models.py 20.6 KB
Newer Older
Lukas Burgey's avatar
Lukas Burgey committed
1
2
3
4
5
# django senders need their arguments
# pylint: disable=unused-argument

import json
import logging
6
import pika
Lukas Burgey's avatar
Lukas Burgey committed
7
8
import requests
from requests.auth import HTTPBasicAuth
Lukas Burgey's avatar
Lukas Burgey committed
9
from django.conf import settings
Lukas Burgey's avatar
Lukas Burgey committed
10
from django.contrib.auth.models import AbstractUser, Group
11
from django.core.cache import cache
Lukas Burgey's avatar
Lukas Burgey committed
12
from django.db import models
13
from django.db.models.signals import post_save, pre_delete
Lukas Burgey's avatar
Lukas Burgey committed
14
from django.dispatch import receiver
15
from django_mysql.models import JSONField
Lukas Burgey's avatar
Lukas Burgey committed
16
from rest_framework.authtoken.models import Token
Lukas Burgey's avatar
Lukas Burgey committed
17
from .auth.v1.models import OIDCConfig
Lukas Burgey's avatar
Lukas Burgey committed
18

Lukas Burgey's avatar
Lukas Burgey committed
19
LOGGER = logging.getLogger(__name__)
20

Lukas Burgey's avatar
Lukas Burgey committed
21

22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# singleton for simple configs
# https://steelkiwi.com/blog/practical-application-singleton-design-pattern/
class SingletonModel(models.Model):
    class Meta:
        abstract = True

    def set_cache(self):
        cache.set(self.__class__.__name__, self)

    # pylint: disable=invalid-name, arguments-differ
    def save(self, *args, **kwargs):
        self.pk = 1
        super(SingletonModel, self).save(*args, **kwargs)
        self.set_cache()

    @classmethod
    def load(cls):
        if cache.get(cls.__name__) is None:
            obj, created = cls.objects.get_or_create(pk=1)
            if not created:
                obj.set_cache()
        return cache.get(cls.__name__)


Lukas Burgey's avatar
Lukas Burgey committed
46
47
# clients are registerred at rabbitmq, when they are assigned to a site
# (because we only then know what services they provide)
48
class RabbitMQInstance(SingletonModel):
Lukas Burgey's avatar
Lukas Burgey committed
49
    host = models.CharField(
Lukas Burgey's avatar
Lukas Burgey committed
50
51
52
        max_length=150,
        default='localhost',
    )
Lukas Burgey's avatar
Lukas Burgey committed
53
54
55
56
    vhost = models.CharField(
        max_length=150,
        default='%2f',
    )
Lukas Burgey's avatar
Lukas Burgey committed
57
    exchange = models.CharField(
Lukas Burgey's avatar
Lukas Burgey committed
58
59
60
        max_length=150,
        default='deployments',
    )
Lukas Burgey's avatar
Lukas Burgey committed
61
    port = models.IntegerField(
Lukas Burgey's avatar
Lukas Burgey committed
62
        default=15672,
Lukas Burgey's avatar
Lukas Burgey committed
63
    )
Lukas Burgey's avatar
Lukas Burgey committed
64
    path = models.CharField(
Lukas Burgey's avatar
Lukas Burgey committed
65
66
67
        max_length=150,
        default='api',
    )
Lukas Burgey's avatar
Lukas Burgey committed
68
    username = models.CharField(
Lukas Burgey's avatar
Lukas Burgey committed
69
70
71
        max_length=150,
        default='guest',
    )
Lukas Burgey's avatar
Lukas Burgey committed
72
    password = models.CharField(
Lukas Burgey's avatar
Lukas Burgey committed
73
74
75
        max_length=150,
        default='guest',
    )
Lukas Burgey's avatar
Lukas Burgey committed
76
77
    is_active = models.BooleanField(
        default=True,
Lukas Burgey's avatar
Lukas Burgey committed
78
    )
Lukas Burgey's avatar
Lukas Burgey committed
79
80
81
82

    def __str__(self):
        return self.host

Lukas Burgey's avatar
Lukas Burgey committed
83
    def _msg(self, msg):
Lukas Burgey's avatar
Lukas Burgey committed
84
        return '[RabbitMQ:{}] {}'.format(self.host, msg)
Lukas Burgey's avatar
Lukas Burgey committed
85
86
87
88

    @property
    def auth(self):
        return HTTPBasicAuth(
Lukas Burgey's avatar
Lukas Burgey committed
89
            self.username,
Lukas Burgey's avatar
Lukas Burgey committed
90
            self.password,
Lukas Burgey's avatar
Lukas Burgey committed
91
        )
Lukas Burgey's avatar
Lukas Burgey committed
92
93

    @property
Lukas Burgey's avatar
Lukas Burgey committed
94
95
96
97
98
    def _connection_parameters(self):
        return pika.ConnectionParameters(
            host=self.host,
            ssl=True,
        )
99
100
101

    @property
    def connection(self):
Lukas Burgey's avatar
Lukas Burgey committed
102
103
104
105
        LOGGER.debug(self._msg('opened connection'))
        return pika.BlockingConnection(
            self._connection_parameters,
        )
106
107
108

    @property
    def channel(self):
Lukas Burgey's avatar
Lukas Burgey committed
109
110
111
112
113
114
115
116
117
118
119
120
121
122
        rabbitmq_channel = self.connection.channel()
        rabbitmq_channel.exchange_declare(
            exchange=self.exchange,
            durable=True,
            auto_delete=False,
            exchange_type='topic',
        )
        rabbitmq_channel.confirm_delivery()
        LOGGER.debug(self._msg('opened channel'))

        return rabbitmq_channel

    def _get_api_uri(self, path):
        return 'http://{}:{}/{}/{}'.format(
Lukas Burgey's avatar
Lukas Burgey committed
123
124
125
            self.host,
            self.port,
            self.path,
Lukas Burgey's avatar
Lukas Burgey committed
126
            path,
Lukas Burgey's avatar
Lukas Burgey committed
127
128
        )

Lukas Burgey's avatar
Lukas Burgey committed
129
    def _rest_get(self, api_path):
Lukas Burgey's avatar
Lukas Burgey committed
130
        req = requests.get(
Lukas Burgey's avatar
Lukas Burgey committed
131
            self._get_api_uri(api_path),
Lukas Burgey's avatar
Lukas Burgey committed
132
            auth=self.auth)
Lukas Burgey's avatar
Lukas Burgey committed
133
134
        req.raise_for_status()
        return req.json()
Lukas Burgey's avatar
Lukas Burgey committed
135
136
137

    # send a rest call with path and data to the rest interface of
    # the rabbitmq instance
Lukas Burgey's avatar
Lukas Burgey committed
138
    def _rest_put(self, api_path, data):
Lukas Burgey's avatar
Lukas Burgey committed
139
        req = requests.put(
Lukas Burgey's avatar
Lukas Burgey committed
140
            self._get_api_uri(api_path),
Lukas Burgey's avatar
Lukas Burgey committed
141
142
            json=data,
            auth=self.auth)
Lukas Burgey's avatar
Lukas Burgey committed
143
144
        req.raise_for_status()
        return req
Lukas Burgey's avatar
Lukas Burgey committed
145

Lukas Burgey's avatar
Lukas Burgey committed
146
    def _rest_del(self, api_path):
Lukas Burgey's avatar
Lukas Burgey committed
147
        req = requests.delete(
Lukas Burgey's avatar
Lukas Burgey committed
148
            self._get_api_uri(api_path),
Lukas Burgey's avatar
Lukas Burgey committed
149
            auth=self.auth)
Lukas Burgey's avatar
Lukas Burgey committed
150
151
        req.raise_for_status()
        return req
Lukas Burgey's avatar
Lukas Burgey committed
152

Lukas Burgey's avatar
Lukas Burgey committed
153
    def _set_topic_permissions(self, site):
Lukas Burgey's avatar
Lukas Burgey committed
154
155
        username = site.client.username
        path = 'topic-permissions/{}/{}/'.format(
Lukas Burgey's avatar
Lukas Burgey committed
156
157
158
            self.vhost,
            username,
        )
Lukas Burgey's avatar
Lukas Burgey committed
159
160
161
162

        # set permissions for the correct topics
        # we construct a regex to match the services of the site
        services = ''
Lukas Burgey's avatar
Lukas Burgey committed
163
        omit_bar = True
Lukas Burgey's avatar
Lukas Burgey committed
164
165
        for service in site.services.all():
            prefix = '|'
Lukas Burgey's avatar
Lukas Burgey committed
166
            if omit_bar:
Lukas Burgey's avatar
Lukas Burgey committed
167
                prefix = ''
Lukas Burgey's avatar
Lukas Burgey committed
168
                omit_bar = False
Lukas Burgey's avatar
Lukas Burgey committed
169
170
171
172

            services = services + prefix + service.name

        set_topic_permission_data = {
Lukas Burgey's avatar
Lukas Burgey committed
173
174
            'exchange': self.exchange,
            'write': '^$',
Lukas Burgey's avatar
Lukas Burgey committed
175
            'read': r'^service\.({})$'.format(services),
Lukas Burgey's avatar
Lukas Burgey committed
176
        }
Lukas Burgey's avatar
Lukas Burgey committed
177

