launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #23623
[Merge] lp:~matiasb/launchpad/snap-build-db-access-snapjob into lp:launchpad
Matias Bordese has proposed merging lp:~matiasb/launchpad/snap-build-db-access-snapjob into lp:launchpad.
Commit message:
Updated DB permission allowing build to access snapjob.
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
Related bugs:
Bug #1828089 in Launchpad itself: "Snap build request changes cause snap builds to fail with DB permission errors"
https://bugs.launchpad.net/launchpad/+bug/1828089
For more details, see:
https://code.launchpad.net/~matiasb/launchpad/snap-build-db-access-snapjob/+merge/367069
--
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~matiasb/launchpad/snap-build-db-access-snapjob into lp:launchpad.
=== modified file 'database/schema/security.cfg'
--- database/schema/security.cfg 2019-04-23 12:30:16 +0000
+++ database/schema/security.cfg 2019-05-07 18:25:13 +0000
@@ -1001,6 +1001,7 @@
public.snapbuild = SELECT, UPDATE
public.snapbuildjob = SELECT, INSERT
public.snapfile = SELECT
+public.snapjob = SELECT
public.snappyseries = SELECT
public.sourcepackagename = SELECT
public.sourcepackagepublishinghistory = SELECT
=== modified file 'lib/lp/snappy/tests/test_snapbuildbehaviour.py'
--- lib/lp/snappy/tests/test_snapbuildbehaviour.py 2019-05-03 13:26:45 +0000
+++ lib/lp/snappy/tests/test_snapbuildbehaviour.py 2019-05-07 18:25:13 +0000
@@ -101,6 +101,7 @@
TestCase,
TestCaseWithFactory,
)
+from lp.testing.dbuser import dbuser
from lp.testing.gpgkeys import gpgkeysdir
from lp.testing.keyserver import InProcessKeyServerFixture
from lp.testing.layers import LaunchpadZopelessLayer
@@ -409,7 +410,8 @@
expected_archives, expected_trusted_keys = (
yield get_sources_list_for_building(
job.build, job.build.distro_arch_series, None))
- args = yield job.extraBuildArgs()
+ with dbuser(config.builddmaster.dbuser):
+ args = yield job.extraBuildArgs()
self.assertThat(args, MatchesDict({
"archive_private": Is(False),
"archives": Equals(expected_archives),
@@ -431,7 +433,8 @@
snap = self.factory.makeSnap()
request = self.factory.makeSnapBuildRequest(snap=snap)
job = self.makeJob(snap=snap, build_request=request)
- args = yield job.extraBuildArgs()
+ with dbuser(config.builddmaster.dbuser):
+ args = yield job.extraBuildArgs()
self.assertEqual(request.id, args["build_request_id"])
expected_timestamp = format_as_rfc3339(request.date_requested)
self.assertEqual(expected_timestamp, args["build_request_timestamp"])
@@ -445,7 +448,8 @@
expected_archives, expected_trusted_keys = (
yield get_sources_list_for_building(
job.build, job.build.distro_arch_series, None))
- args = yield job.extraBuildArgs()
+ with dbuser(config.builddmaster.dbuser):
+ args = yield job.extraBuildArgs()
self.assertThat(args, MatchesDict({
"archive_private": Is(False),
"archives": Equals(expected_archives),
@@ -473,7 +477,8 @@
expected_archives, expected_trusted_keys = (
yield get_sources_list_for_building(
job.build, job.build.distro_arch_series, None))
- args = yield job.extraBuildArgs()
+ with dbuser(config.builddmaster.dbuser):
+ args = yield job.extraBuildArgs()
self.assertThat(args, MatchesDict({
"archive_private": Is(False),
"archives": Equals(expected_archives),
@@ -501,7 +506,8 @@
expected_archives, expected_trusted_keys = (
yield get_sources_list_for_building(
job.build, job.build.distro_arch_series, None))
- args = yield job.extraBuildArgs()
+ with dbuser(config.builddmaster.dbuser):
+ args = yield job.extraBuildArgs()
self.assertThat(args, MatchesDict({
"archive_private": Is(False),
"archives": Equals(expected_archives),
@@ -529,7 +535,8 @@
expected_archives, expected_trusted_keys = (
yield get_sources_list_for_building(
job.build, job.build.distro_arch_series, None))
- args = yield job.extraBuildArgs()
+ with dbuser(config.builddmaster.dbuser):
+ args = yield job.extraBuildArgs()
