Merge pull request #455 from NuGet/dev

[ReleasePrep][2018.05.30]RI of dev into master

Author: loic-sharma

src/NuGet.Services.Validation.Orchestrator/IValidationOutcomeProcessor.cs

@@ -19,7 +19,9 @@ public interface IValidationOutcomeProcessor
         /// </summary>
         /// <param name="validationSet">Current state of validation set</param>
         /// <param name="package">Package information from Gallery DB</param>
+        /// <param name="currentCallStats">Contains information about what happened during current message processing in
+        /// the validation set processor.</param>
         /// <returns>A task that completes when the outcome has been processed</returns>
-        Task ProcessValidationOutcomeAsync(PackageValidationSet validationSet, Package package);
+        Task ProcessValidationOutcomeAsync(PackageValidationSet validationSet, Package package, ValidationSetProcessorResult currentCallStats);
     }
 }

src/NuGet.Services.Validation.Orchestrator/IValidationSetProcessor.cs

@@ -17,7 +17,7 @@ public interface IValidationSetProcessor
         /// </summary>
         /// <param name="validationSet">Validation set to work with. Any validation updates would be reflected in that object upon return.</param>
         /// <param name="package">Gallery DB package information</param>
-        /// <returns>Task object representing async operation</returns>
-        Task ProcessValidationsAsync(PackageValidationSet validationSet, Package package);
+        /// <returns>Information about what happened during processing of the message.</returns>
+        Task<ValidationSetProcessorResult> ProcessValidationsAsync(PackageValidationSet validationSet, Package package);
     }
 }

src/NuGet.Services.Validation.Orchestrator/Job.cs

@@ -159,6 +159,7 @@ private void ConfigureJobServices(IServiceCollection services, IConfigurationRoo
             services.Configure<SmtpConfiguration>(configurationRoot.GetSection(SmtpConfigurationSectionName));
             services.Configure<EmailConfiguration>(configurationRoot.GetSection(EmailConfigurationSectionName));
             services.Configure<ScanAndSignConfiguration>(configurationRoot.GetSection(ScanAndSignSectionName));
+            services.Configure<ScanAndSignEnqueuerConfiguration>(configurationRoot.GetSection(ScanAndSignSectionName));
 
             services.AddTransient<ConfigurationValidator>();
             services.AddTransient<OrchestrationRunner>();

src/NuGet.Services.Validation.Orchestrator/NuGet.Services.Validation.Orchestrator.csproj

@@ -67,9 +67,7 @@
     <Compile Include="PackageSigning\ProcessSignature\PackageSignatureProcessor.cs" />
     <Compile Include="PackageSigning\ProcessSignature\ProcessSignatureConfiguration.cs" />
     <Compile Include="PackageSigning\ProcessSignature\ProcessSignatureEnqueuer.cs" />
-    <Compile Include="PackageSigning\ScanAndSign\IScanAndSignEnqueuer.cs" />
     <Compile Include="PackageSigning\ScanAndSign\ScanAndSignConfiguration.cs" />
-    <Compile Include="PackageSigning\ScanAndSign\ScanAndSignEnqueuer.cs" />
     <Compile Include="PackageSigning\ScanAndSign\ScanAndSignProcessor.cs" />
     <Compile Include="PackageSigning\ValidateCertificate\IValidateCertificateEnqueuer.cs" />
     <Compile Include="PackageSigning\ValidateCertificate\PackageCertificatesValidator.cs" />
@@ -88,6 +86,7 @@
     <Compile Include="Configuration\ValidationConfigurationItem.cs" />
     <Compile Include="ValidationFailureBehavior.cs" />
     <Compile Include="ValidationPackageFileService.cs" />
+    <Compile Include="ValidationSetProcessorResult.cs" />
     <Compile Include="Vcs\IPackageCriteria.cs" />
     <Compile Include="Vcs\IPackageCriteriaEvaluator.cs" />
     <Compile Include="Vcs\PackageCriteriaEvaluator.cs" />

src/NuGet.Services.Validation.Orchestrator/PackageSigning/ProcessSignature/PackageSignatureValidator.cs

@@ -5,9 +5,11 @@
 using System.Linq;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using NuGet.Jobs.Validation;
 using NuGet.Jobs.Validation.PackageSigning.Storage;
 using NuGet.Jobs.Validation.Storage;
+using NuGet.Services.Validation.Orchestrator.PackageSigning.ScanAndSign;
 using NuGet.Services.Validation.Orchestrator.Telemetry;
 
 namespace NuGet.Services.Validation.PackageSigning.ProcessSignature
@@ -22,13 +24,15 @@ public class PackageSignatureValidator : BaseSignatureProcessor, IValidator
         private readonly IValidatorStateService _validatorStateService;
         private readonly IProcessSignatureEnqueuer _signatureVerificationEnqueuer;
         private readonly ISimpleCloudBlobProvider _blobProvider;
+        private readonly ScanAndSignConfiguration _config;
         private readonly ITelemetryService _telemetryService;
         private readonly ILogger<PackageSignatureValidator> _logger;
 
         public PackageSignatureValidator(
             IValidatorStateService validatorStateService,
             IProcessSignatureEnqueuer signatureVerificationEnqueuer,
             ISimpleCloudBlobProvider blobProvider,
+            IOptionsSnapshot<ScanAndSignConfiguration> configAccessor,
             ITelemetryService telemetryService,
             ILogger<PackageSignatureValidator> logger)
           : base(validatorStateService, signatureVerificationEnqueuer, blobProvider, telemetryService, logger)
@@ -38,6 +42,13 @@ public PackageSignatureValidator(
             _blobProvider = blobProvider ?? throw new ArgumentNullException(nameof(blobProvider));
             _telemetryService = telemetryService ?? throw new ArgumentNullException(nameof(telemetryService));
             _logger = logger ?? throw new ArgumentNullException(nameof(logger));
+
+            if (configAccessor?.Value == null)
+            {
+                throw new ArgumentException($"{nameof(ScanAndSignConfiguration)} is required", nameof(configAccessor));
+            }
+
+            _config = configAccessor.Value;
         }
 
         /// <summary>
@@ -66,14 +77,29 @@ private IValidationResult Validate(IValidationResult result)
             /// All signature validation issues should be caught and handled by the processor.
             if (result.Status == ValidationStatus.Failed || result.NupkgUrl != null)
             {
-                _logger.LogCritical(
-                    "Unexpected validation result in package signature validator. This may be caused by an invalid repository " +
-                    "signature. Status = {ValidationStatus}, Nupkg URL = {NupkgUrl}, validation issues = {Issues}",
-                    result.Status,
-                    result.NupkgUrl,
-                    result.Issues.Select(i => i.IssueCode));
+                if (_config.RepositorySigningEnabled)
+                {
+                    _logger.LogCritical(
+                        "Unexpected validation result in package signature validator. This may be caused by an invalid repository " +
+                        "signature. Throwing an exception to force this validation to dead-letter. " +
+                        "Status = {ValidationStatus}, Nupkg URL = {NupkgUrl}, validation issues = {Issues}",
+                        result.Status,
+                        result.NupkgUrl,
+                        result.Issues.Select(i => i.IssueCode));
+
+                    throw new InvalidOperationException("Package signature validator has an unexpected validation result");
+                }
+                else
+                {
+                    _logger.LogInformation(
+                        "Ignoring invalid validation result in package signature validator as repository signing is disabled. " +
+                        "Status = {ValidationStatus}, Nupkg URL = {NupkgUrl}, validation issues = {Issues}",
+                        result.Status,
+                        result.NupkgUrl,
+                        result.Issues.Select(i => i.IssueCode));
 
-                throw new InvalidOperationException("Package signature validator has an unexpected validation result");
+                    return ValidationResult.Succeeded;
+                }
             }
 
             /// Suppress all validation issues. The <see cref="PackageSignatureProcessor"/> should

src/NuGet.Services.Validation.Orchestrator/PackageSigning/ScanAndSign/IScanAndSignEnqueuer.cs

@@ -1,8 +1,8 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
 using NuGet.Jobs.Configuration;
+using NuGet.Services.Validation.Vcs;
 
 namespace NuGet.Services.Validation.Orchestrator.PackageSigning.ScanAndSign
 {
@@ -14,8 +14,18 @@ public class ScanAndSignConfiguration
         public ServiceBusConfiguration ServiceBus { get; set; }
 
         /// <summary>
-        /// The visibility delay to apply to Service Bus messages requesting a new validation.
+        /// The criteria used to determine if a package should be submitted scanning.
         /// </summary>
-        public TimeSpan? MessageDelay { get; set; }
+        public PackageCriteria PackageCriteria { get; set; } = new PackageCriteria();
+
+        /// <summary>
+        /// If true, packages with no repository signatures will be repository signed.
+        /// </summary>
+        public bool RepositorySigningEnabled { get; set; }
+
+        /// <summary>
+        /// The service index URL that should be stamped on repository signatures.
+        /// </summary>
+        public string V3ServiceIndexUrl { get; set; }
     }
 }