Merge remote-tracking branch 'origin/master' into ncc1701

Conflicts: endpoints/web.py static/directives/signup-form.html static/js/app.js static/js/controllers.js static/partials/landing.html static/partials/view-repo.html test/data/test.db
2014-04-14 19:37:22 -04:00 · 2014-04-14 19:37:22 -04:00 · 0827e0fbac
commit 0827e0fbac
parent 90c032ec21 724fec1b74
45 changed files with 1149 additions and 306 deletions
--- a/endpoints/api/trigger.py
+++ b/endpoints/api/trigger.py
@ -16,8 +16,9 @@ from endpoints.trigger import (BuildTrigger as BuildTriggerBase, TriggerDeactiva
                               TriggerActivationException, EmptyRepositoryException,
                               RepositoryReadException)
 from data import model
-from auth.permissions import UserAdminPermission, AdministerOrganizationPermission
+from auth.permissions import UserAdminPermission, AdministerOrganizationPermission, ReadRepositoryPermission
 from util.names import parse_robot_username
+from util.dockerfileparse import parse_dockerfile


 logger = logging.getLogger(__name__)
@ -231,6 +232,141 @@ class BuildTriggerActivate(RepositoryParamResource):
      raise Unauthorized()


+@resource('/v1/repository/<repopath:repository>/trigger/<trigger_uuid>/analyze')
+@internal_only
+class BuildTriggerAnalyze(RepositoryParamResource):
+  """ Custom verb for analyzing the config for a build trigger and suggesting various changes
+      (such as a robot account to use for pulling)
+  """
+  schemas = {
+    'BuildTriggerAnalyzeRequest': {
+      'id': 'BuildTriggerAnalyzeRequest',
+      'type': 'object',
+      'required': [
+        'config'
+      ],
+      'properties': {
+        'config': {
+          'type': 'object',
+          'description': 'Arbitrary json.',
+        }
+      }
+    },
+  }
+
+  @require_repo_admin
+  @nickname('analyzeBuildTrigger')
+  @validate_json_request('BuildTriggerAnalyzeRequest')
+  def post(self, namespace, repository, trigger_uuid):
+    """ Analyze the specified build trigger configuration. """
+    try:
+      trigger = model.get_build_trigger(namespace, repository, trigger_uuid)
+    except model.InvalidBuildTriggerException:
+      raise NotFound()
+
+    handler = BuildTriggerBase.get_trigger_for_service(trigger.service.name)
+    new_config_dict = request.get_json()['config']
+
+    try:
+      # Load the contents of the Dockerfile.
+      contents = handler.load_dockerfile_contents(trigger.auth_token, new_config_dict)
+      if not contents:
+        return {
+          'status': 'error',
+          'message': 'Could not read the Dockerfile for the trigger'
+        }
+
+      # Parse the contents of the Dockerfile.
+      parsed = parse_dockerfile(contents)
+      if not parsed:
+        return {
+          'status': 'error',
+          'message': 'Could not parse the Dockerfile specified'
+        }
+      
+      # Determine the base image (i.e. the FROM) for the Dockerfile.
+      base_image = parsed.get_base_image()
+      if not base_image:
+        return {
+          'status': 'warning',
+          'message': 'No FROM line found in the Dockerfile'
+        }
+
+      # Check to see if the base image lives in Quay.
+      quay_registry_prefix = '%s/' % (app.config['SERVER_HOSTNAME'])
+
+      if not base_image.startswith(quay_registry_prefix):
+        return {
+          'status': 'publicbase'
+        }
+
+      # Lookup the repository in Quay.
+      result = base_image[len(quay_registry_prefix):].split('/', 2)
+      if len(result) != 2:
+        return {
+          'status': 'warning',
+          'message': '"%s" is not a valid Quay repository path' % (base_image)
+        }
+
+      (base_namespace, base_repository) = result
+      found_repository = model.get_repository(base_namespace, base_repository)
+      if not found_repository:
+        return {
+          'status': 'error',
+          'message': 'Repository "%s" was not found' % (base_image)
+        }
+
+      # If the repository is private and the user cannot see that repo, then
+      # mark it as not found.
+      can_read = ReadRepositoryPermission(base_namespace, base_repository)
+      if found_repository.visibility.name != 'public' and not can_read:
+        return {
+          'status': 'error',
+          'message': 'Repository "%s" was not found' % (base_image)
+        }
+
+      # Check to see if the repository is public. If not, we suggest the
+      # usage of a robot account to conduct the pull.
+      read_robots = []
+
+      if AdministerOrganizationPermission(base_namespace).can():
+        def robot_view(robot):
+          return {
+            'name': robot.username,
+            'kind': 'user',
+            'is_robot': True
+          }
+
+        def is_valid_robot(user):
+          # Make sure the user is a robot.
+          if not user.robot:
+            return False
+
+          # Make sure the current user can see/administer the robot.
+          (robot_namespace, shortname) = parse_robot_username(user.username)
+          return AdministerOrganizationPermission(robot_namespace).can()
+      
+        repo_perms = model.get_all_repo_users(base_namespace, base_repository)
+        read_robots = [robot_view(perm.user) for perm in repo_perms if is_valid_robot(perm.user)]
+
+      return {
+        'namespace': base_namespace,
+        'name': base_repository,
+        'is_public': found_repository.visibility.name == 'public',
+        'robots': read_robots,
+        'status': 'analyzed',
+        'dockerfile_url': handler.dockerfile_url(trigger.auth_token, new_config_dict)
+      }
+
+    except RepositoryReadException as rre:
+      return {
+        'status': 'error',
+        'message': rre.message
+      }
+
+    raise NotFound()
+    
+
@resource('/v1/repository/<repopath:repository>/trigger/<trigger_uuid>/start')
 class ActivateBuildTrigger(RepositoryParamResource):
  """ Custom verb to manually activate a build trigger. """