feat(api): Repurpose submitter

After we decided that giving superprivileges subtokens is bad idea, we can reuse "submitter" for pipeline API, to identify if node origin is pipeline service, or it is user submission (retry, patchset, etc). This might help to filter some of nodes from going to kcidb, for example. Signed-off-by: Denys Fedoryshchenko <[email protected]>
JenySadadia · Aug 30, 2024 · abf2609 · abf2609
1 parent ce9ea25
commit abf2609
Showing 1 changed file with 12 additions and 15 deletions.
diff --git a/api/main.py b/api/main.py
@@ -10,7 +10,6 @@
 
 import os
 import re
-import hashlib
 from typing import List, Union, Optional
 from fastapi import (
     Depends,
@@ -317,17 +316,6 @@ async def authorize_user(node_id: str,
     return user
 
 
-def calculate_submitter(hdr: str):
-    """Calculate submitter hash from Auth header token"""
-    token = hdr.split(' ')[1]
-    if not token:
-        raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST,
-            detail="Token not provided"
-        )
-    return hashlib.md5(token.encode()).hexdigest()
-
-
 @app.get('/users', response_model=PageModel, tags=["user"],
          response_model_exclude={"items": {"__all__": {
                                     "hashed_password"}}})
@@ -584,8 +572,9 @@ async def post_node(node: Node,
 
     await _verify_user_group_existence(node.user_groups)
     node.owner = current_user.username
-    # Subtract 'Bearer ' from the token
-    node.submitter = calculate_submitter(authorization)
+    # if node.submitter is not set, set it to "pipeline"
+    if not node.submitter:
+        node.submitter = "service:pipeline"
 
     # The node is handled as a generic Node by the DB, regardless of its
     # specific kind. The concrete Node submodel (Kbuild, Checkout, etc.)
@@ -661,7 +650,15 @@ async def put_nodes(
         user: str = Depends(authorize_user)):
     """Add a hierarchy of nodes to an existing root node"""
     nodes.node.id = ObjectId(node_id)
-    submitter = calculate_submitter(authorization)
+    # Retrieve the root node from the DB and submitter
+    node_from_id = await db.find_by_id(Node, node_id)
+    if not node_from_id:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Node not found with id: {node_id}"
+        )
+    submitter = node_from_id.submitter
+
     await _set_node_ownership_recursively(user, nodes, submitter)
     obj_list = await db.create_hierarchy(nodes, Node)
     data = _get_node_event_data('updated', obj_list[0], True)