Ejemplo n.º 1
0
def process(resources):
    response = []
    changed = True

    for resource in resources:
        p_state = resource["state"]
        p_name = resource["name"]

        try:
            team_role = TeamRole.get(name=p_name)
        except TeamRole.DoesNotExist:
            team_role = None
        if p_state == "absent":
            if team_role is not None:
                changed = True
                team_role.delete_instance()
                response.append("Team Role '%s' deleted" % p_name)
                changed = True
            else:
                response.append("Team Role '%s' does not exist" % p_name)
        else:
            if team_role is None:
                changed = True
                team_role = TeamRole.create(name=p_name)
                response.append("Team Role '%s' created" % p_name)
            else:
                response.append("Team Role '%s' exists" % p_name)

    return {"failed": False, "changed": changed, "meta": response}, 200
Ejemplo n.º 2
0
def add_user_as_admin(user_obj, org_obj):
    try:
        admin_role = TeamRole.get(name="admin")
        admin_team = (Team.select().where(Team.role == admin_role,
                                          Team.organization == org_obj).get())
        team.add_user_to_team(user_obj, admin_team)
    except team.UserAlreadyInTeam:
        pass
Ejemplo n.º 3
0
def create_team(name, org_obj, team_role_name, description=""):
    (teamname_valid, teamname_issue) = validate_team_name(name)
    if not teamname_valid:
        raise InvalidTeamException("Invalid team name %s: %s" %
                                   (name, teamname_issue))

    if not org_obj.organization:
        raise InvalidTeamException(
            "Specified organization %s was not an organization" %
            org_obj.username)

    team_role = TeamRole.get(TeamRole.name == team_role_name)
    return Team.create(name=name,
                       organization=org_obj,
                       role=team_role,
                       description=description)
Ejemplo n.º 4
0
def set_team_org_permission(team, team_role_name, set_by_username):
    if team.role.name == "admin" and team_role_name != "admin":
        # We need to make sure we're not removing the users only admin role
        user_admin_teams = __get_user_admin_teams(team.organization.username,
                                                  set_by_username)
        admin_team_set = {admin_team.name for admin_team in user_admin_teams}
        if team.name in admin_team_set and len(admin_team_set) <= 1:
            msg = ("Cannot remove admin from team '%s' because calling user " +
                   "would no longer have admin on org '%s'") % (
                       team.name, team.organization.username)
            raise DataModelException(msg)

    new_role = TeamRole.get(TeamRole.name == team_role_name)
    team.role = new_role
    team.save()
    return team
Ejemplo n.º 5
0
def check_health(app_config):
    # Attempt to connect to the database first. If the DB is not responding,
    # using the validate_database_url will timeout quickly, as opposed to
    # making a normal connect which will just hang (thus breaking the health
    # check).
    try:
        validate_database_url(app_config["DB_URI"], {}, connect_timeout=3)
    except Exception as ex:
        return (False, "Could not connect to the database: %s" % str(ex))

    # We will connect to the db, check that it contains some team role kinds
    try:
        okay = bool(list(TeamRole.select().limit(1)))
        return (okay,
                "Could not connect to the database" if not okay else None)
    except Exception as ex:
        return (False, "Could not connect to the database: %s" % str(ex))
Ejemplo n.º 6
0
def initialize_database():
    db_encrypter.initialize(FieldEncrypter("anothercrazykey!"))
    db.create_tables(all_models)

    Role.create(name="admin")
    Role.create(name="write")
    Role.create(name="read")
    TeamRole.create(name="admin")
    TeamRole.create(name="creator")
    TeamRole.create(name="member")
    Visibility.create(name="public")
    Visibility.create(name="private")

    LoginService.create(name="google")
    LoginService.create(name="github")
    LoginService.create(name="quayrobot")
    LoginService.create(name="ldap")
    LoginService.create(name="jwtauthn")
    LoginService.create(name="keystone")
    LoginService.create(name="dex")
    LoginService.create(name="oidc")

    BuildTriggerService.create(name="github")
    BuildTriggerService.create(name="custom-git")
    BuildTriggerService.create(name="bitbucket")
    BuildTriggerService.create(name="gitlab")

    AccessTokenKind.create(name="build-worker")
    AccessTokenKind.create(name="pushpull-token")

    LogEntryKind.create(name="account_change_plan")
    LogEntryKind.create(name="account_change_cc")
    LogEntryKind.create(name="account_change_password")
    LogEntryKind.create(name="account_convert")

    LogEntryKind.create(name="create_robot")
    LogEntryKind.create(name="delete_robot")

    LogEntryKind.create(name="create_repo")
    LogEntryKind.create(name="push_repo")
    LogEntryKind.create(name="pull_repo")
    LogEntryKind.create(name="delete_repo")
    LogEntryKind.create(name="create_tag")
    LogEntryKind.create(name="move_tag")
    LogEntryKind.create(name="delete_tag")
    LogEntryKind.create(name="revert_tag")
    LogEntryKind.create(name="add_repo_permission")
    LogEntryKind.create(name="change_repo_permission")
    LogEntryKind.create(name="delete_repo_permission")
    LogEntryKind.create(name="change_repo_visibility")
    LogEntryKind.create(name="change_repo_trust")
    LogEntryKind.create(name="add_repo_accesstoken")
    LogEntryKind.create(name="delete_repo_accesstoken")
    LogEntryKind.create(name="set_repo_description")
    LogEntryKind.create(name="change_repo_state")

    LogEntryKind.create(name="build_dockerfile")

    LogEntryKind.create(name="org_create_team")
    LogEntryKind.create(name="org_delete_team")
    LogEntryKind.create(name="org_invite_team_member")
    LogEntryKind.create(name="org_delete_team_member_invite")
    LogEntryKind.create(name="org_add_team_member")
    LogEntryKind.create(name="org_team_member_invite_accepted")
    LogEntryKind.create(name="org_team_member_invite_declined")
    LogEntryKind.create(name="org_remove_team_member")
    LogEntryKind.create(name="org_set_team_description")
    LogEntryKind.create(name="org_set_team_role")

    LogEntryKind.create(name="create_prototype_permission")
    LogEntryKind.create(name="modify_prototype_permission")
    LogEntryKind.create(name="delete_prototype_permission")

    LogEntryKind.create(name="setup_repo_trigger")
    LogEntryKind.create(name="delete_repo_trigger")

    LogEntryKind.create(name="create_application")
    LogEntryKind.create(name="update_application")
    LogEntryKind.create(name="delete_application")
    LogEntryKind.create(name="reset_application_client_secret")

    # Note: These next two are deprecated.
    LogEntryKind.create(name="add_repo_webhook")
    LogEntryKind.create(name="delete_repo_webhook")

    LogEntryKind.create(name="add_repo_notification")
    LogEntryKind.create(name="delete_repo_notification")
    LogEntryKind.create(name="reset_repo_notification")

    LogEntryKind.create(name="regenerate_robot_token")

    LogEntryKind.create(name="repo_verb")

    LogEntryKind.create(name="repo_mirror_enabled")
    LogEntryKind.create(name="repo_mirror_disabled")
    LogEntryKind.create(name="repo_mirror_config_changed")
    LogEntryKind.create(name="repo_mirror_sync_started")
    LogEntryKind.create(name="repo_mirror_sync_failed")
    LogEntryKind.create(name="repo_mirror_sync_success")
    LogEntryKind.create(name="repo_mirror_sync_now_requested")
    LogEntryKind.create(name="repo_mirror_sync_tag_success")
    LogEntryKind.create(name="repo_mirror_sync_tag_failed")
    LogEntryKind.create(name="repo_mirror_sync_test_success")
    LogEntryKind.create(name="repo_mirror_sync_test_failed")
    LogEntryKind.create(name="repo_mirror_sync_test_started")

    LogEntryKind.create(name="service_key_create")
    LogEntryKind.create(name="service_key_approve")
    LogEntryKind.create(name="service_key_delete")
    LogEntryKind.create(name="service_key_modify")
    LogEntryKind.create(name="service_key_extend")
    LogEntryKind.create(name="service_key_rotate")

    LogEntryKind.create(name="take_ownership")

    LogEntryKind.create(name="manifest_label_add")
    LogEntryKind.create(name="manifest_label_delete")

    LogEntryKind.create(name="change_tag_expiration")
    LogEntryKind.create(name="toggle_repo_trigger")

    LogEntryKind.create(name="create_app_specific_token")
    LogEntryKind.create(name="revoke_app_specific_token")

    ImageStorageLocation.create(name="local_eu")
    ImageStorageLocation.create(name="local_us")

    ApprBlobPlacementLocation.create(name="local_eu")
    ApprBlobPlacementLocation.create(name="local_us")

    ImageStorageTransformation.create(name="squash")
    ImageStorageTransformation.create(name="aci")

    ImageStorageSignatureKind.create(name="gpg2")

