175 lines
5.5 KiB
PowerShell
175 lines
5.5 KiB
PowerShell
param()
|
|
|
|
Set-StrictMode -Version Latest
|
|
$ErrorActionPreference = "Stop"
|
|
|
|
$repoRoot = (Resolve-Path (Join-Path $PSScriptRoot "..")).ProviderPath
|
|
$forbidden = @(
|
|
('RAP_' + 'BACKEND_URL'),
|
|
('RAP_' + 'CONTROL_PLANE_ENDPOINTS_JSON'),
|
|
('RAP_' + 'MESH_LISTEN_ADDR'),
|
|
('RAP_' + 'MESH_LISTEN_PORT_MODE'),
|
|
('RAP_' + 'MESH_LISTEN_AUTO_PORT_START'),
|
|
('RAP_' + 'MESH_LISTEN_AUTO_PORT_END'),
|
|
('RAP_' + 'MESH_SYNTHETIC_RUNTIME_ENABLED'),
|
|
('--' + 'backend-url'),
|
|
('--' + 'control-plane-endpoints-json'),
|
|
('mesh' + '-listener'),
|
|
('mesh_' + 'synthetic_runtime_enabled'),
|
|
('mesh' + '-synthetic-runtime-enabled')
|
|
)
|
|
|
|
$rgArgs = @(
|
|
'-n',
|
|
'--glob', '!**/deploy/html/assets/**',
|
|
'--glob', '!**/dist/**',
|
|
'--glob', '!**/node_modules/**',
|
|
($forbidden -join '|'),
|
|
$repoRoot
|
|
)
|
|
|
|
$matches = & rg @rgArgs
|
|
if ($LASTEXITCODE -eq 1) {
|
|
$matches = @()
|
|
} elseif ($LASTEXITCODE -ne 0) {
|
|
throw "rg failed with exit code $LASTEXITCODE"
|
|
}
|
|
|
|
$farmActiveForbidden = @(
|
|
('net' + '/http'),
|
|
('http' + '://'),
|
|
('https' + '://'),
|
|
('ws' + '://'),
|
|
('wss' + '://'),
|
|
('http' + '.Client')
|
|
)
|
|
$farmStandardForbidden = @(
|
|
('compat_' + 'fallback'),
|
|
('compat' + ' fallback'),
|
|
('compat_' + 'relay'),
|
|
('last_' + 'compat_relay_policy'),
|
|
('force_' + 'compat_fallback'),
|
|
('entry_node_' + 'compat_fallback'),
|
|
('fabric_route_send_failed_' + 'compat_fallback_blocked'),
|
|
('compat_' + 'cleanup'),
|
|
('compat_' + 'control'),
|
|
('compat_' + 'updater'),
|
|
('compat_' + 'recovery'),
|
|
('compat_' + 'contract'),
|
|
('remove_' + 'compat'),
|
|
('fallback_' + 'poll_seconds'),
|
|
('direct_' + 'fallback'),
|
|
('trigger_direct_' + 'fallback'),
|
|
('launchDirectUpdater' + 'Fallback'),
|
|
('runLocalDirectUpdate' + 'Fallback')
|
|
)
|
|
$farmRouteForbidden = @(
|
|
('/node-agents/\{nodeID\}/' + 'health'),
|
|
('/node-agents/\{nodeID\}/' + 'services/status'),
|
|
('/node-agents/\{nodeID\}/' + 'update-manifest/request'),
|
|
('/node-agents/\{nodeID\}/' + 'update-result'),
|
|
('/node-agents/\{nodeID\}/' + 'rollback-result'),
|
|
('/node-agents/enrollments/\{requestID\}/' + 'bootstrap'),
|
|
('docker-' + 'bootstrap-bundle'),
|
|
('windows-' + 'bootstrap-bundle'),
|
|
('linux-' + 'bootstrap-bundle')
|
|
)
|
|
$farmIngressClassForbidden = @(
|
|
'platform_admin',
|
|
'cluster_admin',
|
|
'organization_portal',
|
|
'user_portal',
|
|
'global-admin-runtime',
|
|
'cluster-admin-runtime',
|
|
'organization-portal-runtime',
|
|
'user-portal-runtime',
|
|
'identity-runtime',
|
|
'policy-authority',
|
|
'audit-sink'
|
|
)
|
|
$farmActivePaths = @(
|
|
(Join-Path $repoRoot "agents/rap-node-agent/internal/client"),
|
|
(Join-Path $repoRoot "agents/rap-node-agent/internal/hostagent"),
|
|
(Join-Path $repoRoot "agents/rap-node-agent/internal/mesh"),
|
|
