Launchpad itself

Merge lp:~cjwatson/launchpad/refactor-code-import-macaroons into lp:launchpad

  1. refactor-code-import-macaroons
  2. Merge into devel
Proposed by Colin Watson
Status: Merged
Merged at revision: 18948
Proposed branch: lp:~cjwatson/launchpad/refactor-code-import-macaroons
Merge into: lp:launchpad
Prerequisite: lp:~cjwatson/launchpad/refactor-macaroon-testing
Diff against target: 166 lines (+54/-16)
3 files modified
lib/lp/code/model/codeimportjob.py (+21/-1)
lib/lp/code/model/tests/test_codeimportjob.py (+30/-0)
lib/lp/code/xmlrpc/git.py (+3/-15)
To merge this branch: bzr merge lp:~cjwatson/launchpad/refactor-code-import-macaroons
Reviewer Review Type Date Requested Status
William Grant code Approve
Review via email: mp+365871@code.launchpad.net

Commit message

Push repository -> job inference down from GitAPI to the macaroon issuer.

Description of the change

I think this makes slightly more logical sense, and it will shortly make it easier to cope with the case where a different macaroon issuer might be involved.

To post a comment you must log in.
Revision history for this message
William Grant (wgrant) :
review: Approve (code)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'lib/lp/code/model/codeimportjob.py'
2--- lib/lp/code/model/codeimportjob.py 2019-04-25 21:57:30 +0000
3+++ lib/lp/code/model/codeimportjob.py 2019-04-26 13:14:40 +0000
4@@ -27,6 +27,7 @@
5 CodeImportMachineState,
6 CodeImportResultStatus,
7 CodeImportReviewStatus,
8+ GitRepositoryType,
9 RevisionControlSystems,
10 )
11 from lp.code.interfaces.branch import IBranch
12@@ -34,6 +35,7 @@
13 branch_id_alias,
14 compose_public_url,
15 )
16+from lp.code.interfaces.codeimport import ICodeImportSet
17 from lp.code.interfaces.codeimportevent import ICodeImportEventSet
18 from lp.code.interfaces.codeimportjob import (
19 ICodeImportJob,
20@@ -43,6 +45,7 @@
21 )
22 from lp.code.interfaces.codeimportmachine import ICodeImportMachineSet
23 from lp.code.interfaces.codeimportresult import ICodeImportResultSet
24+from lp.code.interfaces.gitrepository import IGitRepository
25 from lp.code.model.codeimportresult import CodeImportResult
26 from lp.registry.interfaces.person import validate_public_person
27 from lp.services.config import config
28@@ -433,7 +436,24 @@
29 return context.id
30
31 def checkVerificationContext(self, context):
32- """See `MacaroonIssuerBase`."""
33+ """See `MacaroonIssuerBase`.
34+
35+ For verification, the context may be an `ICodeImportJob`, in which
36+ case we check that the context job is currently running; or it may
37+ be an `IGitRepository`, in which case we check that the repository
38+ is an imported repository with an associated code import, and then
39+ perform the previously-stated check on its code import job.
40+ """
41+ if IGitRepository.providedBy(context):
42+ if context.repository_type != GitRepositoryType.IMPORTED:
43+ raise BadMacaroonContext(
44+ context, "%r is not an IMPORTED repository." % context)
45+ code_import = getUtility(ICodeImportSet).getByGitRepository(
46+ context)
47+ if code_import is None:
48+ raise BadMacaroonContext(
49+ context, "%r does not have a code import." % context)
50+ context = code_import.import_job
51 if not ICodeImportJob.providedBy(context):
52 raise BadMacaroonContext(context)
53 if context.state != CodeImportJobState.RUNNING:
54
55=== modified file 'lib/lp/code/model/tests/test_codeimportjob.py'
56--- lib/lp/code/model/tests/test_codeimportjob.py 2019-04-25 21:57:30 +0000
57+++ lib/lp/code/model/tests/test_codeimportjob.py 2019-04-26 13:14:40 +0000
58@@ -34,6 +34,7 @@
59 CodeImportJobState,
60 CodeImportResultStatus,
61 CodeImportReviewStatus,
62+ GitRepositoryType,
63 TargetRevisionControlSystems,
64 )
65 from lp.code.interfaces.codehosting import (
66@@ -1326,6 +1327,7 @@
67 getUtility(ICodeImportJobWorkflow).startJob(job, machine)
68 macaroon = removeSecurityProxy(issuer).issueMacaroon(job)
69 self.assertMacaroonVerifies(issuer, macaroon, job)
