Beispiel #1
0
def pre_delete_labs(sender, instance, using, **kwargs):
    kc = keylib.keycloak_init()
    keylib.keycloak_delete_client(kc, instance.keycloak_client_id)
    
    scope_id = keylib.keycloak_get_client_scope_id(kc, instance.keycloak_client_id+'-scope')
    keylib.keycloak_delete_client_scope(kc, scope_id)

    l = ProjectLog(project=instance.project, module='LA', headline='Lab Session',
                       description='Lab Session {name} has been removed'.format(name=instance.name))
    l.save()
Beispiel #2
0
def delete_project_resources(project):
    retval = r.get(settings.CHART_CONTROLLER_URL + '/delete?release={}'.format(str(project.slug)))

    if retval:
        # Delete Keycloak project client
        kc = keylib.keycloak_init()
        keylib.keycloak_delete_client(kc, project.slug)
        
        scope_id = keylib.keycloak_get_client_scope_id(kc, project.slug+'-scope')
        keylib.keycloak_delete_client_scope(kc, scope_id)
        return True

    return False
Beispiel #3
0
def pre_delete_deployment(sender, instance, using, **kwargs):
    model = instance.model
    model.status = 'CR'
    model.save()
    # Uninstall resources
    # chart = instance.helmchart
    # chart.delete()
    # Clean up in Keycloak
    print('Cleaning up in Keycloak...')
    kc = keylib.keycloak_init()
    keylib.keycloak_delete_client(kc, instance.release)
    scope_id = keylib.keycloak_get_client_scope_id(kc,
                                                   instance.release + '-scope')
    keylib.keycloak_delete_client_scope(kc, scope_id)
    print('Done.')
Beispiel #4
0
def delete_session_resources(session):
    print("trying to delete {}".format(session.slug))
    parameters = {'release': str(session.slug)}
    retval = r.get(settings.CHART_CONTROLLER_URL + '/delete', parameters)
    
    kc = keylib.keycloak_init()
    keylib.keycloak_delete_client(kc, str(session.slug))
    
    scope_id = keylib.keycloak_get_client_scope_id(kc, str(session.slug)+'-scope')
    keylib.keycloak_delete_client_scope(kc, scope_id)

    if retval:
        print('delete success!')
        return True
    print('delete failed!?')
    return False
Beispiel #5
0
def pre_save_deployment(sender, instance, using, **kwargs):
    model = instance.model

    if model.status == 'DP':
        raise Exception('Model already deployed.')

    model_file = model.uid
    model_bucket = 'models'

    deployment_name = slugify(model.name)
    deployment_version = slugify(model.version)
    deployment_endpoint = '{}-{}.{}'.format(model.name, model.version,
                                            settings.DOMAIN)

    deployment_endpoint = settings.DOMAIN
    deployment_path = '/{}/serve/{}/{}/'.format(model.project.slug,
                                                slugify(model.name),
                                                slugify(model.version))

    instance.endpoint = deployment_endpoint
    instance.path = deployment_path

    context = instance.deployment
    context_image = context.image

    project = model.project
    project_slug = project.slug

    minio_keys = get_minio_keys(project)
    decrypted_key = minio_keys['project_key']
    decrypted_secret = minio_keys['project_secret']
    minio_access_key = decrypted_key
    minio_secret_key = decrypted_secret

    minio_host = project_slug + '-minio:9000'

    global_domain = settings.DOMAIN

    HOST = settings.DOMAIN
    RELEASE_NAME = slugify(
        str(project_slug) + '-' + str(deployment_name) + '-' +
        str(deployment_version))
    burl = os.path.join('https://', HOST)
    eurl = os.path.join(deployment_endpoint, deployment_path)
    URL = burl + eurl

    instance.appname = instance.model.project.slug + '-' + slugify(
        instance.model.name) + '-' + slugify(instance.model.version)

    # Create Keycloak client corresponding to this deployment
    print(URL)
    print(RELEASE_NAME)
    print(instance.created_by.username)
    client_id, client_secret = keylib.keycloak_setup_base_client(
        URL, RELEASE_NAME, instance.created_by.username, ['owner'], ['owner'])

    skip_tls = 0
    if not settings.OIDC_VERIFY_SSL:
        skip_tls = 1
        print("WARNING: Skipping TLS verify.")

    # Default is that access is private.
    rules = """resources:
    - uri: /*
      roles:
      - {}:owner
    """.format(client_id)

    access_rules = {"gatekeeper.rules": rules}

    if 'access' in instance.params:
        print(instance.params['access'])
        if instance.params['access'] == 'public':
            # No rule means open to anyone.
            print("Public endpoint")
            access_rules = {"gatekeeper.rules": "public"}
        del instance.params['access']

    print(instance.params)

    parameters = {
        'release': RELEASE_NAME,
        'chart': 'deploy',
        'namespace': settings.NAMESPACE,
        'appname': instance.appname,
        'replicas': '1',
        'global.domain': global_domain,
        'project.slug': project_slug,
        'deployment.version': deployment_version,
        'deployment.name': deployment_name,
        'deployment.endpoint': deployment_endpoint,
        'deployment.path': deployment_path,
        'context.image': context_image,
        'model.bucket': model_bucket,
        'model.file': model_file,
        'minio.host': minio_host,
        'minio.secret_key': minio_secret_key,
        'minio.access_key': minio_access_key,
        'gatekeeper.realm': settings.KC_REALM,
        'gatekeeper.client_secret': client_secret,
        'gatekeeper.client_id': client_id,
        'gatekeeper.auth_endpoint': settings.OIDC_OP_REALM_AUTH,
        'gatekeeper.skip_tls': str(skip_tls)
    }

    parameters.update(instance.params)
    parameters.update(access_rules)
    print('creating chart')
    helmchart = HelmResource(name=RELEASE_NAME,
                             namespace='Default',
                             chart='deploy',
                             params=parameters,
                             username=instance.created_by.username)
    helmchart.save()
    instance.helmchart = helmchart

    if helmchart.status == 'Failed':
        # If fail, clean up in Keycloak
        kc = keylib.keycloak_init()
        keylib.keycloak_delete_client(kc, RELEASE_NAME)
        scope_id = keylib.keycloak_get_client_scope_id(kc,
                                                       RELEASE_NAME + '-scope')
        keylib.keycloak_delete_client_scope(kc, scope_id)
        raise Exception('Failed to launch deploy job.')
    else:
        instance.release = RELEASE_NAME
        model.status = 'DP'
        model.save()