Esempio n. 1
0
def test_paginate(page_size, descending, initialized_db):
    # Add a bunch of rows into a test table (`Role`).
    for i in range(0, 522):
        Role.create(name="testrole%s" % i)

    query = Role.select().where(Role.name**"testrole%")
    all_matching_roles = list(query)
    assert len(all_matching_roles) == 522

    # Paginate a query to lookup roles.
    collected = []
    page_token = None
    while True:
        results, page_token = paginate(query,
                                       Role,
                                       limit=page_size,
                                       descending=descending,
                                       page_token=page_token)
        assert len(results) <= page_size
        collected.extend(results)

        if page_token is None:
            break

        assert len(results) == page_size

        for index, result in enumerate(results[1:]):
            if descending:
                assert result.id < results[index].id
            else:
                assert result.id > results[index].id

    assert len(collected) == len(all_matching_roles)
    assert {c.id for c in collected} == {a.id for a in all_matching_roles}
Esempio n. 2
0
def process(resources):
    response = []
    changed = True

    for resource in resources:
        p_state = resource["state"]
        p_name = resource["name"]

        try:
            role = Role.get(name=p_name)
        except Role.DoesNotExist:
            role = None
        if p_state == "absent":
            if role is not None:
                changed = True
                role.delete_instance()
                response.append("Role '%s' deleted" % p_name)
                changed = True
            else:
                response.append("Role '%s' does not exist" % p_name)
        else:
            if role is None:
                changed = True
                role = Role.create(name=p_name)
                response.append("Role '%s' created" % p_name)
            else:
                response.append("Role '%s' exists" % p_name)

    return {"failed": False, "changed": changed, "meta": response}, 200
Esempio n. 3
0
def create_repository(
    namespace, name, creating_user, visibility="private", repo_kind="image", description=None
):
    namespace_user = User.get(username=namespace)
    yesterday = datetime.now() - timedelta(days=1)

    with db_transaction():
        repo = Repository.create(
            name=name,
            visibility=Repository.visibility.get_id(visibility),
            namespace_user=namespace_user,
            kind=Repository.kind.get_id(repo_kind),
            description=description,
        )

        RepositoryActionCount.create(repository=repo, count=0, date=yesterday)
        RepositorySearchScore.create(repository=repo, score=0)

        # Note: We put the admin create permission under the transaction to ensure it is created.
        if creating_user and not creating_user.organization:
            admin = Role.get(name="admin")
            RepositoryPermission.create(user=creating_user, repository=repo, role=admin)

    # Apply default permissions (only occurs for repositories under organizations)
    if creating_user and not creating_user.organization and creating_user.username != namespace:
        permission.apply_default_permissions(repo, creating_user)

    return repo
Esempio n. 4
0
def update_prototype_permission(org, uid, role_name):
    found = get_prototype_permission(org, uid)
    if not found:
        return None

    new_role = Role.get(Role.name == role_name)
    found.role = new_role
    found.save()
    return found
Esempio n. 5
0
def create_repository(namespace,
                      name,
                      creating_user,
                      visibility="private",
                      repo_kind="image",
                      description=None):
    namespace_user = User.get(username=namespace)
    yesterday = datetime.now() - timedelta(days=1)

    try:
        with db_transaction():
            # Check if the repository exists to avoid an IntegrityError if possible.
            existing = get_repository(namespace, name)
            if existing is not None:
                return None

            try:
                repo = Repository.create(
                    name=name,
                    visibility=Repository.visibility.get_id(visibility),
                    namespace_user=namespace_user,
                    kind=Repository.kind.get_id(repo_kind),
                    description=description,
                )
            except IntegrityError as ie:
                raise _RepositoryExistsException(ie)

            RepositoryActionCount.create(repository=repo,
                                         count=0,
                                         date=yesterday)
            RepositorySearchScore.create(repository=repo, score=0)

            # Note: We put the admin create permission under the transaction to ensure it is created.
            if creating_user and not creating_user.organization:
                admin = Role.get(name="admin")
                RepositoryPermission.create(user=creating_user,
                                            repository=repo,
                                            role=admin)
    except _RepositoryExistsException as ree:
        try:
            return Repository.get(namespace_user=namespace_user, name=name)
        except Repository.DoesNotExist:
            logger.error(
                "Got integrity error when trying to create repository %s/%s: %s",
                namespace,
                name,
                ree.internal_exception,
            )
            return None

    # Apply default permissions (only occurs for repositories under organizations)
    if creating_user and not creating_user.organization and creating_user.username != namespace:
        permission.apply_default_permissions(repo, creating_user)

    return repo
Esempio n. 6
0
def create_delegate_token(namespace_name,
                          repository_name,
                          friendly_name,
                          role="read"):
    read_only = Role.get(name=role)
    repo = _basequery.get_existing_repository(namespace_name, repository_name)
    new_token = AccessToken.create(repository=repo,
                                   role=read_only,
                                   friendly_name=friendly_name,
                                   temporary=False)

    return new_token
Esempio n. 7
0
def create_access_token(repo, role, kind=None, friendly_name=None):
    role = Role.get(Role.name == role)
    kind_ref = None
    if kind is not None:
        kind_ref = AccessTokenKind.get(AccessTokenKind.name == kind)

    new_token = AccessToken.create(repository=repo,
                                   temporary=True,
                                   role=role,
                                   kind=kind_ref,
                                   friendly_name=friendly_name)

    return new_token
Esempio n. 8
0
def add_prototype_permission(org,
                             role_name,
                             activating_user,
                             delegate_user=None,
                             delegate_team=None):
    new_role = Role.get(Role.name == role_name)
    return PermissionPrototype.create(
        org=org,
        role=new_role,
        activating_user=activating_user,
        delegate_user=delegate_user,
        delegate_team=delegate_team,
    )
Esempio n. 9
0
def __set_entity_repo_permission(entity, permission_entity_property,
                                 namespace_name, repository_name, role_name):
  repo = _basequery.get_existing_repository(namespace_name, repository_name)
  new_role = Role.get(Role.name == role_name)

  # Fetch any existing permission for this entity on the repo
  try:
    entity_attr = getattr(RepositoryPermission, permission_entity_property)
    perm = RepositoryPermission.get(entity_attr == entity, RepositoryPermission.repository == repo)
    perm.role = new_role
    perm.save()
    return perm
  except RepositoryPermission.DoesNotExist:
    set_entity_kwargs = {permission_entity_property: entity}
    new_perm = RepositoryPermission.create(repository=repo, role=new_role, **set_entity_kwargs)
    return new_perm
Esempio n. 10
0
def initialize_database():
    db_encrypter.initialize(FieldEncrypter("anothercrazykey!"))
    db.create_tables(all_models)

    Role.create(name="admin")
    Role.create(name="write")
    Role.create(name="read")
    TeamRole.create(name="admin")
    TeamRole.create(name="creator")
    TeamRole.create(name="member")
    Visibility.create(name="public")
    Visibility.create(name="private")

    LoginService.create(name="google")
    LoginService.create(name="github")
    LoginService.create(name="quayrobot")
    LoginService.create(name="ldap")
    LoginService.create(name="jwtauthn")
    LoginService.create(name="keystone")
    LoginService.create(name="dex")
    LoginService.create(name="oidc")

    BuildTriggerService.create(name="github")
    BuildTriggerService.create(name="custom-git")
    BuildTriggerService.create(name="bitbucket")
    BuildTriggerService.create(name="gitlab")

    AccessTokenKind.create(name="build-worker")
    AccessTokenKind.create(name="pushpull-token")

    LogEntryKind.create(name="account_change_plan")
    LogEntryKind.create(name="account_change_cc")
    LogEntryKind.create(name="account_change_password")
    LogEntryKind.create(name="account_convert")

    LogEntryKind.create(name="create_robot")
    LogEntryKind.create(name="delete_robot")

