screwdriver-api 7.0.39 → 7.0.41

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "screwdriver-api",
-  "version": "7.0.39",
+  "version": "7.0.41",
   "description": "API server for the Screwdriver.cd service",
   "main": "index.js",
   "scripts": {

package/plugins/pipelines/README.md

@@ -321,4 +321,45 @@ If the template tag already exists, it will update the tag with the new version.
 
 `PUT /templates/{templateName}/tags/{tagName}` with the following payload
 
-* `version` - Exact version of the template (ex: `1.1.0`)
+* `version` - Exact version of the template (ex: `1.1.0`)
+
+##### Delete a pipeline template
+Deleting a pipeline template will delete a template and all of its associated tags and versions.
+
+`DELETE /pipeline/templates/{namespace}/{name}`
+
+###### Arguments
+
+* `name` - Name of the template
+
+##### Delete a pipeline template version
+
+Delete the template version and all of its associated tags.
+If the deleted version was the latest version, the API would set the `latestVersion` attribute of the templateMeta to the previous version.
+
+`DELETE /pipeline/templates/{namespace}/{name}/versions/{version}`
+
+###### Arguments
+
+'namespace', 'name', 'version'
+
+* `namespace` - Namespace of the template
+* `name` - Name of the template
+* `version` - Version of the template
+
+
+##### Delete a pipeline template tag
+
+Delete the template tag. This does not delete the template itself.
+
+*Note: This endpoint is only accessible in `build` scope and the permission is tied to the pipeline that creates the template.*
+
+`DELETE /pipeline/templates/{namespace}/{name}/tags/{tag}`
+
+###### Arguments
+
+'namespace', 'name', 'tag'
+
+* `namespace` - Namespace of the template
+* `name` - Name of the template
+* `tag` - Tag name of the template

package/plugins/pipelines/index.js

@@ -38,6 +38,9 @@ const getTemplateRoute = require('./templates/get');
 const getTemplateByIdRoute = require('./templates/getTemplateById');
 const createTagRoute = require('./templates/createTag');
 const getVersionRoute = require('./templates/getVersion');
+const removeTemplateRoute = require('./templates/remove');
+const removeTemplateTagRoute = require('./templates/removeTag');
+const removeTemplateVersionRoute = require('./templates/removeVersion');
 
 /**
  * Pipeline API Plugin
@@ -176,6 +179,59 @@ const pipelinesPlugin = {
             });
         });
 
+        /**
+         * Throws error if a credential does not have permission to remove pipeline template
+         * If credential has access, resolves to true
+         * @method canRemove
+         * @param {Object}  credentials              Credential object from Hapi
+         * @param {String}  credentials.username     Username of the person logged in (or build ID)
+         * @param {String}  credentials.scmContext   Scm of the person logged in (or build ID)
+         * @param {Array}   credentials.scope        Scope of the credential (user, build, admin)
+         * @param {String}  [credentials.pipelineId] If credential is a build, this is the pipeline ID
+         * @param {Object}  pipelineTemplate         Target pipeline template object
+         * @param {String}  permission               Required permission level
+         * @param {String}  app                      Server app object
+         * @return {Promise}
+         */
+        server.expose('canRemove', async (credentials, pipelineTemplate, permission, app) => {
+            const { username, scmContext, scope } = credentials;
+            const { userFactory, pipelineFactory } = app;
+
+            if (credentials.scope.includes('admin')) {
+                return true;
+            }
+
+            const pipeline = await pipelineFactory.get(pipelineTemplate.pipelineId);
+
+            if (!pipeline) {
+                throw boom.notFound(`Pipeline ${pipelineTemplate.pipelineId} does not exist`);
+            }
+
+            if (scope.includes('user')) {
+                const user = await userFactory.get({ username, scmContext });
+
+                if (!user) {
+                    throw boom.notFound(`User ${username} does not exist`);
+                }
+
+                const permissions = await user.getPermissions(pipeline.scmUri);
+
+                if (!permissions[permission]) {
+                    throw boom.forbidden(
+                        `User ${username} does not have ${permission} access for this pipelineTemplate`
+                    );
+                }
+
+                return true;
+            }
+
+            if (pipelineTemplate.pipelineId !== credentials.pipelineId || credentials.isPR) {
+                throw boom.forbidden('Not allowed to remove this pipelineTemplate');
+            }
+
+            return true;
+        });
+
         server.route([
             createRoute(),
             removeRoute(),
@@ -213,7 +269,10 @@ const pipelinesPlugin = {
             getVersionRoute(),
             getTemplateByIdRoute(),
             getTemplateRoute(),
-            createTagRoute()
+            createTagRoute(),
+            removeTemplateRoute(),
+            removeTemplateTagRoute(),
+            removeTemplateVersionRoute()
         ]);
     }
 };

package/plugins/pipelines/templates/createTag.js

@@ -18,7 +18,12 @@ module.exports = () => ({
             scope: ['build']
         },
         handler: async (request, h) => {
-            const { pipelineFactory, pipelineTemplateVersionFactory, pipelineTemplateTagFactory } = request.server.app;
+            const {
+                pipelineFactory,
+                pipelineTemplateFactory,
+                pipelineTemplateVersionFactory,
+                pipelineTemplateTagFactory
+            } = request.server.app;
 
             const { isPR, pipelineId } = request.auth.credentials;
 
@@ -28,7 +33,7 @@ module.exports = () => ({
 
             const [pipeline, template, templateTag] = await Promise.all([
                 pipelineFactory.get(pipelineId),
-                pipelineTemplateVersionFactory.get({ name, namespace, version }),
+                pipelineTemplateVersionFactory.get({ name, namespace, version }, pipelineTemplateFactory),
                 pipelineTemplateTagFactory.get({ name, namespace, tag })
             ]);
 

package/plugins/pipelines/templates/getVersion.js

@@ -20,13 +20,16 @@ module.exports = () => ({
         },
         handler: async (request, h) => {
             const { namespace, name, versionOrTag } = request.params;
-            const { pipelineTemplateVersionFactory } = request.server.app;
+            const { pipelineTemplateFactory, pipelineTemplateVersionFactory } = request.server.app;
 
-            const pipelineTemplate = await pipelineTemplateVersionFactory.getWithMetadata({
-                name,
-                namespace,
-                versionOrTag
-            });
+            const pipelineTemplate = await pipelineTemplateVersionFactory.getWithMetadata(
+                {
+                    name,
+                    namespace,
+                    versionOrTag
+                },
+                pipelineTemplateFactory
+            );
 
             if (!pipelineTemplate) {
                 throw boom.notFound('Pipeline Template does not exist');

package/plugins/pipelines/templates/listVersions.js

@@ -22,7 +22,7 @@ module.exports = () => ({
             scope: ['user', 'build']
         },
         handler: async (request, h) => {
-            const { pipelineTemplateVersionFactory } = request.server.app;
+            const { pipelineTemplateFactory, pipelineTemplateVersionFactory } = request.server.app;
             const config = {
                 params: request.params,
                 sort: request.query.sort
@@ -35,7 +35,7 @@ module.exports = () => ({
                 };
             }
 
-            const templates = await pipelineTemplateVersionFactory.list(config);
+            const templates = await pipelineTemplateVersionFactory.list(config, pipelineTemplateFactory);
 
             if (!templates || templates.length === 0) {
                 throw boom.notFound('Template does not exist');

package/plugins/pipelines/templates/remove.js

@@ -0,0 +1,57 @@
+'use strict';
+
+const boom = require('@hapi/boom');
+const joi = require('joi');
+const schema = require('screwdriver-data-schema');
+const baseSchema = schema.models.templateMeta.base;
+
+module.exports = () => ({
+    method: 'DELETE',
+    path: '/pipeline/templates/{namespace}/{name}',
+    options: {
+        description: 'Delete a pipeline template and its related versions and tags',
+        notes: 'Returns null if successful',
+        tags: ['api', 'templates'],
+        auth: {
+            strategies: ['token'],
+            scope: ['build', 'user', '!guest']
+        },
+
+        handler: async (request, h) => {
+            const { namespace, name } = request.params;
+            const { credentials } = request.auth;
+            const { pipelineTemplateFactory, pipelineTemplateTagFactory, pipelineTemplateVersionFactory } =
+                request.server.app;
+            const { canRemove } = request.server.plugins.pipelines;
+
+            const pipelineTemplate = await pipelineTemplateFactory.get({ namespace, name });
+
+            if (!pipelineTemplate) {
+                throw boom.notFound(`PipelineTemplate ${namespace / name} does not exist`);
+            }
+
+            const [tags, templateVersions] = await Promise.all([
+                pipelineTemplateTagFactory.list({ params: { namespace, name } }),
+                pipelineTemplateVersionFactory.list({ params: { namespace, name } }, pipelineTemplateFactory)
+            ]);
+
+            const canRemoveFlag = await canRemove(credentials, pipelineTemplate, 'admin', request.server.app);
+
+            if (canRemoveFlag) {
+                const templatePromise = pipelineTemplate.remove();
+                const tagPromises = tags.map(tag => tag.remove());
+                const versionPromises = templateVersions.map(version => version.remove());
+
+                await Promise.all([templatePromise, ...tagPromises, ...versionPromises]);
+            }
+
+            return h.response().code(204);
+        },
+        validate: {
+            params: joi.object({
+                namespace: baseSchema.extract('namespace'),
+                name: baseSchema.extract('name')
+            })
+        }
+    }
+});