70+ self.assertMacaroonVerifies(issuer, macaroon, job.code_import.target)
71
72 def test_verifyMacaroon_good_no_context(self):
73 machine = self.factory.makeCodeImportMachine(set_online=True)
74@@ -1335,6 +1337,8 @@
75 macaroon = removeSecurityProxy(issuer).issueMacaroon(job)
76 self.assertMacaroonVerifies(
77 issuer, macaroon, job, require_context=False)
78+ self.assertMacaroonVerifies(
79+ issuer, macaroon, job.code_import.target, require_context=False)
80
81 def test_verifyMacaroon_no_context_but_require_context(self):
82 machine = self.factory.makeCodeImportMachine(set_online=True)
83@@ -1374,6 +1378,25 @@
84 ["Signatures do not match"],
85 issuer, macaroon, job, require_context=False)
86
87+ def test_verifyMacaroon_hosted_repository(self):
88+ job = self.makeJob()
89+ issuer = getUtility(IMacaroonIssuer, "code-import-job")
90+ macaroon = removeSecurityProxy(issuer).issueMacaroon(job)
91+ repository = self.factory.makeGitRepository()
92+ self.assertMacaroonDoesNotVerify(
93+ ["%r is not an IMPORTED repository." % repository],
94+ issuer, macaroon, repository)
95+
96+ def test_verifyMacaroon_repository_with_no_code_import(self):
97+ job = self.makeJob()
98+ issuer = getUtility(IMacaroonIssuer, "code-import-job")
99+ macaroon = removeSecurityProxy(issuer).issueMacaroon(job)
100+ repository = self.factory.makeGitRepository(
101+ repository_type=GitRepositoryType.IMPORTED)
102+ self.assertMacaroonDoesNotVerify(
103+ ["%r does not have a code import." % repository],
104+ issuer, macaroon, repository)
105+
106 def test_verifyMacaroon_not_running(self):
107 job = self.makeJob()
108 issuer = getUtility(IMacaroonIssuer, "code-import-job")
109@@ -1381,6 +1404,9 @@
110 self.assertMacaroonDoesNotVerify(
111 ["%r is not in the RUNNING state." % job],
112 issuer, macaroon, job)
113+ self.assertMacaroonDoesNotVerify(
114+ ["%r is not in the RUNNING state." % job],
115+ issuer, macaroon, job.code_import.target)
116
117 def test_verifyMacaroon_wrong_job(self):
118 machine = self.factory.makeCodeImportMachine(set_online=True)
119@@ -1393,3 +1419,7 @@
120 ["Caveat check for 'lp.code-import-job %s' failed." %
121 other_job.id],
122 issuer, macaroon, job)
123+ self.assertMacaroonDoesNotVerify(
124+ ["Caveat check for 'lp.code-import-job %s' failed." %
125+ other_job.id],
126+ issuer, macaroon, job.code_import.target)
127
128=== modified file 'lib/lp/code/xmlrpc/git.py'
129--- lib/lp/code/xmlrpc/git.py 2019-04-24 00:05:44 +0000
130+++ lib/lp/code/xmlrpc/git.py 2019-04-26 13:14:40 +0000
131@@ -1,4 +1,4 @@
132-# Copyright 2015-2018 Canonical Ltd. This software is licensed under the
133+# Copyright 2015-2019 Canonical Ltd. This software is licensed under the
134 # GNU Affero General Public License version 3 (see the file LICENSE).
135
136 """Implementations of the XML-RPC APIs for Git."""
137@@ -40,7 +40,6 @@
138 InvalidNamespace,
139 )
140 from lp.code.interfaces.codehosting import LAUNCHPAD_ANONYMOUS
141-from lp.code.interfaces.codeimport import ICodeImportSet
142 from lp.code.interfaces.gitapi import IGitAPI
143 from lp.code.interfaces.githosting import IGitHostingClient
144 from lp.code.interfaces.gitjob import IGitRefScanJobSource
145@@ -91,19 +90,8 @@
146 issuer = getUtility(IMacaroonIssuer, macaroon.identifier)
147 except ComponentLookupError:
148 return False
149- if repository is not None:
150- if repository.repository_type != GitRepositoryType.IMPORTED:
151- return False
152- code_import = getUtility(ICodeImportSet).getByGitRepository(
153- repository)
154- if code_import is None:
155- return False
156- job = code_import.import_job
157- if job is None:
158- return False
159- else:
160- job = None
161- return issuer.verifyMacaroon(macaroon, job, require_context=False)
162+ return issuer.verifyMacaroon(
163+ macaroon, repository, require_context=False)
164
165 def _performLookup(self, requester, path, auth_params):
166 repository, extra_path = getUtility(IGitLookup).getByPath(path)