Fail for revoked iterations (#11492)

* Fail for revoked iterations * check if iteration is revoked on GetIteration * fix fmt
4 years ago · 9ffd7ce938
parent b3a3536068
commit 9ffd7ce938
5 changed files with 32 additions and 21 deletions
--- a/datasource/hcp-packer-image/data.go
+++ b/datasource/hcp-packer-image/data.go
@ -120,12 +120,11 @@ func (d *Datasource) Execute() (cty.Value, error) {
 	log.Printf("[INFO] Reading info from HCP Packer registry (%s) [project_id=%s, organization_id=%s, iteration_id=%s]",
 		d.config.Bucket, cli.ProjectID, cli.OrganizationID, d.config.IterationID)

-	getIterationResp, err := cli.GetIteration(ctx, d.config.Bucket, packerregistry.GetIteration_byID(d.config.IterationID))
+	iteration, err := cli.GetIteration(ctx, d.config.Bucket, packerregistry.GetIteration_byID(d.config.IterationID))
 	if err != nil {
 		return cty.NullVal(cty.EmptyObject), fmt.Errorf("error retrieving "+
 			"image iteration from HCP Packer registry: %s", err.Error())
 	}
-	iteration := getIterationResp.Payload.Iteration

 	output := DatasourceOutput{}

--- a/go.mod
+++ b/go.mod
@ -23,7 +23,7 @@ require (
 	github.com/hashicorp/go-uuid v1.0.2
 	github.com/hashicorp/go-version v1.3.0
 	github.com/hashicorp/hcl/v2 v2.11.1
-	github.com/hashicorp/hcp-sdk-go v0.13.1-0.20211004174420-0f36fadb8a34
+	github.com/hashicorp/hcp-sdk-go v0.15.1-0.20220112153249-f565607d7cc4
 	github.com/hashicorp/packer-plugin-amazon v1.0.6
 	github.com/hashicorp/packer-plugin-sdk v0.2.11
 	github.com/jehiah/go-strftime v0.0.0-20171201141054-1d33003b3869
--- a/go.sum
+++ b/go.sum
@ -695,8 +695,8 @@ github.com/hashicorp/hcl/v2 v2.10.0/go.mod h1:FwWsfWEjyV/CMj8s/gqAuiviY72rJ1/oay
 github.com/hashicorp/hcl/v2 v2.10.1/go.mod h1:FwWsfWEjyV/CMj8s/gqAuiviY72rJ1/oayI9WftqcKg=
 github.com/hashicorp/hcl/v2 v2.11.1 h1:yTyWcXcm9XB0TEkyU/JCRU6rYy4K+mgLtzn2wlrJbcc=
 github.com/hashicorp/hcl/v2 v2.11.1/go.mod h1:FwWsfWEjyV/CMj8s/gqAuiviY72rJ1/oayI9WftqcKg=
-github.com/hashicorp/hcp-sdk-go v0.13.1-0.20211004174420-0f36fadb8a34 h1:Zsp79OtAdC+JTsHnbZtAtNihM/jzbDhT09kMYpVrznk=
-github.com/hashicorp/hcp-sdk-go v0.13.1-0.20211004174420-0f36fadb8a34/go.mod h1:z0I0eZ+TVJJ7pycnCzMM/ouOw5D5Qnp/zylNXkqGEX0=
+github.com/hashicorp/hcp-sdk-go v0.15.1-0.20220112153249-f565607d7cc4 h1:H4V7J/mUKzMpmTqnnDloH0r7mk2Jwn4oKUvealKE9cQ=
+github.com/hashicorp/hcp-sdk-go v0.15.1-0.20220112153249-f565607d7cc4/go.mod h1:z0I0eZ+TVJJ7pycnCzMM/ouOw5D5Qnp/zylNXkqGEX0=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
 github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
 github.com/hashicorp/mdns v1.0.1/go.mod h1:4gW7WsVCke5TE7EPeYliwHlRUyBtfCwuFwuMg2DmyNY=
--- a/internal/registry/service.go
+++ b/internal/registry/service.go
@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"time"

