Merge "Revert "Don't store references to secret objects from jobs""
This commit is contained in:
commit
874f578c42
|
@ -121,7 +121,7 @@ class TestJob(BaseTestCase):
|
|||
# Apply the diablo variant
|
||||
diablo = model.Job('py27')
|
||||
diablo.timeout = 40
|
||||
job.applyVariant(diablo, self.layout)
|
||||
job.applyVariant(diablo)
|
||||
|
||||
self.assertEqual(40, job.timeout)
|
||||
self.assertEqual(['py27-pre'],
|
||||
|
@ -140,7 +140,7 @@ class TestJob(BaseTestCase):
|
|||
|
||||
good_final = model.Job('py27')
|
||||
good_final.voting = False
|
||||
job.applyVariant(good_final, self.layout)
|
||||
job.applyVariant(good_final)
|
||||
self.assertFalse(job.voting)
|
||||
|
||||
bad_final = model.Job('py27')
|
||||
|
@ -148,7 +148,7 @@ class TestJob(BaseTestCase):
|
|||
with testtools.ExpectedException(
|
||||
Exception,
|
||||
"Unable to modify final job"):
|
||||
job.applyVariant(bad_final, self.layout)
|
||||
job.applyVariant(bad_final)
|
||||
|
||||
def test_job_inheritance_job_tree(self):
|
||||
pipeline = model.Pipeline('gate', self.layout)
|
||||
|
|
|
@ -629,9 +629,12 @@ class JobParser(object):
|
|||
"Unable to use secret %s. Secrets must be "
|
||||
"defined in the same project in which they "
|
||||
"are used" % secret_name)
|
||||
# Decrypt a copy of the secret to verify it can be done
|
||||
secret.decrypt(job.source_context.project.private_key)
|
||||
secrets.append((secret.name, secret_name))
|
||||
# If the secret declares a different name, set it on the decrypted
|
||||
# copy of the secret object
|
||||
decrypted_secret = secret.decrypt(
|
||||
job.source_context.project.private_key)
|
||||
decrypted_secret.name = secret_name
|
||||
secrets.append(decrypted_secret)
|
||||
|
||||
# A job in an untrusted repo that uses secrets requires
|
||||
# special care. We must note this, and carry this flag
|
||||
|
|
|
@ -698,7 +698,6 @@ class PlaybookContext(object):
|
|||
self.path = path
|
||||
self.roles = roles
|
||||
self.secrets = secrets
|
||||
self.decrypted_secrets = []
|
||||
|
||||
def __repr__(self):
|
||||
return '<PlaybookContext %s %s>' % (self.source_context,
|
||||
|
@ -722,21 +721,12 @@ class PlaybookContext(object):
|
|||
self.secrets)
|
||||
return r
|
||||
|
||||
def freezeSecrets(self, layout):
|
||||
secrets = []
|
||||
for (secret_name, secret_alias) in self.secrets:
|
||||
secret = layout.secrets.get(secret_name)
|
||||
decrypted_secret = secret.decrypt(
|
||||
self.source_context.project.private_key)
|
||||
decrypted_secret.name = secret_alias
|
||||
secrets.append(decrypted_secret)
|
||||
self.decrypted_secrets = secrets
|
||||
|
||||
def toDict(self):
|
||||
# Render to a dict to use in passing json to the executor
|
||||
secrets = {}
|
||||
for secret in self.decrypted_secrets:
|
||||
secrets[secret.name] = secret.secret_data
|
||||
for secret in self.secrets:
|
||||
secret_data = copy.deepcopy(secret.secret_data)
|
||||
secrets[secret.name] = secret_data
|
||||
return dict(
|
||||
connection=self.source_context.project.connection_name,
|
||||
project=self.source_context.project.name,
|
||||
|
@ -1046,7 +1036,7 @@ class Job(object):
|
|||
setattr(job, k, copy.deepcopy(self._get(k)))
|
||||
return job
|
||||
|
||||
def freezePlaybooks(self, pblist, layout):
|
||||
def freezePlaybooks(self, pblist):
|
||||
"""Take a list of playbooks, and return a copy of it updated with this
|
||||
job's roles.
|
||||
|
||||
|
@ -1056,11 +1046,10 @@ class Job(object):
|
|||
for old_pb in pblist:
|
||||
pb = old_pb.copy()
|
||||
pb.roles = self.roles
|
||||
pb.freezeSecrets(layout)
|
||||
ret.append(pb)
|
||||
return tuple(ret)
|
||||
|
||||
def applyVariant(self, other, layout):
|
||||
def applyVariant(self, other):
|
||||
"""Copy the attributes which have been set on the other job to this
|
||||
job."""
|
||||
if not isinstance(other, Job):
|
||||
|
@ -1118,13 +1107,13 @@ class Job(object):
|
|||
self.addRoles(other.roles)
|
||||
|
||||
if other._get('run') is not None:
|
||||
other_run = self.freezePlaybooks(other.run, layout)
|
||||
other_run = self.freezePlaybooks(other.run)
|
||||
self.run = other_run
|
||||
if other._get('pre_run') is not None:
|
||||
other_pre_run = self.freezePlaybooks(other.pre_run, layout)
|
||||
other_pre_run = self.freezePlaybooks(other.pre_run)
|
||||
self.pre_run = self.pre_run + other_pre_run
|
||||
if other._get('post_run') is not None:
|
||||
other_post_run = self.freezePlaybooks(other.post_run, layout)
|
||||
other_post_run = self.freezePlaybooks(other.post_run)
|
||||
self.post_run = other_post_run + self.post_run
|
||||
self.updateVariables(other.variables, other.host_variables,
|
||||
other.group_variables)
|
||||
|
@ -2831,7 +2820,7 @@ class Layout(object):
|
|||
frozen_job = variant.copy()
|
||||
frozen_job.setBase()
|
||||
else:
|
||||
frozen_job.applyVariant(variant, item.layout)
|
||||
frozen_job.applyVariant(variant)
|
||||
frozen_job.name = variant.name
|
||||
frozen_job.name = jobname
|
||||
# Whether the change matches any of the project pipeline
|
||||
|
@ -2839,7 +2828,7 @@ class Layout(object):
|
|||
matched = False
|
||||
for variant in job_list.jobs[jobname]:
|
||||
if variant.changeMatches(change):
|
||||
frozen_job.applyVariant(variant, item.layout)
|
||||
frozen_job.applyVariant(variant)
|
||||
matched = True
|
||||
self.log.debug("Pipeline variant %s matched %s",
|
||||
repr(variant), change)
|
||||
|
|
Loading…
Reference in New Issue