Merge pull request #15 from agrasth/RTDEV-50754

Worker Sample Improvement for restrict-overwrite

Author: yashprit-jfrog

samples/artifactory/BEFORE_COPY/restrict-overwrite/README.md

@@ -0,0 +1,57 @@
+# Artifactory Restrict Overwrite: Before Copy
+
+## Overview
+The "Restrict Overwrite: Before Copy" worker script enforces immutability by preventing overwrites of artifacts during the "copy" operation in JFrog Artifactory. It ensures that artifacts cannot be accidentally replaced, maintaining consistency and integrity across deployments.
+
+## Features
+- **Overwrite Protection**: Blocks attempts to copy artifacts if an artifact with the same name already exists in the target path.
+- **Folder Handling**: If the target is a folder, the script allows the operation only when the folder is empty.
+- **Error Logging**: Logs all operations, including failed attempts, for debugging and auditing purposes.
+
+## Behavior
+- If the target artifact already exists:
+  - The script stops the operation and returns a message indicating the conflict.
+- If the target artifact does not exist:
+  - The operation proceeds without interruption.
+
+## Example Responses
+### File Does Not Exist
+```json
+{
+  "status": 1
+}
+```
+### File Already Exists
+```json
+{
+  "status": 2,
+  "message": "example-repo:file.txt already exists"
+}
+```
+## Usage
+
+### Execution Flow
+1. **Trigger Point**: This worker script is triggered before the "copy" operation in Artifactory.
+    
+2. **AQL Query**: The script runs an AQL query to check if the target artifact exists in the specified repository path.
+    
+3. **Decision**: Based on the existence of the target artifact:
+    - **Proceed**: If the artifact does not exist.
+    - **Stop**: If the artifact already exists, with an appropriate error message.
+
+### Implementation Notes
+- **Logging**: All operations and exceptions are logged for traceability.
+    
+- **AQL Query**: The AQL query fetches information about the target artifact, including its type (file or folder).
+
+## Limitations
+- **Specific to Copy**: This script applies only to the "before copy" trigger. Separate implementations are required for "before create," "before upload," and "before move" operations.
+    
+- **Flat Repositories**: The script supports flat repository structures. For deeply nested repositories, ensure the paths are correctly configured.
+
+## Notes
+- **Immutability Enforcement**: Ensures existing artifacts remain unchanged unless explicitly deleted beforehand.
+    
+- **Folder Handling**: Prevents overwrites only if the folder already exists and is not empty.
+    
+- **Error Logging**: Provides detailed logs for troubleshooting and auditing.

samples/artifactory/BEFORE_COPY/restrict-overwrite/manifest.json

@@ -0,0 +1,16 @@
+{
+    "name": "restrict-overwrite",
+    "description": "Restrict overwrite",
+    "filterCriteria": {
+        "artifactFilterCriteria": {
+            "repoKeys": [
+                "example-repo-local"
+            ]
+        }
+    },
+    "secrets": {},
+    "sourceCodePath": "./worker.ts",
+    "action": "BEFORE_COPY",
+    "enabled": false,
+    "debug": true
+}

samples/artifactory/BEFORE_COPY/restrict-overwrite/package.json

@@ -0,0 +1,40 @@
+{
+  "name": "restrict-overwrite",
+  "description": "Run a script on BEFORE_COPY",
+  "version": "1.0.0",
+  "scripts": {
+    "deploy": "jf worker deploy",
+    "undeploy": "jf worker rm \"restrict-overwrite\"",
+    "test": "jest"
+  },
+  "license": "ISC",
+  "devDependencies": {
+    "jfrog-workers": "^0.4.0",
+    "@golevelup/ts-jest": "^0.4.0",
+    "@types/jest": "^29.5.12",
+    "jest": "^29.7.0",
+    "jest-jasmine2": "^29.7.0",
+    "ts-jest": "^29.1.2"
+  },
+  "jest": {
+    "moduleFileExtensions": [
+      "ts",
+      "js"
+    ],
+    "rootDir": ".",
+    "testEnvironment": "node",
+    "clearMocks": true,
+    "maxConcurrency": 1,
+    "testRegex": "\\.spec\\.ts$",
+    "moduleDirectories": ["node_modules"],
+    "collectCoverageFrom": [
+      "**/*.ts"
+    ],
+    "coverageDirectory": "../coverage",
+    "transform": {
+      "^.+\\.(t|j)s$": "ts-jest"
+    },
+    "testRunner": "jest-jasmine2",
+    "verbose": true
+  }
+}

samples/artifactory/BEFORE_COPY/restrict-overwrite/tsconfig.json

@@ -0,0 +1,15 @@
+{
+    "compilerOptions": {
+        "module": "commonjs",
+        "declaration": true,
+        "target": "es2017",
+        "skipLibCheck": true,
+        "forceConsistentCasingInFileNames": false,
+        "noFallthroughCasesInSwitch": false,
+        "allowJs": true
+    },
+    "include": [
+        "**/*.ts",
+        "node_modules/@types/**/*.d.ts"
+    ]
+}