 	"github.com/hashicorp/hcp-sdk-go/clients/cloud-packer-service/preview/2021-04-30/client/packer_service"
 	"github.com/hashicorp/hcp-sdk-go/clients/cloud-packer-service/preview/2021-04-30/models"
@ -110,12 +111,7 @@ var (
 	}
 )

-func (client *Client) GetIteration(
-	ctx context.Context,
-	bucketSlug string,
-	opts ...GetIterationOption,
-) (*packer_service.PackerServiceGetIterationOK, error) {
-
+func (client *Client) GetIteration(ctx context.Context, bucketSlug string, opts ...GetIterationOption) (*models.HashicorpCloudPackerIteration, error) {
 	getItParams := packer_service.NewPackerServiceGetIterationParams()
 	getItParams.LocationOrganizationID = client.OrganizationID
 	getItParams.LocationProjectID = client.ProjectID
@ -125,7 +121,22 @@ func (client *Client) GetIteration(
 		opt(getItParams)
 	}

-	return client.Packer.PackerServiceGetIteration(getItParams, nil)
+	resp, err := client.Packer.PackerServiceGetIteration(getItParams, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	if resp.Payload.Iteration != nil {
+		if !time.Time(resp.Payload.Iteration.RevokeAt).IsZero() {
+			// If RevokeAt is not a zero date, it means this iteration is revoked and should not be used
+			// to build new images.
+			return nil, fmt.Errorf("the iteration %s is revoked and can not be used on Packer builds",
+				resp.Payload.Iteration.ID)
+		}
+		return resp.Payload.Iteration, nil
+	}
+
+	return nil, fmt.Errorf("something went wrong retrieving the iteration for bucket %s", bucketSlug)
 }

 func (client *Client) CreateBuild(
@ -222,7 +233,7 @@ func (client *Client) UpdateBuild(
 	return resp.Payload.Build.ID, nil
 }

-// GetChannel loads the iterationId associated with a current channel. If the
+// GetIterationFromChannel loads the iterationId associated with a current channel. If the
 // channel does not exist in HCP Packer, GetChannel returns an error.
 func (client *Client) GetIterationFromChannel(
 	ctx context.Context,
@ -242,10 +253,14 @@ func (client *Client) GetIterationFromChannel(
 	}

 	if resp.Payload.Channel != nil {
-		if resp.Payload.Channel.Pointer != nil {
-			// The channel payload contains a pointer, which points to the
-			// iteration. Reach into the pointer to get the desired iteration.
-			return resp.Payload.Channel.Pointer.Iteration, nil
+		if resp.Payload.Channel.Iteration != nil {
+			if !time.Time(resp.Payload.Channel.Iteration.RevokeAt).IsZero() {
+				// If RevokeAt is not a zero date, it means this iteration is revoked and should not be used
+				// to build new images.
+				return nil, fmt.Errorf("the iteration associated with the channel %s is revoked and can not be used on Packer builds",
+					channelName)
+			}
+			return resp.Payload.Channel.Iteration, nil
 		}
 		return nil, fmt.Errorf("there is no iteration associated with the channel %s",
 			channelName)
--- a/internal/registry/types.bucket.go
+++ b/internal/registry/types.bucket.go
@ -279,13 +279,10 @@ func (b *Bucket) createIteration() (*models.HashicorpCloudPackerIteration, error

 func (b *Bucket) initializeIteration(ctx context.Context) error {
 	// load existing iteration using fingerprint.
-	createIterationResp, err := b.client.GetIteration(ctx, b.Slug, GetIteration_byFingerprint(b.Iteration.Fingerprint))
-	var iteration *models.HashicorpCloudPackerIteration
+	iteration, err := b.client.GetIteration(ctx, b.Slug, GetIteration_byFingerprint(b.Iteration.Fingerprint))
 	if checkErrorCode(err, codes.Aborted) {
 		// probably means Iteration doesn't exist need a way to check the error
 		iteration, err = b.createIteration()
-	} else {
-		iteration = createIterationResp.Payload.Iteration
 	}

 	if err != nil {