Merge pull request #104 from Mic92/authz-fix

fix users not beeing able to restart virtual builders
2024-03-07 23:00:18 +01:00 · 2024-03-07 23:00:18 +01:00 · e9ad9978f0
parent c40326340a 35c3fb64c8
commit e9ad9978f0
1 changed files with 15 additions and 3 deletions
--- a/buildbot_nix/init.py
+++ b/buildbot_nix/init.py
@ -1,6 +1,7 @@
 import json
 import multiprocessing
 import os
+import re
 import signal
 import sys
 import uuid
@ -677,6 +678,16 @@ def config_for_project(
    )


+def normalize_virtual_builder_name(name: str) -> str:
+    if name.startswith("github:"):
+        # rewrites github:nix-community/srvos#checks.aarch64-linux.nixos-stable-example-hardware-hetzner-online-intel -> nix-community/srvos/nix-build
+        match = re.match(r"github:(?P<owner>[^/]+)/(?P<repo>[^#]+)#.+", name)
+        if match:
+            return f"{match['owner']}/{match['repo']}/nix-build"
+
+    return name
+
+
 class AnyProjectEndpointMatcher(EndpointMatcherBase):
    def __init__(self, builders: set[str] | None = None, **kwargs: Any) -> None:
        if builders is None:
@ -696,10 +707,11 @@ class AnyProjectEndpointMatcher(EndpointMatcherBase):
            return None

        builder = yield self.master.data.get(("builders", res["builderid"]))
-        if builder["name"] in self.builders:
+        builder_name = normalize_virtual_builder_name(builder["name"])
+        if builder_name in self.builders:
            log.warn(
                "Builder {builder} allowed by {role}: {builders}",
-                builder=builder["name"],
+                builder=builder_name,
                role=self.role,
                builders=self.builders,
            )
@ -707,7 +719,7 @@ class AnyProjectEndpointMatcher(EndpointMatcherBase):
        else:
            log.warn(
                "Builder {builder} not allowed by {role}: {builders}",
-                builder=builder["name"],
+                builder=builder_name,
                role=self.role,
                builders=self.builders,
            )