Commit d23200c4 authored by Lukas Burgey's avatar Lukas Burgey
Browse files

Line some code

parent b28029fd
# pylint: disable=too-many-return-statements
import logging
import re
......@@ -136,8 +137,7 @@ def _resource_authorized_apiclient(request):
and name.startswith('amq.gen-')
) or (
resource == 'exchange'
# TODO
#and name in RabbitMQInstance.load().exchanges
and name in RabbitMQInstance.load().exchanges
and not 'write' in permission
)
......@@ -181,77 +181,91 @@ def resource_endpoint(request):
)
return DENY
def topic_endpoint(request):
def topic_endpoint_webpageclient(request, webpage_client_userid):
permission = request.POST.get('permission', [])
resource = request.POST.get('resource', '')
name = request.POST.get('name', '')
routing_key = request.POST.get('routing_key', '')
if not _valid_vhost(request) or not _valid_permission(request):
return DENY
webpage_client_userid = _webpage_client_userid(request)
if webpage_client_userid:
if (
routing_key == webpage_client_userid
and not 'write' in permission
):
if CLIENT_DEBUGGING:
LOGGER.debug(
'[auth:topic_endpoint] Granted %s access to %s %s to client',
permission,
resource,
routing_key,
)
if (
routing_key == webpage_client_userid
and not 'write' in permission
):
if CLIENT_DEBUGGING:
LOGGER.debug(
'[auth:topic_endpoint] Granted %s access to %s %s to client',
permission,
resource,
routing_key,
)
return ALLOW
LOGGER.error(
'[auth:topic_endpoint] Authorization check for resource %s %s %s for client failed',
resource,
name,
routing_key,
)
return DENY
LOGGER.error(
'[auth:topic_endpoint_webpageclient] Auth check for resource %s %s %s for client failed',
resource,
name,
routing_key,
)
return DENY
user = _apiclient_get(request)
if user:
routing_key = request.POST.get('routing_key', '')
if name == 'services':
if routing_key.startswith('service.'):
match = re.search('service.(.+)', routing_key)
if match:
service_name = match.group(1)
if user.site.services.filter(name=service_name).exists():
return ALLOW
elif name == 'sites':
if routing_key == user.site.name:
return ALLOW
else:
LOGGER.error(
'[auth:topic_endpoint] Client of site %s tried to access site %s',
user.site,
routing_key,
)
elif name == 'groups':
try:
group = Group.objects.get(name=routing_key)
def topic_endpoint_apiclient(request, apiclient):
name = request.POST.get('name', '')
routing_key = request.POST.get('routing_key', '')
try:
Site.objects.get(
services__groups=group,
client=user,
)
if name == 'services':
if routing_key.startswith('service.'):
match = re.search('service.(.+)', routing_key)
if match:
service_name = match.group(1)
if apiclient.site.services.filter(name=service_name).exists():
return ALLOW
elif name == 'sites':
if routing_key == apiclient.site.name:
return ALLOW
else:
LOGGER.error(
'[auth:topic_endpoint] Client of site %s tried to access site %s',
apiclient.site,
routing_key,
)
elif name == 'groups':
try:
group = Group.objects.get(name=routing_key)
except Site.MultipleObjectsReturned:
return ALLOW
try:
Site.objects.get(
services__groups=group,
client=apiclient,
)
return ALLOW
except Site.DoesNotExist:
return DENY
except Site.MultipleObjectsReturned:
return ALLOW
except Group.DoesNotExist:
except Site.DoesNotExist:
return DENY
except Group.DoesNotExist:
return DENY
LOGGER.error(
'[auth:topic_endpoint_apiclient] Authorization check for topic failed for %s',
request.POST,
)
return DENY
def topic_endpoint(request):
if not _valid_vhost(request) or not _valid_permission(request):
return DENY
webpage_client_userid = _webpage_client_userid(request)
if webpage_client_userid:
return topic_endpoint_webpageclient(request, webpage_client_userid)
apiclient = _apiclient_get(request)
if apiclient:
return topic_endpoint_apiclient(request, apiclient)
LOGGER.error('[auth:topic_endpoint] Authorization check for topic failed for %s', request.POST)
return DENY
......@@ -52,8 +52,8 @@ class Auth(View):
LOGGER.debug('Auth: redirecting %s to IdP %s', state, oidc_config)
return redirect(auth_redirect)
except Exception as exception:
LOGGER.error('Auth: %s', exception)
except OIDCConfig.DoesNotExist:
LOGGER.error('OIDCConfig is not available')
# the error is deleted from the session when the state is delivered
request.session['error'] = 'Server Error'
......
......@@ -95,8 +95,6 @@ class Service(models.Model):
).distinct():
LOGGER.debug(user.msg('New service for group. Adding to deployment'))
# all group deployments have the same keys
# TODO check that assumption
try:
deployment = user.deployments.get(group=group)
deployment.service_added(self)
......@@ -113,7 +111,6 @@ class SSHPublicKey(models.Model):
max_length=1000
)
# hidden field at the user
# TODO checks: if the user is null
user = models.ForeignKey(
User,
related_name='_ssh_keys',
......@@ -626,7 +623,6 @@ class DeploymentStateItem(models.Model):
def user_deploy(self):
if self.state == 'removal_pending':
self._set_state('deployed')
# TODO this is now valid
return
if self.state == 'deployed':
......@@ -648,7 +644,6 @@ class DeploymentStateItem(models.Model):
self.state == 'deployment_pending'
or self.state == 'questionnaire'
):
# TODO this is not valid
self._set_state('not_deployed')
return
......
import logging
from django.contrib.auth.models import Group
from rest_framework import generics, views
from rest_framework.authentication import BasicAuthentication
from rest_framework.response import Response
from ..models.brokers import RabbitMQInstance
from ..models.serializers.webpage import DeploymentStateSerializer
from ..models.serializers.clients import RabbitMQInstanceSerializer
......@@ -35,11 +35,6 @@ class ConfigurationView(views.APIView):
#services = request.data.get('services', None)
group_to_services = request.data.get('group_to_services', None)
# TODO check if client has new services
#if services is not None:
# for service in services:
# pass
if group_to_services is not None:
for group_name, group_service_list in group_to_services.items():
group = None
......@@ -132,28 +127,18 @@ class ResponseView(views.APIView):
return response_view_error(err)
# find the corresponding DeploymentStateItem for this response
state_item = None
query = client_site.state_items.filter(
parent__id=int(state_id),
site=client_site,
service=service,
)
if query.exists():
if len(query) == 1:
state_item = query.first()
else:
LOGGER.error('[ResponseView] ambiguous DStateItem')
return response_view_error('ambiguous DeploymentStateItem')
else:
LOGGER.error('[ResponseView] No matching DStateItem')
return response_view_error('no matching DeploymentStateItem')
if state_item is not None:
try:
state_item = client_site.state_items.get(
parent__id=int(state_id),
site=client_site,
service=service,
)
err = state_item.client_response(output)
if err is not None:
LOGGER.error('[ResponseView] Error parsing response from %s: %s', request.user, err)
return response_view_error(err)
return Response({})
LOGGER.info('[ResponseView] %s executed the obsolete state#%s', request.user, state_id)
return response_view_error('obsolete state')
except models.DeploymentStateItem.DoesNotExist:
LOGGER.error('[ResponseView] No matching DStateItem')
return response_view_error('no matching DeploymentStateItem')
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment