From 26063bdb059e4b6c72472a13134831b548975606 Mon Sep 17 00:00:00 2001 From: Jeny Sadadia Date: Tue, 3 Sep 2024 18:20:59 +0530 Subject: [PATCH 1/3] src/lava_callback: set submitter for custom checkout and patchset Set `node.submitter` field for `checkout` and `patchset` operation. Signed-off-by: Jeny Sadadia --- src/lava_callback.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/lava_callback.py b/src/lava_callback.py index 30f2dfd20..9f86155e3 100755 --- a/src/lava_callback.py +++ b/src/lava_callback.py @@ -506,6 +506,7 @@ async def checkout(data: ManualCheckout, request: Request, } }, "timeout": checkout_timeout.isoformat(), + "submitter": f'user:{email}', } if jobfilter: @@ -541,7 +542,7 @@ def validate_patch_url(patchurl): @app.post('/api/patchset') -async def checkout(data: PatchSet, request: Request, +async def patchset(data: PatchSet, request: Request, Authorization: str = Header(None)): ''' API call to test existing checkout with a patch(set) @@ -616,6 +617,7 @@ async def checkout(data: PatchSet, request: Request, newnode['parent'] = node['id'] newnode['artifacts'] = {} newnode['timeout'] = patchset_timeout.isoformat() + newnode['submitter'] = f'user:{email}' if data.patchurl: for i, patchurl in enumerate(data.patchurl): newnode['artifacts'][f'patch{i}'] = patchurl From 954ebc11d93144211b2e90aa3963ef01fe371ac0 Mon Sep 17 00:00:00 2001 From: Jeny Sadadia Date: Tue, 3 Sep 2024 18:31:15 +0530 Subject: [PATCH 2/3] src/send_kcidb: restrict kcidb submissions Restrict KCIDB submission based on `node.submitter` value in case of staging pipeline instance to avoid sending custom data added with `kci_maintainer` tool. Signed-off-by: Jeny Sadadia --- src/send_kcidb.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/send_kcidb.py b/src/send_kcidb.py index 3fd7c4a0b..b1b63925d 100755 --- a/src/send_kcidb.py +++ b/src/send_kcidb.py @@ -52,6 +52,7 @@ def __init__(self, configs, args, name): super().__init__(configs, args, name) self._jobs = configs['jobs'] self._platforms = configs['platforms'] + self._current_user = self._api.user.whoami() def _setup(self, args): return { @@ -450,6 +451,12 @@ def _run(self, context): node, is_hierarchy = self._api_helper.receive_event_node(context['sub_id']) self.log.info(f"Received an event for node: {node['id']}") + # Submit nodes with service origin only for staging pipeline + if self._current_user['username'] == 'staging': + if node['submitter'] != 'service:pipeline': + self.log.debug(f"Not sending node to KCIDB: {node['id']}") + continue + parsed_checkout_node = [] parsed_build_node = [] parsed_test_node = [] From d3dcbe0d060acad5190f8832721eb691c45d0288 Mon Sep 17 00:00:00 2001 From: Jeny Sadadia Date: Tue, 3 Sep 2024 18:33:01 +0530 Subject: [PATCH 3/3] src/trigger: set `submitter` value Set `node.submitter` to `service:pipeline` when staging pipeline instance is running. Signed-off-by: Jeny Sadadia --- src/trigger.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/trigger.py b/src/trigger.py index f2d7b44bb..eabb01d94 100755 --- a/src/trigger.py +++ b/src/trigger.py @@ -80,6 +80,9 @@ def _run_trigger(self, build_config, force, timeout, trees): }, 'timeout': checkout_timeout.isoformat(), } + if self._current_user['username'] == 'staging': + node['submitter'] = 'service:pipeline' + try: self._api.node.add(node) except requests.exceptions.HTTPError as ex: