Gitiles
Code Review Sign In
gerrit.cesnet.cz / github / openstack-infra / zuul / 8eb564af4bcf3ac9e529810a16298871ace688f1^! / . / tests / unit
commit8eb564af4bcf3ac9e529810a16298871ace688f1[log] [tgz]
authorJames E. Blair <jeblair@redhat.com>Thu Aug 10 09:21:41 2017 -0700
committerJames E. Blair <jeblair@redhat.com>Fri Aug 11 10:40:48 2017 -0700
tree47bf48324b0789e935c0bdc1219f0f07132d971a
parent8316762e1de357d8e51333e1ae0f870c0a392a71 [diff]
Rename allow-secrets to post-review

Since jobs which use secrets in the trusted execution context are
always allowed, the name of this attribute was confusing.  By renaming
it to 'post-review' (and the corresponding job attribute to
'post-review') we indicate what the actual concern is.

Change-Id: I59607621d5b99508b94074133bfc67e64e708a7d

diff --git a/tests/unit/test_model.py b/tests/unit/test_model.py
index 9cc7195..ce30e7c 100644
--- a/tests/unit/test_model.py
+++ b/tests/unit/test_model.py

@@ -461,16 +461,16 @@
                 })
         layout.addJob(untrusted_secrets_untrusted_child_job)
 
-        self.assertIsNone(trusted_secrets_job.untrusted_secrets)
-        self.assertTrue(untrusted_secrets_job.untrusted_secrets)
+        self.assertIsNone(trusted_secrets_job.post_review)
+        self.assertTrue(untrusted_secrets_job.post_review)
         self.assertIsNone(
-            trusted_secrets_trusted_child_job.untrusted_secrets)
+            trusted_secrets_trusted_child_job.post_review)
         self.assertIsNone(
-            trusted_secrets_untrusted_child_job.untrusted_secrets)
+            trusted_secrets_untrusted_child_job.post_review)
         self.assertTrue(
-            untrusted_secrets_trusted_child_job.untrusted_secrets)
+            untrusted_secrets_trusted_child_job.post_review)
         self.assertTrue(
-            untrusted_secrets_untrusted_child_job.untrusted_secrets)
+            untrusted_secrets_untrusted_child_job.post_review)
 
         self.assertEqual(trusted_secrets_job.implied_run[0].secrets[0].name,
                          'trusted-secret')
@@ -697,15 +697,15 @@
                 "Project project2 is not allowed to run job job"):
             item.freezeJobGraph()
 
-    def test_job_pipeline_allow_secrets(self):
-        self.pipeline.allow_secrets = False
+    def test_job_pipeline_allow_untrusted_secrets(self):
+        self.pipeline.post_review = False
         job = configloader.JobParser.fromYaml(self.tenant, self.layout, {
             '_source_context': self.context,
             '_start_mark': self.start_mark,
             'name': 'job',
             'parent': None,
         })
-        job.untrusted_secrets = True
+        job.post_review = True
 
         self.layout.addJob(job)
 
@@ -730,7 +730,7 @@
         item.current_build_set.layout = self.layout
         with testtools.ExpectedException(
                 Exception,
-                "Pipeline gate does not allow jobs with secrets"):
+                "Pre-review pipeline gate does not allow post-review job"):
             item.freezeJobGraph()
 
 

diff --git a/tests/unit/test_scheduler.py b/tests/unit/test_scheduler.py
index 960a922..97d53e0 100755
--- a/tests/unit/test_scheduler.py
+++ b/tests/unit/test_scheduler.py

@@ -2827,7 +2827,7 @@
 
         self.assertHistory([])
         self.assertEqual(A.patchsets[0]['approvals'][0]['value'], "-1")
-        self.assertIn('does not allow jobs with secrets',
+        self.assertIn('does not allow post-review job',
                       A.messages[0])
 
     @simple_layout('layouts/tags.yaml')