Merge remote-tracking branch 'origin/master' into rustedbuilds

2014-02-25 17:00:38 -05:00 · 2014-02-25 17:00:38 -05:00 · de49ce151b
commit de49ce151b
parent c3c26ba199 fa4c925e4d
14 changed files with 124 additions and 50 deletions
--- a/auth/auth.py
+++ b/auth/auth.py
@ -1,7 +1,7 @@
 import logging

 from functools import wraps
-from flask import request, _request_ctx_stack, abort, session
+from flask import request, _request_ctx_stack, session
 from flask.ext.principal import identity_changed, Identity
 from base64 import b64decode

@ -10,19 +10,11 @@ from app import app
 from permissions import QuayDeferredPermissionUser

 from util.names import parse_namespace_repository
+from util.http import abort


 logger = logging.getLogger(__name__)

-
-def get_authenticated_user():
-  return getattr(_request_ctx_stack.top, 'authenticated_user', None)
-
-
-def get_validated_token():
-  return getattr(_request_ctx_stack.top, 'validated_token', None)
-
-
 def process_basic_auth(auth):
  normalized = [part.strip() for part in auth.split(' ') if part]
  if normalized[0].lower() != 'basic' or len(normalized) != 2:
@ -89,13 +81,13 @@ def process_token(auth):

  if len(token_details) != 1:
    logger.warning('Invalid token format: %s' % auth)
-    abort(401)
+    abort(401, message="Invalid token format: %(auth)", issue='invalid-auth-token', auth=auth)

  token_vals = {val[0]: val[1] for val in
                (detail.split('=') for detail in token_details)}
  if 'signature' not in token_vals:
    logger.warning('Token does not contain signature: %s' % auth)
-    abort(401)
+    abort(401, message="Token does not contain a valid signature: %(auth)", issue='invalid-auth-token', auth=auth)

  try:
    token_data = model.load_token_data(token_vals['signature'])
@ -103,7 +95,7 @@ def process_token(auth):
  except model.InvalidTokenException:
    logger.warning('Token could not be validated: %s' %
                   token_vals['signature'])
-    abort(401)
+    abort(401, message="Token could not be validated: %(auth)", issue='invalid-auth-token', auth=auth)

  logger.debug('Successfully validated token: %s' % token_data.code)
  ctx = _request_ctx_stack.top
@ -134,7 +126,7 @@ def extract_namespace_repo_from_session(f):
    if 'namespace' not in session or 'repository' not in session:
      logger.error('Unable to load namespace or repository from session: %s' %
                   session)
-      abort(400)
+      abort(400, message="Missing namespace in request")

    return f(session['namespace'], session['repository'], *args, **kwargs)
  return wrapper
--- a/auth/auth_context.py
+++ b/auth/auth_context.py
@ -0,0 +1,7 @@
+from flask import _request_ctx_stack
+
+def get_authenticated_user():
+  return getattr(_request_ctx_stack.top, 'authenticated_user', None)
+
+def get_validated_token():
+  return getattr(_request_ctx_stack.top, 'validated_token', None)
--- a/data/model.py
+++ b/data/model.py
@ -888,16 +888,20 @@ def create_repository(namespace, name, creating_user, visibility='private'):
  return repo


-def __translate_ancestry(old_ancestry, translations, existing_images):
+def __translate_ancestry(old_ancestry, translations, repository, username):
  if old_ancestry == '/':
    return '/'

  def translate_id(old_id):
+    logger.debug('Translating id: %s', old_id)
    if old_id not in translations:
      # Figure out which docker_image_id the old id refers to, then find a
      # a local one
      old = Image.select(Image.docker_image_id).where(Image.id == old_id).get()
-      translations[old_id] = existing_images[old.docker_image_id]
+      image_in_repo = find_create_or_link_image(old.docker_image_id,
+                                                repository, username,
+                                                translations)
+      translations[old_id] = image_in_repo.id

    return translations[old_id]

@ -906,9 +910,14 @@ def __translate_ancestry(old_ancestry, translations, existing_images):
  return '/%s/' % '/'.join(new_ids)


-def create_or_link_image(docker_image_id, repository, username, translations,
-                         existing_images):
+def find_create_or_link_image(docker_image_id, repository, username,
+                              translations):
  with transaction_factory(db):
+    repo_image = get_repo_image(repository.namespace, repository.name,
+                                docker_image_id)
+    if repo_image:
+      return repo_image
+
    query = (Image
      .select(Image, ImageStorage)
      .distinct()
@ -930,7 +939,8 @@ def create_or_link_image(docker_image_id, repository, username, translations,
      logger.debug(msg, docker_image_id, to_copy.storage.uuid)
      
      new_image_ancestry = __translate_ancestry(to_copy.ancestors,
-                                                translations, existing_images)
+                                                translations, repository,
+                                                username)

      storage = to_copy.storage
      origin_image_id = to_copy.id
@ -943,6 +953,7 @@ def create_or_link_image(docker_image_id, repository, username, translations,
                             ancestors=new_image_ancestry)

    if origin_image_id:
+      logger.debug('Storing translation %s -> %s', origin_image_id, new_image.id)
      translations[origin_image_id] = new_image.id

    return new_image
--- a/endpoints/common.py
+++ b/endpoints/common.py
@ -90,12 +90,14 @@ def common_login(db_user):

@app.errorhandler(model.DataModelException)
 def handle_dme(ex):
-  return make_response(ex.message, 400)
+  logger.exception(ex)
+  return make_response('Internal Server Error', 500)


@app.errorhandler(KeyError)
 def handle_dme_key_error(ex):
-  return make_response(ex.message, 400)
+  logger.exception(ex)
+  return make_response('Internal Server Error', 500)


 def generate_csrf_token():
--- a/endpoints/index.py
+++ b/endpoints/index.py
@ -9,8 +9,8 @@ from collections import OrderedDict
 from data import model, userevent
 from data.queue import webhook_queue
 from app import mixpanel, app
-from auth.auth import (process_auth, get_authenticated_user,
-                       get_validated_token)
+from auth.auth import process_auth
+from auth.auth_context import get_authenticated_user, get_validated_token
 from util.names import parse_repository_name
 from util.email import send_confirmation_email
 from auth.permissions import (ModifyRepositoryPermission, UserPermission,
@ -193,17 +193,15 @@ def create_repository(namespace, repository):
                              for desc in image_descriptions])
  new_repo_images = dict(added_images)

-  existing_image_translations = {}
  for existing in model.get_repository_images(namespace, repository):
    if existing.docker_image_id in new_repo_images:
-      existing_image_translations[existing.docker_image_id] = existing.id
      added_images.pop(existing.docker_image_id)

  username = get_authenticated_user() and get_authenticated_user().username
  translations = {}
  for image_description in added_images.values():
-    model.create_or_link_image(image_description['id'], repo, username,
-                               translations, existing_image_translations)
+    model.find_create_or_link_image(image_description['id'], repo, username,
+                                    translations)

  response = make_response('Created', 201)

--- a/endpoints/registry.py
+++ b/endpoints/registry.py
@ -2,7 +2,7 @@ import logging
 import json

 from flask import (make_response, request, session, Response, redirect,
-                   Blueprint, abort as flask_abort)
+                   Blueprint)
 from functools import wraps
 from datetime import datetime
 from time import time
@ -259,7 +259,7 @@ def get_image_json(namespace, repository, image_id, headers):
    data = store.get_content(store.image_json_path(namespace, repository,
                                                   image_id, uuid))
  except IOError:
-    flask_abort(404)
+    abort(404, message='Image data not found')

  try:
    size = store.get_size(store.image_layer_path(namespace, repository,
--- a/initdb.py
+++ b/initdb.py
@ -67,7 +67,8 @@ def __create_subtree(repo, structure, creator_username, parent):
    logger.debug('new docker id: %s' % docker_image_id)
    checksum = __gen_checksum(docker_image_id)

-    new_image = model.create_or_link_image(docker_image_id, repo, None, {}, {})
+    new_image = model.find_create_or_link_image(docker_image_id, repo, None,
+                                                {})
    new_image.storage.uuid = IMAGE_UUIDS[image_num % len(IMAGE_UUIDS)]
    new_image.storage.save()

--- a/static/css/quay.css
+++ b/static/css/quay.css
@ -234,6 +234,10 @@ i.toggle-icon:hover {
  top: 4px;
 }

+.entity-reference-element {
+  white-space: nowrap;
+}
+
 .entity-reference-element i.fa-exclamation-triangle {
  color: #c09853;
  margin-left: 10px;
@ -394,6 +398,10 @@ i.toggle-icon:hover {
  line-height: 25px;
 }

