Skip to content

Commit

Permalink
Add additional cluster regexp info to RerunAuthConfigs
Browse files Browse the repository at this point in the history
  • Loading branch information
carolinar7 authored and liurupeng committed Jun 7, 2022
1 parent a8f6abf commit 28ea372
Show file tree
Hide file tree
Showing 7 changed files with 618 additions and 164 deletions.
5 changes: 5 additions & 0 deletions prow/ANNOUNCEMENTS.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,11 @@
## New features

New features added to each component:
- *June 8, 2022* `deck.rerun_auth_configs` can optionally be replaced with
`deck.default_rerun_auth_configs` which supports a new format
that is a slice of filters with associated rerun auth configs rather than a
map. Currently entries can filter by repo and/or cluster. The old field is still
supported and will not be deprecated.
- *April 6, 2022* Highlight and pin interesting lines. To do this,
shift-click on log lines in the buildlog lens. The URL fragment
causes the same lines to be highlighted next page load. Additionally,
Expand Down
7 changes: 7 additions & 0 deletions prow/apis/prowjobs/v1/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -1046,6 +1046,13 @@ func (r Refs) String() string {
return strings.Join(rs, ",")
}

func (r Refs) OrgRepoString() string {
if r.Repo != "" {
return r.Org + "/" + r.Repo
}
return r.Org
}

// JenkinsSpec is optional parameters for Jenkins jobs.
// Currently, the only parameter supported is for telling
// jenkins-operator that the job is generated by the https://go.cloudbees.com/docs/plugins/github-branch-source/#github-branch-source plugin
Expand Down
11 changes: 5 additions & 6 deletions prow/cmd/deck/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -216,7 +216,7 @@ var (
traceHandler = metrics.TraceHandler(simplifier, httpRequestDuration, httpResponseSize)
)

type authCfgGetter func(*prowapi.Refs) *prowapi.RerunAuthConfig
type authCfgGetter func(*prowapi.Refs, string) *prowapi.RerunAuthConfig

func init() {
prometheus.MustRegister(httpRequestDuration)
Expand Down Expand Up @@ -419,9 +419,8 @@ func main() {
}
}

authCfgGetter := func(refs *prowapi.Refs) *prowapi.RerunAuthConfig {
rac := cfg().Deck.RerunAuthConfigs.GetRerunAuthConfig(refs)
return &rac
authCfgGetter := func(refs *prowapi.Refs, cluster string) *prowapi.RerunAuthConfig {
return cfg().Deck.GetRerunAuthConfig(refs, cluster)
}

mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
Expand Down Expand Up @@ -493,7 +492,7 @@ func main() {
// if we allow direct reruns, we must protect against CSRF in all post requests using the cookie secret as a token
// for more information about CSRF, see https://github.com/kubernetes/test-infra/blob/master/prow/cmd/deck/csrf.md
empty := prowapi.Refs{}
if o.rerunCreatesJob && csrfToken == nil && !authCfgGetter(&empty).IsAllowAnyone() {
if o.rerunCreatesJob && csrfToken == nil && !authCfgGetter(&empty, "").IsAllowAnyone() {
logrus.Fatal("Rerun creates job cannot be enabled without CSRF protection, which requires --cookie-secret to be exactly 32 bytes")
return
}
Expand Down Expand Up @@ -1499,7 +1498,7 @@ func handleRerun(prowJobClient prowv1.ProwJobInterface, createProwJob bool, cfg
http.Error(w, "Direct rerun feature is not enabled. Enable with the '--rerun-creates-job' flag.", http.StatusMethodNotAllowed)
return
}
authConfig := cfg(pj.Spec.Refs)
authConfig := cfg(pj.Spec.Refs, pj.Spec.Cluster)
var allowed bool
if pj.Spec.RerunAuthConfig.IsAllowAnyone() || authConfig.IsAllowAnyone() {
// Skip getting the users login via GH oauth if anyone is allowed to rerun
Expand Down
2 changes: 1 addition & 1 deletion prow/cmd/deck/main_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -543,7 +543,7 @@ func TestRerun(t *testing.T) {
State: prowapi.PendingState,
},
})
authCfgGetter := func(refs *prowapi.Refs) *prowapi.RerunAuthConfig {
authCfgGetter := func(refs *prowapi.Refs, cluster string) *prowapi.RerunAuthConfig {
return &prowapi.RerunAuthConfig{
AllowAnyone: tc.allowAnyone,
GitHubUsers: tc.authorized,
Expand Down
Loading

0 comments on commit 28ea372

Please sign in to comment.