Пример #1
0
async def update_resources(resources):
    projects = await Projects.load(loader)

    for project in projects.values():
        for roleId in project.adminRoles:
            assert any(roleId.startswith(p) for p in ADMIN_ROLE_PREFIXES)
            resources.add(Role(
                roleId=roleId,
                description="",
                scopes=['assume:project-admin:{}'.format(project.name)]))
        if project.repos:
            resources.add(Role(
                roleId='project-admin:{}'.format(project.name),
                description="",
                scopes=['assume:repo-admin:{}'.format(repo)
                    for repo in project.repos]))
        if project.workerPools:
            for name, worker_pool in project.workerPools.items():
                worker_pool_id = 'proj-{}/{}'.format(project.name, name)
                if project.externallyManaged:
                    resources.manage('WorkerPool={}'.format(worker_pool_id))
                worker_pool['description'] = "Workers for " + project.name
                resources.add(build_worker_pool(worker_pool_id, worker_pool))
        if project.clients:
            for name, info in project.clients.items():
                clientId = 'project/{}/{}'.format(project.name, name)
                if project.externallyManaged:
                    resources.manage('Client={}'.format(client_id))
                description = info.get('description', '')
                scopes = info['scopes']
                resources.add(Client(
                    clientId=clientId,
                    description=description,
                    scopes=scopes))
        for grant in Grants.from_project(project):
            grant.update_resources(resources)
Пример #2
0
async def update_resources(resources, secret_values):
    projects = await Projects.load(loader)

    for project in projects.values():
        for roleId in project.adminRoles:
            assert any(roleId.startswith(p) for p in ADMIN_ROLE_PREFIXES)
            resources.add(
                Role(
                    roleId=roleId,
                    description="",
                    scopes=["assume:project-admin:{}".format(project.name)],
                ))
        if project.repos:
            for repo in project.repos:
                assert repo.endswith("/*") or repo.endswith(
                    ":*"
                ), "project.repos should end with `/*` or `:*`, got {}".format(
                    repo)
            resources.add(
                Role(
                    roleId="project-admin:{}".format(project.name),
                    description="",
                    scopes=[
                        "assume:repo-admin:{}".format(repo)
                        for repo in project.repos
                    ],
                ))
        if project.workerPools:
            for name, worker_pool in project.workerPools.items():
                worker_pool_id = "proj-{}/{}".format(project.name, name)
                worker_pool["description"] = "Workers for " + project.name
                worker_pool, secret = build_worker_pool(
                    worker_pool_id, worker_pool, secret_values)

                if project.externallyManaged.manage_individual_resources():
                    resources.manage("WorkerPool={}".format(worker_pool_id))
                    if secret:
                        resources.manage(
                            "Secret=worker-pool:{}".format(worker_pool_id))
                resources.add(worker_pool)
                if secret:
                    resources.add(secret)
        if project.clients:
            for name, info in project.clients.items():
                clientId = "project/{}/{}".format(project.name, name)
                if project.externallyManaged.manage_individual_resources():
                    resources.manage("Client={}".format(clientId))
                description = info.get("description", "")
                scopes = info["scopes"]
                resources.add(
                    Client(clientId=clientId,
                           description=description,
                           scopes=scopes))
        if project.secrets:
            for nameSuffix, info in project.secrets.items():
                if info is True:
                    continue
                name = "project/{}/{}".format(project.name, nameSuffix)
                if project.externallyManaged.manage_individual_resources():
                    resources.manage("Secret={}".format(name))
                if secret_values:
                    resources.add(
                        Secret(name=name, secret=secret_values.render(info)))
                else:
                    resources.add(Secret(name=name))
        if project.hooks:
            for hookId, info in project.hooks.items():
                hookGroupId = "project-{}".format(project.name)
                if project.externallyManaged.manage_individual_resources():
                    resources.manage("Hook={}/{}".format(hookGroupid, hookId))
                assert (
                    "bindings" not in info
                ), "Please add support for bindings to use this feature"
                resources.add(
                    Hook(
                        hookGroupId=hookGroupId,
                        hookId=hookId,
                        name=info.get("name", hookId),
                        description=info.get("description", ""),
                        owner=info["owner"],
                        emailOnError=info.get("emailOnError", False),
                        schedule=info.get("schedule", ()),
                        bindings=info.get("bindings", ()),
                        task=info["task"],
                        triggerSchema=info.get("triggerSchema", {}),
                    ))
        for grant in Grants.from_project(project):
            if project.externallyManaged.manage_individual_resources():
                for role in grant.to:
                    resources.manage("Role=" + re.escape(role))
            grant.update_resources(resources)
Пример #3
0
async def register_clients(resources):
    resources.manage("Client=project/servo/.*")
    for config in parse_yaml("clients.yml"):
        resources.add(Client(**config))