Merge ~cjwatson/launchpad:fix-uploader-oci-distribution-credentials into launchpad:master

Proposed by Colin Watson
Status: Merged
Approved by: Colin Watson
Approved revision: 28bbe8a05b780419d36a1d782c1872427e14bf0e
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~cjwatson/launchpad:fix-uploader-oci-distribution-credentials
Merge into: launchpad:master
Diff against target: 72 lines (+37/-1)
2 files modified
database/schema/security.cfg (+1/-0)
lib/lp/archiveuploader/tests/test_ocirecipeupload.py (+36/-1)
Reviewer Review Type Date Requested Status
Tom Wardill (community) Approve
Review via email: mp+398695@code.launchpad.net

Commit message

Grant SELECT OCIRegistryCredentials to uploader

Description of the change

`OCIRecipe.push_rules` is evaluated (indirectly) from `OCIRecipeBuild.updateStatus`, and may now use `Distribution.oci_registry_credentials`, so grant the uploader the access it needs for that.

To post a comment you must log in.
Revision history for this message
Tom Wardill (twom) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/database/schema/security.cfg b/database/schema/security.cfg
2index 0c91022..4a3770c 100644
3--- a/database/schema/security.cfg
4+++ b/database/schema/security.cfg
5@@ -1450,6 +1450,7 @@ public.ocipushrule = SELECT
6 public.ocirecipe = SELECT, UPDATE
7 public.ocirecipebuild = SELECT, UPDATE
8 public.ocirecipebuildjob = SELECT, INSERT, UPDATE
9+public.ociregistrycredentials = SELECT
10 public.openididentifier = SELECT
11 public.packagecopyjob = SELECT, INSERT
12 public.packagediff = SELECT, INSERT, UPDATE, DELETE
13diff --git a/lib/lp/archiveuploader/tests/test_ocirecipeupload.py b/lib/lp/archiveuploader/tests/test_ocirecipeupload.py
14index 75e2455..13b577b 100644
15--- a/lib/lp/archiveuploader/tests/test_ocirecipeupload.py
16+++ b/lib/lp/archiveuploader/tests/test_ocirecipeupload.py
17@@ -21,12 +21,13 @@ from lp.archiveuploader.uploadprocessor import (
18 )
19 from lp.buildmaster.enums import BuildStatus
20 from lp.oci.interfaces.ocirecipe import OCI_RECIPE_ALLOW_CREATE
21+from lp.oci.tests.helpers import OCIConfigHelperMixin
22 from lp.services.features.testing import FeatureFixture
23 from lp.services.osutils import write_file
24 from lp.services.propertycache import get_property_cache
25
26
27-class TestOCIRecipeUploads(TestUploadProcessorBase):
28+class TestOCIRecipeUploads(OCIConfigHelperMixin, TestUploadProcessorBase):
29
30 def setUp(self):
31 super(TestOCIRecipeUploads, self).setUp()
32@@ -77,6 +78,40 @@ class TestOCIRecipeUploads(TestUploadProcessorBase):
33 self.assertEqual(BuildStatus.FULLYBUILT, self.build.status)
34 self.assertTrue(self.build.verifySuccessfulUpload())
35
36+ def test_sets_build_and_state_distribution_credentials(self):
37+ # The upload processor uploads files and sets the correct status for
38+ # an OCIRecipeBuild with distribution credentials.
39+ self.switchToAdmin()
40+ self.setConfig()
41+ distribution = self.factory.makeDistribution()
42+ distribution.oci_registry_credentials = (
43+ self.factory.makeOCIRegistryCredentials())
44+ oci_project = self.factory.makeOCIProject(pillar=distribution)
45+ recipe = self.factory.makeOCIRecipe(oci_project=oci_project)
46+ build = self.factory.makeOCIRecipeBuild(recipe=recipe)
47+ oci_project.setOfficialRecipeStatus(recipe, True)
48+ Store.of(build).flush()
49+ self.switchToUploader()
50+
51+ self.assertFalse(build.verifySuccessfulUpload())
52+ del get_property_cache(build).manifest
53+ del get_property_cache(build).digests
54+ upload_dir = os.path.join(
55+ self.incoming_folder, "test", str(build.id), "ubuntu")
56+ write_file(os.path.join(upload_dir, "layer_1.tar.gz"), b"layer_1")
57+ write_file(os.path.join(upload_dir, "layer_2.tar.gz"), b"layer_2")
58+ write_file(
59+ os.path.join(upload_dir, "digests.json"), json.dumps(self.digests))
60+ write_file(os.path.join(upload_dir, "manifest.json"), b"manifest")
61+ handler = UploadHandler.forProcessor(
62+ self.uploadprocessor, self.incoming_folder, "test", build)
63+ result = handler.processOCIRecipe(self.log)
64+ self.assertEqual(
65+ UploadStatusEnum.ACCEPTED, result,
66+ "OCI upload failed\nGot: %s" % self.log.getLogBuffer())
67+ self.assertEqual(BuildStatus.FULLYBUILT, build.status)
68+ self.assertTrue(build.verifySuccessfulUpload())
69+
70 def test_requires_digests(self):
71 # The upload processor fails if the upload does not contain the
72 # digests file

Subscribers

People subscribed via source and target branches

to status/vote changes: