Add support for job allowed-projects In order to allow users to create jobs which are only available to run on certain projects, add an 'allowed-projects' attribute to jobs. This is especially useful for jobs with secrets. For example, consider a job which performs external API testing with credentials. The user defining that job may well want to restrict its use to a single project. Change-Id: I4457842ea293baf20b83f7b8b86fba2b7d26d2be

commit: b3f5db1de3ec3359594c570ba6b4850ca4c4b57e [log] [tgz]
author: James E. Blair <jeblair@redhat.com> Fri Mar 17 12:57:39 2017 -0700
committer: James E. Blair <jeblair@redhat.com> Wed Mar 29 12:44:46 2017 -0700
tree: d388a07fe5c879edc21cec504e36f20dcdda17b6
parent: 717e8e928d21211fb40fa564b1288dc3b44854cb [diff] [blame]
diff --git a/tests/unit/test_model.py b/tests/unit/test_model.py
index 45176fa..fc2757c 100644
--- a/tests/unit/test_model.py
+++ b/tests/unit/test_model.py

@@ -27,11 +27,24 @@
 from tests.base import BaseTestCase, FIXTURE_DIR
 
 
+class FakeSource(object):
+    def __init__(self, name):
+        self.name = name
+
+
 class TestJob(BaseTestCase):
 
     def setUp(self):
         super(TestJob, self).setUp()
-        self.project = model.Project('project', None)
+        self.tenant = model.Tenant('tenant')
+        self.layout = model.Layout()
+        self.project = model.Project('project', 'connection')
+        self.source = FakeSource('connection')
+        self.tenant.addProjectRepo(self.source, self.project)
+        self.pipeline = model.Pipeline('gate', self.layout)
+        self.layout.addPipeline(self.pipeline)
+        self.queue = model.ChangeQueue(self.pipeline)
+
         private_key_file = os.path.join(FIXTURE_DIR, 'private.pem')
         with open(private_key_file, "rb") as f:
             self.project.private_key, self.project.public_key = \
@@ -566,6 +579,43 @@
                 "to shadow job base in base_project"):
             layout.addJob(base2)
 
+    def test_job_allowed_projects(self):
+        job = configloader.JobParser.fromYaml(self.tenant, self.layout, {
+            '_source_context': self.context,
+            '_start_mark': self.start_mark,
+            'name': 'job',
+            'allowed-projects': ['project'],
+        })
+        self.layout.addJob(job)
+
+        project2 = model.Project('project2', None)
+        context2 = model.SourceContext(project2, 'master',
+                                       'test', True)
+
+        project2_config = configloader.ProjectParser.fromYaml(
+            self.tenant, self.layout, [{
+                '_source_context': context2,
+                '_start_mark': self.start_mark,
+                'name': 'project2',
+                'gate': {
+                    'jobs': [
+                        'job'
+                    ]
+                }
+            }]
+        )
+        self.layout.addProjectConfig(project2_config)
+
+        change = model.Change(project2)
+        # Test master
+        change.branch = 'master'
+        item = self.queue.enqueueChange(change)
+        item.current_build_set.layout = self.layout
+        with testtools.ExpectedException(
+                Exception,
+                "Project project2 is not allowed to run job job"):
+            item.freezeJobGraph()
+
 
 class TestJobTimeData(BaseTestCase):
     def setUp(self):
commit	b3f5db1de3ec3359594c570ba6b4850ca4c4b57e	[log] [tgz]
author	James E. Blair <jeblair@redhat.com>	Fri Mar 17 12:57:39 2017 -0700
committer	James E. Blair <jeblair@redhat.com>	Wed Mar 29 12:44:46 2017 -0700
tree	d388a07fe5c879edc21cec504e36f20dcdda17b6
parent	717e8e928d21211fb40fa564b1288dc3b44854cb [diff] [blame]