Launchpad itself

Merge ~cjwatson/launchpad:filemap-issue-macaroons into launchpad:master

  1. Git
  2. lp:~cjwatson/launchpad
  3. filemap-issue-macaroons
  4. Merge into master
Proposed by Colin Watson
Status: Merged
Approved by: Colin Watson
Approved revision: 607c404196db6bee5e9ced1679bf8ca0366cfafd
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~cjwatson/launchpad:filemap-issue-macaroons
Merge into: launchpad:master
Diff against target: 191 lines (+42/-16)
4 files modified
lib/lp/buildmaster/interfaces/buildfarmjobbehaviour.py (+3/-2)
lib/lp/buildmaster/model/buildfarmjobbehaviour.py (+3/-2)
lib/lp/soyuz/model/binarypackagebuildbehaviour.py (+7/-3)
lib/lp/soyuz/tests/test_binarypackagebuildbehaviour.py (+29/-9)
Reviewer Review Type Date Requested Status
Thiago F. Pappacena (community) Approve
Review via email: mp+401481@code.launchpad.net

Commit message

Issue macaroons for BinaryPackageBuild filemaps

Description of the change

This removes the last use of the old buildd secret from build dispatch code, paving the way for it to be removed entirely.

To post a comment you must log in.
Revision history for this message
Thiago F. Pappacena (pappacena) wrote :

LGTM

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/lib/lp/buildmaster/interfaces/buildfarmjobbehaviour.py b/lib/lp/buildmaster/interfaces/buildfarmjobbehaviour.py
2index d210d64..651bd05 100644
3--- a/lib/lp/buildmaster/interfaces/buildfarmjobbehaviour.py
4+++ b/lib/lp/buildmaster/interfaces/buildfarmjobbehaviour.py
5@@ -1,4 +1,4 @@
6-# Copyright 2009-2019 Canonical Ltd. This software is licensed under the
7+# Copyright 2009-2021 Canonical Ltd. This software is licensed under the
8 # GNU Affero General Public License version 3 (see the file LICENSE).
9
10 """Interface for build farm job behaviours."""
11@@ -39,7 +39,8 @@ class IBuildFarmJobBehaviour(Interface):
12 def determineFilesToSend():
13 """Work out which files to send to the builder.
14
15- :return: A dict mapping filenames to dicts as follows::
16+ :return: A dict mapping filenames to dicts as follows, or a Deferred
17+ resulting in the same::
18 'sha1': SHA-1 of file content
19 'url': URL from which the builder can fetch content
20 'username' (optional): username to authenticate as
21diff --git a/lib/lp/buildmaster/model/buildfarmjobbehaviour.py b/lib/lp/buildmaster/model/buildfarmjobbehaviour.py
22index e0d5380..0572cda 100644
23--- a/lib/lp/buildmaster/model/buildfarmjobbehaviour.py
24+++ b/lib/lp/buildmaster/model/buildfarmjobbehaviour.py
25@@ -1,4 +1,4 @@
26-# Copyright 2009-2020 Canonical Ltd. This software is licensed under the
27+# Copyright 2009-2021 Canonical Ltd. This software is licensed under the
28 # GNU Affero General Public License version 3 (see the file LICENSE).
29
30 """Base and idle BuildFarmJobBehaviour classes."""
31@@ -106,9 +106,10 @@ class BuildFarmJobBehaviourBase:
32 @defer.inlineCallbacks
33 def composeBuildRequest(self, logger):
34 args = yield self.extraBuildArgs(logger=logger)
35+ filemap = yield self.determineFilesToSend()
36 defer.returnValue(
37 (self.builder_type, self.distro_arch_series, self.pocket,
38- self.determineFilesToSend(), args))
39+ filemap, args))
40
41 def verifyBuildRequest(self, logger):
42 """The default behaviour is a no-op."""
43diff --git a/lib/lp/soyuz/model/binarypackagebuildbehaviour.py b/lib/lp/soyuz/model/binarypackagebuildbehaviour.py
44index 2876ac0..b34311c 100644
45--- a/lib/lp/soyuz/model/binarypackagebuildbehaviour.py
46+++ b/lib/lp/soyuz/model/binarypackagebuildbehaviour.py
47@@ -1,4 +1,4 @@
48-# Copyright 2009-2019 Canonical Ltd. This software is licensed under the
49+# Copyright 2009-2021 Canonical Ltd. This software is licensed under the
50 # GNU Affero General Public License version 3 (see the file LICENSE).
51
52 """Builder behaviour for binary package builds."""
53@@ -62,6 +62,7 @@ class BinaryPackageBuildBehaviour(BuildFarmJobBehaviourBase):
54 distroname, distroseriesname, archname, sourcename, version,
55 state))
56
57+ @defer.inlineCallbacks
58 def determineFilesToSend(self):
59 """See `IBuildFarmJobBehaviour`."""
60 # Build filemap structure with the files required in this build
61@@ -76,18 +77,21 @@ class BinaryPackageBuildBehaviour(BuildFarmJobBehaviourBase):
62 self.build.source_package_release.sourcepackagename.name,
63 self.build.current_component.name))
64 filemap = OrderedDict()
65+ macaroon_raw = None
66 for source_file in self.build.source_package_release.files:
67 lfa = source_file.libraryfile
68 if not self.build.archive.private:
69 filemap[lfa.filename] = {
70 'sha1': lfa.content.sha1, 'url': lfa.http_url}
71 else:
72+ if macaroon_raw is None:
73+ macaroon_raw = yield self.issueMacaroon()
74 filemap[lfa.filename] = {
75 'sha1': lfa.content.sha1,
76 'url': urlappend(pool_url, lfa.filename),
77 'username': 'buildd',
78- 'password': self.build.archive.buildd_secret}
79- return filemap
80+ 'password': macaroon_raw}
81+ defer.returnValue(filemap)
82
83 def verifyBuildRequest(self, logger):
84 """Assert some pre-build checks.
85diff --git a/lib/lp/soyuz/tests/test_binarypackagebuildbehaviour.py b/lib/lp/soyuz/tests/test_binarypackagebuildbehaviour.py
86index cc27742..0131ffb 100644
87--- a/lib/lp/soyuz/tests/test_binarypackagebuildbehaviour.py
88+++ b/lib/lp/soyuz/tests/test_binarypackagebuildbehaviour.py
89@@ -1,4 +1,4 @@
90-# Copyright 2010-2020 Canonical Ltd. This software is licensed under the
91+# Copyright 2010-2021 Canonical Ltd. This software is licensed under the
92 # GNU Affero General Public License version 3 (see the file LICENSE).
93
94 """Tests for BinaryPackageBuildBehaviour."""
95@@ -13,8 +13,14 @@ import shutil
96 import tempfile
97
98 from storm.store import Store
99-from testtools.matchers import MatchesListwise
100-from testtools.twistedsupport import AsynchronousDeferredRunTest
101+from testtools.matchers import (
102+ Equals,
103+ MatchesListwise,
104+ )
105+from testtools.twistedsupport import (
106+ AsynchronousDeferredRunTest,
107+ AsynchronousDeferredRunTestForBrokenTwisted,
108+ )
109 import transaction
110 from twisted.internet import defer
111 from zope.component import getUtility
112@@ -55,9 +61,11 @@ from lp.registry.interfaces.pocket import (
113 )
114 from lp.registry.interfaces.series import SeriesStatus
115 from lp.registry.interfaces.sourcepackage import SourcePackageFileType
116+from lp.services.authserver.testing import InProcessAuthServerFixture
117 from lp.services.config import config
118 from lp.services.librarian.interfaces import ILibraryFileAliasSet
119 from lp.services.log.logger import BufferLogger
120+from lp.services.macaroons.testing import MacaroonVerifies
121 from lp.services.statsd.tests import StatsMixin
122 from lp.services.webapp import canonical_url
123 from lp.soyuz.adapters.archivedependencies import (
124@@ -86,7 +94,8 @@ class TestBinaryBuildPackageBehaviour(StatsMixin, TestCaseWithFactory):
125 """
126
127 layer = LaunchpadZopelessLayer
128- run_tests_with = AsynchronousDeferredRunTest.make_factory(timeout=30)
129+ run_tests_with = AsynchronousDeferredRunTestForBrokenTwisted.make_factory(
130+ timeout=30)
131
132 def setUp(self):
133 super(TestBinaryBuildPackageBehaviour, self).setUp()
134@@ -98,10 +107,10 @@ class TestBinaryBuildPackageBehaviour(StatsMixin, TestCaseWithFactory):
135 chroot, archive, archive_purpose,
136 component=None, extra_uploads=None,
137 filemap_names=None):
138- expected = yield self.makeExpectedInteraction(
139+ matcher = yield self.makeExpectedInteraction(
140 builder, build, behaviour, chroot, archive, archive_purpose,
141 component, extra_uploads, filemap_names)
142- self.assertEqual(expected, call_log)
143+ self.assertThat(call_log, matcher)
144
145 @defer.inlineCallbacks
146 def makeExpectedInteraction(self, builder, build, behaviour, chroot,
147@@ -135,7 +144,10 @@ class TestBinaryBuildPackageBehaviour(StatsMixin, TestCaseWithFactory):
148 extra_uploads = []
149
150 upload_logs = [
151- ('ensurepresent',) + upload
152+ MatchesListwise(
153+ [Equals('ensurepresent')] +
154+ [item if hasattr(item, 'match') else Equals(item)
155+ for item in upload])
156 for upload in [(chroot.http_url, '', '')] + extra_uploads]
157
158 extra_args = {
159@@ -157,7 +169,9 @@ class TestBinaryBuildPackageBehaviour(StatsMixin, TestCaseWithFactory):
160 build_log = [
161 ('build', build.build_cookie, 'binarypackage',
162 chroot.content.sha1, filemap_names, extra_args)]
163- result = upload_logs + build_log
164+ result = MatchesListwise([
165+ item if hasattr(item, 'match') else Equals(item)
166+ for item in upload_logs + build_log])
167 defer.returnValue(result)
168
169 @defer.inlineCallbacks
170@@ -253,6 +267,9 @@ class TestBinaryBuildPackageBehaviour(StatsMixin, TestCaseWithFactory):
171
172 @defer.inlineCallbacks
173 def test_private_source_dispatch(self):
174+ self.useFixture(InProcessAuthServerFixture())
175+ self.pushConfig(
176+ "launchpad", internal_macaroon_secret_key="some-secret")
177 archive = self.factory.makeArchive(private=True)
178 slave = OkSlave()
179 builder = self.factory.makeBuilder()
180@@ -282,7 +299,10 @@ class TestBinaryBuildPackageBehaviour(StatsMixin, TestCaseWithFactory):
181 yield self.assertExpectedInteraction(
182 slave.call_log, builder, build, behaviour, lf, archive,
183 ArchivePurpose.PPA,
184- extra_uploads=[(sprf_url, 'buildd', 'sekrit')],
185+ extra_uploads=[
186+ (Equals(sprf_url),
187+ Equals('buildd'),
188+ MacaroonVerifies('binary-package-build', archive))],
189 filemap_names=[sprf.libraryfile.filename])
190
191 @defer.inlineCallbacks

Subscribers

People subscribed via source and target branches

to status/vote changes: