525 lines
		
	
	
	
		
			19 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
			
		
		
	
	
			525 lines
		
	
	
	
		
			19 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
| """ Create, list and manage build triggers. """
 | |
| 
 | |
| import json
 | |
| import logging
 | |
| 
 | |
| from urllib import quote
 | |
| from urlparse import urlunparse
 | |
| 
 | |
| from flask import request, url_for
 | |
| 
 | |
| from app import app
 | |
| from buildtrigger.basehandler import BuildTriggerHandler
 | |
| from buildtrigger.triggerutil import (TriggerDeactivationException,
 | |
|                                       TriggerActivationException, EmptyRepositoryException,
 | |
|                                       RepositoryReadException, TriggerStartException)
 | |
| from endpoints.api import (RepositoryParamResource, nickname, resource, require_repo_admin,
 | |
|                            log_action, request_error, query_param, parse_args, internal_only,
 | |
|                            validate_json_request, api, path_param, abort)
 | |
| from endpoints.exception import NotFound, Unauthorized, InvalidRequest
 | |
| from endpoints.api.build import build_status_view, trigger_view, RepositoryBuildStatus
 | |
| from endpoints.building import start_build, MaximumBuildsQueuedException
 | |
| from data import model
 | |
| from auth.permissions import (UserAdminPermission, AdministerOrganizationPermission,
 | |
|                               ReadRepositoryPermission, AdministerRepositoryPermission)
 | |
| from util.names import parse_robot_username
 | |
| from util.dockerfileparse import parse_dockerfile
 | |
| 
 | |
| 
 | |
| logger = logging.getLogger(__name__)
 | |
| 
 | |
| 
 | |
| def _prepare_webhook_url(scheme, username, password, hostname, path):
 | |
|   auth_hostname = '%s:%s@%s' % (quote(username), quote(password), hostname)
 | |
|   return urlunparse((scheme, auth_hostname, path, '', '', ''))
 | |
| 
 | |
| 
 | |
| @resource('/v1/repository/<apirepopath:repository>/trigger/')
 | |
| @path_param('repository', 'The full path of the repository. e.g. namespace/name')
 | |
| class BuildTriggerList(RepositoryParamResource):
 | |
|   """ Resource for listing repository build triggers. """
 | |
| 
 | |
|   @require_repo_admin
 | |
|   @nickname('listBuildTriggers')
 | |
|   def get(self, namespace_name, repo_name):
 | |
|     """ List the triggers for the specified repository. """
 | |
|     triggers = model.build.list_build_triggers(namespace_name, repo_name)
 | |
|     return {
 | |
|       'triggers': [trigger_view(trigger, can_admin=True) for trigger in triggers]
 | |
|     }
 | |
| 
 | |
| 
 | |
| @resource('/v1/repository/<apirepopath:repository>/trigger/<trigger_uuid>')
 | |
| @path_param('repository', 'The full path of the repository. e.g. namespace/name')
 | |
| @path_param('trigger_uuid', 'The UUID of the build trigger')
 | |
| class BuildTrigger(RepositoryParamResource):
 | |
|   """ Resource for managing specific build triggers. """
 | |
| 
 | |
|   @require_repo_admin
 | |
|   @nickname('getBuildTrigger')
 | |
|   def get(self, namespace_name, repo_name, trigger_uuid):
 | |
|     """ Get information for the specified build trigger. """
 | |
|     try:
 | |
|       trigger = model.build.get_build_trigger(trigger_uuid)
 | |
|     except model.InvalidBuildTriggerException:
 | |
|       raise NotFound()
 | |
| 
 | |
|     return trigger_view(trigger, can_admin=True)
 | |
| 
 | |
|   @require_repo_admin
 | |
|   @nickname('deleteBuildTrigger')
 | |
|   def delete(self, namespace_name, repo_name, trigger_uuid):
 | |
|     """ Delete the specified build trigger. """
 | |
|     try:
 | |
|       trigger = model.build.get_build_trigger(trigger_uuid)
 | |
|     except model.InvalidBuildTriggerException:
 | |
|       raise NotFound()
 | |
| 
 | |
|     handler = BuildTriggerHandler.get_handler(trigger)
 | |
|     if handler.is_active():
 | |
|       try:
 | |
|         handler.deactivate()
 | |
|       except TriggerDeactivationException as ex:
 | |
|         # We are just going to eat this error
 | |
|         logger.warning('Trigger deactivation problem: %s', ex)
 | |
| 
 | |
|       log_action('delete_repo_trigger', namespace_name,
 | |
|                  {'repo': repo_name, 'trigger_id': trigger_uuid,
 | |
|                   'service': trigger.service.name},
 | |
|                  repo=model.repository.get_repository(namespace_name, repo_name))
 | |
| 
 | |
|     trigger.delete_instance(recursive=True)
 | |
| 
 | |
|     if trigger.write_token is not None:
 | |
|       trigger.write_token.delete_instance()
 | |
| 
 | |
|     return 'No Content', 204
 | |
| 
 | |
| 
 | |
| @resource('/v1/repository/<apirepopath:repository>/trigger/<trigger_uuid>/subdir')
 | |
| @path_param('repository', 'The full path of the repository. e.g. namespace/name')
 | |
| @path_param('trigger_uuid', 'The UUID of the build trigger')
 | |
| @internal_only
 | |
| class BuildTriggerSubdirs(RepositoryParamResource):
 | |
|   """ Custom verb for fetching the subdirs which are buildable for a trigger. """
 | |
|   schemas = {
 | |
|     'BuildTriggerSubdirRequest': {
 | |
|       'type': 'object',
 | |
|       'description': 'Arbitrary json.',
 | |
|     },
 | |
|   }
 | |
| 
 | |
|   @require_repo_admin
 | |
|   @nickname('listBuildTriggerSubdirs')
 | |
|   @validate_json_request('BuildTriggerSubdirRequest')
 | |
|   def post(self, namespace_name, repo_name, trigger_uuid):
 | |
|     """ List the subdirectories available for the specified build trigger and source. """
 | |
|     try:
 | |
|       trigger = model.build.get_build_trigger(trigger_uuid)
 | |
|     except model.InvalidBuildTriggerException:
 | |
|       raise NotFound()
 | |
| 
 | |
|     user_permission = UserAdminPermission(trigger.connected_user.username)
 | |
|     if user_permission.can():
 | |
|       new_config_dict = request.get_json()
 | |
|       handler = BuildTriggerHandler.get_handler(trigger, new_config_dict)
 | |
| 
 | |
|       try:
 | |
|         subdirs = handler.list_build_subdirs()
 | |
|         return {
 | |
|           'subdir': subdirs,
 | |
|           'status': 'success'
 | |
|         }
 | |
|       except EmptyRepositoryException as exc:
 | |
|         return {
 | |
|           'status': 'success',
 | |
|           'subdir': []
 | |
|         }
 | |
|       except RepositoryReadException as exc:
 | |
|         return {
 | |
|           'status': 'error',
 | |
|           'message': exc.message
 | |
|         }
 | |
|     else:
 | |
|       raise Unauthorized()
 | |
| 
 | |
| 
 | |
| @resource('/v1/repository/<apirepopath:repository>/trigger/<trigger_uuid>/activate')
 | |
| @path_param('repository', 'The full path of the repository. e.g. namespace/name')
 | |
| @path_param('trigger_uuid', 'The UUID of the build trigger')
 | |
| class BuildTriggerActivate(RepositoryParamResource):
 | |
|   """ Custom verb for activating a build trigger once all required information has been collected.
 | |
|   """
 | |
|   schemas = {
 | |
|     'BuildTriggerActivateRequest': {
 | |
|       'type': 'object',
 | |
|       'required': [
 | |
|         'config'
 | |
|       ],
 | |
|       'properties': {
 | |
|         'config': {
 | |
|           'type': 'object',
 | |
|           'description': 'Arbitrary json.',
 | |
|         },
 | |
|         'pull_robot': {
 | |
|           'type': 'string',
 | |
|           'description': 'The name of the robot that will be used to pull images.'
 | |
|         }
 | |
|       }
 | |
|     },
 | |
|   }
 | |
| 
 | |
|   @require_repo_admin
 | |
|   @nickname('activateBuildTrigger')
 | |
|   @validate_json_request('BuildTriggerActivateRequest')
 | |
|   def post(self, namespace_name, repo_name, trigger_uuid):
 | |
|     """ Activate the specified build trigger. """
 | |
|     try:
 | |
|       trigger = model.build.get_build_trigger(trigger_uuid)
 | |
|     except model.InvalidBuildTriggerException:
 | |
|       raise NotFound()
 | |
| 
 | |
|     handler = BuildTriggerHandler.get_handler(trigger)
 | |
|     if handler.is_active():
 | |
|       raise InvalidRequest('Trigger config is not sufficient for activation.')
 | |
| 
 | |
|     user_permission = UserAdminPermission(trigger.connected_user.username)
 | |
|     if user_permission.can():
 | |
|       # Update the pull robot (if any).
 | |
|       pull_robot_name = request.get_json().get('pull_robot', None)
 | |
|       if pull_robot_name:
 | |
|         try:
 | |
|           pull_robot = model.user.lookup_robot(pull_robot_name)
 | |
|         except model.InvalidRobotException:
 | |
|           raise NotFound()
 | |
| 
 | |
|         # Make sure the user has administer permissions for the robot's namespace.
 | |
|         (robot_namespace, _) = parse_robot_username(pull_robot_name)
 | |
|         if not AdministerOrganizationPermission(robot_namespace).can():
 | |
|           raise Unauthorized()
 | |
| 
 | |
|         # Make sure the namespace matches that of the trigger.
 | |
|         if robot_namespace != namespace_name:
 | |
|           raise Unauthorized()
 | |
| 
 | |
|         # Set the pull robot.
 | |
|         trigger.pull_robot = pull_robot
 | |
| 
 | |
|       # Update the config.
 | |
|       new_config_dict = request.get_json()['config']
 | |
| 
 | |
|       write_token_name = 'Build Trigger: %s' % trigger.service.name
 | |
|       write_token = model.token.create_delegate_token(namespace_name, repo_name, write_token_name,
 | |
|                                                       'write')
 | |
| 
 | |
|       try:
 | |
|         path = url_for('webhooks.build_trigger_webhook', trigger_uuid=trigger.uuid)
 | |
|         authed_url = _prepare_webhook_url(app.config['PREFERRED_URL_SCHEME'],
 | |
|                                           '$token', write_token.code,
 | |
|                                           app.config['SERVER_HOSTNAME'], path)
 | |
| 
 | |
|         handler = BuildTriggerHandler.get_handler(trigger, new_config_dict)
 | |
|         final_config, private_config = handler.activate(authed_url)
 | |
| 
 | |
|         if 'private_key' in private_config:
 | |
|           trigger.private_key = private_config['private_key']
 | |
| 
 | |
|       except TriggerActivationException as exc:
 | |
|         write_token.delete_instance()
 | |
|         raise request_error(message=exc.message)
 | |
| 
 | |
|       # Save the updated config.
 | |
|       trigger.config = json.dumps(final_config)
 | |
|       trigger.write_token = write_token
 | |
|       trigger.save()
 | |
| 
 | |
|       # Log the trigger setup.
