← Back to team overview

launchpad-reviewers team mailing list archive

Re: [Merge] lp:~cjwatson/launchpad/git-xmlrpc into lp:launchpad

 

Review: Needs Fixing code



Diff comments:

> === added file 'lib/lp/code/githosting.py'
> --- lib/lp/code/githosting.py	1970-01-01 00:00:00 +0000
> +++ lib/lp/code/githosting.py	2015-03-03 02:01:47 +0000
> @@ -0,0 +1,48 @@
> +# Copyright 2015 Canonical Ltd.  This software is licensed under the
> +# GNU Affero General Public License version 3 (see the file LICENSE).
> +
> +"""Communication with the Git hosting service."""
> +
> +__metaclass__ = type
> +__all__ = [
> +    'GitHostingClient',
> +    ]
> +
> +import json
> +from urlparse import urljoin
> +
> +import requests
> +
> +from lp.code.errors import GitRepositoryCreationFault
> +
> +
> +class GitHostingClient:
> +    """A client for the internal API provided by the Git hosting system."""
> +
> +    def __init__(self, endpoint):
> +        self.endpoint = endpoint
> +
> +    def _makeSession(self):
> +        session = requests.Session()
> +        session.trust_env = False
> +        return session
> +
> +    @property
> +    def timeout(self):
> +        # XXX cjwatson 2015-03-01: The hardcoded timeout at least means that
> +        # we don't lock tables indefinitely if the hosting service falls
> +        # over, but is there some more robust way to do this?
> +        return 5.0
> +
> +    def create(self, path):
> +        # XXX cjwatson 2015-03-01: Once we're on requests >= 2.4.2, we
> +        # should just use post(json=) and drop the explicit Content-Type
> +        # header.
> +        response = self._makeSession().post(
> +            urljoin(self.endpoint, "repo"),
> +            headers={"Content-Type": "application/json"},
> +            data=json.dumps({"repo_path": path, "bare_repo": True}),
> +            timeout=self.timeout)
> +        if response.status_code != 200:
> +            raise GitRepositoryCreationFault(
> +                "Failed to create Git repository: %s" % response.text)

This seems like the sort of thing that should OOPS and not potentially leak internal failure details to the caller.

> 
> === added file 'lib/lp/code/interfaces/gitapi.py'
> --- lib/lp/code/interfaces/gitapi.py	1970-01-01 00:00:00 +0000
> +++ lib/lp/code/interfaces/gitapi.py	2015-03-03 02:01:47 +0000
> @@ -0,0 +1,52 @@
> +# Copyright 2015 Canonical Ltd.  This software is licensed under the
> +# GNU Affero General Public License version 3 (see the file LICENSE).
> +
> +"""Interfaces for internal Git APIs."""
> +
> +__metaclass__ = type
> +__all__ = [
> +    'IGitAPI',
> +    'IGitApplication',
> +    ]
> +
> +from zope.interface import Interface
> +
> +from lp.services.webapp.interfaces import ILaunchpadApplication
> +
> +
> +class IGitApplication(ILaunchpadApplication):
> +    """Git application root."""
> +
> +
> +class IGitAPI(Interface):
> +    """The Git XML-RPC interface to Launchpad.
> +
> +    Published at "git" on the private XML-RPC server.
> +
> +    The Git pack frontend uses this to translate user-visible paths to
> +    internal ones, and to notify Launchpad of ref changes.
> +    """
> +
> +    def translatePath(path, permission, requester_id, can_authenticate):
> +        """Translate 'path' so that the Git pack frontend can access it.
> +
> +        If the repository does not exist and write permission was requested,
> +        register a new repostory if possible.
> +
> +        :param path: The path being translated.  This should be a
> +            URL-escaped string representing an absolute path to a Git
> +            repository.

Should it? I believe the git:// frontend will turn it into a normal, unencoded path, and http:// is meant to do the same.

> +        :param permission: "read" or "write".
> +        :param requester_id: The database ID of the person requesting the
> +            path translation, or None for an anonymous request.
> +        :param can_authenticate: True if the requester is anonymous but
> +            could authenticate, otherwise False.

It's currently actually true whenever the frontend can possibly authenticate a user, even if it already has.

> +
> +        :returns: A `PathTranslationError` fault if 'path' cannot be
> +            translated; a `PermissionDenied` fault if the requester cannot
> +            see or create the repository; otherwise, a dict containing at
> +            least the following keys::
> +                "path", whose value is the repository's storage path;
> +                "writable", whose value is True if the requester can push to
> +                this repository, otherwise False.
> +        """
> 
> === modified file 'lib/lp/code/interfaces/gitrepository.py'
> --- lib/lp/code/interfaces/gitrepository.py	2015-02-26 11:34:47 +0000
> +++ lib/lp/code/interfaces/gitrepository.py	2015-03-03 02:01:47 +0000
> @@ -7,6 +7,7 @@
>  
>  __all__ = [
>      'GitIdentityMixin',
> +    'GIT_REPOSITORY_NAME_VALIDATION_ERROR_MESSAGE',
>      'git_repository_name_validator',
>      'IGitRepository',
>      'IGitRepositorySet',
> @@ -191,6 +192,12 @@
>          If the user is a Launchpad admin, any type is acceptable.
>          """
>  
> +    def getInternalPathForId(repository_id):
> +        """Get the internal path to the repository with this ID.
> +
> +        This is used on the storage backend.
> +        """
> +

wgrant@lamuella:~/src/launchpad/branches/sandbox$ bzr grep def\ .*ByID | grep -v test | wc -l
18
wgrant@lamuella:~/src/launchpad/branches/sandbox$ bzr grep def\ .*ById | grep -v test | wc -l
6

An unfortunate discrepancy, so no obvious One True Spelling here.

