diff --git a/conf/config.py b/conf/config.py index 4c0e468d..a1e5e86a 100644 --- a/conf/config.py +++ b/conf/config.py @@ -52,6 +52,9 @@ class BaseConfiguration(object): RPMS_DEFAULT_CACHE = 'http://pkgs.fedoraproject.org/repo/pkgs/' RPMS_ALLOW_CACHE = False + MODULES_DEFAULT_REPOSITORY = 'git://pkgs.fedoraproject.org/modules/' + MODULES_ALLOW_REPOSITORY = False + SSL_ENABLED = True SSL_CERTIFICATE_FILE = '/etc/module-build-service/server.crt' SSL_CERTIFICATE_KEY_FILE = '/etc/module-build-service/server.key' diff --git a/module_build_service/config.py b/module_build_service/config.py index 031c25cb..18e08b31 100644 --- a/module_build_service/config.py +++ b/module_build_service/config.py @@ -187,6 +187,14 @@ class Config(object): 'type': bool, 'default': False, 'desc': 'Allow custom RPMs cache.'}, + 'modules_default_repository': { + 'type': str, + 'default': 'git://pkgs.fedoraproject.org/modules/', + 'desc': 'Included modules default repository URL.'}, + 'modules_allow_repository': { + 'type': bool, + 'default': False, + 'desc': 'Allow custom included modules repositories.'}, 'ssl_certificate_file': { 'type': str, 'default': '', @@ -274,7 +282,7 @@ class Config(object): 'scmurls': { 'type': list, 'default': [], - 'desc': 'Allowed SCM URLs.'}, + 'desc': 'Allowed SCM URLs for submitted module.'}, 'yaml_submit_allowed': { 'type': bool, 'default': False, diff --git a/module_build_service/utils.py b/module_build_service/utils.py index 0b918096..1941a66e 100644 --- a/module_build_service/utils.py +++ b/module_build_service/utils.py @@ -448,7 +448,7 @@ def format_mmd(mmd, scmurl): mmd.xmd['mbs']['buildrequires'] = {} if mmd.components: - # Add missing data in components + # Add missing data in RPM components for pkgname, pkg in mmd.components.rpms.items(): if pkg.repository and not conf.rpms_allow_repository: raise Unauthorized( @@ -462,6 +462,16 @@ def format_mmd(mmd, scmurl): if not pkg.ref: pkg.ref = 'master' + # Add missing data in included modules components + for modname, mod in mmd.components.modules.items(): + if mod.repository and not conf.modules_allow_repository: + raise Unauthorized( + "Custom component repositories aren't allowed") + if not mod.repository: + mod.repository = conf.modules_default_repository + modname + if not mod.ref: + mod.ref = 'master' + # Check that SCM URL is valid and replace potential branches in # pkg.ref by real SCM hash. pool = ThreadPool(20) @@ -508,8 +518,6 @@ def record_component_builds(scm, mmd, module, initial_batch = 1): # set to our current batch, so the components of this module # are built in the right global order. if isinstance(pkg, modulemd.ModuleComponentModule): - if not pkg.repository: - pkg.repository = scm.scm_url_from_name(pkg.name) full_url = pkg.repository + "?#" + pkg.ref mmd = _fetch_mmd(full_url)[0] batch = record_component_builds(scm, mmd, module, batch) diff --git a/tests/test_views/test_views.py b/tests/test_views/test_views.py index 84d3fd45..6bfd62ee 100644 --- a/tests/test_views/test_views.py +++ b/tests/test_views/test_views.py @@ -34,6 +34,7 @@ import modulemd as _modulemd from tests import app, init_data from module_build_service.models import ComponentBuild import module_build_service.scm +from module_build_service import conf user = ('Homer J. Simpson', set(['packager'])) @@ -425,11 +426,18 @@ class TestViews(unittest.TestCase): @patch('module_build_service.auth.get_user', return_value=user) @patch('module_build_service.scm.SCM') def test_submit_build_includedmodule(self, mocked_scm, mocked_get_user): + _prev_modules_allow_repository = conf.modules_allow_repository + conf.set_item("modules_allow_repository", True) mocked_scm_obj = MockedSCM(mocked_scm, "includedmodules", - ["includedmodules.yaml", "testmodule.yaml"]) - rv = self.client.post('/module-build-service/1/module-builds/', data=json.dumps( - {'scmurl': 'git://pkgs.stg.fedoraproject.org/modules/' - 'testmodule.git?#68931c90de214d9d13feefbd35246a81b6cb8d49'})) + ["includedmodules.yaml", "testmodule.yaml"]) + try: + rv = self.client.post('/module-build-service/1/module-builds/', data=json.dumps( + {'scmurl': 'git://pkgs.stg.fedoraproject.org/modules/' + 'testmodule.git?#68931c90de214d9d13feefbd35246a81b6cb8d49'})) + except e: + raise + finally: + conf.set_item("modules_allow_repository", _prev_modules_allow_repository) data = json.loads(rv.data) assert 'component_builds' in data, data @@ -457,6 +465,20 @@ class TestViews(unittest.TestCase): self.assertEquals(batches['tangerine'], 3) self.assertEquals(batches["file"], 4) + @patch('module_build_service.auth.get_user', return_value=user) + @patch('module_build_service.scm.SCM') + def test_submit_build_includedmodule_custom_repo_not_allowed(self, + mocked_scm, mocked_get_user): + mocked_scm_obj = MockedSCM(mocked_scm, "includedmodules", + ["includedmodules.yaml", "testmodule.yaml"]) + rv = self.client.post('/module-build-service/1/module-builds/', data=json.dumps( + {'scmurl': 'git://pkgs.stg.fedoraproject.org/modules/' + 'testmodule.git?#68931c90de214d9d13feefbd35246a81b6cb8d49'})) + data = json.loads(rv.data) + + self.assertEquals(data['status'], 401) + self.assertEquals(data['error'], 'Unauthorized') + @patch('module_build_service.auth.get_user', return_value=other_user) def test_cancel_build(self, mocked_get_user): rv = self.client.patch('/module-build-service/1/module-builds/30',