def process(resources): response = [] changed = True for resource in resources: p_state = resource["state"] p_name = resource["name"] try: login_service = LoginService.get(name=p_name) except LoginService.DoesNotExist: login_service = None if p_state == "absent": if login_service is not None: changed = True login_service.delete_instance() response.append("Login Service '%s' deleted" % p_name) changed = True else: response.append("Login Service '%s' does not exist" % p_name) else: if login_service is None: changed = True login_service = LoginService.create(name=p_name) response.append("Login Service '%s' created" % p_name) else: response.append("Login Service '%s' exists" % p_name) return {"failed": False, "changed": changed, "meta": response}, 200
def regenerate_robot_token(robot_shortname, parent): robot_username = format_robot_username(parent.username, robot_shortname) robot, metadata = lookup_robot_and_metadata(robot_username) password = random_string_generator(length=64)() robot.email = str(uuid4()) robot.uuid = str(uuid4()) service = LoginService.get(name="quayrobot") login = FederatedLogin.get(FederatedLogin.user == robot, FederatedLogin.service == service) login.service_ident = "robot:%s" % (robot.id) try: token_data = RobotAccountToken.get(robot_account=robot) except RobotAccountToken.DoesNotExist: token_data = RobotAccountToken.create(robot_account=robot) token_data.token = password with db_transaction(): token_data.save() login.save() robot.save() return robot, password, metadata
def create_robot(robot_shortname, parent, description="", unstructured_metadata=None): (username_valid, username_issue) = validate_username(robot_shortname) if not username_valid: raise InvalidRobotException( "The name for the robot '%s' is invalid: %s" % (robot_shortname, username_issue) ) username = format_robot_username(parent.username, robot_shortname) try: User.get(User.username == username) msg = "Existing robot with name: %s" % username logger.info(msg) raise InvalidRobotException(msg) except User.DoesNotExist: pass service = LoginService.get(name="quayrobot") try: with db_transaction(): created = User.create(username=username, email=str(uuid.uuid4()), robot=True) token = random_string_generator(length=64)() RobotAccountToken.create(robot_account=created, token=token, fully_migrated=True) FederatedLogin.create( user=created, service=service, service_ident="robot:%s" % created.id ) RobotAccountMetadata.create( robot_account=created, description=description[0:255], unstructured_json=unstructured_metadata or {}, ) return created, token except Exception as ex: raise DataModelException(ex.message)
def set_team_syncing(team, login_service_name, config): """ Sets the given team to sync to the given service using the given config. """ login_service = LoginService.get(name=login_service_name) return TeamSync.create(team=team, transaction_id="", service=login_service, config=json.dumps(config))
def detach_external_login(user, service_name): try: service = LoginService.get(name=service_name) except LoginService.DoesNotExist: return FederatedLogin.delete().where(FederatedLogin.user == user, FederatedLogin.service == service).execute()
def get_federated_team_member_mapping(team, login_service_name): """ Returns a dict of all federated IDs for all team members in the team whose users are bound to the login service within the given name. The dictionary is from federated service identifier (username) to their Quay User table ID. """ login_service = LoginService.get(name=login_service_name) query = (FederatedLogin.select( FederatedLogin.service_ident, User.id).join(User).join(TeamMember).join(Team).where( Team.id == team, User.robot == False, FederatedLogin.service == login_service)) return dict(query.tuples())
