Change to store the pull robot on the repository build and only add the credentials to the queue item. This prevents the credentials from being exposed to the end user. Also fixes the restart build option
This commit is contained in:
Joseph Schorr
parent
2a72e91bdb
commit
9a79d1562a
13 changed files with 110 additions and 68 deletions
|
|
@ -1453,27 +1453,42 @@ def get_recent_repository_build(namespace_name, repository_name):
|
|||
|
||||
|
||||
def create_repository_build(repo, access_token, job_config_obj, dockerfile_id,
|
||||
display_name, trigger=None):
|
||||
display_name, trigger=None, pull_robot_name=None):
|
||||
pull_robot = None
|
||||
if pull_robot_name:
|
||||
pull_robot = lookup_robot(pull_robot_name)
|
||||
|
||||
return RepositoryBuild.create(repository=repo, access_token=access_token,
|
||||
job_config=json.dumps(job_config_obj),
|
||||
display_name=display_name, trigger=trigger,
|
||||
resource_key=dockerfile_id)
|
||||
resource_key=dockerfile_id,
|
||||
pull_robot=pull_robot)
|
||||
|
||||
def get_pull_credentials(trigger):
|
||||
if not trigger.pull_user:
|
||||
|
||||
def get_pull_robot_name(trigger):
|
||||
if not trigger.pull_robot:
|
||||
return None
|
||||
|
||||
return trigger.pull_robot.username
|
||||
|
||||
|
||||
def get_pull_credentials(robotname):
|
||||
robot = lookup_robot(robotname)
|
||||
if not robot:
|
||||
return None
|
||||
|
||||
try:
|
||||
login_info = FederatedLogin.get(user=trigger.pull_user)
|
||||
login_info = FederatedLogin.get(user=robot)
|
||||
except FederatedLogin.DoesNotExist:
|
||||
return None
|
||||
|
||||
return {
|
||||
'username': trigger.pull_user.username,
|
||||
'username': robot.username,
|
||||
'password': login_info.service_ident,
|
||||
'registry': '%s://%s/v1/' % (app.config['URL_SCHEME'], app.config['URL_HOST']),
|
||||
}
|
||||
|
||||
|
||||
def create_webhook(repo, params_obj):
|
||||
return Webhook.create(repository=repo, parameters=json.dumps(params_obj))
|
||||
|
||||
|
|
@ -1530,12 +1545,12 @@ def log_action(kind_name, user_or_organization_name, performer=None,
|
|||
metadata_json=json.dumps(metadata), datetime=timestamp)
|
||||
|
||||
|
||||
def create_build_trigger(repo, service_name, auth_token, user, pull_user=None):
|
||||
def create_build_trigger(repo, service_name, auth_token, user, pull_robot=None):
|
||||
service = BuildTriggerService.get(name=service_name)
|
||||
trigger = RepositoryBuildTrigger.create(repository=repo, service=service,
|
||||
auth_token=auth_token,
|
||||
connected_user=user,
|
||||
pull_user=None)
|
||||
pull_robot=pull_robot)
|
||||
return trigger
|
||||
|
||||
|
||||
|
|
|
|||
Reference in a new issue