Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
feudal
feudalBackend
Commits
c08a156c
Commit
c08a156c
authored
Jul 27, 2018
by
Lukas Burgey
Browse files
Change imports
parent
d23200c4
Changes
8
Hide whitespace changes
Inline
Side-by-side
feudal/backend/auth/v1/views/clients.py
View file @
c08a156c
...
...
@@ -8,9 +8,7 @@ from django.http import HttpResponse
from
django.contrib.auth
import
authenticate
from
django.contrib.sessions.models
import
Session
from
....models
import
Site
from
....models.brokers
import
RabbitMQInstance
from
....models.users
import
User
from
....
import
models
LOGGER
=
logging
.
getLogger
(
__name__
)
CLIENT_DEBUGGING
=
False
...
...
@@ -20,7 +18,7 @@ DENY = HttpResponse('deny')
def
_valid_vhost
(
request
):
if
request
.
POST
.
get
(
'vhost'
)
==
RabbitMQInstance
.
load
().
vhost
:
if
request
.
POST
.
get
(
'vhost'
)
==
models
.
RabbitMQInstance
.
load
().
vhost
:
return
True
LOGGER
.
error
(
'illegal vhost requested'
)
return
False
...
...
@@ -36,7 +34,7 @@ def _valid_user(request):
return
_apiclient_valid
(
request
)
or
_webpage_client_userid
(
request
)
def
_apiclient_valid
(
request
):
valid
=
User
.
objects
.
filter
(
valid
=
models
.
User
.
objects
.
filter
(
user_type
=
'apiclient'
,
username
=
request
.
POST
.
get
(
'username'
),
).
exists
()
...
...
@@ -45,7 +43,7 @@ def _apiclient_valid(request):
return
False
def
_apiclient_get
(
request
):
user
=
User
.
objects
.
filter
(
user
=
models
.
User
.
objects
.
filter
(
user_type
=
'apiclient'
,
).
get
(
username
=
request
.
POST
.
get
(
'username'
),
...
...
@@ -137,7 +135,7 @@ def _resource_authorized_apiclient(request):
and
name
.
startswith
(
'amq.gen-'
)
)
or
(
resource
==
'exchange'
and
name
in
RabbitMQInstance
.
load
().
exchanges
and
name
in
models
.
RabbitMQInstance
.
load
().
exchanges
and
not
'write'
in
permission
)
...
...
@@ -233,16 +231,16 @@ def topic_endpoint_apiclient(request, apiclient):
group
=
Group
.
objects
.
get
(
name
=
routing_key
)
try
:
Site
.
objects
.
get
(
models
.
Site
.
objects
.
get
(
services__groups
=
group
,
client
=
apiclient
,
)
return
ALLOW
except
Site
.
MultipleObjectsReturned
:
except
models
.
Site
.
MultipleObjectsReturned
:
return
ALLOW
except
Site
.
DoesNotExist
:
except
models
.
Site
.
DoesNotExist
:
return
DENY
except
Group
.
DoesNotExist
:
...
...
feudal/backend/models/__init__.py
View file @
c08a156c
...
...
@@ -7,7 +7,7 @@ from django.db import models
from
django_mysql.models
import
JSONField
from
.brokers
import
RabbitMQInstance
from
.users
import
User
from
.users
import
User
,
SSHPublicKey
LOGGER
=
getLogger
(
__name__
)
...
...
@@ -103,78 +103,6 @@ class Service(models.Model):
raise
class
SSHPublicKey
(
models
.
Model
):
name
=
models
.
CharField
(
max_length
=
150
,
)
key
=
models
.
TextField
(
max_length
=
1000
)
# hidden field at the user
user
=
models
.
ForeignKey
(
User
,
related_name
=
'_ssh_keys'
,
on_delete
=
models
.
SET_NULL
,
null
=
True
,
)
# has the user triggered the deletion of this key?
deleted
=
models
.
BooleanField
(
default
=
False
,
editable
=
False
,
)
@
property
def
deployed_anywhere
(
self
):
for
state
in
self
.
states
.
all
():
for
item
in
state
.
state_items
.
all
():
if
item
.
state
==
'deployed'
or
item
.
state
==
'removal_pending'
:
return
True
return
False
# does not directly delete the key if the key is deployed or removen
# somewhere
# the receiver 'delete_removen_ssh_key' does the actual deletion
def
delete_key
(
self
):
# if this key is not deployed anywhere we delete it now
if
not
self
.
deployed_anywhere
:
LOGGER
.
info
(
self
.
msg
(
'Direct deletion of key'
))
self
.
delete
()
return
LOGGER
.
info
(
self
.
msg
(
'Deletion of key started'
))
self
.
deleted
=
True
self
.
save
()
# delete implies removeing the key from all clients
for
deployment
in
self
.
deployments
.
all
():
deployment
.
remove_key
(
self
)
# when a key is removen by a client we try to finally delete it
def
try_final_deletion
(
self
):
if
self
.
deleted
:
if
not
self
.
deployed_anywhere
:
LOGGER
.
info
(
self
.
msg
(
'All clients have removen this key. Final deletion'
))
self
.
_final_deletion
()
def
_final_deletion
(
self
):
_self
=
self
for
state
in
self
.
states
.
all
():
#for item in state.state_items.all():
# item.delete()
state
.
delete
()
_self
.
delete
()
def
__str__
(
self
):
if
self
.
deleted
:
return
'DELETED: {}'
.
format
(
self
.
name
)
return
self
.
name
def
msg
(
self
,
msg
):
return
'[SSHKey:{}] {}'
.
format
(
self
,
msg
)
# Deployment describes the supposed state of the users ssh keys at either:
# - a group (and and the services associated with the group)
# - a single service
...
...
feudal/backend/models/serializers/__init__.py
View file @
c08a156c
...
...
@@ -5,7 +5,9 @@
from
django.contrib.auth.models
import
Group
from
rest_framework
import
serializers
from
...models
import
SSHPublicKey
from
...
import
models
from
.webpage
import
DeploymentStateSerializer
from
.clients
import
RabbitMQInstanceSerializer
class
GroupSerializer
(
serializers
.
ModelSerializer
):
...
...
@@ -19,7 +21,7 @@ class GroupSerializer(serializers.ModelSerializer):
class
SSHPublicKeySerializer
(
serializers
.
ModelSerializer
):
class
Meta
:
model
=
SSHPublicKey
model
=
models
.
SSHPublicKey
fields
=
[
'id'
,
'name'
,
...
...
@@ -29,7 +31,7 @@ class SSHPublicKeySerializer(serializers.ModelSerializer):
class
SSHPublicKeyRefSerializer
(
serializers
.
ModelSerializer
):
class
Meta
:
model
=
SSHPublicKey
model
=
models
.
SSHPublicKey
fields
=
[
'id'
,
'name'
,
...
...
feudal/backend/models/serializers/clients.py
View file @
c08a156c
...
...
@@ -5,8 +5,6 @@ from django_mysql.models import JSONField
from
rest_framework
import
serializers
from
...
import
models
from
..users
import
User
from
..brokers
import
RabbitMQInstance
from
.
import
GroupSerializer
,
SSHPublicKeySerializer
...
...
@@ -23,7 +21,7 @@ class UserSerializer(serializers.ModelSerializer):
userinfo
=
JSONField
()
class
Meta
:
model
=
User
model
=
models
.
User
fields
=
[
'email'
,
'groups'
,
'userinfo'
]
...
...
@@ -76,5 +74,5 @@ class SiteSerializer(serializers.Serializer):
class
RabbitMQInstanceSerializer
(
serializers
.
ModelSerializer
):
class
Meta
:
model
=
RabbitMQInstance
model
=
models
.
RabbitMQInstance
fields
=
[
'vhost'
]
feudal/backend/models/serializers/webpage.py
View file @
c08a156c
...
...
@@ -4,7 +4,6 @@
from
rest_framework
import
serializers
from
...
import
models
from
..users
import
User
from
..
import
serializers
as
backend_serializers
...
...
@@ -98,7 +97,7 @@ class UserSerializer(serializers.ModelSerializer):
ssh_keys
=
backend_serializers
.
SSHPublicKeySerializer
(
many
=
True
)
class
Meta
:
model
=
User
model
=
models
.
User
fields
=
[
'profile_name'
,
'groups'
,
...
...
@@ -115,7 +114,7 @@ class UserStateSerializer(serializers.ModelSerializer):
deployments
=
DeploymentSerializer
(
many
=
True
)
class
Meta
:
model
=
User
model
=
models
.
User
fields
=
[
'deployment_state_items'
,
'deployment_states'
,
...
...
feudal/backend/models/users.py
View file @
c08a156c
...
...
@@ -16,6 +16,7 @@ LOGGER = logging.getLogger(__name__)
def
user_info_default
():
return
{}
class
User
(
AbstractUser
):
TYPE_CHOICES
=
(
(
'apiclient'
,
'API-Client'
),
...
...