>      def getInternalPath():
>          """Get the internal path to this repository.
>  
> 
> === modified file 'lib/lp/code/model/gitlookup.py'
> --- lib/lp/code/model/gitlookup.py	2015-02-27 10:22:24 +0000
> +++ lib/lp/code/model/gitlookup.py	2015-03-03 02:01:47 +0000
> @@ -342,6 +342,8 @@
>              return None
>          if repository is not None:
>              return repository
> +        if IPerson.providedBy(target):
> +            return None
>          repository_set = getUtility(IGitRepositorySet)
>          if owner is None:
>              return repository_set.getDefaultRepository(target)
> 
> === modified file 'lib/lp/code/model/gitrepository.py'
> --- lib/lp/code/model/gitrepository.py	2015-02-26 17:32:56 +0000
> +++ lib/lp/code/model/gitrepository.py	2015-03-03 02:01:47 +0000
> @@ -232,10 +232,16 @@
>      def display_name(self):
>          return self.git_identity
>  
> +    @staticmethod
> +    def getInternalPathForId(repository_id):
> +        """See `IGitRepository`."""
> +        # This may need to change later to improve support for sharding.
> +        return str(repository_id)
> +
>      def getInternalPath(self):
>          """See `IGitRepository`."""
>          # This may need to change later to improve support for sharding.
> -        return str(self.id)
> +        return self.getInternalPathForId(self.id)
>  
>      def getCodebrowseUrl(self):
>          """See `IGitRepository`."""
> 
> === modified file 'lib/lp/code/model/tests/test_gitlookup.py'
> --- lib/lp/code/model/tests/test_gitlookup.py	2015-02-27 10:22:24 +0000
> +++ lib/lp/code/model/tests/test_gitlookup.py	2015-03-03 02:01:47 +0000
> @@ -117,6 +117,12 @@
>          project = self.factory.makeProduct()
>          self.assertIsNone(self.lookup.getByPath(project.name))
>  
> +    def test_bare_person(self):
> +        # If `getByPath` is given a path to a person but nothing further, it
> +        # returns None even if the person exists.
> +        owner = self.factory.makePerson()
> +        self.assertIsNone(self.lookup.getByPath("~%s" % owner.name))
> +
>  
>  class TestGetByUrl(TestCaseWithFactory):
>      """Test `IGitLookup.getByUrl`."""
> 
> === modified file 'lib/lp/code/xmlrpc/codehosting.py'
> --- lib/lp/code/xmlrpc/codehosting.py	2012-11-26 08:33:03 +0000
> +++ lib/lp/code/xmlrpc/codehosting.py	2015-03-03 02:01:47 +0000
> @@ -1,4 +1,4 @@
> -# Copyright 2009-2012 Canonical Ltd.  This software is licensed under the
> +# Copyright 2009-2015 Canonical Ltd.  This software is licensed under the
>  # GNU Affero General Public License version 3 (see the file LICENSE).
>  
>  """Implementations of the XML-RPC APIs for codehosting."""
> @@ -7,6 +7,7 @@
>  __all__ = [
>      'CodehostingAPI',
>      'datetime_from_tuple',
> +    'run_with_login',
>      ]
>  
>  
> 
> === added file 'lib/lp/code/xmlrpc/git.py'
> --- lib/lp/code/xmlrpc/git.py	1970-01-01 00:00:00 +0000
> +++ lib/lp/code/xmlrpc/git.py	2015-03-03 02:01:47 +0000
> @@ -0,0 +1,220 @@
> +# Copyright 2015 Canonical Ltd.  This software is licensed under the
> +# GNU Affero General Public License version 3 (see the file LICENSE).
> +
> +"""Implementations of the XML-RPC APIs for Git."""
> +
> +__metaclass__ = type
> +__all__ = [
> +    'GitAPI',
> +    ]
> +
> +from bzrlib.urlutils import (
> +    escape,
> +    unescape,
> +    )
> +from storm.store import Store
> +import transaction
> +from zope.component import getUtility
> +from zope.interface import implements
> +from zope.security.interfaces import Unauthorized
> +
> +from lp.app.errors import NameLookupFailed
> +from lp.app.validators import LaunchpadValidationError
> +from lp.code.errors import (
> +    GitRepositoryCreationException,
> +    GitRepositoryCreationForbidden,
> +    InvalidNamespace,
> +    )
> +from lp.code.githosting import GitHostingClient
> +from lp.code.interfaces.codehosting import LAUNCHPAD_ANONYMOUS
> +from lp.code.interfaces.gitapi import IGitAPI
> +from lp.code.interfaces.gitlookup import (
> +    IGitLookup,
> +    IGitTraverser,
> +    )
> +from lp.code.interfaces.gitnamespace import (
> +    get_git_namespace,
> +    split_git_unique_name,
> +    )
> +from lp.code.interfaces.gitrepository import IGitRepositorySet
> +from lp.code.xmlrpc.codehosting import run_with_login
> +from lp.registry.errors import (
> +    InvalidName,
> +    NoSuchSourcePackageName,
> +    )
> +from lp.registry.interfaces.distributionsourcepackage import (
> +    IDistributionSourcePackage,
> +    )
> +from lp.registry.interfaces.person import (
> +    IPerson,
> +    NoSuchPerson,
> +    )
> +from lp.registry.interfaces.product import (
> +    InvalidProductName,
> +    NoSuchProduct,
> +    )
> +from lp.registry.interfaces.sourcepackagename import ISourcePackageNameSet
> +from lp.services.config import config
> +from lp.services.webapp import LaunchpadXMLRPCView
> +from lp.services.webapp.authorization import check_permission
> +from lp.xmlrpc import faults
> +from lp.xmlrpc.helpers import return_fault
> +
> +
> +class GitAPI(LaunchpadXMLRPCView):
> +    """See `IGitAPI`."""
> +
> +    implements(IGitAPI)
> +
> +    def __init__(self, *args, **kwargs):
> +        super(GitAPI, self).__init__(*args, **kwargs)
> +        self.hosting_client = GitHostingClient(
> +            config.codehosting.internal_git_api_endpoint)
> +
> +    def _performLookup(self, path):
> +        repository = getUtility(IGitLookup).getByPath(path)
> +        if repository is None:
> +            return None
> +        try:
> +            hosting_path = repository.getInternalPath()
> +        except Unauthorized:
> +            raise faults.PermissionDenied()

Relying on security proxies in weird ways (eg. run_for_login) has bitten us nastily in the past. We need to have an AppServerLayer test to confirm that it works properly in a real environment.

> +        writable = check_permission("launchpad.Edit", repository)
> +        return {"path": hosting_path, "writable": writable}
> +
> +    def _getGitNamespaceExtras(self, path, requester):
> +        """Get the namespace, repository name, and callback for the path.
> +
> +        If the path defines a full Git repository path including the owner
> +        and repository name, then the namespace that is returned is the
> +        namespace for the owner and the repository target specified.
> +
> +        If the path uses a shortcut name, then we only allow the requester
> +        to create a repository if they have permission to make the newly
> +        created repository the default for the shortcut target.  If there is
> +        an existing default repository, then GitRepositoryExists is raised.
> +        The repository name that is used is determined by the namespace as
> +        the first unused name starting with the leaf part of the namespace
> +        name.  In this case, the repository owner will be set to the
> +        namespace owner, and distribution source package namespaces are
> +        currently disallowed due to the complexities of ownership there.
> +        """
> +        try:
> +            namespace_name, repository_name = split_git_unique_name(path)
> +        except InvalidNamespace:
> +            namespace_name = path
> +            repository_name = None
> +        owner, target, repository = getUtility(IGitTraverser).traverse_path(
> +            namespace_name)
> +        # split_git_unique_name should have left us without a repository name.
> +        assert repository is None
> +        if repository_name is None and IPerson.providedBy(target):
> +            raise InvalidNamespace(path)
> +        if owner is None:
> +            if IDistributionSourcePackage.providedBy(target):
> +                raise GitRepositoryCreationForbidden(
> +                    "Cannot create default package repository; push to a "
> +                    "per-owner repository instead.")

Per-owner repository? There's probably a better term. It's also weird to be hardcoding a target type here.

> +            repository_owner = requester
> +        else:
> +            repository_owner = owner
> +        namespace = get_git_namespace(target, repository_owner)
> +        if repository_name is None:
> +            def default_func(new_repository):
> +                repository_set = getUtility(IGitRepositorySet)
> +                if owner is None:
> +                    repository_set.setDefaultRepository(
> +                        target, new_repository)
> +                else:
> +                    repository_set.setDefaultRepositoryForOwner(
> +                        owner, target, new_repository)
> +
> +            repository_name = namespace.findUnusedName(target.name)
> +            return namespace, repository_name, default_func
> +        else:
> +            return namespace, repository_name, None
> +
> +    def _createRepository(self, requester, path):
> +        try:
> +            namespace, repository_name, default_func = (
> +                self._getGitNamespaceExtras(path, requester))
> +        except (ValueError, InvalidNamespace):
> +            raise faults.PermissionDenied(
> +                "Cannot create Git repository at '%s'" % path)

Why not? :(

> +        except NoSuchPerson as e:
> +            raise faults.NotFound("User/team '%s' does not exist." % e.name)
> +        except NoSuchProduct as e:
> +            raise faults.NotFound("Project '%s' does not exist." % e.name)
> +        except InvalidProductName as e:
> +            raise faults.InvalidProductName(escape(e.name))

Why escape it?

I'm also not sure it's useful to distinguish from the NoSuchProduct case, but I guess bzr did it.

> +        except NoSuchSourcePackageName as e:
> +            try:
> +                getUtility(ISourcePackageNameSet).new(e.name)
> +            except InvalidName:
> +                raise faults.InvalidSourcePackageName(e.name)
> +            return self._createRepository(requester, path)
> +        except NameLookupFailed as e:
> +            raise faults.NotFound(str(e))

The world will end if that's non-ASCII.

> +        except GitRepositoryCreationForbidden as e:
> +            raise faults.PermissionDenied(str(e))
> +
> +        try:
> +            repository = namespace.createRepository(
> +                requester, repository_name)
> +        except LaunchpadValidationError as e:
> +            msg = e.args[0]
> +            if isinstance(msg, unicode):
> +                msg = msg.encode('utf-8')
> +            raise faults.PermissionDenied(msg)

What sort of things will this catch?

> +        except GitRepositoryCreationException as e:
> +            raise faults.PermissionDenied(str(e))

This currently encompasses more than just permission errors, eg. the backend being down.

> +
> +        try:
> +            if default_func:
> +                try:
> +                    default_func(repository)
> +                except Unauthorized:
> +                    raise faults.PermissionDenied(
> +                        "Cannot create default Git repository at '%s'." % path)

Perhaps throw in a "you" to suggest permission issues?

> +
> +            # The transaction hasn't been committed yet (and shouldn't be
> +            # until the non-transactional work is complete), so
> +            # repository.id will not yet have been filled in, but we need it
> +            # to create the hosting path.
> +            store = Store.of(repository)
> +            repository_id = store.execute(
> +                """SELECT currval('gitrepository_id_seq')""").get_one()[0]

This is reasonably horrible, but fortunately the assumption is slightly wrong so it can be avoided: Storm will populate the ID in the object as soon as it is flushed, not committed.

In fact, I don't even seem to need an explicit flush here, though it can't hurt.

> +
> +            hosting_path = repository.getInternalPathForId(repository_id)
> +            # XXX cjwatson 2015-02-27: Turn any exceptions into proper faults.
> +            self.hosting_client.create(hosting_path)
> +        except Exception:
> +            # We don't want to keep the repository we created.
> +            transaction.abort()
> +            raise

Are you sure you need to explicitly abort? Requests that OOPS normally do that anyway.

