ovh
diff --git a/‎engine/api/application.go
Lines changed: 7 additions & 0 deletions b/‎engine/api/application.go
Lines changed: 7 additions & 0 deletions
diff --git a/‎engine/api/application/application_parser.go
Lines changed: 14 additions & 3 deletions b/‎engine/api/application/application_parser.go
Lines changed: 14 additions & 3 deletions
diff --git a/‎engine/api/application/dao.go
Lines changed: 2 additions & 1 deletion b/‎engine/api/application/dao.go
Lines changed: 2 additions & 1 deletion
diff --git a/‎engine/api/application_deployment.go
Lines changed: 6 additions & 0 deletions b/‎engine/api/application_deployment.go
Lines changed: 6 additions & 0 deletions
diff --git a/‎engine/api/application_import.go
Lines changed: 1 addition & 1 deletion b/‎engine/api/application_import.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎engine/api/application_key.go
Lines changed: 7 additions & 0 deletions b/‎engine/api/application_key.go
Lines changed: 7 additions & 0 deletions
diff --git a/‎engine/api/application_variable.go
Lines changed: 9 additions & 0 deletions b/‎engine/api/application_variable.go
Lines changed: 9 additions & 0 deletions
diff --git a/‎engine/api/environment.go
Lines changed: 4 additions & 0 deletions b/‎engine/api/environment.go
Lines changed: 4 additions & 0 deletions
diff --git a/‎engine/api/environment/environment.go
Lines changed: 13 additions & 14 deletions b/‎engine/api/environment/environment.go
Lines changed: 13 additions & 14 deletions
diff --git a/‎engine/api/environment/environment_importer.go
Lines changed: 4 additions & 0 deletions b/‎engine/api/environment/environment_importer.go
Lines changed: 4 additions & 0 deletions
@@ -402,6 +402,10 @@ func (api *API) updateApplicationHandler() service.Handler {
 			return sdk.WrapError(errloadbyname, "updateApplicationHandler> Cannot load application %s", applicationName)
 		}
 
+		if app.FromRepository != "" {
+			return sdk.WithStack(sdk.ErrForbidden)
+		}
+
 		var appPost sdk.Application
 		if err := service.UnmarshalBody(r, &appPost); err != nil {
 			return err
@@ -466,6 +470,9 @@ func (api *API) postApplicationMetadataHandler() service.Handler {
 		if err != nil {
 			return sdk.WrapError(err, "postApplicationMetadataHandler")
 		}
+		if app.FromRepository != "" {
+			return sdk.WithStack(sdk.ErrForbidden)
+		}
 		oldApp := *app
 
 		m := vars["metadata"]
 
@@ -13,9 +13,15 @@ import (
 	"github.com/ovh/cds/sdk/log"
 )
 
+// ImportOptions are options to import application
+type ImportOptions struct {
+	Force          bool
+	FromRepository string
+}
+
 // ParseAndImport parse an exportentities.Application and insert or update the application in database
-func ParseAndImport(db gorp.SqlExecutor, cache cache.Store, proj *sdk.Project, eapp *exportentities.Application, force bool, decryptFunc keys.DecryptFunc, u *sdk.User) (*sdk.Application, []sdk.Message, error) {
-	log.Info("ParseAndImport>> Import application %s in project %s (force=%v)", eapp.Name, proj.Key, force)
+func ParseAndImport(db gorp.SqlExecutor, cache cache.Store, proj *sdk.Project, eapp *exportentities.Application, opts ImportOptions, decryptFunc keys.DecryptFunc, u *sdk.User) (*sdk.Application, []sdk.Message, error) {
+	log.Info("ParseAndImport>> Import application %s in project %s (force=%v)", eapp.Name, proj.Key, opts.Force)
 
 	//Check valid application name
 	rx := sdk.NamePatternRegex
@@ -34,15 +40,20 @@ func ParseAndImport(db gorp.SqlExecutor, cache cache.Store, proj *sdk.Project, e
 	}
 
 	//If the application exist and we don't want to force, raise an error
-	if oldApp != nil && !force {
+	if oldApp != nil && !opts.Force {
 		return nil, nil, sdk.ErrApplicationExist
 	}
 
+	if oldApp != nil && oldApp.FromRepository != "" && opts.FromRepository != oldApp.FromRepository {
+		return nil, nil, sdk.WrapError(sdk.ErrForbidden, "unable to update as code application %s/%s.", oldApp.FromRepository, opts.FromRepository)
+	}
+
 	//Craft the application
 	app := new(sdk.Application)
 	app.Name = eapp.Name
 	app.VCSServer = eapp.VCSServer
 	app.RepositoryFullname = eapp.RepositoryName
+	app.FromRepository = opts.FromRepository
 
