Disable certain APIs and build triggers when trust is enabled
Since trust will break if Quay makes changes, disable all Quay tag-change APIs and build APIs+webhooks when trust is enabled on a repository. Once we get Quay signing things itself, we can revisit this.
This commit is contained in:
Joseph Schorr
parent
2661db7485
commit
6f722e4585
8 changed files with 102 additions and 10 deletions
|
|
@ -12,6 +12,8 @@ from flask_restful import Resource, abort, Api, reqparse
|
|||
from flask_restful.utils.cors import crossdomain
|
||||
from jsonschema import validate, ValidationError
|
||||
|
||||
import features
|
||||
|
||||
from app import app, metric_queue
|
||||
from data import model
|
||||
from auth.permissions import (ReadRepositoryPermission, ModifyRepositoryPermission,
|
||||
|
|
@ -373,6 +375,23 @@ def define_json_response(schema_name):
|
|||
return wrapper
|
||||
|
||||
|
||||
def disallow_under_trust(func):
|
||||
""" Disallows the decorated operation for repository when it has trust enabled.
|
||||
"""
|
||||
@wraps(func)
|
||||
def wrapper(self, *args, **kwargs):
|
||||
if features.SIGNING:
|
||||
namespace = args[0]
|
||||
repository = args[1]
|
||||
|
||||
repo = model.repository.get_repository(namespace, repository)
|
||||
if repo is not None and repo.trust_enabled:
|
||||
raise InvalidRequest('Cannot call this method on a repostory with trust enabled')
|
||||
|
||||
return func(self, *args, **kwargs)
|
||||
return wrapper
|
||||
|
||||
|
||||
import endpoints.api.billing
|
||||
import endpoints.api.build
|
||||
import endpoints.api.discovery
|
||||
|
|
|
|||
Reference in a new issue