> +
> +    @return_fault
> +    def _translatePath(self, requester, path, permission, can_authenticate):
> +        if requester == LAUNCHPAD_ANONYMOUS:
> +            requester = None
> +        result = self._performLookup(path)
> +        if result is None and requester is not None and permission == "write":
> +            self._createRepository(requester, path)
> +            result = self._performLookup(path)
> +        if result is None:
> +            raise faults.PathTranslationError(path)
> +        if permission != "read" and not result["writable"]:
> +            # XXX 2015-02-03 cjwatson: We should make use of
> +            # can_authenticate to distinguish between "read-only to
> +            # authenticated user" and "might be able to write if logged
> +            # in".

can_authenticate actually specifies whether a frontend can request authentication, not whether someone is logged in already.

It's a little confusing. A 404 in Launchpad can turn into a 200 after authentication. But, due to the nature of HTTP basic authentication, a client won't send creds unless it's received a 401, so we have to 401 all unauthenticated requests that would otherwise 404. git:// cannot authenticate, so we can 404-equivalent straight away.

> +            raise faults.PermissionDenied()
> +        return result
> +
> +    def translatePath(self, path, permission, requester_id, can_authenticate):
> +        """See `IGitAPI`."""
> +        if requester_id is None:
> +            requester_id = LAUNCHPAD_ANONYMOUS
> +        return run_with_login(
> +            requester_id, self._translatePath,
> +            unescape(path).strip("/"), permission, can_authenticate)
> 
> === added file 'lib/lp/code/xmlrpc/tests/test_git.py'
> --- lib/lp/code/xmlrpc/tests/test_git.py	1970-01-01 00:00:00 +0000
> +++ lib/lp/code/xmlrpc/tests/test_git.py	2015-03-03 02:01:47 +0000
> @@ -0,0 +1,489 @@
> +# Copyright 2015 Canonical Ltd.  This software is licensed under the
> +# GNU Affero General Public License version 3 (see the file LICENSE).
> +
> +"""Tests for the internal Git API."""
> +
> +__metaclass__ = type
> +
> +from bzrlib.urlutils import escape
> +from zope.component import getUtility
> +from zope.security.proxy import removeSecurityProxy
> +
> +from lp.app.enums import InformationType
> +from lp.code.interfaces.codehosting import (
> +    LAUNCHPAD_ANONYMOUS,
> +    LAUNCHPAD_SERVICES,
> +    )
> +from lp.code.interfaces.gitrepository import (
> +    GIT_REPOSITORY_NAME_VALIDATION_ERROR_MESSAGE,
> +    IGitRepositorySet,
> +    )
> +from lp.code.xmlrpc.git import GitAPI
> +from lp.services.webapp.escaping import html_escape
> +from lp.testing import (
> +    ANONYMOUS,
> +    login,
> +    person_logged_in,
> +    TestCaseWithFactory,
> +    )
> +from lp.testing.layers import LaunchpadFunctionalLayer
> +from lp.xmlrpc import faults
> +
> +
> +class FakeGitHostingClient:
> +
> +    def __init__(self):
> +        self.calls = []
> +
> +    def create(self, path):
> +        self.calls.append(("create", path))
> +
> +
> +class TestGitAPI(TestCaseWithFactory):
> +    """Tests for the implementation of `IGitAPI`."""
> +
> +    layer = LaunchpadFunctionalLayer
> +
> +    def setUp(self):
> +        super(TestGitAPI, self).setUp()
> +        self.git_api = GitAPI(None, None)
> +        self.git_api.hosting_client = FakeGitHostingClient()
> +
> +    def assertPathTranslationError(self, requester, path, permission="read",
> +                                   can_authenticate=False):
> +        """Assert that the given path cannot be translated."""
> +        if requester not in (LAUNCHPAD_ANONYMOUS, LAUNCHPAD_SERVICES):
> +            requester = requester.id
> +        fault = self.git_api.translatePath(
> +            escape(path), permission, requester, can_authenticate)
> +        self.assertEqual(faults.PathTranslationError(path.strip("/")), fault)
> +
> +    def assertPermissionDenied(self, requester, path,
> +                               message="Permission denied.",
> +                               permission="read", can_authenticate=False):
> +        """Assert that looking at the given path gives permission denied."""
> +        if requester not in (LAUNCHPAD_ANONYMOUS, LAUNCHPAD_SERVICES):
> +            requester = requester.id
> +        fault = self.git_api.translatePath(
> +            escape(path), permission, requester, can_authenticate)
> +        self.assertEqual(faults.PermissionDenied(message), fault)
> +
> +    def assertNotFound(self, requester, path, message, permission="read",
> +                       can_authenticate=False):
> +        """Assert that looking at the given path returns NotFound."""
> +        if requester not in (LAUNCHPAD_ANONYMOUS, LAUNCHPAD_SERVICES):
> +            requester = requester.id
> +        fault = self.git_api.translatePath(
> +            escape(path), permission, requester, can_authenticate)
> +        self.assertEqual(faults.NotFound(message), fault)
> +
> +    def assertInvalidProductName(self, requester, path, name,
> +                                 permission="read", can_authenticate=False):
> +        """Assert that looking at the given path returns InvalidProductName."""
> +        if requester not in (LAUNCHPAD_ANONYMOUS, LAUNCHPAD_SERVICES):
> +            requester = requester.id
> +        fault = self.git_api.translatePath(
> +            escape(path), permission, requester, can_authenticate)
> +        self.assertEqual(faults.InvalidProductName(name), fault)
> +
> +    def assertInvalidSourcePackageName(self, requester, path, name,
> +                                       permission="read",
> +                                       can_authenticate=False):
> +        """Assert that looking at the given path returns
> +        InvalidSourcePackageName."""
> +        if requester not in (LAUNCHPAD_ANONYMOUS, LAUNCHPAD_SERVICES):
> +            requester = requester.id
> +        fault = self.git_api.translatePath(
> +            escape(path), permission, requester, can_authenticate)
