diff options
| author | Tobias Henkel <tobias.henkel@bmw.de> | 2017-11-26 20:27:59 +0100 |
|---|---|---|
| committer | Tobias Henkel <tobias.henkel@bmw.de> | 2017-12-15 19:31:02 +0100 |
| commit | 130b00064f035d2f99dc7eec57f7781bfc3bd555 (patch) | |
| tree | ff8a9a3f4d3ebffd11fe88ad2cac498a51764519 /zuul/model.py | |
| parent | efd8e827791c513a181d4b5dde149a65f8e60131 (diff) | |
| download | zuul-130b00064f035d2f99dc7eec57f7781bfc3bd555.tar.gz | |
Add support for protected jobs
For some use cases protected jobs can be useful. Protected jobs can
only be inherited by jobs defined in the same project. This adds
support for these protected jobs.
Change-Id: I62a8ecbbfa9eec54ab599bb34148976dcabfd40a
Diffstat (limited to 'zuul/model.py')
| -rw-r--r-- | zuul/model.py | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/zuul/model.py b/zuul/model.py index 56d08a16f..04df7a80f 100644 --- a/zuul/model.py +++ b/zuul/model.py @@ -843,6 +843,7 @@ class Job(object): semaphore=None, attempts=3, final=False, + protected=None, roles=(), required_projects={}, allowed_projects=None, @@ -860,6 +861,7 @@ class Job(object): inheritance_path=(), parent_data=None, description=None, + protected_origin=None, ) self.inheritable_attributes = {} @@ -1037,12 +1039,21 @@ class Job(object): for k in self.execution_attributes: if (other._get(k) is not None and - k not in set(['final'])): + k not in set(['final', 'protected'])): if self.final: raise Exception("Unable to modify final job %s attribute " "%s=%s with variant %s" % ( repr(self), k, other._get(k), repr(other))) + if self.protected_origin: + # this is a protected job, check origin of job definition + this_origin = self.protected_origin + other_origin = other.source_context.project.canonical_name + if this_origin != other_origin: + raise Exception("Job %s which is defined in %s is " + "protected and cannot be inherited " + "from other projects." + % (repr(self), this_origin)) if k not in set(['pre_run', 'run', 'post_run', 'roles', 'variables', 'required_projects']): # TODO(jeblair): determine if deepcopy is required @@ -1053,6 +1064,17 @@ class Job(object): if other.final != self.attributes['final']: self.final = other.final + # Protected may only be set to true + if other.protected is not None: + # don't allow to reset protected flag + if not other.protected and self.protected_origin: + raise Exception("Unable to reset protected attribute of job" + " %s by job %s" % ( + repr(self), repr(other))) + if not self.protected_origin: + self.protected_origin = \ + other.source_context.project.canonical_name + # We must update roles before any playbook contexts if other._get('roles') is not None: self.addRoles(other.roles) |