def verify_repo_access(user):
headers = flask.request.headers
verify = headers.get("SSLVerify")
fp = headers.get("SSLFingerprint")
url = headers.get("X-Original-URI")
if verify != "SUCCESS":
raise dci_exc.DCIException(message="wrong SSLVerify header: %s" %
verify,
status_code=403)
if len(splitpath(url)) < 3:
raise dci_exc.DCIException(message="requested url is invalid: %s" %
url,
status_code=403)
product_id, topic_id, component_id = splitpath(url)[:3]
REMOTECIS = models.REMOTECIS
query = sql.select([REMOTECIS]).where(REMOTECIS.c.cert_fp == fp)
remoteci = flask.g.db_conn.execute(query)
if remoteci.rowcount != 1:
raise dci_exc.DCIException(
message="remoteci fingerprint not found: %s" % fp, status_code=403)
product = v1_utils.verify_existence_and_get(product_id, models.PRODUCTS)
if product["state"] != "active":
raise dci_exc.DCIException(
message="product %s/%s is not active" %
(product["name"], product["id"]), # noqa
status_code=403)
topic = v1_utils.verify_existence_and_get(topic_id, models.TOPICS)
if topic["state"] != "active":
raise dci_exc.DCIException(message="topic %s/%s is not active" %
(topic["name"], topic["id"]),
status_code=403)
if str(topic["product_id"]) != str(product_id):
raise dci_exc.DCIException(
message="topic %s/%s does not belongs to product %s/%s" %
(topic["name"], topic["id"], product["name"], product["id"]),
status_code=403)
component = v1_utils.verify_existence_and_get(component_id,
models.COMPONENTS)
if component["state"] != "active":
raise dci_exc.DCIException(
message="component %s/%s is not active" %
(component["name"], component["id"]), # noqa
status_code=403)
if str(component["topic_id"]) != str(topic_id):
raise dci_exc.DCIException(
message="component %s/%s does not belongs to topic %s/%s" %
(component["name"], component["id"], topic["name"], topic["id"]),
status_code=403)
team_id = remoteci.fetchone()["team_id"]
team = v1_utils.verify_existence_and_get(team_id, models.TEAMS)
if team["state"] != "active":
raise dci_exc.DCIException(message="team %s/%s is not active" %
(team["name"], team["id"]),
status_code=403)
team_ids = [team_id]
if not export_control.is_teams_associated_to_product(team_ids, product_id):
raise dci_exc.DCIException(
message="team %s is not associated to the product %s" %
(team["name"], product["name"]),
status_code=403)
if topic["export_control"] is True:
return flask.Response(None, 200)
if not export_control.is_teams_associated_to_topic(team_ids, topic_id):
raise dci_exc.DCIException(
message="team %s is not associated to the topic %s" %
(team["name"], topic["name"]), # noqa
status_code=403)
return flask.Response(None, 200)
def get_component_by_id(user, c_id):
component = v1_utils.verify_existence_and_get(c_id, _TABLE)
v1_utils.verify_team_in_topic(user, component['topic_id'])
auth.check_export_control(user, component)
return base.get_resource_by_id(user, component, _TABLE, _EMBED_MANY)
def get_test_by_id(user, t_id):
test = v1_utils.verify_existence_and_get(t_id, _TABLE)
if not (auth.is_admin(user) or auth.is_in_team(user, test['team_id'])):
raise auth.UNAUTHORIZED
res = flask.jsonify({'test': test})
return res
def get_test_by_id(user, t_id):
test = v1_utils.verify_existence_and_get(t_id, _TABLE)
res = flask.jsonify({'test': test})
return res
def get_jobstate_by_id(user, js_id):
jobstate = v1_utils.verify_existence_and_get(js_id, _TABLE)
return base.get_resource_by_id(user, jobstate, _TABLE, _EMBED_MANY)
def get_team_by_id(user, t_id):
team = v1_utils.verify_existence_and_get(t_id, _TABLE)
if not (auth.is_admin(user) or auth.is_in_team(user, team['id'])):
raise auth.UNAUTHORIZED
return base.get_resource_by_id(user, team, _TABLE, _EMBED_MANY)
def get_jobs_status_from_components(user, topic_id, type_id):
# List of job meaningfull job status for global overview
#
# ie. If current job status is running, we should retrieve status
# from prior job.
valid_status = [
'failure', 'product-failure', 'deployment-failure', 'success'
]
topic_id = v1_utils.verify_existence_and_get(topic_id, _TABLE, get_id=True)
v1_utils.verify_team_in_topic(user, topic_id)
# if the user is not the admin then filter by team_id
team_id = user['team_id'] if not auth.is_admin(user) else None
# Get list of all remotecis that are attached to a topic this type belongs
# to
fields = [
models.REMOTECIS.c.id.label('remoteci_id'),
models.REMOTECIS.c.name.label('remoteci_name'),
models.TEAMS.c.id.label('team_id'),
models.TEAMS.c.name.label('team_name'),
models.TOPICS.c.name.label('topic_name'),
models.COMPONENTS.c.id.label('component_id'),
models.COMPONENTS.c.name.label('component_name'),
models.COMPONENTS.c.type.label('component_type'),
models.JOBS.c.id.label('job_id'),
models.JOBS.c.status.label('job_status'),
models.JOBS.c.created_at.label('job_created_at')
]
query = (
sql.select(fields).select_from(
sql.join(
models.REMOTECIS,
models.JOBS,
models.REMOTECIS.c.id == models.JOBS.c.remoteci_id,
isouter=True).join(
models.JOIN_JOBS_COMPONENTS,
models.JOIN_JOBS_COMPONENTS.c.job_id ==
models.JOBS.c.id).join(
models.COMPONENTS, models.COMPONENTS.c.id ==
models.JOIN_JOBS_COMPONENTS.c.component_id) # noqa
.join(
models.TOPICS,
models.TOPICS.c.id == models.COMPONENTS.c.topic_id).join(
models.TEAMS,
models.TEAMS.c.id == models.JOBS.c.team_id)).where(
sql.and_(models.REMOTECIS.c.state == 'active',
models.JOBS.c.status.in_(valid_status),
models.JOBS.c.state != 'archived',
models.COMPONENTS.c.type == type_id,
models.TOPICS.c.id == topic_id)).order_by(
models.REMOTECIS.c.name,
models.JOBS.c.created_at.desc()).distinct(
models.REMOTECIS.c.name))
if team_id:
query.append_whereclause(models.TEAMS.c.id == team_id)
rcs = flask.g.db_conn.execute(query).fetchall()
nb_row = len(rcs)
return flask.jsonify({'jobs': rcs, '_meta': {'count': nb_row}})
def get_remoteci_by_id(user, r_id):
remoteci = v1_utils.verify_existence_and_get(r_id, _TABLE)
return base.get_resource_by_id(user, remoteci, _TABLE, _EMBED_MANY)
def get_tests_by_team(user, team_id):
if not user.is_in_team(team_id):
raise auth.UNAUTHORIZED
team = v1_utils.verify_existence_and_get(team_id, _TABLE)
return tests.get_all_tests(user, team['id'])
def get_all_components(user, topic_id):
topic_id = v1_utils.verify_existence_and_get(topic_id, _TABLE, get_id=True)
v1_utils.verify_team_in_topic(user, topic_id)
return components.get_all_components(user, topic_id=topic_id)
def get_file_by_id(user, file_id):
file = v1_utils.verify_existence_and_get(file_id, _TABLE)
return base.get_resource_by_id(user, file, _TABLE, _EMBED_MANY)
def get_permission_by_id(user, permission_id):
permission = v1_utils.verify_existence_and_get(permission_id, _TABLE)
return base.get_resource_by_id(user, permission, _TABLE, _EMBED_MANY)
def get_jobdefinitions_by_test(user, test_id):
test = v1_utils.verify_existence_and_get(test_id, _TABLE)
if not (auth.is_admin(user) or auth.is_in_team(user, test['team_id'])):
raise auth.UNAUTHORIZED
return jobdefinitions.get_all_jobdefinitions(test['id'])
def get_jobdefinition_by_id(user, jd_id):
jobdefinition = v1_utils.verify_existence_and_get(jd_id, _TABLE)
return base.get_resource_by_id(user, jobdefinition, _TABLE, _EMBED_MANY)
def get_all_jobdefinitions_by_topic(user, topic_id):
topic_id = v1_utils.verify_existence_and_get(topic_id, _TABLE, get_id=True)
v1_utils.verify_team_in_topic(user, topic_id)
return jobdefinitions.list_jobdefinitions(user, [topic_id], by_topic=True)
def get_all_components(user, topic_id):
topic = v1_utils.verify_existence_and_get(topic_id, _TABLE)
export_control.verify_access_to_topic(user, topic)
return components.get_all_components(user, topic_id=topic['id'])
def get_tests_by_team(user, team_id):
if user.is_in_team(team_id) and user.is_not_epm():
raise dci_exc.Unauthorized()
team = v1_utils.verify_existence_and_get(team_id, _TABLE)
return tests.get_all_tests_by_team(user, team['id'])
def get_configuration_by_id(user, r_id, c_id):
v1_utils.verify_existence_and_get(r_id, _TABLE)
configuration = v1_utils.verify_existence_and_get(c_id, _RCONFIGURATIONS)
return base.get_resource_by_id(user, configuration, _RCONFIGURATIONS, None,
resource_name='rconfiguration')
def get_team_by_id(user, t_id):
team = v1_utils.verify_existence_and_get(t_id, _TABLE)
if user.is_not_in_team(t_id) and user.is_not_epm():
raise dci_exc.Unauthorized()
return base.get_resource_by_id(user, team, _TABLE, _EMBED_MANY)
def get_tests_by_team(user, team_id):
team = v1_utils.verify_existence_and_get(team_id, _TABLE)
return tests.get_all_tests(user, team['id'])
def get_product_by_id(user, product_id):
product = v1_utils.verify_existence_and_get(product_id, _TABLE)
return base.get_resource_by_id(user, product, _TABLE, _EMBED_MANY)
def get_remotecis_by_team(user, team_id):
team = v1_utils.verify_existence_and_get(team_id, _TABLE)
return remotecis.get_all_remotecis(team['id'])
def get_file_object(file_id):
return v1_utils.verify_existence_and_get(file_id, _TABLE)