Lukas Burgey's avatar
Lukas Burgey committed
178
        return self._rest_put(path, set_topic_permission_data)
Lukas Burgey's avatar
Lukas Burgey committed
179
180

    # set permissions for the user
Lukas Burgey's avatar
Lukas Burgey committed
181
    def _set_permissions(self, site):
Lukas Burgey's avatar
Lukas Burgey committed
182
183
        username = site.client.username
        path = 'permissions/{}/{}/'.format(
Lukas Burgey's avatar
Lukas Burgey committed
184
185
186
            self.vhost,
            username,
        )
Lukas Burgey's avatar
Lukas Burgey committed
187
        permission = r'^(amq\.gen.*|{})'.format(self.exchange)
Lukas Burgey's avatar
Lukas Burgey committed
188
        set_permission_data = {
Lukas Burgey's avatar
Lukas Burgey committed
189
190
191
192
            'configure': permission,
            'write': permission,
            'read': permission,
        }
Lukas Burgey's avatar
Lukas Burgey committed
193

Lukas Burgey's avatar
Lukas Burgey committed
194
        return self._rest_put(path, set_permission_data)
Lukas Burgey's avatar
Lukas Burgey committed
195
196

    # create user at the rabbitmq instance
Lukas Burgey's avatar
Lukas Burgey committed
197
    def _create_user(self, site):
Lukas Burgey's avatar
Lukas Burgey committed
198
199
200
201
        username = site.client.username
        path = 'users/{}/'.format(username)

        user_creation_data = {
Lukas Burgey's avatar
Lukas Burgey committed
202
203
204
            'password': str(site.client.auth_token.key),
            'tags': '',
        }
Lukas Burgey's avatar
Lukas Burgey committed
205

Lukas Burgey's avatar
Lukas Burgey committed
206
        return self._rest_put(path, user_creation_data)
Lukas Burgey's avatar
Lukas Burgey committed
207
208

    # delete user at the rabbitmq instance
Lukas Burgey's avatar
Lukas Burgey committed
209
    def _delete_user(self, site):
Lukas Burgey's avatar
Lukas Burgey committed
210
211
212
        username = site.client.username
        path = 'users/{}/'.format(username)

Lukas Burgey's avatar
Lukas Burgey committed
213
214
215
216
217
        return self._rest_del(path)

    def _disconnect(self):
        LOGGER.debug(self._msg('closing connection'))
        self.connection.close()
Lukas Burgey's avatar
Lukas Burgey committed
218
219
220
221

    # PUBLIC API

    def register_site(self, site):
Lukas Burgey's avatar
Lukas Burgey committed
222
223
224
225
        self._create_user(site)
        self._set_permissions(site)
        self._set_topic_permissions(site)
        LOGGER.info(self._msg('registered {}'.format(site.client)))
Lukas Burgey's avatar
Lukas Burgey committed
226
227

    def update_site(self, site):
Lukas Burgey's avatar
Lukas Burgey committed
228
229
        self._set_topic_permissions(site)
        LOGGER.info(self._msg('updated permissions for {}'.format(site.client)))
Lukas Burgey's avatar
Lukas Burgey committed
230
231

    def deregister_site(self, site):
Lukas Burgey's avatar
Lukas Burgey committed
232
233
        # TODO implement
        LOGGER.info(self._msg('deregistered {}'.format(site.client)))
Lukas Burgey's avatar
Lukas Burgey committed
234
235

    def is_client_connected(self, site):
Lukas Burgey's avatar
Lukas Burgey committed
236
        connections = self._rest_get("connections/")
Lukas Burgey's avatar
Lukas Burgey committed
237
238
239
240
241
242
243
244
245
246
        clients_for_site = [c
                            for c in connections
                            if c['user'] == site.client.username]
        return len(clients_for_site) > 0

    def online_clients(self, service):
        return [site
                for site in service.site.all()
                if self.is_client_connected(site)]