+.logs-view-element .log-performer {
+  white-space: nowrap;
+}
+
 .billing-options-element .current-card {
  font-size: 16px;
  margin-bottom: 20px;
--- a/static/directives/entity-reference.html
+++ b/static/directives/entity-reference.html
@ -1,19 +1,27 @@
 <span class="entity-reference-element">
-  <span ng-show="entity.kind == 'team'">
+  <span ng-if="entity.kind == 'team'">
    <i class="fa fa-group" title="Team" bs-tooltip="tooltip.title" data-container="body"></i> 
    <span class="entity-name">
-      <span ng-show="!getIsAdmin(namespace)">{{entity.name}}</span>
-      <span ng-show="getIsAdmin(namespace)"><a href="/organization/{{ namespace }}/teams/{{ entity.name }}">{{entity.name}}</a></span>
+      <span ng-if="!getIsAdmin(namespace)">{{entity.name}}</span>
+      <span ng-if="getIsAdmin(namespace)"><a href="/organization/{{ namespace }}/teams/{{ entity.name }}">{{entity.name}}</a></span>
    </span>
  </span>
-  <span ng-show="entity.kind != 'team'">
+  <span ng-if="entity.kind != 'team'">
    <i class="fa fa-user" ng-show="!entity.is_robot" title="User" bs-tooltip="tooltip.title" data-container="body"></i>
    <i class="fa fa-wrench" ng-show="entity.is_robot" title="Robot Account" bs-tooltip="tooltip.title" data-container="body"></i> 
-    <span class="entity-name">
-      <span ng-show="entity.is_robot" class="prefix">{{getPrefix(entity.name)}}</span><span>{{getShortenedName(entity.name)}}</span>
+    <span class="entity-name" ng-if="entity.is_robot">
+      <a href="{{ getRobotUrl(entity.name) }}" ng-if="getIsAdmin(getPrefix(entity.name))">
+        <span class="prefix">{{ getPrefix(entity.name) }}+</span><span>{{ getShortenedName(entity.name) }}</span>
+      </a>
+      <span ng-if="!getIsAdmin(getPrefix(entity.name))">
+        <span class="prefix">{{ getPrefix(entity.name) }}+</span><span>{{ getShortenedName(entity.name) }}</span>
+      </span>
+    </span>
+    <span class="entity-name" ng-if="!entity.is_robot">
+      <span>{{getShortenedName(entity.name)}}</span>
    </span>
  </span>
-  <i class="fa fa-exclamation-triangle" ng-show="entity.is_org_member === false"
-     title="This user is not a member of the organization" bs-tooltip="tooltip.title">
+  <i class="fa fa-exclamation-triangle" ng-if="entity.is_org_member === false"
+     title="This user is not a member of the organization" bs-tooltip="tooltip.title" data-container="body">
  </i>
 </span>
--- a/static/directives/entity-search.html
+++ b/static/directives/entity-search.html
@ -7,6 +7,10 @@
    </button>
    <ul class="dropdown-menu" role="menu" aria-labelledby="entityDropdownMenu">
      <li ng-show="lazyLoading" style="padding: 10px"><div class="quay-spinner"></div></li>
+
+      <li role="presentation" class="dropdown-header" ng-show="!lazyLoading && !robots && !isAdmin && !teams">
+        You do not have permission to manage teams and robots for this organization
+      </li>
      
      <li role="presentation" ng-repeat="team in teams" ng-show="!lazyLoading"
          ng-click="setEntity(team.name, 'team', false)">
--- a/static/directives/logs-view.html
+++ b/static/directives/logs-view.html
@ -53,10 +53,10 @@
          </td>
          <td>{{ log.datetime }}</td>
          <td>
-            <span ng-show="log.performer">              
+            <span class="log-performer" ng-show="log.performer">              
              <span class="entity-reference" entity="log.performer" namespace="organization.name"></span>
            </span>
-            <span ng-show="!log.performer && log.metadata.token">
+            <span class="log-performer" ng-show="!log.performer && log.metadata.token">
              <i class="fa fa-key"></i>
              <span>{{ log.metadata.token }}</span>
            </span>
--- a/static/js/app.js
+++ b/static/js/app.js
@ -838,15 +838,34 @@ quayApp.directive('entityReference', function () {
      'entity': '=entity',
      'namespace': '=namespace'
    },
-    controller: function($scope, $element, UserService) {
+    controller: function($scope, $element, UserService, $sanitize) {
      $scope.getIsAdmin = function(namespace) {
        return UserService.isNamespaceAdmin(namespace);
      };

+      $scope.getRobotUrl = function(name) {
+        var namespace = $scope.getPrefix(name);
+        if (!namespace) {
+          return '';
+        }
+
+        if (!$scope.getIsAdmin(namespace)) {
+          return '';
+        }
+
+        var org = UserService.getOrganization(namespace);
+        if (!org) {
+          // This robot is owned by the user.
+          return '/user/?tab=robots&showRobot=' + $sanitize(name);
+        }
+
+        return '/organization/' + org['name'] + '/admin?tab=robots&showRobot=' + $sanitize(name);
+      };
+
      $scope.getPrefix = function(name) {
        if (!name) { return ''; }
        var plus = name.indexOf('+');
-        return name.substr(0, plus + 1);
+        return name.substr(0, plus);
      };