package/plugins/pipelines/templates/removeTag.js

@@ -0,0 +1,66 @@
+'use strict';
+
+const boom = require('@hapi/boom');
+const joi = require('joi');
+const schema = require('screwdriver-data-schema');
+const baseSchema = schema.models.templateTag.base;
+const metaSchema = schema.models.templateMeta.base;
+
+module.exports = () => ({
+    method: 'DELETE',
+    path: '/pipeline/templates/{namespace}/{name}/tags/{tag}',
+    options: {
+        description: 'Delete a pipeline template tag',
+        notes: 'Delete a specific pipeline template',
+        tags: ['api', 'templates'],
+        auth: {
+            strategies: ['token'],
+            scope: ['build']
+        },
+        handler: async (request, h) => {
+            const {
+                pipelineFactory,
+                pipelineTemplateFactory,
+                pipelineTemplateTagFactory,
+                pipelineTemplateVersionFactory
+            } = request.server.app;
+            const { pipelineId, isPR } = request.auth.credentials;
+            const { name, namespace, tag } = request.params;
+
+            const templateTag = await pipelineTemplateTagFactory.get({ namespace, name, tag });
+
+            if (!templateTag) {
+                throw boom.notFound('PipelineTemplate tag does not exist');
+            }
+
+            const [pipeline, pipelineTemplate] = await Promise.all([
+                pipelineFactory.get(pipelineId),
+                pipelineTemplateVersionFactory.getWithMetadata(
+                    {
+                        namespace,
+                        name,
+                        version: templateTag.version
+                    },
+                    pipelineTemplateFactory
+                )
+            ]);
+
+            // Check for permission
+            if (pipeline.id !== pipelineTemplate.pipelineId || isPR) {
+                throw boom.forbidden('Not allowed to delete this pipeline template tag');
+            }
+
+            // Remove the template tag
+            await templateTag.remove();
+
+            return h.response().code(204);
+        },
+        validate: {
+            params: joi.object({
+                namespace: metaSchema.extract('namespace'),
+                name: metaSchema.extract('name'),
+                tag: baseSchema.extract('tag')
+            })
+        }
+    }
+});

package/plugins/pipelines/templates/removeVersion.js

@@ -0,0 +1,81 @@
+'use strict';
+
+const boom = require('@hapi/boom');
+const joi = require('joi');
+const schema = require('screwdriver-data-schema');
+const baseSchema = schema.models.templateMeta.base;
+const exactVersionSchema = schema.models.pipelineTemplateVersions.base.extract('version');
+
+module.exports = () => ({
+    method: 'DELETE',
+    path: '/pipeline/templates/{namespace}/{name}/versions/{version}',
+    options: {
+        description: 'Delete the specified version of a pipeline template and the tags associated with it',
+        notes: 'Returns null if successful',
+        tags: ['api', 'templates'],
+        auth: {
+            strategies: ['token'],
+            scope: ['build', 'user', '!guest']
+        },
+
+        handler: async (request, h) => {
+            const { namespace, name, version } = request.params;
+            const { credentials } = request.auth;
+
+            const { pipelineTemplateFactory, pipelineTemplateVersionFactory, pipelineTemplateTagFactory } =
+                request.server.app;
+
+            const [templateVersion, tags] = await Promise.all([
+                pipelineTemplateVersionFactory.getWithMetadata({ namespace, name, version }, pipelineTemplateFactory),
+                pipelineTemplateTagFactory.list({ params: { namespace, name, version } })
+            ]);
+
+            if (!templateVersion) {
+                throw boom.notFound(`PipelineTemplate ${namespace}/${name} with version ${version} does not exist`);
+            }
+
+            const { canRemove } = request.server.plugins.pipelines;
+
+            const canRemoveFlag = await canRemove(credentials, templateVersion, 'admin', request.server.app);
+
+            if (canRemoveFlag) {
+                const { latestVersion, templateId } = templateVersion;
+                const removeTemplatePromise = templateVersion.remove();
+                const removeTagPromises = tags.map(tag => tag.remove());
+
+                await Promise.all([removeTemplatePromise, ...removeTagPromises]);
+
+                if (latestVersion === templateVersion.version) {
+                    const templateVersions = await pipelineTemplateVersionFactory.list(
+                        {
+                            params: { templateId },
+                            sort: 'descending',
+                            sortBy: 'createTime',
+                            paginate: { count: 1 }
+                        },
+                        pipelineTemplateFactory
+                    );
+
+                    if (templateVersions.length > 0) {
+                        const templateMeta = await pipelineTemplateFactory.get({ id: templateId });
+
+                        const newLatestTemplateVersion = templateVersions[0];
+
+                        templateMeta.latestVersion = newLatestTemplateVersion.version;
+
+                        await templateMeta.update();
+                    }
+                }
+            }
+
+            return h.response().code(204);
+        },
+        validate: {
+            params: joi.object({
+                namespace: baseSchema.extract('namespace'),
+                name: baseSchema.extract('name'),
+                version: exactVersionSchema
+            })
+        }
+    }
+});