247
    def publish_by_service(self, service, msg):
248
        # FIXME publish can fail -> catch error
249
        return self.channel.basic_publish(
Lukas Burgey's avatar
Lukas Burgey committed
250
            exchange=self.exchange,
251
            routing_key=service.routing_key,
Lukas Burgey's avatar
Lukas Burgey committed
252
253
254
255
256
            body=msg,
            properties=pika.BasicProperties(
                delivery_mode=1,
            ),
        )
Lukas Burgey's avatar
Lukas Burgey committed
257
258


259
260
261
262
def user_info_default():
    return {}


Lukas Burgey's avatar
Lukas Burgey committed
263
class User(AbstractUser):
264
    TYPE_CHOICES = (
Lukas Burgey's avatar
Lukas Burgey committed
265
266
267
268
        ('apiclient', 'API-Client'),
        ('oidcuser', 'OIDC User'),
        ('admin', 'Admin'),
    )
269
    user_type = models.CharField(
Lukas Burgey's avatar
Lukas Burgey committed
270
271
272
273
        max_length=20,
        choices=TYPE_CHOICES,
        default='oidcuser',
    )
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
    sub = models.CharField(
        max_length=150,
        blank=True,
        null=True,
    )
    password = models.CharField(
        max_length=150,
        blank=True,
        null=True,
    )
    # the real state of the user
    # (self.is_active is the supposed state of the user)
    _is_active = models.BooleanField(
        default=True,
        editable=False,
    )
Lukas Burgey's avatar
Lukas Burgey committed
290
291
292
293
294
295
    # the idp which authenticated the user
    idp = models.ForeignKey(
        OIDCConfig,
        related_name='users',
        on_delete=models.CASCADE,
    )
296
297
298
299
300
    userinfo = JSONField(
        default=user_info_default,
        null=True,
        blank=True,
    )
Lukas Burgey's avatar
Lukas Burgey committed
301

Lukas Burgey's avatar
Lukas Burgey committed
302
    # we hide deleted keys here
303
    # the full list of ssh keys is self._ssh_keys
Lukas Burgey's avatar
Lukas Burgey committed
304
305
306
307
    @property
    def ssh_keys(self):
        return self._ssh_keys.filter(deleted=False)

308
309
310
311
    @property
    def is_active_at_clients(self):
        return self._is_active

312
313
314
    def __str__(self):
        if self.user_type == 'admin':
            return 'ADMIN {}'.format(self.username)
Lukas Burgey's avatar
Lukas Burgey committed
315
        elif self.user_type == 'oidcuser':
316
317
318
            if not self.is_active:
                return 'DEACTIVATED USER {}'.format(self.username)
            return 'USER {}'.format(self.username)
Lukas Burgey's avatar
Lukas Burgey committed
319
        elif self.user_type == 'apiclient':
320
            return 'APICLIENT {}@{}'.format(self.username, self.site)
Lukas Burgey's avatar
Lukas Burgey committed
321
322
        else:
            raise Exception()
Lukas Burgey's avatar
Lukas Burgey committed
323

Lukas Burgey's avatar
Lukas Burgey committed
324
    def _msg(self, msg):
325
326
327
328
329
330
        return '[{}] {}'.format(self, msg)

    # oidcuser: withdraw and delete all credentials and delete the user
    def remove(self):
        if self.user_type == 'oidcuser':
            self.deactivate()
Lukas Burgey's avatar
Lukas Burgey committed
331
            LOGGER.info(self._msg('Deleting'))
332
333
334
335
336
337
338

            # TODO: deleting the user brings problems:
            # the deletion cascades down to DeploymentTask and DeploymentTaskItem
            # but these need to be conserved so all clients withdrawals can be tracked
            self.delete()

    def activate(self):
339
        if self._is_active:
Lukas Burgey's avatar
Lukas Burgey committed
340
            LOGGER.error(self._msg('already activated'))
341
342
343
344
            return

        if self.user_type == 'oidcuser':
            self.is_active = True
345
            self._is_active = True
346
347
348
349
350
            self.save()

            for dep in self.deployments.all():
                dep.activate()

Lukas Burgey's avatar
Lukas Burgey committed
351
            LOGGER.info(self._msg('activated'))
352
353
354

    # oidcuser: withdraw all credentials
    def deactivate(self):
355
        if not self._is_active:
Lukas Burgey's avatar
Lukas Burgey committed
356
            LOGGER.error(self._msg('already deactivated'))
357
358
359
360
            return

        if self.user_type == 'oidcuser':
            self.is_active = False
361
            self._is_active = False
362
363
364
365
366
            self.save()

            for dep in self.deployments.all():
                dep.deactivate()

Lukas Burgey's avatar
Lukas Burgey committed
367
            LOGGER.info(self._msg('deactivated'))
368
369


370
371
372
373
374
375
376
377
378
379
    @classmethod
    def construct_from_user_info(cls, user_info, idp):
        LOGGER.debug('User: constructing from %s', user_info)
        return cls(
            sub=user_info.get('sub', ''),
            first_name=user_info.get('given_name', ''),
            last_name=user_info.get('family_name', ''),
            email=user_info.get('email', ''),
            username=user_info.get('email', ''),
            idp=idp,
380
            userinfo=user_info,
381
        )
Lukas Burgey's avatar
Lukas Burgey committed
382
383
384


class Site(models.Model):
385
    client = models.OneToOneField(
Lukas Burgey's avatar
Lukas Burgey committed
386
387
388
        User,
        related_name='site',
    )
Lukas Burgey's avatar
Lukas Burgey committed
389
390
391
392
393
394
    name = models.CharField(max_length=150, unique=True)
    description = models.TextField(max_length=300, blank=True)

    def __str__(self):
        return self.name

395
396
397
398
399
400
    # tasks which are still to be executed on this site
    @property
    def tasks(self):
        return [item.task
                for item
                in self.task_items.all()]
Lukas Burgey's avatar
Lukas Burgey committed
401

Lukas Burgey's avatar
Lukas Burgey committed
402
403
404
405

class Service(models.Model):
    name = models.CharField(max_length=150, unique=True)
    description = models.TextField(max_length=300, blank=True)
406
    site = models.ManyToManyField(
Lukas Burgey's avatar
Lukas Burgey committed
407
408
        Site,
        related_name='services')
Lukas Burgey's avatar
Lukas Burgey committed
409
    groups = models.ManyToManyField(
Lukas Burgey's avatar
Lukas Burgey committed
410
411
412
        Group,
        related_name='services',
        blank=True)
Lukas Burgey's avatar
Lukas Burgey committed
413

414
415
416
417
    @property
    def routing_key(self):
        return 'service.{}'.format(self.name)

Lukas Burgey's avatar
Lukas Burgey committed
418
    def __str__(self):
Lukas Burgey's avatar
Lukas Burgey committed
419
        return self.name
Lukas Burgey's avatar
Lukas Burgey committed
420
421
422


class SSHPublicKey(models.Model):
Lukas Burgey's avatar
Lukas Burgey committed
423
424
425
426
427
428
429
    name = models.CharField(
        max_length=150,
        unique=True,
    )
    key = models.TextField(
        max_length=1000
    )
Lukas Burgey's avatar
Lukas Burgey committed
430
    # hidden field at the user
Lukas Burgey's avatar
Lukas Burgey committed
431
    user = models.ForeignKey(
Lukas Burgey's avatar
Lukas Burgey committed
432
433
434
        User,
        related_name='_ssh_keys',
    )
Lukas Burgey's avatar
Lukas Burgey committed
435

Lukas Burgey's avatar
Lukas Burgey committed
436
437
    # has the user triggered the deletion of this key
    deleted = models.BooleanField(
Lukas Burgey's avatar
Lukas Burgey committed
438
439
440
        default=False,
        editable=False,
    )
441

Lukas Burgey's avatar
Lukas Burgey committed
442
    def _msg(self, msg):
Lukas Burgey's avatar
Lukas Burgey committed
443
        return '[SSHPublicKey:{}] {}'.format(self, msg)
444

445
446
447
    # does not directly delete the key if the key is deployed or withdrawn
    # somewhere
    # the receiver 'delete_withdrawn_ssh_key' does the actual deletion
448
    def delete_key(self):
Lukas Burgey's avatar
Lukas Burgey committed
449
        if (not self.tasks.exists() and not self.deployments.exists()):
Lukas Burgey's avatar
Lukas Burgey committed
450
            LOGGER.info(self._msg('Direct deletion of key'))
451
452
453
            self.delete()
            return

Lukas Burgey's avatar
Lukas Burgey committed
454
        LOGGER.info(self._msg('Deletion of key started'))
455
456
457
        self.deleted = True
        self.save()

Lukas Burgey's avatar
Lukas Burgey committed
458
        # delete implies withdrawing the key from all clients
459
460
461
        for deployment in self.deployments.all():
            deployment.withdraw_key(self)

Lukas Burgey's avatar
Lukas Burgey committed
462
463
    # when a key is withdrawn by a client we try to finally delete it
    def try_final_deletion(self):
Lukas Burgey's avatar
Lukas Burgey committed
464
        if (self.deleted and not self.tasks.exists()):
Lukas Burgey's avatar
Lukas Burgey committed
465
            LOGGER.info(self._msg(
Lukas Burgey's avatar
Lukas Burgey committed
466
                'All clients have withdrawn this key. Final deletion'))
Lukas Burgey's avatar
Lukas Burgey committed
467
468
469
            self.delete()
            return

Lukas Burgey's avatar
Lukas Burgey committed
470
    def __str__(self):
Lukas Burgey's avatar
Lukas Burgey committed
471
472
        if self.deleted:
            return "DELETED: {}".format(self.name)
Lukas Burgey's avatar
Lukas Burgey committed
473
474
475
        return self.name


476
# Deployment describes the credential state per user as it is supposed to be
477
478
479
480
#
# (exception: if is_active=False the ssh_keys contain the keys to be deployed
# if the deployment is reactivated)
#
481
482
# DeploymentTask is what is sent to the clients via rabbitmq
# The DeploymentTaskItem track the acknowledgements from the clients
Lukas Burgey's avatar
Lukas Burgey committed
483
484
class Deployment(models.Model):
    user = models.ForeignKey(
Lukas Burgey's avatar
Lukas Burgey committed
485
486
487
488
        User,
        related_name='deployments',
        on_delete=models.CASCADE,
    )
Lukas Burgey's avatar
Lukas Burgey committed
489
    service = models.ForeignKey(
Lukas Burgey's avatar
Lukas Burgey committed
490
491
492
493
        Service,
        related_name='deployments',
        on_delete=models.CASCADE,
    )
Lukas Burgey's avatar
Lukas Burgey committed
494
    ssh_keys = models.ManyToManyField(
Lukas Burgey's avatar
Lukas Burgey committed
495
496
497
498
        SSHPublicKey,
        related_name='deployments',
        blank=True,
    )
499
    ssh_keys_to_withdraw = models.ManyToManyField(
Lukas Burgey's avatar
Lukas Burgey committed
500
501
502
503
        SSHPublicKey,
        related_name='withdrawn_deployments',
        blank=True,
    )
504
    is_active = models.BooleanField(
Lukas Burgey's avatar
Lukas Burgey committed
505
506
        default=True,
    )
507

508
509
510
    @property
    def withdrawals(self):
        return self.tasks.filter(action='withdraw')
Lukas Burgey's avatar
Lukas Burgey committed
511

512
513
514
    @property
    def deploys(self):
        return self.tasks.filter(action='deploy')
Lukas Burgey's avatar
Lukas Burgey committed
515

516
517
    def __str__(self):
        return '{}:{}'.format(self.service, self.user)
518

Lukas Burgey's avatar
Lukas Burgey committed
519
    def _msg(self, msg):
520
        return '[Deployment:{}] {}'.format(self, msg)
521

522
523
524
    # deploy credentials which were deployed prior to deactivation
    def activate(self):
        if self.is_active:
Lukas Burgey's avatar
Lukas Burgey committed
525
            LOGGER.error(self._msg('already active'))
526
527
            return

Lukas Burgey's avatar
Lukas Burgey committed
528
        LOGGER.debug(self._msg(str(self.ssh_keys.all())))
529
530
531
532
533
        for key in self.ssh_keys.all():
            self._deploy_key(key)

        self.is_active = True
        self.save()
Lukas Burgey's avatar
Lukas Burgey committed
534
        LOGGER.info(self._msg('activated'))
535
536
537
538

    # withdraw all credentials
    def deactivate(self):
        if not self.is_active:
Lukas Burgey's avatar
Lukas Burgey committed
539
            LOGGER.error(self._msg('already deactivated'))
540
541
542
            return

        self.is_active = False
543
        self.save()
544

545
546
547
        for key in self.ssh_keys.all():
            self._withdraw_key(key)

Lukas Burgey's avatar
Lukas Burgey committed
548
        LOGGER.info(self._msg('deactivated'))
549
550
551
552

    # only deploy the key
    def _deploy_key(self, key):
        # delete outstanding tasks which are made obsolete by this task
553
        for withdrawal in self.withdrawals.filter(key=key):
Lukas Burgey's avatar
Lukas Burgey committed
554
            LOGGER.debug(withdrawal._msg('now obsolete'))
Lukas Burgey's avatar
Lukas Burgey committed
555
            withdrawal.delete()
556
557
558

