Merge lp:~timrchavez/launchpad/set_ppa_private_from_api_724740-4 into lp:launchpad
Status: | Merged |
---|---|
Approved by: | j.c.sackett |
Approved revision: | no longer in the source branch. |
Merged at revision: | 13276 |
Proposed branch: | lp:~timrchavez/launchpad/set_ppa_private_from_api_724740-4 |
Merge into: | lp:launchpad |
Diff against target: |
182 lines (+35/-15) 6 files modified
lib/lp/archivepublisher/scripts/generate_ppa_htaccess.py (+1/-1) lib/lp/buildmaster/model/buildfarmjob.py (+3/-3) lib/lp/registry/model/distributionsourcepackage.py (+1/-1) lib/lp/soyuz/browser/archive.py (+2/-3) lib/lp/soyuz/model/archive.py (+20/-3) lib/lp/soyuz/tests/test_archive_privacy.py (+8/-4) |
To merge this branch: | bzr merge lp:~timrchavez/launchpad/set_ppa_private_from_api_724740-4 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
j.c.sackett (community) | Approve | ||
Review via email: mp+64840@code.launchpad.net |
This proposal supersedes a proposal from 2011-06-09.
Commit message
[r=jcsackett][bug=724740] Provides facility to set a PPA private via the API
Description of the change
SUMMARY
As described by LP #724740, making a PPA private via the API is currently not possible.
PROPOSED FIX
Making a PPA private or public is not simply a boolean assignment. When a PPA is made private, a buildd_secret must be set and if it is made public again, the buildd_secret must be discarded. To avoid leakage / exposure of the buildd_secret it must be auto-generated internally rather than provided by the user via the API.
PRE-IMPLEMENTATION NOTES
The original plan that I discussed with Julian was to make the private attribute on IArchivePublic read-only, add a mutator, push all the _validate_
After speaking with Robert, I went with his Python properties suggestion so that both internal and external had a common interface for setting PPA privacy.
IMPLEMENTATION DETAILS
Because making a PPA private is more than just a boolean assignment, we use a Python setter to make the PPA private or public and to generate a buildd_secret as necessary.
Some things I learned from this approach:
Thinking that the 'updateContextF
It turns out that the 'buildd_secret' attribute was being set to None (the value passed via the form), after the 'private' attribute was being set (and we generated and set a new buildd_secret). The solution to this problem was to just remove the token creation bit from 'updateContextF
Using a Python getter and setter for the private attribute broke Storm expressions. The "workaround" for this problem was to provide the Storm expressions with the underlying _private attribute that the private getter and setter access / manipulate.
TESTS
testr run -- -t test_archive_
I wrote an additional two tests in test_archive_
DEMO AND Q/A
To demo this you could write a small app which sets the 'private' attribute to True for a public PPA. Without this change, after calling lp_save() the value will revert back to False. With this change it should remain True. For example,
from launchpadlib.
launchpad = Launchpad.
'test', service_root='https:/
user = launchpad.
ppa = user.getPPAByNa
ppa.private = True
ppa.lp_save()
print ppa.private
You could also go into the Archive web view and verify that the "Private" field is checked.
To verify there is no UI regression, you can go into the Archive web view, check the "Private" field, click Save, and then go back into the Archive web view to verify a buildd_secret has been generated and set for you (this sort of begs the question why this field even exists, though :))
LINT
= Launchpad lint =
Checking for conflicts and issues in changed files.
Linting changed files:
lib/lp/
lib/lp/
lib/lp/
./lib/lp/
344: redefinition of function 'private' from line 340
make: *** [lint] Error 1
Apparently lint doesn't like this way of defining Python getters and setters?
[1] https:/
[2] lib/lp/
Hi Tim--
This looks pretty good, I have one comment (regarding the lint issue you pointed out) and one question regarding sourcedeps.cache
> === modified file 'lib/lp/ soyuz/model/ archive. py' soyuz/model/ archive. py 2011-06-07 05:02:53 +0000 soyuz/model/ archive. py 2011-06-09 03:09:34 +0000 dbName= 'publish' , notNull=True, default=True) dbName= 'private' , notNull=True, default=False, dbName= 'private' , notNull=True, default=False, =_validate_ archive_ privacy) chive)
> --- lib/lp/
> +++ lib/lp/
> @@ -259,7 +260,7 @@
>
> publish = BoolCol(
>
> - private = BoolCol(
> + _private = BoolCol(
> storm_validator
>
> require_virtualized = BoolCol(
> @@ -324,6 +325,19 @@
> alsoProvides(self, IDistributionAr
>
> @property
> + def private(self):
> + return self._private
> +
> + @private.setter
> + def private(self, private):
> + self._private = private
> + if private:
> + if not self.buildd_secret:
> + self.buildd_secret = create_token(20)
> + else:
> + self.buildd_secret = Nonek
> +
> + @property
> def title(self):
> """See `IArchive`."""
> return self.displayname
I may be out of date, but the way I've usually seen this done is
+ def _get_private(self): _get_private, _set_private)
+ return self._private
+
+ def _set_private(self):
+ self._private = private
+ if private:
+ if not self.buildd_secret:
+ self.buildd_secret = create_token(20)
+ else:
+ self.buildd_secret = None
+ private = property(
I see that .setter attr was introduced on the @property decorator
in 2.6; it's possible lint wasn't updated to catch this.
As @property.setter works, there's no need to change this, just providing an explanation. It may be worth it to add a comment indicating lint will complain so other people changing this file don't have to figure it out again themselves.
> === modified file 'utilities/ sourcedeps. cache' sourcedeps. cache 2011-06-01 18:58:15 +0000 sourcedeps. cache 2011-06-09 03:09:34 +0000
> --- utilities/
> +++ utilities/
> @@ -1,4 +1,8 @@
> {
> + "bzr-builder": [
> + 68,
> + "<email address hidden>"
> + ],
> "testresources": [
> 16,
> "<email address hidden>"
> @@ -27,18 +31,14 @@
> 24,
> "<email address hidden>"
> ],
> + "lpreview": [
> + 23,
> + "<email address hidden>"
> + ],
> "bzr-git": [
> 259,
> "<email address hidden>"
> ],
> - "loggerhead": [
> - 445,
> - "<email address hidden>"
> - ],
> - "bzr-builder": [
> - 68,
> - "<email address hidden>"
> - ],
> "bzr-loom": [
> 49,
> "<email address hidden>"
> @@ -47,9 +47,9 @@
> 4,
> "sinzui-20...