launchpad-reviewers team mailing list archive

Thread
Date

[Merge] ~twom/launchpad:offline-oci-builds into launchpad:master

To: mp+387376@xxxxxxxxxxxxxxxxxx
From: Tom Wardill <tom.wardill@xxxxxxxxxxxxx>
Date: Tue, 14 Jul 2020 15:13:24 -0000
Reply-to: mp+387376@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Tom Wardill has proposed merging ~twom/launchpad:offline-oci-builds into launchpad:master.

Commit message:
Add allow_internet to OCIRecipe

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~twom/launchpad/+git/launchpad/+merge/387376

Enable control over whether OCIRecipe builds should have access to the internet.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~twom/launchpad:offline-oci-builds into launchpad:master.

diff --git a/lib/lp/oci/browser/ocirecipe.py b/lib/lp/oci/browser/ocirecipe.py
index 356ac1c..9d3adf1 100644
--- a/lib/lp/oci/browser/ocirecipe.py
+++ b/lib/lp/oci/browser/ocirecipe.py
@@ -322,6 +322,7 @@ class IOCIRecipeEditSchema(Interface):
         "build_file",
         "build_daily",
         "require_virtualized",
+        "allow_internet",
         ])
 
 
@@ -434,7 +435,7 @@ class OCIRecipeAdminView(BaseOCIRecipeEditView):
 
     page_title = "Administer"
 
-    field_names = ("require_virtualized",)
+    field_names = ("require_virtualized", "allow_internet")
 
 
 class OCIRecipeEditView(BaseOCIRecipeEditView, EnableProcessorsMixin):
diff --git a/lib/lp/oci/browser/tests/test_ocirecipe.py b/lib/lp/oci/browser/tests/test_ocirecipe.py
index e25d463..a1b86ba 100644
--- a/lib/lp/oci/browser/tests/test_ocirecipe.py
+++ b/lib/lp/oci/browser/tests/test_ocirecipe.py
@@ -280,14 +280,17 @@ class TestOCIRecipeAdminView(BaseTestOCIRecipeView):
         login_person(self.person)
         recipe = self.factory.makeOCIRecipe(registrant=self.person)
         self.assertTrue(recipe.require_virtualized)
+        self.assertTrue(recipe.allow_internet)
 
         browser = self.getViewBrowser(recipe, user=commercial_admin)
         browser.getLink("Administer OCI recipe").click()
         browser.getControl("Require virtualized builders").selected = False
+        browser.getControl("Allow external network access").selected = False
         browser.getControl("Update OCI recipe").click()
 
         login_person(self.person)
         self.assertFalse(recipe.require_virtualized)
+        self.assertFalse(recipe.allow_internet)
 
     def test_admin_recipe_sets_date_last_modified(self):
         # Administering an OCI recipe sets the date_last_modified property.
diff --git a/lib/lp/oci/interfaces/ocirecipe.py b/lib/lp/oci/interfaces/ocirecipe.py
index 64c5387..37f74a2 100644
--- a/lib/lp/oci/interfaces/ocirecipe.py
+++ b/lib/lp/oci/interfaces/ocirecipe.py
@@ -408,6 +408,13 @@ class IOCIRecipeAdminAttributes(Interface):
         value_type=Reference(schema=IProcessor),
         readonly=False))
 
+    allow_internet = exported(Bool(
+        title=_("Allow external network access"),
+        required=True, readonly=False,
+        description=_(
+            "Allow access to external network resources via a proxy.  "
+            "Resources hosted on Launchpad itself are always allowed.")))
+
 
 @exported_as_webservice_entry(
     publish_web_link=True, as_of="devel", singular_name="oci_recipe")
@@ -421,7 +428,8 @@ class IOCIRecipeSet(Interface):
 
     def new(name, registrant, owner, oci_project, git_ref, build_file,
             description=None, official=False, require_virtualized=True,
-            build_daily=False, processors=None, date_created=DEFAULT):
+            build_daily=False, processors=None, date_created=DEFAULT,
+            allow_internet=True):
         """Create an IOCIRecipe."""
 
