From 2db8b34ab60c464658c59605844ddcdcf3dc526f Mon Sep 17 00:00:00 2001
From: Avielle Wolfe <awolfe@gitlab.com>
Date: Mon, 25 Sep 2023 18:24:55 +0200
Subject: [PATCH 1/5] Add regex validation to string CI inputs

This commit adds the ability to validate that a string CI input matches
a RegEx pattern. The validation fails if given any other type of input.

Changelog: added
---
 .../config/interpolation/inputs/base_input.rb | 10 +++++++-
 .../interpolation/inputs/string_input.rb      | 13 ++++++++++
 .../ci/config/interpolation/inputs_spec.rb    | 25 +++++++++++++++++++
 3 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/lib/gitlab/ci/config/interpolation/inputs/base_input.rb b/lib/gitlab/ci/config/interpolation/inputs/base_input.rb
index 5648c4d31eaab3..ba5197766359f2 100644
--- a/lib/gitlab/ci/config/interpolation/inputs/base_input.rb
+++ b/lib/gitlab/ci/config/interpolation/inputs/base_input.rb
@@ -62,7 +62,15 @@ def validate!
               end
 
               # validate provided value
-              error("provided value is not a #{self.class.type_name}") unless valid_value?(actual_value)
+              return error("provided value is not a #{self.class.type_name}") unless valid_value?(actual_value)
+
+              validate_regex!
+            end
+
+            def validate_regex!
+              return unless spec.key?(:regex)
+
+              error('RegEx validation can only be used with string inputs')
             end
 
             def error(message)
diff --git a/lib/gitlab/ci/config/interpolation/inputs/string_input.rb b/lib/gitlab/ci/config/interpolation/inputs/string_input.rb
index 39870582d0c0d3..9b695d168da46b 100644
--- a/lib/gitlab/ci/config/interpolation/inputs/string_input.rb
+++ b/lib/gitlab/ci/config/interpolation/inputs/string_input.rb
@@ -25,6 +25,19 @@ def self.type_name
             def valid_value?(value)
               value.nil? || value.is_a?(String)
             end
+
+            private
+
+            def validate_regex!
+              return unless spec.key?(:regex)
+              return if actual_value.match?(spec[:regex])
+
+              if value.nil?
+                error('default value does not match required RegEx pattern')
+              else
+                error('provided value does not match required RegEx pattern')
+              end
+            end
           end
         end
       end
diff --git a/spec/lib/gitlab/ci/config/interpolation/inputs_spec.rb b/spec/lib/gitlab/ci/config/interpolation/inputs_spec.rb
index ea06f181fa4a5d..c7ec0a34119230 100644
--- a/spec/lib/gitlab/ci/config/interpolation/inputs_spec.rb
+++ b/spec/lib/gitlab/ci/config/interpolation/inputs_spec.rb
@@ -57,6 +57,16 @@
           { default_boolean_input: { default: true, type: 'boolean' } },
           {},
           { default_boolean_input: true }
+        ],
+        [
+          { test_input: { regex: '^input_value$' } },
+          { test_input: 'input_value' },
+          { test_input: 'input_value' }
+        ],
+        [
+          { test_input: { regex: '^input_value$', default: 'input_value' } },
+          {},
+          { test_input: 'input_value' }
         ]
       ]
     end
@@ -123,6 +133,21 @@
           { default_boolean_input: { default: 'string', type: 'boolean' } },
           {},
           ['`default_boolean_input` input: default value is not a boolean']
+        ],
+        [
+          { test_input: { regex: '^input_value$' } },
+          { test_input: 'input' },
+          ['`test_input` input: provided value does not match required RegEx pattern']
+        ],
+        [
+          { test_input: { regex: '^input_value$', default: 'default' } },
+          {},
+          ['`test_input` input: default value does not match required RegEx pattern']
+        ],
+        [
+          { test_input: { regex: '^input_value$', type: 'number' } },
+          { test_input: 999 },
+          ['`test_input` input: RegEx validation can only be used with string inputs']
         ]
       ]
     end
-- 
GitLab


From be09354a5128099948d9236328ef31cc13052314 Mon Sep 17 00:00:00 2001
From: Avielle Wolfe <awolfe@gitlab.com>
Date: Mon, 25 Sep 2023 19:13:19 +0200
Subject: [PATCH 2/5] Add regex key to Header::Input

---
 lib/gitlab/ci/config/header/input.rb           |  9 ++++++---
 spec/lib/gitlab/ci/config/header/input_spec.rb | 13 +++++++++++++
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/lib/gitlab/ci/config/header/input.rb b/lib/gitlab/ci/config/header/input.rb
index ed293cb6f4b6cc..7c88465dcf0eb4 100644
--- a/lib/gitlab/ci/config/header/input.rb
+++ b/lib/gitlab/ci/config/header/input.rb
@@ -11,14 +11,17 @@ class Input < ::Gitlab::Config::Entry::Node
           include ::Gitlab::Config::Entry::Validatable
           include ::Gitlab::Config::Entry::Attributable
 
