mirror of
https://pagure.io/fm-orchestrator.git
synced 2026-04-04 03:08:21 +08:00
Remove the Koji proxyuser functionality
This commit is contained in:
mprahl
@@ -29,7 +29,6 @@ class BaseConfiguration(object):
|
||||
KOJI_CONFIG = '/etc/module-build-service/koji.conf'
|
||||
KOJI_PROFILE = 'koji'
|
||||
KOJI_ARCHES = ['i686', 'armv7hl', 'x86_64']
|
||||
KOJI_PROXYUSER = True
|
||||
KOJI_REPOSITORY_URL = 'https://kojipkgs.fedoraproject.org/repos'
|
||||
KOJI_TAG_PREFIXES = ['module']
|
||||
KOJI_ENABLE_CONTENT_GENERATOR = True
|
||||
|
||||
@@ -353,16 +353,9 @@ chmod 644 %buildroot/%_sysconfdir/rpm/macros.zz-modules
|
||||
# Timeout after 10 minutes. The default is 12 hours.
|
||||
koji_config["timeout"] = 60 * 10
|
||||
|
||||
# In "production" scenarios, our service principal may be blessed to
|
||||
# allow us to authenticate as the owner of this request. But, in local
|
||||
# development that is unreasonable so just submit the job as the
|
||||
# module_build_service developer.
|
||||
proxyuser = owner if config.koji_proxyuser else None
|
||||
|
||||
address = koji_config.server
|
||||
authtype = koji_config.authtype
|
||||
log.info("Connecting to koji %r with %r. (proxyuser %r)" % (
|
||||
address, authtype, proxyuser))
|
||||
log.info("Connecting to koji %r with %r." % (address, authtype))
|
||||
koji_session = koji.ClientSession(address, opts=koji_config)
|
||||
if authtype == "kerberos":
|
||||
ccache = getattr(config, "krb_ccache", None)
|
||||
@@ -374,8 +367,7 @@ chmod 644 %buildroot/%_sysconfdir/rpm/macros.zz-modules
|
||||
koji_session.krb_login(
|
||||
principal=principal,
|
||||
keytab=keytab,
|
||||
ccache=ccache,
|
||||
proxyuser=proxyuser,
|
||||
ccache=ccache
|
||||
)
|
||||
else:
|
||||
koji_session.krb_login(ccache=ccache)
|
||||
@@ -383,8 +375,7 @@ chmod 644 %buildroot/%_sysconfdir/rpm/macros.zz-modules
|
||||
koji_session.ssl_login(
|
||||
os.path.expanduser(koji_config.cert),
|
||||
None,
|
||||
os.path.expanduser(koji_config.serverca),
|
||||
proxyuser=proxyuser,
|
||||
os.path.expanduser(koji_config.serverca)
|
||||
)
|
||||
else:
|
||||
raise ValueError("Unrecognized koji authtype %r" % authtype)
|
||||
|
||||
@@ -132,7 +132,7 @@ class GenericBuilder(six.with_metaclass(ABCMeta)):
|
||||
raise ValueError("Builder backend='%s' not recognized" % backend)
|
||||
|
||||
@classmethod
|
||||
def create_from_module(cls, session, module, config, proxy_user=True, buildroot_connect=True):
|
||||
def create_from_module(cls, session, module, config, buildroot_connect=True):
|
||||
"""
|
||||
Creates new GenericBuilder instance based on the data from module
|
||||
and config and connects it to buildroot.
|
||||
@@ -140,18 +140,13 @@ class GenericBuilder(six.with_metaclass(ABCMeta)):
|
||||
:param session: SQLAlchemy databa session.
|
||||
:param module: module_build_service.models.ModuleBuild instance.
|
||||
:param config: module_build_service.config.Config instance.
|
||||
:kwarg proxy_user: a boolean that determines if the builder should use the module owner as
|
||||
a proxy user.
|
||||
:kwarg buildroot_connect: a boolean that determines if the builder should run
|
||||
buildroot_connect on instantiation.
|
||||
owner as a proxy user.
|
||||
"""
|
||||
owner = None
|
||||
if proxy_user is True:
|
||||
owner = module.owner
|
||||
components = [c.package for c in module.component_builds]
|
||||
builder = GenericBuilder.create(
|
||||
owner, module, config.system, config, tag_name=module.koji_tag, components=components)
|
||||
module.owner, module, config.system, config, tag_name=module.koji_tag,
|
||||
components=components)
|
||||
groups = GenericBuilder.default_buildroot_groups(session, module)
|
||||
if buildroot_connect is True:
|
||||
builder.buildroot_connect(groups)
|
||||
|
||||
@@ -180,10 +180,6 @@ class Config(object):
|
||||
'type': list,
|
||||
'default': [],
|
||||
'desc': 'Koji architectures.'},
|
||||
'koji_proxyuser': {
|
||||
'type': bool,
|
||||
'default': None,
|
||||
'desc': 'Koji proxyuser flag.'},
|
||||
'koji_build_priority': {
|
||||
'type': int,
|
||||
'default': 10,
|
||||
|
||||
@@ -160,10 +160,9 @@ class MBSProducer(PollingProducer):
|
||||
if c.state == koji.BUILD_STATES['COMPLETE']]
|
||||
# If there are no completed artifacts, then there is nothing to tag
|
||||
if artifacts:
|
||||
# Set proxy_user=False to not authenticate as the module owner for these tasks
|
||||
# Set buildroot_connect=False so it doesn't recreate the Koji target and etc.
|
||||
builder = GenericBuilder.create_from_module(
|
||||
session, module, conf, proxy_user=False, buildroot_connect=False)
|
||||
session, module, conf, buildroot_connect=False)
|
||||
builder.untag_artifacts([c.nvr for c in artifacts])
|
||||
# Mark the artifacts as untagged in the database
|
||||
for c in artifacts:
|
||||
|
||||
@@ -359,24 +359,3 @@ class TestKojiBuilder(unittest.TestCase):
|
||||
def test_get_build_weights_getLoggedInUser_failed(self, get_session):
|
||||
weights = KojiModuleBuilder.get_build_weights(["httpd", "apr"])
|
||||
self.assertEqual(weights, {"httpd": 1.5, "apr": 1.5})
|
||||
|
||||
|
||||
class TestGetKojiClientSession(unittest.TestCase):
|
||||
|
||||
def setUp(self):
|
||||
init_data()
|
||||
self.config = mock.Mock()
|
||||
self.config.koji_profile = conf.koji_profile
|
||||
self.config.koji_config = conf.koji_config
|
||||
self.module = module_build_service.models.ModuleBuild.query.filter_by(id=1).one()
|
||||
self.tag_name = 'module-fool-1.2'
|
||||
|
||||
@patch.object(koji.ClientSession, 'krb_login')
|
||||
def test_proxyuser(self, mocked_krb_login):
|
||||
KojiModuleBuilder(owner=self.module.owner,
|
||||
module=self.module,
|
||||
config=self.config,
|
||||
tag_name=self.tag_name,
|
||||
components=[])
|
||||
args, kwargs = mocked_krb_login.call_args
|
||||
self.assertTrue(set([('proxyuser', self.module.owner)]).issubset(set(kwargs.items())))
|
||||
|
||||
Reference in New Issue
Block a user