import json import logging from flask import request, url_for from urllib import quote from urlparse import urlunparse from app import app from endpoints.api import (RepositoryParamResource, nickname, resource, require_repo_admin, log_action, request_error, query_param, parse_args, internal_only, validate_json_request, api, Unauthorized, NotFound, InvalidRequest) from endpoints.api.build import (build_status_view, trigger_view, RepositoryBuildStatus, get_trigger_config) from endpoints.common import start_build from endpoints.trigger import (BuildTrigger as BuildTriggerBase, TriggerDeactivationException, TriggerActivationException, EmptyRepositoryException, RepositoryReadException) from data import model from auth.permissions import UserAdminPermission, AdministerOrganizationPermission from util.names import parse_robot_username logger = logging.getLogger(__name__) def _prepare_webhook_url(scheme, username, password, hostname, path): auth_hostname = '%s:%s@%s' % (quote(username), quote(password), hostname) return urlunparse((scheme, auth_hostname, path, '', '', '')) @resource('/v1/repository//trigger/') class BuildTriggerList(RepositoryParamResource): """ Resource for listing repository build triggers. """ @require_repo_admin @nickname('listBuildTriggers') def get(self, namespace, repository): """ List the triggers for the specified repository. """ triggers = model.list_build_triggers(namespace, repository) return { 'triggers': [trigger_view(trigger) for trigger in triggers] } @resource('/v1/repository//trigger/') class BuildTrigger(RepositoryParamResource): """ Resource for managing specific build triggers. """ @require_repo_admin @nickname('getBuildTrigger') def get(self, namespace, repository, trigger_uuid): """ Get information for the specified build trigger. """ try: trigger = model.get_build_trigger(namespace, repository, trigger_uuid) except model.InvalidBuildTriggerException: raise NotFound() return trigger_view(trigger) @require_repo_admin @nickname('deleteBuildTrigger') def delete(self, namespace, repository, trigger_uuid): """ Delete the specified build trigger. """ try: trigger = model.get_build_trigger(namespace, repository, trigger_uuid) except model.InvalidBuildTriggerException: raise NotFound() handler = BuildTriggerBase.get_trigger_for_service(trigger.service.name) config_dict = get_trigger_config(trigger) if handler.is_active(config_dict): try: handler.deactivate(trigger.auth_token, config_dict) except TriggerDeactivationException as ex: # We are just going to eat this error logger.warning('Trigger deactivation problem: %s', ex) log_action('delete_repo_trigger', namespace, {'repo': repository, 'trigger_id': trigger_uuid, 'service': trigger.service.name, 'config': config_dict}, repo=model.get_repository(namespace, repository)) trigger.delete_instance(recursive=True) return 'No Content', 204 @resource('/v1/repository//trigger//subdir') @internal_only class BuildTriggerSubdirs(RepositoryParamResource): """ Custom verb for fetching the subdirs which are buildable for a trigger. """ schemas = { 'BuildTriggerSubdirRequest': { 'id': 'BuildTriggerSubdirRequest', 'type': 'object', 'description': 'Arbitrary json.', }, } @require_repo_admin @nickname('listBuildTriggerSubdirs') @validate_json_request('BuildTriggerSubdirRequest') def post(self, namespace, repository, trigger_uuid): """ List the subdirectories available for the specified build trigger and source. """ try: trigger = model.get_build_trigger(namespace, repository, trigger_uuid) except model.InvalidBuildTriggerException: raise NotFound() handler = BuildTriggerBase.get_trigger_for_service(trigger.service.name) user_permission = UserAdminPermission(trigger.connected_user.username) if user_permission.can(): new_config_dict = request.get_json() try: subdirs = handler.list_build_subdirs(trigger.auth_token, new_config_dict) return { 'subdir': subdirs, 'status': 'success' } except EmptyRepositoryException as exc: return { 'status': 'success', 'subdir': [] } except RepositoryReadException as exc: return { 'status': 'error', 'message': exc.message } else: raise Unauthorized() @resource('/v1/repository//trigger//activate') @internal_only class BuildTriggerActivate(RepositoryParamResource): """ Custom verb for activating a build trigger once all required information has been collected. """ schemas = { 'BuildTriggerActivateRequest': { 'id': 'BuildTriggerActivateRequest', 'type': 'object', 'required': [ 'config' ], 'properties': { 'config': { 'type': 'object', 'description': 'Arbitrary json.', }, 'pull_robot': { 'type': 'string', 'description': 'The name of the robot that will be used to pull images.' } } }, } @require_repo_admin @nickname('activateBuildTrigger') @validate_json_request('BuildTriggerActivateRequest') def post(self, namespace, repository, trigger_uuid): """ Activate the specified build trigger. """ try: trigger = model.get_build_trigger(namespace, repository, trigger_uuid) except model.InvalidBuildTriggerException: raise NotFound() handler = BuildTriggerBase.get_trigger_for_service(trigger.service.name) existing_config_dict = get_trigger_config(trigger) if handler.is_active(existing_config_dict): raise InvalidRequest('Trigger config is not sufficient for activation.') user_permission = UserAdminPermission(trigger.connected_user.username) if user_permission.can(): # Update the pull robot (if any). pull_robot_name = request.get_json().get('pull_robot', None) if pull_robot_name: pull_robot = model.lookup_robot(pull_robot_name) if not pull_robot: raise NotFound() # Make sure the user has administer permissions for the robot's namespace. (robot_namespace, shortname) = parse_robot_username(pull_robot_name) if not AdministerOrganizationPermission(robot_namespace).can(): raise Unauthorized() # Make sure the namespace matches that of the trigger. if robot_namespace != namespace: raise Unauthorized() # Set the pull robot. trigger.pull_robot = pull_robot # Update the config. new_config_dict = request.get_json()['config'] token_name = 'Build Trigger: %s' % trigger.service.name token = model.create_delegate_token(namespace, repository, token_name, 'write') try: repository_path = '%s/%s' % (trigger.repository.namespace, trigger.repository.name) path = url_for('webhooks.build_trigger_webhook', repository=repository_path, trigger_uuid=trigger.uuid) authed_url = _prepare_webhook_url(app.config['URL_SCHEME'], '$token', token.code, app.config['URL_HOST'], path) final_config = handler.activate(trigger.uuid, authed_url, trigger.auth_token, new_config_dict) except TriggerActivationException as exc: token.delete_instance() raise request_error(message=exc.message) # Save the updated config. trigger.config = json.dumps(final_config) trigger.write_token = token trigger.save() # Log the trigger setup. repo = model.get_repository(namespace, repository) log_action('setup_repo_trigger', namespace, {'repo': repository, 'namespace': namespace, 'trigger_id': trigger.uuid, 'service': trigger.service.name, 'pull_robot': trigger.pull_robot.username if trigger.pull_robot else None, 'config': final_config}, repo=repo) return trigger_view(trigger) else: raise Unauthorized() @resource('/v1/repository//trigger//start') class ActivateBuildTrigger(RepositoryParamResource): """ Custom verb to manually activate a build trigger. """ @require_repo_admin @nickname('manuallyStartBuildTrigger') def post(self, namespace, repository, trigger_uuid): """ Manually start a build from the specified trigger. """ try: trigger = model.get_build_trigger(namespace, repository, trigger_uuid) except model.InvalidBuildTriggerException: raise NotFound() handler = BuildTriggerBase.get_trigger_for_service(trigger.service.name) config_dict = get_trigger_config(trigger) if not handler.is_active(config_dict): raise InvalidRequest('Trigger is not active.') specs = handler.manual_start(trigger.auth_token, config_dict) dockerfile_id, tags, name, subdir = specs repo = model.get_repository(namespace, repository) pull_robot_name = model.get_pull_robot_name(trigger) build_request = start_build(repo, dockerfile_id, tags, name, subdir, True, pull_robot_name=pull_robot_name) resp = build_status_view(build_request, True) repo_string = '%s/%s' % (namespace, repository) headers = { 'Location': api.url_for(RepositoryBuildStatus, repository=repo_string, build_uuid=build_request.uuid), } return resp, 201, headers @resource('/v1/repository//trigger//builds') class TriggerBuildList(RepositoryParamResource): """ Resource to represent builds that were activated from the specified trigger. """ @require_repo_admin @parse_args @query_param('limit', 'The maximum number of builds to return', type=int, default=5) @nickname('listTriggerRecentBuilds') def get(self, args, namespace, repository, trigger_uuid): """ List the builds started by the specified trigger. """ limit = args['limit'] builds = list(model.list_trigger_builds(namespace, repository, trigger_uuid, limit)) return { 'builds': [build_status_view(build, True) for build in builds] } @resource('/v1/repository//trigger//sources') @internal_only class BuildTriggerSources(RepositoryParamResource): """ Custom verb to fetch the list of build sources for the trigger config. """ @require_repo_admin @nickname('listTriggerBuildSources') def get(self, namespace, repository, trigger_uuid): """ List the build sources for the trigger configuration thus far. """ try: trigger = model.get_build_trigger(namespace, repository, trigger_uuid) except model.InvalidBuildTriggerException: raise NotFound() user_permission = UserAdminPermission(trigger.connected_user.username) if user_permission.can(): trigger_handler = BuildTriggerBase.get_trigger_for_service(trigger.service.name) return { 'sources': trigger_handler.list_build_sources(trigger.auth_token) } else: raise Unauthorized()