async def update_resources(resources): projects = await Projects.load(loader) for project in projects.values(): for roleId in project.adminRoles: assert any(roleId.startswith(p) for p in ADMIN_ROLE_PREFIXES) resources.add(Role( roleId=roleId, description="", scopes=['assume:project-admin:{}'.format(project.name)])) if project.repos: resources.add(Role( roleId='project-admin:{}'.format(project.name), description="", scopes=['assume:repo-admin:{}'.format(repo) for repo in project.repos])) if project.workerPools: for name, worker_pool in project.workerPools.items(): worker_pool_id = 'proj-{}/{}'.format(project.name, name) if project.externallyManaged: resources.manage('WorkerPool={}'.format(worker_pool_id)) worker_pool['description'] = "Workers for " + project.name resources.add(build_worker_pool(worker_pool_id, worker_pool)) if project.clients: for name, info in project.clients.items(): clientId = 'project/{}/{}'.format(project.name, name) if project.externallyManaged: resources.manage('Client={}'.format(client_id)) description = info.get('description', '') scopes = info['scopes'] resources.add(Client( clientId=clientId, description=description, scopes=scopes)) for grant in Grants.from_project(project): grant.update_resources(resources)
async def update_resources(resources, secret_values): projects = await Projects.load(loader) for project in projects.values(): for roleId in project.adminRoles: assert any(roleId.startswith(p) for p in ADMIN_ROLE_PREFIXES) resources.add( Role( roleId=roleId, description="", scopes=["assume:project-admin:{}".format(project.name)], )) if project.repos: for repo in project.repos: assert repo.endswith("/*") or repo.endswith( ":*" ), "project.repos should end with `/*` or `:*`, got {}".format( repo) resources.add( Role( roleId="project-admin:{}".format(project.name), description="", scopes=[ "assume:repo-admin:{}".format(repo) for repo in project.repos ], )) if project.workerPools: for name, worker_pool in project.workerPools.items(): worker_pool_id = "proj-{}/{}".format(project.name, name) worker_pool["description"] = "Workers for " + project.name worker_pool, secret = build_worker_pool( worker_pool_id, worker_pool, secret_values) if project.externallyManaged.manage_individual_resources(): resources.manage("WorkerPool={}".format(worker_pool_id)) if secret: resources.manage( "Secret=worker-pool:{}".format(worker_pool_id)) resources.add(worker_pool) if secret: resources.add(secret) if project.clients: for name, info in project.clients.items(): clientId = "project/{}/{}".format(project.name, name) if project.externallyManaged.manage_individual_resources(): resources.manage("Client={}".format(clientId)) description = info.get("description", "") scopes = info["scopes"] resources.add( Client(clientId=clientId, description=description, scopes=scopes)) if project.secrets: for nameSuffix, info in project.secrets.items(): if info is True: continue name = "project/{}/{}".format(project.name, nameSuffix) if project.externallyManaged.manage_individual_resources(): resources.manage("Secret={}".format(name)) if secret_values: resources.add( Secret(name=name, secret=secret_values.render(info))) else: resources.add(Secret(name=name)) if project.hooks: for hookId, info in project.hooks.items(): hookGroupId = "project-{}".format(project.name) if project.externallyManaged.manage_individual_resources(): resources.manage("Hook={}/{}".format(hookGroupid, hookId)) assert ( "bindings" not in info ), "Please add support for bindings to use this feature" resources.add( Hook( hookGroupId=hookGroupId, hookId=hookId, name=info.get("name", hookId), description=info.get("description", ""), owner=info["owner"], emailOnError=info.get("emailOnError", False), schedule=info.get("schedule", ()), bindings=info.get("bindings", ()), task=info["task"], triggerSchema=info.get("triggerSchema", {}), )) for grant in Grants.from_project(project): if project.externallyManaged.manage_individual_resources(): for role in grant.to: resources.manage("Role=" + re.escape(role)) grant.update_resources(resources)
async def register_clients(resources): resources.manage("Client=project/servo/.*") for config in parse_yaml("clients.yml"): resources.add(Client(**config))