        # generate task
        task = DeploymentTask(
Lukas Burgey's avatar
Lukas Burgey committed
559
560
561
562
            action='deploy',
            deployment=self,
            key=key,
        )
563
        task.save()
Lukas Burgey's avatar
Lukas Burgey committed
564
        LOGGER.debug(task._msg('generated'))
565
566
567
568

        # generate task items
        for site in self.service.site.all():
            deploy = DeploymentTaskItem(
Lukas Burgey's avatar
Lukas Burgey committed
569
570
571
                task=task,
                site=site,
            )
572
            deploy.save()
Lukas Burgey's avatar
Lukas Burgey committed
573
            LOGGER.debug(deploy._msg('generated'))
574
575
576

        # publish the task
        task.publish()
577

578
579
    def _withdraw_key(self, key):
        # delete outstanding tasks which are made obsolete by this task
580
        for deploy in self.deploys.filter(key=key):
Lukas Burgey's avatar
Lukas Burgey committed
581
            LOGGER.debug(deploy._msg("now obsolete"))
Lukas Burgey's avatar
Lukas Burgey committed
582
            deploy.delete()
Lukas Burgey's avatar
Lukas Burgey committed
583

584
585
        # generate task
        task = DeploymentTask(
Lukas Burgey's avatar
Lukas Burgey committed
586
587
588
589
            action='withdraw',
            deployment=self,
            key=key,
        )
590
        task.save()
Lukas Burgey's avatar
Lukas Burgey committed
591
        LOGGER.debug(task._msg('generated'))
Lukas Burgey's avatar
Lukas Burgey committed
592

593
594
595
        # generate task items
        for site in self.service.site.all():
            withdrawal = DeploymentTaskItem(
Lukas Burgey's avatar
Lukas Burgey committed
596
597
598
                task=task,
                site=site,
            )
599
            withdrawal.save()
Lukas Burgey's avatar
Lukas Burgey committed
600
            LOGGER.debug(withdrawal._msg('generated'))
601

602
603
        # publish the task
        task.publish()
Lukas Burgey's avatar
Lukas Burgey committed
604

605
606
607
    # deploy key and track changes in the key lists
    def deploy_key(self, key):
        if not self.is_active:
Lukas Burgey's avatar
Lukas Burgey committed
608
            LOGGER.error(self._msg('cannot deploy while deactivated'))
609
610
611
612
613
614
615
616
617
618
619
620
621
            raise Exception('deployment deactivated')

        self.ssh_keys.add(key)

        if key in self.ssh_keys_to_withdraw.all():
            self.ssh_keys_to_withdraw.remove(key)
        self.save()

        self._deploy_key(key)

    # withdraw key and track changes in the key lists
    def withdraw_key(self, key):
        if not self.is_active:
Lukas Burgey's avatar
Lukas Burgey committed
622
            LOGGER.error(self._msg('cannot withdraw while deactivated'))
623
624
625
626
627
628
629
630
631
632
            raise Exception('deployment deactivated')

        self.ssh_keys.remove(key)

        # keys which are to be withdrawn by the clients
        self.ssh_keys_to_withdraw.add(key)
        self.save()

        self._withdraw_key(key)

Lukas Burgey's avatar
Lukas Burgey committed
633

634
635
class DeploymentTask(models.Model):
    ACTION_CHOICES = (
Lukas Burgey's avatar
Lukas Burgey committed
636
637
638
        ('deploy', 'deploy'),
        ('withdraw', 'withdraw'),
    )
639
    action = models.CharField(
Lukas Burgey's avatar
Lukas Burgey committed
640
641
642
        max_length=10,
        choices=ACTION_CHOICES,
    )
643
    key = models.ForeignKey(
Lukas Burgey's avatar
Lukas Burgey committed
644
645
646
647
        SSHPublicKey,
        related_name='tasks',
        on_delete=models.CASCADE,
    )
Lukas Burgey's avatar
Lukas Burgey committed
648
    deployment = models.ForeignKey(
Lukas Burgey's avatar
Lukas Burgey committed
649
650
651
652
        Deployment,
        related_name='tasks',
        on_delete=models.CASCADE,
    )
Lukas Burgey's avatar
Lukas Burgey committed
653
654
655
656
657
658
659
660
661