    LogEntryKind.create(name="create_repo")
    LogEntryKind.create(name="push_repo")
    LogEntryKind.create(name="pull_repo")
    LogEntryKind.create(name="delete_repo")
    LogEntryKind.create(name="create_tag")
    LogEntryKind.create(name="move_tag")
    LogEntryKind.create(name="delete_tag")
    LogEntryKind.create(name="revert_tag")
    LogEntryKind.create(name="add_repo_permission")
    LogEntryKind.create(name="change_repo_permission")
    LogEntryKind.create(name="delete_repo_permission")
    LogEntryKind.create(name="change_repo_visibility")
    LogEntryKind.create(name="change_repo_trust")
    LogEntryKind.create(name="add_repo_accesstoken")
    LogEntryKind.create(name="delete_repo_accesstoken")
    LogEntryKind.create(name="set_repo_description")
    LogEntryKind.create(name="change_repo_state")

    LogEntryKind.create(name="build_dockerfile")

    LogEntryKind.create(name="org_create_team")
    LogEntryKind.create(name="org_delete_team")
    LogEntryKind.create(name="org_invite_team_member")
    LogEntryKind.create(name="org_delete_team_member_invite")
    LogEntryKind.create(name="org_add_team_member")
    LogEntryKind.create(name="org_team_member_invite_accepted")
    LogEntryKind.create(name="org_team_member_invite_declined")
    LogEntryKind.create(name="org_remove_team_member")
    LogEntryKind.create(name="org_set_team_description")
    LogEntryKind.create(name="org_set_team_role")

    LogEntryKind.create(name="create_prototype_permission")
    LogEntryKind.create(name="modify_prototype_permission")
    LogEntryKind.create(name="delete_prototype_permission")

    LogEntryKind.create(name="setup_repo_trigger")
    LogEntryKind.create(name="delete_repo_trigger")

    LogEntryKind.create(name="create_application")
    LogEntryKind.create(name="update_application")
    LogEntryKind.create(name="delete_application")
    LogEntryKind.create(name="reset_application_client_secret")

    # Note: These next two are deprecated.
    LogEntryKind.create(name="add_repo_webhook")
    LogEntryKind.create(name="delete_repo_webhook")

    LogEntryKind.create(name="add_repo_notification")
    LogEntryKind.create(name="delete_repo_notification")
    LogEntryKind.create(name="reset_repo_notification")

    LogEntryKind.create(name="regenerate_robot_token")

    LogEntryKind.create(name="repo_verb")

    LogEntryKind.create(name="repo_mirror_enabled")
    LogEntryKind.create(name="repo_mirror_disabled")
    LogEntryKind.create(name="repo_mirror_config_changed")
    LogEntryKind.create(name="repo_mirror_sync_started")
    LogEntryKind.create(name="repo_mirror_sync_failed")
    LogEntryKind.create(name="repo_mirror_sync_success")
    LogEntryKind.create(name="repo_mirror_sync_now_requested")
    LogEntryKind.create(name="repo_mirror_sync_tag_success")
    LogEntryKind.create(name="repo_mirror_sync_tag_failed")
    LogEntryKind.create(name="repo_mirror_sync_test_success")
    LogEntryKind.create(name="repo_mirror_sync_test_failed")
    LogEntryKind.create(name="repo_mirror_sync_test_started")

    LogEntryKind.create(name="service_key_create")
    LogEntryKind.create(name="service_key_approve")
    LogEntryKind.create(name="service_key_delete")
    LogEntryKind.create(name="service_key_modify")
    LogEntryKind.create(name="service_key_extend")
    LogEntryKind.create(name="service_key_rotate")

    LogEntryKind.create(name="take_ownership")

    LogEntryKind.create(name="manifest_label_add")
    LogEntryKind.create(name="manifest_label_delete")

    LogEntryKind.create(name="change_tag_expiration")
    LogEntryKind.create(name="toggle_repo_trigger")

    LogEntryKind.create(name="create_app_specific_token")
    LogEntryKind.create(name="revoke_app_specific_token")

