Disable certain APIs and build triggers when trust is enabled
Since trust will break if Quay makes changes, disable all Quay tag-change APIs and build APIs+webhooks when trust is enabled on a repository. Once we get Quay signing things itself, we can revisit this.
This commit is contained in:
Joseph Schorr
parent
2661db7485
commit
6f722e4585
8 changed files with 102 additions and 10 deletions
|
|
@ -20,8 +20,7 @@ from data.model.build import update_build_trigger
|
|||
from endpoints.api import (RepositoryParamResource, nickname, resource, require_repo_admin,
|
||||
log_action, request_error, query_param, parse_args, internal_only,
|
||||
validate_json_request, api, path_param, abort,
|
||||
disallow_for_app_repositories)
|
||||
from endpoints.exception import NotFound, Unauthorized, InvalidRequest
|
||||
disallow_for_app_repositories, disallow_under_trust)
|
||||
from endpoints.api.build import build_status_view, trigger_view, RepositoryBuildStatus
|
||||
from endpoints.building import start_build, MaximumBuildsQueuedException
|
||||
from endpoints.exception import NotFound, Unauthorized, InvalidRequest
|
||||
|
|
@ -72,6 +71,7 @@ class BuildTrigger(RepositoryParamResource):
|
|||
|
||||
@require_repo_admin
|
||||
@disallow_for_app_repositories
|
||||
@disallow_under_trust
|
||||
@nickname('deleteBuildTrigger')
|
||||
def delete(self, namespace_name, repo_name, trigger_uuid):
|
||||
""" Delete the specified build trigger. """
|
||||
|
|
@ -116,6 +116,7 @@ class BuildTriggerSubdirs(RepositoryParamResource):
|
|||
|
||||
@require_repo_admin
|
||||
@disallow_for_app_repositories
|
||||
@disallow_under_trust
|
||||
@nickname('listBuildTriggerSubdirs')
|
||||
@validate_json_request('BuildTriggerSubdirRequest')
|
||||
def post(self, namespace_name, repo_name, trigger_uuid):
|
||||
|
|
@ -183,6 +184,7 @@ class BuildTriggerActivate(RepositoryParamResource):
|
|||
|
||||
@require_repo_admin
|
||||
@disallow_for_app_repositories
|
||||
@disallow_under_trust
|
||||
@nickname('activateBuildTrigger')
|
||||
@validate_json_request('BuildTriggerActivateRequest')
|
||||
def post(self, namespace_name, repo_name, trigger_uuid):
|
||||
|
|
@ -283,6 +285,7 @@ class BuildTriggerAnalyze(RepositoryParamResource):
|
|||
|
||||
@require_repo_admin
|
||||
@disallow_for_app_repositories
|
||||
@disallow_under_trust
|
||||
@nickname('analyzeBuildTrigger')
|
||||
@validate_json_request('BuildTriggerAnalyzeRequest')
|
||||
def post(self, namespace_name, repo_name, trigger_uuid):
|
||||
|
|
@ -464,6 +467,7 @@ class ActivateBuildTrigger(RepositoryParamResource):
|
|||
|
||||
@require_repo_admin
|
||||
@disallow_for_app_repositories
|
||||
@disallow_under_trust
|
||||
@nickname('manuallyStartBuildTrigger')
|
||||
@validate_json_request('RunParameters')
|
||||
def post(self, namespace_name, repo_name, trigger_uuid):
|
||||
|
|
@ -528,6 +532,7 @@ class BuildTriggerFieldValues(RepositoryParamResource):
|
|||
|
||||
@require_repo_admin
|
||||
@disallow_for_app_repositories
|
||||
@disallow_under_trust
|
||||
@nickname('listTriggerFieldValues')
|
||||
def post(self, namespace_name, repo_name, trigger_uuid, field_name):
|
||||
""" List the field values for a custom run field. """
|
||||
|
|
@ -572,6 +577,7 @@ class BuildTriggerSources(RepositoryParamResource):
|
|||
|
||||
@require_repo_admin
|
||||
@disallow_for_app_repositories
|
||||
@disallow_under_trust
|
||||
@nickname('listTriggerBuildSources')
|
||||
@validate_json_request('BuildTriggerSourcesRequest')
|
||||
def post(self, namespace_name, repo_name, trigger_uuid):
|
||||
|
|
@ -606,6 +612,7 @@ class BuildTriggerSourceNamespaces(RepositoryParamResource):
|
|||
|
||||
@require_repo_admin
|
||||
@disallow_for_app_repositories
|
||||
@disallow_under_trust
|
||||
@nickname('listTriggerBuildSourceNamespaces')
|
||||
def get(self, namespace_name, repo_name, trigger_uuid):
|
||||
""" List the build sources for the trigger configuration thus far. """
|
||||
|
|
|
|||
Reference in a new issue