Change imports

feudal/backend/auth/v1/views/clients.py

@@ -8,9 +8,7 @@ from django.http import HttpResponse
 from django.contrib.auth import authenticate
 from django.contrib.sessions.models import Session
 
-from ....models import Site
-from ....models.brokers import RabbitMQInstance
-from ....models.users import User
+from .... import models
 
 LOGGER = logging.getLogger(__name__)
 CLIENT_DEBUGGING = False
@@ -20,7 +18,7 @@ DENY = HttpResponse('deny')
 
 
 def _valid_vhost(request):
-    if request.POST.get('vhost') == RabbitMQInstance.load().vhost:
+    if request.POST.get('vhost') == models.RabbitMQInstance.load().vhost:
         return True
     LOGGER.error('illegal vhost requested')
     return False
@@ -36,7 +34,7 @@ def _valid_user(request):
     return _apiclient_valid(request) or _webpage_client_userid(request)
 
 def _apiclient_valid(request):
-    valid = User.objects.filter(
+    valid = models.User.objects.filter(
         user_type='apiclient',
         username=request.POST.get('username'),
     ).exists()
@@ -45,7 +43,7 @@ def _apiclient_valid(request):
     return False
 
 def _apiclient_get(request):
-    user = User.objects.filter(
+    user = models.User.objects.filter(
         user_type='apiclient',
     ).get(
         username=request.POST.get('username'),
@@ -137,7 +135,7 @@ def _resource_authorized_apiclient(request):
         and name.startswith('amq.gen-')
     ) or (
         resource == 'exchange'
-        and name in RabbitMQInstance.load().exchanges
+        and name in models.RabbitMQInstance.load().exchanges
         and not 'write' in permission
     )
 
@@ -233,16 +231,16 @@ def topic_endpoint_apiclient(request, apiclient):
             group = Group.objects.get(name=routing_key)
 
             try:
-                Site.objects.get(
+                models.Site.objects.get(
                     services__groups=group,
                     client=apiclient,
                 )
                 return ALLOW
 
-            except Site.MultipleObjectsReturned:
+            except models.Site.MultipleObjectsReturned:
                 return ALLOW
 
-            except Site.DoesNotExist:
+            except models.Site.DoesNotExist:
                 return DENY
 
         except Group.DoesNotExist:

feudal/backend/models/__init__.py

@@ -7,7 +7,7 @@ from django.db import models
 from django_mysql.models import JSONField
 
 from .brokers import RabbitMQInstance
-from .users import User
+from .users import User, SSHPublicKey
 
 LOGGER = getLogger(__name__)
 
@@ -103,78 +103,6 @@ class Service(models.Model):
                     raise
 
 
-class SSHPublicKey(models.Model):
-    name = models.CharField(
-        max_length=150,
-    )
-    key = models.TextField(
-        max_length=1000
-    )
-    # hidden field at the user
-    user = models.ForeignKey(
-        User,
-        related_name='_ssh_keys',
-        on_delete=models.SET_NULL,
-        null=True,
-    )
-
-    # has the user triggered the deletion of this key?
-    deleted = models.BooleanField(
-        default=False,
-        editable=False,
-    )
-
-    @property
-    def deployed_anywhere(self):
-        for state in self.states.all():
-            for item in state.state_items.all():
-                if item.state == 'deployed' or item.state == 'removal_pending':
-                    return True
-        return False
-
-    # does not directly delete the key if the key is deployed or removen
-    # somewhere
-    # the receiver 'delete_removen_ssh_key' does the actual deletion
-    def delete_key(self):
-        # if this key is not deployed anywhere we delete it now
-        if not self.deployed_anywhere:
-            LOGGER.info(self.msg('Direct deletion of key'))
-            self.delete()
-            return
-
-        LOGGER.info(self.msg('Deletion of key started'))
-        self.deleted = True
-        self.save()
-
-        # delete implies removeing the key from all clients
-        for deployment in self.deployments.all():
-            deployment.remove_key(self)
-
-    # when a key is removen by a client we try to finally delete it
-    def try_final_deletion(self):
-        if self.deleted:
-            if not self.deployed_anywhere:
-
-                LOGGER.info(self.msg('All clients have removen this key. Final deletion'))
-                self._final_deletion()
-
-    def _final_deletion(self):
-        _self = self
-        for state in self.states.all():
-            #for item in state.state_items.all():
-            #    item.delete()
-            state.delete()
-        _self.delete()
-
-    def __str__(self):
-        if self.deleted:
-            return 'DELETED: {}'.format(self.name)
-        return self.name
-
-    def msg(self, msg):
-        return '[SSHKey:{}] {}'.format(self, msg)
-
-
 # Deployment describes the supposed state of the users ssh keys at either:
 #   - a group (and and the services associated with the group)
 #   - a single service