    @property
    def user(self):
        return self.deployment.user

    @property
    def service(self):
        return self.deployment.service

662
    def __str__(self):
663
        return "{}:{}:{} - {}".format(
Lukas Burgey's avatar
Lukas Burgey committed
664
665
666
667
668
            self.deployment.service,
            self.deployment.user,
            self.key,
            self.action,
        )
669

Lukas Burgey's avatar
Lukas Burgey committed
670
    def _msg(self, msg):
Lukas Burgey's avatar
Lukas Burgey committed
671
        return '[DeploymentTask:{}] {}'.format(self, msg)
672
673

    def publish(self):
674
        # FIXME mitigating circular dependencies here
675
676
677
        from .clientapi.serializers import DeploymentTaskSerializer
        msg = json.dumps(DeploymentTaskSerializer(self).data)

Lukas Burgey's avatar
Lukas Burgey committed
678
        # FIXME select the rabbitmq instance more meaningful
679
        RabbitMQInstance.load().publish_by_service(
Lukas Burgey's avatar
Lukas Burgey committed
680
681
682
            self.service,
            msg,
        )
683
684
685

    # the client acked the receipt and execution of the task for his site
    def item_finished(self, site):
Lukas Burgey's avatar
Lukas Burgey committed
686
        item = self.task_items.get(site=site)
Lukas Burgey's avatar
Lukas Burgey committed
687
        LOGGER.debug(item._msg('done'))
Lukas Burgey's avatar
Lukas Burgey committed
688
        item.delete()
689
690
691
692
693
694

        if not self.task_items.exists():
            self.finished()

    # maintenance after all task items are done
    def finished(self):
Lukas Burgey's avatar
Lukas Burgey committed
695
        LOGGER.info(self._msg('done'))
Lukas Burgey's avatar
Lukas Burgey committed
696
        self.delete()
697
698
699
700
701
702
703
704

        # check if this was the final withdraw in a key deletion
        if self.action == 'withdraw':
            self.key.try_final_deletion()


class DeploymentTaskItem(models.Model):
    task = models.ForeignKey(
Lukas Burgey's avatar
Lukas Burgey committed
705
706
707
708
        DeploymentTask,
        related_name='task_items',
        on_delete=models.CASCADE,
    )
709
    site = models.ForeignKey(
Lukas Burgey's avatar
Lukas Burgey committed
710
711
712
713
        Site,
        related_name='task_items',
        on_delete=models.CASCADE,
    )
714

Lukas Burgey's avatar
Lukas Burgey committed
715
    def __str__(self):
716
        return "{}@{}".format(
Lukas Burgey's avatar
Lukas Burgey committed
717
718
719
            self.task,
            self.site,
        )
720

Lukas Burgey's avatar
Lukas Burgey committed
721
    def _msg(self, msg):
Lukas Burgey's avatar
Lukas Burgey committed
722
        return '[DeploymentTaskItem:{}] {}'.format(self, msg)
723

Lukas Burgey's avatar
Lukas Burgey committed
724

725
726
727
#
# RECEIVERS
#
Lukas Burgey's avatar
Lukas Burgey committed
728
729
730
731
732
733
734
735

@receiver(post_save, sender=settings.AUTH_USER_MODEL)
def create_auth_token(sender, instance=None, created=False, **kwargs):
    if instance.user_type == 'apiclient' and created:
        Token.objects.create(user=instance)


@receiver(post_save, sender=Site)
Lukas Burgey's avatar
Lukas Burgey committed
736
def register_at_rabbitmq(sender, instance=None, created=False, **kwargs):
Lukas Burgey's avatar
Lukas Burgey committed
737
738
739
740
741
742
743
    if not created:
        return

    RabbitMQInstance().register_site(instance)


@receiver(pre_delete, sender=Site)
Lukas Burgey's avatar
Lukas Burgey committed
744
def deregister_at_rabbitmq(sender, instance=None, **kwargs):
Lukas Burgey's avatar
Lukas Burgey committed
745
    RabbitMQInstance().deregister_site(instance)
746
747
748
749
750
751
752


@receiver(post_save, sender=User)
def deactivate_user(sender, instance=None, created=False, **kwargs):
    if created:
        return

753
    if not instance.is_active and instance.is_active_at_clients:
754
755
756
757
758
759
760
761
        instance.deactivate()


@receiver(post_save, sender=User)
def activate_user(sender, instance=None, created=False, **kwargs):
    if created:
        return

762
    if instance.is_active and not instance.is_active_at_clients:
763
        instance.activate()