Port over tokens.
This commit is contained in:
jakedt
parent
3d4ece31f3
commit
cd276773ff
4 changed files with 147 additions and 10 deletions
|
|
@ -173,13 +173,14 @@ def log_action(kind, user_or_orgname, metadata={}, repo=None):
|
|||
|
||||
import endpoints.api.legacy
|
||||
|
||||
import endpoints.api.repository
|
||||
import endpoints.api.discovery
|
||||
import endpoints.api.user
|
||||
import endpoints.api.search
|
||||
import endpoints.api.build
|
||||
import endpoints.api.webhook
|
||||
import endpoints.api.trigger
|
||||
import endpoints.api.discovery
|
||||
import endpoints.api.image
|
||||
import endpoints.api.permission
|
||||
import endpoints.api.repository
|
||||
import endpoints.api.repotoken
|
||||
import endpoints.api.search
|
||||
import endpoints.api.tag
|
||||
import endpoints.api.permission
|
||||
import endpoints.api.trigger
|
||||
import endpoints.api.user
|
||||
import endpoints.api.webhook
|
||||
|
|
|
|||
|
|
@ -1967,6 +1967,7 @@ def token_view(token_obj):
|
|||
}
|
||||
|
||||
|
||||
# Ported
|
||||
@api_bp.route('/repository/<path:repository>/tokens/', methods=['GET'])
|
||||
@api_login_required
|
||||
@parse_repository_name
|
||||
|
|
@ -1982,6 +1983,7 @@ def list_repo_tokens(namespace, repository):
|
|||
abort(403) # Permission denied
|
||||
|
||||
|
||||
# Ported
|
||||
@api_bp.route('/repository/<path:repository>/tokens/<code>', methods=['GET'])
|
||||
@api_login_required
|
||||
@parse_repository_name
|
||||
|
|
@ -1998,6 +2000,7 @@ def get_tokens(namespace, repository, code):
|
|||
abort(403) # Permission denied
|
||||
|
||||
|
||||
# Ported
|
||||
@api_bp.route('/repository/<path:repository>/tokens/', methods=['POST'])
|
||||
@api_login_required
|
||||
@parse_repository_name
|
||||
|
|
@ -2020,6 +2023,7 @@ def create_token(namespace, repository):
|
|||
abort(403) # Permission denied
|
||||
|
||||
|
||||
# Ported
|
||||
@api_bp.route('/repository/<path:repository>/tokens/<code>', methods=['PUT'])
|
||||
@api_login_required
|
||||
@parse_repository_name
|
||||
|
|
@ -2045,6 +2049,7 @@ def change_token(namespace, repository, code):
|
|||
abort(403) # Permission denied
|
||||
|
||||
|
||||
# Ported
|
||||
@api_bp.route('/repository/<path:repository>/tokens/<code>',
|
||||
methods=['DELETE'])
|
||||
@api_login_required
|
||||
|
|
|
|||
|
|
@ -92,7 +92,7 @@ class RepositoryUserPermission(RepositoryParamResource):
|
|||
'properties': {
|
||||
'role': {
|
||||
'type': 'string',
|
||||
'description': 'Visibility which the repository will start with',
|
||||
'description': 'Role to use for the user',
|
||||
'enum': [
|
||||
'read',
|
||||
'write',
|
||||
|
|
@ -176,12 +176,12 @@ class RepositoryTeamPermission(RepositoryParamResource):
|
|||
'TeamPermission': {
|
||||
'id': 'TeamPermission',
|
||||
'type': 'object',
|
||||
'description': 'Description of a user permission.',
|
||||
'description': 'Description of a team permission.',
|
||||
'required': True,
|
||||
'properties': {
|
||||
'role': {
|
||||
'type': 'string',
|
||||
'description': 'Visibility which the repository will start with',
|
||||
'description': 'Role to use for the team',
|
||||
'enum': [
|
||||
'read',
|
||||
'write',
|
||||
|
|
|
|||
131
endpoints/api/repotoken.py
Normal file
131
endpoints/api/repotoken.py
Normal file
|
|
@ -0,0 +1,131 @@
|
|||
import logging
|
||||
|
||||
from flask import request
|
||||
from flask.ext.restful import abort
|
||||
|
||||
from endpoints.api import (resource, nickname, require_repo_admin, RepositoryParamResource,
|
||||
log_action, validate_json_request)
|
||||
from data import model
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def token_view(token_obj):
|
||||
return {
|
||||
'friendlyName': token_obj.friendly_name,
|
||||
