Launchpad itself

Merge ~cjwatson/launchpad:fix-uploader-oci-distribution-credentials into launchpad:master

  1. Git
  2. lp:~cjwatson/launchpad
  3. fix-uploader-oci-distribution-credentials
  4. Merge into master
Proposed by Colin Watson
Status: Merged
Approved by: Colin Watson
Approved revision: 28bbe8a05b780419d36a1d782c1872427e14bf0e
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~cjwatson/launchpad:fix-uploader-oci-distribution-credentials
Merge into: launchpad:master
Diff against target: 72 lines (+37/-1)
2 files modified
database/schema/security.cfg (+1/-0)
lib/lp/archiveuploader/tests/test_ocirecipeupload.py (+36/-1)
Reviewer Review Type Date Requested Status
Tom Wardill (community) Approve
Review via email: mp+398695@code.launchpad.net

Commit message

Grant SELECT OCIRegistryCredentials to uploader

Description of the change

`OCIRecipe.push_rules` is evaluated (indirectly) from `OCIRecipeBuild.updateStatus`, and may now use `Distribution.oci_registry_credentials`, so grant the uploader the access it needs for that.

To post a comment you must log in.
Revision history for this message
Tom Wardill (twom) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/database/schema/security.cfg b/database/schema/security.cfg
index 0c91022..4a3770c 100644
--- a/database/schema/security.cfg
+++ b/database/schema/security.cfg
@@ -1450,6 +1450,7 @@ public.ocipushrule = SELECT
1450public.ocirecipe = SELECT, UPDATE1450public.ocirecipe = SELECT, UPDATE
1451public.ocirecipebuild = SELECT, UPDATE1451public.ocirecipebuild = SELECT, UPDATE
1452public.ocirecipebuildjob = SELECT, INSERT, UPDATE1452public.ocirecipebuildjob = SELECT, INSERT, UPDATE
1453public.ociregistrycredentials = SELECT
1453public.openididentifier = SELECT1454public.openididentifier = SELECT
1454public.packagecopyjob = SELECT, INSERT1455public.packagecopyjob = SELECT, INSERT
1455public.packagediff = SELECT, INSERT, UPDATE, DELETE1456public.packagediff = SELECT, INSERT, UPDATE, DELETE
diff --git a/lib/lp/archiveuploader/tests/test_ocirecipeupload.py b/lib/lp/archiveuploader/tests/test_ocirecipeupload.py
index 75e2455..13b577b 100644
--- a/lib/lp/archiveuploader/tests/test_ocirecipeupload.py
+++ b/lib/lp/archiveuploader/tests/test_ocirecipeupload.py
@@ -21,12 +21,13 @@ from lp.archiveuploader.uploadprocessor import (
21 )21 )
22from lp.buildmaster.enums import BuildStatus22from lp.buildmaster.enums import BuildStatus
23from lp.oci.interfaces.ocirecipe import OCI_RECIPE_ALLOW_CREATE23from lp.oci.interfaces.ocirecipe import OCI_RECIPE_ALLOW_CREATE
24from lp.oci.tests.helpers import OCIConfigHelperMixin
24from lp.services.features.testing import FeatureFixture25from lp.services.features.testing import FeatureFixture
25from lp.services.osutils import write_file26from lp.services.osutils import write_file
26from lp.services.propertycache import get_property_cache27from lp.services.propertycache import get_property_cache
2728
2829
29class TestOCIRecipeUploads(TestUploadProcessorBase):30class TestOCIRecipeUploads(OCIConfigHelperMixin, TestUploadProcessorBase):
3031
31 def setUp(self):32 def setUp(self):
32 super(TestOCIRecipeUploads, self).setUp()33 super(TestOCIRecipeUploads, self).setUp()
@@ -77,6 +78,40 @@ class TestOCIRecipeUploads(TestUploadProcessorBase):
77 self.assertEqual(BuildStatus.FULLYBUILT, self.build.status)78 self.assertEqual(BuildStatus.FULLYBUILT, self.build.status)
78 self.assertTrue(self.build.verifySuccessfulUpload())79 self.assertTrue(self.build.verifySuccessfulUpload())
7980
81 def test_sets_build_and_state_distribution_credentials(self):
82 # The upload processor uploads files and sets the correct status for
83 # an OCIRecipeBuild with distribution credentials.
84 self.switchToAdmin()
85 self.setConfig()
86 distribution = self.factory.makeDistribution()
87 distribution.oci_registry_credentials = (
88 self.factory.makeOCIRegistryCredentials())
89 oci_project = self.factory.makeOCIProject(pillar=distribution)
90 recipe = self.factory.makeOCIRecipe(oci_project=oci_project)
91 build = self.factory.makeOCIRecipeBuild(recipe=recipe)
92 oci_project.setOfficialRecipeStatus(recipe, True)
93 Store.of(build).flush()
94 self.switchToUploader()
95
96 self.assertFalse(build.verifySuccessfulUpload())
97 del get_property_cache(build).manifest
98 del get_property_cache(build).digests
99 upload_dir = os.path.join(
100 self.incoming_folder, "test", str(build.id), "ubuntu")
101 write_file(os.path.join(upload_dir, "layer_1.tar.gz"), b"layer_1")
102 write_file(os.path.join(upload_dir, "layer_2.tar.gz"), b"layer_2")
103 write_file(
104 os.path.join(upload_dir, "digests.json"), json.dumps(self.digests))
105 write_file(os.path.join(upload_dir, "manifest.json"), b"manifest")
106 handler = UploadHandler.forProcessor(
107 self.uploadprocessor, self.incoming_folder, "test", build)
108 result = handler.processOCIRecipe(self.log)
109 self.assertEqual(
110 UploadStatusEnum.ACCEPTED, result,
111 "OCI upload failed\nGot: %s" % self.log.getLogBuffer())
112 self.assertEqual(BuildStatus.FULLYBUILT, build.status)
113 self.assertTrue(build.verifySuccessfulUpload())
114
80 def test_requires_digests(self):115 def test_requires_digests(self):
81 # The upload processor fails if the upload does not contain the116 # The upload processor fails if the upload does not contain the
82 # digests file117 # digests file

Subscribers

People subscribed via source and target branches

to status/vote changes: