mirror of
https://pagure.io/fm-orchestrator.git
synced 2026-02-12 01:24:59 +08:00
253 lines
9.4 KiB
Python
253 lines
9.4 KiB
Python
# -*- coding: utf-8 -*-
|
|
# Copyright (c) 2016 Red Hat, Inc.
|
|
#
|
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
# of this software and associated documentation files (the "Software"), to deal
|
|
# in the Software without restriction, including without limitation the rights
|
|
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
# copies of the Software, and to permit persons to whom the Software is
|
|
# furnished to do so, subject to the following conditions:
|
|
#
|
|
# The above copyright notice and this permission notice shall be included in all
|
|
# copies or substantial portions of the Software.
|
|
#
|
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
# SOFTWARE.
|
|
#
|
|
# Written by Petr Šabata <contyk@redhat.com>
|
|
# Matt Prahl <mprahl@redhat.com>
|
|
|
|
""" The module build orchestrator for Modularity, API.
|
|
This is the implementation of the orchestrator's public RESTful API.
|
|
"""
|
|
|
|
import json
|
|
import module_build_service.auth
|
|
from flask import request, jsonify
|
|
from flask.views import MethodView
|
|
|
|
from module_build_service import app, conf, log
|
|
from module_build_service import models, db
|
|
from module_build_service.utils import (
|
|
pagination_metadata, filter_module_builds, submit_module_build_from_scm,
|
|
submit_module_build_from_yaml, scm_url_schemes, get_scm_url_re)
|
|
from module_build_service.errors import (
|
|
ValidationError, Forbidden, NotFound)
|
|
|
|
api_v1 = {
|
|
'module_builds': {
|
|
'url': '/module-build-service/1/module-builds/',
|
|
'options': {
|
|
'methods': ['POST'],
|
|
}
|
|
},
|
|
'module_builds_list': {
|
|
'url': '/module-build-service/1/module-builds/',
|
|
'options': {
|
|
'defaults': {'id': None},
|
|
'methods': ['GET'],
|
|
}
|
|
},
|
|
'module_build': {
|
|
'url': '/module-build-service/1/module-builds/<int:id>',
|
|
'options': {
|
|
'methods': ['GET', 'PATCH'],
|
|
}
|
|
},
|
|
}
|
|
|
|
|
|
class ModuleBuildAPI(MethodView):
|
|
|
|
def get(self, id):
|
|
verbose_flag = request.args.get('verbose', 'false')
|
|
|
|
if id is None:
|
|
# Lists all tracked module builds
|
|
p_query = filter_module_builds(request)
|
|
|
|
json_data = {
|
|
'meta': pagination_metadata(p_query)
|
|
}
|
|
|
|
if verbose_flag.lower() == 'true' or verbose_flag == '1':
|
|
json_data['items'] = [item.api_json() for item in p_query.items]
|
|
else:
|
|
json_data['items'] = [{'id': item.id, 'state': item.state} for
|
|
item in p_query.items]
|
|
|
|
return jsonify(json_data), 200
|
|
else:
|
|
# Lists details for the specified module builds
|
|
module = models.ModuleBuild.query.filter_by(id=id).first()
|
|
|
|
if module:
|
|
if verbose_flag.lower() == 'true' or verbose_flag == '1':
|
|
return jsonify(module.json()), 200
|
|
else:
|
|
return jsonify(module.api_json()), 200
|
|
else:
|
|
raise NotFound('No such module found.')
|
|
|
|
def post(self):
|
|
if "multipart/form-data" in request.headers.get("Content-Type", ""):
|
|
handler = YAMLFileHandler(request)
|
|
else:
|
|
handler = SCMHandler(request)
|
|
|
|
if conf.no_auth is True and handler.username == "anonymous" and "owner" in handler.data:
|
|
handler.username = handler.data["owner"]
|
|
|
|
if conf.allowed_groups and not (conf.allowed_groups & handler.groups):
|
|
raise Forbidden("%s is not in any of %r, only %r" % (
|
|
handler.username, conf.allowed_groups, handler.groups))
|
|
|
|
handler.validate()
|
|
module = handler.post()
|
|
return jsonify(module.json()), 201
|
|
|
|
def patch(self, id):
|
|
username, groups = module_build_service.auth.get_user(request)
|
|
|
|
try:
|
|
r = json.loads(request.get_data().decode("utf-8"))
|
|
except:
|
|
log.error('Invalid JSON submitted')
|
|
raise ValidationError('Invalid JSON submitted')
|
|
|
|
if "owner" in r:
|
|
if conf.no_auth is not True:
|
|
raise ValidationError("The request contains 'owner' parameter, however NO_AUTH is not allowed")
|
|
elif username == "anonymous":
|
|
username = r["owner"]
|
|
|
|
if conf.allowed_groups and not (conf.allowed_groups & groups):
|
|
raise Forbidden("%s is not in any of %r, only %r" % (
|
|
username, conf.allowed_groups, groups))
|
|
|
|
module = models.ModuleBuild.query.filter_by(id=id).first()
|
|
if not module:
|
|
raise NotFound('No such module found.')
|
|
|
|
if module.owner != username and not (conf.admin_groups & groups):
|
|
raise Forbidden('You are not owner of this build and '
|
|
'therefore cannot modify it.')
|
|
|
|
if not r.get('state'):
|
|
log.error('Invalid JSON submitted')
|
|
raise ValidationError('Invalid JSON submitted')
|
|
|
|
if r['state'] == 'failed' \
|
|
or r['state'] == str(models.BUILD_STATES['failed']):
|
|
module.transition(conf, models.BUILD_STATES["failed"],
|
|
"Canceled by %s." % username)
|
|
else:
|
|
log.error('The provided state change of "{}" is not supported'
|
|
.format(r['state']))
|
|
raise ValidationError('The provided state change is not supported')
|
|
db.session.add(module)
|
|
db.session.commit()
|
|
|
|
return jsonify(module.api_json()), 200
|
|
|
|
|
|
class BaseHandler(object):
|
|
def __init__(self, request):
|
|
self.username, self.groups = module_build_service.auth.get_user(request)
|
|
self.data = None
|
|
|
|
@property
|
|
def optional_params(self):
|
|
return {k: v for k, v in self.data.items() if k not in ["owner", "scmurl", "branch"]}
|
|
|
|
def validate_optional_params(self):
|
|
forbidden_params = [k for k in self.data if k not in models.ModuleBuild.__table__.columns
|
|
and k not in ["branch"]]
|
|
if forbidden_params:
|
|
raise ValidationError('The request contains unspecified parameters: {}'.format(", ".join(forbidden_params)))
|
|
|
|
forbidden_params = [k for k in self.data if k.startswith("copr_")]
|
|
if conf.system != "copr" and forbidden_params:
|
|
raise ValidationError('The request contains parameters specific to Copr builder: {} even though {} is used'
|
|
.format(", ".join(forbidden_params), conf.system))
|
|
|
|
if not conf.no_auth and "owner" in self.data:
|
|
raise ValidationError("The request contains 'owner' parameter, however NO_AUTH is not allowed")
|
|
|
|
|
|
class SCMHandler(BaseHandler):
|
|
def __init__(self, request):
|
|
super(SCMHandler, self).__init__(request)
|
|
try:
|
|
self.data = json.loads(request.get_data().decode("utf-8"))
|
|
except:
|
|
log.error('Invalid JSON submitted')
|
|
raise ValidationError('Invalid JSON submitted')
|
|
|
|
def validate(self):
|
|
if "scmurl" not in self.data:
|
|
log.error('Missing scmurl')
|
|
raise ValidationError('Missing scmurl')
|
|
|
|
url = self.data["scmurl"]
|
|
allowed_prefix = any(url.startswith(prefix) for prefix in conf.scmurls)
|
|
if not conf.allow_custom_urls and not allowed_prefix:
|
|
log.error("The submitted scmurl %r is not allowed" % url)
|
|
raise Forbidden("The submitted scmurl %s is not allowed" % url)
|
|
|
|
if not get_scm_url_re().match(url):
|
|
log.error("The submitted scmurl %r is not valid" % url)
|
|
raise Forbidden("The submitted scmurl %s is not valid" % url)
|
|
|
|
if "branch" not in self.data:
|
|
log.error('Missing branch')
|
|
raise ValidationError('Missing branch')
|
|
|
|
self.validate_optional_params()
|
|
|
|
def post(self):
|
|
url = self.data["scmurl"]
|
|
branch = self.data["branch"]
|
|
|
|
# python-modulemd expects this to be bytes, not unicode.
|
|
if isinstance(branch, unicode):
|
|
branch = branch.encode('utf-8')
|
|
|
|
return submit_module_build_from_scm(self.username, url, branch,
|
|
allow_local_url=False, optional_params=self.optional_params)
|
|
|
|
|
|
class YAMLFileHandler(BaseHandler):
|
|
def __init__(self, request):
|
|
if not conf.yaml_submit_allowed:
|
|
raise Forbidden("YAML submission is not enabled")
|
|
super(YAMLFileHandler, self).__init__(request)
|
|
self.data = request.form.to_dict()
|
|
|
|
def validate(self):
|
|
if "yaml" not in request.files:
|
|
log.error('Invalid file submitted')
|
|
raise ValidationError('Invalid file submitted')
|
|
self.validate_optional_params()
|
|
|
|
def post(self):
|
|
handle = request.files["yaml"]
|
|
return submit_module_build_from_yaml(self.username, handle, optional_params=self.optional_params)
|
|
|
|
|
|
def register_api_v1():
|
|
""" Registers version 1 of MBS API. """
|
|
module_view = ModuleBuildAPI.as_view('module_builds')
|
|
for key, val in api_v1.items():
|
|
app.add_url_rule(val['url'],
|
|
endpoint=key,
|
|
view_func=module_view,
|
|
**val['options'])
|
|
|
|
register_api_v1()
|