Change to store the pull robot on the repository build and only add the credentials to the queue item. This prevents the credentials from being exposed to the end user. Also fixes the restart build option

endpoints/api/trigger.py

@@ -190,7 +190,7 @@ class BuildTriggerActivate(RepositoryParamResource):
           raise Unauthorized()          
 
         # Set the pull robot.
-        trigger.pull_user = pull_robot
+        trigger.pull_robot = pull_robot
 
       # Update the config.
       new_config_dict = request.get_json()['config']
@@ -224,7 +224,7 @@ class BuildTriggerActivate(RepositoryParamResource):
       log_action('setup_repo_trigger', namespace,
                {'repo': repository, 'namespace': namespace,
                 'trigger_id': trigger.uuid, 'service': trigger.service.name, 
-                'pull_user': trigger.pull_user.username if trigger.pull_user else None,
+                'pull_robot': trigger.pull_robot.username if trigger.pull_robot else None,
                 'config': final_config}, repo=repo)
 
       return trigger_view(trigger)
@@ -254,10 +254,10 @@ class ActivateBuildTrigger(RepositoryParamResource):
     dockerfile_id, tags, name, subdir = specs
 
     repo = model.get_repository(namespace, repository)
-    pull_credentials = model.get_pull_credentials(trigger)
+    pull_robot_name = model.get_pull_robot_name(trigger)
 
     build_request = start_build(repo, dockerfile_id, tags, name, subdir, True,
-                                pull_credentials=pull_credentials)
+                                pull_robot_name=pull_robot_name)
 
     resp = build_status_view(build_request, True)
     repo_string = '%s/%s' % (namespace, repository)