vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge branch 'rustedbuilds' of https://bitbucket.org/yackob03/quay into rustedbuilds

Browse source
This commit is contained in:
Joseph Schorr 2014-02-25 18:22:59 -05:00
commit a6128978cb
20 changed files with 143 additions and 67 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
auth/auth.py
View file

@ -1,7 +1,7 @@
import logging
from functools import wraps
from flask import request, _request_ctx_stack, abort, session
from flask import request, _request_ctx_stack, session
from flask.ext.principal import identity_changed, Identity
from base64 import b64decode
@ -10,19 +10,11 @@ from app import app
from permissions import QuayDeferredPermissionUser
from util.names import parse_namespace_repository
from util.http import abort
logger = logging.getLogger(__name__)
def get_authenticated_user():
return getattr(_request_ctx_stack.top, 'authenticated_user', None)
def get_validated_token():
return getattr(_request_ctx_stack.top, 'validated_token', None)
def process_basic_auth(auth):
normalized = [part.strip() for part in auth.split(' ') if part]
if normalized[0].lower() != 'basic' or len(normalized) != 2:
@ -89,13 +81,13 @@ def process_token(auth):
if len(token_details) != 1:
logger.warning('Invalid token format: %s' % auth)
abort(401)
abort(401, message="Invalid token format: %(auth)", issue='invalid-auth-token', auth=auth)
token_vals = {val[0]: val[1] for val in
(detail.split('=') for detail in token_details)}
if 'signature' not in token_vals:
logger.warning('Token does not contain signature: %s' % auth)
abort(401)
abort(401, message="Token does not contain a valid signature: %(auth)", issue='invalid-auth-token', auth=auth)
try:
token_data = model.load_token_data(token_vals['signature'])
@ -103,7 +95,7 @@ def process_token(auth):
except model.InvalidTokenException:
logger.warning('Token could not be validated: %s' %
token_vals['signature'])
abort(401)
abort(401, message="Token could not be validated: %(auth)", issue='invalid-auth-token', auth=auth)
logger.debug('Successfully validated token: %s' % token_data.code)
ctx = _request_ctx_stack.top
@ -134,7 +126,7 @@ def extract_namespace_repo_from_session(f):
if 'namespace' not in session or 'repository' not in session:
logger.error('Unable to load namespace or repository from session: %s' %
session)
abort(400)
abort(400, message="Missing namespace in request")
return f(session['namespace'], session['repository'], *args, **kwargs)
return wrapper

7
auth/auth_context.py Normal file
View file

@ -0,0 +1,7 @@
from flask import _request_ctx_stack
def get_authenticated_user():
return getattr(_request_ctx_stack.top, 'authenticated_user', None)
def get_validated_token():
return getattr(_request_ctx_stack.top, 'validated_token', None)

1
data/database.py
View file

@ -237,6 +237,7 @@ class RepositoryBuild(BaseModel):
uuid = CharField(default=uuid_generator, index=True)
repository = ForeignKeyField(Repository, index=True)
access_token = ForeignKeyField(AccessToken)
resource_key = CharField(index=True)
job_config = TextField()
phase = CharField(default='waiting')
started = DateTimeField(default=datetime.now)

