Ejemplos de get_current_scopes en Python

Lenguaje de programación: Python

Namespace/Package Name: taskgraph.util.taskcluster

Método / Función: get_current_scopes

Ejemplos en hotexamples.com: 2

Python get_current_scopes - 2 ejemplos encontrados. Estos son los ejemplos en Python del mundo real mejor valorados de taskgraph.util.taskcluster.get_current_scopes extraídos de proyectos de código abierto. Puedes valorar ejemplos para ayudarnos a mejorar la calidad de los ejemplos.

Ejemplo n.º 1

Mostrar archivo

def sanity_check_task_scope(callback, parameters, graph_config):
    """
    If this action is not generic, then verify that this task has the necessary
    scope to run the action. This serves as a backstop preventing abuse by
    running non-generic actions using generic hooks. While scopes should
    prevent serious damage from such abuse, it's never a valid thing to do.
    """
    for action in _get_actions(graph_config):
        if action.cb_name == callback:
            break
    else:
        raise Exception('No action with cb_name {}'.format(callback))

    if action.kind == 'task':
        return  # task kinds don't have sane scopes, so bail out

    actionPerm = 'generic' if action.generic else action.cb_name

    repo_param = '{}head_repository'.format(
        graph_config['project-repo-param-prefix'])
    head_repository = parameters[repo_param]
    assert head_repository.startswith('https://hg.mozilla.org/')
    expected_scope = 'assume:repo:{}:action:{}'.format(head_repository[8:],
                                                       actionPerm)

    # the scope should appear literally; no need for a satisfaction check. The use of
    # get_current_scopes here calls the auth service through the Taskcluster Proxy, giving
    # the precise scopes available to this task.
    if expected_scope not in taskcluster.get_current_scopes():
        raise Exception(
            'Expected task scope {} for this action'.format(expected_scope))

Ejemplo n.º 2

Mostrar archivo

def sanity_check_task_scope(callback, parameters, graph_config):
    """
    If this action is not generic, then verify that this task has the necessary
    scope to run the action. This serves as a backstop preventing abuse by
    running non-generic actions using generic hooks. While scopes should
    prevent serious damage from such abuse, it's never a valid thing to do.
    """
    for action in _get_actions(graph_config):
        if action.cb_name == callback:
            break
    else:
        raise Exception(f"No action with cb_name {callback}")

    actionPerm = "generic" if action.generic else action.cb_name

    repo_param = "head_repository"
    head_repository = parameters[repo_param]
    if not head_repository.startswith(("https://hg.mozilla.org", "https://github.com")):
        raise Exception(
            "{} is not either https://hg.mozilla.org or https://github.com !"
        )

    expected_scope = f"assume:repo:{head_repository[8:]}:action:{actionPerm}"

    # the scope should appear literally; no need for a satisfaction check. The use of
    # get_current_scopes here calls the auth service through the Taskcluster Proxy, giving
    # the precise scopes available to this task.
    if expected_scope not in taskcluster.get_current_scopes():
        raise Exception(f"Expected task scope {expected_scope} for this action")