Add flag to enable trust per repo (#2541)

* Add flag to enable trust per repo * Add api for enabling/disabling trust * Add new LogEntryKind for changing repo trust settings Also add tests for repo trust api * Add `set_trust` method to repository * Expose new logkind to UI * Fix registry tests * Rebase migrations and regen test.db * Raise downstreamissue if trust metadata can't be removed * Refactor change_repo_trust * Add show_if to change_repo_trust endpoint
2017-04-15 08:26:33 -04:00 · 2017-04-15 08:26:33 -04:00 · 2661db7485
commit 2661db7485
parent aa1c8d47dd
13 changed files with 176 additions and 12 deletions
--- a/endpoints/api/repository.py
+++ b/endpoints/api/repository.py
@ -15,8 +15,8 @@ from endpoints.api import (truthy_bool, format_date, nickname, log_action, valid
                           require_repo_read, require_repo_write, require_repo_admin,
                           RepositoryParamResource, resource, query_param, parse_args, ApiResource,
                           request_error, require_scope, path_param, page_support, parse_args,
-                           query_param, truthy_bool, disallow_for_app_repositories)
-from endpoints.exception import Unauthorized, NotFound, InvalidRequest, ExceedsLicenseException
+                           query_param, truthy_bool, disallow_for_app_repositories, show_if)
+from endpoints.exception import Unauthorized, NotFound, InvalidRequest, ExceedsLicenseException, DownstreamIssue
 from endpoints.api.billing import lookup_allowed_private_repos, get_namespace_plan
 from endpoints.api.subscribe import check_repository_usage

@ -377,6 +377,7 @@ class Repository(RepositoryParamResource):
      'is_organization': repo.namespace_user.organization,
      'is_starred': is_starred,
      'status_token': repo.badge_token if not is_public else '',
+      'trust_enabled': repo.trust_enabled,
    }

    if stats is not None:
@ -464,3 +465,46 @@ class RepositoryVisibility(RepositoryParamResource):
                 {'repo': repository, 'namespace': namespace, 'visibility': values['visibility']},
                 repo=repo)
      return {'success': True}
+
+
+@resource('/v1/repository/<apirepopath:repository>/changetrust')
+@path_param('repository', 'The full path of the repository. e.g. namespace/name')
+class RepositoryTrust(RepositoryParamResource):
+  """ Custom verb for changing the trust settings of the repository. """
+  schemas = {
+    'ChangeRepoTrust': {
+      'type': 'object',
+      'description': 'Change the trust settings for the repository.',
+      'required': [
+        'trust_enabled',
+      ],
+      'properties': {
+        'trust_enabled': {
+          'type': 'boolean',
+          'description': 'Whether or not signing is enabled for the repository.'
+        },
+      }
+    }
+  }
+
+  @show_if(features.SIGNING)
+  @require_repo_admin
+  @nickname('changeRepoTrust')
+  @validate_json_request('ChangeRepoTrust')
+  def post(self, namespace, repository):
+    """ Change the visibility of a repository. """
+    repo = model.repository.get_repository(namespace, repository)
+    if not repo:
+      raise NotFound()
+
+    if not tuf_metadata_api.delete_metadata(namespace, repository):
+      raise DownstreamIssue({'message': 'Unable to delete downstream trust metadata'})
+
+    values = request.get_json()
+    model.repository.set_trust(repo, values['trust_enabled'])
+    
+    log_action('change_repo_trust', namespace,
+               {'repo': repository, 'namespace': namespace, 'trust_enabled': values['trust_enabled']},
+               repo=repo)
+
+    return {'success': True}