Add Validation Issues to Orchestrator (#277)

Updates the Orchestrator and its validators to use the new APIs that were introduced in ServerCommon's v2.6 dependencies. In addition, the Orchestrator now persists `IValidationIssues` to the database.

Author: loic-sharma

src/NuGet.Services.Validation.Orchestrator/EmailConfiguration.cs

@@ -34,5 +34,15 @@ public class EmailConfiguration
         /// Url for email settings, so user can opt out of receiving email notifications.
         /// </summary>
         public string EmailSettingsUrl { get; set; }
+
+        /// <summary>
+        /// Url for the announcements github page
+        /// </summary>
+        public string AnnouncementsUrl { get; set; }
+
+        /// <summary>
+        /// NuGet Twitter url
+        /// </summary>
+        public string TwitterUrl { get; set; }
     }
 }

src/NuGet.Services.Validation.Orchestrator/IMessageService.cs

@@ -9,5 +9,6 @@ public interface IMessageService
     {
         void SendPackagePublishedMessage(Package package);
         void SendPackageValidationFailedMessage(Package package);
+        void SendPackageSignedValidationFailedMessage(Package package);
     }
 }

src/NuGet.Services.Validation.Orchestrator/IValidationStorageService.cs

@@ -26,28 +26,29 @@ public interface IValidationStorageService
         Task<PackageValidationSet> GetValidationSetAsync(Guid validationTrackingId);
 
         /// <summary>
-        /// Updates the passed <see cref="PackageValidation"/> with specified validation status,
-        /// updates the <see cref="PackageValidation.ValidationStatusTimestamp"/>
-        /// and <see cref="PackageValidation.Started"/> properties to current timestamp, persists changes in the storage.
+        /// Updates the passed <see cref="PackageValidation"/> with the validation result's status,
+        /// updates the <see cref="PackageValidation.ValidationStatusTimestamp"/> to current timestamp,
+        /// and persists changes in the storage. The result's status cannot be <see cref="ValidationStatus.NotStarted"/>
         /// </summary>
         /// <param name="packageValidation">Validation object to update, must be an object from the <see cref="PackageValidationSet.PackageValidations"/> collection
         /// from an <see cref="PackageValidationSet"/> previously returned by either <see cref="CreateValidationSetAsync(PackageValidationSet)"/> 
         /// or <see cref="GetValidationSetAsync(Guid)"/> calls.</param>
-        /// <param name="startedStatus">Validation status to set. Cannot be <see cref="ValidationStatus.NotStarted"/></param>
+        /// <param name="validationResult">Validation result. Its status cannot be <see cref="ValidationStatus.NotStarted"/></param>
         /// <returns>Task object tracking the async operation status.</returns>
         /// <exception cref="ArgumentOutOfRangeException">If <paramref name="startedStatus"/> is <see cref="ValidationStatus.NotStarted"/></exception>
-        Task MarkValidationStartedAsync(PackageValidation packageValidation, ValidationStatus startedStatus);
+        Task MarkValidationStartedAsync(PackageValidation packageValidation, IValidationResult validationResult);
 
         /// <summary>
-        /// Updates the passed <see cref="PackageValidation"/> object with specified validation status,
-        /// updates the <see cref="PackageValidation.ValidationStatusTimestamp"/>
-        /// property to current timestamp, persists changes in the storage.
+        /// Updates the passed <see cref="PackageValidation"/> object with the result's validation status,
+        /// updates the <see cref="PackageValidation.ValidationStatusTimestamp"/> property to the current
+        /// timestamp, adds the result's <see cref="PackageValidationIssue"/>s to the validation, and then persists
+        /// changes in the storage.
         /// </summary>
         /// <param name="packageValidation">Validation object to update, must be an object from the <see cref="PackageValidationSet.PackageValidations"/> collection
         /// from an <see cref="PackageValidationSet"/> previously returned by either <see cref="CreateValidationSetAsync(PackageValidationSet)"/> 
         /// or <see cref="GetValidationSetAsync(Guid)"/> calls.</param>
-        /// <param name="validationStatus">Validation status to set.</param>
+        /// <param name="validationResult">The result of the validation.</param>
         /// <returns>Task object tracking the async operation status.</returns>
-        Task UpdateValidationStatusAsync(PackageValidation packageValidation, ValidationStatus validationStatus);
+        Task UpdateValidationStatusAsync(PackageValidation packageValidation, IValidationResult validationResult);
     }
 }

src/NuGet.Services.Validation.Orchestrator/MessageService.cs

@@ -60,7 +60,15 @@ public void SendPackageValidationFailedMessage(Package package)
 
             var galleryPackageUrl = string.Format(_emailConfiguration.PackageUrlTemplate, package.PackageRegistration.Id, package.NormalizedVersion);
             var packageSupportUrl = string.Format(_emailConfiguration.PackageSupportTemplate, package.PackageRegistration.Id, package.NormalizedVersion);
-            _coreMessageService.SendPackageValidationFailedNotice(package, galleryPackageUrl, packageSupportUrl, _emailConfiguration.EmailSettingsUrl);
+            _coreMessageService.SendPackageValidationFailedNotice(package, galleryPackageUrl, packageSupportUrl);
+        }
+
+        public void SendPackageSignedValidationFailedMessage(Package package)
+        {
+            package = package ?? throw new ArgumentNullException(nameof(package));
+
+            var galleryPackageUrl = string.Format(_emailConfiguration.PackageUrlTemplate, package.PackageRegistration.Id, package.NormalizedVersion);
+            _coreMessageService.SendSignedPackageNotAllowedNotice(package, galleryPackageUrl, _emailConfiguration.AnnouncementsUrl, _emailConfiguration.TwitterUrl);
         }
     }
 }

src/NuGet.Services.Validation.Orchestrator/NuGet.Services.Validation.Orchestrator.csproj

@@ -134,28 +134,31 @@
       <Version>1.1.2</Version>
     </PackageReference>
     <PackageReference Include="NuGet.Services.Configuration">
-      <Version>2.5.0</Version>
+      <Version>2.7.0</Version>
     </PackageReference>
     <PackageReference Include="NuGet.Services.Contracts">
-      <Version>2.5.0</Version>
+      <Version>2.7.0</Version>
     </PackageReference>
     <PackageReference Include="NuGet.Services.KeyVault">
-      <Version>2.5.0</Version>
+      <Version>2.7.0</Version>
     </PackageReference>
     <PackageReference Include="NuGet.Services.Logging">
-      <Version>2.5.0</Version>
+      <Version>2.7.0</Version>
     </PackageReference>
     <PackageReference Include="NuGet.Services.ServiceBus">
-      <Version>2.5.0</Version>
+      <Version>2.7.0</Version>
     </PackageReference>
     <PackageReference Include="NuGet.Services.Validation">
-      <Version>2.5.0</Version>
+      <Version>2.7.0</Version>
+    </PackageReference>
+    <PackageReference Include="NuGet.Services.Validation.Issues">
+      <Version>2.7.0</Version>
     </PackageReference>
     <PackageReference Include="NuGet.Versioning">
       <Version>4.3.0</Version>
     </PackageReference>
     <PackageReference Include="NuGetGallery.Core">
-      <Version>4.4.4-dev-18852</Version>
+      <Version>4.4.4-dev-19677</Version>
     </PackageReference>
     <PackageReference Include="Serilog">
       <Version>2.5.0</Version>

src/NuGet.Services.Validation.Orchestrator/PackageCertificates/PackageCertificatesValidator.cs

@@ -50,7 +50,14 @@ public PackageCertificatesValidator(
             }
         }
 
-        public async Task<ValidationStatus> GetStatusAsync(IValidationRequest request)
+        public async Task<IValidationResult> GetResultAsync(IValidationRequest request)
+        {
+            var status = await GetStatusAsync(request);
+
+            return new ValidationResult(status);
+        }
+
+        private async Task<ValidationStatus> GetStatusAsync(IValidationRequest request)
         {
             // Look up this validator's state in the database.
             var status = await _validatorStateService.GetStatusAsync(request);
@@ -107,7 +114,12 @@ public async Task<ValidationStatus> GetStatusAsync(IValidationRequest request)
             return await _validatorStateService.TryUpdateValidationStatusAsync(request, status, ValidationStatus.Succeeded);
         }
 
-        public async Task<ValidationStatus> StartValidationAsync(IValidationRequest request)
+        public async Task<IValidationResult> StartValidationAsync(IValidationRequest request)
+        {
+            return new ValidationResult(await StartValidationInternalAsync(request));
+        }
+
+        private async Task<ValidationStatus> StartValidationInternalAsync(IValidationRequest request)
         {
             var status = await _validatorStateService.GetStatusAsync(request);
 

src/NuGet.Services.Validation.Orchestrator/PackageSigning/PackageSigningValidator.cs

@@ -5,6 +5,7 @@
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
 using NuGet.Jobs.Validation.PackageSigning.Storage;
+using NuGet.Services.Validation.Issues;
 
 namespace NuGet.Services.Validation.PackageSigning
 {
@@ -24,14 +25,29 @@ public PackageSigningValidator(
             _logger = logger ?? throw new ArgumentNullException(nameof(logger));
         }
 
-        public async Task<ValidationStatus> GetStatusAsync(IValidationRequest request)
+        public async Task<IValidationResult> GetResultAsync(IValidationRequest request)
         {
             var validatorStatus = await _validatorStateService.GetStatusAsync(request);
 
-            return validatorStatus.State;
+            if (validatorStatus.State == ValidationStatus.Failed)
+            {
+                // If the validation has failed, assume it is because signed packages are blocked.
+                return ValidationResult.FailedWithIssues(new PackageIsSigned(request.PackageId, request.PackageVersion));
+            }
+            else
+            {
+                return new ValidationResult(validatorStatus.State);
+            }
+        }
+
+        public async Task<IValidationResult> StartValidationAsync(IValidationRequest request)
+        {
+            var status = await StartValidationInternalAsync(request);
+
+            return new ValidationResult(status);
         }
 
-        public async Task<ValidationStatus> StartValidationAsync(IValidationRequest request)
+        public async Task<ValidationStatus> StartValidationInternalAsync(IValidationRequest request)
         {
             // Check that this is the first validation for this specific request.
             var validatorStatus = await _validatorStateService.GetStatusAsync(request);

src/NuGet.Services.Validation.Orchestrator/ValidationOutcomeProcessor.cs

@@ -56,7 +56,22 @@ public async Task ProcessValidationOutcomeAsync(PackageValidationSet validationS
                 if (package.PackageStatusKey != PackageStatus.Available)
                 {
                     await _galleryPackageService.UpdatePackageStatusAsync(package, PackageStatus.FailedValidation);
-                    _messageService.SendPackageValidationFailedMessage(package);
+
+                    var issuesExistAndAllPackageSigned = validationSet
+                        .PackageValidations
+                        .SelectMany(pv => pv.PackageValidationIssues)
+                        .Select(pvi => pvi.IssueCode == ValidationIssueCode.PackageIsSigned)
+                        .DefaultIfEmpty(false)
+                        .All(v => v);
+
+                    if (issuesExistAndAllPackageSigned)
+                    {
+                        _messageService.SendPackageSignedValidationFailedMessage(package);
+                    }
+                    else
+                    {
+                        _messageService.SendPackageValidationFailedMessage(package);
+                    }
                 }
                 else
                 {

src/NuGet.Services.Validation.Orchestrator/ValidationSetProcessor.cs

@@ -89,35 +89,35 @@ private async Task<bool> ProcessIncompleteValidations(PackageValidationSet valid
 
                     var validator = _validatorProvider.GetValidator(packageValidation.Type);
                     var validationRequest = await CreateValidationRequest(packageValidation.PackageValidationSet, packageValidation, package, validationConfiguration);
-                    var validationStatus = await validator.GetStatusAsync(validationRequest);
+                    var validationResult = await validator.GetResultAsync(validationRequest);
                     _logger.LogInformation("New status for validation {ValidationType} for {PackageId} {PackageVersion} is {ValidationStatus}, validation set {ValidationSetId}, {ValidationId}",
                         packageValidation.Type,
                         package.PackageRegistration.Id,
                         package.NormalizedVersion,
-                        validationStatus,
+                        validationResult.Status,
                         validationSet.ValidationTrackingId,
                         packageValidation.Key);
 
-                    switch (validationStatus)
+                    switch (validationResult.Status)
                     {
                         case ValidationStatus.Incomplete:
                             await ProcessIncompleteValidation(packageValidation, validationConfiguration);
                             break;
 
                         case ValidationStatus.Failed:
-                            await _validationStorageService.UpdateValidationStatusAsync(packageValidation, validationStatus);
+                            await _validationStorageService.UpdateValidationStatusAsync(packageValidation, validationResult);
                             break;
 
                         case ValidationStatus.Succeeded:
-                            await _validationStorageService.UpdateValidationStatusAsync(packageValidation, validationStatus);
+                            await _validationStorageService.UpdateValidationStatusAsync(packageValidation, validationResult);
                             // need another iteration to try running new validations
                             tryMoreValidations = true;
                             break;
 
                         default:
                             throw new InvalidOperationException($"Unexpected validation state: " +
                                 $"DB: {ValidationStatus.Incomplete} ({(int)ValidationStatus.Incomplete}), " +
-                                $"Actual: {validationStatus} {(int)validationStatus}");
+                                $"Actual: {validationResult.Status} {(int)validationResult.Status}");
                     }
                 }
             }
@@ -159,9 +159,9 @@ private async Task<bool> ProcessNotStartedValidations(PackageValidationSet valid
 
                     var validator = _validatorProvider.GetValidator(packageValidation.Type);
                     var validationRequest = await CreateValidationRequest(packageValidation.PackageValidationSet, packageValidation, package, validationConfiguration);
-                    var validationStatus = await validator.GetStatusAsync(validationRequest);
+                    var validationResult = await validator.GetResultAsync(validationRequest);
 
-                    if (validationStatus == ValidationStatus.NotStarted)
+                    if (validationResult.Status == ValidationStatus.NotStarted)
                     {
                         _logger.LogInformation("Requesting validation {ValidationType} for {PackageId} {PackageVersion}, validation set {ValidationSetId}, {ValidationId}, {NupkgUrl}",
                             packageValidation.Type,
@@ -170,17 +170,17 @@ private async Task<bool> ProcessNotStartedValidations(PackageValidationSet valid
                             validationSet.ValidationTrackingId,
                             packageValidation.Key,
                             validationRequest.NupkgUrl);
-                        validationStatus = await validator.StartValidationAsync(validationRequest);
+                        validationResult = await validator.StartValidationAsync(validationRequest);
                         _logger.LogInformation("Got validationStatus = {ValidationStatus} for validation {ValidationType} for {PackageId} {PackageVersion}, validation set {ValidationSetId}, {ValidationId}",
-                            validationStatus,
+                            validationResult.Status,
                             packageValidation.Type,
                             package.PackageRegistration.Id,
                             package.NormalizedVersion,
                             validationSet.ValidationTrackingId,
                             packageValidation.Key);
                     }
 
-                    if (validationStatus == ValidationStatus.NotStarted)
+                    if (validationResult.Status == ValidationStatus.NotStarted)
                     {
                         _logger.LogWarning("Unexpected NotStarted state after start attempt for validation {ValidationName}, package: {PackageId} {PackageVersion}",
                             packageValidation.Type,
@@ -189,10 +189,10 @@ private async Task<bool> ProcessNotStartedValidations(PackageValidationSet valid
                     }
                     else
                     {
-                        await _validationStorageService.MarkValidationStartedAsync(packageValidation, validationStatus);
+                        await _validationStorageService.MarkValidationStartedAsync(packageValidation, validationResult);
                     }
 
-                    tryMoreValidations = tryMoreValidations || validationStatus == ValidationStatus.Succeeded;
+                    tryMoreValidations = tryMoreValidations || validationResult.Status == ValidationStatus.Succeeded;
                 }
             }
 
@@ -212,7 +212,7 @@ private async Task OnUnknownValidation(PackageValidation packageValidation)
                 packageValidation.PackageValidationSet.PackageId,
                 packageValidation.PackageValidationSet.PackageNormalizedVersion);
 
-            await _validationStorageService.UpdateValidationStatusAsync(packageValidation, ValidationStatus.Failed);
+            await _validationStorageService.UpdateValidationStatusAsync(packageValidation, ValidationResult.Failed);
         }
 
         private async Task ProcessIncompleteValidation(PackageValidation packageValidation, ValidationConfigurationItem validationConfiguration)
@@ -226,7 +226,7 @@ private async Task ProcessIncompleteValidation(PackageValidation packageValidati
                     packageValidation.PackageValidationSet.PackageId,
                     packageValidation.PackageValidationSet.PackageNormalizedVersion,
                     validationConfiguration.FailAfter);
-                await _validationStorageService.UpdateValidationStatusAsync(packageValidation, ValidationStatus.Failed);
+                await _validationStorageService.UpdateValidationStatusAsync(packageValidation, ValidationResult.Failed);
                 return;
             }
         }