Change to store the pull robot on the repository build and only add the credentials to the queue item. This prevents the credentials from being exposed to the end user. Also fixes the restart build option

2014-04-01 21:49:06 -04:00 · 2014-04-01 21:49:06 -04:00 · 9a79d1562a
commit 9a79d1562a
parent 2a72e91bdb
13 changed files with 110 additions and 68 deletions
--- a/endpoints/common.py
+++ b/endpoints/common.py
@ -107,7 +107,7 @@ def check_repository_usage(user_or_org, plan_found):


 def start_build(repository, dockerfile_id, tags, build_name, subdir, manual,
-                trigger=None, pull_credentials=None):
+                trigger=None, pull_robot_name=None):
  host = urlparse.urlparse(request.url).netloc
  repo_path = '%s/%s/%s' % (host, repository.namespace, repository.name)

@ -118,18 +118,18 @@ def start_build(repository, dockerfile_id, tags, build_name, subdir, manual,
  job_config = {
    'docker_tags': tags,
    'repository': repo_path,
-    'build_subdir': subdir,
-    'pull_credentials': pull_credentials,
+    'build_subdir': subdir
  }

  build_request = model.create_repository_build(repository, token, job_config,
                                                dockerfile_id, build_name,
-                                                trigger)
+                                                trigger, pull_robot_name = pull_robot_name)

  dockerfile_build_queue.put(json.dumps({
    'build_uuid': build_request.uuid,
    'namespace': repository.namespace,
    'repository': repository.name,
+    'pull_credentials': model.get_pull_credentials(pull_robot_name) if pull_robot_name else None
  }), retries_remaining=1)

  metadata = {