Disable certain APIs and build triggers when trust is enabled

Since trust will break if Quay makes changes, disable all Quay tag-change APIs and build APIs+webhooks when trust is enabled on a repository. Once we get Quay signing things itself, we can revisit this.
2017-04-16 22:40:59 -04:00 · 2017-04-16 22:40:59 -04:00 · 6f722e4585
commit 6f722e4585
parent 2661db7485
8 changed files with 102 additions and 10 deletions
--- a/endpoints/web.py
+++ b/endpoints/web.py
@ -645,6 +645,8 @@ def attach_bitbucket_trigger(namespace_name, repo_name):
      abort(404, message=msg)
    elif repo.kind.name != 'image':
      abort(501)
+    elif repo.trust_enabled:
+      abort(400)

    trigger = model.build.create_build_trigger(repo, BitbucketBuildTrigger.service_name(), None,
                                               current_user.db_user())
@ -680,6 +682,8 @@ def attach_custom_build_trigger(namespace_name, repo_name):
      abort(404, message=msg)
    elif repo.kind.name != 'image':
      abort(501)
+    elif repo.trust_enabled:
+      abort(400)

    trigger = model.build.create_build_trigger(repo, CustomBuildTrigger.service_name(),
                                               None, current_user.db_user())