39
data/model.py
View file

@ -775,14 +775,15 @@ def get_all_repo_users(namespace_name, repository_name):
def get_repository_for_resource(resource_key):
joined = Repository.select().join(RepositoryBuild)
query = joined.where(RepositoryBuild.resource_key == resource_key).limit(1)
result = list(query)
if not result:
try:
return (Repository
.select()
.join(RepositoryBuild)
.where(RepositoryBuild.resource_key == resource_key)
.get())
except Repository.DoesNotExist:
return None
return result[0]
def get_repository(namespace_name, repository_name):
try:
@ -888,16 +889,20 @@ def create_repository(namespace, name, creating_user, visibility='private'):
return repo
def __translate_ancestry(old_ancestry, translations, existing_images):
def __translate_ancestry(old_ancestry, translations, repository, username):
if old_ancestry == '/':
return '/'
def translate_id(old_id):
logger.debug('Translating id: %s', old_id)
if old_id not in translations:
# Figure out which docker_image_id the old id refers to, then find a
# a local one
old = Image.select(Image.docker_image_id).where(Image.id == old_id).get()
translations[old_id] = existing_images[old.docker_image_id]
image_in_repo = find_create_or_link_image(old.docker_image_id,
repository, username,
translations)
translations[old_id] = image_in_repo.id
return translations[old_id]
@ -906,9 +911,14 @@ def __translate_ancestry(old_ancestry, translations, existing_images):
return '/%s/' % '/'.join(new_ids)
def create_or_link_image(docker_image_id, repository, username, translations,
existing_images):
def find_create_or_link_image(docker_image_id, repository, username,
translations):
with transaction_factory(db):
repo_image = get_repo_image(repository.namespace, repository.name,
docker_image_id)
if repo_image:
return repo_image
query = (Image
.select(Image, ImageStorage)
.distinct()
@ -930,7 +940,8 @@ def create_or_link_image(docker_image_id, repository, username, translations,
logger.debug(msg, docker_image_id, to_copy.storage.uuid)
new_image_ancestry = __translate_ancestry(to_copy.ancestors,
translations, existing_images)
translations, repository,
username)
storage = to_copy.storage
origin_image_id = to_copy.id
@ -943,6 +954,7 @@ def create_or_link_image(docker_image_id, repository, username, translations,
ancestors=new_image_ancestry)
if origin_image_id:
logger.debug('Storing translation %s -> %s', origin_image_id, new_image.id)
translations[origin_image_id] = new_image.id
return new_image
@ -1409,11 +1421,12 @@ def list_repository_builds(namespace_name, repository_name,
return query
def create_repository_build(repo, access_token, job_config_obj,
def create_repository_build(repo, access_token, job_config_obj, dockerfile_id,
display_name, trigger=None):
return RepositoryBuild.create(repository=repo, access_token=access_token,
job_config=json.dumps(job_config_obj),
display_name=display_name, trigger=trigger)
display_name=display_name, trigger=trigger,
resource_key=dockerfile_id)
def create_webhook(repo, params_obj):

7
endpoints/api.py
View file

@ -1252,15 +1252,14 @@ def request_repo_build(namespace, repository):
logger.debug('**********Md5: %s' % display_name)
host = urlparse.urlparse(request.url).netloc
repo = '%s/%s/%s' % (host, repo.namespace, repo.name)
repo_tag_base = '%s/%s/%s' % (host, repo.namespace, repo.name)
job_config = {
'docker_tags': ['latest'],
'build_subdir': '',
'repository': repo,
'resource_key': dockerfile_id,
'repository': repo_tag_base,
}
build_request = model.create_repository_build(repo, token, job_config,
display_name)
dockerfile_id, display_name)
dockerfile_build_queue.put(json.dumps({
'build_uuid': build_request.uuid,
'namespace': namespace,

4
endpoints/common.py
View file

@ -90,12 +90,14 @@ def common_login(db_user):
@app.errorhandler(model.DataModelException)
def handle_dme(ex):
logger.exception(ex)
return make_response(ex.message, 400)
@app.errorhandler(KeyError)
def handle_dme_key_error(ex):
return make_response(ex.message, 400)
logger.exception(ex)
return make_response('Invalid key: %s' % ex.message, 400)
def generate_csrf_token():

10
endpoints/index.py
View file

@ -9,8 +9,8 @@ from collections import OrderedDict
from data import model, userevent
from data.queue import webhook_queue
from app import mixpanel, app
from auth.auth import (process_auth, get_authenticated_user,
get_validated_token)
from auth.auth import process_auth
from auth.auth_context import get_authenticated_user, get_validated_token
from util.names import parse_repository_name
from util.email import send_confirmation_email
from auth.permissions import (ModifyRepositoryPermission, UserPermission,
@ -193,17 +193,15 @@ def create_repository(namespace, repository):
for desc in image_descriptions])
new_repo_images = dict(added_images)
existing_image_translations = {}
for existing in model.get_repository_images(namespace, repository):
if existing.docker_image_id in new_repo_images:
existing_image_translations[existing.docker_image_id] = existing.id
added_images.pop(existing.docker_image_id)
username = get_authenticated_user() and get_authenticated_user().username
translations = {}
for image_description in added_images.values():
model.create_or_link_image(image_description['id'], repo, username,
translations, existing_image_translations)
model.find_create_or_link_image(image_description['id'], repo, username,
translations)
response = make_response('Created', 201)

4
endpoints/registry.py
View file

@ -2,7 +2,7 @@ import logging
import json
from flask import (make_response, request, session, Response, redirect,
Blueprint, abort as flask_abort)
Blueprint)
from functools import wraps
from datetime import datetime
from time import time
@ -259,7 +259,7 @@ def get_image_json(namespace, repository, image_id, headers):
data = store.get_content(store.image_json_path(namespace, repository,
image_id, uuid))
except IOError:
flask_abort(404)
abort(404, message='Image data not found')
try:
size = store.get_size(store.image_layer_path(namespace, repository,

4
endpoints/webhooks.py
View file

@ -84,10 +84,10 @@ def build_trigger_webhook(namespace, repository, trigger_uuid):
'docker_tags': tags,
'repository': repo,
'build_subdir': subdir,
'resource_key': dockerfile_id,
}
build_request = model.create_repository_build(trigger.repository, token,
job_config, name, trigger)
job_config, dockerfile_id,
name, trigger)
dockerfile_build_queue.put(json.dumps({
'build_uuid': build_request.uuid,

5
initdb.py
View file

@ -67,7 +67,8 @@ def __create_subtree(repo, structure, creator_username, parent):
logger.debug('new docker id: %s' % docker_image_id)
checksum = __gen_checksum(docker_image_id)
new_image = model.create_or_link_image(docker_image_id, repo, None, {}, {})
new_image = model.find_create_or_link_image(docker_image_id, repo, None,
{})
new_image.storage.uuid = IMAGE_UUIDS[image_num % len(IMAGE_UUIDS)]
new_image.storage.save()
@ -325,9 +326,9 @@ def populate_database():
'repository': repo,
'docker_tags': ['latest'],
'build_subdir': '',
'resource_key': '701dcc3724fb4f2ea6c31400528343cd',
}
build = model.create_repository_build(building, token, job_config,
'701dcc3724fb4f2ea6c31400528343cd'
'build-name', trigger)
build.uuid = 'deadbeef-dead-beef-dead-beefdeadbeef'
build.save()

8
static/css/quay.css
View file

@ -234,6 +234,10 @@ i.toggle-icon:hover {
top: 4px;
}
.entity-reference-element {
white-space: nowrap;
}
.entity-reference-element i.fa-exclamation-triangle {
color: #c09853;
margin-left: 10px;
@ -394,6 +398,10 @@ i.toggle-icon:hover {
line-height: 25px;
}
.logs-view-element .log-performer {
white-space: nowrap;
}
.billing-options-element .current-card {
font-size: 16px;
margin-bottom: 20px;

24
static/directives/entity-reference.html
View file

@ -1,19 +1,27 @@
<span class="entity-reference-element">
<span ng-show="entity.kind == 'team'">
<span ng-if="entity.kind == 'team'">
<i class="fa fa-group" title="Team" bs-tooltip="tooltip.title" data-container="body"></i>
<span class="entity-name">
<span ng-show="!getIsAdmin(namespace)">{{entity.name}}</span>
<span ng-show="getIsAdmin(namespace)"><a href="/organization/{{ namespace }}/teams/{{ entity.name }}">{{entity.name}}</a></span>
<span ng-if="!getIsAdmin(namespace)">{{entity.name}}</span>
<span ng-if="getIsAdmin(namespace)"><a href="/organization/{{ namespace }}/teams/{{ entity.name }}">{{entity.name}}</a></span>
</span>
</span>
<span ng-show="entity.kind != 'team'">
<span ng-if="entity.kind != 'team'">
<i class="fa fa-user" ng-show="!entity.is_robot" title="User" bs-tooltip="tooltip.title" data-container="body"></i>
<i class="fa fa-wrench" ng-show="entity.is_robot" title="Robot Account" bs-tooltip="tooltip.title" data-container="body"></i>
<span class="entity-name">
<span ng-show="entity.is_robot" class="prefix">{{getPrefix(entity.name)}}</span><span>{{getShortenedName(entity.name)}}</span>
<span class="entity-name" ng-if="entity.is_robot">
<a href="{{ getRobotUrl(entity.name) }}" ng-if="getIsAdmin(getPrefix(entity.name))">
<span class="prefix">{{ getPrefix(entity.name) }}+</span><span>{{ getShortenedName(entity.name) }}</span>
</a>
<span ng-if="!getIsAdmin(getPrefix(entity.name))">
<span class="prefix">{{ getPrefix(entity.name) }}+</span><span>{{ getShortenedName(entity.name) }}</span>
</span>
</span>
<span class="entity-name" ng-if="!entity.is_robot">
<span>{{getShortenedName(entity.name)}}</span>
</span>
</span>
<i class="fa fa-exclamation-triangle" ng-show="entity.is_org_member === false"
title="This user is not a member of the organization" bs-tooltip="tooltip.title">
<i class="fa fa-exclamation-triangle" ng-if="entity.is_org_member === false"
title="This user is not a member of the organization" bs-tooltip="tooltip.title" data-container="body">
</i>
</span>

4
static/directives/entity-search.html
View file

@ -7,6 +7,10 @@
</button>
<ul class="dropdown-menu" role="menu" aria-labelledby="entityDropdownMenu">
<li ng-show="lazyLoading" style="padding: 10px"><div class="quay-spinner"></div></li>
<li role="presentation" class="dropdown-header" ng-show="!lazyLoading && !robots && !isAdmin && !teams">
You do not have permission to manage teams and robots for this organization
</li>
<li role="presentation" ng-repeat="team in teams" ng-show="!lazyLoading"
ng-click="setEntity(team.name, 'team', false)">

4
static/directives/logs-view.html
View file

@ -53,10 +53,10 @@
</td>
<td>{{ log.datetime }}</td>
<td>
<span ng-show="log.performer">
<span class="log-performer" ng-show="log.performer">
<span class="entity-reference" entity="log.performer" namespace="organization.name"></span>
</span>
<span ng-show="!log.performer && log.metadata.token">
<span class="log-performer" ng-show="!log.performer && log.metadata.token">
<i class="fa fa-key"></i>
<span>{{ log.metadata.token }}</span>
</span>

58
static/js/app.js
View file

@ -863,15 +863,34 @@ quayApp.directive('entityReference', function () {
'entity': '=entity',
'namespace': '=namespace'
},
controller: function($scope, $element, UserService) {
controller: function($scope, $element, UserService, $sanitize) {
$scope.getIsAdmin = function(namespace) {
return UserService.isNamespaceAdmin(namespace);
};
$scope.getRobotUrl = function(name) {
var namespace = $scope.getPrefix(name);
if (!namespace) {
return '';
}
if (!$scope.getIsAdmin(namespace)) {
return '';
}
var org = UserService.getOrganization(namespace);
if (!org) {
// This robot is owned by the user.
return '/user/?tab=robots&showRobot=' + $sanitize(name);
}
return '/organization/' + org['name'] + '/admin?tab=robots&showRobot=' + $sanitize(name);
};
$scope.getPrefix = function(name) {
if (!name) { return ''; }
var plus = name.indexOf('+');
return name.substr(0, plus + 1);
return name.substr(0, plus);
};
$scope.getShortenedName = function(name) {
@ -1544,7 +1563,7 @@ quayApp.directive('robotsManager', function () {
'organization': '=organization',
'user': '=user'
},
controller: function($scope, $element, ApiService) {
controller: function($scope, $element, ApiService, $routeParams) {
$scope.ROBOT_PATTERN = ROBOT_PATTERN;
$scope.robots = null;
$scope.loading = false;
@ -1555,6 +1574,15 @@ quayApp.directive('robotsManager', function () {
$scope.shownRobot = info;
$scope.showRobotCounter++;
};
$scope.findRobotIndexByName = function(name) {
for (var i = 0; i < $scope.robots.length; ++i) {
if ($scope.robots[i].name == name) {
return i;
}
}
return -1;
};
$scope.getShortenedName = function(name) {
var plus = name.indexOf('+');
@ -1578,11 +1606,9 @@ quayApp.directive('robotsManager', function () {
$scope.deleteRobot = function(info) {
var shortName = $scope.getShortenedName(info.name);
ApiService.deleteRobot($scope.organization, null, {'robot_shortname': shortName}).then(function(resp) {
for (var i = 0; i < $scope.robots.length; ++i) {
if ($scope.robots[i].name == info.name) {
$scope.robots.splice(i, 1);
return;
}
var index = $scope.findRobotIndexByName(info.name);
if (index >= 0) {
$scope.robots.splice(index, 1);
}
}, function() {
bootbox.dialog({
@ -1606,6 +1632,13 @@ quayApp.directive('robotsManager', function () {
ApiService.getRobots($scope.organization).then(function(resp) {
$scope.robots = resp.robots;
$scope.loading = false;
if ($routeParams.showRobot) {
var index = $scope.findRobotIndexByName($routeParams.showRobot);
if (index >= 0) {
$scope.showRobot($scope.robots[index]);
}
}
});
};
@ -2048,8 +2081,17 @@ quayApp.directive('entitySearch', function () {
$scope.lazyLoad = function() {
if (!$scope.namespace || !$scope.lazyLoading) { return; }
// Determine whether we can admin this namespace.
$scope.isAdmin = UserService.isNamespaceAdmin($scope.namespace);
// If the scope is an organization and we are not part of it, then nothing more we can do.
if (!$scope.isAdmin && $scope.isOrganization && !UserService.getOrganization($scope.namespace)) {
$scope.teams = null;
$scope.robots = null;
$scope.lazyLoading = false;
return;
}
if ($scope.isOrganization && $scope.includeTeams) {
ApiService.getOrganization(null, {'orgname': $scope.namespace}).then(function(resp) {
$scope.teams = resp.teams;