-          attributes :default, :description, :type, prefix: :input
+          KEYS = %i[default description regex type].freeze
+
+          attributes KEYS, prefix: :input
 
           validations do
-            validates :config, type: Hash, allowed_keys: [:default, :type, :description]
+            validates :config, type: Hash, allowed_keys: KEYS
             validates :key, alphanumeric: true
             validates :input_default, alphanumeric: true, allow_nil: true
-            validates :input_type, allow_nil: true, allowed_values: Interpolation::Inputs.input_types
             validates :input_description, alphanumeric: true, allow_nil: true
+            validates :input_regex, type: String, allow_nil: true
+            validates :input_type, allow_nil: true, allowed_values: Interpolation::Inputs.input_types
           end
         end
       end
diff --git a/spec/lib/gitlab/ci/config/header/input_spec.rb b/spec/lib/gitlab/ci/config/header/input_spec.rb
index b4e02c2b005012..5d1fa4a8e6ef96 100644
--- a/spec/lib/gitlab/ci/config/header/input_spec.rb
+++ b/spec/lib/gitlab/ci/config/header/input_spec.rb
@@ -68,6 +68,12 @@
     end
   end
 
+  context 'when the input has RegEx validation' do
+    let(:input_hash) { { regex: '\w+' } }
+
+    it_behaves_like 'a valid input'
+  end
+
   context 'when given an invalid type' do
     let(:input_hash) { { type: 'datetime' } }
     let(:expected_errors) { ['foo input type unknown value: datetime'] }
@@ -90,4 +96,11 @@
 
     it_behaves_like 'an invalid input'
   end
+
+  context 'when RegEx validation value is not a string' do
+    let(:input_hash) { { regex: [] } }
+    let(:expected_errors) { ['foo input regex should be a string'] }
+
+    it_behaves_like 'an invalid input'
+  end
 end
-- 
GitLab


From e54d4c81e8627b5f9f05c608f0105f57f8119e14 Mon Sep 17 00:00:00 2001
From: Avielle Wolfe <awolfe@gitlab.com>
Date: Mon, 25 Sep 2023 19:28:56 +0200
Subject: [PATCH 3/5] Add regex to CI inputs JSON schema

---
 .../json_schemas/catalog_resource_component_inputs.json  | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/app/validators/json_schemas/catalog_resource_component_inputs.json b/app/validators/json_schemas/catalog_resource_component_inputs.json
index 014a52d4f1bbb5..17cc7a38ff8074 100644
--- a/app/validators/json_schemas/catalog_resource_component_inputs.json
+++ b/app/validators/json_schemas/catalog_resource_component_inputs.json
@@ -15,6 +15,15 @@
             "boolean"
           ]
         },
+        "options": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "regex": {
+          "type": "string"
+        },
         "^type$": {
           "type": "string"
         }
-- 
GitLab


From 6b7655537cb237182689d303862d5a02bd3f3d2c Mon Sep 17 00:00:00 2001
From: Avielle Wolfe <awolfe@gitlab.com>
Date: Tue, 26 Sep 2023 14:27:22 +0200
Subject: [PATCH 4/5] Remove `options` from JSON schema

It seems we haven't implemented `options` yet
---
 .../json_schemas/catalog_resource_component_inputs.json     | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/app/validators/json_schemas/catalog_resource_component_inputs.json b/app/validators/json_schemas/catalog_resource_component_inputs.json
index 17cc7a38ff8074..830bf68483882c 100644
--- a/app/validators/json_schemas/catalog_resource_component_inputs.json
+++ b/app/validators/json_schemas/catalog_resource_component_inputs.json
@@ -15,12 +15,6 @@
             "boolean"
           ]
         },
-        "options": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
         "regex": {
           "type": "string"
         },
-- 
GitLab


From 79b6b8540377a4ebc04e7872f49a10964e558208 Mon Sep 17 00:00:00 2001
From: Leaminn Ma <lma@gitlab.com>
Date: Thu, 28 Sep 2023 13:43:21 +0000
Subject: [PATCH 5/5] Match ALLOWED_KEYS naming pattern

---
 lib/gitlab/ci/config/header/input.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/gitlab/ci/config/header/input.rb b/lib/gitlab/ci/config/header/input.rb
index 7c88465dcf0eb4..dcb96006459737 100644
--- a/lib/gitlab/ci/config/header/input.rb
+++ b/lib/gitlab/ci/config/header/input.rb
@@ -11,12 +11,12 @@ class Input < ::Gitlab::Config::Entry::Node
           include ::Gitlab::Config::Entry::Validatable
           include ::Gitlab::Config::Entry::Attributable
 
-          KEYS = %i[default description regex type].freeze
+          ALLOWED_KEYS = %i[default description regex type].freeze
 
-          attributes KEYS, prefix: :input
+          attributes ALLOWED_KEYS, prefix: :input
 
           validations do
-            validates :config, type: Hash, allowed_keys: KEYS
+            validates :config, type: Hash, allowed_keys: ALLOWED_KEYS
             validates :key, alphanumeric: true
             validates :input_default, alphanumeric: true, allow_nil: true
             validates :input_description, alphanumeric: true, allow_nil: true
-- 
GitLab