fix(plumber): check if DT permits user to partially rebuild pipeline (#427)

## 📝 Description
Refreshed protos, in partial_rebuild action checks if deployment target
policy allows user to run the pipeline
## ✅ Checklist
- [x] I have tested this change
- [ ] This change requires documentation update

Author: hamir-suspect

plumber/gofer_client/lib/gofer_client.ex

@@ -36,4 +36,11 @@ defmodule GoferClient do
     |> GrpcClient.pipeline_done()
     |> ResponseParser.process_pipeline_done_response()
   end
+
+  def verify_deployment_target_access(target_id, triggerer, git_ref_type, git_ref_label) do
+    target_id
+    |> RequestFormatter.form_verify_request(triggerer, git_ref_type, git_ref_label)
+    |> GrpcClient.verify_deployment_target_access()
+    |> ResponseParser.process_verify_response()
+  end
 end

plumber/gofer_client/lib/gofer_client/grpc_client.ex

@@ -6,6 +6,7 @@ defmodule GoferClient.GrpcClient do
   """
 
   alias InternalApi.Gofer.Switch
+  alias InternalApi.Gofer.DeploymentTargets
   alias Util.Metrics
   alias LogTee, as: LT
 
@@ -54,6 +55,26 @@ defmodule GoferClient.GrpcClient do
     end)
   end
 
+  # Verify Deployment Target Access
+
+  def verify_deployment_target_access({:ok, verify_request}) do
+    result = Wormhole.capture(__MODULE__, :verify_deployment_target_access_, [verify_request], stacktrace: true, timeout: 2_345)
+    case result do
+      {:ok, result} -> result
+      error -> error
+    end
+  end
+  def verify_deployment_target_access(error), do: error
+
+  def verify_deployment_target_access_(verify_request) do
+    {:ok, channel} = GRPC.Stub.connect(url())
+    Metrics.benchmark("Ppl.gofer_client.grpc_client", "verify_deployment_target", fn ->
+      channel
+      |> DeploymentTargets.DeploymentTargets.Stub.verify(verify_request, opts())
+      |> is_ok?("verify_deployment_target")
+    end)
+  end
+
   # Utility
 
   defp is_ok?(response = {:ok, _rsp}, _method), do: response

plumber/gofer_client/lib/gofer_client/request_formatter.ex

@@ -5,6 +5,7 @@ defmodule GoferClient.RequestFormatter do
   """
 
   alias InternalApi.Gofer.{CreateRequest, PipelineDoneRequest, GitRefType}
+  alias InternalApi.Gofer.DeploymentTargets.VerifyRequest
   alias Util.{ToTuple, Proto}
 
   # Create
@@ -79,4 +80,18 @@ defmodule GoferClient.RequestFormatter do
     "One or more of these params: #{inspect switch_id}, #{inspect result} and #{inspect result_reason} is not string."
     |> ToTuple.error()
   end
+
+  # Verify
+
+  def form_verify_request(target_id, triggerer, git_ref_type, git_ref_label)
+    when is_binary(target_id) and is_binary(triggerer) and is_binary(git_ref_type) and is_binary(git_ref_label) do
+    verify_params = %{target_id: target_id, triggerer: triggerer, git_ref_type: git_ref_type, git_ref_label: git_ref_label}
+
+    Proto.deep_new(VerifyRequest, verify_params,
+      transformations: %{VerifyRequest.GitRefType => {__MODULE__, :string_to_enum_atom}})
+  end
+  def form_verify_request(target_id, triggerer, git_ref_type, git_ref_label) do
+    "One or more of these params: #{inspect target_id}, #{inspect triggerer}, #{inspect git_ref_type} and #{inspect git_ref_label} is not in the expected format."
+    |> ToTuple.error()
+  end
 end

plumber/gofer_client/lib/gofer_client/response_parser.ex

@@ -5,6 +5,7 @@ defmodule GoferClient.ResponseParser do
   """
 
   alias InternalApi.Gofer.ResponseStatus.ResponseCode
+  alias InternalApi.Gofer.DeploymentTargets.VerifyResponse.Status
   alias LogTee, as: LT
   alias Util.ToTuple
 
