PR#315: Allow limiting the compose_type value per user/group. - odcs

odcs

#315 Allow limiting the compose_type value per user/group.

Merged 4 years ago by lsedlar. Opened 4 years ago by jkaluza.

jkaluza/odcs compose-info into master

Allow limiting the compose_type value per user/group.

Jan Kaluza • 4 years ago

5b9eec5

server/odcs/server/api_utils.py

file modified

+2 -1

		`@@ -62,7 +62,7 @@`
		`"Unknown key %r passed to _load_allowed_clients_attrs" % key)`

		`# If some requested attributes are missing in allowed_clients variable,`
		`- # try to get them from "conf.gallowed_$attr_name". If they are not there`
		`+ # try to get them from "conf.allowed_$attr_name". If they are not there`
		`# too, use empty list to disallow everything.`
		`for attr in attrs:`
		`if attr not in ret_attrs:`
		`@@ -97,6 +97,7 @@`
		`- source_types - compose.source_type`
		`- sources - compose.source`
		`- arches - compose.arches`
		`+ - compose_types - compose.compose_type`

		`The decision whether the user is allowed or not is done based on`
		`conf.allowed_clients value.`

server/odcs/server/config.py

file modified

		`@@ -180,6 +180,10 @@`
		`'type': list,`
		`'default': [""],`
		`'desc': 'Allowed sources.'},`
		`+ 'allowed_compose_types': {`
		`+ 'type': list,`
		`+ 'default': [""],`
		`+ 'desc': 'Allowed compose types.'},`
		`'auth_ldap_server': {`
		`'type': str,`
		`'default': '',`

server/odcs/server/pungi.py

file modified

+1 -1

		`@@ -365,7 +365,7 @@`
		`ci.base_product.type = conf.get("base_product_type", "ga").lower()`

		`ci.compose.label = compose.label`
		`- ci.compose.type = compose.compose_type or "nightly"`
		`+ ci.compose.type = compose.compose_type or "test"`
		`ci.compose.date = compose_date`
		`ci.compose.respin = 0`

server/odcs/server/views.py

file modified

+8 -3

		`@@ -188,10 +188,15 @@`
		`log.error(err)`
		`raise NotFound(err)`

		`+ # Backward compatibility for old composes which don't have`
		`+ # the compose_type set - we treat them as "test" composes`
		`+ # when regenerating them.`
		`+ compose_type = old_compose.compose_type or "test"`
		`+`
		`raise_if_input_not_allowed(`
		`source_types=old_compose.source_type, sources=old_compose.source,`
		`results=old_compose.results, flags=old_compose.flags,`
		`- arches=old_compose.arches)`
		`+ arches=old_compose.arches, compose_types=compose_type)`

		`has_to_create_a_copy = old_compose.state in (`
		`COMPOSE_STATES['removed'], COMPOSE_STATES['failed'])`
		`@@ -404,11 +409,11 @@`
		`module_defaults = "%s %s" % (module_defaults_url, module_defaults_commit)`

		`label = data.get("label", None)`
		`- compose_type = data.get("compose_type", "nightly")`
		`+ compose_type = data.get("compose_type", "test")`

		`raise_if_input_not_allowed(`
		`source_types=source_type, sources=source, results=results,`
		`- flags=flags, arches=arches)`
		`+ flags=flags, arches=arches, compose_types=compose_type)`

		`compose = Compose.create(`
		`db.session, self._get_compose_owner(), source_type, source,`

server/tests/test_pungi.py

file modified

+3 -3

		`@@ -374,7 +374,7 @@`
		`self.ci_dump = self.patch_ci_dump.start()`

		`self.compose = MagicMock()`
		`- self.compose.compose_type = "nightly"`
		`+ self.compose.compose_type = "test"`

		`def tearDown(self):`
		`super(TestPungi, self).tearDown()`
		`@@ -436,7 +436,7 @@`
		`commit='hash')`
		`compose_date = time.strftime("%Y%m%d", time.localtime())`
		`self.assertEqual(self.compose.pungi_compose_id,`
		`- "compose-1-10-%s.n.0" % compose_date)`
		`+ "compose-1-10-%s.t.0" % compose_date)`

