I attempted to walk Brian Thomason (who has upload privileges to the partner archive) through performing a sync from Debian into the partner archive using the Launchpad API. This failed due to permissions:
brian@brian-desktop:~$ lp-shell
>>> from debian_bundle import debian_support
>>> debian = lp.distributions['debian']
>>> unstable = debian.getSeries(name_or_version='sid')
>>> debian_archive = debian.main_archive
>>> pubs = debian_archive.getPublishedSources(distro_series=unstable, exact_match=True, pocket='Release', source_name='sun-java6', status='Pending')
>>> version = sorted(pubs, key=lambda pub: debian_support.Version(pub.source_package_version), reverse=True)[0].source_package_version
>>> partner_archive = [a for a in lp.distributions['ubuntu'].archives if a.name == 'partner'][0]
>>> lucid = lp.distributions['ubuntu'].getSeries(name_or_version='lucid')
>>> partner_archive.syncSource(from_archive=debian_archive, include_binaries=False, source_name='sun-java6', to_pocket='Release', to_series=lucid, version=version)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/pymodules/python2.6/lazr/restfulclient/resource.py", line 482, in __call__
url, in_representation, http_method, extra_headers=extra_headers)
File "/usr/lib/pymodules/python2.6/lazr/restfulclient/_browser.py", line 256, in _request
raise HTTPError(response, content)
lazr.restfulclient.errors.HTTPError: HTTP Error 401: Unauthorized
Response headers:
---
content-length: 63
content-type: text/plain
date: Wed, 24 Feb 2010 23:12:00 GMT
server: zope.server.http (HTTP)
status: 401
via: 1.1 wildcard.edge.launchpad.net
x-lazr-oopsid: OOPS-1516EA1149
x-powered-by: Zope (www.zope.org), Python (www.python.org)
---
Response body:
---
(<Archive at 0x2aaab875fe10>, 'syncSource', 'launchpad.Append')
---
>>>
Examination of the source code shows that normal upload permission checks are not applied to the syncSource method; instead, it merely looks at the archive owner. The Ubuntu primary and partner archives are both owned by ubuntu-drivers, which is quite a restricted team.
Until we are ready to start using the API across the board for syncs, which is mainly blocked on the resulting *-changes mails being sensible (see https://dev.launchpad.net/Ubuntu/InfrastructureNeeds for tracking), it's probably correct for this method to be restricted. However, it will need to be opened up as the last step. It should check archive permissions for the package you're syncing.
This should only be fixed after bug 529936 is fixed.