 	//Compute variables
 	for p, v := range eapp.Variables {
 
@@ -24,7 +24,8 @@ application.last_modified,
 application.metadata,
 application.vcs_server,
 application.vcs_strategy,
-application.description
+application.description,
+application.from_repository
 `
 
 // LoadOptionFunc is a type for all options in LoadOptions
 
@@ -73,6 +73,9 @@ func (api *API) postApplicationDeploymentStrategyConfigHandler() service.Handler
 		if err != nil {
 			return sdk.WrapError(err, "unable to load application")
 		}
+		if app.FromRepository != "" {
+			return sdk.WithStack(sdk.ErrForbidden)
+		}
 
 		oldPfConfig, has := app.DeploymentStrategies[pfName]
 		if !has {
@@ -144,6 +147,9 @@ func (api *API) deleteApplicationDeploymentStrategyConfigHandler() service.Handl
 		if err != nil {
 			return sdk.WrapError(err, "unable to load application")
 		}
+		if app.FromRepository != "" {
+			return sdk.WithStack(sdk.ErrForbidden)
+		}
 
 		isUsed, err := workflow.IsDeploymentIntegrationUsed(tx, proj.ID, app.ID, pfName)
 		if err != nil {
 
@@ -64,7 +64,7 @@ func (api *API) postApplicationImportHandler() service.Handler {
 		}
 		defer tx.Rollback()
 
-		newApp, msgList, globalError := application.ParseAndImport(tx, api.Cache, proj, eapp, force, project.DecryptWithBuiltinKey, deprecatedGetUser(ctx))
+		newApp, msgList, globalError := application.ParseAndImport(tx, api.Cache, proj, eapp, application.ImportOptions{Force: force}, project.DecryptWithBuiltinKey, deprecatedGetUser(ctx))
 		msgListString := translate(r, msgList)
 		if globalError != nil {
 			globalError = sdk.WrapError(globalError, "Unable to import application %s", eapp.Name)
 
@@ -48,6 +48,9 @@ func (api *API) deleteKeyInApplicationHandler() service.Handler {
 		if errA != nil {
 			return sdk.WrapError(errA, "deleteKeyInApplicationHandler> Cannot load application")
 		}
+		if app.FromRepository != "" {
+			return sdk.WithStack(sdk.ErrForbidden)
+		}
 
 		tx, errT := api.mustDB().Begin()
 		if errT != nil {
@@ -101,6 +104,10 @@ func (api *API) addKeyInApplicationHandler() service.Handler {
 		}
 		newKey.ApplicationID = app.ID
 
+		if app.FromRepository != "" {
+			return sdk.WithStack(sdk.ErrForbidden)
+		}
+
 		if !strings.HasPrefix(newKey.Name, "app-") {
 			newKey.Name = "app-" + newKey.Name
 		}
 
@@ -101,6 +101,9 @@ func (api *API) deleteVariableFromApplicationHandler() service.Handler {
 		if err != nil {
 			return sdk.WrapError(err, "Cannot load application: %s", appName)
 		}
+		if app.FromRepository != "" {
+			return sdk.WithStack(sdk.ErrForbidden)
+		}
 
 		tx, err := api.mustDB().Begin()
 		if err != nil {
@@ -153,6 +156,9 @@ func (api *API) updateVariableInApplicationHandler() service.Handler {
 		if err != nil {
 			return sdk.WrapError(err, "Cannot load application: %s", appName)
 		}
+		if app.FromRepository != "" {
+			return sdk.WithStack(sdk.ErrForbidden)
+		}
 
 		variableBefore, err := application.LoadVariableByID(api.mustDB(), app.ID, newVar.ID, application.WithClearPassword())
 		if err != nil {
@@ -204,6 +210,9 @@ func (api *API) addVariableInApplicationHandler() service.Handler {
 		if err != nil {
 			return sdk.WrapError(err, "Cannot load application %s ", appName)
 		}
+		if app.FromRepository != "" {
+			return sdk.WithStack(sdk.ErrForbidden)
+		}
 
 		tx, err := api.mustDB().Begin()
 		if err != nil {
 
@@ -209,6 +209,10 @@ func (api *API) updateEnvironmentHandler() service.Handler {
 			return sdk.WrapError(errEnv, "updateEnvironmentHandler> Cannot load environment %s", environmentName)
 		}
 