'code': token_obj.code,
|
||||
'role': token_obj.role.name,
|
||||
}
|
||||
|
||||
|
||||
@resource('/v1/repository/<path:repository>/tokens/')
|
||||
class RepositoryTokenList(RepositoryParamResource):
|
||||
""" Resource for creating and listing repository tokens. """
|
||||
schemas = {
|
||||
'NewToken': {
|
||||
'id': 'NewToken',
|
||||
'type': 'object',
|
||||
'description': 'Description of a new token.',
|
||||
'required': True,
|
||||
'properties': {
|
||||
'friendlyName': {
|
||||
'type': 'string',
|
||||
'description': 'Friendly name to help identify the token.',
|
||||
'required': True,
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
@require_repo_admin
|
||||
@nickname('listRepoTokens')
|
||||
def get(self, namespace, repository):
|
||||
""" List the tokens for the specified repository. """
|
||||
tokens = model.get_repository_delegate_tokens(namespace, repository)
|
||||
|
||||
return {
|
||||
'tokens': {token.code: token_view(token) for token in tokens}
|
||||
}
|
||||
|
||||
@require_repo_admin
|
||||
@nickname('createToken')
|
||||
@validate_json_request('NewToken')
|
||||
def post(self, namespace, repository):
|
||||
""" Create a new repository token. """
|
||||
token_params = request.get_json()
|
||||
|
||||
token = model.create_delegate_token(namespace, repository,
|
||||
token_params['friendlyName'])
|
||||
|
||||
log_action('add_repo_accesstoken', namespace,
|
||||
{'repo': repository, 'token': token_params['friendlyName']},
|
||||
repo = model.get_repository(namespace, repository))
|
||||
|
||||
return token_view(token), 201
|
||||
|
||||
|
||||
@resource('/v1/repository/<path:repository>/tokens/<code>')
|
||||
class RepositoryToken(RepositoryParamResource):
|
||||
""" Resource for managing individual tokens. """
|
||||
schemas = {
|
||||
'TokenPermission': {
|
||||
'id': 'TokenPermission',
|
||||
'type': 'object',
|
||||
'description': 'Description of a token permission.',
|
||||
'required': True,
|
||||
'properties': {
|
||||
'role': {
|
||||
'type': 'string',
|
||||
'description': 'Role to use for the token',
|
||||
'enum': [
|
||||
'read',
|
||||
'write',
|
||||
'admin',
|
||||
],
|
||||
'required': True,
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
@require_repo_admin
|
||||
@nickname('getTokens')
|
||||
def get(self, namespace, repository, code):
|
||||
""" Fetch the specified token information. """
|
||||
try:
|
||||
perm = model.get_repo_delegate_token(namespace, repository, code)
|
||||
except model.InvalidTokenException:
|
||||
abort(404)
|
||||
|
||||
return token_view(perm)
|
||||
|
||||
@require_repo_admin
|
||||
@nickname('changeToken')
|
||||
@validate_json_request('TokenPermission')
|
||||
def put(self, namespace, repository, code):
|
||||
new_permission = request.get_json()
|
||||
|
||||
logger.debug('Setting permission to: %s for code %s' %
|
||||
(new_permission['role'], code))
|
||||
|
||||
token = model.set_repo_delegate_token_role(namespace, repository, code,
|
||||
new_permission['role'])
|
||||
|
||||
log_action('change_repo_permission', namespace,
|
||||
{'repo': repository, 'token': token.friendly_name, 'code': code,
|
||||
'role': new_permission['role']},
|
||||
repo = model.get_repository(namespace, repository))
|
||||
|
||||
return token_view(token)
|
||||
|
||||
@require_repo_admin
|
||||
@nickname('deleteToken')
|
||||
def delete(self, namespace, repository, code):
|
||||
token = model.delete_delegate_token(namespace, repository, code)
|
||||
|
||||
log_action('delete_repo_accesstoken', namespace,
|
||||
{'repo': repository, 'token': token.friendly_name,
|
||||
'code': code},
|
||||
repo = model.get_repository(namespace, repository))
|
||||
|
||||
return 'Deleted', 204
|
||||
Reference in a new issue