> +        self.assertEqual(faults.InvalidSourcePackageName(name), fault)
> +
> +    def assertTranslates(self, requester, path, repository, writable,
> +                         permission="read"):
> +        if requester not in (LAUNCHPAD_ANONYMOUS, LAUNCHPAD_SERVICES):
> +            requester = requester.id
> +        translation = self.git_api.translatePath(
> +            escape(path), permission, requester, False)
> +        login(ANONYMOUS)
> +        self.assertEqual(
> +            {"path": repository.getInternalPath(), "writable": writable},
> +            translation)
> +
> +    def test_translatePath_cannot_translate(self):
> +        # Sometimes translatePath will not know how to translate a path.
> +        # When this happens, it returns a Fault saying so, including the
> +        # path it couldn't translate.
> +        requester = self.factory.makePerson()
> +        self.assertPathTranslationError(requester, u"/untranslatable")
> +
> +    def test_translatePath_repository(self):
> +        requester = self.factory.makePerson()
> +        repository = self.factory.makeGitRepository()
> +        path = u"/%s" % repository.unique_name
> +        self.assertTranslates(requester, path, repository, False)
> +
> +    def test_translatePath_repository_with_no_leading_slash(self):
> +        requester = self.factory.makePerson()
> +        repository = self.factory.makeGitRepository()
> +        path = repository.unique_name
> +        self.assertTranslates(requester, path, repository, False)
> +
> +    def test_translatePath_repository_with_trailing_slash(self):
> +        requester = self.factory.makePerson()
> +        repository = self.factory.makeGitRepository()
> +        path = u"/%s/" % repository.unique_name
> +        self.assertTranslates(requester, path, repository, False)
> +
> +    def test_translatePath_repository_with_trailing_segments(self):
> +        requester = self.factory.makePerson()
> +        repository = self.factory.makeGitRepository()
> +        path = u"/%s/junk" % repository.unique_name
> +        self.assertPathTranslationError(requester, path)
> +
> +    def test_translatePath_no_such_repository(self):
> +        requester = self.factory.makePerson()
> +        path = u"/%s/+git/no-such-repository" % requester.name
> +        self.assertPathTranslationError(requester, path)
> +
> +    def test_translatePath_no_such_repository_non_ascii(self):
> +        requester = self.factory.makePerson()
> +        path = u"/%s/+git/\N{LATIN SMALL LETTER I WITH DIAERESIS}" % (
> +            requester.name)
> +        self.assertPathTranslationError(requester, path)
> +
> +    def test_translatePath_private_repository(self):
> +        requester = self.factory.makePerson()
> +        repository = removeSecurityProxy(
> +            self.factory.makeGitRepository(
> +                owner=requester, information_type=InformationType.USERDATA))
> +        path = u"/%s" % repository.unique_name
> +        self.assertTranslates(requester, path, repository, True)
> +
> +    def test_translatePath_cannot_see_private_repository(self):
> +        requester = self.factory.makePerson()
> +        repository = removeSecurityProxy(
> +            self.factory.makeGitRepository(
> +                information_type=InformationType.USERDATA))
> +        path = u"/%s" % repository.unique_name
> +        self.assertPermissionDenied(requester, path)
> +
> +    def test_translatePath_anonymous_cannot_see_private_repository(self):
> +        repository = removeSecurityProxy(
> +            self.factory.makeGitRepository(
> +                information_type=InformationType.USERDATA))
> +        path = u"/%s" % repository.unique_name
> +        self.assertPermissionDenied(LAUNCHPAD_ANONYMOUS, path)
> +
> +    def test_translatePath_anonymous_public_repository(self):
> +        repository = self.factory.makeGitRepository()
> +        path = u"/%s" % repository.unique_name
> +        self.assertTranslates(LAUNCHPAD_ANONYMOUS, path, repository, False)
> +
> +    def test_translatePath_owned(self):
> +        requester = self.factory.makePerson()
> +        repository = self.factory.makeGitRepository(owner=requester)
> +        path = u"/%s" % repository.unique_name
> +        self.assertTranslates(
> +            requester, path, repository, True, permission="write")
> +
> +    def test_translatePath_team_owned(self):
> +        requester = self.factory.makePerson()
> +        team = self.factory.makeTeam(requester)
> +        repository = self.factory.makeGitRepository(owner=team)
> +        path = u"/%s" % repository.unique_name
> +        self.assertTranslates(
> +            requester, path, repository, True, permission="write")
> +
> +    def test_translatePath_team_unowned(self):
> +        requester = self.factory.makePerson()
> +        team = self.factory.makeTeam(self.factory.makePerson())
> +        repository = self.factory.makeGitRepository(owner=team)
> +        path = u"/%s" % repository.unique_name
> +        self.assertTranslates(requester, path, repository, False)
> +        self.assertPermissionDenied(requester, path, permission="write")
> +
> +    def test_translatePath_shortened_path(self):
> +        # translatePath translates the shortened path to a repository.
> +        requester = self.factory.makePerson()
> +        repository = self.factory.makeGitRepository()
> +        with person_logged_in(repository.target.owner):
> +            getUtility(IGitRepositorySet).setDefaultRepository(
> +                repository.target, repository)
> +        path = u"/%s" % repository.target.name
> +        self.assertTranslates(requester, path, repository, False)
> +
> +    def assertCreates(self, requester, path):
> +        if requester in (LAUNCHPAD_ANONYMOUS, LAUNCHPAD_SERVICES):
> +            requester_id = requester
> +        else:
> +            requester_id = requester.id
> +        translation = self.git_api.translatePath(
> +            escape(path), "write", requester_id, False)
> +        login(ANONYMOUS)
> +        repository = getUtility(IGitRepositorySet).getByPath(
> +            requester, path.lstrip("/"))
> +        self.assertIsNotNone(repository)
> +        self.assertEqual(requester, repository.registrant)
> +        self.assertEqual(
> +            {"path": repository.getInternalPath(), "writable": True},
> +            translation)
> +        self.assertEqual(
> +            [("create", repository.getInternalPath())],
> +            self.git_api.hosting_client.calls)
> +        return repository
> +
> +    def test_translatePath_create_project(self):
> +        # translatePath creates a project repository that doesn't exist, if
> +        # it can.
> +        requester = self.factory.makePerson()
> +        project = self.factory.makeProduct()
> +        self.assertCreates(
> +            requester, u"/~%s/%s/+git/random" % (requester.name, project.name))
> +
> +    def test_translatePath_create_package(self):
> +        # translatePath creates a package repository that doesn't exist, if
> +        # it can.
> +        requester = self.factory.makePerson()
> +        dsp = self.factory.makeDistributionSourcePackage()
> +        self.assertCreates(
> +            requester,
> +            u"/~%s/%s/+source/%s/+git/random" % (
> +                requester.name,
> +                dsp.distribution.name, dsp.sourcepackagename.name))
> +
> +    def test_translatePath_create_personal(self):
> +        # translatePath creates a personal repository that doesn't exist, if
> +        # it can.
> +        requester = self.factory.makePerson()
> +        self.assertCreates(requester, u"/~%s/+git/random" % requester.name)
> +
> +    def test_translatePath_create_personal_team(self):
> +        # translatePath creates a personal repository for a team of which
> +        # the requester is a member.
> +        requester = self.factory.makePerson()
> +        team = self.factory.makeTeam(members=[requester])
> +        self.assertCreates(requester, u"/~%s/+git/random" % team.name)
> +
> +    def test_translatePath_create_personal_team_denied(self):
> +        # translatePath refuses to create a personal repository for a team
> +        # of which the requester is not a member.
> +        requester = self.factory.makePerson()
> +        team = self.factory.makeTeam()
> +        message = "%s is not a member of %s" % (
> +            requester.displayname, team.displayname)
> +        self.assertPermissionDenied(
> +            requester, u"/~%s/+git/random" % team.name, message=message,
> +            permission="write")
> +
> +    def test_translatePath_anonymous_cannot_create(self):
> +        # Anonymous users cannot create repositories.
> +        project = self.factory.makeProject()
> +        self.assertPathTranslationError(
> +            LAUNCHPAD_ANONYMOUS, u"/%s" % project.name, permission="write")
> +
> +    def test_translatePath_create_invalid_namespace(self):
> +        # Trying to create a repository at a path that isn't valid for Git
> +        # repositories returns a PermissionDenied fault.
> +        requester = self.factory.makePerson()
> +        path = u"/~%s" % requester.name
> +        self.assertPermissionDenied(
> +            requester, path,
> +            message="Cannot create Git repository at '%s'" % path.strip("/"),
> +            permission="write")
> +
> +    def test_translatePath_create_no_such_person(self):
> +        # Creating a repository for a non-existent person fails.
> +        requester = self.factory.makePerson()
> +        self.assertNotFound(
> +            requester, u"/~nonexistent/+git/random",
> +            "User/team 'nonexistent' does not exist.", permission="write")
> +
> +    def test_translatePath_create_no_such_project(self):
> +        # Creating a repository for a non-existent project fails.
> +        requester = self.factory.makePerson()
> +        self.assertNotFound(
> +            requester, u"/~%s/nonexistent/+git/random" % requester.name,
> +            "Project 'nonexistent' does not exist.", permission="write")
> +
> +    def test_translatePath_create_no_such_person_or_project(self):
> +        # If neither the person nor the project are found, then the missing
> +        # person is reported in preference.
> +        requester = self.factory.makePerson()
> +        self.assertNotFound(
> +            requester, u"/~nonexistent/nonexistent/+git/random",
> +            "User/team 'nonexistent' does not exist.", permission="write")
> +
> +    def test_translatePath_create_invalid_project(self):
> +        # Creating a repository with an invalid project name fails.
> +        requester = self.factory.makePerson()
> +        self.assertInvalidProductName(
> +            requester, u"/_bad_project/+git/random", "_bad_project",
> +            permission="write")
> +
> +    def test_translatePath_create_missing_sourcepackagename(self):
> +        # If translatePath is asked to create a repository for a missing
> +        # source package, it will create the source package.
> +        requester = self.factory.makePerson()
> +        distro = self.factory.makeDistribution()
> +        repository_name = self.factory.getUniqueString()
> +        path = u"/~%s/%s/+source/new-package/+git/%s" % (
> +            requester.name, distro.name, repository_name)
> +        repository = self.assertCreates(requester, path)
> +        self.assertEqual(
> +            "new-package", repository.target.sourcepackagename.name)
> +
> +    def test_translatePath_create_invalid_sourcepackagename(self):
> +        # Creating a repository for an invalid source package name fails.
> +        requester = self.factory.makePerson()
> +        distro = self.factory.makeDistribution()
> +        repository_name = self.factory.getUniqueString()
> +        path = u"/~%s/%s/+source/new package/+git/%s" % (
> +            requester.name, distro.name, repository_name)
> +        self.assertInvalidSourcePackageName(
> +            requester, path, "new package", permission="write")
> +
> +    def test_translatePath_create_other_user(self):
> +        # Creating a repository for another user fails.