self.assertThat(args, MatchesDict({
"archive_private": Is(False),
"archives": Equals(expected_archives),
@@ -551,7 +558,8 @@
# For the "name" argument, extraBuildArgs prefers Snap.store_name
# over Snap.name if the former is set.
job = self.makeJob(store_name="something-else")
- args = yield job.extraBuildArgs()
+ with dbuser(config.builddmaster.dbuser):
+ args = yield job.extraBuildArgs()
self.assertEqual("something-else", args["name"])
@defer.inlineCallbacks
@@ -567,7 +575,8 @@
distroarchseries=job.build.distro_arch_series,
pocket=job.build.pocket, archive=archive,
status=PackagePublishingStatus.PUBLISHED)
- args = yield job.extraBuildArgs()
+ with dbuser(config.builddmaster.dbuser):
+ args = yield job.extraBuildArgs()
self.assertThat(args["trusted_keys"], MatchesListwise([
Base64KeyMatches("0D57E99656BEFB0897606EE9A022DD1F5001B46D"),
]))
@@ -579,7 +588,8 @@
expected_archives, expected_trusted_keys = (
yield get_sources_list_for_building(
job.build, job.build.distro_arch_series, None))
- args = yield job.extraBuildArgs()
+ with dbuser(config.builddmaster.dbuser):
+ args = yield job.extraBuildArgs()
self.assertFalse(isProxy(args["channels"]))
self.assertEqual({"snapcraft": "edge"}, args["channels"])
@@ -590,7 +600,8 @@
expected_archives, expected_trusted_keys = (
yield get_sources_list_for_building(
job.build, job.build.distro_arch_series, None))
- args = yield job.extraBuildArgs()
+ with dbuser(config.builddmaster.dbuser):
+ args = yield job.extraBuildArgs()
self.assertNotIn("channels", args)
@defer.inlineCallbacks
@@ -603,7 +614,8 @@
expected_archives, expected_trusted_keys = (
yield get_sources_list_for_building(
job.build, job.build.distro_arch_series, None))
- args = yield job.extraBuildArgs()
+ with dbuser(config.builddmaster.dbuser):
+ args = yield job.extraBuildArgs()
self.assertFalse(isProxy(args["channels"]))
self.assertEqual({"snapcraft": "stable"}, args["channels"])
@@ -617,7 +629,8 @@
expected_archives, expected_trusted_keys = (
yield get_sources_list_for_building(
job.build, job.build.distro_arch_series, None))
- args = yield job.extraBuildArgs()
+ with dbuser(config.builddmaster.dbuser):
+ args = yield job.extraBuildArgs()
self.assertNotIn("channels", args)
@defer.inlineCallbacks
@@ -625,7 +638,8 @@
# If external network access is not allowed for the snap,
# extraBuildArgs does not dispatch a proxy token.
job = self.makeJob(allow_internet=False)
- args = yield job.extraBuildArgs()
+ with dbuser(config.builddmaster.dbuser):
+ args = yield job.extraBuildArgs()
self.assertNotIn("proxy_url", args)
self.assertNotIn("revocation_endpoint", args)
@@ -634,7 +648,8 @@
# If the snap requests building of a source tarball, extraBuildArgs
# sends the appropriate arguments.
job = self.makeJob(build_source_tarball=True)
- args = yield job.extraBuildArgs()
+ with dbuser(config.builddmaster.dbuser):
+ args = yield job.extraBuildArgs()
self.assertTrue(args["build_source_tarball"])
@defer.inlineCallbacks
@@ -643,7 +658,8 @@
# arguments.
self.useFixture(FeatureFixture({SNAP_PRIVATE_FEATURE_FLAG: "on"}))
job = self.makeJob(private=True)
- args = yield job.extraBuildArgs()
+ with dbuser(config.builddmaster.dbuser):
+ args = yield job.extraBuildArgs()
self.assertTrue(args["private"])
@defer.inlineCallbacks
Follow ups
