koji

Clone

#2019 log --force usage by admins
Merged 4 years ago by tkopecek. Opened 4 years ago by tkopecek.
tkopecek/koji issue1930  into  master

file modified
+29 
@@ -993,6 +993,10 @@ 
 

          # don't check policy for admins using force
 

          if not (force and context.session.hasPerm('admin')):
 

              assert_policy('package_list', policy_data)
 

+         else:
 

+             pkg_name = pkg and pkg['name'] or pkginfo
 

+             logger.info("Package list add %s/%s policy overriden by %s" % (
 

+                 tag['name'], pkg_name, context.session.user_data['name']))
 

      if not pkg:
 

          pkg = lookup_package(pkginfo, create=True)
 

      # validate arches before running callbacks
 
@@ -1073,6 +1077,10 @@ 
 

          # don't check policy for admins using force
 

          if not (force and context.session.hasPerm('admin')):
 

              assert_policy('package_list', policy_data)
 

+         else:
 

+             logger.info("Package list %s/%s remove policy overriden by %s" % (
 

+                 tag['name'], pkg['name'], context.session.user_data['name']))
 

+ 

      user = get_user(context.session.user_id)
 

      koji.plugin.run_callbacks(
 

          'prePackageListChange', action='remove', tag=tag, package=pkg, user=user)
 
@@ -1105,6 +1113,9 @@ 
 

      # don't check policy for admins using force
 

      if not (force and context.session.hasPerm('admin')):
 

          assert_policy('package_list', policy_data)
 

+     else:
 

+         logger.info("Package list %s/%s unblock policy overriden by %s" % (
 

+             tag['name'], pkg['name'], context.session.user_data['name']))
 

      user = get_user(context.session.user_id)
 

      koji.plugin.run_callbacks(
 

          'prePackageListChange', action='unblock', tag=tag, package=pkg, user=user)
 
@@ -10619,6 +10630,8 @@ 
 

          if pkg_error:
 

              if force and context.session.hasPerm('admin'):
 

                  pkglist_add(tag_id, pkg_id, force=True, block=False)
 

+                 logger.info("Package add policy %s/%s overriden by %s" % (
 

+                     tag['name'], build['nvr'], context.session.user_data['name']))
 

              else:
 

                  raise koji.TagError(pkg_error)
 

          # tag policy check
 
@@ -10631,6 +10644,9 @@ 
 

          if not (force and context.session.hasPerm('admin')):
 

              assert_policy('tag', policy_data)
 

              # XXX - we're running this check twice, here and in host.tagBuild (called by the task)
 

+         else:
 

+             logger.info("Tag policy %s/%s overriden by %s" % (
 

+                 tag['name'], build['nvr'], context.session.user_data['name']))
 

          # spawn the tagging task
 

          return make_task('tagBuild', [tag_id, build_id, force, fromtag_id], priority=10)
 

  
@@ -10650,6 +10666,9 @@ 
 

              # don't check policy for admins using force
 

              if not (force and context.session.hasPerm('admin')):
 

                  assert_policy('tag', policy_data)
 

+             else:
 

+                 logger.info("Untag policy %s/%s overriden by %s" % (
 

+                     tag, build, context.session.user_data['name']))
 

              _untag_build(tag, build, strict=strict, force=force)
 

              tag_notification(True, None, tag, build, user_id)
 

          except Exception:
 
@@ -10705,6 +10724,8 @@ 
 

          if pkg_error:
 

              if force and context.session.hasPerm('admin'):
 

                  pkglist_add(tag2_id, pkg_id, force=True, block=False)
 

+                 logger.info("Package list policy %s/%s overriden by %s" % (
 

+                     tag2, package, context.session.user_data['name']))
 

              else:
 

                  raise koji.TagError(pkg_error)
 

  
@@ -10725,6 +10746,9 @@ 
 

                  assert_policy('tag', policy_data)
 

                  # XXX - we're running this check twice, here and in host.tagBuild (called by the
 

                  # task)
 

+         else:
 

+             logger.info("Tag move policy %s/%s overriden by %s" % (
 

+                 tag2, package, context.session.user_data['name']))
 

  

          wait_on = []
 

          tasklist = []
 
@@ -13896,6 +13920,9 @@ 
 

          perms = koji.auth.get_user_perms(user_id)
 

          if not force or 'admin' not in perms:
 

              assert_policy('tag', policy_data)
 

+         if force and 'admin' in perms:
 

+             logger.info("Tag build %s/%s policy overriden by %s" % (
 

+                 tag, build['nvr'], context.session.user_data['name']))
 

          # package list check
 

          pkgs = readPackageList(tagID=tag_id, pkgID=pkg_id, inherit=True)
 

          pkg_error = None
 
@@ -13906,6 +13933,8 @@ 
 

          if pkg_error:
 

              if force and context.session.hasPerm('admin'):
 

                  pkglist_add(tag_id, pkg_id, force=True, block=False)
 

+                 logger.info("Package added %s/%s by %s" % (
 

+                     tag, build['nvr'], context.session.user_data['name']))
 

              else:
 

                  raise koji.TagError(pkg_error)
 

          # do the actual work now

file modified
+1 
@@ -28,6 +28,7 @@ 
 

          # start with "assert"
 

          self.context.session.assertLogin = mock.MagicMock()
 

          self.context.session.user_id = 112233
 

+         self.context.session.user_data = {'name': 'username'}
 

          self.run_callbacks = mock.patch('koji.plugin.run_callbacks').start()
 

  

      def tearDown(self):

Log everything related to package listing and build tagging done by
admin users via --force flag.

Fixes: https://pagure.io/koji/issue/1930

rebased onto 3906eaa052fe60eb7326b0ab35b750449797c823
4 years ago

I don't know if we want to require folks needing #1930 to crank logging up to DEBUG.

Overrides are hypothetically rare, but I guess in a mass tagging operation they might not be.

@mikem - other option is plugin hook + message via proton or mail. Anything else?

Or dou you mean just upgrading to INFO? (done)
Edited 4 years ago by tkopecek

rebased onto c1a4b5edd5b239c763dd30c38c3fdb14a20b7497
4 years ago

just upgrading to INFO?

yeah, that's what I was getting at. thanks :smile:

Metadata Update from @tkopecek:
- Pull-request tagged with: testing-ready
4 years ago

rebased onto ad0fb66
4 years ago

1 new commit added

  • fix logging package name
4 years ago

Metadata Update from @jcupova:
- Pull-request tagged with: testing-done
4 years ago

Commit 336c3ba fixes this pull-request

Pull-Request has been merged by tkopecek
4 years ago

pretty please pagure-ci rebuild
4 years ago
Changes Summary 2
+29 -0
file changed
hub/kojihub.py
+1 -0
file changed
tests/test_hub/test_pkglist.py
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.