> +        requester = self.factory.makePerson()
> +        other_person = self.factory.makePerson()
> +        project = self.factory.makeProduct()
> +        name = self.factory.getUniqueString()
> +        path = u"/~%s/%s/+git/%s" % (other_person.name, project.name, name)
> +        message = "%s cannot create Git repositories owned by %s" % (
> +            requester.displayname, other_person.displayname)
> +        self.assertPermissionDenied(
> +            requester, path, message=message, permission="write")
> +
> +    def test_translatePath_create_bad_name(self):
> +        # Creating a repository with an invalid name fails.
> +        requester = self.factory.makePerson()
> +        project = self.factory.makeProduct()
> +        invalid_name = "invalid name!"
> +        path = u"/~%s/%s/+git/%s" % (
> +            requester.name, project.name, invalid_name)
> +        # LaunchpadValidationError unfortunately assumes its output is
> +        # always HTML, so it ends up double-escaped in XML-RPC faults.
> +        message = html_escape(
> +            "Invalid Git repository name '%s'. %s" %
> +            (invalid_name, GIT_REPOSITORY_NAME_VALIDATION_ERROR_MESSAGE))
> +        self.assertPermissionDenied(
> +            requester, path, message=message, permission="write")
> +
> +    def test_translatePath_create_unicode_name(self):
> +        # Creating a repository with a non-ASCII invalid name fails.
> +        requester = self.factory.makePerson()
> +        project = self.factory.makeProduct()
> +        invalid_name = u"invalid\N{LATIN SMALL LETTER E WITH ACUTE}"
> +        path = u"/~%s/%s/+git/%s" % (
> +            requester.name, project.name, invalid_name)
> +        # LaunchpadValidationError unfortunately assumes its output is
> +        # always HTML, so it ends up double-escaped in XML-RPC faults.
> +        message = html_escape(
> +            "Invalid Git repository name '%s'. %s" %
> +            (invalid_name, GIT_REPOSITORY_NAME_VALIDATION_ERROR_MESSAGE))
> +        self.assertPermissionDenied(
> +            requester, path, message=message.encode("UTF-8"),
> +            permission="write")
> +
> +    def test_translatePath_create_project_default(self):
> +        # A repository can be created and immediately set as the default for
> +        # a project.
> +        requester = self.factory.makePerson()
> +        project = self.factory.makeProduct(owner=requester)
> +        repository = self.assertCreates(requester, u"/%s" % project.name)
> +        self.assertTrue(repository.target_default)
> +        self.assertFalse(repository.owner_default)
> +
> +    def test_translatePath_create_project_not_owner(self):
> +        # Somebody without edit permission on the project cannot create a
> +        # repository and immediately set it as the default for that project.
> +        requester = self.factory.makePerson()
> +        project = self.factory.makeProduct()
> +        path = u"/%s" % project.name
> +        message = "Cannot create default Git repository at '%s'." % (
> +            path.strip("/"))
> +        self.assertPermissionDenied(
> +            requester, path, message=message, permission="write")
> +
> +    def test_translatePath_create_package_default_denied(self):
> +        # A repository cannot (yet) be created and immediately set as the
> +        # default for a package.
> +        requester = self.factory.makePerson()
> +        dsp = self.factory.makeDistributionSourcePackage()
> +        path = u"/%s/+source/%s" % (
> +            dsp.distribution.name, dsp.sourcepackagename.name)
> +        message = (
> +            "Cannot create default package repository; push to a per-owner "
> +            "repository instead.")
> +        self.assertPermissionDenied(
> +            requester, path, message=message, permission="write")
> +
> +    def test_translatePath_create_project_owner_default(self):
> +        # A repository can be created and immediately set as its owner's
> +        # default for a project.
> +        requester = self.factory.makePerson()
> +        project = self.factory.makeProduct()
> +        repository = self.assertCreates(
> +            requester, u"/~%s/%s" % (requester.name, project.name))
> +        self.assertFalse(repository.target_default)
> +        self.assertTrue(repository.owner_default)
> +
> +    def test_translatePath_create_project_team_owner_default(self):
> +        # The owner of a team can create a team-owned repository and
> +        # immediately set it as that team's default for a project.
> +        requester = self.factory.makePerson()
> +        team = self.factory.makeTeam(owner=requester)
> +        project = self.factory.makeProduct()
> +        repository = self.assertCreates(
> +            requester, u"/~%s/%s" % (team.name, project.name))
> +        self.assertFalse(repository.target_default)
> +        self.assertTrue(repository.owner_default)
> +
> +    def test_translatePath_create_project_not_team_owner_default(self):
> +        # A non-owner member of a team cannot immediately set a
> +        # newly-created team-owned repository as that team's default for a
> +        # project.
> +        requester = self.factory.makePerson()
> +        team = self.factory.makeTeam(members=[requester])
> +        project = self.factory.makeProduct()
> +        path = u"/~%s/%s" % (team.name, project.name)
> +        message = "Cannot create default Git repository at '%s'." % (
> +            path.strip("/"))
> +        self.assertPermissionDenied(
> +            requester, path, message=message, permission="write")
> +
> +    def test_translatePath_create_package_owner_default(self):
> +        # A repository can be created and immediately set as its owner's
> +        # default for a package.
> +        requester = self.factory.makePerson()
> +        dsp = self.factory.makeDistributionSourcePackage()
> +        path = u"/~%s/%s/+source/%s" % (
> +            requester.name, dsp.distribution.name, dsp.sourcepackagename.name)
> +        repository = self.assertCreates(requester, path)
