def verify_repo_access(user): headers = flask.request.headers verify = headers.get("SSLVerify") fp = headers.get("SSLFingerprint") url = headers.get("X-Original-URI") if verify != "SUCCESS": raise dci_exc.DCIException(message="wrong SSLVerify header: %s" % verify, status_code=403) if len(splitpath(url)) < 3: raise dci_exc.DCIException(message="requested url is invalid: %s" % url, status_code=403) product_id, topic_id, component_id = splitpath(url)[:3] REMOTECIS = models.REMOTECIS query = sql.select([REMOTECIS]).where(REMOTECIS.c.cert_fp == fp) remoteci = flask.g.db_conn.execute(query) if remoteci.rowcount != 1: raise dci_exc.DCIException( message="remoteci fingerprint not found: %s" % fp, status_code=403) product = v1_utils.verify_existence_and_get(product_id, models.PRODUCTS) if product["state"] != "active": raise dci_exc.DCIException( message="product %s/%s is not active" % (product["name"], product["id"]), # noqa status_code=403) topic = v1_utils.verify_existence_and_get(topic_id, models.TOPICS) if topic["state"] != "active": raise dci_exc.DCIException(message="topic %s/%s is not active" % (topic["name"], topic["id"]), status_code=403) if str(topic["product_id"]) != str(product_id): raise dci_exc.DCIException( message="topic %s/%s does not belongs to product %s/%s" % (topic["name"], topic["id"], product["name"], product["id"]), status_code=403) component = v1_utils.verify_existence_and_get(component_id, models.COMPONENTS) if component["state"] != "active": raise dci_exc.DCIException( message="component %s/%s is not active" % (component["name"], component["id"]), # noqa status_code=403) if str(component["topic_id"]) != str(topic_id): raise dci_exc.DCIException( message="component %s/%s does not belongs to topic %s/%s" % (component["name"], component["id"], topic["name"], topic["id"]), status_code=403) team_id = remoteci.fetchone()["team_id"] team = v1_utils.verify_existence_and_get(team_id, models.TEAMS) if team["state"] != "active": raise dci_exc.DCIException(message="team %s/%s is not active" % (team["name"], team["id"]), status_code=403) team_ids = [team_id] if not export_control.is_teams_associated_to_product(team_ids, product_id): raise dci_exc.DCIException( message="team %s is not associated to the product %s" % (team["name"], product["name"]), status_code=403) if topic["export_control"] is True: return flask.Response(None, 200) if not export_control.is_teams_associated_to_topic(team_ids, topic_id): raise dci_exc.DCIException( message="team %s is not associated to the topic %s" % (team["name"], topic["name"]), # noqa status_code=403) return flask.Response(None, 200)
def get_component_by_id(user, c_id): component = v1_utils.verify_existence_and_get(c_id, _TABLE) v1_utils.verify_team_in_topic(user, component['topic_id']) auth.check_export_control(user, component) return base.get_resource_by_id(user, component, _TABLE, _EMBED_MANY)
def get_test_by_id(user, t_id): test = v1_utils.verify_existence_and_get(t_id, _TABLE) if not (auth.is_admin(user) or auth.is_in_team(user, test['team_id'])): raise auth.UNAUTHORIZED res = flask.jsonify({'test': test}) return res
def get_test_by_id(user, t_id): test = v1_utils.verify_existence_and_get(t_id, _TABLE) res = flask.jsonify({'test': test}) return res
def get_jobstate_by_id(user, js_id): jobstate = v1_utils.verify_existence_and_get(js_id, _TABLE) return base.get_resource_by_id(user, jobstate, _TABLE, _EMBED_MANY)
def get_team_by_id(user, t_id): team = v1_utils.verify_existence_and_get(t_id, _TABLE) if not (auth.is_admin(user) or auth.is_in_team(user, team['id'])): raise auth.UNAUTHORIZED return base.get_resource_by_id(user, team, _TABLE, _EMBED_MANY)
def get_jobs_status_from_components(user, topic_id, type_id): # List of job meaningfull job status for global overview # # ie. If current job status is running, we should retrieve status # from prior job. valid_status = [ 'failure', 'product-failure', 'deployment-failure', 'success' ] topic_id = v1_utils.verify_existence_and_get(topic_id, _TABLE, get_id=True) v1_utils.verify_team_in_topic(user, topic_id) # if the user is not the admin then filter by team_id team_id = user['team_id'] if not auth.is_admin(user) else None # Get list of all remotecis that are attached to a topic this type belongs # to fields = [ models.REMOTECIS.c.id.label('remoteci_id'), models.REMOTECIS.c.name.label('remoteci_name'), models.TEAMS.c.id.label('team_id'), models.TEAMS.c.name.label('team_name'), models.TOPICS.c.name.label('topic_name'), models.COMPONENTS.c.id.label('component_id'), models.COMPONENTS.c.name.label('component_name'), models.COMPONENTS.c.type.label('component_type'), models.JOBS.c.id.label('job_id'), models.JOBS.c.status.label('job_status'), models.JOBS.c.created_at.label('job_created_at') ] query = ( sql.select(fields).select_from( sql.join( models.REMOTECIS, models.JOBS, models.REMOTECIS.c.id == models.JOBS.c.remoteci_id, isouter=True).join( models.JOIN_JOBS_COMPONENTS, models.JOIN_JOBS_COMPONENTS.c.job_id == models.JOBS.c.id).join( models.COMPONENTS, models.COMPONENTS.c.id == models.JOIN_JOBS_COMPONENTS.c.component_id) # noqa .join( models.TOPICS, models.TOPICS.c.id == models.COMPONENTS.c.topic_id).join( models.TEAMS, models.TEAMS.c.id == models.JOBS.c.team_id)).where( sql.and_(models.REMOTECIS.c.state == 'active', models.JOBS.c.status.in_(valid_status), models.JOBS.c.state != 'archived', models.COMPONENTS.c.type == type_id, models.TOPICS.c.id == topic_id)).order_by( models.REMOTECIS.c.name, models.JOBS.c.created_at.desc()).distinct( models.REMOTECIS.c.name)) if team_id: query.append_whereclause(models.TEAMS.c.id == team_id) rcs = flask.g.db_conn.execute(query).fetchall() nb_row = len(rcs) return flask.jsonify({'jobs': rcs, '_meta': {'count': nb_row}})
def get_remoteci_by_id(user, r_id): remoteci = v1_utils.verify_existence_and_get(r_id, _TABLE) return base.get_resource_by_id(user, remoteci, _TABLE, _EMBED_MANY)
def get_tests_by_team(user, team_id): if not user.is_in_team(team_id): raise auth.UNAUTHORIZED team = v1_utils.verify_existence_and_get(team_id, _TABLE) return tests.get_all_tests(user, team['id'])
def get_all_components(user, topic_id): topic_id = v1_utils.verify_existence_and_get(topic_id, _TABLE, get_id=True) v1_utils.verify_team_in_topic(user, topic_id) return components.get_all_components(user, topic_id=topic_id)
def get_file_by_id(user, file_id): file = v1_utils.verify_existence_and_get(file_id, _TABLE) return base.get_resource_by_id(user, file, _TABLE, _EMBED_MANY)
def get_permission_by_id(user, permission_id): permission = v1_utils.verify_existence_and_get(permission_id, _TABLE) return base.get_resource_by_id(user, permission, _TABLE, _EMBED_MANY)
def get_jobdefinitions_by_test(user, test_id): test = v1_utils.verify_existence_and_get(test_id, _TABLE) if not (auth.is_admin(user) or auth.is_in_team(user, test['team_id'])): raise auth.UNAUTHORIZED return jobdefinitions.get_all_jobdefinitions(test['id'])
def get_jobdefinition_by_id(user, jd_id): jobdefinition = v1_utils.verify_existence_and_get(jd_id, _TABLE) return base.get_resource_by_id(user, jobdefinition, _TABLE, _EMBED_MANY)
def get_all_jobdefinitions_by_topic(user, topic_id): topic_id = v1_utils.verify_existence_and_get(topic_id, _TABLE, get_id=True) v1_utils.verify_team_in_topic(user, topic_id) return jobdefinitions.list_jobdefinitions(user, [topic_id], by_topic=True)
def get_all_components(user, topic_id): topic = v1_utils.verify_existence_and_get(topic_id, _TABLE) export_control.verify_access_to_topic(user, topic) return components.get_all_components(user, topic_id=topic['id'])
def get_tests_by_team(user, team_id): if user.is_in_team(team_id) and user.is_not_epm(): raise dci_exc.Unauthorized() team = v1_utils.verify_existence_and_get(team_id, _TABLE) return tests.get_all_tests_by_team(user, team['id'])
def get_configuration_by_id(user, r_id, c_id): v1_utils.verify_existence_and_get(r_id, _TABLE) configuration = v1_utils.verify_existence_and_get(c_id, _RCONFIGURATIONS) return base.get_resource_by_id(user, configuration, _RCONFIGURATIONS, None, resource_name='rconfiguration')
def get_team_by_id(user, t_id): team = v1_utils.verify_existence_and_get(t_id, _TABLE) if user.is_not_in_team(t_id) and user.is_not_epm(): raise dci_exc.Unauthorized() return base.get_resource_by_id(user, team, _TABLE, _EMBED_MANY)
def get_tests_by_team(user, team_id): team = v1_utils.verify_existence_and_get(team_id, _TABLE) return tests.get_all_tests(user, team['id'])
def get_product_by_id(user, product_id): product = v1_utils.verify_existence_and_get(product_id, _TABLE) return base.get_resource_by_id(user, product, _TABLE, _EMBED_MANY)
def get_remotecis_by_team(user, team_id): team = v1_utils.verify_existence_and_get(team_id, _TABLE) return remotecis.get_all_remotecis(team['id'])
def get_file_object(file_id): return v1_utils.verify_existence_and_get(file_id, _TABLE)