BIN
test/data/test.db
View file

Binary file not shown.

4
test/test_api_usage.py
View file

@ -858,7 +858,7 @@ class TestGetRepoBuilds(ApiTestCase):
assert 'status' in build
class TestRequearRepoBuild(ApiTestCase):
class TestRequestRepoBuild(ApiTestCase):
def test_requestrepobuild(self):
self.login(ADMIN_ACCESS_USER)
@ -871,7 +871,7 @@ class TestRequearRepoBuild(ApiTestCase):
# Request a (fake) build.
self.postResponse('api.request_repo_build',
params=dict(repository=ADMIN_ACCESS_USER + '/simple'),
data=dict(file_id = 'foobarbaz'),
data=dict(file_id='foobarbaz'),
expected_code=201)
# Check for the build.

2
test/test_image_sharing.py
View file

@ -43,7 +43,7 @@ class TestImageSharing(unittest.TestCase):
def createStorage(self, docker_image_id, repository=REPO, username=ADMIN_ACCESS_USER):
repository_obj = model.get_repository(repository.split('/')[0], repository.split('/')[1])
image = model.create_or_link_image(docker_image_id, repository_obj, username, {}, {})
image = model.find_create_or_link_image(docker_image_id, repository_obj, username, {})
return image.storage.id
def assertSameStorage(self, docker_image_id, storage_id, repository=REPO, username=ADMIN_ACCESS_USER):

3
util/http.py
View file

@ -2,7 +2,7 @@ import logging
from app import mixpanel
from flask import request, abort as flask_abort, jsonify
from auth.auth import get_authenticated_user, get_validated_token
from auth.auth_context import get_authenticated_user, get_validated_token
logger = logging.getLogger(__name__)
@ -16,6 +16,7 @@ DEFAULT_MESSAGE[409] = 'Conflict'
DEFAULT_MESSAGE[501] = 'Not Implemented'
def abort(status_code, message=None, issue=None, **kwargs):
message = (str(message) % kwargs if message else
DEFAULT_MESSAGE.get(status_code, ''))

2
workers/dockerfilebuild.py
View file

@ -274,7 +274,7 @@ class DockerfileBuildWorker(Worker):
job_config = json.loads(repository_build.job_config)
resource_url = user_files.get_file_url(job_config['resource_key'])
resource_url = user_files.get_file_url(repository_build.resource_key)
tag_names = job_config['docker_tags']
build_subdir = job_config['build_subdir']
repo = job_config['repository']