Add basic runners management API
- add feature to list runners - add feature to show runners details - add feature to delete runner - add feature to update runner
This commit is contained in:
parent
e586858eb5
commit
128be3c010
|
@ -22,6 +22,7 @@ module Ci
|
||||||
extend Ci::Model
|
extend Ci::Model
|
||||||
|
|
||||||
LAST_CONTACT_TIME = 5.minutes.ago
|
LAST_CONTACT_TIME = 5.minutes.ago
|
||||||
|
AVAILABLE_SCOPES = ['specific', 'shared', 'active', 'paused', 'online']
|
||||||
|
|
||||||
has_many :builds, class_name: 'Ci::Build'
|
has_many :builds, class_name: 'Ci::Build'
|
||||||
has_many :runner_projects, dependent: :destroy, class_name: 'Ci::RunnerProject'
|
has_many :runner_projects, dependent: :destroy, class_name: 'Ci::RunnerProject'
|
||||||
|
@ -38,6 +39,11 @@ module Ci
|
||||||
scope :online, ->() { where('contacted_at > ?', LAST_CONTACT_TIME) }
|
scope :online, ->() { where('contacted_at > ?', LAST_CONTACT_TIME) }
|
||||||
scope :ordered, ->() { order(id: :desc) }
|
scope :ordered, ->() { order(id: :desc) }
|
||||||
|
|
||||||
|
scope :owned_or_shared, ->(project_id) do
|
||||||
|
joins('LEFT JOIN ci_runner_projects ON ci_runner_projects.runner_id = ci_runners.id')
|
||||||
|
.where("ci_runner_projects.gl_project_id = #{project_id} OR ci_runners.is_shared = true")
|
||||||
|
end
|
||||||
|
|
||||||
acts_as_taggable
|
acts_as_taggable
|
||||||
|
|
||||||
def self.search(query)
|
def self.search(query)
|
||||||
|
|
|
@ -56,5 +56,6 @@ module API
|
||||||
mount Triggers
|
mount Triggers
|
||||||
mount Builds
|
mount Builds
|
||||||
mount Variables
|
mount Variables
|
||||||
|
mount Runners
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -377,6 +377,12 @@ module API
|
||||||
expose :name
|
expose :name
|
||||||
end
|
end
|
||||||
|
|
||||||
|
class RunnerDetails < Runner
|
||||||
|
expose :tag_list
|
||||||
|
expose :version, :revision, :platform, :architecture
|
||||||
|
expose :contacted_at, as: :last_contact
|
||||||
|
end
|
||||||
|
|
||||||
class Build < Grape::Entity
|
class Build < Grape::Entity
|
||||||
expose :id, :status, :stage, :name, :ref, :tag, :coverage
|
expose :id, :status, :stage, :name, :ref, :tag, :coverage
|
||||||
expose :created_at, :started_at, :finished_at
|
expose :created_at, :started_at, :finished_at
|
||||||
|
|
|
@ -0,0 +1,107 @@
|
||||||
|
module API
|
||||||
|
# Runners API
|
||||||
|
class Runners < Grape::API
|
||||||
|
before { authenticate! }
|
||||||
|
|
||||||
|
resource :runners do
|
||||||
|
# Get available shared runners
|
||||||
|
#
|
||||||
|
# Example Request:
|
||||||
|
# GET /runners
|
||||||
|
get do
|
||||||
|
runners =
|
||||||
|
if current_user.is_admin?
|
||||||
|
Ci::Runner.all
|
||||||
|
else
|
||||||
|
current_user.ci_authorized_runners
|
||||||
|
end
|
||||||
|
|
||||||
|
runners = filter_runners(runners, params[:scope])
|
||||||
|
present paginate(runners), with: Entities::Runner
|
||||||
|
end
|
||||||
|
|
||||||
|
get ':id' do
|
||||||
|
runner = get_runner(params[:id])
|
||||||
|
can_show_runner?(runner) unless current_user.is_admin?
|
||||||
|
|
||||||
|
present runner, with: Entities::RunnerDetails
|
||||||
|
end
|
||||||
|
|
||||||
|
put ':id' do
|
||||||
|
runner = get_runner(params[:id])
|
||||||
|
can_update_runner?(runner) unless current_user.is_admin?
|
||||||
|
|
||||||
|
attrs = attributes_for_keys [:description, :active, :tag_list]
|
||||||
|
if runner.update(attrs)
|
||||||
|
present runner, with: Entities::RunnerDetails
|
||||||
|
else
|
||||||
|
render_validation_error!(runner)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
delete ':id' do
|
||||||
|
runner = get_runner(params[:id])
|
||||||
|
can_delete_runner?(runner)
|
||||||
|
runner.destroy!
