Colin Watson has proposed merging lp:~cjwatson/launchpad/snap-allow-network
into lp:launchpad.
Commit message:
Add Snap.allow_network: if false, do not dispatch a proxy token to builds of
that snap.
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
For more details, see:
https://code.launchpad.net/~cjwatson/launchpad/snap-allow-network/+merge/336924
This will allow snaps that are intended to be delivered with Ubuntu images to
be restricted to build from only resources on Launchpad, and thus be
reproducible, supportable, etc.
--
Your team Launchpad code reviewers is requested to review the proposed merge of
lp:~cjwatson/launchpad/snap-allow-network into lp:launchpad.
=== modified file 'lib/lp/scripts/garbo.py'
--- lib/lp/scripts/garbo.py 2016-11-12 21:02:10 +
+++ lib/lp/scripts/garbo.py 2018-01-31 14:51:33 +
@@ -1,4 +1,4 @@
-# Copyright 2009-2016 Canonical Ltd. This software is licensed under the
+# Copyright 2009-2018 Canonical Ltd. This software is licensed under the
# GNU Affero General Public License version 3 (see the file LICENSE).
"""Database garbage collection."""
@@ -41,6 +41,7 @@
Or,
Row,
SQL,
+Update,
)
from storm.info import ClassAlias
from storm.store import EmptyResultSet
@@ -1603,6 +1604,32 @@
transaction.commit()
+class SnapAllowNetworkPopulator(TunableLoop):
+"""Populates Snap.allow_network with True."""
+
+maximum_chunk_size = 5000
+
+def __init__(self, log, abort_time=None):
+super(SnapAllowNetworkPopulator, self).__init__(log, abort_time)
+self.start_at = 1
+self.store = IMasterStore(Snap)
+
+def findSnaps(self):
+return self.store.find(
+Snap,
+Snap.id >= self.start_at,
+Snap._allow_network == None).order_by(Snap.id)
+
+def isDone(self):
+return self.findSnaps().is_empty()
+
+def __call__(self, chunk_size):
+ids = [snap.id for snap in self.findSnaps()]
+self.store.execute(Update(
+{Snap._allow_network: True}, where=Snap.id.is_in(ids), table=Snap))
+transaction.commit()
+
+
class BaseDatabaseGarbageCollector(LaunchpadCronScript):
"""Abstract base class to run a collection of TunableLoops."""
script_name = None # Script name for locking and database user. Override.
@@ -1893,6 +1920,7 @@
ProductVCSPopulator,
RevisionAuthorEmailLinker,
ScrubPOFileTranslator,
+SnapAllowNetworkPopulator,
SnapBuildJobPruner,
SnapStoreSeriesPopulator,
SuggestiveTemplatesCacheUpdater,
=== modified file 'lib/lp/scripts/tests/test_garbo.py'
--- lib/lp/scripts/tests/test_garbo.py 2018-01-02 10:54:31 +
+++ lib/lp/scripts/tests/test_garbo.py 2018-01-31 14:51:33 +
@@ -1,4 +1,4 @@
-# Copyright 2009-2016 Canonical Ltd. This software is licensed under the
+# Copyright 2009-2018 Canonical Ltd. This software is licensed under the
# GNU Affero General Public License version 3 (see the file LICENSE).
"""Test the database garbage collector."""
@@ -15,6 +15,7 @@
from StringIO import StringIO
import time
+from psycopg2 import IntegrityError
from pytz import UTC
from storm.exceptions import LostObjectError
from storm.expr import (
@@ -1553,6 +1554,34 @@
# Snaps with more than one possible store series are untouched.
self.assertIsNone(snaps[5].store_series)
+def test_SnapAllowNetworkPopulator(self):
+switch_dbuser('testadmin')
+old_snaps = [self.factory.makeSnap() for _ in range(2)]
+for snap in old_snaps:
+removeSecurityProxy(snap)._allow_network = None
+try:
+Store.of(old_snaps[0]).flush()
+except IntegrityError:
+# Now enforced by DB NOT NULL constraint; backfilling is no
+# longer necessary.
+return
+allow_network_snaps = [
+self.factory.makeSnap(allow_network=True) for _ in range(2)]
+disallow_network_snaps = [
+self.factory.makeSnap(allow_network=False) for _ in range(2)]
+transaction.commit()
+
+self.runDaily()
+
+# Old snaps are backfilled.
+for snap in old_snaps:
+self.assertIs(True, removeSecurityProxy(snap)._allow_network)
+# Other snaps are left alone.
+for snap in allow_network_snaps:
+self.assertIs(True, removeSecurityProxy(snap)._allow_network)
+for snap in disallow_network_snaps:
+self.assertIs(False, removeSecurityProxy(snap)._allow_network)
+
class TestGarboTasks(TestCaseWithFactory):
layer = LaunchpadZopelessLayer
=== modified file 'lib/lp/snappy/browser/snap.py'
--- lib/lp/snappy/browser/snap.py 2017-03-27 19:28:36 +
+++ lib/lp/snappy/browser/snap.py 2018-01-31 14:51:33 +
@@ -1,4 +1,4 @@
-# Copyright 2015-2017 Canonical Ltd. This software is licensed under the
+# Copyright 2015-2018 Canonical Ltd. This software is licensed under the