#!/usr/bin/env python3 # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. """Selfserve Portal for the Apache Software Foundation""" """Handler for creating a jira project""" if not __debug__: raise RuntimeError("This code requires assert statements to be enabled") from ..lib import middleware, asfuid, email, log, config import quart import re import asyncio import os import json RE_VALID_PROJECT_KEY = re.compile(r"^[A-Z0-9]+$") ACLI_CMD = "/opt/latest-cli/acli.sh" JIRA_SCHEME_FILES = { "workflow": "/x1/acli/site/js/jiraworkflowschemes.json", } async def jira_user_exists(username: str): """Checks if a jira user exists""" proc = await asyncio.create_subprocess_exec( ACLI_CMD, *("jira", "--action", "getUser", "--userId", username, "--quiet"), ) await proc.wait() assert proc.returncode == 0, "Could not find the specified project lead ID in Jira" async def create_jira_project( project_key: str, project_name: str, description: str, project_lead: str, issue_scheme: str, workflow_scheme: str, homepage_url: str, ): """Creates a new jira project""" assert RE_VALID_PROJECT_KEY.match(project_key), "Invalid project key!" proc = await asyncio.create_subprocess_exec( ACLI_CMD, *( "jira", "-v", "--action", "createProject", "--project", project_key, "--name", project_name, "--description", description, "--lead", project_lead, "--issueTypeScheme", issue_scheme, "--workflowScheme", workflow_scheme, "--url", homepage_url, "--notificationScheme", "Empty Scheme", "--permissionScheme", "_Default Permission Scheme_", ), ) await proc.wait() assert proc.returncode == 0, "Could not create new jira project, it may already exist" async def set_project_access(project_key: str, ldap_project: str): """Sets up default permissions for a project""" assert RE_VALID_PROJECT_KEY.match(project_key), "Invalid space name!" assert ( isinstance(ldap_project, str) and ldap_project and ldap_project in config.projects ), "Please specify a valid PMC" # Admin access for PMC proc = await asyncio.create_subprocess_exec( ACLI_CMD, *( "jira", "--action", "addProjectRoleActors", "--project", project_key, "--role", "administrators", "--group", f"{ldap_project}-pmc", ), ) await proc.wait() assert proc.returncode == 0, f"Could not assign administrator access to {ldap_project}-pmc" # Standard access to project committers proc = await asyncio.create_subprocess_exec( ACLI_CMD, *( "jira", "--action", "addProjectRoleActors", "--project", project_key, "--role", "committers", "--group", ldap_project, ), ) await proc.wait() assert proc.returncode == 0, f"Could not assign write access to {ldap_project} committers" @asfuid.session_required async def process(form_data, session): # Create a new jira project project_key = form_data.get("project_key") project_name = form_data.get("project_name") project_lead = form_data.get("project_lead") ldap_project = form_data.get("ldap_project") issue_scheme = form_data.get("issue_scheme") workflow_scheme = form_data.get("workflow_scheme") homepage_url = form_data.get("homepage_url") description = form_data.get("description") try: assert (session.pmcs or session.root), "Only members of a (P)PMC may create jira projects" assert isinstance(project_key, str) and RE_VALID_PROJECT_KEY.match(project_key), "Invalid project key specified" assert isinstance(project_name, str) and project_name, "Please specify a title for the new Jira project" assert isinstance(description, str) and description, "Please write a short description of this new project" assert isinstance(project_lead, str) and project_lead, "Please specify a project lead for this project" assert ( ldap_project in config.projects ), "Please specify a valid, current apache project to assign this Jira project to" if not session.root: assert ldap_project in session.pmcs, "You can only create a Jira project for an Apache project you are on the PMC of" assert isinstance(issue_scheme, str) and issue_scheme, "Please specify a valid issue scheme this project" assert ( isinstance(workflow_scheme, str) and workflow_scheme ), "Please specify a valid workflow scheme for this project" assert isinstance(homepage_url, str) and homepage_url, "Please specify a homepage URL for this project" # Make sure project lead exists in Jira await jira_user_exists(project_lead) # Set up the new project await create_jira_project( project_key=project_key, project_name=project_name, project_lead=project_lead, description=description, issue_scheme=issue_scheme, workflow_scheme=workflow_scheme, homepage_url=homepage_url, ) # Set standard access: admin for PMC, read/write for committers await set_project_access(project_key, ldap_project) except AssertionError as e: return {"success": False, "message": str(e)} # Notify await log.slack(f"A new Jira project, `{project_key}`, has been created as requested by {session.uid}@apache.org.") project_email = email.project_to_private(ldap_project) email.from_template( "jira_project_created.txt", recipient=("private@infra.apache.org", project_email, f"{session.uid}@apache.org"), variables={ "project_key": project_key, "ldap_project": ldap_project, "requester": session.uid, }, ) # All done for now return { "success": True, "message": "Jira project created", } @asfuid.session_required async def list_schemes(form_data, session): """Lists current valid schemes for Jira""" scheme_dict = {} for key, filepath in JIRA_SCHEME_FILES.items(): if os.path.isfile(filepath): try: js = json.load(open(filepath)) scheme_dict[key] = js except json.JSONDecodeError: # Bad JSON file? :/ scheme_dict[key] = {} return quart.jsonify(scheme_dict) quart.current_app.add_url_rule( "/api/jira-project-create", methods=[ "POST", # Create a new jira project ], view_func=middleware.glued(process), ) quart.current_app.add_url_rule( "/api/jira-project-schemes", methods=[ "GET", # List valid schemes ], view_func=middleware.glued(list_schemes), )