@@ -47,15 +48,44 @@ defmodule GoferClient.ResponseParser do
 
   def process_pipeline_done_response(error), do: error
 
+  # Verify
+
+  def process_verify_response({:ok, response}) do
+    with true <- is_map(response),
+         {:ok, status} <- Map.fetch(response, :status),
+         status_atom <- verify_status_value(status)
+    do
+      handle_verify_status(status_atom, response)
+    else
+      _ -> log_invalid_response(response, "verify")
+    end
+  end
+
+  def process_verify_response(error), do: error
+
   # Util
 
+  defp handle_verify_status(:ACCESS_GRANTED, _response), do: {:ok, :access_granted}
+  defp handle_verify_status(:SYNCING_TARGET, _response), do: {:error, :syncing_target}
+  defp handle_verify_status(:BANNED_SUBJECT, _response), do: {:error, :banned_subject}
+  defp handle_verify_status(:BANNED_OBJECT, _response), do: {:error, :banned_object}
+  defp handle_verify_status(:CORDONED_TARGET, _response), do: {:error, :cordoned_target}
+  defp handle_verify_status(:CORRUPTED_TARGET, _response), do: {:error, :corrupted_target}
+  defp handle_verify_status(_status_atom, response), do: log_invalid_response(response, "verify")
+
   defp response_code_value(%{code: code}) do
     ResponseCode.key(code)
   rescue _ ->
     nil
   end
   defp response_code_value(_), do: nil
 
+  defp verify_status_value(status) do
+    Status.key(status)
+  rescue _ ->
+    nil
+  end
+
   defp log_invalid_response(response, rpc_method) do
     response
     |> LT.error("Gofer service responded to #{rpc_method} with :ok and invalid data:")

plumber/ppl/lib/ppl/grpc/server.ex

@@ -418,13 +418,17 @@ defmodule Ppl.Grpc.Server do
            {:ok, false}       <- project_deleted?(ppl.project_id),
            {"done", result} when result != "passed"
                               <- {ppl.state, ppl.result},
+            {:ok, ppl_req}     <- PplRequestsQueries.get_by_id(request.ppl_id),
+            {:ok}              <- verify_deployment_target_permission(ppl_req, request.user_id),
             {:ok, ppl_id}     <- Actions.partial_rebuild(request)
       do
         Proto.deep_new!(PartialRebuildResponse,
                         %{ppl_id: ppl_id, response_status: %{code: :OK}})
       else
         {:error, {:project_deleted, project_id}} ->
           responed_refused(PartialRebuildResponse, "Project with id #{project_id} was deleted.")
+        {:error, {:deployment_target_permission_denied, reason}} ->
+          rebuild_error_resp("Access to deployment target denied: #{inspect reason}")
         {:error, message} ->
           rebuild_error_resp("#{inspect message}")
         {"done", "passed"} ->
@@ -491,6 +495,22 @@ defmodule Ppl.Grpc.Server do
   defp limit_status(message),
     do: ResponseStatus.new(code: ResponseCode.value(:LIMIT_EXCEEDED), message: to_str(message))
 
+  defp verify_deployment_target_permission(%{request_args: %{"deployment_target_id" => ""}}, _user_id), do: {:ok}
+  defp verify_deployment_target_permission(%{request_args: %{"deployment_target_id" => nil}}, _user_id), do: {:ok}
+  defp verify_deployment_target_permission(%{
+    request_args: %{"deployment_target_id" => deployment_target_id, "label" => label},
+    source_args: %{"git_ref_type" => git_ref_type}
+  }, user_id) when is_binary(git_ref_type) and is_binary(label) and label != "" do
+    case GoferClient.verify_deployment_target_access(deployment_target_id, user_id, git_ref_type, label) do
+      {:ok, :access_granted} -> {:ok}
+      {:error, reason} -> {:error, {:deployment_target_permission_denied, reason}}
+      error -> {:error, {:deployment_target_permission_denied, error}}
+    end
+  end
+  defp verify_deployment_target_permission(%{request_args: %{"deployment_target_id" => deployment_target_id}}, _user_id) when is_binary(deployment_target_id) and deployment_target_id != "",
+   do: {:error, {:deployment_target_permission_denied, "Missing label or git_ref_type"}}
+  defp verify_deployment_target_permission(_, _), do: {:ok}
+
   defp string_keys(map), do: map |> Poison.encode!() |> Poison.decode!()
 
   defp to_str(term) when is_binary(term), do: term

plumber/ppl/test/grpc/server_test.exs

@@ -1,6 +1,7 @@
 defmodule Ppl.Grpc.Server.Test do
   use Ppl.IntegrationCase
   @moduletag capture_log: true
+  import Mock
   alias Test.Helpers
   alias Util.{ToTuple, Proto}
   alias Ppl.PplRequests.Model.PplRequestsQueries
@@ -2208,6 +2209,85 @@ defmodule Ppl.Grpc.Server.Test do
     assert new_ppl_id_1 == new_ppl_id_2
   end
 
+  @tag :integration
+  test "gRPC partial_rebuild() - succeeds when no deployment target is specified" do
+    {:ok, %{ppl_id: ppl_id}} =
+      %{"repo_name" => "14_free_topology_failing_block"}
+      |> Test.Helpers.schedule_request_factory(:local)
+      |> Actions.schedule()
+
+    loopers = Test.Helpers.start_all_loopers()
+    {:ok, _ppl} = Test.Helpers.wait_for_ppl_state(ppl_id, "done", 20_000)
+    Test.Helpers.stop_all_loopers(loopers)
+
+    request_token = UUID.uuid4()
+    new_ppl_id = assert_partial_rebuild(ppl_id, request_token, :ok)
+    assert is_binary(new_ppl_id)
+  end
+
+  @tag :integration
+  test "gRPC partial_rebuild() - fails when deployment target permission is denied" do
+    deployment_target_id = UUID.uuid4()
+    {:ok, %{ppl_id: ppl_id}} = create_pipeline_with_deployment_target(deployment_target_id)
+
+    # Mock GoferClient to return access denied
+    with_mock GoferClient, [
+      verify_deployment_target_access: fn(_, _, _, _) -> {:error, :banned_subject} end
+    ] do
+      expected_message = "Access to deployment target denied: :banned_subject"
+      assert_partial_rebuild(ppl_id, UUID.uuid4(), :error, expected_message)
+    end
+  end
+
+  @tag :integration
+  test "gRPC partial_rebuild() - succeeds when deployment target permission is granted" do
+    deployment_target_id = UUID.uuid4()
+    {:ok, %{ppl_id: ppl_id}} = create_pipeline_with_deployment_target(deployment_target_id)
+
+    # Mock GoferClient to return access granted
+    with_mock GoferClient, [
+      verify_deployment_target_access: fn(_, _, _, _) -> {:ok, :access_granted} end
+    ] do
+      request_token = UUID.uuid4()
+      new_ppl_id = assert_partial_rebuild(ppl_id, request_token, :ok)
+      assert is_binary(new_ppl_id)
+    end
+  end
+
+  @tag :integration
+  test "gRPC partial_rebuild() - fails when deployment target verification returns error" do
+    deployment_target_id = UUID.uuid4()
+    {:ok, %{ppl_id: ppl_id}} = create_pipeline_with_deployment_target(deployment_target_id)
+
+    # Mock GoferClient to return syncing target error
+    with_mock GoferClient, [
+      verify_deployment_target_access: fn(_, _, _, _) -> {:error, :syncing_target} end
+    ] do
+      expected_message = "Access to deployment target denied: :syncing_target"
+      assert_partial_rebuild(ppl_id, UUID.uuid4(), :error, expected_message)
+    end
+  end
+
+  defp create_pipeline_with_deployment_target(deployment_target_id) do
+    source_args = Test.Support.RequestFactory.source_args(%{})
+
+    %{
+      "repo_name" => "14_free_topology_failing_block",
+      "deployment_target_id" => deployment_target_id
+    }
+    |> Test.Helpers.schedule_request_factory(:local)
+    |> Map.put("source_args", source_args)
+    |> Actions.schedule()
+    |> case do
+      {:ok, %{ppl_id: ppl_id}} = result ->
+        loopers = Test.Helpers.start_all_loopers()
+        {:ok, _ppl} = Test.Helpers.wait_for_ppl_state(ppl_id, "done", 20_000)
+        Test.Helpers.stop_all_loopers(loopers)
+        result
+      error -> error
+    end
+  end
+
   defp assert_partial_rebuild(ppl_id, request_token, expected_status, expected_message \\ "") do
     request =
       %{ppl_id: ppl_id, request_token: request_token, user_id: "rebuild_user"}

plumber/proto/Makefile

@@ -31,6 +31,7 @@ endif
 	docker run --rm -v $(PWD):/home/protoc/code -v $(TMP_INTERNAL_REPO_DIR):/home/protoc/source renderedtext/protoc:$(RT_PROTOC_IMG_VSN) protoc -I /home/protoc/source -I /home/protoc/source/include --elixir_out=plugins=grpc:$(RELATIVE_INTERNAL_PB_OUTPUT_DIR) --plugin=/root/.mix/escripts/protoc-gen-elixir /home/protoc/source/include/google/rpc/status.proto
 	docker run --rm -v $(PWD):/home/protoc/code -v $(TMP_INTERNAL_REPO_DIR):/home/protoc/source renderedtext/protoc:$(RT_PROTOC_IMG_VSN) protoc -I /home/protoc/source -I /home/protoc/source/include --elixir_out=plugins=grpc:$(RELATIVE_INTERNAL_PB_OUTPUT_DIR) --plugin=/root/.mix/escripts/protoc-gen-elixir /home/protoc/source/include/google/rpc/code.proto
 	docker run --rm -v $(PWD):/home/protoc/code -v $(TMP_INTERNAL_REPO_DIR):/home/protoc/source renderedtext/protoc:$(RT_PROTOC_IMG_VSN) protoc -I /home/protoc/source -I /home/protoc/source/include --elixir_out=plugins=grpc:$(RELATIVE_INTERNAL_PB_OUTPUT_DIR) --plugin=/root/.mix/escripts/protoc-gen-elixir /home/protoc/source/gofer.switch.proto
+	docker run --rm -v $(PWD):/home/protoc/code -v $(TMP_INTERNAL_REPO_DIR):/home/protoc/source renderedtext/protoc:$(RT_PROTOC_IMG_VSN) protoc -I /home/protoc/source -I /home/protoc/source/include --elixir_out=plugins=grpc:$(RELATIVE_INTERNAL_PB_OUTPUT_DIR) --plugin=/root/.mix/escripts/protoc-gen-elixir /home/protoc/source/gofer.dt.proto
 	docker run --rm -v $(PWD):/home/protoc/code -v $(TMP_INTERNAL_REPO_DIR):/home/protoc/source renderedtext/protoc:$(RT_PROTOC_IMG_VSN) protoc -I /home/protoc/source -I /home/protoc/source/include --elixir_out=plugins=grpc:$(RELATIVE_INTERNAL_PB_OUTPUT_DIR) --plugin=/root/.mix/escripts/protoc-gen-elixir /home/protoc/source/organization.proto
 	docker run --rm -v $(PWD):/home/protoc/code -v $(TMP_INTERNAL_REPO_DIR):/home/protoc/source renderedtext/protoc:$(RT_PROTOC_IMG_VSN) protoc -I /home/protoc/source -I /home/protoc/source/include --elixir_out=plugins=grpc:$(RELATIVE_INTERNAL_PB_OUTPUT_DIR) --plugin=/root/.mix/escripts/protoc-gen-elixir /home/protoc/source/paparazzo.snapshot.proto
 	docker run --rm -v $(PWD):/home/protoc/code -v $(TMP_INTERNAL_REPO_DIR):/home/protoc/source renderedtext/protoc:$(RT_PROTOC_IMG_VSN) protoc -I /home/protoc/source -I /home/protoc/source/include --elixir_out=plugins=grpc:$(RELATIVE_INTERNAL_PB_OUTPUT_DIR) --plugin=/root/.mix/escripts/protoc-gen-elixir /home/protoc/source/plumber.pipeline.proto