    ImageStorageLocation.create(name="local_eu")
    ImageStorageLocation.create(name="local_us")

    ApprBlobPlacementLocation.create(name="local_eu")
    ApprBlobPlacementLocation.create(name="local_us")

    ImageStorageTransformation.create(name="squash")
    ImageStorageTransformation.create(name="aci")

    ImageStorageSignatureKind.create(name="gpg2")

    # NOTE: These MUST be copied over to NotificationKind, since every external
    # notification can also generate a Quay.io notification.
    ExternalNotificationEvent.create(name="repo_push")
    ExternalNotificationEvent.create(name="build_queued")
    ExternalNotificationEvent.create(name="build_start")
    ExternalNotificationEvent.create(name="build_success")
    ExternalNotificationEvent.create(name="build_cancelled")
    ExternalNotificationEvent.create(name="build_failure")
    ExternalNotificationEvent.create(name="vulnerability_found")

    ExternalNotificationEvent.create(name="repo_mirror_sync_started")
    ExternalNotificationEvent.create(name="repo_mirror_sync_success")
    ExternalNotificationEvent.create(name="repo_mirror_sync_failed")

    ExternalNotificationMethod.create(name="quay_notification")
    ExternalNotificationMethod.create(name="email")
    ExternalNotificationMethod.create(name="webhook")

    ExternalNotificationMethod.create(name="flowdock")
    ExternalNotificationMethod.create(name="hipchat")
    ExternalNotificationMethod.create(name="slack")

    NotificationKind.create(name="repo_push")
    NotificationKind.create(name="build_queued")
    NotificationKind.create(name="build_start")
    NotificationKind.create(name="build_success")
    NotificationKind.create(name="build_cancelled")
    NotificationKind.create(name="build_failure")
    NotificationKind.create(name="vulnerability_found")
    NotificationKind.create(name="service_key_submitted")

    NotificationKind.create(name="password_required")
    NotificationKind.create(name="over_private_usage")
    NotificationKind.create(name="expiring_license")
    NotificationKind.create(name="maintenance")
    NotificationKind.create(name="org_team_invite")

    NotificationKind.create(name="repo_mirror_sync_started")
    NotificationKind.create(name="repo_mirror_sync_success")
    NotificationKind.create(name="repo_mirror_sync_failed")

    NotificationKind.create(name="test_notification")

    QuayRegion.create(name="us")
    QuayService.create(name="quay")

    MediaType.create(name="text/plain")
    MediaType.create(name="application/json")
    MediaType.create(name="text/markdown")
    MediaType.create(name="application/vnd.cnr.blob.v0.tar+gzip")
    MediaType.create(name="application/vnd.cnr.package-manifest.helm.v0.json")
    MediaType.create(name="application/vnd.cnr.package-manifest.kpm.v0.json")
    MediaType.create(
        name="application/vnd.cnr.package-manifest.docker-compose.v0.json")
    MediaType.create(name="application/vnd.cnr.package.kpm.v0.tar+gzip")
    MediaType.create(name="application/vnd.cnr.package.helm.v0.tar+gzip")
    MediaType.create(
        name="application/vnd.cnr.package.docker-compose.v0.tar+gzip")
    MediaType.create(name="application/vnd.cnr.manifests.v0.json")
    MediaType.create(name="application/vnd.cnr.manifest.list.v0.json")

    for media_type in DOCKER_SCHEMA1_CONTENT_TYPES:
        MediaType.create(name=media_type)

    for media_type in DOCKER_SCHEMA2_CONTENT_TYPES:
        MediaType.create(name=media_type)

    for media_type in OCI_CONTENT_TYPES:
        MediaType.create(name=media_type)

    LabelSourceType.create(name="manifest")
    LabelSourceType.create(name="api", mutable=True)
    LabelSourceType.create(name="internal")

    UserPromptKind.create(name="confirm_username")
    UserPromptKind.create(name="enter_name")
    UserPromptKind.create(name="enter_company")