 | |
|       repo = model.repository.get_repository(namespace_name, repo_name)
 | |
|       log_action('setup_repo_trigger', namespace_name,
 | |
|                  {'repo': repo_name, 'namespace': namespace_name,
 | |
|                   'trigger_id': trigger.uuid, 'service': trigger.service.name,
 | |
|                   'pull_robot': trigger.pull_robot.username if trigger.pull_robot else None,
 | |
|                   'config': final_config},
 | |
|                  repo=repo)
 | |
| 
 | |
|       return trigger_view(trigger, can_admin=True)
 | |
|     else:
 | |
|       raise Unauthorized()
 | |
| 
 | |
| 
 | |
| @resource('/v1/repository/<apirepopath:repository>/trigger/<trigger_uuid>/analyze')
 | |
| @path_param('repository', 'The full path of the repository. e.g. namespace/name')
 | |
| @path_param('trigger_uuid', 'The UUID of the build trigger')
 | |
| @internal_only
 | |
| class BuildTriggerAnalyze(RepositoryParamResource):
 | |
|   """ Custom verb for analyzing the config for a build trigger and suggesting various changes
 | |
|       (such as a robot account to use for pulling)
 | |
|   """
 | |
|   schemas = {
 | |
|     'BuildTriggerAnalyzeRequest': {
 | |
|       'type': 'object',
 | |
|       'required': [
 | |
|         'config'
 | |
|       ],
 | |
|       'properties': {
 | |
|         'config': {
 | |
|           'type': 'object',
 | |
|           'description': 'Arbitrary json.',
 | |
|         }
 | |
|       }
 | |
|     },
 | |
|   }
 | |
| 
 | |
|   @require_repo_admin
 | |
|   @nickname('analyzeBuildTrigger')
 | |
|   @validate_json_request('BuildTriggerAnalyzeRequest')
 | |
|   def post(self, namespace_name, repo_name, trigger_uuid):
 | |
|     """ Analyze the specified build trigger configuration. """
 | |
|     try:
 | |
|       trigger = model.build.get_build_trigger(trigger_uuid)
 | |
|     except model.InvalidBuildTriggerException:
 | |
|       raise NotFound()
 | |
| 
 | |
|     new_config_dict = request.get_json()['config']
 | |
|     handler = BuildTriggerHandler.get_handler(trigger, new_config_dict)
 | |
| 
 | |
|     try:
 | |
|       # Load the contents of the Dockerfile.
 | |
|       contents = handler.load_dockerfile_contents()
 | |
|       if not contents:
 | |
|         return {
 | |
|           'status': 'error',
 | |
|           'message': 'Could not read the Dockerfile for the trigger'
 | |
|         }
 | |
| 
 | |
|       # Parse the contents of the Dockerfile.
 | |
|       parsed = parse_dockerfile(contents)
 | |
|       if not parsed:
 | |
|         return {
 | |
|           'status': 'error',
 | |
|           'message': 'Could not parse the Dockerfile specified'
 | |
|         }
 | |
| 
 | |
|       # Determine the base image (i.e. the FROM) for the Dockerfile.
 | |
|       base_image = parsed.get_base_image()
 | |
|       if not base_image:
 | |
|         return {
 | |
|           'status': 'warning',
 | |
|           'message': 'No FROM line found in the Dockerfile'
 | |
|         }
 | |
| 
 | |
|       # Check to see if the base image lives in Quay.
 | |
|       quay_registry_prefix = '%s/' % (app.config['SERVER_HOSTNAME'])
 | |
| 
 | |
|       if not base_image.startswith(quay_registry_prefix):
 | |
|         return {
 | |
|           'status': 'publicbase'
 | |
|         }
 | |
| 
 | |
|       # Lookup the repository in Quay.
 | |
|       result = base_image[len(quay_registry_prefix):].split('/', 2)
 | |
|       if len(result) != 2:
 | |
|         return {
 | |
|           'status': 'warning',
 | |
|           'message': '"%s" is not a valid Quay repository path' % (base_image)
 | |
|         }
 | |
| 
 | |
|       (base_namespace, base_repository) = result
 | |
|       found_repository = model.repository.get_repository(base_namespace, base_repository)
 | |
|       if not found_repository:
 | |
|         return {
 | |
|           'status': 'error',
 | |
|           'message': 'Repository "%s" referenced by the Dockerfile was not found' % (base_image)
 | |
|         }
 | |
| 
 | |
|       # If the repository is private and the user cannot see that repo, then
 | |
|       # mark it as not found.
 | |
|       can_read = ReadRepositoryPermission(base_namespace, base_repository)
 | |
|       if found_repository.visibility.name != 'public' and not can_read:
 | |
|         return {
 | |
|           'status': 'error',
 | |
|           'message': 'Repository "%s" referenced by the Dockerfile was not found' % (base_image)
 | |
|         }
 | |
| 
 | |
|       # Check to see if the repository is public. If not, we suggest the
 | |
|       # usage of a robot account to conduct the pull.
 | |
|       read_robots = []
 | |
| 
 | |
|       if AdministerOrganizationPermission(base_namespace).can():
 | |
|         def robot_view(robot):
 | |
|           return {
 | |
|             'name': robot.username,
 | |
|             'kind': 'user',
 | |
|             'is_robot': True
 | |
|           }
 | |
| 
 | |
|         def is_valid_robot(user):
 | |
|           # Make sure the user is a robot.
 | |
|           if not user.robot:
 | |
|             return False
 | |
| 
 | |
|           # Make sure the current user can see/administer the robot.
 | |
|           (robot_namespace, shortname) = parse_robot_username(user.username)
 | |
|           return AdministerOrganizationPermission(robot_namespace).can()
 | |
| 
 | |
|         repo_users = list(model.user.get_all_repo_users_transitive(base_namespace, base_repository))
 | |
|         read_robots = [robot_view(user) for user in repo_users if is_valid_robot(user)]
 | |
| 
 | |
|       return {
 | |
|         'namespace': base_namespace,
 | |
|         'name': base_repository,
 | |
|         'is_public': found_repository.visibility.name == 'public',
 | |
|         'robots': read_robots,
 | |
|         'status': 'analyzed'
 | |
|       }
 | |
| 
 | |
|     except RepositoryReadException as rre:
 | |
|       return {
 | |
|         'status': 'error',
 | |
|         'message': rre.message
 | |
|       }
 | |
|     except NotImplementedError:
 | |
|       return {
 | |
|         'status': 'notimplemented',
 | |
|       }
 | |
| 
 | |
|     raise NotFound()
 | |
| 
 | |
| 
 | |
| @resource('/v1/repository/<apirepopath:repository>/trigger/<trigger_uuid>/start')
 | |
| @path_param('repository', 'The full path of the repository. e.g. namespace/name')
 | |
| @path_param('trigger_uuid', 'The UUID of the build trigger')
 | |
| class ActivateBuildTrigger(RepositoryParamResource):
 | |
|   """ Custom verb to manually activate a build trigger. """
 | |
|   schemas = {
 | |
|     'RunParameters': {
 | |
|       'type': 'object',
 | |
|       'description': 'Optional run parameters for activating the build trigger',
 | |
|       'properties': {
 | |
|         'branch_name': {
 | |
|           'type': 'string',
 | |
|           'description': '(SCM only) If specified, the name of the branch to build.'
 | |
|         },
 | |
|         'commit_sha': {
 | |
|           'type': 'string',
 | |
|           'description': '(Custom Only) If specified, the ref/SHA1 used to checkout a git repository.'
 | |
|         },
 | |
|         'refs': {
 | |
|           'type': 'object',
 | |
|           'description': '(SCM Only) If specified, the ref to build.'
 | |
|         }
 | |
|       },
 | |
|       'additionalProperties': False
 | |
|     }
 | |
|   }
 | |
| 
 | |
|   @require_repo_admin
 | |
|   @nickname('manuallyStartBuildTrigger')
 | |
|   @validate_json_request('RunParameters')
 | |
|   def post(self, namespace_name, repo_name, trigger_uuid):
 | |
|     """ Manually start a build from the specified trigger. """
 | |
|     try:
 | |
|       trigger = model.build.get_build_trigger(trigger_uuid)
 | |
|     except model.InvalidBuildTriggerException:
 | |
|       raise NotFound()
 | |
| 
 | |
|     handler = BuildTriggerHandler.get_handler(trigger)
 | |
|     if not handler.is_active():
 | |
|       raise InvalidRequest('Trigger is not active.')
 | |
| 
 | |
|     try:
 | |
|       repo = model.repository.get_repository(namespace_name, repo_name)
 | |
|       pull_robot_name = model.build.get_pull_robot_name(trigger)
 | |
| 
 | |
|       run_parameters = request.get_json()
 | |
|       prepared = handler.manual_start(run_parameters=run_parameters)
 | |
|       build_request = start_build(repo, prepared, pull_robot_name=pull_robot_name)
 | |
|     except TriggerStartException as tse:
 | |
|       raise InvalidRequest(tse.message)
 | |
|     except MaximumBuildsQueuedException:
 | |
|       abort(429, message='Maximum queued build rate exceeded.')
 | |
| 
 | |
|     resp = build_status_view(build_request)
 | |
|     repo_string = '%s/%s' % (namespace_name, repo_name)
 | |
|     headers = {
 | |
|       'Location': api.url_for(RepositoryBuildStatus, repository=repo_string,
 | |
|                               build_uuid=build_request.uuid),
 | |
|     }
 | |
|     return resp, 201, headers
 | |
| 
 | |
| 
 | |
| @resource('/v1/repository/<apirepopath:repository>/trigger/<trigger_uuid>/builds')
 | |
| @path_param('repository', 'The full path of the repository. e.g. namespace/name')
 | |
| @path_param('trigger_uuid', 'The UUID of the build trigger')
 | |
| class TriggerBuildList(RepositoryParamResource):
 | |
|   """ Resource to represent builds that were activated from the specified trigger. """
 | |
|   @require_repo_admin
 | |
|   @parse_args()
 | |
|   @query_param('limit', 'The maximum number of builds to return', type=int, default=5)
 | |
|   @nickname('listTriggerRecentBuilds')
 | |
|   def get(self, namespace_name, repo_name, trigger_uuid, parsed_args):
 | |
|     """ List the builds started by the specified trigger. """
 | |
|     limit = parsed_args['limit']
 | |
|     builds = model.build.list_trigger_builds(namespace_name, repo_name, trigger_uuid, limit)
 | |
|     return {
 | |
|       'builds': [build_status_view(bld) for bld in builds]
 | |
|     }
 | |
| 
 | |
| 
 | |
| FIELD_VALUE_LIMIT = 30
 | |
| 
 | |
| @resource('/v1/repository/<apirepopath:repository>/trigger/<trigger_uuid>/fields/<field_name>')
 | |
| @internal_only
 | |
| class BuildTriggerFieldValues(RepositoryParamResource):
 | |
|   """ Custom verb to fetch a values list for a particular field name. """
 | |
|   @require_repo_admin
 | |
|   @nickname('listTriggerFieldValues')
 | |
|   def post(self, namespace_name, repo_name, trigger_uuid, field_name):
 | |
|     """ List the field values for a custom run field. """
 | |
|     try:
 | |
|       trigger = model.build.get_build_trigger(trigger_uuid)
 | |
|     except model.InvalidBuildTriggerException:
 | |
|       raise NotFound()
 | |
| 
 | |
|     config = request.get_json() or None
 | |
|     if AdministerRepositoryPermission(namespace_name, repo_name).can():
 | |
|       handler = BuildTriggerHandler.get_handler(trigger, config)
 | |
|       values = handler.list_field_values(field_name, limit=FIELD_VALUE_LIMIT)
 | |
| 
 | |
|       if values is None:
 | |
|         raise NotFound()
 | |
| 
 | |
|       return {
 | |
|         'values': values
 | |
|       }
 | |
|     else:
 | |
|       raise Unauthorized()
 | |
| 
 | |
| 
 | |
| @resource('/v1/repository/<apirepopath:repository>/trigger/<trigger_uuid>/sources')
 | |
| @path_param('repository', 'The full path of the repository. e.g. namespace/name')
 | |
| @path_param('trigger_uuid', 'The UUID of the build trigger')
 | |
| @internal_only
 | |
| class BuildTriggerSources(RepositoryParamResource):
 | |
|   """ Custom verb to fetch the list of build sources for the trigger config. """
 | |
|   @require_repo_admin
 | |
|   @nickname('listTriggerBuildSources')
 | |
|   def get(self, namespace_name, repo_name, trigger_uuid):
 | |
|     """ List the build sources for the trigger configuration thus far. """
 | |
|     try:
 | |
|       trigger = model.build.get_build_trigger(trigger_uuid)
 | |
|     except model.InvalidBuildTriggerException:
 | |
|       raise NotFound()
 | |
| 
 | |
|     user_permission = UserAdminPermission(trigger.connected_user.username)
 | |
|     if user_permission.can():
 | |
|       handler = BuildTriggerHandler.get_handler(trigger)
 | |
| 
 | |
|       try:
 | |
|         return {
 | |
|           'sources': handler.list_build_sources()
 | |
|         }
 | |
|       except RepositoryReadException as rre:
 | |
|         raise InvalidRequest(rre.message)
 | |
|     else:
 | |
|       raise Unauthorized()
 |