Commit c08a156c authored by Lukas Burgey's avatar Lukas Burgey
Browse files

Change imports

parent d23200c4
...@@ -8,9 +8,7 @@ from django.http import HttpResponse ...@@ -8,9 +8,7 @@ from django.http import HttpResponse
from django.contrib.auth import authenticate from django.contrib.auth import authenticate
from django.contrib.sessions.models import Session from django.contrib.sessions.models import Session
from ....models import Site from .... import models
from ....models.brokers import RabbitMQInstance
from ....models.users import User
LOGGER = logging.getLogger(__name__) LOGGER = logging.getLogger(__name__)
CLIENT_DEBUGGING = False CLIENT_DEBUGGING = False
...@@ -20,7 +18,7 @@ DENY = HttpResponse('deny') ...@@ -20,7 +18,7 @@ DENY = HttpResponse('deny')
def _valid_vhost(request): def _valid_vhost(request):
if request.POST.get('vhost') == RabbitMQInstance.load().vhost: if request.POST.get('vhost') == models.RabbitMQInstance.load().vhost:
return True return True
LOGGER.error('illegal vhost requested') LOGGER.error('illegal vhost requested')
return False return False
...@@ -36,7 +34,7 @@ def _valid_user(request): ...@@ -36,7 +34,7 @@ def _valid_user(request):
return _apiclient_valid(request) or _webpage_client_userid(request) return _apiclient_valid(request) or _webpage_client_userid(request)
def _apiclient_valid(request): def _apiclient_valid(request):
valid = User.objects.filter( valid = models.User.objects.filter(
user_type='apiclient', user_type='apiclient',
username=request.POST.get('username'), username=request.POST.get('username'),
).exists() ).exists()
...@@ -45,7 +43,7 @@ def _apiclient_valid(request): ...@@ -45,7 +43,7 @@ def _apiclient_valid(request):
return False return False
def _apiclient_get(request): def _apiclient_get(request):
user = User.objects.filter( user = models.User.objects.filter(
user_type='apiclient', user_type='apiclient',
).get( ).get(
username=request.POST.get('username'), username=request.POST.get('username'),
...@@ -137,7 +135,7 @@ def _resource_authorized_apiclient(request): ...@@ -137,7 +135,7 @@ def _resource_authorized_apiclient(request):
and name.startswith('amq.gen-') and name.startswith('amq.gen-')
) or ( ) or (
resource == 'exchange' resource == 'exchange'
and name in RabbitMQInstance.load().exchanges and name in models.RabbitMQInstance.load().exchanges
and not 'write' in permission and not 'write' in permission
) )
...@@ -233,16 +231,16 @@ def topic_endpoint_apiclient(request, apiclient): ...@@ -233,16 +231,16 @@ def topic_endpoint_apiclient(request, apiclient):
group = Group.objects.get(name=routing_key) group = Group.objects.get(name=routing_key)
try: try:
Site.objects.get( models.Site.objects.get(
services__groups=group, services__groups=group,
client=apiclient, client=apiclient,
) )
return ALLOW return ALLOW
except Site.MultipleObjectsReturned: except models.Site.MultipleObjectsReturned:
return ALLOW return ALLOW
except Site.DoesNotExist: except models.Site.DoesNotExist:
return DENY return DENY
except Group.DoesNotExist: except Group.DoesNotExist:
......
...@@ -7,7 +7,7 @@ from django.db import models ...@@ -7,7 +7,7 @@ from django.db import models
from django_mysql.models import JSONField from django_mysql.models import JSONField
from .brokers import RabbitMQInstance from .brokers import RabbitMQInstance
from .users import User from .users import User, SSHPublicKey
LOGGER = getLogger(__name__) LOGGER = getLogger(__name__)
...@@ -103,78 +103,6 @@ class Service(models.Model): ...@@ -103,78 +103,6 @@ class Service(models.Model):
raise raise
class SSHPublicKey(models.Model):
name = models.CharField(
max_length=150,
)
key = models.TextField(
max_length=1000
)
# hidden field at the user
user = models.ForeignKey(
User,
related_name='_ssh_keys',
on_delete=models.SET_NULL,
null=True,
)
# has the user triggered the deletion of this key?
deleted = models.BooleanField(
default=False,
editable=False,
)
@property
def deployed_anywhere(self):
for state in self.states.all():
for item in state.state_items.all():
if item.state == 'deployed' or item.state == 'removal_pending':
return True
return False
# does not directly delete the key if the key is deployed or removen
# somewhere
# the receiver 'delete_removen_ssh_key' does the actual deletion
def delete_key(self):
# if this key is not deployed anywhere we delete it now
if not self.deployed_anywhere:
LOGGER.info(self.msg('Direct deletion of key'))
self.delete()
return
LOGGER.info(self.msg('Deletion of key started'))
self.deleted = True
self.save()
# delete implies removeing the key from all clients
for deployment in self.deployments.all():
deployment.remove_key(self)
# when a key is removen by a client we try to finally delete it
def try_final_deletion(self):
if self.deleted:
if not self.deployed_anywhere:
LOGGER.info(self.msg('All clients have removen this key. Final deletion'))
self._final_deletion()
def _final_deletion(self):
_self = self
for state in self.states.all():
#for item in state.state_items.all():
# item.delete()
state.delete()
_self.delete()
def __str__(self):
if self.deleted:
return 'DELETED: {}'.format(self.name)
return self.name
def msg(self, msg):
return '[SSHKey:{}] {}'.format(self, msg)
# Deployment describes the supposed state of the users ssh keys at either: # Deployment describes the supposed state of the users ssh keys at either:
# - a group (and and the services associated with the group) # - a group (and and the services associated with the group)
# - a single service # - a single service
......