+		if env.FromRepository != "" {
+			return sdk.WithStack(sdk.ErrForbidden)
+		}
+
 		p, errProj := project.Load(api.mustDB(), api.Cache, projectKey, deprecatedGetUser(ctx))
 		if errProj != nil {
 			return sdk.WrapError(errProj, "updateEnvironmentHandler> Cannot load project %s", projectKey)
 
@@ -19,7 +19,7 @@ import (
 func LoadEnvironments(db gorp.SqlExecutor, projectKey string, loadDeps bool, u *sdk.User) ([]sdk.Environment, error) {
 	var envs []sdk.Environment
 
-	query := `SELECT environment.id, environment.name, environment.last_modified, 7 as "perm"
+	query := `SELECT environment.id, environment.name, environment.last_modified, 7 as "perm", environment.from_repository
 		  FROM environment
 		  JOIN project ON project.id = environment.project_id
 		  WHERE project.projectKey = $1
@@ -29,20 +29,19 @@ func LoadEnvironments(db gorp.SqlExecutor, projectKey string, loadDeps bool, u *
 		if err == sql.ErrNoRows {
 			return envs, sdk.ErrNoEnvironment
 		}
-		return envs, err
+		return envs, sdk.WithStack(err)
 	}
 	defer rows.Close()
 
 	for rows.Next() {
 		var env sdk.Environment
 		var lastModified time.Time
-		err = rows.Scan(&env.ID, &env.Name, &lastModified, &env.Permission)
+		if err := rows.Scan(&env.ID, &env.Name, &lastModified, &env.Permission, &env.FromRepository); err != nil {
+			return envs, sdk.WithStack(err)
+		}
 		env.LastModified = lastModified.Unix()
 		env.ProjectKey = projectKey
 		env.Permission = permission.ProjectPermission(projectKey, u)
-		if err != nil {
-			return envs, err
-		}
 		envs = append(envs, env)
 	}
 	rows.Close()
@@ -94,10 +93,10 @@ func LoadEnvironmentByID(db gorp.SqlExecutor, ID int64) (*sdk.Environment, error
 		return &sdk.DefaultEnv, nil
 	}
 	var env sdk.Environment
-	query := `SELECT environment.id, environment.name, environment.project_id
+	query := `SELECT environment.id, environment.name, environment.project_id, environment.from_repository
 		  	FROM environment
 		 	WHERE id = $1`
-	if err := db.QueryRow(query, ID).Scan(&env.ID, &env.Name, &env.ProjectID); err != nil {
+	if err := db.QueryRow(query, ID).Scan(&env.ID, &env.Name, &env.ProjectID, &env.FromRepository); err != nil {
 		if err == sql.ErrNoRows {
 			return nil, sdk.ErrNoEnvironment
 		}
@@ -113,11 +112,11 @@ func LoadEnvironmentByName(db gorp.SqlExecutor, projectKey, envName string) (*sd
 	}
 
 	var env sdk.Environment
-	query := `SELECT environment.id, environment.name,  environment.project_id
+	query := `SELECT environment.id, environment.name,  environment.project_id, environment.from_repository
 		  FROM environment
 		  JOIN project ON project.id = environment.project_id
 		  WHERE project.projectKey = $1 AND environment.name = $2`
-	if err := db.QueryRow(query, projectKey, envName).Scan(&env.ID, &env.Name, &env.ProjectID); err != nil {
+	if err := db.QueryRow(query, projectKey, envName).Scan(&env.ID, &env.Name, &env.ProjectID, &env.FromRepository); err != nil {
 		if err == sql.ErrNoRows {
 			return nil, sdk.ErrNoEnvironment
 		}
@@ -196,15 +195,15 @@ func loadDependencies(db gorp.SqlExecutor, env *sdk.Environment) error {
 
 // InsertEnvironment Insert new environment
 func InsertEnvironment(db gorp.SqlExecutor, env *sdk.Environment) error {
-	query := `INSERT INTO environment (name, project_id) VALUES($1, $2) RETURNING id, last_modified`
+	query := `INSERT INTO environment (name, project_id, from_repository) VALUES($1, $2, $3) RETURNING id, last_modified`
 
 	rx := sdk.NamePatternRegex
 	if !rx.MatchString(env.Name) {
 		return sdk.NewError(sdk.ErrInvalidName, fmt.Errorf("Invalid environment name. It should match %s", sdk.NamePattern))
 	}
 
 	var lastModified time.Time
-	err := db.QueryRow(query, env.Name, env.ProjectID).Scan(&env.ID, &lastModified)
+	err := db.QueryRow(query, env.Name, env.ProjectID, env.FromRepository).Scan(&env.ID, &lastModified)
 	if err != nil {
 		pqerr, ok := err.(*pq.Error)
 		if ok {
@@ -225,8 +224,8 @@ func UpdateEnvironment(db gorp.SqlExecutor, environment *sdk.Environment) error
 		return sdk.NewError(sdk.ErrInvalidName, fmt.Errorf("Invalid environment name. It should match %s", sdk.NamePattern))
 	}
 
-	query := `UPDATE environment SET name=$1 WHERE id=$2`
-	if _, err := db.Exec(query, environment.Name, environment.ID); err != nil {
+	query := `UPDATE environment SET name=$1, from_repository=$3 WHERE id=$2`
+	if _, err := db.Exec(query, environment.Name, environment.ID, environment.FromRepository); err != nil {
 		return err
 	}
 	return nil
 
@@ -108,6 +108,10 @@ func ImportInto(db gorp.SqlExecutor, proj *sdk.Project, env *sdk.Environment, in
 		}
 	}
 
+	if err := UpdateEnvironment(db, env); err != nil {
+		return sdk.WrapError(err, "unable to update environment")
+	}
+
 	log.Debug("ImportInto> Done")
 
 	return nil
Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,8 @@ application.last_modified,`
`24`	`24`	`application.metadata,`
`25`	`25`	`application.vcs_server,`
`26`	`26`	`application.vcs_strategy,`
`27`		`-application.description`
	`27`	`+application.description,`
	`28`	`+application.from_repository`
`28`	`29`	`
`29`	`30`
`30`	`31`	`// LoadOptionFunc is a type for all options in LoadOptions`
Original file line number	Diff line number	Diff line change
`@@ -64,7 +64,7 @@ func (api *API) postApplicationImportHandler() service.Handler {`
`64`	`64`	`}`
`65`	`65`	`defer tx.Rollback()`
`66`	`66`
`67`		`- newApp, msgList, globalError := application.ParseAndImport(tx, api.Cache, proj, eapp, force, project.DecryptWithBuiltinKey, deprecatedGetUser(ctx))`
	`67`	`+ newApp, msgList, globalError := application.ParseAndImport(tx, api.Cache, proj, eapp, application.ImportOptions{Force: force}, project.DecryptWithBuiltinKey, deprecatedGetUser(ctx))`
`68`	`68`	`msgListString := translate(r, msgList)`
`69`	`69`	`if globalError != nil {`
`70`	`70`	`globalError = sdk.WrapError(globalError, "Unable to import application %s", eapp.Name)`
Original file line number	Diff line number	Diff line change
`@@ -48,6 +48,9 @@ func (api *API) deleteKeyInApplicationHandler() service.Handler {`
`48`	`48`	`if errA != nil {`
`49`	`49`	`return sdk.WrapError(errA, "deleteKeyInApplicationHandler> Cannot load application")`
`50`	`50`	`}`
	`51`	`+ if app.FromRepository != "" {`
	`52`	`+ return sdk.WithStack(sdk.ErrForbidden)`
	`53`	`+ }`
`51`	`54`
`52`	`55`	`tx, errT := api.mustDB().Begin()`
`53`	`56`	`if errT != nil {`
`@@ -101,6 +104,10 @@ func (api *API) addKeyInApplicationHandler() service.Handler {`
`101`	`104`	`}`
`102`	`105`	`newKey.ApplicationID = app.ID`
`103`	`106`
	`107`	`+ if app.FromRepository != "" {`
	`108`	`+ return sdk.WithStack(sdk.ErrForbidden)`
	`109`	`+ }`
	`110`	`+`
`104`	`111`	`if !strings.HasPrefix(newKey.Name, "app-") {`
`105`	`112`	`newKey.Name = "app-" + newKey.Name`
`106`	`113`	`}`
Original file line number	Diff line number	Diff line change
`@@ -108,6 +108,10 @@ func ImportInto(db gorp.SqlExecutor, proj sdk.Project, env sdk.Environment, in`
`108`	`108`	`}`
`109`	`109`	`}`
`110`	`110`
	`111`	`+ if err := UpdateEnvironment(db, env); err != nil {`
	`112`	`+ return sdk.WrapError(err, "unable to update environment")`
	`113`	`+ }`
	`114`	`+`
`111`	`115`	`log.Debug("ImportInto> Done")`
`112`	`116`
`113`	`117`	`return nil`