cmd/checker: for GCP, check scopes

GCP service accounts can be granted different permissions ("scopes").
Without the correct scope, requests be denied with status 403.

With this change, gerrit-linter will provide a better error message
if scopes are misconfigured.

Change-Id: I74390f4f89b7bf3bc6cec54a6527179a764add7f
1 file changed
tree: f75e01bab254ae4cc96fc5cfd7e3f52346d9873c
  1. cmd/
  2. gerrit/
  3. .gitignore
  4. api.go
  5. build-deploy.sh
  6. CONTRIBUTING
  7. deploy.sh
  8. Dockerfile
  9. go.mod
  10. go.sum
  11. LICENSE
  12. README.md
  13. server.go
  14. vm-deploy.sh
README.md

GERRITFMT

This is a style verifier intended to be used with the Gerrit checks plugin.

HOW TO USE

  1. Install formatters:
go install github.com/bazelbuild/buildtools/buildifier
curl -o google-java-format.jar https://github.com/google/google-java-format/releases/download/google-java-format-1.7/google-java-format-1.7-all-deps.jar
  1. Obtain an HTTP password, and put it in testsite-auth. The format is username:secret.

  2. Register a checker

go run ./cmd/checker -auth_file=testsite-auth  --gerrit http://localhost:8080 \
  --language go --repo gerrit --register
  1. Make sure the checker is there
go run ./cmd/checker -auth_file=testsite-auth  --gerrit http://localhost:8080 \
  --list
  1. Start the server
go run ./cmd/checker -auth_file=testsite-auth  --gerrit http://localhost:8080

DESIGN

For simplicity of deployment, the gerrit-linter checker is stateless. All the necessary data is encoded in the checker UUID.

TODO

  • handle file types (symlink) and deletions

  • more formatters: clang-format, typescript, jsformat, ... ?

  • isolate each formatter to run with a separate gvisor/docker container.

  • tests: the only way to test this reliably is to spin up a gerrit server, and create changes against the server.

  • Update the list of checkers periodically.

SECURITY

This currently runs the formatters without sandboxing. Critical bugs (heap overflow, buffer overflow) in formatters can be escalated to obtain the OAuth2 token used for authentication.

The currently supported formatters are written in Java and Go, so this should not be an issue.

DOCKER ON GCP

The following example shows how to build a Docker image hosted on GCP, in the project api-project-164060093628.

VERSION=$(date --iso-8601=minutes | tr -d ':' | tr '[A-Z]' '[a-z]'| sed \
    's|\+.*$||')-$(git rev-parse --short HEAD)
NAME=gcr.io/api-project-164060093628/gerrit-linter:${VERSION}
docker build -t ${NAME} -f Dockerfile .
docker push ${NAME}

To deploy onto a GCP VM, configure the VM to have scope https://www.googleapis.com/auth/gerritcodereview:

cloud beta compute instances set-scopes VM-NAME --scopes=https://www.googleapis.com/auth/gerritcodereview

DISCLAIMER

This is not an official Google product