     def exists(owner, oci_project, name):
diff --git a/lib/lp/oci/model/ocirecipe.py b/lib/lp/oci/model/ocirecipe.py
index 38e5a9a..45691c5 100644
--- a/lib/lp/oci/model/ocirecipe.py
+++ b/lib/lp/oci/model/ocirecipe.py
@@ -145,11 +145,14 @@ class OCIRecipe(Storm, WebhookTargetMixin):
     require_virtualized = Bool(name="require_virtualized", default=True,
                                allow_none=False)
 
+    allow_internet = Bool(name='allow_internet', allow_none=False)
+
     build_daily = Bool(name="build_daily", default=False)
 
     def __init__(self, name, registrant, owner, oci_project, git_ref,
                  description=None, official=False, require_virtualized=True,
-                 build_file=None, build_daily=False, date_created=DEFAULT):
+                 build_file=None, build_daily=False, date_created=DEFAULT,
+                 allow_internet=True):
         if not getFeatureFlag(OCI_RECIPE_ALLOW_CREATE):
             raise OCIRecipeFeatureDisabled()
         super(OCIRecipe, self).__init__()
@@ -165,6 +168,7 @@ class OCIRecipe(Storm, WebhookTargetMixin):
         self.date_created = date_created
         self.date_last_modified = date_created
         self.git_ref = git_ref
+        self.allow_internet = allow_internet
 
     def __repr__(self):
         return "<OCIRecipe ~%s/%s/+oci/%s/+recipe/%s>" % (
@@ -502,7 +506,8 @@ class OCIRecipeSet:
 
     def new(self, name, registrant, owner, oci_project, git_ref, build_file,
             description=None, official=False, require_virtualized=True,
-            build_daily=False, processors=None, date_created=DEFAULT):
+            build_daily=False, processors=None, date_created=DEFAULT,
+            allow_internet=True):
         """See `IOCIRecipeSet`."""
         if not registrant.inTeam(owner):
             if owner.is_team:
@@ -524,7 +529,7 @@ class OCIRecipeSet:
         oci_recipe = OCIRecipe(
             name, registrant, owner, oci_project, git_ref, description,
             official, require_virtualized, build_file, build_daily,
-            date_created)
+            date_created, allow_internet)
         store.add(oci_recipe)
 
         if processors is None:
diff --git a/lib/lp/oci/model/ocirecipebuildbehaviour.py b/lib/lp/oci/model/ocirecipebuildbehaviour.py
index 8b5f5e0..fce6dd3 100644
--- a/lib/lp/oci/model/ocirecipebuildbehaviour.py
+++ b/lib/lp/oci/model/ocirecipebuildbehaviour.py
@@ -85,7 +85,7 @@ class OCIRecipeBuildBehaviour(SnapProxyMixin, BuildFarmJobBehaviourBase):
         build = self.build
         args = yield super(OCIRecipeBuildBehaviour, self).extraBuildArgs(
             logger=logger)
-        yield self.addProxyArgs(args)
+        yield self.addProxyArgs(args, build.recipe.allow_internet)
         # XXX twom 2020-02-17 This may need to be more complex, and involve
         # distribution name.
         args["name"] = build.recipe.name
diff --git a/lib/lp/oci/tests/test_ocirecipe.py b/lib/lp/oci/tests/test_ocirecipe.py
index 1d07913..880c351 100644
--- a/lib/lp/oci/tests/test_ocirecipe.py
+++ b/lib/lp/oci/tests/test_ocirecipe.py
@@ -806,6 +806,7 @@ class TestOCIRecipeSet(TestCaseWithFactory):
         self.assertEqual(target.official, False)
         self.assertEqual(target.require_virtualized, False)
         self.assertEqual(target.git_ref, git_ref)
+        self.assertTrue(target.allow_internet)
 
     def test_already_exists(self):
         owner = self.factory.makePerson()