Adapt to the changes of the client service config

feudal/backend/auth/v1/views/clients.py

@@ -229,54 +229,47 @@ def topic_endpoint_apiclient(request, apiclient):
     name = request.POST.get('name', '')
     routing_key = request.POST.get('routing_key', '')
 
-    if name == 'groups' or name == 'entitlements':
-        try:
-            vo = None
-            if name == 'groups':
-                vo = Group.objects.get(name=routing_key)
-            elif name == 'entitlements':
-                vo = Entitlement.objects.get(
-                    # we strip the group authority from the routing key if it was included
-                    name=Entitlement.extract_name(routing_key),
-                )
-
+    try:
+        if name == 'groups' or name == 'entitlements':
             try:
+                vo = None
+                if name == 'groups':
+                    vo = Group.objects.get(name=routing_key)
+                elif name == 'entitlements':
+                    vo = Entitlement.objects.get(
+                        # we strip the group authority from the routing key if it was included
+                        name=Entitlement.extract_name(routing_key),
+                    )
+
                 models.Site.objects.get(
                     services__vos=vo,
                     client=apiclient,
                 )
                 return topic_auth_decision(request, ALLOW)
 
-            except models.Site.MultipleObjectsReturned:
-                return topic_auth_decision(request, ALLOW)
-
-            except models.Site.DoesNotExist:
+            except (Group.DoesNotExist, Entitlement.DoesNotExist):
+                LOGGER.error('VO does not exist: %s', routing_key)
                 return topic_auth_decision(request, DENY)
 
-        except (Group.DoesNotExist, Entitlement.DoesNotExist):
-            LOGGER.error('VO does not exist: %s', routing_key)
-            return topic_auth_decision(request, DENY)
-
-    elif name == 'services':
-        try:
-            service = models.Service.objects.get(name=routing_key)
-
+        elif name == 'services':
             try:
+                service = models.Service.objects.get(name=routing_key)
+
                 models.Site.objects.get(
                     services=service,
                     client=apiclient,
                 )
                 return topic_auth_decision(request, ALLOW)
 
-            except models.Site.MultipleObjectsReturned:
-                return topic_auth_decision(request, ALLOW)
-
-            except models.Site.DoesNotExist:
+            except models.Service.DoesNotExist:
+                LOGGER.error('Service does not exist: %s', routing_key)
                 return topic_auth_decision(request, DENY)
 
-        except models.Service.DoesNotExist:
-            LOGGER.error('Service does not exist: %s', routing_key)
-            return topic_auth_decision(request, DENY)
+    except models.Site.MultipleObjectsReturned:
+        return topic_auth_decision(request, ALLOW)
+
+    except models.Site.DoesNotExist:
+        return topic_auth_decision(request, DENY)
 
     return topic_auth_decision(request, DENY)
 

feudal/backend/models/deployments.py

@@ -53,12 +53,18 @@ def get_deployment(user, vo=None, service=None):
         raise ValueError('Cannot create deployment for both vo and service')
 
     if vo is not None:
+        # get_deployment updates automatically
         return VODeployment.get_deployment(user, vo)
 
     if service is not None:
+        # get_deployment updates automatically
         return ServiceDeployment.get_deployment(user, service)
 
-    raise ValueError('Need vo or service to create deployment')
+    deps = Deployment.objects.filter(user=user)
+    for dep in deps:
+        dep.update()
+    return deps
+
 
 
 class Deployment(PolymorphicModel):
@@ -222,7 +228,10 @@ class VODeployment(Deployment):
     def routing_key(self):
         return self.vo.name
 
-    def create_states(self):
+    def update(self):
+        self._create_states()
+
+    def _create_states(self):
         for service in self.services:
             DeploymentState.get_state_item(
                 self.user,
@@ -238,7 +247,7 @@ class VODeployment(Deployment):
                 user=user,
                 vo=vo,
             )
-            deployment.create_states()
+            deployment.update()
 
             return deployment
 
@@ -249,7 +258,7 @@ class VODeployment(Deployment):
             )
 
             deployment.save()
-            deployment.create_states()
+            deployment.update()
 
             LOGGER.debug(deployment.msg('Created'))
             return deployment
@@ -295,7 +304,7 @@ class ServiceDeployment(Deployment):
     def routing_key(self):
         return self.service.name
 
-    def create_state_item(self):
+    def _create_state(self):
         DeploymentState.get_state_item(
             self.user,
             self.service.site,
@@ -303,6 +312,9 @@ class ServiceDeployment(Deployment):
             deployments=[self],
         )
 
+    def update(self):
+        self._create_state()
+
     @classmethod
     def get_deployment(cls, user, service):
         try:
@@ -310,7 +322,7 @@ class ServiceDeployment(Deployment):
                 user=user,
                 service=service,
             )
-            deployment.create_state_item()
+            deployment.update()
 
             return deployment
 
@@ -319,9 +331,8 @@ class ServiceDeployment(Deployment):
                 user=user,
                 service=service
             )
-
             deployment.save()
-            deployment.create_state_item()
+            deployment.update()
 
             LOGGER.debug(deployment.msg('Created'))
             return deployment

feudal/backend/models/users.py

@@ -368,7 +368,8 @@ class User(AbstractUser):
     def user_changed_key_added(self, key):
         LOGGER.debug(self.msg('Added: {}'.format(key)))
 
-        for dep in self.deployments.all():
+        from . import deployments
+        for dep in deployments.get_deployment(self):
             dep.user_credential_added(key)
 
     def user_remove_key(self, key):
@@ -377,7 +378,8 @@ class User(AbstractUser):
         if key.delete_key():
             return
 
-        for dep in self.deployments.all():
+        from . import deployments
+        for dep in deployments.get_deployment(self):
             dep.user_credential_removed(key)
 
     def user_changed_vo_added(self, vo):

feudal/backend/views/clients.py

@@ -61,7 +61,6 @@ class ResponseView(views.APIView):
         # find the corresponding DeploymentState for this response
         try:
             deployment_state = client_site.states.get(
-                # TODO this query might not work
                 deployments__id=int(deployment_id),
                 site=client_site,
                 service=service,
@@ -73,7 +72,12 @@ class ResponseView(views.APIView):
             return Response({})
 
         except DeploymentState.DoesNotExist:
-            LOGGER.error('[ResponseView] No matching DStateItem')
+            LOGGER.error(
+                '[ResponseView] No DeploymentState for service %s at site %s; deployment id %s',
+                service,
+                client_site,
+                deployment_id,
+            )
             return response_view_error('no matching DeploymentState')
 
 
@@ -82,59 +86,13 @@ class ConfigurationView(views.APIView):
     authentication_classes = AUTHENTICATION_CLASSES
 
     @staticmethod
-    def handle_group_to_services(site, group_to_services):
-        for group_name, group_service_list in group_to_services.items():
-            group = Group.get_group(
-                name=group_name,
-            )
-
-            for group_service in group_service_list:
-                name = group_service.get('name', None)
-                if name is None:
-                    LOGGER.error('Client pushed invalid service: %s', group_service)
-                    continue
-
-                description = group_service.get('description', None)
-
-                service = Service.get_service(
-                    name,
-                    site,
-                    description=description,
-                )
-
-                # add group to the services VOs
-                try:
-                    service.vos.get(name=group_name)
-                except VO.DoesNotExist:
-                    service.vos.add(group)
-
-    @staticmethod
-    def handle_entitlement_to_services(site, entitlement_to_services):
-        for entitlement_name, entitlement_service_list in entitlement_to_services.items():
-            entitlement = Entitlement.get_entitlement(
-                name=entitlement_name,
-            )
-
-            for entitlement_service in entitlement_service_list:
-                name = entitlement_service.get('name', None)
-                if name is None:
-                    LOGGER.error('Client pushed invalid service: %s', entitlement_service)
-                    continue
-
-                description = entitlement_service.get('description', '')
-
-                service = Service.get_service(
-                    name,
-                    site,
-                    description=description,
-                )
-
-                # add entitlement to the services VOs
-                try:
-                    service.vos.get(name=entitlement_name)
-                except VO.DoesNotExist:
-                    service.vos.add(entitlement)
+    def add_vo_to_service(service, vo):
+        try:
+            service.vos.get(name=vo.name)
+        except VO.DoesNotExist:
+            service.vos.add(vo)
 
+    # the client puts its (stripped) config
     def put(self, request):
 
         # the site where client is located
@@ -144,27 +102,47 @@ class ConfigurationView(views.APIView):
         except Site.DoesNotExist:
             raise ImproperlyConfigured("client has no site")
 
-        group_to_services = request.data.get('group_to_services', None)
-        if group_to_services is not None:
-            self.handle_group_to_services(client_site, group_to_services)
-
-        entitlement_to_services = request.data.get('entitlement_to_services', {})
-        if entitlement_to_services is not None:
-            self.handle_entitlement_to_services(client_site, entitlement_to_services)
-
-        # TODO deactivate vanished services
+        # create the services
+        sid_to_service = {}
+        if 'services' in request.data:
+            services = request.data['services']
+            for service_id in services:
+                service_descriptor = services[service_id]
+                if 'name' in service_descriptor:
+                    sid_to_service[service_id] = Service.get_service(
+                        service_descriptor['name'],
+                        client_site,
+                        description=service_descriptor.get('description', ''),
+                    )
+            # TODO remove vanished services
+
+        # apply groups / entitlements to the services
+        if 'group_to_service_ids' in request.data:
+            group_to_service_ids = request.data['group_to_service_ids']
+            for group_name in group_to_service_ids:
+                group = Group.get_group(name=group_name)
+
+                for service_id in group_to_service_ids[group_name]:
+                    self.add_vo_to_service(sid_to_service[service_id], group)
+
+        if 'entitlement_to_service_ids' in request.data:
+            entitlement_to_service_ids = request.data['entitlement_to_service_ids']
+            for entitlement_name in entitlement_to_service_ids:
+                entitlement = Entitlement.get_entitlement(name=entitlement_name)
+
+                for service_id in entitlement_to_service_ids[entitlement_name]:
+                    self.add_vo_to_service(sid_to_service[service_id], entitlement)
 
         # initialize the broker, just in case
         broker = RabbitMQInstance.load()
         broker.initialize()
 
-        response = {
+        return Response({
             'rabbitmq_config': clients.RabbitMQInstanceSerializer(
                 broker,
             ).data,
             'site': request.user.site.name,
-        }
-        return Response(response)
+        })
 
 
 class DeregisterView(views.APIView):