samples/artifactory/BEFORE_COPY/restrict-overwrite/worker.spec.ts

@@ -0,0 +1,29 @@
+import { PlatformContext, BeforeCopyRequest, PlatformClients, PlatformHttpClient, ActionStatus } from 'jfrog-workers';
+import { createMock, DeepMocked } from '@golevelup/ts-jest';
+import runWorker from './worker';
+
+describe("restrict-overwrite tests", () => {
+    let context: DeepMocked<PlatformContext>;
+    let request: DeepMocked<BeforeCopyRequest>;
+
+    beforeEach(() => {
+        context = createMock<PlatformContext>({
+            clients: createMock<PlatformClients>({
+                platformHttp: createMock<PlatformHttpClient>({
+                    get: jest.fn().mockResolvedValue({ status: 200 })
+                })
+            })
+        });
+        request = createMock<BeforeCopyRequest>({
+            metadata: { repoPath: { key: 'my-repo', path: 'artifact.txt' } }
+        });
+    })
+
+    it('should run', async () => {
+        await expect(runWorker(context, request)).resolves.toEqual(expect.objectContaining({
+            message: 'Overwritten by worker-service if an error occurs.',
+            status: ActionStatus.PROCEED,
+            modifiedRepoPath: { key: 'my-repo', path: 'artifact.txt' }
+        }))
+    })
+});

samples/artifactory/BEFORE_COPY/restrict-overwrite/worker.ts

@@ -0,0 +1,56 @@
+import { PlatformContext, BeforeCopyRequest, BeforeCopyResponse, ActionStatus} from 'jfrog-workers';
+
+
+export default async function (context: PlatformContext, data: BeforeCopyRequest): Promise<Partial<BeforeCopyResponse>> {
+    try {
+        return restrictOverwrite(context, data);
+    } catch (x) {
+        return { status: ActionStatus.STOP, message: x.message };
+    }
+}
+
+async function restrictOverwrite(context: PlatformContext, data: BeforeCopyRequest): Promise<Partial<BeforeCopyResponse>> {
+    const existingItem = await getExistingItemInfo(context, data.targetRepoPath);
+
+    if (existingItem && !(data.metadata.repoPath.isFolder && existingItem.isFolder)) {
+        return {
+            status: ActionStatus.STOP,
+            message: `${data.metadata.repoPath.id} already exists`,
+        };
+    }
+
+    return { status: ActionStatus.PROCEED };
+}
+
+async function getExistingItemInfo(context: PlatformContext, repoPath: RepoPath): Promise<RepoItemInfo | undefined> {
+    const pathParts = repoPath.path.split('/')
+    const query = {
+        repo: repoPath.key,
+        path:  pathParts.length === 1 ? '.' : pathParts.slice(0, pathParts.length - 1).join('/'),
+        name: pathParts[pathParts.length - 1]
+    };
+    const aqlResult = await runAql(context, `items.find(${JSON.stringify(query)}).include("type").limit(1)`)
+    if (aqlResult.length) {
+        return { isFolder: aqlResult[0].type === 'folder' };
+    }
+}
+
+async function runAql(context: PlatformContext, query: string) {
+    console.log(`Running AQL: ${query}`)
+    try {
+        const queryResponse = await context.clients.platformHttp.post(
+                '/artifactory/api/search/aql',
+                query,
+                {
+                    'Content-Type': 'text/plain'
+                });
+        return (queryResponse.data.results || []) as Array<any>;
+    } catch (x) {
+        console.log(`AQL query failed: ${x.message}`);
+    }
+    return [];
+}
+
+interface RepoItemInfo {
+    isFolder: boolean
+}

samples/artifactory/BEFORE_CREATE/restrict-overwrite/README.md

@@ -0,0 +1,60 @@
+
+# Artifactory Restrict Overwrite: Before Create
+
+## Overview
+
+The "Restrict Overwrite: Before Create" worker script enforces immutability by preventing overwrites of artifacts during the "create" operation in JFrog Artifactory. It ensures that artifacts cannot be accidentally replaced, maintaining consistency and integrity across deployments.
+
+## Features
+
+- **Overwrite Protection**: Blocks attempts to create artifacts if an artifact with the same name already exists in the target path.
+- **Folder Handling**: If the target is a folder, the script allows the operation only when the folder is empty.
+- **Error Logging**: Logs all operations, including failed attempts, for debugging and auditing purposes.
+
+## Behavior
+
+- If the target artifact already exists:
+  - The script stops the operation and returns a message indicating the conflict.
+- If the target artifact does not exist:
+  - The operation proceeds without interruption.
+
+## Example Responses
+
+### File Does Not Exist
+```json
+{
+  "status": 1
+}
+```
+
+### File Already Exists
+```json
+{
+  "status": 2,
+  "message": "example-repo:file.txt already exists"
+}
+```
+
+## Usage
+
+### Execution Flow
+1. **Trigger Point**: This worker script is triggered before the "create" operation in Artifactory.
+2. **AQL Query**: The script runs an AQL query to check if the target artifact exists in the specified repository path.
+3. **Decision**: Based on the existence of the target artifact:
+   - **Proceed**: If the artifact does not exist.
+   - **Stop**: If the artifact already exists, with an appropriate error message.
+
+### Implementation Notes
+- **Logging**: All operations and exceptions are logged for traceability.
+- **AQL Query**: The AQL query fetches information about the target artifact, including its type (file or folder).
+
+## Limitations
+
+- **Specific to Create**: This script applies only to the "before create" trigger. Separate implementations are required for "before upload," "before copy," and "before move" operations.
+- **Flat Repositories**: The script supports flat repository structures. For deeply nested repositories, ensure the paths are correctly configured.
+
+## Notes
+
+- **Immutability Enforcement**: Ensures existing artifacts remain unchanged unless explicitly deleted beforehand.
+- **Folder Handling**: Prevents overwrites only if the folder already exists and is not empty.
+- **Error Logging**: Provides detailed logs for troubleshooting and auditing.

