~rjarry/dlrepo

dlrepo: fmt: rework set/delete restrictions v1 APPLIED

Patches 1 and 2 add missing restrictions on deleting a job format.
Patch 3 is for allowing modification of an internal format even when the
job is locked.

Julien Floret (3):
  fmt: refuse deletion in product view
  fmt: refuse deletion if job is locked
  fmt: allow modifying internal format in locked job

 dlrepo/views/artifact.py |  2 +-
 dlrepo/views/fmt.py      | 12 ++++++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

-- 
2.39.2
#1137027 .build.yml failed
Hi,

Oops, I forgot to run "make lint". The changes made by black are
trivial formatting of long lines in patch 1.
Robin, do you want me to send a v2 of this series?
Julien


Le mer. 24 janv. 2024 à 14:39, Julien Floret <julien.floret@6wind.com> a écrit :
dlrepo/patches/.build.yml: FAILED in 32s

[fmt: rework set/delete restrictions][0] from [Julien Floret][1]

[0]: https://lists.sr.ht/~rjarry/dlrepo/patches/48858
[1]: mailto:julien.floret@6wind.com

✗ #1137027 FAILED dlrepo/patches/.build.yml https://builds.sr.ht/~rjarry/job/1137027
Julien Floret, Jan 24, 2024 at 14:55:
Next
Le mer. 24 janv. 2024 à 21:08, Robin Jarry <robin@jarry.cc> a écrit :
Next
Julien Floret, Jan 26, 2024 at 14:33:
Next
Export patchset (mbox)
How do I use this?

Copy & paste the following snippet into your terminal to import this patchset into git:

curl -s https://lists.sr.ht/~rjarry/dlrepo/patches/48858/mbox | git am -3
Learn more about email & git

[PATCH dlrepo 1/3] fmt: refuse deletion in product view Export this patch

Deleting product formats is not supported.

Fixes: 6de1f15cfcf8 ("format: add delete method")
Signed-off-by: Julien Floret <julien.floret@6wind.com>
Acked-by: Thomas Faivre <thomas.faivre@6wind.com>
---
 dlrepo/views/fmt.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/dlrepo/views/fmt.py b/dlrepo/views/fmt.py
index 33876764141c..fca4ae4cdc8b 100644
--- a/dlrepo/views/fmt.py
+++ b/dlrepo/views/fmt.py
@@ -78,7 +78,7 @@ class FormatDirView(BaseView):
        """
        loop = asyncio.get_running_loop()
        try:
            fmt = _get_format(self.repo(), self.request.match_info)
            fmt = _get_format(self.repo(), self.request.match_info, delete=True)
            await loop.run_in_executor(None, fmt.delete)
            self.repo().schedule_cleanup_orphans()
        except FileNotFoundError as e:
@@ -175,9 +175,11 @@ class FormatFileView(BaseView):


# --------------------------------------------------------------------------------------
def _get_format(repo, match_info, access_cb: Callable[[str], bool] = None):
def _get_format(repo, match_info, access_cb: Callable[[str], bool] = None, delete=False):
    try:
        if "product" in match_info:
            if delete:
                raise web.HTTPBadRequest(reason="Deleting product formats is not supported")
            fmt = (
                repo.get_product(match_info["product"])
                .get_variant(match_info["variant"])
-- 
2.39.2
Hi,

Oops, I forgot to run "make lint". The changes made by black are
trivial formatting of long lines in patch 1.
Robin, do you want me to send a v2 of this series?

Julien


Le mer. 24 janv. 2024 à 14:39, Julien Floret <julien.floret@6wind.com> a écrit :

[PATCH dlrepo 2/3] fmt: refuse deletion if job is locked Export this patch

A format should not be deleted in a locked job.

Fixes: 6de1f15cfcf8 ("format: add delete method")
Signed-off-by: Julien Floret <julien.floret@6wind.com>
Acked-by: Thomas Faivre <thomas.faivre@6wind.com>
---
 dlrepo/views/fmt.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/dlrepo/views/fmt.py b/dlrepo/views/fmt.py
index fca4ae4cdc8b..654d30468f77 100644
--- a/dlrepo/views/fmt.py
+++ b/dlrepo/views/fmt.py
@@ -188,12 +188,14 @@ def _get_format(repo, match_info, access_cb: Callable[[str], bool] = None, delet
                .get_format(match_info["format"])
            )
        else:
            fmt = (
            job = (
                repo.get_branch(match_info["branch"])
                .get_tag(match_info["tag"], access_cb)
                .get_job(match_info["job"])
                .get_format(match_info["format"])
            )
            fmt = job.get_format(match_info["format"])
            if delete and job.is_locked():
                raise web.HTTPBadRequest(reason="Cannot delete format: job is locked")
    except FileNotFoundError as e:
        raise web.HTTPNotFound() from e
    if not fmt.exists():
-- 
2.39.2

[PATCH dlrepo 3/3] fmt: allow modifying internal format in locked job Export this patch

Internal formats are not released and are not included in the
calculation of the job digest.
They can then be safely added to or deleted from a locked job, without
needing to unlock it prior, so the uploader will not need the "update"
access, only the "add" access.

It is useful to add extra info after a job has been released, like
test results, or transient data like CVE scans updated daily with an
up-to-date vulnerability database, without giving too many permissions
to the uploader.

Signed-off-by: Julien Floret <julien.floret@6wind.com>
Acked-by: Thomas Faivre <thomas.faivre@6wind.com>
---
 dlrepo/views/artifact.py | 2 +-
 dlrepo/views/fmt.py      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dlrepo/views/artifact.py b/dlrepo/views/artifact.py
index a6bf70a99442..dcd40ca992d2 100644
--- a/dlrepo/views/artifact.py
+++ b/dlrepo/views/artifact.py
@@ -61,7 +61,7 @@ class ArtifactView(BaseView):
                        raise web.HTTPBadRequest(
                            reason="Uploading container images must be done with docker push"
                        )
                if job.is_locked():
                if job.is_locked() and not fmt.is_internal():
                    raise web.HTTPBadRequest(
                        reason="Cannot upload files in locked jobs"
                    )
diff --git a/dlrepo/views/fmt.py b/dlrepo/views/fmt.py
index 654d30468f77..c4bba26488ec 100644
--- a/dlrepo/views/fmt.py
+++ b/dlrepo/views/fmt.py
@@ -194,7 +194,7 @@ def _get_format(repo, match_info, access_cb: Callable[[str], bool] = None, delet
                .get_job(match_info["job"])
            )
            fmt = job.get_format(match_info["format"])
            if delete and job.is_locked():
            if delete and job.is_locked() and not fmt.is_internal():
                raise web.HTTPBadRequest(reason="Cannot delete format: job is locked")
    except FileNotFoundError as e:
        raise web.HTTPNotFound() from e
-- 
2.39.2
dlrepo/patches/.build.yml: FAILED in 32s

[fmt: rework set/delete restrictions][0] from [Julien Floret][1]

[0]: https://lists.sr.ht/~rjarry/dlrepo/patches/48858
[1]: mailto:julien.floret@6wind.com

✗ #1137027 FAILED dlrepo/patches/.build.yml https://builds.sr.ht/~rjarry/job/1137027