    RepositoryKind.create(name="image")
    RepositoryKind.create(name="application")

    ApprTagKind.create(name="tag")
    ApprTagKind.create(name="release")
    ApprTagKind.create(name="channel")

    DisableReason.create(name="user_toggled")
    DisableReason.create(name="successive_build_failures")
    DisableReason.create(name="successive_build_internal_errors")

    TagKind.create(name="tag")
Esempio n. 11
0
from app import app
from data.database import Namespace, Repository, RepositoryPermission, Role
from data.model.permission import get_user_repo_permissions
from data.model.user import get_active_users, get_nonrobot_user

DESCRIPTION = """
Fix user repositories missing admin permissions for owning user.
"""

parser = argparse.ArgumentParser(description=DESCRIPTION)
parser.add_argument("users", nargs="*", help="Users to check")
parser.add_argument("-a", "--all", action="store_true", help="Check all users")
parser.add_argument("-n", "--dry-run", action="store_true", help="Don't act")

ADMIN = Role.get(name="admin")


def repos_for_namespace(namespace):
    return (Repository.select(Repository.id, Repository.name,
                              Namespace.username).join(Namespace).where(
                                  Namespace.username == namespace))


def has_admin(user, repo):
    perms = get_user_repo_permissions(user, repo)
    return any(p.role == ADMIN for p in perms)


def get_users(all_users=False, users_list=None):
    if all_users:
Esempio n. 12
0
def initialize_database():
    db.create_tables(all_models)

    Role.create(name='admin')
    Role.create(name='write')
    Role.create(name='read')
    TeamRole.create(name='admin')
    TeamRole.create(name='creator')
    TeamRole.create(name='member')
    Visibility.create(name='public')
    Visibility.create(name='private')

    LoginService.create(name='google')
    LoginService.create(name='github')
    LoginService.create(name='quayrobot')
    LoginService.create(name='ldap')
    LoginService.create(name='jwtauthn')
    LoginService.create(name='keystone')
    LoginService.create(name='dex')
    LoginService.create(name='oidc')

    BuildTriggerService.create(name='github')
    BuildTriggerService.create(name='custom-git')
    BuildTriggerService.create(name='bitbucket')
    BuildTriggerService.create(name='gitlab')

    AccessTokenKind.create(name='build-worker')
    AccessTokenKind.create(name='pushpull-token')

    LogEntryKind.create(name='account_change_plan')
    LogEntryKind.create(name='account_change_cc')
    LogEntryKind.create(name='account_change_password')
    LogEntryKind.create(name='account_convert')

    LogEntryKind.create(name='create_robot')
    LogEntryKind.create(name='delete_robot')

    LogEntryKind.create(name='create_repo')
    LogEntryKind.create(name='push_repo')
    LogEntryKind.create(name='pull_repo')
    LogEntryKind.create(name='delete_repo')
    LogEntryKind.create(name='create_tag')
    LogEntryKind.create(name='move_tag')
    LogEntryKind.create(name='delete_tag')
    LogEntryKind.create(name='revert_tag')
    LogEntryKind.create(name='add_repo_permission')
    LogEntryKind.create(name='change_repo_permission')
    LogEntryKind.create(name='delete_repo_permission')
    LogEntryKind.create(name='change_repo_visibility')
    LogEntryKind.create(name='change_repo_trust')
    LogEntryKind.create(name='add_repo_accesstoken')
    LogEntryKind.create(name='delete_repo_accesstoken')
    LogEntryKind.create(name='set_repo_description')
    LogEntryKind.create(name='change_repo_state')

    LogEntryKind.create(name='build_dockerfile')

    LogEntryKind.create(name='org_create_team')
    LogEntryKind.create(name='org_delete_team')
    LogEntryKind.create(name='org_invite_team_member')
    LogEntryKind.create(name='org_delete_team_member_invite')
    LogEntryKind.create(name='org_add_team_member')
    LogEntryKind.create(name='org_team_member_invite_accepted')
    LogEntryKind.create(name='org_team_member_invite_declined')
    LogEntryKind.create(name='org_remove_team_member')
    LogEntryKind.create(name='org_set_team_description')
    LogEntryKind.create(name='org_set_team_role')

