Skip to content

Commit

Permalink
Honour allowed_scms_use_* kojid options
Browse files Browse the repository at this point in the history
Introduced in koji 1.26 (https://pagure.io/koji/issue/2757)

* CLOUDBLD-10221

Signed-off-by: Robert Cerven <[email protected]>
  • Loading branch information
rcerven committed Jun 16, 2022
1 parent c1201d7 commit a58e0f6
Show file tree
Hide file tree
Showing 6 changed files with 56 additions and 23 deletions.
2 changes: 1 addition & 1 deletion koji-containerbuild.spec
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ Hub plugin that extend Koji to support building layered container images
License: LGPLv2
Summary: Builder plugin that extend Koji to build layered container images
Group: Applications/System
Requires: koji-builder
Requires: koji-builder >= 1.26
Requires: koji-containerbuild
Requires: osbs-client
%if 0%{with python3}
Expand Down
15 changes: 13 additions & 2 deletions koji_containerbuild/plugins/builder_containerbuild.py
Original file line number Diff line number Diff line change
Expand Up @@ -761,7 +761,19 @@ def createContainer(self, src=None, target_info=None, arches=None,
self.logger.debug("Started by %s", owner_info['name'])

scm = My_SCM(src)
scm.assert_allowed(self.options.allowed_scms)
scm_policy_opts = {
'user_id': this_task['owner'],
'channel': self.session.getChannel(this_task['channel_id'],
strict=True)['name'],
'scratch': bool(scratch),
}
scm.assert_allowed(
allowed=self.options.allowed_scms,
session=self.session,
by_config=self.options.allowed_scms_use_config,
by_policy=self.options.allowed_scms_use_policy,
policy_data=scm_policy_opts)

git_uri = scm.get_git_uri()
component = scm.get_component()
arch = None
Expand Down Expand Up @@ -878,7 +890,6 @@ def fetchDockerfile(self, src, build_tag):
Gets Dockerfile. Roughly corresponds to getSRPM method of build task
"""
scm = SCM(src)
scm.assert_allowed(self.options.allowed_scms)
scmdir = os.path.join(self.workdir, 'sources')

koji.ensuredir(scmdir)
Expand Down
2 changes: 1 addition & 1 deletion requirements-devel.txt
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
git+https://github.com/projectatomic/osbs-client
koji
koji>=1.26
1 change: 1 addition & 0 deletions requirements.txt
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
jsonschema==3.2.0
six
koji>=1.26
8 changes: 6 additions & 2 deletions test.sh
Original file line number Diff line number Diff line change
Expand Up @@ -31,14 +31,14 @@ function setup_kojic() {
PIP_PKG="$PYTHON-pip"
PIP="pip"
PKG="yum"
PKG_EXTRA=(yum-utils git-core koji koji-hub)
PKG_EXTRA=(yum-utils git-core koji koji-hub python-gssapi)
BUILDDEP="yum-builddep"
else
PYTHON="python$PYTHON_VERSION"
PIP_PKG="$PYTHON-pip"
PIP="pip$PYTHON_VERSION"
PKG="dnf"
PKG_EXTRA=(dnf-plugins-core git-core "$PYTHON"-koji "$PYTHON"-koji-hub)
PKG_EXTRA=(dnf-plugins-core git-core "$PYTHON"-koji "$PYTHON"-koji-hub "$PYTHON"-gssapi)
BUILDDEP=(dnf builddep)
fi

Expand Down Expand Up @@ -136,6 +136,10 @@ case ${ACTION} in
setup_kojic
# This can run only at fedora because pylint is not packaged in centos
# use distro pylint to not get too new pylint version
if [[ ${PYTHON_VERSION} == "2" ]]; then
$RUN $PKG remove -y python2-koji
fi

$RUN $PKG install -y "${PYTHON}-pylint"
PACKAGES='koji_containerbuild tests'
TEST_CMD="${PYTHON} -m pylint ${PACKAGES}"
Expand Down
51 changes: 34 additions & 17 deletions tests/test_builder_containerbuild.py
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,21 @@ def mock_incremental_upload(session, fname, fd, uploadpath, logger=None):
pass


def mock_options_and_assert_allowed():
flexmock(koji.daemon.SCM).should_receive('assert_allowed').and_return(True)

return flexmock(allowed_scms='pkgs.example.com:/*:no',
allowed_scms_use_config=True,
allowed_scms_use_policy=True)


class mock_time(object):
def sleep(self, *args):
return


builder_containerbuild.incremental_upload = mock_incremental_upload
builder_containerbuild.time = mock_time()


LogEntry = namedtuple('LogEntry', ['platform', 'line'])
Expand Down Expand Up @@ -306,11 +320,14 @@ def _mock_session(self, last_event_id, koji_task_id, pkg_info=USE_DEFAULT_PKG_IN
(session
.should_receive('getTaskInfo')
.with_args(koji_task_id)
.and_return({'owner': 'owner'}))
.and_return({'owner': 'owner', 'channel_id': 1}))
(session
.should_receive('getUser')
.with_args('owner')
.and_return({'name': 'owner-name'}))
(session
.should_receive('getChannel')
.and_return({'name': 'default_channel'}))
(session
.should_receive('getPackageConfig')
.with_args('dest-tag', 'fedora-docker')
Expand Down Expand Up @@ -614,7 +631,7 @@ def test_osbs_build(self, tmpdir, pkg_info, failure, orchestrator):
session = self._mock_session(last_event_id, koji_task_id, pkg_info)
folders_info = self._mock_folders(str(tmpdir))
src = self._mock_git_source()
options = flexmock(allowed_scms='pkgs.example.com:/*:no')
options = mock_options_and_assert_allowed()

task = builder_containerbuild.BuildContainerTask(id=koji_task_id,
method='buildContainer',
Expand Down Expand Up @@ -681,7 +698,7 @@ def test_osbs_build_source(self, pkg_info, failure):
.should_receive('getPackageConfig')
.with_args('dest-tag', 'source_package-source')
.and_return(pkg_info))
options = flexmock(allowed_scms='pkgs.example.com:/*:no')
options = mock_options_and_assert_allowed()

task = builder_containerbuild.BuildSourceContainerTask(id=koji_task_id,
method='buildSourceContainer',
Expand Down Expand Up @@ -728,7 +745,7 @@ def test_createContainer_failure(self, tmpdir, reason, expected_exc_type):
session = self._mock_session(last_event_id, koji_task_id)
folders_info = self._mock_folders(str(tmpdir))
src = self._mock_git_source()
options = flexmock(allowed_scms='pkgs.example.com:/*:no')
options = mock_options_and_assert_allowed()

task = builder_containerbuild.BuildContainerTask(id=koji_task_id,
method='buildContainer',
Expand Down Expand Up @@ -795,7 +812,7 @@ def test_createSourceContainer_failure_source(self, tmpdir, reason, expected_exc
.should_receive('getPackageConfig')
.with_args('dest-tag', 'source_package-source')
.and_return({'blocked': False}))
options = flexmock(allowed_scms='pkgs.example.com:/*:no')
options = mock_options_and_assert_allowed()

task = builder_containerbuild.BuildSourceContainerTask(id=koji_task_id,
method='buildSourceContainer',
Expand Down Expand Up @@ -925,7 +942,7 @@ def test_private_branch(self, tmpdir):
koji_task_id = 123
last_event_id = 456

options = flexmock(allowed_scms='pkgs.example.com:/*:no')
options = mock_options_and_assert_allowed()
folders_info = self._mock_folders(str(tmpdir))

pkg_info = {'blocked': False}
Expand Down Expand Up @@ -1001,7 +1018,7 @@ def test_additional_args(self, tmpdir, log_upload_raises, orchestrator, addition
session = self._mock_session(last_event_id, koji_task_id)
folders_info = self._mock_folders(str(tmpdir))
src = self._mock_git_source()
options = flexmock(allowed_scms='pkgs.example.com:/*:no')
options = mock_options_and_assert_allowed()

task = builder_containerbuild.BuildContainerTask(id=koji_task_id,
method='buildContainer',
Expand Down Expand Up @@ -1079,7 +1096,7 @@ def test_additional_args_source(self, log_upload_raises, additional_args):
.with_args('dest-tag', 'source_package-source')
.and_return({'blocked': False}))

options = flexmock(allowed_scms='pkgs.example.com:/*:no')
options = mock_options_and_assert_allowed()

task = builder_containerbuild.BuildSourceContainerTask(id=koji_task_id,
method='buildSourceContainer',
Expand Down Expand Up @@ -1133,7 +1150,7 @@ def test_flatpak_build(self, tmpdir, isolated, release, koji_parent_build):
session = self._mock_session(last_event_id, task_id, {'blocked': False})
folders_info = self._mock_folders(str(tmpdir))
src = self._mock_git_source()
options = flexmock(allowed_scms='pkgs.example.com:/*:no')
options = mock_options_and_assert_allowed()

task = builder_containerbuild.BuildContainerTask(id=task_id,
method='buildContainer',
Expand Down Expand Up @@ -1189,7 +1206,7 @@ def test_oversized_tags(self, tmpdir, orchestrator, tag, release, is_oversized):
session = self._mock_session(last_event_id, koji_task_id)
folders_info = self._mock_folders(str(tmpdir), additional_tags_content=tag)
src = self._mock_git_source()
options = flexmock(allowed_scms='pkgs.example.com:/*:no')
options = mock_options_and_assert_allowed()

task = builder_containerbuild.BuildContainerTask(id=koji_task_id,
method='buildContainer',
Expand Down Expand Up @@ -1288,7 +1305,7 @@ def test_build_nvr_exists(self, tmpdir, orchestrator, build_state, triggered_aft

folders_info = self._mock_folders(str(tmpdir), dockerfile_content=dockerfile_content)
src = self._mock_git_source()
options = flexmock(allowed_scms='pkgs.example.com:/*:no')
options = mock_options_and_assert_allowed()

task = builder_containerbuild.BuildContainerTask(id=koji_task_id,
method='buildContainer',
Expand Down Expand Up @@ -1398,7 +1415,7 @@ def test_source_build_info(self, create_args, build_types, cause):
log_message = ('koji build {} is source container build, source container can not '
'use source container build image'.format(provided_nvr))

options = flexmock(allowed_scms='pkgs.example.com:/*:no')
options = mock_options_and_assert_allowed()

task = builder_containerbuild.BuildSourceContainerTask(id=koji_task_id,
method='buildSourceContainer',
Expand Down Expand Up @@ -1437,7 +1454,7 @@ def test_compose_ids_and_signing_intent(self, tmpdir, additional_args, raises):
session = self._mock_session(last_event_id, koji_task_id)
folders_info = self._mock_folders(str(tmpdir))
src = self._mock_git_source()
options = flexmock(allowed_scms='pkgs.example.com:/*:no')
options = mock_options_and_assert_allowed()

task = builder_containerbuild.BuildContainerTask(id=koji_task_id,
method='buildContainer',
Expand Down Expand Up @@ -1503,7 +1520,7 @@ def test_arch_override(self, tmpdir, orchestrator, additional_args, raises):
session = self._mock_session(last_event_id, koji_task_id)
folders_info = self._mock_folders(str(tmpdir))
src = self._mock_git_source()
options = flexmock(allowed_scms='pkgs.example.com:/*:no')
options = mock_options_and_assert_allowed()

task = builder_containerbuild.BuildContainerTask(id=koji_task_id,
method='buildContainer',
Expand Down Expand Up @@ -1863,7 +1880,7 @@ def test_raise_OsbsValidationException(self, tmpdir):

session = self._mock_session(last_event_id, koji_task_id)
src = self._mock_git_source()
options = flexmock(allowed_scms='pkgs.example.com:/*:no')
options = mock_options_and_assert_allowed()

builder_containerbuild.incremental_upload = mock_incremental_upload

Expand Down Expand Up @@ -1914,7 +1931,7 @@ def test_user_warnings(self, tmpdir):
session = self._mock_session(last_event_id, koji_task_id)
folders_info = self._mock_folders(str(tmpdir))
src = self._mock_git_source()
options = flexmock(allowed_scms='pkgs.example.com:/*:no')
options = mock_options_and_assert_allowed()

builder_containerbuild.incremental_upload = mock_incremental_upload

Expand Down Expand Up @@ -1977,7 +1994,7 @@ def test_user_warnings_source(self, tmpdir):
.should_receive('getPackageConfig')
.with_args('dest-tag', 'source_package-source')
.and_return({'blocked': False}))
options = flexmock(allowed_scms='pkgs.example.com:/*:no')
options = mock_options_and_assert_allowed()

task = builder_containerbuild.BuildSourceContainerTask(id=koji_task_id,
method='buildSourceContainer',
Expand Down

0 comments on commit a58e0f6

Please sign in to comment.