~rjarry/dlrepo

32cafdf9c378ad164180776a8f95d59087cfb4df — Julien Floret 10 months ago 47ef1c4
fmt: allow modifying internal format in locked job

Internal formats are not released and are not included in the
calculation of the job digest.
They can then be safely added to or deleted from a locked job, without
needing to unlock it prior, so the uploader will not need the "update"
access, only the "add" access.

It is useful to add extra info after a job has been released, like
test results, or transient data like CVE scans updated daily with an
up-to-date vulnerability database, without giving too many permissions
to the uploader.

Signed-off-by: Julien Floret <julien.floret@6wind.com>
Acked-by: Thomas Faivre <thomas.faivre@6wind.com>
Acked-by: Robin Jarry <robin@jarry.cc>
2 files changed, 2 insertions(+), 2 deletions(-)

M dlrepo/views/artifact.py
M dlrepo/views/fmt.py
M dlrepo/views/artifact.py => dlrepo/views/artifact.py +1 -1
@@ 61,7 61,7 @@ class ArtifactView(BaseView):
                        raise web.HTTPBadRequest(
                            reason="Uploading container images must be done with docker push"
                        )
                if job.is_locked():
                if job.is_locked() and not fmt.is_internal():
                    raise web.HTTPBadRequest(
                        reason="Cannot upload files in locked jobs"
                    )

M dlrepo/views/fmt.py => dlrepo/views/fmt.py +1 -1
@@ 198,7 198,7 @@ def _get_format(
                .get_job(match_info["job"])
            )
            fmt = job.get_format(match_info["format"])
            if delete and job.is_locked():
            if delete and job.is_locked() and not fmt.is_internal():
                raise web.HTTPBadRequest(reason="Cannot delete format: job is locked")
    except FileNotFoundError as e:
        raise web.HTTPNotFound() from e