(Join-Path $repoRoot "agents/rap-node-agent/internal/vpnruntime"),
|
|
(Join-Path $repoRoot "agents/rap-node-agent/cmd/rap-node-agent"),
|
|
(Join-Path $repoRoot "agents/rap-node-agent/cmd/rap-host-agent")
|
|
)
|
|
$farmRgArgs = @(
|
|
'-n',
|
|
'--glob', '*.go',
|
|
'--glob', '!*_test.go',
|
|
($farmActiveForbidden -join '|')
|
|
) + $farmActivePaths
|
|
|
|
$farmMatches = & rg @farmRgArgs
|
|
if ($LASTEXITCODE -eq 1) {
|
|
$farmMatches = @()
|
|
} elseif ($LASTEXITCODE -ne 0) {
|
|
throw "active farm rg failed with exit code $LASTEXITCODE"
|
|
}
|
|
|
|
$farmStandardPaths = @(
|
|
(Join-Path $repoRoot "agents/rap-node-agent/internal/client"),
|
|
(Join-Path $repoRoot "agents/rap-node-agent/internal/hostagent"),
|
|
(Join-Path $repoRoot "agents/rap-node-agent/internal/mesh"),
|
|
(Join-Path $repoRoot "agents/rap-node-agent/internal/vpnruntime"),
|
|
(Join-Path $repoRoot "agents/rap-node-agent/cmd/rap-node-agent"),
|
|
(Join-Path $repoRoot "agents/rap-node-agent/cmd/rap-host-agent"),
|
|
(Join-Path $repoRoot "backend/internal/modules/cluster"),
|
|
(Join-Path $repoRoot "web-admin/src")
|
|
)
|
|
$farmStandardRgArgs = @(
|
|
'-n',
|
|
'--glob', '!**/*_test.go',
|
|
($farmStandardForbidden -join '|')
|
|
) + $farmStandardPaths
|
|
|
|
$farmStandardMatches = & rg @farmStandardRgArgs
|
|
if ($LASTEXITCODE -eq 1) {
|
|
$farmStandardMatches = @()
|
|
} elseif ($LASTEXITCODE -ne 0) {
|
|
throw "farm standard rg failed with exit code $LASTEXITCODE"
|
|
}
|
|
|
|
$farmRouteRgArgs = @(
|
|
'-n',
|
|
'--glob', '!**/deploy/html/assets/**',
|
|
'--glob', '!**/dist/**',
|
|
'--glob', '!**/node_modules/**',
|
|
($farmRouteForbidden -join '|'),
|
|
$repoRoot
|
|
)
|
|
$farmRouteMatches = & rg @farmRouteRgArgs
|
|
if ($LASTEXITCODE -eq 1) {
|
|
$farmRouteMatches = @()
|
|
} elseif ($LASTEXITCODE -ne 0) {
|
|
throw "farm route rg failed with exit code $LASTEXITCODE"
|
|
}
|
|
|
|
$farmIngressClassPaths = @(
|
|
(Join-Path $repoRoot "agents/rap-node-agent/internal/webingress"),
|
|
(Join-Path $repoRoot "agents/rap-node-agent/internal/supervisor"),
|
|
(Join-Path $repoRoot "agents/rap-node-agent/cmd/rap-node-agent")
|
|
)
|
|
$farmIngressClassRgArgs = @(
|
|
'-n',
|
|
'--glob', '!**/*_test.go',
|
|
($farmIngressClassForbidden -join '|')
|
|
) + $farmIngressClassPaths
|
|
$farmIngressClassMatches = & rg @farmIngressClassRgArgs
|
|
if ($LASTEXITCODE -eq 1) {
|
|
$farmIngressClassMatches = @()
|
|
} elseif ($LASTEXITCODE -ne 0) {
|
|
throw "farm ingress class rg failed with exit code $LASTEXITCODE"
|
|
}
|
|
|
|
if (@($matches).Count -eq 0 -and @($farmMatches).Count -eq 0 -and @($farmStandardMatches).Count -eq 0 -and @($farmRouteMatches).Count -eq 0 -and @($farmIngressClassMatches).Count -eq 0) {
|
|
Write-Host "Fabric standard boundary check passed."
|
|
exit 0
|
|
}
|
|
|
|
$allMatches = @($matches) + @($farmMatches) + @($farmStandardMatches) + @($farmRouteMatches) + @($farmIngressClassMatches)
|
|
Write-Error "Fabric standard boundary violated:`n$allMatches"
|
|
exit 1
|