    LogEntryKind.create(name='create_prototype_permission')
    LogEntryKind.create(name='modify_prototype_permission')
    LogEntryKind.create(name='delete_prototype_permission')

    LogEntryKind.create(name='setup_repo_trigger')
    LogEntryKind.create(name='delete_repo_trigger')

    LogEntryKind.create(name='create_application')
    LogEntryKind.create(name='update_application')
    LogEntryKind.create(name='delete_application')
    LogEntryKind.create(name='reset_application_client_secret')

    # Note: These next two are deprecated.
    LogEntryKind.create(name='add_repo_webhook')
    LogEntryKind.create(name='delete_repo_webhook')

    LogEntryKind.create(name='add_repo_notification')
    LogEntryKind.create(name='delete_repo_notification')
    LogEntryKind.create(name='reset_repo_notification')

    LogEntryKind.create(name='regenerate_robot_token')

    LogEntryKind.create(name='repo_verb')

    LogEntryKind.create(name='repo_mirror_enabled')
    LogEntryKind.create(name='repo_mirror_disabled')
    LogEntryKind.create(name='repo_mirror_config_changed')
    LogEntryKind.create(name='repo_mirror_sync_started')
    LogEntryKind.create(name='repo_mirror_sync_failed')
    LogEntryKind.create(name='repo_mirror_sync_success')
    LogEntryKind.create(name='repo_mirror_sync_now_requested')
    LogEntryKind.create(name='repo_mirror_sync_tag_success')
    LogEntryKind.create(name='repo_mirror_sync_tag_failed')
    LogEntryKind.create(name='repo_mirror_sync_test_success')
    LogEntryKind.create(name='repo_mirror_sync_test_failed')
    LogEntryKind.create(name='repo_mirror_sync_test_started')

    LogEntryKind.create(name='service_key_create')
    LogEntryKind.create(name='service_key_approve')
    LogEntryKind.create(name='service_key_delete')
    LogEntryKind.create(name='service_key_modify')
    LogEntryKind.create(name='service_key_extend')
    LogEntryKind.create(name='service_key_rotate')

    LogEntryKind.create(name='take_ownership')

    LogEntryKind.create(name='manifest_label_add')
    LogEntryKind.create(name='manifest_label_delete')

    LogEntryKind.create(name='change_tag_expiration')
    LogEntryKind.create(name='toggle_repo_trigger')

    LogEntryKind.create(name='create_app_specific_token')
    LogEntryKind.create(name='revoke_app_specific_token')

    ImageStorageLocation.create(name='local_eu')
    ImageStorageLocation.create(name='local_us')

    ApprBlobPlacementLocation.create(name='local_eu')
    ApprBlobPlacementLocation.create(name='local_us')

    ImageStorageTransformation.create(name='squash')
    ImageStorageTransformation.create(name='aci')

    ImageStorageSignatureKind.create(name='gpg2')

    # NOTE: These MUST be copied over to NotificationKind, since every external
    # notification can also generate a Quay.io notification.
    ExternalNotificationEvent.create(name='repo_push')
    ExternalNotificationEvent.create(name='build_queued')
    ExternalNotificationEvent.create(name='build_start')
    ExternalNotificationEvent.create(name='build_success')
    ExternalNotificationEvent.create(name='build_cancelled')
    ExternalNotificationEvent.create(name='build_failure')
    ExternalNotificationEvent.create(name='vulnerability_found')

    ExternalNotificationEvent.create(name='repo_mirror_sync_started')
    ExternalNotificationEvent.create(name='repo_mirror_sync_success')
    ExternalNotificationEvent.create(name='repo_mirror_sync_failed')

    ExternalNotificationMethod.create(name='quay_notification')
    ExternalNotificationMethod.create(name='email')
    ExternalNotificationMethod.create(name='webhook')

    ExternalNotificationMethod.create(name='flowdock')
    ExternalNotificationMethod.create(name='hipchat')
    ExternalNotificationMethod.create(name='slack')

    NotificationKind.create(name='repo_push')
    NotificationKind.create(name='build_queued')
    NotificationKind.create(name='build_start')
    NotificationKind.create(name='build_success')
    NotificationKind.create(name='build_cancelled')
    NotificationKind.create(name='build_failure')
    NotificationKind.create(name='vulnerability_found')
    NotificationKind.create(name='service_key_submitted')

    NotificationKind.create(name='password_required')
    NotificationKind.create(name='over_private_usage')
    NotificationKind.create(name='expiring_license')
    NotificationKind.create(name='maintenance')
    NotificationKind.create(name='org_team_invite')

    NotificationKind.create(name='repo_mirror_sync_started')
    NotificationKind.create(name='repo_mirror_sync_success')
    NotificationKind.create(name='repo_mirror_sync_failed')

    NotificationKind.create(name='test_notification')

    QuayRegion.create(name='us')
    QuayService.create(name='quay')

    MediaType.create(name='text/plain')
    MediaType.create(name='application/json')
    MediaType.create(name='text/markdown')
    MediaType.create(name='application/vnd.cnr.blob.v0.tar+gzip')
    MediaType.create(name='application/vnd.cnr.package-manifest.helm.v0.json')
    MediaType.create(name='application/vnd.cnr.package-manifest.kpm.v0.json')
    MediaType.create(
        name='application/vnd.cnr.package-manifest.docker-compose.v0.json')
    MediaType.create(name='application/vnd.cnr.package.kpm.v0.tar+gzip')
    MediaType.create(name='application/vnd.cnr.package.helm.v0.tar+gzip')
    MediaType.create(
        name='application/vnd.cnr.package.docker-compose.v0.tar+gzip')
    MediaType.create(name='application/vnd.cnr.manifests.v0.json')
    MediaType.create(name='application/vnd.cnr.manifest.list.v0.json')

    for media_type in DOCKER_SCHEMA1_CONTENT_TYPES:
        MediaType.create(name=media_type)

    for media_type in DOCKER_SCHEMA2_CONTENT_TYPES:
        MediaType.create(name=media_type)

    LabelSourceType.create(name='manifest')
    LabelSourceType.create(name='api', mutable=True)
    LabelSourceType.create(name='internal')

    UserPromptKind.create(name='confirm_username')
    UserPromptKind.create(name='enter_name')
    UserPromptKind.create(name='enter_company')

    RepositoryKind.create(name='image')
    RepositoryKind.create(name='application')

    ApprTagKind.create(name='tag')
    ApprTagKind.create(name='release')
    ApprTagKind.create(name='channel')

    DisableReason.create(name='user_toggled')
    DisableReason.create(name='successive_build_failures')
    DisableReason.create(name='successive_build_internal_errors')

    TagKind.create(name='tag')
Esempio n. 13
0
from app import app
from data.database import Namespace, Repository, RepositoryPermission, Role
from data.model.permission import get_user_repo_permissions
from data.model.user import get_active_users, get_nonrobot_user

DESCRIPTION = '''
Fix user repositories missing admin permissions for owning user.
'''

parser = argparse.ArgumentParser(description=DESCRIPTION)
parser.add_argument('users', nargs='*', help='Users to check')
parser.add_argument('-a', '--all', action='store_true', help='Check all users')
parser.add_argument('-n', '--dry-run', action='store_true', help="Don't act")

ADMIN = Role.get(name='admin')


def repos_for_namespace(namespace):
    return (Repository.select(Repository.id, Repository.name,
                              Namespace.username).join(Namespace).where(
                                  Namespace.username == namespace))


def has_admin(user, repo):
    perms = get_user_repo_permissions(user, repo)
    return any(p.role == ADMIN for p in perms)


def get_users(all_users=False, users_list=None):
    if all_users: