Skipping test packages for scan and sign (#451)

* Skipping test pacakges for scan and sign

* Skipping flaky test

Author: agr

src/NuGet.Services.Validation.Orchestrator/PackageSigning/ScanAndSign/ScanAndSignConfiguration.cs

@@ -3,6 +3,7 @@
 
 using System;
 using NuGet.Jobs.Configuration;
+using NuGet.Services.Validation.Vcs;
 
 namespace NuGet.Services.Validation.Orchestrator.PackageSigning.ScanAndSign
 {
@@ -17,5 +18,10 @@ public class ScanAndSignConfiguration
         /// The visibility delay to apply to Service Bus messages requesting a new validation.
         /// </summary>
         public TimeSpan? MessageDelay { get; set; }
+
+        /// <summary>
+        /// The criteria used to determine if a package should be submitted scanning.
+        /// </summary>
+        public PackageCriteria PackageCriteria { get; set; } = new PackageCriteria();
     }
 }

src/NuGet.Services.Validation.Orchestrator/PackageSigning/ScanAndSign/ScanAndSignProcessor.cs

@@ -4,8 +4,11 @@
 using System;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using NuGet.Jobs.Validation;
 using NuGet.Jobs.Validation.PackageSigning.Storage;
+using NuGet.Services.Validation.Vcs;
+using NuGetGallery;
 
 namespace NuGet.Services.Validation.Orchestrator.PackageSigning.ScanAndSign
 {
@@ -14,15 +17,32 @@ public class ScanAndSignProcessor : IProcessor
     {
         private readonly IValidatorStateService _validatorStateService;
         private readonly IScanAndSignEnqueuer _scanAndSignEnqueuer;
+        private readonly ICorePackageService _packageService;
+        private readonly IPackageCriteriaEvaluator _criteriaEvaluator;
+        private readonly ScanAndSignConfiguration _configuration;
         private readonly ILogger<ScanAndSignProcessor> _logger;
 
         public ScanAndSignProcessor(
             IValidatorStateService validatorStateService,
             IScanAndSignEnqueuer scanAndSignEnqueuer,
+            ICorePackageService packageService,
+            IPackageCriteriaEvaluator criteriaEvaluator,
+            IOptionsSnapshot<ScanAndSignConfiguration> configurationAccessor,
             ILogger<ScanAndSignProcessor> logger)
         {
             _validatorStateService = validatorStateService ?? throw new ArgumentNullException(nameof(validatorStateService));
             _scanAndSignEnqueuer = scanAndSignEnqueuer ?? throw new ArgumentNullException(nameof(scanAndSignEnqueuer));
+            _packageService = packageService ?? throw new ArgumentNullException(nameof(packageService));
+            _criteriaEvaluator = criteriaEvaluator ?? throw new ArgumentNullException(nameof(criteriaEvaluator));
+            if (configurationAccessor == null)
+            {
+                throw new ArgumentNullException(nameof(configurationAccessor));
+            }
+            if (configurationAccessor.Value == null)
+            {
+                throw new ArgumentException($"{nameof(configurationAccessor.Value)} property is null", nameof(configurationAccessor));
+            }
+            _configuration = configurationAccessor.Value;
             _logger = logger ?? throw new ArgumentNullException(nameof(logger));
         }
 
@@ -44,6 +64,11 @@ public async Task<IValidationResult> GetResultAsync(IValidationRequest request)
                 throw new ArgumentNullException(nameof(request));
             }
 
+            if (ShouldSkip(request))
+            {
+                return ValidationResult.Succeeded;
+            }
+
             var validatorStatus = await _validatorStateService.GetStatusAsync(request);
 
             return validatorStatus.ToValidationResult();
@@ -56,6 +81,13 @@ public async Task<IValidationResult> StartAsync(IValidationRequest request)
                 throw new ArgumentNullException(nameof(request));
             }
 
+            // We probably should only try to skip if operation is scan only, 
+            // but currently that's the only implemented option.
+            if (ShouldSkip(request))
+            {
+                return ValidationResult.Succeeded;
+            }
+
             var validatorStatus = await _validatorStateService.GetStatusAsync(request);
 
             if (validatorStatus.State != ValidationStatus.NotStarted)
@@ -70,12 +102,37 @@ public async Task<IValidationResult> StartAsync(IValidationRequest request)
             }
 
             // here we need to determine whether we do scan only or scan and repo sign.
-            // Right now we only support scan only
+            // Right now we only support scan only.
 
             await _scanAndSignEnqueuer.EnqueueScanAsync(request);
             var result = await _validatorStateService.TryAddValidatorStatusAsync(request, validatorStatus, ValidationStatus.Incomplete);
 
             return result.ToValidationResult();
         }
+
+        private bool ShouldSkip(IValidationRequest request)
+        {
+            var package = _packageService.FindPackageByIdAndVersionStrict(
+                request.PackageId,
+                request.PackageVersion);
+
+            return ShouldSkip(request, package);
+        }
+
+        private bool ShouldSkip(IValidationRequest request, Package package)
+        {
+            if (!_criteriaEvaluator.IsMatch(_configuration.PackageCriteria, package))
+            {
+                _logger.LogInformation(
+                    "The scan for {validationId} ({packageId} {packageVersion}) was skipped due to package criteria configuration.",
+                    request.ValidationId,
+                    request.PackageId,
+                    request.PackageVersion);
+
+                return true;
+            }
+
+            return false;
+        }
     }
 }

src/NuGet.Services.Validation.Orchestrator/settings.json

@@ -72,6 +72,14 @@
       "TopicPath": "",
       "SubscriptionName": ""
     },
+    "PackageCriteria": {
+      "ExcludeOwners": [
+        "NugetTestAccount"
+      ],
+      "IncludeIdPatterns": [
+        "E2E.SemVer1Stable.*"
+      ]
+    },
     "MessageDelay": "00:00:05"
   },
   "RunnerConfiguration": {

tests/Validation.PackageSigning.ProcessSignature.Tests/SignatureValidatorIntegrationTests.cs

@@ -614,7 +614,7 @@ public async Task StripsRepositorySignatureWithUnallowedRepositoryUrl()
             Assert.NotNull(result.NupkgUri);
         }
 
-        [Fact]
+        [Fact(Skip = "Appears to be flaky")]
         public async Task StripsRepositorySignatureWithUntrustedSigningCertificate()
         {
             // Arrange

tests/Validation.PackageSigning.ScanAndSign.Tests/ScanAndSignProcessorFacts.cs

@@ -5,11 +5,14 @@
 using System.Collections.Generic;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using Moq;
 using NuGet.Jobs.Validation.PackageSigning.Storage;
 using NuGet.Services.Validation;
 using NuGet.Services.Validation.Orchestrator;
 using NuGet.Services.Validation.Orchestrator.PackageSigning.ScanAndSign;
+using NuGet.Services.Validation.Vcs;
+using NuGetGallery;
 using Xunit;
 
 namespace Validation.PackageSigning.ScanAndSign.Tests
@@ -22,6 +25,9 @@ public void ThrowsWhenValidatorStateServiceIsNull()
             var ex = Assert.Throws<ArgumentNullException>(() => new ScanAndSignProcessor(
                 null,
                 _enqueuerMock.Object,
+                _packageServiceMock.Object,
+                _criteriaEvaluatorMock.Object,
+                _configurationAccessorMock.Object,
                 _loggerMock.Object));
 
             Assert.Equal("validatorStateService", ex.ParamName);
@@ -33,6 +39,9 @@ public void ThrowsWhenScanAndSignEnqueuerIsNull()
             var ex = Assert.Throws<ArgumentNullException>(() => new ScanAndSignProcessor(
                 _validatorStateServiceMock.Object,
                 null,
+                _packageServiceMock.Object,
+                _criteriaEvaluatorMock.Object,
+                _configurationAccessorMock.Object,
                 _loggerMock.Object));
 
             Assert.Equal("scanAndSignEnqueuer", ex.ParamName);
@@ -44,10 +53,73 @@ public void ThrowsWhenLoggerIsNull()
             var ex = Assert.Throws<ArgumentNullException>(() => new ScanAndSignProcessor(
                 _validatorStateServiceMock.Object,
                 _enqueuerMock.Object,
+                _packageServiceMock.Object,
+                _criteriaEvaluatorMock.Object,
+                _configurationAccessorMock.Object,
                 null));
 
             Assert.Equal("logger", ex.ParamName);
         }
+
+        [Fact]
+        public void ThrowsWhenPackageServiceIsNull()
+        {
+            var ex = Assert.Throws<ArgumentNullException>(() => new ScanAndSignProcessor(
+                _validatorStateServiceMock.Object,
+                _enqueuerMock.Object,
+                null,
+                _criteriaEvaluatorMock.Object,
+                _configurationAccessorMock.Object,
+                _loggerMock.Object));
+
+            Assert.Equal("packageService", ex.ParamName);
+        }
+
+        [Fact]
+        public void ThrowsWhenCriteriaEvaluatorIsNull()
+        {
+            var ex = Assert.Throws<ArgumentNullException>(() => new ScanAndSignProcessor(
+                _validatorStateServiceMock.Object,
+                _enqueuerMock.Object,
+                _packageServiceMock.Object,
+                null,
+                _configurationAccessorMock.Object,
+                _loggerMock.Object));
+
+            Assert.Equal("criteriaEvaluator", ex.ParamName);
+        }
+
+        [Fact]
+        public void ThrowsWhenConfigurationAccessorIsNull()
+        {
+            var ex = Assert.Throws<ArgumentNullException>(() => new ScanAndSignProcessor(
+                _validatorStateServiceMock.Object,
+                _enqueuerMock.Object,
+                _packageServiceMock.Object,
+                _criteriaEvaluatorMock.Object,
+                null,
+                _loggerMock.Object));
+
+            Assert.Equal("configurationAccessor", ex.ParamName);
+        }
+
+        [Fact]
+        public void ThrowsWhenConfigurationIsNull()
+        {
+            _configurationAccessorMock
+                .SetupGet(ca => ca.Value)
+                .Returns((ScanAndSignConfiguration)null);
+
+            var ex = Assert.Throws<ArgumentException>(() => new ScanAndSignProcessor(
+                _validatorStateServiceMock.Object,
+                _enqueuerMock.Object,
+                _packageServiceMock.Object,
+                _criteriaEvaluatorMock.Object,
+                _configurationAccessorMock.Object,
+                _loggerMock.Object));
+
+            Assert.Equal("configurationAccessor", ex.ParamName);
+        }
     }
 
     public class TheCleanUpAsyncMethod : ScanAndSignProcessorFactsBase
@@ -96,6 +168,24 @@ public async Task ForwardsCallToValidatorStateService()
             Assert.Equal(status.State, result.Status);
             Assert.Equal(status.NupkgUrl, result.NupkgUrl);
         }
+
+        [Fact]
+        public async Task SkipsCheckWhenPackageFitsCriteria()
+        {
+            var request = new ValidationRequest(Guid.NewGuid(), 42, "somepackage", "somversion", "https://example.com/package.nupkg");
+            _criteriaEvaluatorMock
+                .Setup(ce => ce.IsMatch(It.IsAny<IPackageCriteria>(), It.IsAny<Package>()))
+                .Returns(false);
+
+            var result = await _target.GetResultAsync(request);
+
+            Assert.Equal(ValidationStatus.Succeeded, result.Status);
+
+            _validatorStateServiceMock
+                .Verify(vss => vss.GetStatusAsync(It.IsAny<ValidationRequest>()), Times.Never);
+            _validatorStateServiceMock
+                .Verify(vss => vss.GetStatusAsync(It.IsAny<Guid>()), Times.Never);
+        }
     }
 
     public class TheStartAsyncMethod : ScanAndSignProcessorFactsBase
@@ -148,6 +238,27 @@ public async Task EnqueuesNewOperations()
                 .Verify(vss => vss.TryAddValidatorStatusAsync(It.IsAny<IValidationRequest>(), It.IsAny<ValidatorStatus>(), It.IsAny<ValidationStatus>()), Times.Once);
         }
 
+        [Fact]
+        public async Task SkipsCheckWhenPackageFitsCriteria()
+        {
+            _criteriaEvaluatorMock
+                .Setup(ce => ce.IsMatch(It.IsAny<IPackageCriteria>(), It.IsAny<Package>()))
+                .Returns(false);
+
+            var result = await _target.StartAsync(_request);
+
+            Assert.Equal(ValidationStatus.Succeeded, result.Status);
+
+            _validatorStateServiceMock
+                .Verify(vss => vss.GetStatusAsync(It.IsAny<ValidationRequest>()), Times.Never);
+            _validatorStateServiceMock
+                .Verify(vss => vss.GetStatusAsync(It.IsAny<Guid>()), Times.Never);
+            _enqueuerMock
+                .Verify(e => e.EnqueueScanAsync(It.IsAny<IValidationRequest>()), Times.Never);
+            _validatorStateServiceMock
+                .Verify(vss => vss.TryAddValidatorStatusAsync(It.IsAny<IValidationRequest>(), It.IsAny<ValidatorStatus>(), It.IsAny<ValidationStatus>()), Times.Never);
+        }
+
         private ValidationRequest _request;
         private ValidatorStatus _status;
 
@@ -174,18 +285,38 @@ public class ScanAndSignProcessorFactsBase
     {
         protected Mock<IValidatorStateService> _validatorStateServiceMock;
         protected Mock<IScanAndSignEnqueuer> _enqueuerMock;
+        protected Mock<ICorePackageService> _packageServiceMock;
+        protected Mock<IPackageCriteriaEvaluator> _criteriaEvaluatorMock;
+        protected Mock<IOptionsSnapshot<ScanAndSignConfiguration>> _configurationAccessorMock;
         protected Mock<ILogger<ScanAndSignProcessor>> _loggerMock;
         protected ScanAndSignProcessor _target;
+        protected ScanAndSignConfiguration _configuration;
 
         public ScanAndSignProcessorFactsBase()
         {
             _validatorStateServiceMock = new Mock<IValidatorStateService>();
             _enqueuerMock = new Mock<IScanAndSignEnqueuer>();
+            _packageServiceMock = new Mock<ICorePackageService>();
+            _criteriaEvaluatorMock = new Mock<IPackageCriteriaEvaluator>();
+            _configurationAccessorMock = new Mock<IOptionsSnapshot<ScanAndSignConfiguration>>();
             _loggerMock = new Mock<ILogger<ScanAndSignProcessor>>();
 
+            _configuration = new ScanAndSignConfiguration();
+
+            _configurationAccessorMock
+                .SetupGet(ca => ca.Value)
+                .Returns(_configuration);
+
+            _criteriaEvaluatorMock
+                .Setup(ce => ce.IsMatch(It.IsAny<IPackageCriteria>(), It.IsAny<Package>()))
+                .Returns(true);
+
             _target = new ScanAndSignProcessor(
                 _validatorStateServiceMock.Object,
                 _enqueuerMock.Object,
+                _packageServiceMock.Object,
+                _criteriaEvaluatorMock.Object,
+                _configurationAccessorMock.Object,
                 _loggerMock.Object);
         }
     }