|
||||||
|
|
||||||
|
present runner, with: Entities::RunnerDetails
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
resource :projects do
|
||||||
|
before { authorize_admin_project }
|
||||||
|
|
||||||
|
# Get runners available for project
|
||||||
|
#
|
||||||
|
# Example Request:
|
||||||
|
# GET /projects/:id/runners
|
||||||
|
get ':id/runners' do
|
||||||
|
runners = filter_runners(Ci::Runner.owned_or_shared(user_project.id), params[:scope])
|
||||||
|
present paginate(runners), with: Entities::Runner
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
helpers do
|
||||||
|
def filter_runners(runners, scope)
|
||||||
|
return runners unless scope.present?
|
||||||
|
|
||||||
|
available_scopes = ::Ci::Runner::AVAILABLE_SCOPES
|
||||||
|
unless (available_scopes && scope).empty?
|
||||||
|
runners.send(scope)
|
||||||
|
else
|
||||||
|
render_api_error!('Scope contains invalid value', 400)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def get_runner(id)
|
||||||
|
runner = Ci::Runner.find(id)
|
||||||
|
not_found!('Runner') unless runner
|
||||||
|
runner
|
||||||
|
end
|
||||||
|
|
||||||
|
def can_show_runner?(runner)
|
||||||
|
return true if runner.is_shared
|
||||||
|
forbidden!("Can't show runner's details - no access granted") unless user_can_access_runner?(runner)
|
||||||
|
end
|
||||||
|
|
||||||
|
def can_update_runner?(runner)
|
||||||
|
return true if current_user.is_admin?
|
||||||
|
forbidden!("Can't update shared runner") if runner.is_shared?
|
||||||
|
forbidden!("Can't update runner - no access granted") unless user_can_access_runner?(runner)
|
||||||
|
end
|
||||||
|
|
||||||
|
def can_delete_runner?(runner)
|
||||||
|
return true if current_user.is_admin?
|
||||||
|
forbidden!("Can't delete shared runner") if runner.is_shared?
|
||||||
|
forbidden!("Can't delete runner - associated with more than one project") if runner.projects.count > 1
|
||||||
|
forbidden!("Can't delete runner - no access granted") unless user_can_access_runner?(runner)
|
||||||
|
end
|
||||||
|
|
||||||
|
def user_can_access_runner?(runner)
|
||||||
|
runner.projects.inject(false) do |final, project|
|
||||||
|
final ||= abilities.allowed?(current_user, :admin_project, project)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -0,0 +1,278 @@
|
||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
describe API::API, api: true do
|
||||||
|
include ApiHelpers
|
||||||
|
|
||||||
|
let(:admin) { create(:user, :admin) }
|
||||||
|
let(:user) { create(:user) }
|
||||||
|
let(:user2) { create(:user) }
|
||||||
|
let!(:project) { create(:project, creator_id: user.id) }
|
||||||
|
let!(:project2) { create(:project, creator_id: user.id) }
|
||||||
|
let!(:master) { create(:project_member, user: user, project: project, access_level: ProjectMember::MASTER) }
|
||||||
|
let!(:developer) { create(:project_member, user: user2, project: project, access_level: ProjectMember::REPORTER) }
|
||||||
|
let!(:shared_runner) { create(:ci_shared_runner, tag_list: ['mysql', 'ruby'], active: true) }
|
||||||
|
let!(:specific_runner) { create(:ci_specific_runner, tag_list: ['mysql', 'ruby']) }
|
||||||
|
let!(:specific_runner_project) { create(:ci_runner_project, runner: specific_runner, project: project) }
|
||||||
|
let!(:specific_runner2) { create(:ci_specific_runner) }
|
||||||
|
let!(:specific_runner2_project) { create(:ci_runner_project, runner: specific_runner2, project: project2) }
|
||||||
|
let!(:unused_specific_runner) { create(:ci_specific_runner) }
|
||||||
|
let!(:two_projects_runner) { create(:ci_specific_runner) }
|
||||||
|
let!(:two_projects_runner_project) { create(:ci_runner_project, runner: two_projects_runner, project: project) }
|
||||||
|
let!(:two_projects_runner_project2) { create(:ci_runner_project, runner: two_projects_runner, project: project2) }
|
||||||
|
|
||||||
|
describe 'GET /runners' do
|
||||||
|
context 'authorized user with admin privileges' do
|
||||||
|
it 'should return all runners' do
|
||||||
|
get api('/runners', admin)
|
||||||
|
shared = false || json_response.map{ |r| r['is_shared'] }.inject{ |sum, shr| sum || shr}
|
||||||
|
|
||||||
|
expect(response.status).to eq(200)
|
||||||
|
expect(json_response).to be_an Array
|
||||||
|
expect(shared).to be_truthy
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should filter runners by scope' do
|
||||||
|
get api('/runners?scope=specific', admin)
|
||||||
|
