Snap Store Server

Upload macaroons should allow channel restrictions (eg. by regex)

Bug #1711973 reported by Michael Hudson-Doyle
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Snap Store Server
Fix Released
Medium
Tom Wardill

Bug Description

Now that channels have tracks and branches, it would be good to be able to create a macaroon that allows publication to channels matched by regex, e.g. I was thinking about setting up a CI-type system that could push per-PR builds of a snap to edge/test-build-for-pr-NNNN but I would prefer such a system to not be able to push to stable :)

Bret Barker (noise)
Changed in snapstore:
importance: Undecided → Wishlist
William Grant (wgrant)
Changed in snapstore:
importance: Wishlist → Medium
status: New → Triaged
summary: - be able to create a macaroon that allows access to channels by regex
+ Upload macaroons should allow channel restrictions (eg. by regex)
Revision history for this message
Adam Collard (adam-collard) wrote :

Let's allow simple globbing, and not a full regex

Changed in snapstore:
assignee: nobody → Tom Wardill (twom)
Tom Wardill (twom)
Changed in snapstore:
status: Triaged → In Progress
Tom Wardill (twom)
Changed in snapstore:
status: In Progress → Fix Committed
Revision history for this message
Tom Wardill (twom) wrote :

To QA this:

1. Request a `package_release` macaroon, restricted to a channel using an `fnmatch` glob.
2. Attempt to release a snap using this macaroon to a channel that does not match the restriction. It should be rejected with a useful error message.
3. Attempt to release the snap to a matching channel, this should be allowable.

Tom Wardill (twom)
Changed in snapstore:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.