Upload macaroons should allow channel restrictions (eg. by regex)

Bug #1711973 reported by Michael Hudson-Doyle on 2017-08-21
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Snap Store
Medium
Tom Wardill

Bug Description

Now that channels have tracks and branches, it would be good to be able to create a macaroon that allows publication to channels matched by regex, e.g. I was thinking about setting up a CI-type system that could push per-PR builds of a snap to edge/test-build-for-pr-NNNN but I would prefer such a system to not be able to push to stable :)

Bret Barker (noise) on 2017-09-05
Changed in snapstore:
importance: Undecided → Wishlist
William Grant (wgrant) on 2018-05-09
Changed in snapstore:
importance: Wishlist → Medium
status: New → Triaged
summary: - be able to create a macaroon that allows access to channels by regex
+ Upload macaroons should allow channel restrictions (eg. by regex)
Adam Collard (adam-collard) wrote :

Let's allow simple globbing, and not a full regex

Changed in snapstore:
assignee: nobody → Tom Wardill (twom)
Tom Wardill (twom) on 2018-12-20
Changed in snapstore:
status: Triaged → In Progress
Tom Wardill (twom) 10 hours ago
Changed in snapstore:
status: In Progress → Fix Committed
Tom Wardill (twom) wrote :

To QA this:

1. Request a `package_release` macaroon, restricted to a channel using an `fnmatch` glob.
2. Attempt to release a snap using this macaroon to a channel that does not match the restriction. It should be rejected with a useful error message.
3. Attempt to release the snap to a matching channel, this should be allowable.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers