web: honor allowed-labels setting in the REST API
This change adds a new gearman method to get the allowed-labels setting so that the web service can filter the list of available labels per tenant. Change-Id: I5b1f9a19340b98d4100ffe8e904b434851b50293
This commit is contained in:
parent
dc9347c122
commit
d32a870a4f
|
@ -766,6 +766,21 @@ class TestWeb(BaseTestWeb):
|
|||
self.assertIn(expected, resp.json())
|
||||
|
||||
|
||||
class TestWebMultiTenant(BaseTestWeb):
|
||||
tenant_config_file = 'config/multi-tenant/main.yaml'
|
||||
|
||||
def test_web_labels_allowed_list(self):
|
||||
labels = ["tenant-one-label", "fake", "tenant-two-label"]
|
||||
self.fake_nodepool.registerLauncher(labels, "FakeLauncher2")
|
||||
# Tenant-one has label restriction in place
|
||||
res = self.get_url('api/tenant/tenant-one/labels').json()
|
||||
self.assertEqual([{'name': 'fake'}, {'name': 'tenant-one-label'}], res)
|
||||
# Tenant-two does not
|
||||
res = self.get_url('api/tenant/tenant-two/labels').json()
|
||||
self.assertEqual(
|
||||
list(map(lambda x: {'name': x}, sorted(labels + ["label1"]))), res)
|
||||
|
||||
|
||||
class TestWebSecrets(BaseTestWeb):
|
||||
tenant_config_file = 'config/secrets/main.yaml'
|
||||
|
||||
|
|
|
@ -62,6 +62,7 @@ class RPCListener(object):
|
|||
def register(self):
|
||||
self.worker.registerFunction("zuul:autohold")
|
||||
self.worker.registerFunction("zuul:autohold_list")
|
||||
self.worker.registerFunction("zuul:allowed_labels_get")
|
||||
self.worker.registerFunction("zuul:dequeue")
|
||||
self.worker.registerFunction("zuul:enqueue")
|
||||
self.worker.registerFunction("zuul:enqueue_ref")
|
||||
|
@ -480,6 +481,17 @@ class RPCListener(object):
|
|||
|
||||
gear_job.sendWorkComplete(json.dumps(output))
|
||||
|
||||
def handle_allowed_labels_get(self, job):
|
||||
args = json.loads(job.arguments)
|
||||
tenant = self.sched.abide.tenants.get(args.get("tenant"))
|
||||
if not tenant:
|
||||
job.sendWorkComplete(json.dumps(None))
|
||||
return
|
||||
labels = tenant.allowed_labels
|
||||
if not labels:
|
||||
labels = []
|
||||
job.sendWorkComplete(json.dumps(labels))
|
||||
|
||||
def handle_pipeline_list(self, job):
|
||||
args = json.loads(job.arguments)
|
||||
tenant = self.sched.abide.tenants.get(args.get("tenant"))
|
||||
|
|
|
@ -29,6 +29,8 @@ import time
|
|||
import select
|
||||
import threading
|
||||
|
||||
import re2
|
||||
|
||||
import zuul.model
|
||||
import zuul.rpcclient
|
||||
import zuul.zk
|
||||
|
@ -394,10 +396,17 @@ class ZuulWebAPI(object):
|
|||
@cherrypy.tools.save_params()
|
||||
@cherrypy.tools.json_out(content_type='application/json; charset=utf-8')
|
||||
def labels(self, tenant):
|
||||
job = self.rpc.submitJob('zuul:allowed_labels_get', {'tenant': tenant})
|
||||
allowed_labels = json.loads(job.data[0])
|
||||
if allowed_labels is None:
|
||||
raise cherrypy.HTTPError(404, 'Tenant %s does not exist.' % tenant)
|
||||
labels = set()
|
||||
for launcher in self.zk.getRegisteredLaunchers():
|
||||
for label in launcher.supported_labels:
|
||||
labels.add(label)
|
||||
if not allowed_labels or (
|
||||
[True for allowed_label in allowed_labels if
|
||||
re2.match(allowed_label, label)]):
|
||||
labels.add(label)
|
||||
ret = [{'name': label} for label in sorted(labels)]
|
||||
resp = cherrypy.response
|
||||
resp.headers['Access-Control-Allow-Origin'] = '*'
|
||||
|
|
Loading…
Reference in New Issue