}"
@@ -121,6 +123,18 @@ def get_default_domain_name(app)
       domain_name
     end
 
+    def validate_name_dns_compliant!(name)
+      prefix = 'Failed to create default route from app name:'
+
+      if name.present? && name.length > 63
+        error!(prefix + ' Host cannot exceed 63 characters')
+      end
+
+      unless name&.match(/\A[\w\-]+\z/)
+        error!(prefix + ' Host must be either "*" or contain only alphanumeric characters, "_", or "-"')
+      end
+    end
+
     def create_service_bindings(manifest_service_bindings_message, app)
       action = ServiceBindingCreate.new(@user_audit_info, manifest_triggered: true)
       manifest_service_bindings_message.manifest_service_bindings.each do |manifest_service_binding|
@@ -162,5 +176,9 @@ def volume_services_enabled?
     def logger
       @logger ||= Steno.logger('cc.action.app_apply_manifest')
     end
+
+    def error!(message)
+      raise Error.new(message)
+    end
   end
 end

app/actions/app_apply_manifest.rb

@@ -1,9 +1,12 @@
 require 'process_create'
 require 'models/helpers/process_types'
 require 'actions/labels_update'
+require 'cloud_controller/errors/api_error_helpers'
 
 module VCAP::CloudController
   class AppCreate
+    include CloudController::Errors::ApiErrorHelpers
+
     class InvalidApp < StandardError; end
 
     def initialize(user_audit_info)
@@ -21,10 +24,11 @@ def create(message, lifecycle)
         )
 
         lifecycle.create_lifecycle_data_model(app)
+        validate_buildpacks_are_ready(app)
 
         MetadataUpdate.update(app, message)
 
-        raise CloudController::Errors::ApiError.new_from_details('CustomBuildpacksDisabled') if using_disabled_custom_buildpack?(app)
+        api_error!(:CustomBuildpacksDisabled) if using_disabled_custom_buildpack?(app)
 
         ProcessCreate.new(@user_audit_info).create(app, {
           guid: app.guid,
@@ -41,6 +45,10 @@ def create(message, lifecycle)
 
       app
     rescue Sequel::ValidationFailed => e
+      if e.errors.on([:space_guid, :name])
+        v3_api_error!(:UniquenessError, e.message)
+      end
+
       raise InvalidApp.new(e.message)
     end
 
@@ -53,5 +61,20 @@ def using_disabled_custom_buildpack?(app)
     def custom_buildpacks_disabled?
       VCAP::CloudController::Config.config.get(:disable_custom_buildpacks)
     end
+
+    def validate_buildpacks_are_ready(app)
+      return unless app.buildpack_lifecycle_data
+
+      app.buildpack_lifecycle_data.buildpack_lifecycle_buildpacks.each do |blb|
+        unless blb.custom?
+          buildpack = Buildpack.find(name: blb.admin_buildpack_name)
+
+          if buildpack && buildpack.state != Buildpack::READY_STATE
+            raise InvalidApp.new("#{buildpack.name.inspect} must be in ready state")
+            # errors.add(:buildpack, "#{buildpack.name.inspect} must be in ready state")
+          end
+        end
+      end
+    end
   end
 end