diff options
author | Matthias Beyer <mail@beyermatthias.de> | 2020-12-11 12:36:55 +0100 |
---|---|---|
committer | Matthias Beyer <mail@beyermatthias.de> | 2020-12-11 12:43:17 +0100 |
commit | ce6f9d77c80849d11b442cf4c6783ec972456521 (patch) | |
tree | 1f08e432477c2f76429a4ecb0753f4590331830e | |
parent | 0737188dd12a389c419e51d9c208647b4f6732e4 (diff) |
Add allowlist feature
This patch adds the "allowlist" feature for packages.
A package can have a list of allowed images to be built on - butido will
not execute the submit if one package is not allowed on the image
passed to butido.
This is the opposite of the denylist, of course.
Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
-rw-r--r-- | src/cli.rs | 9 | ||||
-rw-r--r-- | src/commands/build.rs | 15 | ||||
-rw-r--r-- | src/commands/dependencies_of.rs | 1 | ||||
-rw-r--r-- | src/commands/find_pkg.rs | 1 | ||||
-rw-r--r-- | src/commands/what_depends.rs | 1 | ||||
-rw-r--r-- | src/config/util.rs | 5 | ||||
-rw-r--r-- | src/package/package.rs | 5 | ||||
-rw-r--r-- | src/ui.rs | 33 |
8 files changed, 49 insertions, 21 deletions
@@ -406,7 +406,7 @@ pub fn cli<'a>() -> App<'a> { .multiple(false) .long("all") .short('A') - .about("Same as: -SDpEFPs --deny-images (all flags enabled)") + .about("Same as: -SDpEFPs --deny-images --allowed-images (all flags enabled)") ) .arg(Arg::new("show_sources") @@ -467,6 +467,13 @@ pub fn cli<'a>() -> App<'a> { .about("Show the flags of the package") ) + .arg(Arg::new("show_allowed_images") + .required(false) + .multiple(false) + .long("allowed-images") + .about("Show the images on which the package is only allowed to be built") + ) + .arg(Arg::new("show_deny_images") .required(false) .multiple(false) diff --git a/src/commands/build.rs b/src/commands/build.rs index ec04e8f..a46166d 100644 --- a/src/commands/build.rs +++ b/src/commands/build.rs @@ -13,6 +13,7 @@ use diesel::ExpressionMethods; use diesel::PgConnection; use diesel::QueryDsl; use diesel::RunQueryDsl; +use itertools::Itertools; use log::{debug, info, warn, trace}; use tokio::stream::StreamExt; use tokio::sync::RwLock; @@ -211,15 +212,19 @@ pub async fn build(repo_root: &Path, tree.all_packages() .into_iter() .map(|pkg| { + if let Some(allowlist) = pkg.allowed_images() { + if !allowlist.contains(&image_name) { + return Err(anyhow!("Package {} {} is only allowed on: {}", pkg.name(), pkg.version(), allowlist.iter().join(", "))) + } + } + if let Some(denylist) = pkg.deny_on_images() { if denylist.iter().any(|denied| image_name == *denied) { - Err(anyhow!("Package {} {} is not allowed to be built on {}", pkg.name(), pkg.version(), image_name)) - } else { - Ok(()) + return Err(anyhow!("Package {} {} is not allowed to be built on {}", pkg.name(), pkg.version(), image_name)) } - } else { - Ok(()) } + + Ok(()) }) .collect::<Result<Vec<()>>>()?; diff --git a/src/commands/dependencies_of.rs b/src/commands/dependencies_of.rs index 4a31c1d..9bb2d85 100644 --- a/src/commands/dependencies_of.rs +++ b/src/commands/dependencies_of.rs @@ -39,6 +39,7 @@ pub async fn dependencies_of(matches: &ArgMatches, config: &Configuration, repo: print_patches: false, print_env: false, print_flags: false, + print_allowed_images: false, print_deny_images: false, print_phases: false, print_script: false, diff --git a/src/commands/find_pkg.rs b/src/commands/find_pkg.rs index dfdca9b..da46aa4 100644 --- a/src/commands/find_pkg.rs +++ b/src/commands/find_pkg.rs @@ -53,6 +53,7 @@ pub async fn find_pkg(matches: &ArgMatches, config: &Configuration, repo: Reposi print_patches : matches.is_present("show_patches"), print_env : matches.is_present("show_env"), print_flags : matches.is_present("show_flags"), + print_allowed_images: matches.is_present("show_allowed_images"), print_deny_images : matches.is_present("show_deny_images"), print_phases : matches.is_present("show_phases"), print_script : matches.is_present("show_script"), diff --git a/src/commands/what_depends.rs b/src/commands/what_depends.rs index 01b599b..7db9097 100644 --- a/src/commands/what_depends.rs +++ b/src/commands/what_depends.rs @@ -44,6 +44,7 @@ pub async fn what_depends(matches: &ArgMatches, config: &Configuration, repo: Re print_patches: false, print_env: false, print_flags: false, + print_allowed_images: false, print_deny_images: false, print_phases: false, print_script: false, diff --git a/src/config/util.rs b/src/config/util.rs index 27fc530..9255c34 100644 --- a/src/config/util.rs +++ b/src/config/util.rs @@ -46,6 +46,11 @@ pub fn default_package_print_format() -> String { {{#each p.flags}}{{this}} {{/each~}} {{/if~}} + {{~#if print_allowed_images}} + Only supported on: + {{#each p.allowed_images}}{{this}} + {{/each~}} + {{/if~}} {{~#if print_deny_images}} Denied on: {{#each p.deny_on_images}}{{this}} diff --git a/src/package/package.rs b/src/package/package.rs index 93581fe..7db3795 100644 --- a/src/package/package.rs +++ b/src/package/package.rs @@ -46,6 +46,10 @@ pub struct Package { #[getset(get = "pub")] #[serde(skip_serializing_if = "Option::is_none")] + allowed_images: Option<Vec<ImageName>>, + + #[getset(get = "pub")] + #[serde(skip_serializing_if = "Option::is_none")] deny_on_images: Option<Vec<ImageName>>, #[getset(get = "pub")] @@ -65,6 +69,7 @@ impl Package { patches: vec![], environment: None, flags: None, + allowed_images: None, deny_on_images: None, phases: HashMap::new(), } @@ -36,6 +36,7 @@ pub struct PackagePrintFlags { pub print_patches: bool, pub print_env: bool, pub print_flags: bool, + pub print_allowed_images: bool, pub print_deny_images: bool, pub print_phases: bool, pub print_script: bool, @@ -56,6 +57,7 @@ impl PackagePrintFlags { || self.print_patches || self.print_env || self.print_flags + || self.print_allowed_images || self.print_deny_images || self.print_phases || self.print_script @@ -102,21 +104,22 @@ fn print_package(out: &mut dyn Write, flags.script_line_numbers)?; let mut data = BTreeMap::new(); - data.insert("i" , serde_json::Value::Number(serde_json::Number::from(i))); - data.insert("p" , serde_json::to_value(package)?); - data.insert("script" , serde_json::Value::String(script)); - data.insert("print_any" , serde_json::Value::Bool(flags.print_any())); - data.insert("print_runtime_deps" , serde_json::Value::Bool(flags.print_runtime_deps)); - data.insert("print_build_deps" , serde_json::Value::Bool(flags.print_build_deps)); - - data.insert("print_sources" , serde_json::Value::Bool(flags.print_all || flags.print_sources)); - data.insert("print_dependencies" , serde_json::Value::Bool(flags.print_all || flags.print_dependencies)); - data.insert("print_patches" , serde_json::Value::Bool(flags.print_all || flags.print_patches)); - data.insert("print_env" , serde_json::Value::Bool(flags.print_all || flags.print_env)); - data.insert("print_flags" , serde_json::Value::Bool(flags.print_all || flags.print_flags)); - data.insert("print_deny_images" , serde_json::Value::Bool(flags.print_all || flags.print_deny_images)); - data.insert("print_phases" , serde_json::Value::Bool(flags.print_all || flags.print_phases)); - data.insert("print_script" , serde_json::Value::Bool(flags.print_all || flags.print_script)); + data.insert("i" , serde_json::Value::Number(serde_json::Number::from(i))); + data.insert("p" , serde_json::to_value(package)?); + data.insert("script" , serde_json::Value::String(script)); + data.insert("print_any" , serde_json::Value::Bool(flags.print_any())); + data.insert("print_runtime_deps" , serde_json::Value::Bool(flags.print_runtime_deps)); + data.insert("print_build_deps" , serde_json::Value::Bool(flags.print_build_deps)); + + data.insert("print_sources" , serde_json::Value::Bool(flags.print_all || flags.print_sources)); + data.insert("print_dependencies" , serde_json::Value::Bool(flags.print_all || flags.print_dependencies)); + data.insert("print_patches" , serde_json::Value::Bool(flags.print_all || flags.print_patches)); + data.insert("print_env" , serde_json::Value::Bool(flags.print_all || flags.print_env)); + data.insert("print_flags" , serde_json::Value::Bool(flags.print_all || flags.print_flags)); + data.insert("print_allowed_images", serde_json::Value::Bool(flags.print_all || flags.print_allowed_images)); + data.insert("print_deny_images" , serde_json::Value::Bool(flags.print_all || flags.print_deny_images)); + data.insert("print_phases" , serde_json::Value::Bool(flags.print_all || flags.print_phases)); + data.insert("print_script" , serde_json::Value::Bool(flags.print_all || flags.print_script)); hb.render("package", &data) |