deployments.py

from json import dumps
from logging import getLogger

from django.conf import settings
from django.db import models
from django.db.models import Q
from django_mysql.models import JSONField
from polymorphic.models import PolymorphicModel

from feudal.backend.auth.v1.models.vo import VO

from . import Site, Service
from .users import User, SSHPublicKey
from .brokers import RabbitMQInstance


LOGGER = getLogger(__name__)


DEPLOYMENT_PENDING = 'deployment_pending'
REMOVAL_PENDING = 'removal_pending'
NOT_DEPLOYED = 'not_deployed'
DEPLOYED = 'deployed'
QUESTIONNAIRE = 'questionnaire'
FAILED = 'failed'
REJECTED = 'rejected'

TARGET_CHOICES = (
    (DEPLOYED, 'Deployed'),
    (NOT_DEPLOYED, 'Not Deployed'),
)
STATE_CHOICES = (
    (DEPLOYMENT_PENDING, 'VODeployment Pending'),
    (REMOVAL_PENDING, 'Removal Pending'),
    (DEPLOYED, 'Deployed'),
    (NOT_DEPLOYED, 'Not Deployed'),
    (QUESTIONNAIRE, 'Questionnaire'),
    (FAILED, 'Failed'),
    (REJECTED, 'Rejected'),
)


def questionnaire_default():
    return {}


def credential_default():
    return {}


def get_deployment(user, vo=None, service=None):
    if vo is not None and service is not None:
        raise ValueError('Cannot create deployment for both vo and service')

    if vo is not None:
        return VODeployment.get_deployment(user, vo)

    if service is not None:
        return ServiceDeployment.get_deployment(user, service)

    raise ValueError('Need vo or service to create deployment')


class Deployment(PolymorphicModel):
    user = models.ForeignKey(
        User,
        related_name='deployments',
        on_delete=models.CASCADE,
    )

    # which state do we currently want to reach?
    state_target = models.CharField(
        max_length=50,
        choices=TARGET_CHOICES,
        default=NOT_DEPLOYED,
    )

    is_active = models.BooleanField(
        default=True,
    )

    # credentials provided by the backend to the clients
    @property
    def credentials(self):
        return self.user.credentials

    @property
    def state(self):
        if self.states.exists():
            _state = ''
            for state in self.states.all():
                if _state == '':
                    _state = state.state
                elif _state != state.state:
                    return 'mixed'

            return _state

        # if we have no states we have nothing to do
        return self.state_target

    @property
    def target_reached(self):
        return self.state_target == self.state

    def _set_target(self, target):
        if str(self.state_target) == str(target):
            return

        LOGGER.debug(self.msg('Target: {} -> {} '.format(self.state_target, target)))

        self.state_target = target
        self.save()

        # FIXME this is breaking things when one wants deploy and another gets a user_remove
        # # set the target to all credentials
        # for state in self.states.all():
        #     state.assure_credential_states_exist()

        # for credential_state in CredentialState.objects.filter(
        #         target__deployments=self,
        # ):
        #     credential_state.set_target(target)

    # Deployment.user_deploy
    def user_deploy(self):
        LOGGER.debug(self.msg('user_deploy'))
        self._set_target(DEPLOYED)

        # states which are not DEPLOYED
        for item in self.states.filter(~Q(state=DEPLOYED)):
            item.user_deploy()

        self.publish()

    # Deployment.user_remove
    def user_remove(self):
        LOGGER.debug(self.msg('user_remove'))
        can_publish = False
        self._set_target(NOT_DEPLOYED)

        # states which are not NOT_DEPLOYED
        for item in self.states.filter(~Q(state=NOT_DEPLOYED)):
            if item.user_remove():
                can_publish = True

        # we only publish to the clients if allowed
        # we are not allowed to publish a removal if another deployment for our
        # DeploymentStates exists and has the target DEPLOYED
        if can_publish:
            self.publish()
        else:
            self.publish_to_user()

    def user_credential_added(self, key):
        for item in self.states.all():
            item.user_credential_added(key)

        self.publish()

    def user_credential_removed(self, key):
        for item in self.states.all():
            item.user_credential_removed(key)

        self.publish()

    def publish_to_client(self):
        LOGGER.debug(self.msg('publish_to_client'))

        from .serializers import clients
        data = clients.DeploymentSerializer(self).data
        msg = dumps(data)

        RabbitMQInstance.load().publish(
            self,
            msg,
        )

    # sends a state update via RabbitMQ / STOMP to the users webpage instance
    def publish_to_user(self):
        if self.user is None:
            return

        LOGGER.debug(self.msg('publish_to_user'))

        from . import serializers
        msg = dumps({
            'deployment': serializers.DeploymentSerializer(self).data,
        })
        RabbitMQInstance.load().publish_to_user(
            self.user,
            msg,
        )

    def publish(self):
        self.publish_to_user()
        self.publish_to_client()

    def msg(self, msg):
        return '{} - {}'.format(self, msg)

    def __str__(self):
        return 'Abstr. Deployment:({})#{}'.format(
            self.user,
            self.id,
        )


class VODeployment(Deployment):
    vo = models.ForeignKey(
        VO,
        related_name='vo_deployments',
        on_delete=models.CASCADE,
    )

    @property
    def services(self):
        return self.vo.services.all()

    @property
    def broker_exchange(self):
        return self.vo.broker_exchange

    @property
    def routing_key(self):
        return self.vo.name

    def create_states(self):
        for service in self.services:
            DeploymentState.get_state_item(
                self.user,
                service.site,
                service,
                deployments=[self],
            )

    @classmethod
    def get_deployment(cls, user, vo):
        try:
            deployment = cls.objects.get(
                user=user,
                vo=vo,
            )
            deployment.create_states()

            return deployment

        except cls.DoesNotExist:
            deployment = cls(
                user=user,
                vo=vo,
            )

            deployment.save()
            deployment.create_states()

            LOGGER.debug(deployment.msg('Created'))
            return deployment

    def service_added(self, service):
        LOGGER.debug(self.msg('Adding service {}'.format(service)))
        item = DeploymentState.get_state_item(
            self.user,
            service.site,
            service,
            deployments=[self],
        )
        if str(self.state_target) == 'deployed':
            item.user_deploy()

    def service_removed(self, service):
        LOGGER.debug(self.msg('Removing service {}'.format(service)))
        LOGGER.debug('TODO implement service removal')

    def msg(self, msg):
        return '{} - {}'.format(self, msg)

    def __str__(self):
        return 'VO-Dep: ({}:{})#{}'.format(
            self.vo,
            self.user,
            self.id,
        )


class ServiceDeployment(Deployment):
    service = models.ForeignKey(
        Service,
        related_name='service_deployments',
        on_delete=models.CASCADE,
    )

    @property
    def broker_exchange(self):
        return 'services'

    @property
    def routing_key(self):
        return self.service.name

    def create_state_item(self):
        DeploymentState.get_state_item(
            self.user,
            self.service.site,
            self.service,
            deployments=[self],
        )

    @classmethod
    def get_deployment(cls, user, service):
        try:
            deployment = cls.objects.get(
                user=user,
                service=service,
            )
            deployment.create_state_item()

            return deployment

        except cls.DoesNotExist:
            deployment = cls(
                user=user,
                service=service
            )

            deployment.save()
            deployment.create_state_item()

            LOGGER.debug(deployment.msg('Created'))
            return deployment

    def msg(self, msg):
        return '{} - {}'.format(self, msg)

    def __str__(self):
        return 'Service-Dep: ({}:{})#{}'.format(
            self.service,
            self.user,
            self.id,
        )


class DeploymentState(models.Model):
    deployments = models.ManyToManyField(
        Deployment,
        related_name='states',
    )

    user = models.ForeignKey(
        User,
        related_name='states',
        on_delete=models.SET_NULL,
        blank=True,
        null=True,
    )

    site = models.ForeignKey(
        Site,
        related_name='states',
        on_delete=models.CASCADE,
    )

    service = models.ForeignKey(
        Service,
        related_name='states',
        on_delete=models.CASCADE,
    )

    state = models.CharField(
        max_length=50,
        choices=STATE_CHOICES,
        default=NOT_DEPLOYED,
    )

    # message for the user
    message = models.TextField(
        max_length=300,
        default='',
    )

    # questions for the user (needed for deployment
    questionnaire = JSONField(
        default=questionnaire_default,
        null=True,
        blank=True,
    )

    # credentials for the service
    # only valid when state == deployed
    credentials = JSONField(
        default=credential_default,
        null=True,
        blank=True,
    )

    @property
    def state_target(self):
        for deployment in self.deployments.all():
            if deployment.state_target == DEPLOYED:
                return DEPLOYED

        return NOT_DEPLOYED

    @property
    def is_pending(self):
        # TODO
        # pending because we are orphaned -> pending until removed everywhere
        if not self.deployments.exists():
            return True

        # pending because the state target is not reached
        if self.state_target != self.state:
            return True

        return False

    @property
    def is_credential_pending(self):
        for credential_state in self.credential_states.all():
            if credential_state.is_pending:
                return True
        return False

