Validate PullRequest resource secrets fields

A PullRequest type pipeline resource is now validated: an unrecognised
'fieldName' in secrets will trigger an error. Part of work on #1818

As stated in #1818, this will help improve the debuggability of the
PullRequst pipeline resource, as the validatiob will cause a failure in
response to invalid input as early as possible.

Signed-off-by: Arash Deshmeh <[email protected]>

Author: adshmh

pkg/apis/resource/v1alpha1/pipelineresource_validation.go

@@ -18,6 +18,7 @@ package v1alpha1
 
 import (
 	"context"
+	"fmt"
 	"net/url"
 	"strconv"
 	"strings"
@@ -111,6 +112,12 @@ func (rs *PipelineResourceSpec) Validate(ctx context.Context) *apis.FieldError {
 		}
 	}
 
+	if rs.Type == PipelineResourceTypePullRequest {
+		if err := validatePullRequest(rs); err != nil {
+			return err
+		}
+	}
+
 	for _, allowedType := range AllResourceTypes {
 		if allowedType == rs.Type {
 			return nil
@@ -140,3 +147,12 @@ func validateURL(u, path string) *apis.FieldError {
 	}
 	return nil
 }
+
+func validatePullRequest(s *PipelineResourceSpec) *apis.FieldError {
+	for _, param := range s.SecretParams {
+		if param.FieldName != "authToken" {
+			return apis.ErrInvalidValue(fmt.Sprintf("invalid field name %q in secret parameter. Expected %q", param.FieldName, "authToken"), "spec.secrets.fieldName")
+		}
+	}
+	return nil
+}

pkg/apis/resource/v1alpha1/pipelineresource_validation_test.go

@@ -143,6 +143,17 @@ func TestResourceValidation_Invalid(t *testing.T) {
 			name: "missing spec",
 			res:  &v1alpha1.PipelineResource{},
 			want: apis.ErrMissingField("spec.type"),
+		}, {
+			name: "pull request with invalid field name in secrets",
+			res: &v1alpha1.PipelineResource{
+				Spec: v1alpha1.PipelineResourceSpec{
+					Type: v1alpha1.PipelineResourceTypePullRequest,
+					SecretParams: []v1alpha1.SecretParam{{
+						FieldName: "INVALID_FIELD_NAME",
+					}},
+				},
+			},
+			want: apis.ErrInvalidValue("invalid field name \"INVALID_FIELD_NAME\" in secret parameter. Expected \"authToken\"", "spec.secrets.fieldName"),
 		},
 	}
 	for _, tt := range tests {
@@ -202,6 +213,14 @@ func TestClusterResourceValidation_Valid(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "specify pullrequest with no secrets",
+			res: &v1alpha1.PipelineResource{
+				Spec: v1alpha1.PipelineResourceSpec{
+					Type: v1alpha1.PipelineResourceTypePullRequest,
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {