habitat-sh · dikshagupta1 · Sep 29, 2022 · Sep 29, 2022
@@ -7,6 +7,7 @@ build_targets = ["x86_64-linux", "x86_64-linux-kernel2", "x86_64-windows"]
 build_on_upload = true
 saas_bldr_url = "https://bldr.habitat.sh"
 suppress_autobuild_origins = []
+allowed_native_package_origins = []
 
 [http]
 listen = "0.0.0.0"

@@ -97,18 +97,19 @@ impl Default for S3Cfg {
 #[derive(Debug, Clone, Deserialize)]
 #[serde(default)]
 pub struct ApiCfg {
-    pub data_path:                  PathBuf,
-    pub log_path:                   PathBuf,
+    pub data_path: PathBuf,
+    pub log_path: PathBuf,
     /// Location of Builder encryption keys
-    pub key_path:                   KeyCache,
-    pub targets:                    Vec<PackageTarget>,
-    pub build_targets:              Vec<PackageTarget>,
+    pub key_path: KeyCache,
+    pub targets: Vec<PackageTarget>,
+    pub build_targets: Vec<PackageTarget>,
     #[serde(with = "deserialize_into_vec")]
-    pub features_enabled:           Vec<String>,
-    pub build_on_upload:            bool,
-    pub private_max_age:            usize,
-    pub saas_bldr_url:              String,
+    pub features_enabled: Vec<String>,
+    pub build_on_upload: bool,
+    pub private_max_age: usize,
+    pub saas_bldr_url: String,
     pub suppress_autobuild_origins: Vec<String>,
+    pub allowed_native_package_origins: Vec<String>,
 }
 
 mod deserialize_into_vec {
@@ -126,18 +127,19 @@ mod deserialize_into_vec {
 
 impl Default for ApiCfg {
     fn default() -> Self {
-        ApiCfg { data_path:                  PathBuf::from("/hab/svc/builder-api/data"),
-                 log_path:                   env::temp_dir(),
-                 key_path:                   KeyCache::new("/hab/svc/builder-api/files"),
-                 targets:                    vec![target::X86_64_LINUX,
-                                                  target::X86_64_LINUX_KERNEL2,
-                                                  target::X86_64_WINDOWS,],
-                 build_targets:              vec![target::X86_64_LINUX, target::X86_64_WINDOWS],
-                 features_enabled:           vec!["jobsrv".to_string()],
-                 build_on_upload:            true,
-                 private_max_age:            300,
-                 saas_bldr_url:              "https://bldr.habitat.sh".to_string(),
-                 suppress_autobuild_origins: vec![], }
+        ApiCfg { data_path: PathBuf::from("/hab/svc/builder-api/data"),
+                 log_path: env::temp_dir(),
+                 key_path: KeyCache::new("/hab/svc/builder-api/files"),
+                 targets: vec![target::X86_64_LINUX,
+                               target::X86_64_LINUX_KERNEL2,
+                               target::X86_64_WINDOWS,],
+                 build_targets: vec![target::X86_64_LINUX, target::X86_64_WINDOWS],
+                 features_enabled: vec!["jobsrv".to_string()],
+                 build_on_upload: true,
+                 private_max_age: 300,
+                 saas_bldr_url: "https://bldr.habitat.sh".to_string(),
+                 suppress_autobuild_origins: vec![],
+                 allowed_native_package_origins: vec![], }
     }
 }
 
@@ -341,6 +343,7 @@ mod tests {
         build_on_upload = false
         private_max_age = 400
         suppress_autobuild_origins = ["origin1", "origin2"]
+        allowed_native_package_origins = []
 
         [http]
         listen = "0:0:0:0:0:0:0:1"
@@ -430,6 +433,8 @@ mod tests {
         assert_eq!(&config.api.suppress_autobuild_origins,
                    &["origin1".to_string(), "origin2".to_string()]);
 
+        assert_eq!(config.api.allowed_native_package_origins.len(), 0);
+
         assert_eq!(&format!("{}", config.jobsrv), "http://1.2.3.4:1234");
 
         assert_eq!(config.http.port, 9636);

