Merge pull request #934 from CircleCI-Public/fix/DEVEX-1019/backward-…

…compatibility-for-orb-validation DEVEX-1019: backward compatibility for orb validation
CircleCI-Public · May 10, 2023 · b7d2142 · b7d2142
2 parents 5da0619 + 854fc38
commit b7d2142
Show file tree

Hide file tree

Showing 3 changed files with 260 additions and 44 deletions.
diff --git a/api/api.go b/api/api.go
@@ -521,7 +521,28 @@ func OrbQuery(cl *graphql.Client, configPath string, ownerId string) (*ConfigRes
 		return nil, err
 	}
 
-	query := `
+	request, err := makeOrbRequest(cl, config, ownerId)
+	if err != nil {
+		return nil, err
+	}
+
+	err = cl.Run(request, &response)
+	if err != nil {
+		return nil, errors.Wrap(err, "Unable to validate config")
+	}
+
+	if len(response.OrbConfig.ConfigResponse.Errors) > 0 {
+		return nil, response.OrbConfig.ConfigResponse.Errors
+	}
+
+	return &response.OrbConfig.ConfigResponse, nil
+}
+
+func makeOrbRequest(cl *graphql.Client, configContent string, ownerId string) (*graphql.Request, error) {
+	handlesOwner := orbQueryHandleOwnerId(cl)
+
+	if handlesOwner {
+		query := `
 		query ValidateOrb ($config: String!, $owner: UUID) {
 			orbConfig(orbYaml: $config, ownerId: $owner) {
 				valid,
@@ -531,26 +552,91 @@ func OrbQuery(cl *graphql.Client, configPath string, ownerId string) (*ConfigRes
 			}
 		}`
 
-	request := graphql.NewRequest(query)
-	request.Var("config", config)
+		request := graphql.NewRequest(query)
+		request.Var("config", configContent)
+
+		if ownerId != "" {
+			request.Var("owner", ownerId)
+		}
+
+		request.SetToken(cl.Token)
+		return request, nil
+	}
 
 	if ownerId != "" {
-		request.Var("owner", ownerId)
+		return nil, errors.Errorf("Your version of server does not support validating orbs that refer private orbs")
 	}
+	query := `
+		query ValidateOrb ($config: String!) {
+			orbConfig(orbYaml: $config) {
+				valid,
+				errors { message },
+				sourceYaml,
+				outputYaml
+			}
+		}`
+
+	request := graphql.NewRequest(query)
+	request.Var("config", configContent)
 
 	request.SetToken(cl.Token)
+	return request, nil
+}
 
-	err = cl.Run(request, &response)
+type OrbIntrospectionResponse struct {
+	Schema struct {
+		Query struct {
+			Fields []struct {
+				Name string `json:"name"`
+				Args []struct {
+					Name string `json:"name"`
+				} `json:"args"`
+			} `json:"fields"`
+		} `json:"queryType"`
+	} `json:"__schema"`
+}
 
+func orbQueryHandleOwnerId(cl *graphql.Client) bool {
+	query := `
+query ValidateOrb {
+  __schema {
+    queryType {
+      fields(includeDeprecated: true) {
+        name
+        args {
+          name
+          __typename
+          type {
+            name
+          }
+        }
+      }
+    }
+  }
+}`
+	request := graphql.NewRequest(query)
+	response := OrbIntrospectionResponse{}
+	err := cl.Run(request, &response)
 	if err != nil {
-		return nil, errors.Wrap(err, "Unable to validate config")
+		return false
 	}
 
-	if len(response.OrbConfig.ConfigResponse.Errors) > 0 {
-		return nil, response.OrbConfig.ConfigResponse.Errors
+	request.SetToken(cl.Token)
+
+	// Find the orbConfig query method, look at its arguments, if it has the "ownerId" argument, return true
+	for _, field := range response.Schema.Query.Fields {
+		if field.Name == "orbConfig" {
+			for _, arg := range field.Args {
+				if arg.Name == "ownerId" {
+					return true
+				}
+			}
+		}
 	}
 
-	return &response.OrbConfig.ConfigResponse, nil
+	// else return false, ownerId is not supported
+
+	return false
 }
 
 // OrbImportVersion publishes a new version of an orb using the provided source and id.
@@ -1239,18 +1325,18 @@ func OrbSetOrbListStatus(cl *graphql.Client, namespace string, orb string, list
 	var response OrbSetOrbListStatusResponse
 
 	query := `
-		mutation($orbId: UUID!, $list: Boolean!) {
-			setOrbListStatus(
-				orbId: $orbId,
-				list: $list
-			) {
-				listed
-				errors { 
-					message
-					type 
-				}
-			}
+mutation($orbId: UUID!, $list: Boolean!) {
+	setOrbListStatus(
+		orbId: $orbId,
+		list: $list
+	) {
+		listed
+		errors {
+			message
+			type
 		}
+	}
+}
 	`
 
 	request := graphql.NewRequest(query)

diff --git a/clitest/data/orb_with_private.yml b/clitest/data/orb_with_private.yml
@@ -0,0 +1,11 @@
+version: 2.1
+
+orbs:
+  vuln-scanner: cci-internal/[email protected]
+
+jobs:
+  some-job:
+    executor: vuln-scanner/default
+    steps:
+      - run:
+          command: echo "Hello world"