screwdriver-api 4.1.201 → 4.1.205
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/Dockerfile.local
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "screwdriver-api",
|
|
3
|
-
"version": "4.1.
|
|
3
|
+
"version": "4.1.205",
|
|
4
4
|
"description": "API server for the Screwdriver.cd service",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"scripts": {
|
|
@@ -23,7 +23,7 @@
|
|
|
23
23
|
"url": "git@github.com:screwdriver-cd/screwdriver.git"
|
|
24
24
|
},
|
|
25
25
|
"engines": {
|
|
26
|
-
"node": ">=
|
|
26
|
+
"node": ">=12.0.0"
|
|
27
27
|
},
|
|
28
28
|
"greenkeeper": {
|
|
29
29
|
"ignore": [
|
|
@@ -14,7 +14,7 @@ module.exports = config => ({
|
|
|
14
14
|
tags: ['api', 'builds', 'artifacts'],
|
|
15
15
|
auth: {
|
|
16
16
|
strategies: ['token'],
|
|
17
|
-
scope: ['build']
|
|
17
|
+
scope: ['user', 'build']
|
|
18
18
|
},
|
|
19
19
|
|
|
20
20
|
handler: async (req, h) => {
|
|
@@ -26,9 +26,15 @@ module.exports = config => ({
|
|
|
26
26
|
return h.response(data).code(200);
|
|
27
27
|
}
|
|
28
28
|
const buildId = req.params.id;
|
|
29
|
-
const { username, scope } = req.auth.credentials;
|
|
29
|
+
const { username, scope, scmContext } = req.auth.credentials;
|
|
30
30
|
const isBuild = scope.includes('build');
|
|
31
31
|
const { buildFactory } = req.server.app;
|
|
32
|
+
const scmDisplayName = buildFactory.scm.getDisplayName({ scmContext })
|
|
33
|
+
const adminDetails = req.server.plugins.banners.screwdriverAdminDetails(username, scmDisplayName);
|
|
34
|
+
|
|
35
|
+
if (scope.includes('user') && !adminDetails.isAdmin) {
|
|
36
|
+
return boom.forbidden(`User ${adminDetails.userDisplayName} does not have Screwdriver administrative privileges.`)
|
|
37
|
+
}
|
|
32
38
|
|
|
33
39
|
if (isBuild && username !== buildId) {
|
|
34
40
|
return boom.forbidden(`Credential only valid for ${username}`);
|
package/plugins/builds/index.js
CHANGED
|
@@ -410,11 +410,6 @@ function parseJobInfo({ joinObj = {}, current, nextJobName, nextPipelineId }) {
|
|
|
410
410
|
* @return {Promise} All finished builds
|
|
411
411
|
*/
|
|
412
412
|
async function getFinishedBuilds(event, buildFactory) {
|
|
413
|
-
if (!event.parentEventId) {
|
|
414
|
-
// FIXME: remove this flow to always use buildFactory.getLatestBuilds
|
|
415
|
-
return event.getBuilds();
|
|
416
|
-
}
|
|
417
|
-
|
|
418
413
|
// FIXME: buildFactory.getLatestBuilds doesn't return build model
|
|
419
414
|
const builds = await buildFactory.getLatestBuilds({ groupEventId: event.groupEventId });
|
|
420
415
|
|
package/plugins/events/create.js
CHANGED
|
@@ -115,6 +115,10 @@ module.exports = () => ({
|
|
|
115
115
|
userFactory.get({ username, scmContext })
|
|
116
116
|
]);
|
|
117
117
|
|
|
118
|
+
if (!pipeline) {
|
|
119
|
+
throw boom.notFound();
|
|
120
|
+
}
|
|
121
|
+
|
|
118
122
|
payload.scmContext = pipeline.scmContext;
|
|
119
123
|
|
|
120
124
|
// In pipeline scope, check if the token is allowed to the pipeline
|
|
@@ -126,7 +130,16 @@ module.exports = () => ({
|
|
|
126
130
|
const scmUri = await getScmUri({ pipeline, pipelineFactory });
|
|
127
131
|
|
|
128
132
|
// Check the user's permission
|
|
129
|
-
|
|
133
|
+
let permissions;
|
|
134
|
+
|
|
135
|
+
try {
|
|
136
|
+
permissions = await user.getPermissions(scmUri);
|
|
137
|
+
} catch (err) {
|
|
138
|
+
if (err.statusCode === 403 && (pipeline.scmRepo && pipeline.scmRepo.private)) {
|
|
139
|
+
throw boom.notFound();
|
|
140
|
+
}
|
|
141
|
+
throw boom.boomify(err, { statusCode: err.statusCode });
|
|
142
|
+
}
|
|
130
143
|
|
|
131
144
|
// Update admins
|
|
132
145
|
if (!prNum) {
|
|
@@ -187,8 +200,8 @@ module.exports = () => ({
|
|
|
187
200
|
// User has good permissions, create an event
|
|
188
201
|
sha = await scm.getCommitSha(scmConfig);
|
|
189
202
|
} catch (err) {
|
|
190
|
-
if (err.
|
|
191
|
-
throw boom.boomify(err, { statusCode: err.
|
|
203
|
+
if (err.statusCode) {
|
|
204
|
+
throw boom.boomify(err, { statusCode: err.statusCode });
|
|
192
205
|
}
|
|
193
206
|
}
|
|
194
207
|
|
|
@@ -376,7 +376,7 @@ async function startEvents(eventConfigs, eventFactory) {
|
|
|
376
376
|
if (result.value) events.push(result.value);
|
|
377
377
|
} else {
|
|
378
378
|
errorCount += 1;
|
|
379
|
-
logger.error(`pipeline:${eventConfigs[i].pipelineId} error in starting event`, result.
|
|
379
|
+
logger.error(`pipeline:${eventConfigs[i].pipelineId} error in starting event`, result.reason);
|
|
380
380
|
}
|
|
381
381
|
});
|
|
382
382
|
|