@@ -213,13 +214,21 @@ class User(AbstractUser):
dep
.
deactivate
()
def
update_userinfo
(
self
,
userinfo
):
groups
=
userinfo
.
get
(
'groups'
,
[])
for
group
in
self
.
groups
.
all
():
if
group
.
name
not
in
groups
:
self
.
groups
.
remove
(
group
)
# remove group from user and deactivate deployments
for
dep
in
self
.
deployments
.
filter
(
group
=
group
):
dep
.
deactivate
()
self
.
userinfo
=
userinfo
self
.
save
()
if
'sub'
not
in
userinfo
:
raise
Exception
(
'Missing attribute in userinfo: sub'
)
groups
=
userinfo
.
get
(
'groups'
,
[])
for
group_name
in
groups
:
try
:
...
...
@@ -236,7 +245,6 @@ class User(AbstractUser):
unity_key_value
=
userinfo
.
get
(
'ssh_key'
,
''
)
unity_key_name
=
'unity_key'
from
.
import
SSHPublicKey
try
:
key
=
self
.
_ssh_keys
.
get
(
name
=
unity_key_name
)
if
key
.
key
!=
unity_key_value
:
...
...
@@ -252,6 +260,76 @@ class User(AbstractUser):
key
.
save
()
class
SSHPublicKey
(
models
.
Model
):
name
=
models
.
CharField
(
max_length
=
150
,
)
key
=
models
.
TextField
(
max_length
=
1000
)
# hidden field at the user
user
=
models
.
ForeignKey
(
User
,
related_name
=
'_ssh_keys'
,
on_delete
=
models
.
SET_NULL
,
null
=
True
,
)
# has the user triggered the deletion of this key?
deleted
=
models
.
BooleanField
(
default
=
False
,
editable
=
False
,
)
@
property
def
deployed_anywhere
(
self
):
for
state
in
self
.
states
.
all
():
for
item
in
state
.
state_items
.
all
():
if
item
.
state
==
'deployed'
or
item
.
state
==
'removal_pending'
:
return
True
return
False
# does not directly delete the key if the key is deployed or removen
# somewhere
# the receiver 'delete_removen_ssh_key' does the actual deletion
def
delete_key
(
self
):
# if this key is not deployed anywhere we delete it now
if
not
self
.
deployed_anywhere
:
LOGGER
.
info
(
self
.
msg
(
'Direct deletion of key'
))
self
.
delete
()
return
LOGGER
.
info
(
self
.
msg
(
'Deletion of key started'
))
self
.
deleted
=
True
self
.
save
()
# delete implies removeing the key from all clients
for
deployment
in
self
.
deployments
.
all
():
deployment
.
remove_key
(
self
)
# when a key is removen by a client we try to finally delete it
def
try_final_deletion
(
self
):
if
self
.
deleted
:
if
not
self
.
deployed_anywhere
:
LOGGER
.
info
(
self
.
msg
(
'All clients have removen this key. Final deletion'
))
self
.
_final_deletion
()
def
_final_deletion
(
self
):
_self
=
self
for
state
in
self
.
states
.
all
():
#for item in state.state_items.all():
# item.delete()
state
.
delete
()
_self
.
delete
()
def
__str__
(
self
):
if
self
.
deleted
:
return
'DELETED: {}'
.
format
(
self
.
name
)
return
self
.
name
def
msg
(
self
,
msg
):
return
'[SSHKey:{}] {}'
.
format
(
self
,
msg
)
@
receiver
(
post_save
,
sender
=
User
)
def
deactivate_user
(
sender
,
instance
=
None
,
created
=
False
,
**
kwargs
):
...
...
feudal/backend/views/clients.py
View file @
c08a156c
...
...
@@ -6,7 +6,6 @@ from rest_framework import generics, views
from
rest_framework.authentication
import
BasicAuthentication
from
rest_framework.response
import
Response
from
..models.brokers
import
RabbitMQInstance
from
..models.serializers.webpage
import
DeploymentStateSerializer
from
..models.serializers.clients
import
RabbitMQInstanceSerializer
from
..
import
models
...
...
@@ -83,7 +82,7 @@ class ConfigurationView(views.APIView):
response
=
{
'rabbitmq_config'
:
RabbitMQInstanceSerializer
(
RabbitMQInstance
.
load
(),
models
.
RabbitMQInstance
.
load
(),
).
data
,
'site'
:
request
.
user
.
site
.
name
,
}
...
...
feudal/backend/views/webpage.py
View file @
c08a156c
import
logging
from
django.contrib.auth
import
logout
from
django.contrib.auth.models
import
Group
from
django.shortcuts
import
get_object_or_404
...
...
@@ -9,8 +10,8 @@ from rest_framework.permissions import AllowAny
from
rest_framework.response
import
Response
from
..
import
models
from
..models.serializers
import
webpage
as
serializers
from
..models
import
serializers
as
model_serializers
from
..models.serializers
import
webpage
as
serializers
LOGGER
=
logging
.
getLogger
(
__name__
)
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment