diff --git a/docs/source/plugins.rst b/docs/source/plugins.rst index 5a0f92f9..be760f1d 100644 --- a/docs/source/plugins.rst +++ b/docs/source/plugins.rst @@ -122,8 +122,12 @@ Example for `/etc/koji-hub/hub.conf`: match action block && is_sidetag_owner :: allow all :: deny -There are two special policy tests `is_sidetag` and `is_sidetag_owner` with -expectable behaviour. +There are two special policy tests ``is_sidetag`` and ``is_sidetag_owner`` with +expectable behaviour. ``is_sidetag_owner`` can handle optional +``tag``/``fromtag``/``both`` keywords which specify data to be tested. Default +is testing ``tag`` in policy data, ``fromtag`` can test this field (e.g. in +``untagBuild`` case) and ``both`` fails if any of the involved tags is not owned +by sidetag owner. Now Sidetag Koji plugin should be installed. To verify that, run `koji list-api` command -- it should now display `createSideTag` diff --git a/plugins/hub/sidetag_hub.py b/plugins/hub/sidetag_hub.py index 6f3a7302..bb910ed1 100644 --- a/plugins/hub/sidetag_hub.py +++ b/plugins/hub/sidetag_hub.py @@ -65,9 +65,27 @@ class SidetagOwnerTest(koji.policy.MatchTest): name = 'is_sidetag_owner' def run(self, data): + values = self.str.split()[1:] + if len(values) > 1: + raise koji.GenericError("Just one argument is allowed for this test.") + elif values: + value = values[0] + if value not in ('tag', 'fromtag', 'both'): + raise koji.GenericError("Policy test is_sidetag_owner has only " + f"/tag/fromtag/both options (got {value})") + if value == 'both': + values = ['tag', 'fromtag'] + else: + values = ['tag'] + user = policy_get_user(data) - tag = get_tag(data['tag']) - return is_sidetag_owner(tag, user) + for value in values: + if value not in data: + return False + tag = get_tag(value) + if not tag or not is_sidetag_owner(tag, user): + return False + return True # API calls