- Add an analyze method on triggers that, when given trigger config, will attempt to analyze the trigger's Dockerfile and determine what pull credentials, if any, are needed and available

- Move the build trigger setup UI into its own directive (makes things cleaner)
- Fix a bug in the entitySearch directive around setting the current entity
- Change the build trigger setup UI to use the new analyze method and flow better

test/test_api_security.py

@@ -17,7 +17,7 @@ from endpoints.api.build import (FileDropResource, RepositoryBuildStatus, Reposi
 from endpoints.api.robot import UserRobotList, OrgRobot, OrgRobotList, UserRobot
 from endpoints.api.trigger import (BuildTriggerActivate, BuildTriggerSources, BuildTriggerSubdirs,
                                    TriggerBuildList, ActivateBuildTrigger, BuildTrigger,
-                                   BuildTriggerList)
+                                   BuildTriggerList, BuildTriggerAnalyze)
 from endpoints.api.webhook import Webhook, WebhookList
 from endpoints.api.user import (PrivateRepositories, ConvertToOrganization, Recovery, Signout,
                                 Signin, User, UserAuthorizationList, UserAuthorization)
@@ -87,6 +87,9 @@ class ApiTestCase(unittest.TestCase):
 
       rv = client.open(final_url, **open_kwargs)
       msg = '%s %s: %s expected: %s' % (method, final_url, rv.status_code, expected_status)
+      if rv.status_code != expected_status:
+        print rv.data
+
       self.assertEqual(rv.status_code, expected_status, msg)
 
   def setUp(self):
@@ -1198,6 +1201,130 @@ class TestActivateBuildTrigger0byeBuynlargeOrgrepo(ApiTestCase):
   def test_post_devtable(self):
     self._run_test('POST', 404, 'devtable', None)
 
+class TestActivateBuildTrigger0byeDevtableShared(ApiTestCase):
+  def setUp(self):
+    ApiTestCase.setUp(self)
+    self._set_url(ActivateBuildTrigger, trigger_uuid="0BYE", repository="devtable/shared")
+
+  def test_post_anonymous(self):
+    self._run_test('POST', 401, None, None)
+
+  def test_post_freshuser(self):
+    self._run_test('POST', 403, 'freshuser', None)
+
+  def test_post_reader(self):
+    self._run_test('POST', 403, 'reader', None)
+
+  def test_post_devtable(self):
+    self._run_test('POST', 404, 'devtable', None)
+
+
+class TestActivateBuildTrigger0byeBuynlargeOrgrepo(ApiTestCase):
+  def setUp(self):
+    ApiTestCase.setUp(self)
+    self._set_url(ActivateBuildTrigger, trigger_uuid="0BYE", repository="buynlarge/orgrepo")
+
+  def test_post_anonymous(self):
+    self._run_test('POST', 401, None, None)
+
+  def test_post_freshuser(self):
+    self._run_test('POST', 403, 'freshuser', None)
+
+  def test_post_reader(self):
+    self._run_test('POST', 403, 'reader', None)
+
+  def test_post_devtable(self):
+    self._run_test('POST', 404, 'devtable', None)
+
+
+class TestBuildTriggerAnalyze0byePublicPublicrepo(ApiTestCase):
+  def setUp(self):
+    ApiTestCase.setUp(self)
+    self._set_url(BuildTriggerAnalyze, trigger_uuid="0BYE", repository="public/publicrepo")
+
+  def test_post_anonymous(self):
+    self._run_test('POST', 401, None, None)
+
+  def test_post_freshuser(self):
+    self._run_test('POST', 403, 'freshuser', None)
+
+  def test_post_reader(self):
+    self._run_test('POST', 403, 'reader', None)
+
+  def test_post_devtable(self):
+    self._run_test('POST', 403, 'devtable', {'config': {}})
+
+
+class TestBuildTriggerAnalyze0byeDevtableShared(ApiTestCase):
+  def setUp(self):
+    ApiTestCase.setUp(self)
+    self._set_url(BuildTriggerAnalyze, trigger_uuid="0BYE", repository="devtable/shared")
+
+  def test_post_anonymous(self):
+    self._run_test('POST', 401, None, None)
+
+  def test_post_freshuser(self):
+    self._run_test('POST', 403, 'freshuser', None)
+
+  def test_post_reader(self):
+    self._run_test('POST', 403, 'reader', None)
+
+  def test_post_devtable(self):
+    self._run_test('POST', 404, 'devtable', {'config': {}})
+
+
+class TestBuildTriggerAnalyze0byeBuynlargeOrgrepo(ApiTestCase):
+  def setUp(self):
+    ApiTestCase.setUp(self)
+    self._set_url(BuildTriggerAnalyze, trigger_uuid="0BYE", repository="buynlarge/orgrepo")
+
+  def test_post_anonymous(self):
+    self._run_test('POST', 401, None, None)
+
+  def test_post_freshuser(self):
+    self._run_test('POST', 403, 'freshuser', None)
+
+  def test_post_reader(self):
+    self._run_test('POST', 403, 'reader', None)
+
+  def test_post_devtable(self):
+    self._run_test('POST', 404, 'devtable', {'config': {}})
+
+class TestBuildTriggerAnalyze0byeDevtableShared(ApiTestCase):
+  def setUp(self):
+    ApiTestCase.setUp(self)
+    self._set_url(BuildTriggerAnalyze, trigger_uuid="0BYE", repository="devtable/shared")
+
+  def test_post_anonymous(self):
+    self._run_test('POST', 401, None, None)
+
+  def test_post_freshuser(self):
+    self._run_test('POST', 403, 'freshuser', None)
+
+  def test_post_reader(self):
+    self._run_test('POST', 403, 'reader', None)
+
+  def test_post_devtable(self):
+    self._run_test('POST', 404, 'devtable', {'config': {}})
+
+
+class TestBuildTriggerAnalyze0byeBuynlargeOrgrepo(ApiTestCase):
+  def setUp(self):
+    ApiTestCase.setUp(self)
+    self._set_url(BuildTriggerAnalyze, trigger_uuid="0BYE", repository="buynlarge/orgrepo")
+
+  def test_post_anonymous(self):
+    self._run_test('POST', 401, None, None)
+
+  def test_post_freshuser(self):
+    self._run_test('POST', 403, 'freshuser', None)
+
+  def test_post_reader(self):
+    self._run_test('POST', 403, 'reader', None)
+
+  def test_post_devtable(self):
+    self._run_test('POST', 404, 'devtable', {'config': {}})
+
 