shared = false || json_response.map{ |r| r['is_shared'] }.inject{ |sum, shr| sum || shr}
|
||||||
|
|
||||||
|
expect(response.status).to eq(200)
|
||||||
|
expect(json_response).to be_an Array
|
||||||
|
expect(shared).to be_falsey
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'authorized user without admin privileges' do
|
||||||
|
it 'should return user available runners' do
|
||||||
|
get api('/runners', user)
|
||||||
|
shared = false || json_response.map{ |r| r['is_shared'] }.inject{ |sum, shr| sum || shr}
|
||||||
|
|
||||||
|
expect(response.status).to eq(200)
|
||||||
|
expect(json_response).to be_an Array
|
||||||
|
expect(shared).to be_falsey
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'unauthorized user' do
|
||||||
|
it 'should not return runners' do
|
||||||
|
get api('/runners')
|
||||||
|
|
||||||
|
expect(response.status).to eq(401)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'GET /runners/:id' do
|
||||||
|
context 'admin user' do
|
||||||
|
it "should return runner's details" do
|
||||||
|
get api("/runners/#{specific_runner.id}", admin)
|
||||||
|
|
||||||
|
expect(response.status).to eq(200)
|
||||||
|
expect(json_response['description']).to eq(specific_runner.description)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "should return shared runner's details" do
|
||||||
|
get api("/runners/#{shared_runner.id}", admin)
|
||||||
|
|
||||||
|
expect(response.status).to eq(200)
|
||||||
|
expect(json_response['description']).to eq(shared_runner.description)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should return 404 if runner does not exists' do
|
||||||
|
get api('/runners/9999', admin)
|
||||||
|
|
||||||
|
expect(response.status).to eq(404)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context "runner project's administrative user" do
|
||||||
|
it "should return runner's details" do
|
||||||
|
get api("/runners/#{specific_runner.id}", user)
|
||||||
|
|
||||||
|
expect(response.status).to eq(200)
|
||||||
|
expect(json_response['description']).to eq(specific_runner.description)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "should return shared runner's details" do
|
||||||
|
get api("/runners/#{shared_runner.id}", user)
|
||||||
|
|
||||||
|
expect(response.status).to eq(200)
|
||||||
|
expect(json_response['description']).to eq(shared_runner.description)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'other authorized user' do
|
||||||
|
it "should not return runner's details" do
|
||||||
|
get api("/runners/#{specific_runner.id}", user2)
|
||||||
|
|
||||||
|
expect(response.status).to eq(403)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'unauthorized user' do
|
||||||
|
it "should not return runner's details" do
|
||||||
|
get api("/runners/#{specific_runner.id}")
|
||||||
|
|
||||||
|
expect(response.status).to eq(401)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'PUT /runners/:id' do
|
||||||
|
context 'admin user' do
|
||||||
|
it 'should update shared runner' do
|
||||||
|
description = shared_runner.description
|
||||||
|
active = shared_runner.active
|
||||||
|
tag_list = shared_runner.tag_list
|
||||||
|
put api("/runners/#{shared_runner.id}", admin), description: "#{description}_updated", active: !active,
|
||||||
|
tag_list: ['ruby2.1', 'pgsql', 'mysql']
|
||||||
|
shared_runner.reload
|
||||||
|
|
||||||
|
expect(response.status).to eq(200)
|
||||||
|
expect(shared_runner.description).not_to eq(description)
|
||||||
|
expect(shared_runner.active).not_to eq(active)
|
||||||
|
expect(shared_runner.tag_list).not_to eq(tag_list)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should update specific runner' do
|
||||||
|
description = specific_runner.description
|
||||||
|
put api("/runners/#{specific_runner.id}", admin), description: 'test'
|
||||||
|
specific_runner.reload
|
||||||
|
|
||||||
|
expect(response.status).to eq(200)
|
||||||
|
expect(specific_runner.description).to eq('test')
|
||||||
|
expect(specific_runner.description).not_to eq(description)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should return 404 if runner does not exists' do
|
||||||
|
put api('/runners/9999', admin), description: 'test'
|
||||||
|
|
||||||
|
expect(response.status).to eq(404)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'authorized user' do
|
||||||
|
it 'should not update shared runner' do
|
||||||
|
