def assertPerm(self, name):
if not self.hasPerm(name) and not self.hasPerm('admin'):
msg = "%s permission required" % name
if self.logged_in:
msg += ' (logged in as %s)' % self.user_data['name']
else:
msg += ' (user not logged in)'
raise koji.ActionNotAllowed(msg)
def is_sidetag_owner(taginfo, user, raise_error=False):
"""Check, that given user is owner of the sidetag"""
result = (taginfo['extra'].get('sidetag') and
(taginfo['extra'].get('sidetag_user_id') == user['id'] or
context.session.hasPerm('admin')))
if not result and raise_error:
raise koji.ActionNotAllowed("This is not your sidetag")
return result
def osbuildImage(name, version, distro, image_types, target, arches, opts=None, priority=None):
"""Create an image via osbuild"""
context.session.assertPerm("image")
args = [name, version, distro, image_types, target, arches, opts]
task = {"channel": "image"}
try:
jsonschema.validate(args, OSBUILD_IMAGE_SCHMEA)
except jsonschema.exceptions.ValidationError as err:
raise koji.ParameterError(str(err)) from None
if priority and priority < 0 and not context.session.hasPerm('admin'):
raise koji.ActionNotAllowed('only admins may create high-priority tasks')
return kojihub.make_task('osbuildImage', args, **task)
def _get_task_opts_and_opts(opts, priority, channel):
if opts is None:
opts = {}
taskOpts = {}
if priority:
if priority < 0:
if not context.session.hasPerm('admin'):
raise koji.ActionNotAllowed('only admins may create'
' high-priority tasks')
taskOpts['priority'] = koji.PRIO_DEFAULT + priority
if channel:
taskOpts['channel'] = channel
return opts, taskOpts
def osbuildImage(name,
version,
distro,
image_types,
target,
arches,
opts=None,
priority=None):
"""Create an image via osbuild"""
context.session.assertPerm("image")
args = [name, version, distro, image_types, target, arches, opts]
task = {"channel": "image"}
if priority and priority < 0 and not context.session.hasPerm('admin'):
raise koji.ActionNotAllowed(
'only admins may create high-priority tasks')
return kojihub.make_task('osbuildImage', args, **task)
def saveFailedTree(buildrootID, full=False, **opts):
"""Create saveFailedTree task
If arguments are invalid, error message is returned. Otherwise task id of
newly created task is returned."""
global config, allowed_methods
# let it raise errors
buildrootID = int(buildrootID)
full = bool(full)
# read configuration only once
if config is None:
config = six.moves.configparser.SafeConfigParser()
config.read(CONFIG_FILE)
allowed_methods = config.get('permissions', 'allowed_methods').split()
if len(allowed_methods) == 1 and allowed_methods[0] == '*':
allowed_methods = '*'
brinfo = kojihub.get_buildroot(buildrootID, strict=True)
taskID = brinfo['task_id']
task_info = kojihub.Task(taskID).getInfo()
if task_info['state'] != koji.TASK_STATES['FAILED']:
raise koji.PreBuildError(
"Task %s has not failed. Only failed tasks can upload their buildroots."
% taskID)
elif allowed_methods != '*' and task_info['method'] not in allowed_methods:
raise koji.PreBuildError("Only %s tasks can upload their buildroots (Task %s is %s)." % \
(', '.join(allowed_methods), task_info['id'], task_info['method']))
elif task_info[
"owner"] != context.session.user_id and not context.session.hasPerm(
'admin'):
raise koji.ActionNotAllowed(
"Only owner of failed task or 'admin' can run this task.")
elif not kojihub.get_host(task_info['host_id'])['enabled']:
raise koji.PreBuildError("Host is disabled.")
args = koji.encode_args(buildrootID, full, **opts)
taskopts = {
'assign': brinfo['host_id'],
}
return kojihub.make_task('saveFailedTree', args, **taskopts)
def kiwiBuild(target, arches, desc_url, desc_path, optional_arches=None, profile=None,
scratch=False, priority=None):
context.session.assertPerm('image')
taskOpts = {
'channel': 'image',
}
if priority:
if priority < 0:
if not context.session.hasPerm('admin'):
raise koji.ActionNotAllowed(
'only admins may create high-priority tasks')
taskOpts['priority'] = koji.PRIO_DEFAULT + priority
opts = {
'optional_arches': optional_arches,
'profile': profile,
'scratch': scratch,
}
return kojihub.make_task('kiwiBuild',
[target, arches, desc_url, desc_path, opts],
**taskOpts)
def buildContainer(src, target, opts=None, priority=None, channel='container'):
"""Create a container build task
target: the build target
priority: the amount to increase (or decrease) the task priority, relative
to the default priority; higher values mean lower priority; only
admins have the right to specify a negative priority here
channel: the channel to allocate the task to (defaults to the "container"
channel)
Returns the task ID
"""
if not opts:
opts = {}
taskOpts = {}
if priority:
if priority < 0:
if not context.session.hasPerm('admin'):
raise koji.ActionNotAllowed('only admins may create'
' high-priority tasks')
taskOpts['priority'] = koji.PRIO_DEFAULT + priority
if channel:
taskOpts['channel'] = channel
return kojihub.make_task('buildContainer', [src, target, opts], **taskOpts)
def assertUser(self, user_id):
if not self.isUser(user_id) and not self.hasPerm('admin'):
raise koji.ActionNotAllowed("not owner")
def assertLogin(self):
if not self.logged_in:
raise koji.ActionNotAllowed("you must be logged in for this operation")
def assertPerm(self, name):
if not self.hasPerm(name) and not self.hasPerm('admin'):
raise koji.ActionNotAllowed("%s permission required" % name)