    @property
    def user_credentials(self):
        return self.user.credentials

    @classmethod
    def get_state_item(cls, user, site, service, deployments=[]):
        try:
            item = cls.objects.get(
                user=user,
                site=site,
                service=service,
            )

            for deployment in deployments:
                if not item.deployments.filter(id=deployment.id).exists():
                    LOGGER.debug(item.msg('Binding to deployment {}'.format(deployment)))
                    item.deployments.add(deployment)

            return item

        except cls.DoesNotExist:
            item = cls(
                user=user,
                site=site,
                service=service,
            )
            item.save()
            for deployment in deployments:
                item.deployments.add(deployment)

            LOGGER.debug(item.msg('Created'))
            return item

    # starts tracking this the credential for this item
    def user_credential_added(self, credential):
        if settings.DEBUG_CREDENTIALS:
            LOGGER.debug('user_credential_added: %s %s', self, credential)

        CredentialState.get_credential_state(
            credential,
            self,
        )

    def user_credential_removed(self, credential):
        if settings.DEBUG_CREDENTIALS:
            LOGGER.debug('user_credential_removed: %s %s', self, credential)

        try:
            credential_state = self.credential_states.get(credential=credential)
            credential_state.credential_deleted()

        except CredentialState.DoesNotExist:
            LOGGER.error(self.msg('Credential {} has no CredentialState'.format(credential)))

    # STATE TRANSITIONS

    # DeploymentState.user_deploy
    def user_deploy(self):
        LOGGER.debug(self.msg('user_deploy'))

        self._assure_credential_states_exist()
        for cred_state in self.credential_states.all():
            cred_state.set_target(DEPLOYED)

        if str(self.state) == REMOVAL_PENDING:
            self._set_state(DEPLOYED)
            return

        if str(self.state) == DEPLOYED:
            LOGGER.debug(self.msg('State: already deployed'))
            return

        self._set_state(
            DEPLOYMENT_PENDING,
            publish=False,  # the post response already contains the update
        )

    # DeploymentState.user_remove
    # returns True if no other deployment needs this state_item to be deployed
    def user_remove(self):
        if str(self.state_target) == DEPLOYED:
            LOGGER.debug(self.msg('user_remove: Not removing: another deployment has target deployed'))

            # False: signal the callee that a publish_to_client is *not* permitted
            return False

        LOGGER.debug(self.msg('user_remove'))

        for cred_state in self.credential_states.all():
            cred_state.set_target(NOT_DEPLOYED)

        if str(self.state) == NOT_DEPLOYED:
            LOGGER.debug(self.msg('State: already not_deployed'))

        elif (
                self.state_target == DEPLOYED
                and (self.state == FAILED
                     or self.state == REJECTED)
        ):
            self._reset()
            self._set_state(NOT_DEPLOYED, publish=False)

        elif (
                self.state == DEPLOYMENT_PENDING
                or self.state == QUESTIONNAIRE
        ):
            self._set_state(NOT_DEPLOYED)

        else:
            # default: start the removal process
            self._set_state(
                REMOVAL_PENDING,
                publish=False,  # the post response already contains the update
            )

        # True: signal the callee that a publish_to_client is permitted
        return True

    # user: questionnaire answered
    def user_answers(self, answers=None):
        if not self.deployments.exists():
            LOGGER.error('user_remove: no deployments')
            return

        self.questionnaire = answers
        self._set_state(DEPLOYMENT_PENDING, publish=False)
        self.publish_to_client()

    def client_credential_states(self, credential_states):
        # maps ssh key names to their state
        ssh_key_states = credential_states.get('ssh_key', None)

        # ASSUMPTION:
        # if we hear nothing about a credential we assume it got deprovisioned!
        for credential_state in self.credential_states.all():
            if (
                    ssh_key_states is not None
                    and credential_state.credential.name in ssh_key_states
            ):
                credential_state.set(ssh_key_states[credential_state.credential.name])
            else:
                credential_state.set(NOT_DEPLOYED)

    # client_response returns None on success, or a string describing an error
    def client_response(self, output):

        if 'state' not in output:
            return 'field "state" is missing in output'

        state = output.get('state', '')
        LOGGER.debug(self.msg('Client response: {}'.format(state)))

        self._set_state(state)

        credential_states = output.get('user_credential_states', None)
        if credential_states is not None:
            self.client_credential_states(credential_states)

        self.message = output.get('message', '')
        self.save()

        # update values
        if state == DEPLOYED:
            self.credentials = output.get('credentials', {})
            self.save()

        elif state == NOT_DEPLOYED:
            # reset credentials and questionnaire
            self._reset()
            self.save()

        elif state == QUESTIONNAIRE:
            self.questionnaire = output.get('questionnaire', {})
            self.save()
        elif state == REJECTED:
            pass
        elif state == FAILED:
            pass
        else:
            return 'unknown state "{}"'.format(state)

        # FIXME this apparently causes deployment loops
        # is the target reached now?
        if self.state_target != self.state:
            LOGGER.debug(self.msg('Target {} still not reached. Publishing again'.format(
                self.state_target,
            )))
            self.publish_to_client()

        return None

    # resets all client sent values
    def _reset(self):
        self.credentials = credential_default()
        self.questionnaire = questionnaire_default()
        self.message = ''

    def _assure_credential_states_exist(self):
        # assure all user credentials have a state
        if self.user is not None:
            for key in self.user.ssh_keys.all():
                try:
                    CredentialState.get_credential_state(
                        credential=key,
                        target=self,
                    )
                except CredentialState.DoesNotExist:
                    LOGGER.error('CredentialState.DoesNotExist in _set_state')

    def _set_state(self, state, publish=True):
        self._assure_credential_states_exist()

        if str(self.state) == str(state):
            return

        LOGGER.debug(self.msg('State: {} -> {} - Target: {}'.format(self.state, state, self.state_target)))

        self.state = state
        self.save()

        # publish to user
        if publish and self.deployments.exists():
            self.publish_to_user()

    def publish_to_user(self):
        for deployment in self.deployments.all():
            deployment.publish_to_user()

    def publish_to_client(self):
        for deployment in self.deployments.all():
            deployment.publish_to_client()

    def msg(self, msg):
        return '{} - {}'.format(self, msg)

    def __str__(self):
        if self.deployments.exists():
            deployment_names = [str(deployment.id) for deployment in self.deployments.all()]

            return 'DState: ({}:{}:{})#{}'.format(
                ','.join(deployment_names),
                self.service,
                self.site,
                self.id,
            )

        return 'DState: (ORPHANED:{}:{})#{}'.format(
            self.service,
            self.site,
            self.id,
        )


class CredentialState(models.Model):
    state_target = models.CharField(
        max_length=50,
        choices=TARGET_CHOICES,
        default=NOT_DEPLOYED
    )

    state = models.CharField(
        max_length=50,
        choices=STATE_CHOICES,
        default=NOT_DEPLOYED
    )

    credential = models.ForeignKey(
        SSHPublicKey,
        related_name='credential_states',
        on_delete=models.CASCADE,
    )

    _credential_deleted = models.BooleanField(
        default=False,
    )

    # TODO target is a stupid field name. Change it
    target = models.ForeignKey(
        DeploymentState,
        related_name='credential_states',
        on_delete=models.CASCADE,
    )

    @property
    def is_pending(self):
        return self.state != self.state_target

    @classmethod
    def get_credential_state(cls, credential, target):
        try:
            return cls.objects.get(
                credential=credential,
                target=target,
            )
        except cls.DoesNotExist:

            new_state = cls(
                credential=credential,
                target=target,
                state=NOT_DEPLOYED,
                state_target=target.state_target,
            )
            new_state.save()

            if settings.DEBUG_CREDENTIALS:
                LOGGER.debug(new_state.msg('Created'))

            return new_state

    def set_target(self, target):
        if str(self.state_target) == str(target):
            return

        # state_target is locked, since we are marked for deletion
        if self._credential_deleted:
            return

        LOGGER.debug(self.msg('Target: {} -> {}'.format(self.state_target, target)))

        self.state_target = target
        self.save()

    def set(self, state):
        if str(self.state) == str(state):
            return

        if state == NOT_DEPLOYED and self._credential_deleted:
            self._delete_state()
            return

        if state == self.state:
            return

        if settings.DEBUG_CREDENTIALS:
            LOGGER.debug(self.msg('State: {} -> {}'.format(self.state, state)))

        self.state = state
        self.save()

        self.target.publish_to_user()

    def credential_deleted(self):
        if self.state == NOT_DEPLOYED:
            self._delete_state()

        LOGGER.debug('related credential: %s', self.credential)
        self.state_target = NOT_DEPLOYED
        self._credential_deleted = True
        self.save()

        if settings.DEBUG_CREDENTIALS:
            LOGGER.debug(self.msg('Marked as deleted'))

    def _delete_state(self):
        LOGGER.debug(self.msg('Deleted'))
        credential = self.credential
        self.delete()

        credential.try_delete_key()

    def msg(self, message):
        return '{} - {}'.format(self, message)

    def __str__(self):
        return 'CState: ({}:{})#{}'.format(
            self.target.id,
            self.credential,
            self.id,
        )