launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #20794
[Merge] lp:~cjwatson/launchpad/fix-snap-job-refresh-perms into lp:launchpad
Colin Watson has proposed merging lp:~cjwatson/launchpad/fix-snap-job-refresh-perms into lp:launchpad.
Commit message:
Ensure that SnapStoreUploadJob has permissions to store refreshed store secrets.
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
For more details, see:
https://code.launchpad.net/~cjwatson/launchpad/fix-snap-job-refresh-perms/+merge/300077
Ensure that SnapStoreUploadJob has permissions to store refreshed store secrets.
--
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~cjwatson/launchpad/fix-snap-job-refresh-perms into lp:launchpad.
=== modified file 'database/schema/security.cfg'
--- database/schema/security.cfg 2016-06-20 20:32:36 +0000
+++ database/schema/security.cfg 2016-07-14 14:26:38 +0000
@@ -2559,7 +2559,7 @@
public.libraryfilecontent = SELECT
public.person = SELECT
public.personsettings = SELECT
-public.snap = SELECT
+public.snap = SELECT, UPDATE
public.snapbuild = SELECT, UPDATE
public.snapbuildjob = SELECT, UPDATE
public.snapfile = SELECT
=== modified file 'lib/lp/snappy/tests/test_snapstoreclient.py'
--- lib/lp/snappy/tests/test_snapstoreclient.py 2016-06-27 13:19:15 +0000
+++ lib/lp/snappy/tests/test_snapstoreclient.py 2016-07-14 14:26:38 +0000
@@ -38,6 +38,7 @@
import transaction
from zope.component import getUtility
+from lp.services.config import config
from lp.services.features.testing import FeatureFixture
from lp.services.timeline.requesttimeline import get_request_timeline
from lp.snappy.interfaces.snap import SNAP_TESTING_FLAGS
@@ -57,6 +58,7 @@
TestCase,
TestCaseWithFactory,
)
+from lp.testing.dbuser import dbuser
from lp.testing.layers import LaunchpadZopelessLayer
@@ -284,10 +286,12 @@
lfa = self.factory.makeLibraryFileAlias(content="dummy snap content")
self.factory.makeSnapFile(snapbuild=snapbuild, libraryfile=lfa)
transaction.commit()
- with HTTMock(self._unscanned_upload_handler, self._snap_push_handler):
- self.assertEqual(
- "http://sca.example/dev/api/snaps/1/builds/1/status";,
- self.client.upload(snapbuild))
+ with dbuser(config.ISnapStoreUploadJobSource.dbuser):
+ with HTTMock(self._unscanned_upload_handler,
+ self._snap_push_handler):
+ self.assertEqual(
+ "http://sca.example/dev/api/snaps/1/builds/1/status";,
+ self.client.upload(snapbuild))
self.assertThat(self.unscanned_upload_request, RequestMatches(
url=Equals("http://updown.example/unscanned-upload/";),
method=Equals("POST"),
@@ -324,10 +328,11 @@
lfa = self.factory.makeLibraryFileAlias(content="dummy snap content")
self.factory.makeSnapFile(snapbuild=snapbuild, libraryfile=lfa)
transaction.commit()
- with HTTMock(self._unscanned_upload_handler, snap_push_handler,
- self._macaroon_refresh_handler):
- self.assertRaises(
- UnauthorizedUploadResponse, self.client.upload, snapbuild)
+ with dbuser(config.ISnapStoreUploadJobSource.dbuser):
+ with HTTMock(self._unscanned_upload_handler, snap_push_handler,
+ self._macaroon_refresh_handler):
+ self.assertRaises(
+ UnauthorizedUploadResponse, self.client.upload, snapbuild)
def test_upload_needs_discharge_macaroon_refresh(self):
@urlmatch(path=r".*/snap-push/$")
@@ -352,11 +357,12 @@
lfa = self.factory.makeLibraryFileAlias(content="dummy snap content")
self.factory.makeSnapFile(snapbuild=snapbuild, libraryfile=lfa)
transaction.commit()
- with HTTMock(self._unscanned_upload_handler, snap_push_handler,
- self._macaroon_refresh_handler):
- self.assertEqual(
- "http://sca.example/dev/api/snaps/1/builds/1/status";,
- self.client.upload(snapbuild))
+ with dbuser(config.ISnapStoreUploadJobSource.dbuser):
+ with HTTMock(self._unscanned_upload_handler, snap_push_handler,
+ self._macaroon_refresh_handler):
+ self.assertEqual(
+ "http://sca.example/dev/api/snaps/1/builds/1/status";,
+ self.client.upload(snapbuild))
self.assertEqual(2, snap_push_handler.call_count)
self.assertNotEqual(
store_secrets["discharge"], snap.store_secrets["discharge"])
@@ -381,10 +387,11 @@
lfa = self.factory.makeLibraryFileAlias(content="dummy snap content")
self.factory.makeSnapFile(snapbuild=snapbuild, libraryfile=lfa)
transaction.commit()
- with HTTMock(self._unscanned_upload_handler, snap_push_handler):
- self.assertEqual(
- "http://sca.example/dev/api/click-scan-complete/updown/1/";,
- self.client.upload(snapbuild))
+ with dbuser(config.ISnapStoreUploadJobSource.dbuser):
+ with HTTMock(self._unscanned_upload_handler, snap_push_handler):
+ self.assertEqual(
+ "http://sca.example/dev/api/click-scan-complete/updown/1/";,
+ self.client.upload(snapbuild))
def test_refresh_discharge_macaroon(self):
store_secrets = self._make_store_secrets()
@@ -393,8 +400,9 @@
store_series=self.factory.makeSnappySeries(name="rolling"),
store_name="test-snap", store_secrets=store_secrets)
- with HTTMock(self._macaroon_refresh_handler):
- self.client.refreshDischargeMacaroon(snap)
+ with dbuser(config.ISnapStoreUploadJobSource.dbuser):
+ with HTTMock(self._macaroon_refresh_handler):
+ self.client.refreshDischargeMacaroon(snap)
self.assertThat(self.refresh_request, RequestMatches(
url=Equals("http://sso.example/api/v2/tokens/refresh";),
method=Equals("POST"),
Follow ups