		`@patch("odcs.server.utils.execute_cmd")`
		`def test_pungi_run_raw_config_respin(self, execute_cmd):`
		`@@ -464,7 +464,7 @@`

		`compose_date = time.strftime("%Y%m%d", time.localtime())`
		`self.assertEqual(compose.pungi_compose_id,`
		`- "compose-1-10-%s.n.1" % compose_date)`
		`+ "compose-1-10-%s.t.1" % compose_date)`

		`@patch("odcs.server.utils.execute_cmd")`
		`def test_pungi_run_raw_config_subpath(self, execute_cmd):`

server/tests/test_views.py

file modified

+23 -5

		`@@ -112,7 +112,8 @@`
		`'arches': ['ppc64', 's390', 'x86_64']`
		`},`
		`'dev2': {`
		`- 'source_types': ['module', 'raw_config']`
		`+ 'source_types': ['module', 'raw_config'],`
		`+ 'compose_types': ["test", "nightly"]`
		`}`
		`}`
		`}`
		`@@ -310,7 +311,7 @@`
		`'modular_koji_tags': None,`
		`'module_defaults_url': None,`
		`'label': None,`
		`- 'compose_type': 'nightly',`
		`+ 'compose_type': 'test',`
		`'pungi_compose_id': None}`
		`self.assertEqual(data, expected_json)`

		`@@ -693,6 +694,23 @@`
		`data['message'],`
		`'User dev not allowed to operate with compose with source_types=repo')`

		`+ @patch.object(odcs.server.config.Config, 'raw_config_urls',`
		`+ new={"pungi_cfg": "http://localhost/pungi.conf#%s"})`
		`+ def test_submit_build_not_allowed_compose_type(self):`
		`+ with self.test_request_context(user='dev2'):`
		`+ flask.g.oidc_scopes = [`
		`+ '{0}{1}'.format(conf.oidc_base_namespace, 'new-compose')`
		`+ ]`
		`+`
		`+ rv = self.client.post('/api/1/composes/', data=json.dumps(`
		`+ {'source': {'type': 'raw_config', 'source': 'pungi_cfg#hash'},`
		`+ 'compose_type': 'production'}))`
		`+ data = json.loads(rv.get_data(as_text=True))`
		`+`
		`+ self.assertEqual(`
		`+ data['message'],`
		`+ 'User dev2 not allowed to operate with compose with compose_types=production')`
		`+`
		`def test_submit_build_unknown_source_type(self):`
		`with self.test_request_context(user='dev'):`
		`flask.g.oidc_scopes = [`
		`@@ -1090,7 +1108,7 @@`
		`'modular_koji_tags': None,`
		`'module_defaults_url': None,`
		`'label': None,`
		`- 'compose_type': 'nightly',`
		`+ 'compose_type': 'test',`
		`'pungi_compose_id': None}`
		`self.assertEqual(data, expected_json)`

		`@@ -1359,11 +1377,11 @@`
		`{'source': {'type': 'raw_config',`
		`'source': 'pungi_cfg#hash'},`
		`'label': 'Beta-1.2',`
		`- 'compose_type': 'production'}))`
		`+ 'compose_type': 'nightly'}))`
		`db.session.expire_all()`
		`c = db.session.query(Compose).filter(Compose.id == 1).one()`
		`self.assertEqual(c.state, COMPOSE_STATES["wait"])`
		`self.assertEqual(c.source_type, PungiSourceType.RAW_CONFIG)`
		`self.assertEqual(c.source, 'pungi_cfg#hash')`
		`self.assertEqual(c.label, 'Beta-1.2')`
		`- self.assertEqual(c.compose_type, 'production')`
		`+ self.assertEqual(c.compose_type, 'nightly')`

jkaluza commented 4 years ago

Not all the users/groups should be able to submit composes with 'production'
or 'nightly' compose type. This commit allows setting this in the ODCS
configuration.

Default compose type is now test.

Signed-off-by: Jan Kaluza jkaluza@redhat.com