atc: behaviour: add ArchivePipeline endpoint

atc/api/accessor/accessor_test.go

@@ -684,6 +684,11 @@ var _ = Describe("Accessor", func() {
 		Entry("pipeline-operator :: "+atc.PausePipeline, atc.PausePipeline, accessor.OperatorRole, true),
 		Entry("viewer :: "+atc.PausePipeline, atc.PausePipeline, accessor.ViewerRole, false),
 
+		Entry("owner :: "+atc.ArchivePipeline, atc.ArchivePipeline, accessor.OwnerRole, true),
+		Entry("member :: "+atc.ArchivePipeline, atc.ArchivePipeline, accessor.MemberRole, false),
+		Entry("pipeline-operator :: "+atc.ArchivePipeline, atc.ArchivePipeline, accessor.OperatorRole, false),
+		Entry("viewer :: "+atc.ArchivePipeline, atc.ArchivePipeline, accessor.ViewerRole, false),
+
 		Entry("owner :: "+atc.UnpausePipeline, atc.UnpausePipeline, accessor.OwnerRole, true),
 		Entry("member :: "+atc.UnpausePipeline, atc.UnpausePipeline, accessor.MemberRole, true),
 		Entry("pipeline-operator :: "+atc.UnpausePipeline, atc.UnpausePipeline, accessor.OperatorRole, true),

atc/api/accessor/role_action_map.go

@@ -69,6 +69,7 @@ var requiredRoles = map[string]string{
 	atc.DeletePipeline:                MemberRole,
 	atc.OrderPipelines:                MemberRole,
 	atc.PausePipeline:                 OperatorRole,
+	atc.ArchivePipeline:               OwnerRole,
 	atc.UnpausePipeline:               OperatorRole,
 	atc.ExposePipeline:                MemberRole,
 	atc.HidePipeline:                  MemberRole,

atc/api/api_suite_test.go

@@ -198,6 +198,8 @@ var _ = BeforeEach(func() {
 		time.Second,
 		dbWall,
 		fakeClock,
+
+		true, /* enableArchivePipeline */
 	)
 
 	Expect(err).NotTo(HaveOccurred())

atc/api/handler.go

@@ -74,6 +74,8 @@ func NewHandler(
 	interceptUpdateInterval time.Duration,
 	dbWall db.Wall,
 	clock clock.Clock,
+
+	enableArchivePipeline bool,
 ) (http.Handler, error) {
 
 	absCLIDownloadsDir, err := filepath.Abs(cliDownloadsDir)
@@ -91,7 +93,7 @@ func NewHandler(
 	resourceServer := resourceserver.NewServer(logger, secretManager, varSourcePool, dbCheckFactory, dbResourceFactory, dbResourceConfigFactory)
 
 	versionServer := versionserver.NewServer(logger, externalURL)
-	pipelineServer := pipelineserver.NewServer(logger, dbTeamFactory, dbPipelineFactory, externalURL)
+	pipelineServer := pipelineserver.NewServer(logger, dbTeamFactory, dbPipelineFactory, externalURL, enableArchivePipeline)
 	configServer := configserver.NewServer(logger, dbTeamFactory, secretManager)
 	ccServer := ccserver.NewServer(logger, dbTeamFactory, externalURL)
 	workerServer := workerserver.NewServer(logger, dbTeamFactory, dbWorkerFactory)
@@ -148,6 +150,7 @@ func NewHandler(
 		atc.DeletePipeline:      pipelineHandlerFactory.HandlerFor(pipelineServer.DeletePipeline),
 		atc.OrderPipelines:      http.HandlerFunc(pipelineServer.OrderPipelines),
 		atc.PausePipeline:       pipelineHandlerFactory.HandlerFor(pipelineServer.PausePipeline),
+		atc.ArchivePipeline:     pipelineHandlerFactory.HandlerFor(pipelineServer.ArchivePipeline),
 		atc.UnpausePipeline:     pipelineHandlerFactory.HandlerFor(pipelineServer.UnpausePipeline),
 		atc.ExposePipeline:      pipelineHandlerFactory.HandlerFor(pipelineServer.ExposePipeline),
 		atc.HidePipeline:        pipelineHandlerFactory.HandlerFor(pipelineServer.HidePipeline),

atc/api/pipelines_test.go

@@ -62,6 +62,7 @@ var _ = Describe("Pipelines API", func() {
 		privatePipeline.IDReturns(3)
 		privatePipeline.PausedReturns(false)
 		privatePipeline.PublicReturns(false)
+		privatePipeline.ArchivedReturns(true)
 		privatePipeline.TeamNameReturns("main")
 		privatePipeline.NameReturns("private-pipeline")
 		privatePipeline.GroupsReturns(atc.GroupConfigs{
@@ -280,7 +281,7 @@ var _ = Describe("Pipelines API", func() {
 						"name": "private-pipeline",
 						"paused": false,
 						"public": false,
-						"archived": false,
+						"archived": true,
 						"team_name": "main",
 						"last_updated": 1,
 						"groups": [
@@ -948,6 +949,52 @@ var _ = Describe("Pipelines API", func() {
 		})
 	})
 