 class TestRepositoryImageChangesPtsgPublicPublicrepo(ApiTestCase):
   def setUp(self):

test/test_api_usage.py

@@ -19,7 +19,7 @@ from endpoints.api.build import RepositoryBuildStatus, RepositoryBuildLogs, Repo
 from endpoints.api.robot import UserRobotList, OrgRobot, OrgRobotList, UserRobot
 from endpoints.api.trigger import (BuildTriggerActivate, BuildTriggerSources, BuildTriggerSubdirs,
                                    TriggerBuildList, ActivateBuildTrigger, BuildTrigger,
-                                   BuildTriggerList)
+                                   BuildTriggerList, BuildTriggerAnalyze)
 from endpoints.api.webhook import Webhook, WebhookList
 from endpoints.api.user import (PrivateRepositories, ConvertToOrganization, Signout, Signin, User,
                                 UserAuthorizationList, UserAuthorization)
@@ -1605,6 +1605,15 @@ class FakeBuildTrigger(BuildTriggerBase):
   def manual_start(self, auth_token, config):
     return ('foo', ['bar'], 'build-name', 'subdir')
 
+  def dockerfile_url(self, auth_token, config):
+    return 'http://some/url'
+
+  def load_dockerfile_contents(self, auth_token, config):
+    if not 'dockerfile' in config:
+      return None
+
+    return config['dockerfile']
+
 
 class TestBuildTriggers(ApiTestCase):
   def test_list_build_triggers(self):
@@ -1653,6 +1662,82 @@ class TestBuildTriggers(ApiTestCase):
     self.assertEquals(0, len(json['triggers']))
 
 
+  def test_analyze_fake_trigger(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    database.BuildTriggerService.create(name='fakeservice')
+
+    # Add a new fake trigger.
+    repo = model.get_repository(ADMIN_ACCESS_USER, 'simple')
+    user = model.get_user(ADMIN_ACCESS_USER)
+    trigger = model.create_build_trigger(repo, 'fakeservice', 'sometoken', user)
+
+    # Analyze the trigger's dockerfile: First, no dockerfile.
+    trigger_config = {}
+    analyze_json = self.postJsonResponse(BuildTriggerAnalyze,
+                                         params=dict(repository=ADMIN_ACCESS_USER + '/simple', trigger_uuid=trigger.uuid),
+                                         data={'config': trigger_config})
+
+    self.assertEquals('error', analyze_json['status'])
+    self.assertEquals('Could not read the Dockerfile for the trigger', analyze_json['message'])
+
+    # Analyze the trigger's dockerfile: Second, missing FROM in dockerfile.
+    trigger_config = {'dockerfile': 'MAINTAINER me'}
+    analyze_json = self.postJsonResponse(BuildTriggerAnalyze,
+                                         params=dict(repository=ADMIN_ACCESS_USER + '/simple', trigger_uuid=trigger.uuid),
+                                         data={'config': trigger_config})
+
+    self.assertEquals('warning', analyze_json['status'])
+    self.assertEquals('No FROM line found in the Dockerfile', analyze_json['message'])
+    
+    # Analyze the trigger's dockerfile: Third, dockerfile with public repo.
+    trigger_config = {'dockerfile': 'FROM somerepo'}
+    analyze_json = self.postJsonResponse(BuildTriggerAnalyze,
+                                         params=dict(repository=ADMIN_ACCESS_USER + '/simple', trigger_uuid=trigger.uuid),
+                                         data={'config': trigger_config})
+
+    self.assertEquals('publicbase', analyze_json['status'])
+
+    # Analyze the trigger's dockerfile: Fourth, dockerfile with private repo with an invalid path.
+    trigger_config = {'dockerfile': 'FROM localhost:5000/somepath'}
+    analyze_json = self.postJsonResponse(BuildTriggerAnalyze,
+                                         params=dict(repository=ADMIN_ACCESS_USER + '/simple', trigger_uuid=trigger.uuid),
+                                         data={'config': trigger_config})
+
+    self.assertEquals('warning', analyze_json['status'])
+    self.assertEquals('"localhost:5000/somepath" is not a valid Quay repository path', analyze_json['message'])
+
+    # Analyze the trigger's dockerfile: Fifth, dockerfile with private repo that does not exist.
+    trigger_config = {'dockerfile': 'FROM localhost:5000/nothere/randomrepo'}
+    analyze_json = self.postJsonResponse(BuildTriggerAnalyze,
+                                         params=dict(repository=ADMIN_ACCESS_USER + '/simple', trigger_uuid=trigger.uuid),
+                                         data={'config': trigger_config})
+
+    self.assertEquals('error', analyze_json['status'])
+    self.assertEquals('Repository "localhost:5000/nothere/randomrepo" was not found', analyze_json['message'])
+
+    # Analyze the trigger's dockerfile: Sixth, dockerfile with private repo that the user cannot see.
+    trigger_config = {'dockerfile': 'FROM localhost:5000/randomuser/randomrepo'}
+    analyze_json = self.postJsonResponse(BuildTriggerAnalyze,
+                                         params=dict(repository=ADMIN_ACCESS_USER + '/simple', trigger_uuid=trigger.uuid),
+                                         data={'config': trigger_config})
+
+    self.assertEquals('error', analyze_json['status'])
+    self.assertEquals('Repository "localhost:5000/randomuser/randomrepo" was not found', analyze_json['message'])
+
+    # Analyze the trigger's dockerfile: Seventh, dockerfile with private repo that the user see.
+    trigger_config = {'dockerfile': 'FROM localhost:5000/devtable/complex'}
+    analyze_json = self.postJsonResponse(BuildTriggerAnalyze,
+                                         params=dict(repository=ADMIN_ACCESS_USER + '/simple', trigger_uuid=trigger.uuid),
+                                         data={'config': trigger_config})
+
+    self.assertEquals('analyzed', analyze_json['status'])
+    self.assertEquals('devtable', analyze_json['namespace'])
+    self.assertEquals('complex', analyze_json['name'])
+    self.assertEquals(False, analyze_json['is_public'])
+    self.assertEquals(ADMIN_ACCESS_USER + '+dtrobot', analyze_json['robots'][0]['name'])
+
+
   def test_fake_trigger(self):
     self.login(ADMIN_ACCESS_USER)