put api("/runners/#{shared_runner.id}", user), description: 'test'
|
||||||
|
|
||||||
|
expect(response.status).to eq(403)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should not update specific runner without access to' do
|
||||||
|
put api("/runners/#{specific_runner.id}", user2), description: 'test'
|
||||||
|
|
||||||
|
expect(response.status).to eq(403)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should update specific runner' do
|
||||||
|
description = specific_runner.description
|
||||||
|
put api("/runners/#{specific_runner.id}", admin), description: 'test'
|
||||||
|
specific_runner.reload
|
||||||
|
|
||||||
|
expect(response.status).to eq(200)
|
||||||
|
expect(specific_runner.description).to eq('test')
|
||||||
|
expect(specific_runner.description).not_to eq(description)
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'unauthorized user' do
|
||||||
|
it 'should not delete runner' do
|
||||||
|
put api("/runners/#{specific_runner.id}"), description: 'test'
|
||||||
|
|
||||||
|
expect(response.status).to eq(401)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'DELETE /runners/:id' do
|
||||||
|
context 'admin user' do
|
||||||
|
it 'should delete shared runner' do
|
||||||
|
expect do
|
||||||
|
delete api("/runners/#{shared_runner.id}", admin)
|
||||||
|
end.to change{ Ci::Runner.shared.count }.by(-1)
|
||||||
|
expect(response.status).to eq(200)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should delete unused specific runner' do
|
||||||
|
expect do
|
||||||
|
delete api("/runners/#{unused_specific_runner.id}", admin)
|
||||||
|
end.to change{ Ci::Runner.specific.count }.by(-1)
|
||||||
|
expect(response.status).to eq(200)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should delete used specific runner' do
|
||||||
|
expect do
|
||||||
|
delete api("/runners/#{specific_runner.id}", admin)
|
||||||
|
end.to change{ Ci::Runner.specific.count }.by(-1)
|
||||||
|
expect(response.status).to eq(200)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should return 404 if runner does not exists' do
|
||||||
|
delete api('/runners/9999', admin)
|
||||||
|
|
||||||
|
expect(response.status).to eq(404)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'authorized user' do
|
||||||
|
it 'should not delete shared runner' do
|
||||||
|
delete api("/runners/#{shared_runner.id}", user)
|
||||||
|
expect(response.status).to eq(403)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should not delete runner without access to' do
|
||||||
|
delete api("/runners/#{specific_runner.id}", user2)
|
||||||
|
expect(response.status).to eq(403)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should not delete runner with more than one associated project' do
|
||||||
|
delete api("/runners/#{two_projects_runner.id}", user)
|
||||||
|
expect(response.status).to eq(403)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should delete runner for one owned project' do
|
||||||
|
expect do
|
||||||
|
delete api("/runners/#{specific_runner.id}", user)
|
||||||
|
end.to change{ Ci::Runner.specific.count }.by(-1)
|
||||||
|
expect(response.status).to eq(200)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'unauthorized user' do
|
||||||
|
it 'should not delete runner' do
|
||||||
|
delete api("/runners/#{specific_runner.id}")
|
||||||
|
|
||||||
|
expect(response.status).to eq(401)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'GET /projects/:id/runners' do
|
||||||
|
context 'authorized user with master privileges' do
|
||||||
|
it "should return project's runners" do
|
||||||
|
get api("/projects/#{project.id}/runners", user)
|
||||||
|
shared = false || json_response.map{ |r| r['is_shared'] }.inject{ |sum, shr| sum || shr}
|
||||||
|
|
||||||
|
expect(response.status).to eq(200)
|
||||||
|
expect(json_response).to be_an Array
|
||||||
|
expect(shared).to be_truthy
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'authorized user without master privileges' do
|
||||||
|
it "should not return project's runners" do
|
||||||
|
get api("/projects/#{project.id}/runners", user2)
|
||||||
|
|
||||||
|
expect(response.status).to eq(403)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'unauthorized user' do
|
||||||
|
it "should not return project's runners" do
|
||||||
|
get api("/projects/#{project.id}/runners")
|
||||||
|
|
||||||
|
expect(response.status).to eq(401)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in New Issue