def post(self):
"""Add new isolate information.
Args:
builder_name: The name of the builder that produced the isolate.
change: The Change the isolate is for, as a JSON string.
isolate_server: The hostname of the server where the isolates are stored.
isolate_map: A JSON dict mapping the target names to the isolate hashes.
"""
# Check permissions.
if self.request.remote_addr not in utils.GetIpWhitelist():
self.response.set_status(403)
self.response.write('Permission denied')
return
# Get parameters.
parameters = (
('builder_name', str),
('change', lambda x: change_module.Change.FromDict(json.loads(x))),
('isolate_server', str),
('isolate_map', json.loads),
)
try:
# pylint: disable=unbalanced-tuple-unpacking
builder_name, change, isolate_server, isolate_map = (
self._ValidateParameters(parameters))
except (KeyError, TypeError, ValueError) as e:
self.response.set_status(400)
self.response.write(e)
return
# Put information into the datastore.
isolate_infos = {(builder_name, change, target, isolate_hash)
for target, isolate_hash in isolate_map.iteritems()}
isolate.Put(isolate_server, isolate_infos)
def post(self):
"""Add new isolated information.
Args:
builder_name: The name of the builder that produced the isolated.
git_hash: The git hash of the commit the isolated is for. If the isolated
is for a DEPS roll, it's the git hash of the commit inside the roll.
isolated_map: A JSON dict mapping the target names to the isolated hashes.
"""
# Check permissions.
if self.request.remote_addr not in utils.GetIpWhitelist():
self.response.set_status(403)
self.response.write('Permission denied')
return
# Get parameters.
required_parameters = ('builder_name', 'git_hash', 'isolated_map')
for given_parameter in self.request.POST:
if given_parameter not in required_parameters:
self.response.set_status(400)
self.response.write('Unknown parameter: %s' % given_parameter)
return
for required_parameter in required_parameters:
if required_parameter not in self.request.POST:
self.response.set_status(400)
self.response.write('Missing parameter: %s' %
required_parameter)
return
if not self.request.get(required_parameter):
self.response.set_status(400)
self.response.write('Empty parameter: %s' % required_parameter)
return
builder_name = self.request.get('builder_name')
git_hash = self.request.get('git_hash')
isolated_map = self.request.get('isolated_map')
# Validate parameters.
try:
isolated_map = json.loads(isolated_map)
except ValueError:
self.response.set_status(400)
self.response.write('isolated_map is not valid JSON: %s' %
isolated_map)
return
# Put information into the datastore.
isolated_infos = {
(builder_name, git_hash, target, isolated_hash)
for target, isolated_hash in isolated_map.iteritems()
}
isolated.Put(isolated_infos)
def _CheckIpAgainstWhitelist(self):
"""Checks the remote address of the request against the IP whitelist.
Returns:
True if whitelisted, False otherwise.
"""
whitelist = utils.GetIpWhitelist()
if not whitelist or self.request.remote_addr in whitelist:
return True
# Try to log some info about the post data that is not whitelisted.
# This could be totally bogus data, so ignore huge postdata and swallow
# exceptions.
try:
data_param = self.request.get('data')
if data_param and len(data_param) < 10000:
# Log the start of the data; it may give clues about who is sending
# the data and who to contact.
logging.warn('Received data: %s...', data_param[:200])
except Exception: # pylint: disable=broad-except
pass
return False
def _IsServicingPrivilegedRequest():
"""Checks whether the request is considered privileged."""
try:
request = webapp2.get_request()
except AssertionError:
# This happens in unit tests, when code gets called outside of a request.
return False
path = getattr(request, 'path', '')
if path.startswith('/mapreduce'):
return True
if path.startswith('/_ah/queue/deferred'):
return True
if path.startswith('/_ah/pipeline/'):
return True
if request.registry.get('privileged', False):
return True
if request.registry.get('single_privileged', False):
request.registry['single_privileged'] = False
return True
whitelist = utils.GetIpWhitelist()
if whitelist and hasattr(request, 'remote_addr'):
return request.remote_addr in whitelist
return False
def _CheckUser(self):
# TODO: Remove when all Pinpoint builders are migrated to LUCI.
if self.request.remote_addr in utils.GetIpWhitelist():
return
self._CheckIsInternalUser()
def UnprivilegedPost(self):
# Fall back to ip whitelisting
if self.request.remote_addr not in utils.GetIpWhitelist():
raise api_request_handler.ForbiddenError()
self.PrivilegedPost()