+	Describe("PUT /api/v1/teams/:team_name/pipelines/:pipeline_name/archive", func() {
+		var response *http.Response
+
+		BeforeEach(func() {
+			fakeaccess.IsAuthenticatedReturns(true)
+			fakeaccess.IsAuthorizedReturns(true)
+			dbTeamFactory.FindTeamReturns(fakeTeam, true, nil)
+			fakeTeam.PipelineReturns(dbPipeline, true, nil)
+		})
+
+		JustBeforeEach(func() {
+			request, _ := http.NewRequest("PUT", server.URL+"/api/v1/teams/a-team/pipelines/a-pipeline/archive", nil)
+			var err error
+			response, err = client.Do(request)
+			Expect(err).NotTo(HaveOccurred())
+		})
+
+		It("returns 200", func() {
+			Expect(response.StatusCode).To(Equal(http.StatusOK))
+		})
+
+		It("archives the pipeline", func() {
+			Expect(dbPipeline.ArchiveCallCount()).To(Equal(1), "Archive() called the wrong number of times")
+		})
+
+		Context("when archiving the pipeline fails due to the DB", func() {
+			BeforeEach(func() {
+				dbPipeline.ArchiveReturns(errors.New("pq: a db error"))
+			})
+
+			It("gives a server error", func() {
+				Expect(response.StatusCode).To(Equal(http.StatusInternalServerError))
+			})
+		})
+
+		Context("when not authenticated", func() {
+			BeforeEach(func() {
+				fakeaccess.IsAuthenticatedReturns(false)
+			})
+
+			It("returns 401", func() {
+				Expect(response.StatusCode).To(Equal(http.StatusUnauthorized))
+			})
+		})
+	})
+
 	Describe("PUT /api/v1/teams/:team_name/pipelines/:pipeline_name/unpause", func() {
 		var response *http.Response
 

atc/api/pipelineserver/archive.go

@@ -0,0 +1,22 @@
+package pipelineserver
+
+import (
+	"net/http"
+
+	"github.com/concourse/concourse/atc/db"
+)
+
+func (s *Server) ArchivePipeline(pipelineDB db.Pipeline) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if !s.enableArchivePipeline {
+			http.Error(w, "endpoint is not enabled", http.StatusForbidden)
+			return
+		}
+		s.logger.Debug("archive-pipeline")
+		err := pipelineDB.Archive()
+		if err != nil {
+			w.WriteHeader(http.StatusInternalServerError)
+			s.logger.Error("archive-pipeline", err)
+		}
+	})
+}

atc/api/pipelineserver/archive_test.go

@@ -0,0 +1,91 @@
+package pipelineserver_test
+
+import (
+	"errors"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+
+	"github.com/concourse/concourse/atc/api/pipelineserver"
+	"github.com/concourse/concourse/atc/api/pipelineserver/pipelineserverfakes"
+	"github.com/concourse/concourse/atc/db/dbfakes"
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+)
+
+//go:generate counterfeiter code.cloudfoundry.org/lager.Logger
+
+var _ = Describe("Archive Handler", func() {
+	var (
+		fakeLogger *pipelineserverfakes.FakeLogger
+		server     *pipelineserver.Server
+		dbPipeline *dbfakes.FakePipeline
+		handler    http.Handler
+		recorder   *httptest.ResponseRecorder
+		request    *http.Request
+	)
+
+	BeforeEach(func() {
+		fakeLogger = new(pipelineserverfakes.FakeLogger)
+		server = pipelineserver.NewServer(
+			fakeLogger,
+			new(dbfakes.FakeTeamFactory),
+			new(dbfakes.FakePipelineFactory),
+			"",
+			true, /* enableArchivePipeline */
+		)
+		dbPipeline = new(dbfakes.FakePipeline)
+		handler = server.ArchivePipeline(dbPipeline)
+		recorder = httptest.NewRecorder()
+		request = httptest.NewRequest("PUT", "http://example.com", nil)
+	})
+
+	It("logs database errors", func() {
+		expectedError := errors.New("db error")
+		dbPipeline.ArchiveReturns(expectedError)
+
+		handler.ServeHTTP(recorder, request)
+
+		Expect(fakeLogger.ErrorCallCount()).To(Equal(1))
+		action, actualError, _ := fakeLogger.ErrorArgsForCall(0)
+		Expect(action).To(Equal("archive-pipeline"), "wrong action name")
+		Expect(actualError).To(Equal(expectedError))
+	})
+
+	It("write a debug log on every request", func() {
+		handler.ServeHTTP(recorder, request)
+
+		Expect(fakeLogger.DebugCallCount()).To(Equal(1))
+		action, _ := fakeLogger.DebugArgsForCall(0)
+		Expect(action).To(Equal("archive-pipeline"), "wrong action name")
+	})
+
+	It("logs no errors if everything works", func() {
+		dbPipeline.ArchiveReturns(nil)
+
+		handler.ServeHTTP(recorder, request)
+
+		Expect(fakeLogger.ErrorCallCount()).To(Equal(0))
+	})
+
+	Context("when the endpoint is not enabled", func() {
+		BeforeEach(func() {
+			server = pipelineserver.NewServer(
+				fakeLogger,
+				new(dbfakes.FakeTeamFactory),
+				new(dbfakes.FakePipelineFactory),
+				"",
+				false, /* enableArchivePipeline */
+			)
+			handler = server.ArchivePipeline(dbPipeline)
+		})
+
+		It("responds with status Forbidden", func() {
+			handler.ServeHTTP(recorder, request)
+
+			Expect(recorder.Code).To(Equal(http.StatusForbidden))
+			body, _ := ioutil.ReadAll(recorder.Body)
+			Expect(body).To(Equal([]byte("endpoint is not enabled\n")))
+		})
+	})
+})