Disable certain APIs and build triggers when trust is enabled
Since trust will break if Quay makes changes, disable all Quay tag-change APIs and build APIs+webhooks when trust is enabled on a repository. Once we get Quay signing things itself, we can revisit this.
This commit is contained in:
Joseph Schorr
parent
2661db7485
commit
6f722e4585
8 changed files with 102 additions and 10 deletions
|
|
@ -87,6 +87,11 @@ def build_trigger_webhook(trigger_uuid, **kwargs):
|
|||
if permission.can():
|
||||
handler = BuildTriggerHandler.get_handler(trigger)
|
||||
|
||||
if trigger.repository.kind.name != 'image':
|
||||
abort(501, 'Build triggers cannot be invoked on application repositories')
|
||||
elif trigger.repository.trust_enabled:
|
||||
abort(400, 'Build triggers cannot be invoked on repositories with trust enabled')
|
||||
|
||||
logger.debug('Passing webhook request to handler %s', handler)
|
||||
try:
|
||||
prepared = handler.handle_trigger_request(request)
|
||||
|
|
|
|||
Reference in a new issue