...@@ -5,7 +5,9 @@ ...@@ -5,7 +5,9 @@
from django.contrib.auth.models import Group from django.contrib.auth.models import Group
from rest_framework import serializers from rest_framework import serializers
from ...models import SSHPublicKey from ... import models
from .webpage import DeploymentStateSerializer
from .clients import RabbitMQInstanceSerializer
class GroupSerializer(serializers.ModelSerializer): class GroupSerializer(serializers.ModelSerializer):
...@@ -19,7 +21,7 @@ class GroupSerializer(serializers.ModelSerializer): ...@@ -19,7 +21,7 @@ class GroupSerializer(serializers.ModelSerializer):
class SSHPublicKeySerializer(serializers.ModelSerializer): class SSHPublicKeySerializer(serializers.ModelSerializer):
class Meta: class Meta:
model = SSHPublicKey model = models.SSHPublicKey
fields = [ fields = [
'id', 'id',
'name', 'name',
...@@ -29,7 +31,7 @@ class SSHPublicKeySerializer(serializers.ModelSerializer): ...@@ -29,7 +31,7 @@ class SSHPublicKeySerializer(serializers.ModelSerializer):
class SSHPublicKeyRefSerializer(serializers.ModelSerializer): class SSHPublicKeyRefSerializer(serializers.ModelSerializer):
class Meta: class Meta:
model = SSHPublicKey model = models.SSHPublicKey
fields = [ fields = [
'id', 'id',
'name', 'name',
......
...@@ -5,8 +5,6 @@ from django_mysql.models import JSONField ...@@ -5,8 +5,6 @@ from django_mysql.models import JSONField
from rest_framework import serializers from rest_framework import serializers
from ... import models from ... import models
from ..users import User
from ..brokers import RabbitMQInstance
from . import GroupSerializer, SSHPublicKeySerializer from . import GroupSerializer, SSHPublicKeySerializer
...@@ -23,7 +21,7 @@ class UserSerializer(serializers.ModelSerializer): ...@@ -23,7 +21,7 @@ class UserSerializer(serializers.ModelSerializer):
userinfo = JSONField() userinfo = JSONField()
class Meta: class Meta:
model = User model = models.User
fields = ['email', 'groups', 'userinfo'] fields = ['email', 'groups', 'userinfo']
...@@ -76,5 +74,5 @@ class SiteSerializer(serializers.Serializer): ...@@ -76,5 +74,5 @@ class SiteSerializer(serializers.Serializer):
class RabbitMQInstanceSerializer(serializers.ModelSerializer): class RabbitMQInstanceSerializer(serializers.ModelSerializer):
class Meta: class Meta:
model = RabbitMQInstance model = models.RabbitMQInstance
fields = ['vhost'] fields = ['vhost']
...@@ -4,7 +4,6 @@ ...@@ -4,7 +4,6 @@
from rest_framework import serializers from rest_framework import serializers
from ... import models from ... import models
from ..users import User
from .. import serializers as backend_serializers from .. import serializers as backend_serializers
...@@ -98,7 +97,7 @@ class UserSerializer(serializers.ModelSerializer): ...@@ -98,7 +97,7 @@ class UserSerializer(serializers.ModelSerializer):
ssh_keys = backend_serializers.SSHPublicKeySerializer(many=True) ssh_keys = backend_serializers.SSHPublicKeySerializer(many=True)
class Meta: class Meta:
model = User model = models.User
fields = [ fields = [
'profile_name', 'profile_name',
'groups', 'groups',
...@@ -115,7 +114,7 @@ class UserStateSerializer(serializers.ModelSerializer): ...@@ -115,7 +114,7 @@ class UserStateSerializer(serializers.ModelSerializer):
deployments = DeploymentSerializer(many=True) deployments = DeploymentSerializer(many=True)
class Meta: class Meta:
model = User model = models.User
fields = [ fields = [
'deployment_state_items', 'deployment_state_items',
'deployment_states', 'deployment_states',
......
...@@ -16,6 +16,7 @@ LOGGER = logging.getLogger(__name__) ...@@ -16,6 +16,7 @@ LOGGER = logging.getLogger(__name__)
def user_info_default(): def user_info_default():
return {} return {}
class User(AbstractUser): class User(AbstractUser):
TYPE_CHOICES = ( TYPE_CHOICES = (
('apiclient', 'API-Client'), ('apiclient', 'API-Client'),
...@@ -213,13 +214,21 @@ class User(AbstractUser): ...@@ -213,13 +214,21 @@ class User(AbstractUser):
dep.deactivate() dep.deactivate()
def update_userinfo(self, userinfo): def update_userinfo(self, userinfo):
groups = userinfo.get('groups', [])
for group in self.groups.all():
if group.name not in groups:
self.groups.remove(group)
# remove group from user and deactivate deployments
for dep in self.deployments.filter(group=group):
dep.deactivate()
self.userinfo = userinfo self.userinfo = userinfo
self.save() self.save()
if 'sub' not in userinfo: if 'sub' not in userinfo:
raise Exception('Missing attribute in userinfo: sub') raise Exception('Missing attribute in userinfo: sub')
groups = userinfo.get('groups', [])
for group_name in groups: for group_name in groups:
try: try:
...@@ -236,7 +245,6 @@ class User(AbstractUser): ...@@ -236,7 +245,6 @@ class User(AbstractUser):
unity_key_value = userinfo.get('ssh_key', '') unity_key_value = userinfo.get('ssh_key', '')
unity_key_name = 'unity_key' unity_key_name = 'unity_key'
from . import SSHPublicKey
try: try:
key = self._ssh_keys.get(name=unity_key_name) key = self._ssh_keys.get(name=unity_key_name)
if key.key != unity_key_value: if key.key != unity_key_value:
...@@ -252,6 +260,76 @@ class User(AbstractUser): ...@@ -252,6 +260,76 @@ class User(AbstractUser):
key.save() key.save()
class SSHPublicKey(models.Model):
name = models.CharField(
max_length=150,
)
key = models.TextField(
max_length=1000
)
# hidden field at the user
user = models.ForeignKey(
User,
related_name='_ssh_keys',
on_delete=models.SET_NULL,
null=True,
)
# has the user triggered the deletion of this key?
deleted = models.BooleanField(
default=False,
editable=False,
)
@property
def deployed_anywhere(self):
for state in self.states.all():
for item in state.state_items.all():
if item.state == 'deployed' or item.state == 'removal_pending':
return True
return False
# does not directly delete the key if the key is deployed or removen
# somewhere
# the receiver 'delete_removen_ssh_key' does the actual deletion
def delete_key(self):
# if this key is not deployed anywhere we delete it now
if not self.deployed_anywhere:
LOGGER.info(self.msg('Direct deletion of key'))
self.delete()
return
LOGGER.info(self.msg('Deletion of key started'))
self.deleted = True
self.save()
# delete implies removeing the key from all clients
for deployment in self.deployments.all():
deployment.remove_key(self)
# when a key is removen by a client we try to finally delete it
def try_final_deletion(self):
if self.deleted:
if not self.deployed_anywhere:
LOGGER.info(self.msg('All clients have removen this key. Final deletion'))
self._final_deletion()
def _final_deletion(self):
_self = self
for state in self.states.all():
#for item in state.state_items.all():
# item.delete()
state.delete()
_self.delete()
def __str__(self):
if self.deleted:
return 'DELETED: {}'.format(self.name)
return self.name
def msg(self, msg):
return '[SSHKey:{}] {}'.format(self, msg)
@receiver(post_save, sender=User) @receiver(post_save, sender=User)
def deactivate_user(sender, instance=None, created=False, **kwargs): def deactivate_user(sender, instance=None, created=False, **kwargs):
......
...@@ -6,7 +6,6 @@ from rest_framework import generics, views ...@@ -6,7 +6,6 @@ from rest_framework import generics, views
from rest_framework.authentication import BasicAuthentication from rest_framework.authentication import BasicAuthentication
from rest_framework.response import Response from rest_framework.response import Response
from ..models.brokers import RabbitMQInstance
from ..models.serializers.webpage import DeploymentStateSerializer from ..models.serializers.webpage import DeploymentStateSerializer
from ..models.serializers.clients import RabbitMQInstanceSerializer from ..models.serializers.clients import RabbitMQInstanceSerializer
from .. import models from .. import models
...@@ -83,7 +82,7 @@ class ConfigurationView(views.APIView): ...@@ -83,7 +82,7 @@ class ConfigurationView(views.APIView):
response = { response = {
'rabbitmq_config': RabbitMQInstanceSerializer( 'rabbitmq_config': RabbitMQInstanceSerializer(
RabbitMQInstance.load(), models.RabbitMQInstance.load(),
).data, ).data,
'site': request.user.site.name, 'site': request.user.site.name,
} }
......
import logging import logging
from django.contrib.auth import logout from django.contrib.auth import logout
from django.contrib.auth.models import Group from django.contrib.auth.models import Group
from django.shortcuts import get_object_or_404 from django.shortcuts import get_object_or_404
...@@ -9,8 +10,8 @@ from rest_framework.permissions import AllowAny ...@@ -9,8 +10,8 @@ from rest_framework.permissions import AllowAny
from rest_framework.response import Response from rest_framework.response import Response
from .. import models from .. import models
from ..models.serializers import webpage as serializers
from ..models import serializers as model_serializers from ..models import serializers as model_serializers
from ..models.serializers import webpage as serializers
LOGGER = logging.getLogger(__name__) LOGGER = logging.getLogger(__name__)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment