Commit 4780bd9b authored by Lukas Burgey's avatar Lukas Burgey

Fix deletion and removal of ssh keys

Closes #7
parent b16c2eef
# Generated by Django 2.1.3 on 2018-11-22 22:15
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('backend', '0025_auto_20181121_1149'),
]
operations = [
migrations.AddField(
model_name='deploymentstate',
name='pending',
field=models.BooleanField(default=False, editable=False),
),
]
...@@ -707,6 +707,7 @@ class CredentialState(models.Model): ...@@ -707,6 +707,7 @@ class CredentialState(models.Model):
def set(self, state): def set(self, state):
if state == NOT_DEPLOYED and self._credential_deleted: if state == NOT_DEPLOYED and self._credential_deleted:
self._delete_state() self._delete_state()
return
if state == self.state: if state == self.state:
return return
...@@ -720,6 +721,7 @@ class CredentialState(models.Model): ...@@ -720,6 +721,7 @@ class CredentialState(models.Model):
if self.state == NOT_DEPLOYED: if self.state == NOT_DEPLOYED:
self._delete_state() self._delete_state()
LOGGER.debug('related credential: %s', self.credential)
self.state_target = NOT_DEPLOYED self.state_target = NOT_DEPLOYED
self._credential_deleted = True self._credential_deleted = True
self.save() self.save()
...@@ -729,8 +731,11 @@ class CredentialState(models.Model): ...@@ -729,8 +731,11 @@ class CredentialState(models.Model):
def _delete_state(self): def _delete_state(self):
LOGGER.debug(self.msg('Deleted')) LOGGER.debug(self.msg('Deleted'))
credential = self.credential
self.delete() self.delete()
credential.try_delete_key()
def msg(self, message): def msg(self, message):
return '{} - {}'.format(self, message) return '{} - {}'.format(self, message)
......
...@@ -210,7 +210,7 @@ class User(AbstractUser): ...@@ -210,7 +210,7 @@ class User(AbstractUser):
# oidcuser: deploy the according credentials # oidcuser: deploy the according credentials
if self.user_type == 'oidcuser': if self.user_type == 'oidcuser':
#for dep in self.deployments.all(): # for dep in self.deployments.all():
# dep.activate() # dep.activate()
pass pass
...@@ -306,15 +306,13 @@ class User(AbstractUser): ...@@ -306,15 +306,13 @@ class User(AbstractUser):
# is the idp key still present? # is the idp key still present?
if idp_key_name not in userinfo: if idp_key_name not in userinfo:
key.delete_key() self.user_remove_key(key)
self.user_changed_key_removed(key)
return True return True
# is the idp key changed? # is the idp key changed?
if key.key != unity_key_value: if key.key != unity_key_value:
key.delete_key() self.user_remove_key(key)
self.user_changed_key_removed(key)
new_key = SSHPublicKey( new_key = SSHPublicKey(
name=unity_key_name, name=unity_key_name,
...@@ -376,7 +374,10 @@ class User(AbstractUser): ...@@ -376,7 +374,10 @@ class User(AbstractUser):
for dep in self.deployments.all(): for dep in self.deployments.all():
dep.user_credential_added(key) dep.user_credential_added(key)
def user_changed_key_removed(self, key): def user_remove_key(self, key):
if key.delete_key():
return
LOGGER.debug('user_changed_key_removed: %s %s', self, key) LOGGER.debug('user_changed_key_removed: %s %s', self, key)
for dep in self.deployments.all(): for dep in self.deployments.all():
...@@ -424,15 +425,26 @@ class SSHPublicKey(models.Model): ...@@ -424,15 +425,26 @@ class SSHPublicKey(models.Model):
def value(self): def value(self):
return self.key return self.key
# does not really delete the key # returns true if the deletion is final
def delete_key(self): def delete_key(self):
LOGGER.debug('delete_key: %s', self.name) if self.try_delete_key():
return True
LOGGER.debug(self.msg('Deletion started'))
self.user = None self.user = None
self.key = '' self.key = ''
self.deleted = True self.deleted = True
self.save() self.save()
return False
# if this key has no credential states anymore we _really_ delete it
def try_delete_key(self):
if not self.credential_states.filter(state='deployed').exists():
LOGGER.info(self.msg('Final deletion'))
self.delete()
return True
LOGGER.debug('delete_key: need to inform clients about deletion') return False
def __str__(self): def __str__(self):
if self.deleted: if self.deleted:
......
...@@ -57,11 +57,7 @@ class SSHPublicKeyView(views.APIView): ...@@ -57,11 +57,7 @@ class SSHPublicKeyView(views.APIView):
id=request.data['id'], id=request.data['id'],
) )
# we do not delete ssh keys directly, as we need to keep track request.user.user_remove_key(key)
# of them until all clients have also deleted them
key.delete_key()
request.user.user_changed_key_removed(key)
return Response({ return Response({
'deleted': True, 'deleted': True,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment