filter events by user email
On some setup we might restrict a pipeline to trusted users. The new email_filter will matches the email coming from the event account attribute. In Gerrit, each event hold the account in a different field name so I have simply added a map to find out the correct field. email_filter works just like comment_filter, fields are ORed and are considered to be regex. Change-Id: I775f67b48d5f162106c024f94fe498a049b3fe94 Reviewed-on: https://review.openstack.org/17609 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
This commit is contained in:
parent
00a7f09c61
commit
b4e809edf0
@ -246,6 +246,10 @@ explanation of each of the parameters::
|
||||
``code-review: 2`` matches a ``+2`` vote on the code review category.
|
||||
Multiple approvals may be listed.
|
||||
|
||||
*email_filter*
|
||||
This is used for any event. It takes a regex applied on the performer
|
||||
email. Example: ``email_filter: .*@example.org$``.
|
||||
|
||||
*comment_filter*
|
||||
This is only used for ``comment-added`` events. It accepts a list of
|
||||
regexes that are searched for in the comment string. If any of these
|
||||
|
@ -8,6 +8,16 @@ pipelines:
|
||||
failure:
|
||||
verified: -1
|
||||
|
||||
- name: tests
|
||||
manager: IndependentPipelineManager
|
||||
trigger:
|
||||
- event: patchset-created
|
||||
email_filter: ^.*@example.org$
|
||||
success:
|
||||
verified: 1
|
||||
failure:
|
||||
verified: -1
|
||||
|
||||
- name: post
|
||||
manager: IndependentPipelineManager
|
||||
trigger:
|
||||
@ -35,6 +45,8 @@ jobs:
|
||||
projects:
|
||||
- name: example/project
|
||||
check:
|
||||
- project-merge
|
||||
tests:
|
||||
- project-merge:
|
||||
- project-test
|
||||
gate:
|
||||
|
@ -520,6 +520,8 @@ class TriggerEvent(object):
|
||||
# common
|
||||
self.type = None
|
||||
self.project_name = None
|
||||
# Representation of the user account that performed the event.
|
||||
self.account = None
|
||||
# patchset-created, comment-added, etc.
|
||||
self.change_number = None
|
||||
self.change_url = None
|
||||
@ -565,7 +567,7 @@ class TriggerEvent(object):
|
||||
|
||||
class EventFilter(object):
|
||||
def __init__(self, types=[], branches=[], refs=[], approvals={},
|
||||
comment_filters=[]):
|
||||
comment_filters=[], email_filters=[]):
|
||||
self._types = types
|
||||
self._branches = branches
|
||||
self._refs = refs
|
||||
@ -573,6 +575,7 @@ class EventFilter(object):
|
||||
self.branches = [re.compile(x) for x in branches]
|
||||
self.refs = [re.compile(x) for x in refs]
|
||||
self.comment_filters = [re.compile(x) for x in comment_filters]
|
||||
self.email_filters = [re.compile(x) for x in email_filters]
|
||||
self.approvals = approvals
|
||||
|
||||
def __repr__(self):
|
||||
@ -629,6 +632,19 @@ class EventFilter(object):
|
||||
if self.comment_filters and not matches_comment_filter:
|
||||
return False
|
||||
|
||||
# We better have an account provided by Gerrit to do
|
||||
# email filtering.
|
||||
if event.account is not None:
|
||||
# email_filters are ORed
|
||||
matches_email_filter = False
|
||||
for email_filter in self.email_filters:
|
||||
account_email = event.account.get('email')
|
||||
if (account_email is not None and
|
||||
email_filter.search(account_email)):
|
||||
matches_email_filter = True
|
||||
if self.email_filters and not matches_email_filter:
|
||||
return False
|
||||
|
||||
# approvals are ANDed
|
||||
for category, value in self.approvals.items():
|
||||
matches_approval = False
|
||||
|
@ -99,7 +99,9 @@ class Scheduler(threading.Thread):
|
||||
refs=toList(trigger.get('ref')),
|
||||
approvals=approvals,
|
||||
comment_filters=
|
||||
toList(trigger.get('comment_filter')))
|
||||
toList(trigger.get('comment_filter')),
|
||||
email_filters=
|
||||
toList(trigger.get('email_filter')))
|
||||
manager.event_filters.append(f)
|
||||
|
||||
for config_job in data['jobs']:
|
||||
|
@ -59,6 +59,24 @@ class GerritEventConnector(threading.Thread):
|
||||
event.ref = refupdate.get('refName')
|
||||
event.oldrev = refupdate.get('oldRev')
|
||||
event.newrev = refupdate.get('newRev')
|
||||
# Map the event types to a field name holding a Gerrit
|
||||
# account attribute. See Gerrit stream-event documentation
|
||||
# in cmd-stream-events.html
|
||||
accountfield_from_type = {
|
||||
'patchset-created': 'uploader',
|
||||
'change-abandoned': 'abandoner',
|
||||
'change-restored': 'restorer',
|
||||
'change-merged': 'submitter',
|
||||
'comment-added': 'author',
|
||||
'ref-updated': 'submitter',
|
||||
}
|
||||
try:
|
||||
event.account = data.get(accountfield_from_type[event.type])
|
||||
except KeyError:
|
||||
self.log.error("Received unrecongized event type '%s' from Gerrit.\
|
||||
Can not get account information." % event.type)
|
||||
event.account = None
|
||||
|
||||
self.sched.addEvent(event)
|
||||
self.gerrit.eventDone()
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user