@@ -68,7 +68,8 @@ features! {
         const Jobsrv = 0b0000_0010,
         const LegacyProject = 0b0000_0011,
         const Artifactory = 0b0000_0100,
-        const BuildDeps = 0b0000_1000
+        const BuildDeps = 0b0000_1000,
+        const NativePackages = 0b0001_0000
     }
 }
 
@@ -105,7 +106,9 @@ fn enable_features(config: &Config) {
                                                           ("JOBSRV", feat::Jobsrv),
                                                           ("LEGACYPROJECT", feat::LegacyProject),
                                                           ("ARTIFACTORY", feat::Artifactory),
-                                                          ("BUILDDEPS", feat::BuildDeps)]);
+                                                          ("BUILDDEPS", feat::BuildDeps),
+                                                          ("NATIVEPACKAGES",
+                                                           feat::NativePackages)]);
     for key in &config.api.features_enabled {
         if features.contains_key(key.as_str()) {
             info!("Enabling feature: {}", key);

@@ -14,7 +14,8 @@
 
 use std::str::FromStr;
 
-use actix_web::{http::{self,
+use actix_web::{body::BoxBody,
+                http::{self,
                        StatusCode},
                 web::{self,
                       Data,
@@ -23,6 +24,7 @@ use actix_web::{http::{self,
                       ServiceConfig},
                 HttpRequest,
                 HttpResponse};
+use bytes::Bytes;
 use diesel::{pg::PgConnection,
              result::{DatabaseErrorKind,
                       Error::{DatabaseError,
@@ -405,7 +407,9 @@ async fn promote_package(req: HttpRequest,
                 Ok(t) => t,
                 Err(err) => {
                     debug!("Invalid target requested: {}, err = {:?}", t, err);
-                    return HttpResponse::new(StatusCode::UNPROCESSABLE_ENTITY);
+                    let body = Bytes::from(format!("Invalid package target '{}'", t).into_bytes());
+                    return HttpResponse::with_body(StatusCode::UNPROCESSABLE_ENTITY,
+                                                   BoxBody::new(body));
                 }
             }
         }
@@ -486,7 +490,9 @@ async fn demote_package(req: HttpRequest,
                 Ok(t) => t,
                 Err(err) => {
                     debug!("Invalid target requested: {}, err = {:?}", t, err);
-                    return HttpResponse::new(StatusCode::UNPROCESSABLE_ENTITY);
+                    let body = Bytes::from(format!("Invalid package target '{}'", t).into_bytes());
+                    return HttpResponse::with_body(StatusCode::UNPROCESSABLE_ENTITY,
+                                                   BoxBody::new(body));
                 }
             }
         }

@@ -519,7 +519,9 @@ async fn upload_origin_key(req: HttpRequest,
             Ok(key) => key,
             Err(e) => {
                 debug!("Invalid public key content: {}", e);
-                return HttpResponse::new(StatusCode::UNPROCESSABLE_ENTITY);
+                let body = Bytes::from_static(b"Invalid origin public key");
+                return HttpResponse::with_body(StatusCode::UNPROCESSABLE_ENTITY,
+                                               BoxBody::new(body));
             }
         };
 
@@ -743,13 +745,16 @@ async fn upload_origin_secret_key(req: HttpRequest,
                 Ok(key) => key,
                 Err(e) => {
                     debug!("Invalid secret key content: {}", e);
-                    return HttpResponse::new(StatusCode::UNPROCESSABLE_ENTITY);
+                    let body = Bytes::from_static(b"Invalid origin secret key");
+                    return HttpResponse::with_body(StatusCode::UNPROCESSABLE_ENTITY,
+                                                   BoxBody::new(body));
                 }
             }
         }
         Err(e) => {
             debug!("Can't parse secret key upload content: {}", e);
-            return HttpResponse::new(StatusCode::UNPROCESSABLE_ENTITY);
+            let body = Bytes::from_static(b"Cannot parse origin secret key");
+            return HttpResponse::with_body(StatusCode::UNPROCESSABLE_ENTITY, BoxBody::new(body));
         }
     };
 
@@ -938,7 +943,10 @@ async fn accept_invitation(req: HttpRequest,
 
     let invitation_id = match invitation.parse::<u64>() {
         Ok(invitation_id) => invitation_id,
-        Err(_) => return HttpResponse::new(StatusCode::UNPROCESSABLE_ENTITY),
+        Err(_) => {
+            let body = Bytes::from(format!("Invalid invitation id '{}'", invitation).into_bytes());
+            return HttpResponse::with_body(StatusCode::UNPROCESSABLE_ENTITY, BoxBody::new(body));
+        }
     };
 
     debug!("Accepting invitation for user {} origin {}",
@@ -974,7 +982,8 @@ async fn ignore_invitation(req: HttpRequest,
         Ok(invitation_id) => invitation_id,
         Err(err) => {
             debug!("{}", err);
-            return HttpResponse::new(StatusCode::UNPROCESSABLE_ENTITY);
+            let body = Bytes::from(format!("Invalid invitation id '{}'", invitation).into_bytes());
+            return HttpResponse::with_body(StatusCode::UNPROCESSABLE_ENTITY, BoxBody::new(body));
         }
     };
 
@@ -1011,7 +1020,8 @@ async fn rescind_invitation(req: HttpRequest,
         Ok(invitation_id) => invitation_id,
         Err(err) => {
             debug!("{}", err);
-            return HttpResponse::new(StatusCode::UNPROCESSABLE_ENTITY);
+            let body = Bytes::from(format!("Invalid invitation id '{}'", invitation).into_bytes());
+            return HttpResponse::with_body(StatusCode::UNPROCESSABLE_ENTITY, BoxBody::new(body));
         }
     };
 
@@ -1121,7 +1131,9 @@ async fn update_origin_member_role(req: HttpRequest,
         }
         Err(err) => {
             debug!("{}", err);
-            return HttpResponse::new(StatusCode::UNPROCESSABLE_ENTITY);
+            let body =
+                Bytes::from(format!("Invalid member role '{}'", &req_role.role).into_bytes());
+            return HttpResponse::with_body(StatusCode::UNPROCESSABLE_ENTITY, BoxBody::new(body));
         }
     };
 
@@ -1193,7 +1205,8 @@ async fn transfer_origin_ownership(req: HttpRequest,
 
     // Do not allow the owner to transfer ownership to themselves
     if user == session.get_name() {
-        return HttpResponse::new(StatusCode::UNPROCESSABLE_ENTITY);
+        let body = Bytes::from_static(b"Cannot transfer origin ownership to self");
+        return HttpResponse::with_body(StatusCode::UNPROCESSABLE_ENTITY, BoxBody::new(body));
     }
 
     debug!(" Transferring origin {} to new owner {}", &origin, &user);
@@ -1248,12 +1261,15 @@ async fn depart_from_origin(req: HttpRequest,
 
     // Do not allow an origin owner to depart which would orphan the origin
     if check_origin_owner(&req, session.get_id(), &origin).unwrap_or(false) {
-        return HttpResponse::new(StatusCode::FORBIDDEN);
+        let body = Bytes::from_static(b"Departing the owner from the origin is not allowed");
+        return HttpResponse::with_body(StatusCode::FORBIDDEN, BoxBody::new(body));
     }
 
     // Pass a meaningful error in the case that the user isn't a member of origin
     if !check_origin_member(&req, &origin, session.get_id()).unwrap_or(false) {
-        return HttpResponse::new(StatusCode::UNPROCESSABLE_ENTITY);
+        let body =
+            Bytes::from(format!("Do not have access to the origin '{}'", origin).into_bytes());
+        return HttpResponse::with_body(StatusCode::UNPROCESSABLE_ENTITY, BoxBody::new(body));
     }
 
     let conn = match state.db.get_conn().map_err(Error::DbError) {
@@ -1326,7 +1342,8 @@ async fn origin_member_delete(req: HttpRequest,
 
     // Do not allow the owner to be removed which would orphan the origin
     if user == session.get_name() {
-        return HttpResponse::new(StatusCode::UNPROCESSABLE_ENTITY);
+        let body = Bytes::from_static(b"Removing the owner is not allowd");
+        return HttpResponse::with_body(StatusCode::UNPROCESSABLE_ENTITY, BoxBody::new(body));
     }
 
     debug!("Deleting origin member {} from origin {}", &user, &origin);