      $scope.getShortenedName = function(name) {
@ -1500,7 +1519,7 @@ quayApp.directive('robotsManager', function () {
      'organization': '=organization',
      'user': '=user'
    },
-    controller: function($scope, $element, ApiService) {
+    controller: function($scope, $element, ApiService, $routeParams) {
      $scope.ROBOT_PATTERN = ROBOT_PATTERN;
      $scope.robots = null;
      $scope.loading = false;
@ -1511,6 +1530,15 @@ quayApp.directive('robotsManager', function () {
        $scope.shownRobot = info;
        $scope.showRobotCounter++;
      };
+      
+      $scope.findRobotIndexByName = function(name) {
+        for (var i = 0; i < $scope.robots.length; ++i) {
+          if ($scope.robots[i].name == name) {
+            return i;
+          }
+        }
+        return -1;
+      };

      $scope.getShortenedName = function(name) {
        var plus = name.indexOf('+');
@ -1534,11 +1562,9 @@ quayApp.directive('robotsManager', function () {
      $scope.deleteRobot = function(info) {
        var shortName = $scope.getShortenedName(info.name);
        ApiService.deleteRobot($scope.organization, null, {'robot_shortname': shortName}).then(function(resp) {
-          for (var i = 0; i < $scope.robots.length; ++i) {
-            if ($scope.robots[i].name == info.name) {
-              $scope.robots.splice(i, 1);
-              return;
-            }
+          var index = $scope.findRobotIndexByName(info.name);
+          if (index >= 0) {
+            $scope.robots.splice(index, 1);
          }
        }, function() {
           bootbox.dialog({
@ -1562,6 +1588,13 @@ quayApp.directive('robotsManager', function () {
        ApiService.getRobots($scope.organization).then(function(resp) {
          $scope.robots = resp.robots;
          $scope.loading = false;
+
+          if ($routeParams.showRobot) {
+            var index = $scope.findRobotIndexByName($routeParams.showRobot);
+            if (index >= 0) {
+              $scope.showRobot($scope.robots[index]);
+            }
+          }
        });
      };

@ -2004,8 +2037,17 @@ quayApp.directive('entitySearch', function () {
      $scope.lazyLoad = function() {
        if (!$scope.namespace || !$scope.lazyLoading) { return; }

+        // Determine whether we can admin this namespace.
        $scope.isAdmin = UserService.isNamespaceAdmin($scope.namespace);

+        // If the scope is an organization and we are not part of it, then nothing more we can do.
+        if (!$scope.isAdmin && $scope.isOrganization && !UserService.getOrganization($scope.namespace)) {
+          $scope.teams = null;
+          $scope.robots = null;
+          $scope.lazyLoading = false;
+          return;
+        }
+
        if ($scope.isOrganization && $scope.includeTeams) {
          ApiService.getOrganization(null, {'orgname': $scope.namespace}).then(function(resp) {
            $scope.teams = resp.teams;
--- a/test/test_image_sharing.py
+++ b/test/test_image_sharing.py
@ -43,7 +43,7 @@ class TestImageSharing(unittest.TestCase):

  def createStorage(self, docker_image_id, repository=REPO, username=ADMIN_ACCESS_USER):
    repository_obj = model.get_repository(repository.split('/')[0], repository.split('/')[1])
-    image = model.create_or_link_image(docker_image_id, repository_obj, username, {}, {})
+    image = model.find_create_or_link_image(docker_image_id, repository_obj, username, {})
    return image.storage.id

  def assertSameStorage(self, docker_image_id, storage_id, repository=REPO, username=ADMIN_ACCESS_USER):
--- a/util/http.py
+++ b/util/http.py
@ -2,7 +2,7 @@ import logging

 from app import mixpanel
 from flask import request, abort as flask_abort, jsonify
-from auth.auth import get_authenticated_user, get_validated_token
+from auth.auth_context import get_authenticated_user, get_validated_token

 logger = logging.getLogger(__name__)

@ -16,6 +16,7 @@ DEFAULT_MESSAGE[409] = 'Conflict'
 DEFAULT_MESSAGE[501] = 'Not Implemented'

 def abort(status_code, message=None, issue=None, **kwargs):
+
  message = (str(message) % kwargs if message else
             DEFAULT_MESSAGE.get(status_code, ''))