samples/artifactory/BEFORE_CREATE/restrict-overwrite/manifest.json

@@ -0,0 +1,16 @@
+{
+    "name": "restrict-overwrite",
+    "description": "Restrict overwrite",
+    "filterCriteria": {
+        "artifactFilterCriteria": {
+            "repoKeys": [
+                "example-repo-local"
+            ]
+        }
+    },
+    "secrets": {},
+    "sourceCodePath": "./worker.ts",
+    "action": "BEFORE_CREATE",
+    "enabled": false,
+    "debug": true
+}

samples/artifactory/BEFORE_CREATE/restrict-overwrite/package.json

@@ -0,0 +1,40 @@
+{
+  "name": "restrict-overwrite",
+  "description": "Run a script on BEFORE_CREATE",
+  "version": "1.0.0",
+  "scripts": {
+    "deploy": "jf worker deploy",
+    "undeploy": "jf worker rm \"restrict-overwrite\"",
+    "test": "jest"
+  },
+  "license": "ISC",
+  "devDependencies": {
+    "jfrog-workers": "^0.4.0",
+    "@golevelup/ts-jest": "^0.4.0",
+    "@types/jest": "^29.5.12",
+    "jest": "^29.7.0",
+    "jest-jasmine2": "^29.7.0",
+    "ts-jest": "^29.1.2"
+  },
+  "jest": {
+    "moduleFileExtensions": [
+      "ts",
+      "js"
+    ],
+    "rootDir": ".",
+    "testEnvironment": "node",
+    "clearMocks": true,
+    "maxConcurrency": 1,
+    "testRegex": "\\.spec\\.ts$",
+    "moduleDirectories": ["node_modules"],
+    "collectCoverageFrom": [
+      "**/*.ts"
+    ],
+    "coverageDirectory": "../coverage",
+    "transform": {
+      "^.+\\.(t|j)s$": "ts-jest"
+    },
+    "testRunner": "jest-jasmine2",
+    "verbose": true
+  }
+}

samples/artifactory/BEFORE_CREATE/restrict-overwrite/tsconfig.json

@@ -0,0 +1,15 @@
+{
+    "compilerOptions": {
+        "module": "commonjs",
+        "declaration": true,
+        "target": "es2017",
+        "skipLibCheck": true,
+        "forceConsistentCasingInFileNames": false,
+        "noFallthroughCasesInSwitch": false,
+        "allowJs": true
+    },
+    "include": [
+        "**/*.ts",
+        "node_modules/@types/**/*.d.ts"
+    ]
+}

samples/artifactory/BEFORE_CREATE/restrict-overwrite/worker.spec.ts

@@ -0,0 +1,29 @@
+import { PlatformContext, BeforeCreateRequest, PlatformClients, PlatformHttpClient, ActionStatus } from 'jfrog-workers';
+import { createMock, DeepMocked } from '@golevelup/ts-jest';
+import runWorker from './worker';
+
+describe("restrict-overwrite tests", () => {
+    let context: DeepMocked<PlatformContext>;
+    let request: DeepMocked<BeforeCreateRequest>;
+
+    beforeEach(() => {
+        context = createMock<PlatformContext>({
+            clients: createMock<PlatformClients>({
+                platformHttp: createMock<PlatformHttpClient>({
+                    get: jest.fn().mockResolvedValue({ status: 200 })
+                })
+            })
+        });
+        request = createMock<BeforeCreateRequest>({
+            metadata: { repoPath: { key: 'my-repo', path: 'artifact.txt' } }
+        });
+    })
+
+    it('should run', async () => {
+        await expect(runWorker(context, request)).resolves.toEqual(expect.objectContaining({
+            message: 'Overwritten by worker-service if an error occurs.',
+            status: ActionStatus.PROCEED,
+            modifiedRepoPath: { key: 'my-repo', path: 'artifact.txt' }
+        }))
+    })
+});