feudal/backend/models/serializers/__init__.py

@@ -5,7 +5,9 @@
 from django.contrib.auth.models import Group
 from rest_framework import serializers
 
-from ...models import SSHPublicKey
+from ... import models
+from .webpage import DeploymentStateSerializer
+from .clients import RabbitMQInstanceSerializer
 
 
 class GroupSerializer(serializers.ModelSerializer):
@@ -19,7 +21,7 @@ class GroupSerializer(serializers.ModelSerializer):
 
 class SSHPublicKeySerializer(serializers.ModelSerializer):
     class Meta:
-        model = SSHPublicKey
+        model = models.SSHPublicKey
         fields = [
             'id',
             'name',
@@ -29,7 +31,7 @@ class SSHPublicKeySerializer(serializers.ModelSerializer):
 
 class SSHPublicKeyRefSerializer(serializers.ModelSerializer):
     class Meta:
-        model = SSHPublicKey
+        model = models.SSHPublicKey
         fields = [
             'id',
             'name',

feudal/backend/models/serializers/clients.py

@@ -5,8 +5,6 @@ from django_mysql.models import JSONField
 from rest_framework import serializers
 
 from ... import models
-from ..users import User
-from ..brokers import RabbitMQInstance
 from . import GroupSerializer, SSHPublicKeySerializer
 
 
@@ -23,7 +21,7 @@ class UserSerializer(serializers.ModelSerializer):
     userinfo = JSONField()
 
     class Meta:
-        model = User
+        model = models.User
         fields = ['email', 'groups', 'userinfo']
 
 
@@ -76,5 +74,5 @@ class SiteSerializer(serializers.Serializer):
 
 class RabbitMQInstanceSerializer(serializers.ModelSerializer):
     class Meta:
-        model = RabbitMQInstance
+        model = models.RabbitMQInstance
         fields = ['vhost']

feudal/backend/models/serializers/webpage.py

@@ -4,7 +4,6 @@
 from rest_framework import serializers
 
 from ... import models
-from ..users import User
 from .. import serializers as backend_serializers
 
 
@@ -98,7 +97,7 @@ class UserSerializer(serializers.ModelSerializer):
     ssh_keys = backend_serializers.SSHPublicKeySerializer(many=True)
 
     class Meta:
-        model = User
+        model = models.User
         fields = [
             'profile_name',
             'groups',
@@ -115,7 +114,7 @@ class UserStateSerializer(serializers.ModelSerializer):
     deployments = DeploymentSerializer(many=True)
 
     class Meta:
-        model = User
+        model = models.User
         fields = [
             'deployment_state_items',
             'deployment_states',

feudal/backend/models/users.py

@@ -16,6 +16,7 @@ LOGGER = logging.getLogger(__name__)
 def user_info_default():
     return {}
 
+
 class User(AbstractUser):
     TYPE_CHOICES = (
         ('apiclient', 'API-Client'),
@@ -213,13 +214,21 @@ class User(AbstractUser):
                 dep.deactivate()
 
     def update_userinfo(self, userinfo):
+        groups = userinfo.get('groups', [])
+
+        for group in self.groups.all():
+            if group.name not in groups:
+                self.groups.remove(group)
+                # remove group from user and deactivate deployments
+                for dep in self.deployments.filter(group=group):
+                    dep.deactivate()
+
         self.userinfo = userinfo
         self.save()
 
         if 'sub' not in userinfo:
             raise Exception('Missing attribute in userinfo: sub')
 
