Change to store the pull robot on the repository build and only add the credentials to the queue item. This prevents the credentials from being exposed to the end user. Also fixes the restart build option

2014-04-01 21:49:06 -04:00 · 2014-04-01 21:49:06 -04:00 · 9a79d1562a
commit 9a79d1562a
parent 2a72e91bdb
13 changed files with 110 additions and 68 deletions
--- a/test/test_api_usage.py
+++ b/test/test_api_usage.py
@ -964,7 +964,7 @@ class TestRequestRepoBuild(ApiTestCase):
  def test_requestrepobuild(self):
    self.login(ADMIN_ACCESS_USER)

-    # Ensure where not yet building.
+    # Ensure we are not yet building.
    json = self.getJsonResponse(RepositoryBuildList,
                                params=dict(repository=ADMIN_ACCESS_USER + '/simple'))
    
@ -982,24 +982,20 @@ class TestRequestRepoBuild(ApiTestCase):
    
    assert len(json['builds']) > 0
   
-  def test_requestrepobuild_with_credentials(self):
+  def test_requestrepobuild_with_robot(self):
    self.login(ADMIN_ACCESS_USER)

-    # Ensure where not yet building.
+    # Ensure we are not yet building.
    json = self.getJsonResponse(RepositoryBuildList,
                                params=dict(repository=ADMIN_ACCESS_USER + '/simple'))
    
    assert len(json['builds']) == 0

    # Request a (fake) build.
-    pull_creds = {
-      'username': 'foo',
-      'password': 'bar',
-      'registry': 'baz'
-    }
+    pull_robot = ADMIN_ACCESS_USER + '+dtrobot'
    self.postResponse(RepositoryBuildList,
                      params=dict(repository=ADMIN_ACCESS_USER + '/simple'),
-                      data=dict(file_id='foobarbaz', pull_credentials=pull_creds),
+                      data=dict(file_id='foobarbaz', pull_robot=pull_robot),
                      expected_code=201)

    # Check for the build.
@ -1007,7 +1003,28 @@ class TestRequestRepoBuild(ApiTestCase):
                                params=dict(repository=ADMIN_ACCESS_USER + '/building'))
    
    assert len(json['builds']) > 0
-   
+
+
+  def test_requestrepobuild_with_invalid_robot(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    # Request a (fake) build.
+    pull_robot = ADMIN_ACCESS_USER + '+invalidrobot'
+    self.postResponse(RepositoryBuildList,
+                      params=dict(repository=ADMIN_ACCESS_USER + '/simple'),
+                      data=dict(file_id='foobarbaz', pull_robot=pull_robot),
+                      expected_code=404)
+
+  def test_requestrepobuild_with_unauthorized_robot(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    # Request a (fake) build.
+    pull_robot = 'freshuser+anotherrobot'
+    self.postResponse(RepositoryBuildList,
+                      params=dict(repository=ADMIN_ACCESS_USER + '/simple'),
+                      data=dict(file_id='foobarbaz', pull_robot=pull_robot),
+                      expected_code=403)
+


 class TestWebhooks(ApiTestCase):
@ -1746,7 +1763,7 @@ class TestBuildTriggers(ApiTestCase):

    # Verify that the robot was saved.
    self.assertEquals(True, activate_json['is_active'])
-    self.assertEquals(ADMIN_ACCESS_USER + '+dtrobot', activate_json['pull_user']['name'])
+    self.assertEquals(ADMIN_ACCESS_USER + '+dtrobot', activate_json['pull_robot']['name'])

    # Start a manual build.
    start_json = self.postJsonResponse(ActivateBuildTrigger,