From e49f20b501dbb0be68b82790a07b558b308e1b7c Mon Sep 17 00:00:00 2001 From: Jana Cupova Date: Mar 15 2023 13:02:24 +0000 Subject: Remove deprecated policies Fixes: https://pagure.io/koji/issue/3728 --- diff --git a/builder/kojid b/builder/kojid index 6184b87..7a10f7f 100755 --- a/builder/kojid +++ b/builder/kojid @@ -1046,13 +1046,6 @@ class BuildTask(BaseTaskHandler): policy_data['target'] = target_info['name'] if not self.opts.get('skip_tag'): policy_data['tag'] = dest_tag # id - # backward-compatible deprecated policies (TODO: remove in 1.33) - if not SCM.is_scm_url(src) and not opts.get('scratch'): - # let hub policy decide - self.session.host.assertPolicy('build_from_srpm', policy_data) - if opts.get('repo_id') is not None: - # use of this option is governed by policy - self.session.host.assertPolicy('build_from_repo_id', policy_data) self.session.host.assertPolicy('build_rpm', policy_data) if not repo_info: repo_info = self.getRepo(build_tag, builds=opts.get('wait_builds'), diff --git a/docs/source/access_controls.rst b/docs/source/access_controls.rst index 7283bdd..a31f0ae 100644 --- a/docs/source/access_controls.rst +++ b/docs/source/access_controls.rst @@ -51,12 +51,9 @@ Examples of access control polices are: * cg_import: control which content generator imports are allowed * vm: control which windows build tasks are allowed * dist_repo: control which distRepo tasks are allowed -* build_rpm: control whether builds are allowed, this is superceding older ``build_from_srpm`` - to handle all task types. ``build_from_srpm`` and ``build_from_repo_id`` are now - deprecated and will be removed in koji 1.33. Default policy allows everything. -* build_from_srpm [deprecated]: control whether builds from srpm are allowed +* build_rpm: control whether builds are allowed, this policy to handle all task types. + Default policy allows everything. * build_from_scm: control whether builds from the SCM are allowed and the behavior of the SCM -* build_from_repo_id [deprecated]: control whether builds from user-specified repos ids are allowed Note that not all policies are access control policies. The ``channel`` and ``volume`` policies are used to control which channels tasks go to diff --git a/docs/source/defining_hub_policies.rst b/docs/source/defining_hub_policies.rst index a0b67ee..0667998 100644 --- a/docs/source/defining_hub_policies.rst +++ b/docs/source/defining_hub_policies.rst @@ -131,11 +131,7 @@ Available policies The system currently looks for the following policies * ``tag``: checked during tag/untag/move operations -* ``build_from_srpm``: checked when a build from srpm (not an SCM reference) is - requested. * ``build_from_scm``: checked when a build task from SCM is executing on builder -* ``build_from_repo_id``: checked when a build from a specified repo id is - requested * ``package_list``: checked when the package list for a tag is modified * ``channel``: consulted when a task is created * ``cg_import``: consulted during content generator imports diff --git a/kojihub/kojixmlrpc.py b/kojihub/kojixmlrpc.py index 3139071..9102602 100644 --- a/kojihub/kojixmlrpc.py +++ b/kojihub/kojixmlrpc.py @@ -560,14 +560,6 @@ _default_policies = { 'build_rpm': ''' all :: allow ''', - 'build_from_srpm': ''' - has_perm admin :: allow - all :: deny Only admin can do this via default policy - ''', - 'build_from_repo_id': ''' - has_perm admin :: allow - all :: deny Only admin can do this via default policy - ''', 'build_from_scm': ''' has_perm admin :: allow # match scm_type CVS CVS+SSH && match scm_host scm.example.com && match scm_repository /cvs/example :: allow diff --git a/vm/kojivmd b/vm/kojivmd index 59f1877..d00d7ee 100755 --- a/vm/kojivmd +++ b/vm/kojivmd @@ -400,7 +400,6 @@ class WinBuildTask(MultiPlatformTask): } if not opts.get('skip_tag'): policy_data['tag'] = dest_tag['id'] - self.session.host.assertPolicy('build_from_repo_id', policy_data) else: repo_info = self.getRepo(build_tag['id']) repo_id = repo_info['id']