-        groups = userinfo.get('groups', [])
 
         for group_name in groups:
             try:
@@ -236,7 +245,6 @@ class User(AbstractUser):
         unity_key_value = userinfo.get('ssh_key', '')
         unity_key_name = 'unity_key'
 
-        from . import SSHPublicKey
         try:
             key = self._ssh_keys.get(name=unity_key_name)
             if key.key != unity_key_value:
@@ -252,6 +260,76 @@ class User(AbstractUser):
             key.save()
 
 
+class SSHPublicKey(models.Model):
+    name = models.CharField(
+        max_length=150,
+    )
+    key = models.TextField(
+        max_length=1000
+    )
+    # hidden field at the user
+    user = models.ForeignKey(
+        User,
+        related_name='_ssh_keys',
+        on_delete=models.SET_NULL,
+        null=True,
+    )
+
+    # has the user triggered the deletion of this key?
+    deleted = models.BooleanField(
+        default=False,
+        editable=False,
+    )
+
+    @property
+    def deployed_anywhere(self):
+        for state in self.states.all():
+            for item in state.state_items.all():
+                if item.state == 'deployed' or item.state == 'removal_pending':
+                    return True
+        return False
+
+    # does not directly delete the key if the key is deployed or removen
+    # somewhere
+    # the receiver 'delete_removen_ssh_key' does the actual deletion
+    def delete_key(self):
+        # if this key is not deployed anywhere we delete it now
+        if not self.deployed_anywhere:
+            LOGGER.info(self.msg('Direct deletion of key'))
+            self.delete()
+            return
+
+        LOGGER.info(self.msg('Deletion of key started'))
+        self.deleted = True
+        self.save()
+
+        # delete implies removeing the key from all clients
+        for deployment in self.deployments.all():
+            deployment.remove_key(self)
+
+    # when a key is removen by a client we try to finally delete it
+    def try_final_deletion(self):
+        if self.deleted:
+            if not self.deployed_anywhere:
+
+                LOGGER.info(self.msg('All clients have removen this key. Final deletion'))
+                self._final_deletion()
+
+    def _final_deletion(self):
+        _self = self
+        for state in self.states.all():
+            #for item in state.state_items.all():
+            #    item.delete()
+            state.delete()
+        _self.delete()
+
+    def __str__(self):
+        if self.deleted:
+            return 'DELETED: {}'.format(self.name)
+        return self.name
+
+    def msg(self, msg):
+        return '[SSHKey:{}] {}'.format(self, msg)
 
 @receiver(post_save, sender=User)
 def deactivate_user(sender, instance=None, created=False, **kwargs):

feudal/backend/views/clients.py

@@ -6,7 +6,6 @@ from rest_framework import generics, views
 from rest_framework.authentication import BasicAuthentication
 from rest_framework.response import Response
 
-from ..models.brokers import RabbitMQInstance
 from ..models.serializers.webpage import DeploymentStateSerializer
 from ..models.serializers.clients import RabbitMQInstanceSerializer
 from .. import models
@@ -83,7 +82,7 @@ class ConfigurationView(views.APIView):
 
         response = {
             'rabbitmq_config': RabbitMQInstanceSerializer(
-                RabbitMQInstance.load(),
+                models.RabbitMQInstance.load(),
             ).data,
             'site': request.user.site.name,
         }

feudal/backend/views/webpage.py

 
 import logging
+
 from django.contrib.auth import logout
 from django.contrib.auth.models import Group
 from django.shortcuts import get_object_or_404
@@ -9,8 +10,8 @@ from rest_framework.permissions import AllowAny
 from rest_framework.response import Response
 
 from .. import models
-from ..models.serializers import webpage as serializers
 from ..models import serializers as model_serializers
+from ..models.serializers import webpage as serializers
 
 LOGGER = logging.getLogger(__name__)