Commit graph

1160 commits

Author SHA1 Message Date
Cole Helbling f1dd5d202e Jobsets: update schema to align with the API
To further align with the API, we return custom JSON in order to display a
`visible` field rather than `hidden` -- a `PUT` request expects `visible`, while
a `GET` request returns `hidden`.

This also allows us to rename the `jobsetinputs` field to `inputs` for the same
reason: `PUT` expects `inputs`, while `GET` returns `jobsetinputs`.
2021-04-29 07:50:23 -04:00
Cole Helbling d23f431889 JobsetInputs: update schema to align with the API
`PUT /jobsets/{project-id}/{jobset-id}` expects a JSON object `inputs` which
maps a name to a name, a type, a value, and a boolean that enables emailing
responsible parties. However, `GET /jobsets/{project-id}/{jobset-id}` responds
with an object that doesn't contain a value, but does contain a jobsetinputalts
(which is old and should be unused).

This commit aligns the two by removing the old and unused `jobsetinputalts` from
the response and replaces it with `value`.
2021-04-29 07:50:23 -04:00
Cole Helbling fff0db10e3 ToJSON: allow custom as_json function
This allows us to modify what the API responds with, which in turn lets us unify
the OpenAPI specification and the actual API's responses.
2021-04-29 07:50:23 -04:00
Graham Christensen fdb6e7dd97 fixup: return the user entity on login 2021-04-28 18:30:35 -04:00
Graham Christensen 725c9c2f81
login: redirect to the current-user page 2021-04-28 08:32:10 -07:00
Graham Christensen d589db2ed9
login: missing parameters are 400s 2021-04-28 08:31:59 -07:00
Cole Helbling 72fec31dbb
hydra-api: flesh out JobsetInput schema 2021-04-27 16:16:42 -07:00
Cole Helbling 2600810551
hydra-api: flesh out Jobset schema
* made all columns available via the API (except for forceeval)
* renamed flakeref to flake to unify the API with the database schema
* renamed inputs to jobsetinputs to unify the API with the database schema
2021-04-27 16:16:42 -07:00
Cole Helbling 50fab154a4
ToJSON: serialize string_columns to JSON
If the column is undefined, then it should be an empty string according to your
API spec.
2021-04-26 16:39:13 -07:00
Graham Christensen f2b9649bf2
Projects: serialize enabled and hidden as boolean 2021-04-26 16:03:32 -07:00
Graham Christensen 4aea02e1e1
ToJSON: serialize boolean_columns to JSON boolean 2021-04-26 16:03:32 -07:00
Cole Helbling c757867b9e
Add homepage to Projects schema 2021-04-26 15:46:30 -07:00
Graham Christensen 453b8479be
Merge pull request #927 from cole-h/nonexistent-user-400
Return HTTP 400 when creating Project with nonexistent user
2021-04-26 14:40:15 -04:00
Cole Helbling 47e19ba22c
Return HTTP 400 when creating Project with nonexistent user 2021-04-26 11:32:39 -07:00
Maximilian Bosch 21ed005c84
Make it possible to enable email notifications when creating a jobset
The checkbox is only enabled if `email_notification = 1` is set in
`hydra.conf`. However, when creating jobset (in contrast to the edit
form), the checkbox is always disabled because the `emailNotification`
parameter in Catalyst's stash was missing.
2021-04-24 19:48:43 +02:00
Graham Christensen 79b0ddc27d hydra-create-user: re-hash sha1 as Argon2 2021-04-16 12:32:13 -04:00
Graham Christensen d10d8964f2 Users: add a validation step which lets the user's password be a Argon2 hashed sha1 hash.
OWASP suggests expiring all passwords and requiring users to update their password.
However, we don't have a way to do this. They suggest this mechanism
as a good alternative:
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#upgrading-legacy-hashes
2021-04-16 12:32:13 -04:00
Graham Christensen 9225be0897 Drop remaining sha1_hex references
Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:35:18 -04:00
Graham Christensen beb5be4302 Users: password changes via the web UI now use Argon2
Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:35:13 -04:00
Graham Christensen 1da70030b7 Users: transparently upgrade passwords to Argon2
Passwords that are sha1 will be transparently upgraded to argon2,
and future comparisons will use Argon2

Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:35:11 -04:00
Graham Christensen 29620df85e Passwords: check in constant time
The default password comparison logic does not use
constant time validation. Switching to constant time
offers a meager improvement by removing a timing
oracle.

A prepatory step in moving to Argon2id password storage, since we'll need this change anyway after
for validating existing passwords.

Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:34:56 -04:00
Graham Christensen d4d8f1ba1b Plugin::Authentication config: modernize
Some time in the last decade the plugin switched to preferring
a flatter namespace for realm config.

Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-04-15 11:34:47 -04:00
Graham Christensen b9bcedbfdb
Merge pull request #596 from kquick/local_inp_url
Update prompt for Local path input to indicate a URL is also valid.
2021-04-14 20:01:58 +00:00
Graham Christensen afd064d19d
Merge pull request #867 from ck3d/fix-proxy-login
Fix login if Hydra runs behind HTTP proxy with sub-path location
2021-04-12 17:36:55 +00:00
Eelco Dolstra 20c1efeb5b
Merge pull request #904 from Ma27/gitea-integration
Add `GiteaStatus`-Plugin
2021-04-08 17:57:38 +02:00
Graham Christensen cc9c91fe12 jobsets: put hidden and enabled jobsets at the end
Allows for generally correct zebra striping
2021-03-31 14:33:20 +00:00
Graham Christensen a46f655c56 root project listing: show hidden projects at the end
Makes the zebra striping correct.
2021-03-31 14:33:20 +00:00
Maximilian Bosch f9f5ab2fb1
Make gitea public URL configurable
Otherwise, it will be obtained from the jobset input that contains the
URL to the git repo to build.
2021-03-30 23:01:36 +02:00
Maximilian Bosch eecea56131
Implement VM-test for gitea plugin 2021-03-30 22:35:39 +02:00
Maximilian Bosch 56997d8e8b
Fix error codes for GiteaStatus plugin
* `failure` if a build error occurred, on e.g. an aborted build send
  `error`.
2021-03-30 14:13:46 +02:00
Maximilian Bosch fef142f13a
Implement simple status notifications for Git repos hosted on gitea 2021-03-30 14:10:21 +02:00
Graham Christensen 6b7ca554f9
Update src/lib/Hydra/Helper/Escape.pm: fewer ()s
Co-authored-by: Stig <stig@stig.io>
2021-03-18 16:27:21 -04:00
Graham Christensen 019aef3d41
Test the fake derivations channel, asserting nested packages are properly represented.
This is a breaking change. Previously, packages named `packageset.foo`
would be exposed in the fake derivation channel as `packageset-foo`.

Presumably this was done to avoid needing to track attribute sets, and
to avoid the complexity. I think this now correctly handles the
complexity and properly mirrors the input expressions layout.
2021-03-18 11:33:37 -04:00
Graham Christensen 88e0198a8e
Create a helper for dealing with nested attribute sets 2021-03-18 11:33:36 -04:00
Graham Christensen d62a2c1657
NixExprs: extract the escape function and test it 2021-03-18 11:24:17 -04:00
Graham Christensen b9fb66401b
Merge pull request #880 from grahamc/runcommand-finished-bool
RunCommand: emit the `finished` field as a boolean
2021-03-09 09:58:43 -05:00
Graham Christensen 2179b4b4b0
RunCommand: emit the finished field as a boolean 2021-03-08 12:11:20 -05:00
Matej Cotman a551fba346
statsd: add a chance to set hostname and port in hydra.conf
Co-authored-by: Graham Christensen <graham@grahamc.com>
2021-03-08 10:03:16 -05:00
Graham Christensen a756614fa1
RunCommand: pass homepage, description, license, system, and nixname 2021-02-24 16:13:09 -05:00
Eelco Dolstra a39b479280
Merge pull request #866 from Infinisil/github-status-flakes
Fix Github status plugin for flakes
2021-02-16 17:00:46 +01:00
Christian Kögler 150213cbb3 Fix login if Hydra runs behind HTTP proxy with sub-path location 2021-02-07 19:18:29 +01:00
Silvan Mosberger 58dd7f9ed3
Fix Github status plugin for flakes
If the root flake is a github: one, github status notifications are sent
to it. The githubstatus->inputs configuration isn't used for flakes.
2021-02-06 00:02:30 +01:00
Graham Christensen bc12fe19f9
Merge pull request #855 from grahamc/jobsetevals-fixups
JobsetEvals: fixup permission references
2021-02-02 11:04:18 -05:00
Graham Christensen 6de9c6540c
Merge pull request #858 from Infinisil/fix-declarative-flakes
Fix transition from declarative non-flake to flake jobset
2021-02-02 11:04:05 -05:00
Graham Christensen f1e75c8bff
Move evaluation errors from evaluations to EvaluationErrors, a new table
DBIx likes to eagerly select all columns without a way to really tell
it so. Therefore, this splits this one large column in to its own
table.

I'd also like to make "jobsets" use this table too, but that is on hold
to stop the bleeding caused by the extreme amount of traffic this is
causing.
2021-02-01 21:33:14 -05:00
Silvan Mosberger 1d45b63516
Fix transition from declarative non-flake to flake jobset
The database has these constraints:

    check ((type = 0) = (nixExprInput is not null and nixExprPath is not null)),
    check ((type = 1) = (flake is not null)),

which prevented switching to flakes in a declarative jobspec, since the
nixexpr{path,input} fields were not nulled in such an update

Co-Authored-By: Graham Christensen <graham@grahamc.com>
2021-02-01 18:57:40 +01:00
Graham Christensen 8d7bfe1706
JobsetEvals: fixup permission references
Going from an eval to a project now requires hopping through the jobset
2021-02-01 10:31:05 -05:00
Graham Christensen 91e63fb7da
search: limit queries to 20s
Even 20s is really long, but it cuts off queries which are today
running for 500+s.
2021-01-30 11:51:20 -05:00
Graham Christensen 4f308b1f2f
search: limit results to 50, default to 10
This search query is pretty heavy. Defaulting to 500 has caused
Hydra's web UI to appear to be down. Since 500 can take it down, users
probably shouldn't be allowed t ask for that many.
2021-01-30 08:37:57 -05:00
Graham Christensen 54b8cb188e
perl: jobsetevals -> jobset via by jobset_id
Frankly, this was suspiciously little work.
2021-01-26 13:51:39 -05:00