new hooks API for push/build, deprecate Build.push()

Gabriel Monroy · Gabriel Monroy · commit 2acdd2aaeec2 · 2014-02-12T12:19:27.000-07:00
diff --git a/api/models.py b/api/models.py
@@ -765,35 +765,6 @@ class Meta:
     def __str__(self):
         return "{0}-{1}".format(self.app.id, self.sha[:7])
 
-    @classmethod
-    def push(cls, push):
-        """Process a push from a local Git server.
-
-        Creates a new Build and returns the application's
-        databag for processing by the git-receive hook
-        """
-        # SECURITY:
-        # we assume the first part of the ssh key name
-        # is the authenticated user because we trust gitosis
-        username = push.pop('username').split('_')[0]
-        # retrieve the user and app instances
-        user = User.objects.get(username=username)
-        app = App.objects.get(id=push.pop('app'))
-        # merge the push with the required model instances
-        push['owner'] = user
-        push['app'] = app
-        # create the build
-        new_build = cls.objects.create(**push)
-        # send a release signal
-        release_signal.send(sender=user, build=new_build, app=app, user=user)
-        # see if we need to scale an initial web container
-        if len(app.formation.node_set.filter(layer__runtime=True)) > 0 and \
-           len(app.container_set.filter(type='web')) < 1:
-            # scale an initial web containers
-            Container.objects.scale(app, {'web': 1})
-        # publish and converge the application
-        return app.converge()
-
 
 @python_2_unicode_compatible
 class Release(UuidAuditedModel):
diff --git a/api/tests/test_build.py b/api/tests/test_build.py
@@ -96,33 +96,6 @@ def test_build(self):
         self.assertEqual(self.client.patch(url).status_code, 405)
         self.assertEqual(self.client.delete(url).status_code, 405)
 
-    def test_build_push(self):
-        """
-        Simlulate a git push creating a new Build object
-        """
-        formation_id = 'autotest'
-        url = '/api/formations/{formation_id}/layers'.format(**locals())
-        body = {'id': 'runtime', 'flavor': 'autotest', 'runtime': True, 'proxy': True}
-        response = self.client.post(url, json.dumps(body), content_type='application/json')
-        self.assertEqual(response.status_code, 201)
-        url = '/api/formations/{formation_id}/scale'.format(**locals())
-        body = {'runtime': 2}
-        response = self.client.post(url, json.dumps(body), content_type='application/json')
-        self.assertEqual(response.status_code, 200)
-        url = '/api/apps'
-        body = {'formation': formation_id}
-        response = self.client.post(url, json.dumps(body), content_type='application/json')
-        self.assertEqual(response.status_code, 201)
-        app_id = response.data['id']
-        push = {'username': 'autotest', 'app': app_id}
-        databag = Build.push(push)
-        self.assertIn('release', databag)
-        self.assertIn('version', databag['release'])
-        self.assertIn('containers', databag)
-        self.assertIn('web', databag['containers'])
-        self.assertIn('1', databag['containers']['web'])
-        self.assertEqual(databag['containers']['web']['1'], 'up')
-
     def test_build_str(self):
         """Test the text representation of a build."""
         url = '/api/apps'
diff --git a/api/tests/test_hooks.py b/api/tests/test_hooks.py
@@ -7,6 +7,7 @@
 from __future__ import unicode_literals
 
 import json
+import uuid
 
 from django.test import TestCase
 from django.test.utils import override_settings
@@ -15,9 +16,9 @@
 
 
 @override_settings(CELERY_ALWAYS_EAGER=True)
-class PushTest(TestCase):
+class HookTest(TestCase):
 
-    """Tests pushes into the push system"""
+    """Tests API hooks used to trigger actions from external components"""
 
     fixtures = ['tests.json']
 
@@ -42,10 +43,8 @@ def setUp(self):
             content_type='application/json')
         self.assertEqual(response.status_code, 201)
 
-    def test_push(self):
-        """
-        Test that a user can push into the system
-        """
+    def test_push_hook(self):
+        """Test creating a Push via the API"""
         url = '/api/apps'
         body = {'formation': 'autotest'}
         response = self.client.post(url, json.dumps(body), content_type='application/json')
@@ -56,12 +55,12 @@ def test_push(self):
             'sha': 'df1e628f2244b73f9cdf944f880a2b3470a122f4',
             'fingerprint': '88:25:ed:67:56:91:3d:c6:1b:7f:42:c6:9b:41:24:80',
             'receive_user': 'autotest',
-            'receive_repo': 'repo.git',
+            'receive_repo': '{app_id}'.format(**locals()),
             'ssh_connection': '10.0.1.10 50337 172.17.0.143 22',
-            'ssh_original_command': "git-receive-pack 'repo.git'",
+            'ssh_original_command': "git-receive-pack '{app_id}.git'".format(**locals()),
         }
         # post a request without the auth header
-        url = "/api/apps/{app_id}/push".format(**locals())
+        url = "/api/hooks/push".format(**locals())
         response = self.client.post(url, json.dumps(body), content_type='application/json')
         self.assertEqual(response.status_code, 403)
         # now try with the builder key in the special auth header
@@ -73,7 +72,8 @@ def test_push(self):
             self.assertIn(k, response.data)
 
     def test_push_abuse(self):
-        # create a legit app
+        """Test a user pushing to an unauthorized application"""
+        # create a legit app as "autotest"
         url = '/api/apps'
         body = {'formation': 'autotest'}
         response = self.client.post(url, json.dumps(body), content_type='application/json')
@@ -98,12 +98,68 @@ def test_push_abuse(self):
             'sha': 'df1e628f2244b73f9cdf944f880a2b3470a122f4',
             'fingerprint': '88:25:ed:67:56:91:3d:c6:1b:7f:42:c6:9b:41:24:99',
             'receive_user': 'eviluser',
-            'receive_repo': 'repo.git',
+            'receive_repo': '{app_id}'.format(**locals()),
             'ssh_connection': '10.0.1.10 50337 172.17.0.143 22',
-            'ssh_original_command': "git-receive-pack 'repo.git'",
+            'ssh_original_command': "git-receive-pack '{app_id}.git'".format(**locals()),
         }
         # try to push as "eviluser"
-        url = "/api/apps/{app_id}/push".format(**locals())
+        url = "/api/hooks/push".format(**locals())
         response = self.client.post(url, json.dumps(body), content_type='application/json',
                                     HTTP_X_DEIS_BUILDER_AUTH=settings.BUILDER_KEY)
         self.assertEqual(response.status_code, 403)
+
+    def test_build_hook(self):
+        """Test creating a Build via the API"""
+        formation_id = 'autotest'
+        url = '/api/formations/{formation_id}/layers'.format(**locals())
+        body = {'id': 'runtime', 'flavor': 'autotest', 'runtime': True, 'proxy': True}
+        response = self.client.post(url, json.dumps(body), content_type='application/json')
+        self.assertEqual(response.status_code, 201)
+        url = '/api/formations/{formation_id}/scale'.format(**locals())
+        body = {'runtime': 2}
+        response = self.client.post(url, json.dumps(body), content_type='application/json')
+        self.assertEqual(response.status_code, 200)
+        url = '/api/apps'
+        body = {'formation': formation_id}
+        response = self.client.post(url, json.dumps(body), content_type='application/json')
+        self.assertEqual(response.status_code, 201)
+        app_id = response.data['id']
+        build = {'username': 'autotest', 'app': app_id}
+        url = '/api/hooks/builds'.format(**locals())
+        sha, checksum = uuid.uuid4().hex, uuid.uuid4().hex
+        body = {'receive_user': 'autotest',
+                'receive_repo': app_id,
+                'sha': sha,
+                'checksum': checksum,
+                'procfile': {'web': 'node server.js'},
+                'config': {'PATH': '/usr/local/bin:/usr/bin:/usr/sbin'},
+                'url': 'http://deis-controller.local/slugs/{app_id}-{sha}.tar.gz'.format(**locals()),
+                'size': 12345}
+        # post the build without a session
+        self.assertIsNone(self.client.logout())
+        response = self.client.post(url, json.dumps(body), content_type='application/json')
+        self.assertEqual(response.status_code, 403)
+        # post the build with the builder auth key
+        response = self.client.post(url, json.dumps(body), content_type='application/json',
+                                    HTTP_X_DEIS_BUILDER_AUTH=settings.BUILDER_KEY)
+        self.assertEqual(response.status_code, 201)
+        build = response.data
+        self.assertIn('sha', response.data)
+        self.assertIn('procfile', response.data)
+        procfile = json.loads(response.data['procfile'])
+        self.assertIn('web', procfile)
+        self.assertEqual(procfile['web'], 'node server.js')
+        # calculate the databag
+        self.assertTrue(
+            self.client.login(username='autotest', password='password'))
+        url = '/api/apps/{app_id}/calculate'.format(**locals())
+        response = self.client.post(url)
+        self.assertEqual(response.status_code, 200)
+        databag = response.data
+        self.assertIn('release', databag)
+        self.assertIn('version', databag['release'])
+        self.assertIn('containers', databag)
+        self.assertIn('web', databag['containers'])
+        self.assertIn('1', databag['containers']['web'])
+        self.assertEqual(databag['containers']['web']['1'], 'up')
+
diff --git a/api/urls.py b/api/urls.py
@@ -189,10 +189,6 @@
 Application Release Components
 ------------------------------
 
-.. http:post:: /api/apps/(string:id)/push/
-
-  Create a new :class:`~api.models.Push`.
-
 .. http:get:: /api/apps/(string:id)/config/
 
   List all :class:`~api.models.Config`\s.
@@ -282,6 +278,18 @@
   Create a new app permission.
 
 
+API Hooks
+=========
+
+.. http:post:: /api/hooks/push/
+
+  Create a new :class:`~api.models.Push`.
+
+.. http:post:: /api/hooks/build/
+
+  Create a new :class:`~api.models.Build`.
+
+
 Nodes
 =====
 
@@ -409,8 +417,6 @@
     url(r'^formations/?',
         views.FormationViewSet.as_view({'get': 'list', 'post': 'create'})),
     # application release components
-    url(r'^apps/(?P<id>[-_\w]+)/push/?',
-        views.AppPushViewSet.as_view({'post': 'create'})),
     url(r'^apps/(?P<id>[-_\w]+)/config/?',
         views.AppConfigViewSet.as_view({'get': 'retrieve', 'post': 'create'})),
     url(r'^apps/(?P<id>[-_\w]+)/builds/(?P<uuid>[-_\w]+)/?',
@@ -449,6 +455,11 @@
         views.AppViewSet.as_view({'get': 'retrieve', 'delete': 'destroy'})),
     url(r'^apps/?',
         views.AppViewSet.as_view({'get': 'list', 'post': 'create'})),
+    # hooks
+    url(r'^hooks/push/?',
+        views.PushHookViewSet.as_view({'post': 'create'})),
+    url(r'^hooks/build/?',
+        views.BuildHookViewSet.as_view({'post': 'create'})),
     # nodes
     url(r'^nodes/(?P<node>[-_\w]+)/converge/?',
         views.NodeViewSet.as_view({'post': 'converge'})),
diff --git a/api/views.py b/api/views.py
@@ -552,29 +552,6 @@ def get_object(self, *args, **kwargs):
         raise PermissionDenied()
 
 
-class AppPushViewSet(viewsets.ModelViewSet):
-    """RESTful views for :class:`~api.models.Push`."""
-
-    model = models.Push
-    serializer_class = serializers.PushSerializer
-
-    permission_classes = (HasBuilderAuth,)
-
-    def pre_save(self, obj):
-        # SECURITY: we trust the receive_user field to map to the push owner
-        obj.owner = self.request.DATA['owner']
-
-    def create(self, request, *args, **kwargs):
-        request._data = request.DATA.copy()
-        app = request.DATA['app'] = get_object_or_404(models.App, id=self.kwargs['id'])
-        # check the user is authorized for this app
-        user = request.DATA['owner'] = get_object_or_404(
-            User, username=self.request.DATA['receive_user'])
-        if user == app.owner or user in get_users_with_perms(app):
-            return super(AppPushViewSet, self).create(request, *args, **kwargs)
-        raise PermissionDenied()
-
-
 class AppConfigViewSet(BaseAppViewSet):
     """RESTful views for :class:`~api.models.Config`."""
 
@@ -682,3 +659,66 @@ def get_object(self, *args, **kwargs):
         qs = self.get_queryset(**kwargs)
         obj = qs.get(num=self.kwargs['num'])
         return obj
+
+
+class BaseHookViewSet(viewsets.ModelViewSet):
+
+    permission_classes = (HasBuilderAuth,)
+
+    def pre_save(self, obj):
+        # SECURITY: we trust the username field to map to the owner
+        obj.owner = self.request.DATA['owner']
+
+
+class PushHookViewSet(BaseHookViewSet):
+    """API hook to create new :class:`~api.models.Push`"""
+
+    model = models.Push
+    serializer_class = serializers.PushSerializer
+
+    def create(self, request, *args, **kwargs):
+        app = get_object_or_404(models.App, id=request.DATA['receive_repo'])
+        user = get_object_or_404(
+            User, username=request.DATA['receive_user'])
+        # check the user is authorized for this app
+        if user == app.owner or user in get_users_with_perms(app):
+            request._data = request.DATA.copy()
+            request.DATA['app'] = app
+            request.DATA['owner'] = user
+            return super(PushHookViewSet, self).create(request, *args, **kwargs)
+        raise PermissionDenied()
+
+
+class BuildHookViewSet(BaseHookViewSet):
+    """API hook to create new :class:`~api.models.Build`"""
+
+    model = models.Build
+    serializer_class = serializers.BuildSerializer
+
+    def create(self, request, *args, **kwargs):
+        app = get_object_or_404(models.App, id=request.DATA['receive_repo'])
+        user = get_object_or_404(
+            User, username=request.DATA['receive_user'])
+        # check the user is authorized for this app
+        if user == app.owner or user in get_users_with_perms(app):
+            request._data = request.DATA.copy()
+            request.DATA['app'] = app
+            request.DATA['owner'] = user
+            return super(BuildHookViewSet, self).create(request, *args, **kwargs)
+        raise PermissionDenied()
+
+    def post_save(self, obj, created=False):
+        if created:
+            # create a new release
+            models.release_signal.send(
+                sender=self, build=obj, app=obj.app,
+                user=obj.owner)
+            models.release_signal.send(sender=self, build=obj, app=obj.app, user=obj.owner)
+            # see if we need to scale an initial web container
+            app = obj.app
+            if len(app.formation.node_set.filter(layer__runtime=True)) > 0 and \
+               len(app.container_set.filter(type='web')) < 1:
+                # scale an initial web containers
+                models.Container.objects.scale(app, {'web': 1})
+            # publish and converge the application
+            app.converge()