> +        self.assertFalse(repository.target_default)
> +        self.assertTrue(repository.owner_default)
> +
> +    def test_translatePath_create_package_team_owner_default(self):
> +        # The owner of a team can create a team-owned repository and
> +        # immediately set it as that team's default for a package.
> +        requester = self.factory.makePerson()
> +        team = self.factory.makeTeam(owner=requester)
> +        dsp = self.factory.makeDistributionSourcePackage()
> +        path = u"/~%s/%s/+source/%s" % (
> +            team.name, dsp.distribution.name, dsp.sourcepackagename.name)
> +        repository = self.assertCreates(requester, path)
> +        self.assertFalse(repository.target_default)
> +        self.assertTrue(repository.owner_default)
> +
> +    def test_translatePath_create_package_not_team_owner_default(self):
> +        # A non-owner member of a team cannot immediately set a
> +        # newly-created team-owned repository as that team's default for a
> +        # package.
> +        requester = self.factory.makePerson()
> +        team = self.factory.makeTeam(members=[requester])
> +        dsp = self.factory.makeDistributionSourcePackage()
> +        path = u"/~%s/%s/+source/%s" % (
> +            team.name, dsp.distribution.name, dsp.sourcepackagename.name)
> +        message = "Cannot create default Git repository at '%s'." % (
> +            path.strip("/"))
> +        self.assertPermissionDenied(
> +            requester, path, message=message, permission="write")
> 
> === modified file 'lib/lp/systemhomes.py'
> --- lib/lp/systemhomes.py	2013-06-20 05:50:00 +0000
> +++ lib/lp/systemhomes.py	2015-03-03 02:01:47 +0000
> @@ -1,4 +1,4 @@
> -# Copyright 2009-2012 Canonical Ltd.  This software is licensed under the
> +# Copyright 2009-2015 Canonical Ltd.  This software is licensed under the
>  # GNU Affero General Public License version 3 (see the file LICENSE).
>  
>  """Content classes for the 'home pages' of the subsystems of Launchpad."""
> @@ -47,6 +47,7 @@
>  from lp.code.interfaces.codeimportscheduler import (
>      ICodeImportSchedulerApplication,
>      )
> +from lp.code.interfaces.gitapi import IGitApplication
>  from lp.hardwaredb.interfaces.hwdb import (
>      IHWDBApplication,
>      IHWDeviceSet,
> @@ -92,6 +93,12 @@
>      title = "Code Import Scheduler"
>  
>  
> +class GitApplication:
> +    implements(IGitApplication)
> +
> +    title = "Git API"
> +
> +
>  class PrivateMaloneApplication:
>      """ExternalBugTracker authentication token end-point."""
>      implements(IPrivateMaloneApplication)
> 
> === modified file 'lib/lp/xmlrpc/application.py'
> --- lib/lp/xmlrpc/application.py	2013-01-07 02:40:55 +0000
> +++ lib/lp/xmlrpc/application.py	2015-03-03 02:01:47 +0000
> @@ -1,4 +1,4 @@
> -# Copyright 2009-2011 Canonical Ltd.  This software is licensed under the
> +# Copyright 2009-2015 Canonical Ltd.  This software is licensed under the
>  # GNU Affero General Public License version 3 (see the file LICENSE).
>  
>  """XML-RPC API to the application roots."""
> @@ -24,6 +24,7 @@
>  from lp.code.interfaces.codeimportscheduler import (
>      ICodeImportSchedulerApplication,
>      )
> +from lp.code.interfaces.gitapi import IGitApplication
>  from lp.registry.interfaces.mailinglist import IMailingListApplication
>  from lp.registry.interfaces.person import (
>      ICanonicalSSOApplication,
> @@ -80,6 +81,11 @@
>          """See `IPrivateApplication`."""
>          return getUtility(IFeatureFlagApplication)
>  
> +    @property
> +    def git(self):
> +        """See `IPrivateApplication`."""
> +        return getUtility(IGitApplication)
> +
>  
>  class ISelfTest(Interface):
>      """XMLRPC external interface for testing the XMLRPC external interface."""
> 
> === modified file 'lib/lp/xmlrpc/configure.zcml'
> --- lib/lp/xmlrpc/configure.zcml	2012-10-31 14:29:13 +0000
> +++ lib/lp/xmlrpc/configure.zcml	2015-03-03 02:01:47 +0000
> @@ -1,4 +1,4 @@
> -<!-- Copyright 2009-2010 Canonical Ltd.  This software is licensed under the
> +<!-- Copyright 2009-2015 Canonical Ltd.  This software is licensed under the
>       GNU Affero General Public License version 3 (see the file LICENSE).
>  -->
>  
> @@ -48,6 +48,19 @@
>      />
>  
>    <securedutility
> +    class="lp.systemhomes.GitApplication"
> +    provides="lp.code.interfaces.gitapi.IGitApplication">
> +    <allow interface="lp.code.interfaces.gitapi.IGitApplication"/>
> +  </securedutility>
> +
> +  <xmlrpc:view
> +    for="lp.code.interfaces.gitapi.IGitApplication"
> +    interface="lp.code.interfaces.gitapi.IGitAPI"
> +    class="lp.code.xmlrpc.git.GitAPI"
> +    permission="zope.Public"
> +    />
> +
> +  <securedutility
>      class="lp.systemhomes.PrivateMaloneApplication"
>      provides="lp.bugs.interfaces.malone.IPrivateMaloneApplication">
>      <allow interface="lp.bugs.interfaces.malone.IPrivateMaloneApplication"/>
> 
> === modified file 'lib/lp/xmlrpc/interfaces.py'
> --- lib/lp/xmlrpc/interfaces.py	2012-01-15 21:06:58 +0000
> +++ lib/lp/xmlrpc/interfaces.py	2015-03-03 02:01:47 +0000
> @@ -1,4 +1,4 @@
> -# Copyright 2011 Canonical Ltd.  This software is licensed under the
> +# Copyright 2011-2015 Canonical Ltd.  This software is licensed under the
>  # GNU Affero General Public License version 3 (see the file LICENSE).
>  
>  """Interfaces for the Launchpad application."""
> @@ -34,3 +34,5 @@
>          """Canonical SSO XML-RPC end point.""")
>  
>      featureflags = Attribute("""Feature flag information endpoint""")
> +
> +    git = Attribute("Git end point.")
> 
> === modified file 'setup.py'
> --- setup.py	2015-01-06 12:47:59 +0000
> +++ setup.py	2015-03-03 02:01:47 +0000
> @@ -79,6 +79,7 @@
>          'python-openid',
>          'pytz',
>          'rabbitfixture',
> +        'requests',
>          's4',
>          'setproctitle',
>          'setuptools',
> 


-- 
https://code.launchpad.net/~cjwatson/launchpad/git-xmlrpc/+merge/251541
Your team Launchpad code reviewers is subscribed to branch lp:launchpad.


References