def initialize_database(): db_encrypter.initialize(FieldEncrypter("anothercrazykey!")) db.create_tables(all_models) Role.create(name="admin") Role.create(name="write") Role.create(name="read") TeamRole.create(name="admin") TeamRole.create(name="creator") TeamRole.create(name="member") Visibility.create(name="public") Visibility.create(name="private") LoginService.create(name="google") LoginService.create(name="github") LoginService.create(name="quayrobot") LoginService.create(name="ldap") LoginService.create(name="jwtauthn") LoginService.create(name="keystone") LoginService.create(name="dex") LoginService.create(name="oidc") BuildTriggerService.create(name="github") BuildTriggerService.create(name="custom-git") BuildTriggerService.create(name="bitbucket") BuildTriggerService.create(name="gitlab") AccessTokenKind.create(name="build-worker") AccessTokenKind.create(name="pushpull-token") LogEntryKind.create(name="account_change_plan") LogEntryKind.create(name="account_change_cc") LogEntryKind.create(name="account_change_password") LogEntryKind.create(name="account_convert") LogEntryKind.create(name="create_robot") LogEntryKind.create(name="delete_robot") LogEntryKind.create(name="create_repo") LogEntryKind.create(name="push_repo") LogEntryKind.create(name="pull_repo") LogEntryKind.create(name="delete_repo") LogEntryKind.create(name="create_tag") LogEntryKind.create(name="move_tag") LogEntryKind.create(name="delete_tag") LogEntryKind.create(name="revert_tag") LogEntryKind.create(name="add_repo_permission") LogEntryKind.create(name="change_repo_permission") LogEntryKind.create(name="delete_repo_permission") LogEntryKind.create(name="change_repo_visibility") LogEntryKind.create(name="change_repo_trust") LogEntryKind.create(name="add_repo_accesstoken") LogEntryKind.create(name="delete_repo_accesstoken") LogEntryKind.create(name="set_repo_description") LogEntryKind.create(name="change_repo_state") LogEntryKind.create(name="build_dockerfile") LogEntryKind.create(name="org_create_team") LogEntryKind.create(name="org_delete_team") LogEntryKind.create(name="org_invite_team_member") LogEntryKind.create(name="org_delete_team_member_invite") LogEntryKind.create(name="org_add_team_member") LogEntryKind.create(name="org_team_member_invite_accepted") LogEntryKind.create(name="org_team_member_invite_declined") LogEntryKind.create(name="org_remove_team_member") LogEntryKind.create(name="org_set_team_description") LogEntryKind.create(name="org_set_team_role") LogEntryKind.create(name="create_prototype_permission") LogEntryKind.create(name="modify_prototype_permission") LogEntryKind.create(name="delete_prototype_permission") LogEntryKind.create(name="setup_repo_trigger") LogEntryKind.create(name="delete_repo_trigger") LogEntryKind.create(name="create_application") LogEntryKind.create(name="update_application") LogEntryKind.create(name="delete_application") LogEntryKind.create(name="reset_application_client_secret") # Note: These next two are deprecated. LogEntryKind.create(name="add_repo_webhook") LogEntryKind.create(name="delete_repo_webhook") LogEntryKind.create(name="add_repo_notification") LogEntryKind.create(name="delete_repo_notification") LogEntryKind.create(name="reset_repo_notification") LogEntryKind.create(name="regenerate_robot_token") LogEntryKind.create(name="repo_verb") LogEntryKind.create(name="repo_mirror_enabled") LogEntryKind.create(name="repo_mirror_disabled") LogEntryKind.create(name="repo_mirror_config_changed") LogEntryKind.create(name="repo_mirror_sync_started") LogEntryKind.create(name="repo_mirror_sync_failed") LogEntryKind.create(name="repo_mirror_sync_success") LogEntryKind.create(name="repo_mirror_sync_now_requested") LogEntryKind.create(name="repo_mirror_sync_tag_success") LogEntryKind.create(name="repo_mirror_sync_tag_failed") LogEntryKind.create(name="repo_mirror_sync_test_success") LogEntryKind.create(name="repo_mirror_sync_test_failed") LogEntryKind.create(name="repo_mirror_sync_test_started") LogEntryKind.create(name="service_key_create") LogEntryKind.create(name="service_key_approve") LogEntryKind.create(name="service_key_delete") LogEntryKind.create(name="service_key_modify") LogEntryKind.create(name="service_key_extend") LogEntryKind.create(name="service_key_rotate") LogEntryKind.create(name="take_ownership") LogEntryKind.create(name="manifest_label_add") LogEntryKind.create(name="manifest_label_delete") LogEntryKind.create(name="change_tag_expiration") LogEntryKind.create(name="toggle_repo_trigger") LogEntryKind.create(name="create_app_specific_token") LogEntryKind.create(name="revoke_app_specific_token") ImageStorageLocation.create(name="local_eu") ImageStorageLocation.create(name="local_us") ApprBlobPlacementLocation.create(name="local_eu") ApprBlobPlacementLocation.create(name="local_us") ImageStorageTransformation.create(name="squash") ImageStorageTransformation.create(name="aci") ImageStorageSignatureKind.create(name="gpg2") # NOTE: These MUST be copied over to NotificationKind, since every external # notification can also generate a Quay.io notification. ExternalNotificationEvent.create(name="repo_push") ExternalNotificationEvent.create(name="build_queued") ExternalNotificationEvent.create(name="build_start") ExternalNotificationEvent.create(name="build_success") ExternalNotificationEvent.create(name="build_cancelled") ExternalNotificationEvent.create(name="build_failure") ExternalNotificationEvent.create(name="vulnerability_found") ExternalNotificationEvent.create(name="repo_mirror_sync_started") ExternalNotificationEvent.create(name="repo_mirror_sync_success") ExternalNotificationEvent.create(name="repo_mirror_sync_failed") ExternalNotificationMethod.create(name="quay_notification") ExternalNotificationMethod.create(name="email") ExternalNotificationMethod.create(name="webhook") ExternalNotificationMethod.create(name="flowdock") ExternalNotificationMethod.create(name="hipchat") ExternalNotificationMethod.create(name="slack") NotificationKind.create(name="repo_push") NotificationKind.create(name="build_queued") NotificationKind.create(name="build_start") NotificationKind.create(name="build_success") NotificationKind.create(name="build_cancelled") NotificationKind.create(name="build_failure") NotificationKind.create(name="vulnerability_found") NotificationKind.create(name="service_key_submitted") NotificationKind.create(name="password_required") NotificationKind.create(name="over_private_usage") NotificationKind.create(name="expiring_license") NotificationKind.create(name="maintenance") NotificationKind.create(name="org_team_invite") NotificationKind.create(name="repo_mirror_sync_started") NotificationKind.create(name="repo_mirror_sync_success") NotificationKind.create(name="repo_mirror_sync_failed") NotificationKind.create(name="test_notification") QuayRegion.create(name="us") QuayService.create(name="quay") MediaType.create(name="text/plain") MediaType.create(name="application/json") MediaType.create(name="text/markdown") MediaType.create(name="application/vnd.cnr.blob.v0.tar+gzip") MediaType.create(name="application/vnd.cnr.package-manifest.helm.v0.json") MediaType.create(name="application/vnd.cnr.package-manifest.kpm.v0.json") MediaType.create( name="application/vnd.cnr.package-manifest.docker-compose.v0.json") MediaType.create(name="application/vnd.cnr.package.kpm.v0.tar+gzip") MediaType.create(name="application/vnd.cnr.package.helm.v0.tar+gzip") MediaType.create( name="application/vnd.cnr.package.docker-compose.v0.tar+gzip") MediaType.create(name="application/vnd.cnr.manifests.v0.json") MediaType.create(name="application/vnd.cnr.manifest.list.v0.json") for media_type in DOCKER_SCHEMA1_CONTENT_TYPES: MediaType.create(name=media_type) for media_type in DOCKER_SCHEMA2_CONTENT_TYPES: MediaType.create(name=media_type) for media_type in OCI_CONTENT_TYPES: MediaType.create(name=media_type) LabelSourceType.create(name="manifest") LabelSourceType.create(name="api", mutable=True) LabelSourceType.create(name="internal") UserPromptKind.create(name="confirm_username") UserPromptKind.create(name="enter_name") UserPromptKind.create(name="enter_company") RepositoryKind.create(name="image") RepositoryKind.create(name="application") ApprTagKind.create(name="tag") ApprTagKind.create(name="release") ApprTagKind.create(name="channel") DisableReason.create(name="user_toggled") DisableReason.create(name="successive_build_failures") DisableReason.create(name="successive_build_internal_errors") TagKind.create(name="tag")
def _get_login_service(service_id): try: return LoginService.get(LoginService.name == service_id) except LoginService.DoesNotExist: return LoginService.create(name=service_id)
def initialize_database(): db.create_tables(all_models) Role.create(name='admin') Role.create(name='write') Role.create(name='read') TeamRole.create(name='admin') TeamRole.create(name='creator') TeamRole.create(name='member') Visibility.create(name='public') Visibility.create(name='private') LoginService.create(name='google') LoginService.create(name='github') LoginService.create(name='quayrobot') LoginService.create(name='ldap') LoginService.create(name='jwtauthn') LoginService.create(name='keystone') LoginService.create(name='dex') LoginService.create(name='oidc') BuildTriggerService.create(name='github') BuildTriggerService.create(name='custom-git') BuildTriggerService.create(name='bitbucket') BuildTriggerService.create(name='gitlab') AccessTokenKind.create(name='build-worker') AccessTokenKind.create(name='pushpull-token') LogEntryKind.create(name='account_change_plan') LogEntryKind.create(name='account_change_cc') LogEntryKind.create(name='account_change_password') LogEntryKind.create(name='account_convert') LogEntryKind.create(name='create_robot') LogEntryKind.create(name='delete_robot') LogEntryKind.create(name='create_repo') LogEntryKind.create(name='push_repo') LogEntryKind.create(name='pull_repo') LogEntryKind.create(name='delete_repo') LogEntryKind.create(name='create_tag') LogEntryKind.create(name='move_tag') LogEntryKind.create(name='delete_tag') LogEntryKind.create(name='revert_tag') LogEntryKind.create(name='add_repo_permission') LogEntryKind.create(name='change_repo_permission') LogEntryKind.create(name='delete_repo_permission') LogEntryKind.create(name='change_repo_visibility') LogEntryKind.create(name='change_repo_trust') LogEntryKind.create(name='add_repo_accesstoken') LogEntryKind.create(name='delete_repo_accesstoken') LogEntryKind.create(name='set_repo_description') LogEntryKind.create(name='change_repo_state') LogEntryKind.create(name='build_dockerfile') LogEntryKind.create(name='org_create_team') LogEntryKind.create(name='org_delete_team') LogEntryKind.create(name='org_invite_team_member') LogEntryKind.create(name='org_delete_team_member_invite') LogEntryKind.create(name='org_add_team_member') LogEntryKind.create(name='org_team_member_invite_accepted') LogEntryKind.create(name='org_team_member_invite_declined') LogEntryKind.create(name='org_remove_team_member') LogEntryKind.create(name='org_set_team_description') LogEntryKind.create(name='org_set_team_role') LogEntryKind.create(name='create_prototype_permission') LogEntryKind.create(name='modify_prototype_permission') LogEntryKind.create(name='delete_prototype_permission') LogEntryKind.create(name='setup_repo_trigger') LogEntryKind.create(name='delete_repo_trigger') LogEntryKind.create(name='create_application') LogEntryKind.create(name='update_application') LogEntryKind.create(name='delete_application') LogEntryKind.create(name='reset_application_client_secret') # Note: These next two are deprecated. LogEntryKind.create(name='add_repo_webhook') LogEntryKind.create(name='delete_repo_webhook') LogEntryKind.create(name='add_repo_notification') LogEntryKind.create(name='delete_repo_notification') LogEntryKind.create(name='reset_repo_notification') LogEntryKind.create(name='regenerate_robot_token') LogEntryKind.create(name='repo_verb') LogEntryKind.create(name='repo_mirror_enabled') LogEntryKind.create(name='repo_mirror_disabled') LogEntryKind.create(name='repo_mirror_config_changed') LogEntryKind.create(name='repo_mirror_sync_started') LogEntryKind.create(name='repo_mirror_sync_failed') LogEntryKind.create(name='repo_mirror_sync_success') LogEntryKind.create(name='repo_mirror_sync_now_requested') LogEntryKind.create(name='repo_mirror_sync_tag_success') LogEntryKind.create(name='repo_mirror_sync_tag_failed') LogEntryKind.create(name='repo_mirror_sync_test_success') LogEntryKind.create(name='repo_mirror_sync_test_failed') LogEntryKind.create(name='repo_mirror_sync_test_started') LogEntryKind.create(name='service_key_create') LogEntryKind.create(name='service_key_approve') LogEntryKind.create(name='service_key_delete') LogEntryKind.create(name='service_key_modify') LogEntryKind.create(name='service_key_extend') LogEntryKind.create(name='service_key_rotate') LogEntryKind.create(name='take_ownership') LogEntryKind.create(name='manifest_label_add') LogEntryKind.create(name='manifest_label_delete') LogEntryKind.create(name='change_tag_expiration') LogEntryKind.create(name='toggle_repo_trigger') LogEntryKind.create(name='create_app_specific_token') LogEntryKind.create(name='revoke_app_specific_token') ImageStorageLocation.create(name='local_eu') ImageStorageLocation.create(name='local_us') ApprBlobPlacementLocation.create(name='local_eu') ApprBlobPlacementLocation.create(name='local_us') ImageStorageTransformation.create(name='squash') ImageStorageTransformation.create(name='aci') ImageStorageSignatureKind.create(name='gpg2') # NOTE: These MUST be copied over to NotificationKind, since every external # notification can also generate a Quay.io notification. ExternalNotificationEvent.create(name='repo_push') ExternalNotificationEvent.create(name='build_queued') ExternalNotificationEvent.create(name='build_start') ExternalNotificationEvent.create(name='build_success') ExternalNotificationEvent.create(name='build_cancelled') ExternalNotificationEvent.create(name='build_failure') ExternalNotificationEvent.create(name='vulnerability_found') ExternalNotificationEvent.create(name='repo_mirror_sync_started') ExternalNotificationEvent.create(name='repo_mirror_sync_success') ExternalNotificationEvent.create(name='repo_mirror_sync_failed') ExternalNotificationMethod.create(name='quay_notification') ExternalNotificationMethod.create(name='email') ExternalNotificationMethod.create(name='webhook') ExternalNotificationMethod.create(name='flowdock') ExternalNotificationMethod.create(name='hipchat') ExternalNotificationMethod.create(name='slack') NotificationKind.create(name='repo_push') NotificationKind.create(name='build_queued') NotificationKind.create(name='build_start') NotificationKind.create(name='build_success') NotificationKind.create(name='build_cancelled') NotificationKind.create(name='build_failure') NotificationKind.create(name='vulnerability_found') NotificationKind.create(name='service_key_submitted') NotificationKind.create(name='password_required') NotificationKind.create(name='over_private_usage') NotificationKind.create(name='expiring_license') NotificationKind.create(name='maintenance') NotificationKind.create(name='org_team_invite') NotificationKind.create(name='repo_mirror_sync_started') NotificationKind.create(name='repo_mirror_sync_success') NotificationKind.create(name='repo_mirror_sync_failed') NotificationKind.create(name='test_notification') QuayRegion.create(name='us') QuayService.create(name='quay') MediaType.create(name='text/plain') MediaType.create(name='application/json') MediaType.create(name='text/markdown') MediaType.create(name='application/vnd.cnr.blob.v0.tar+gzip') MediaType.create(name='application/vnd.cnr.package-manifest.helm.v0.json') MediaType.create(name='application/vnd.cnr.package-manifest.kpm.v0.json') MediaType.create( name='application/vnd.cnr.package-manifest.docker-compose.v0.json') MediaType.create(name='application/vnd.cnr.package.kpm.v0.tar+gzip') MediaType.create(name='application/vnd.cnr.package.helm.v0.tar+gzip') MediaType.create( name='application/vnd.cnr.package.docker-compose.v0.tar+gzip') MediaType.create(name='application/vnd.cnr.manifests.v0.json') MediaType.create(name='application/vnd.cnr.manifest.list.v0.json') for media_type in DOCKER_SCHEMA1_CONTENT_TYPES: MediaType.create(name=media_type) for media_type in DOCKER_SCHEMA2_CONTENT_TYPES: MediaType.create(name=media_type) LabelSourceType.create(name='manifest') LabelSourceType.create(name='api', mutable=True) LabelSourceType.create(name='internal') UserPromptKind.create(name='confirm_username') UserPromptKind.create(name='enter_name') UserPromptKind.create(name='enter_company') RepositoryKind.create(name='image') RepositoryKind.create(name='application') ApprTagKind.create(name='tag') ApprTagKind.create(name='release') ApprTagKind.create(name='channel') DisableReason.create(name='user_toggled') DisableReason.create(name='successive_build_failures') DisableReason.create(name='successive_build_internal_errors') TagKind.create(name='tag')