    # NOTE: These MUST be copied over to NotificationKind, since every external
    # notification can also generate a Quay.io notification.
    ExternalNotificationEvent.create(name="repo_push")
    ExternalNotificationEvent.create(name="build_queued")
    ExternalNotificationEvent.create(name="build_start")
    ExternalNotificationEvent.create(name="build_success")
    ExternalNotificationEvent.create(name="build_cancelled")
    ExternalNotificationEvent.create(name="build_failure")
    ExternalNotificationEvent.create(name="vulnerability_found")

    ExternalNotificationEvent.create(name="repo_mirror_sync_started")
    ExternalNotificationEvent.create(name="repo_mirror_sync_success")
    ExternalNotificationEvent.create(name="repo_mirror_sync_failed")

    ExternalNotificationMethod.create(name="quay_notification")
    ExternalNotificationMethod.create(name="email")
    ExternalNotificationMethod.create(name="webhook")

    ExternalNotificationMethod.create(name="flowdock")
    ExternalNotificationMethod.create(name="hipchat")
    ExternalNotificationMethod.create(name="slack")

    NotificationKind.create(name="repo_push")
    NotificationKind.create(name="build_queued")
    NotificationKind.create(name="build_start")
    NotificationKind.create(name="build_success")
    NotificationKind.create(name="build_cancelled")
    NotificationKind.create(name="build_failure")
    NotificationKind.create(name="vulnerability_found")
    NotificationKind.create(name="service_key_submitted")

    NotificationKind.create(name="password_required")
    NotificationKind.create(name="over_private_usage")
    NotificationKind.create(name="expiring_license")
    NotificationKind.create(name="maintenance")
    NotificationKind.create(name="org_team_invite")

    NotificationKind.create(name="repo_mirror_sync_started")
    NotificationKind.create(name="repo_mirror_sync_success")
    NotificationKind.create(name="repo_mirror_sync_failed")

    NotificationKind.create(name="test_notification")

    QuayRegion.create(name="us")
    QuayService.create(name="quay")

    MediaType.create(name="text/plain")
    MediaType.create(name="application/json")
    MediaType.create(name="text/markdown")
    MediaType.create(name="application/vnd.cnr.blob.v0.tar+gzip")
    MediaType.create(name="application/vnd.cnr.package-manifest.helm.v0.json")
    MediaType.create(name="application/vnd.cnr.package-manifest.kpm.v0.json")
    MediaType.create(
        name="application/vnd.cnr.package-manifest.docker-compose.v0.json")
    MediaType.create(name="application/vnd.cnr.package.kpm.v0.tar+gzip")
    MediaType.create(name="application/vnd.cnr.package.helm.v0.tar+gzip")
    MediaType.create(
        name="application/vnd.cnr.package.docker-compose.v0.tar+gzip")
    MediaType.create(name="application/vnd.cnr.manifests.v0.json")
    MediaType.create(name="application/vnd.cnr.manifest.list.v0.json")

    for media_type in DOCKER_SCHEMA1_CONTENT_TYPES:
        MediaType.create(name=media_type)

    for media_type in DOCKER_SCHEMA2_CONTENT_TYPES:
        MediaType.create(name=media_type)

    for media_type in OCI_CONTENT_TYPES:
        MediaType.create(name=media_type)

    LabelSourceType.create(name="manifest")
    LabelSourceType.create(name="api", mutable=True)
    LabelSourceType.create(name="internal")

    UserPromptKind.create(name="confirm_username")
    UserPromptKind.create(name="enter_name")
    UserPromptKind.create(name="enter_company")

    RepositoryKind.create(name="image")
    RepositoryKind.create(name="application")

    ApprTagKind.create(name="tag")
    ApprTagKind.create(name="release")
    ApprTagKind.create(name="channel")

    DisableReason.create(name="user_toggled")
    DisableReason.create(name="successive_build_failures")
    DisableReason.create(name="successive_build_internal_errors")

    TagKind.create(name="tag")
Ejemplo n.º 7
0
def _lookup_team_roles():
    return {role.name: role for role in TeamRole.select()}
Ejemplo n.º 8
0
def initialize_database():
    db.create_tables(all_models)

    Role.create(name='admin')
    Role.create(name='write')
    Role.create(name='read')
    TeamRole.create(name='admin')
    TeamRole.create(name='creator')
    TeamRole.create(name='member')
    Visibility.create(name='public')
    Visibility.create(name='private')

    LoginService.create(name='google')
    LoginService.create(name='github')
    LoginService.create(name='quayrobot')
    LoginService.create(name='ldap')
    LoginService.create(name='jwtauthn')
    LoginService.create(name='keystone')
    LoginService.create(name='dex')
    LoginService.create(name='oidc')

    BuildTriggerService.create(name='github')
    BuildTriggerService.create(name='custom-git')
    BuildTriggerService.create(name='bitbucket')
    BuildTriggerService.create(name='gitlab')

    AccessTokenKind.create(name='build-worker')
    AccessTokenKind.create(name='pushpull-token')

    LogEntryKind.create(name='account_change_plan')
    LogEntryKind.create(name='account_change_cc')
    LogEntryKind.create(name='account_change_password')
    LogEntryKind.create(name='account_convert')

    LogEntryKind.create(name='create_robot')
    LogEntryKind.create(name='delete_robot')

    LogEntryKind.create(name='create_repo')
    LogEntryKind.create(name='push_repo')
    LogEntryKind.create(name='pull_repo')
    LogEntryKind.create(name='delete_repo')
    LogEntryKind.create(name='create_tag')
    LogEntryKind.create(name='move_tag')
    LogEntryKind.create(name='delete_tag')
    LogEntryKind.create(name='revert_tag')
    LogEntryKind.create(name='add_repo_permission')
    LogEntryKind.create(name='change_repo_permission')
    LogEntryKind.create(name='delete_repo_permission')
    LogEntryKind.create(name='change_repo_visibility')
    LogEntryKind.create(name='change_repo_trust')
    LogEntryKind.create(name='add_repo_accesstoken')
    LogEntryKind.create(name='delete_repo_accesstoken')
    LogEntryKind.create(name='set_repo_description')
    LogEntryKind.create(name='change_repo_state')

    LogEntryKind.create(name='build_dockerfile')

    LogEntryKind.create(name='org_create_team')
    LogEntryKind.create(name='org_delete_team')
    LogEntryKind.create(name='org_invite_team_member')
    LogEntryKind.create(name='org_delete_team_member_invite')
    LogEntryKind.create(name='org_add_team_member')
    LogEntryKind.create(name='org_team_member_invite_accepted')
    LogEntryKind.create(name='org_team_member_invite_declined')
    LogEntryKind.create(name='org_remove_team_member')
    LogEntryKind.create(name='org_set_team_description')
    LogEntryKind.create(name='org_set_team_role')

    LogEntryKind.create(name='create_prototype_permission')
    LogEntryKind.create(name='modify_prototype_permission')
    LogEntryKind.create(name='delete_prototype_permission')

    LogEntryKind.create(name='setup_repo_trigger')
    LogEntryKind.create(name='delete_repo_trigger')

    LogEntryKind.create(name='create_application')
    LogEntryKind.create(name='update_application')
    LogEntryKind.create(name='delete_application')
    LogEntryKind.create(name='reset_application_client_secret')

    # Note: These next two are deprecated.
    LogEntryKind.create(name='add_repo_webhook')
    LogEntryKind.create(name='delete_repo_webhook')

    LogEntryKind.create(name='add_repo_notification')
    LogEntryKind.create(name='delete_repo_notification')
    LogEntryKind.create(name='reset_repo_notification')

    LogEntryKind.create(name='regenerate_robot_token')

    LogEntryKind.create(name='repo_verb')

    LogEntryKind.create(name='repo_mirror_enabled')
    LogEntryKind.create(name='repo_mirror_disabled')
    LogEntryKind.create(name='repo_mirror_config_changed')
    LogEntryKind.create(name='repo_mirror_sync_started')
    LogEntryKind.create(name='repo_mirror_sync_failed')
    LogEntryKind.create(name='repo_mirror_sync_success')
    LogEntryKind.create(name='repo_mirror_sync_now_requested')
    LogEntryKind.create(name='repo_mirror_sync_tag_success')
    LogEntryKind.create(name='repo_mirror_sync_tag_failed')
    LogEntryKind.create(name='repo_mirror_sync_test_success')
    LogEntryKind.create(name='repo_mirror_sync_test_failed')
    LogEntryKind.create(name='repo_mirror_sync_test_started')

    LogEntryKind.create(name='service_key_create')
    LogEntryKind.create(name='service_key_approve')
    LogEntryKind.create(name='service_key_delete')
    LogEntryKind.create(name='service_key_modify')
    LogEntryKind.create(name='service_key_extend')
    LogEntryKind.create(name='service_key_rotate')

    LogEntryKind.create(name='take_ownership')

    LogEntryKind.create(name='manifest_label_add')
    LogEntryKind.create(name='manifest_label_delete')

    LogEntryKind.create(name='change_tag_expiration')
    LogEntryKind.create(name='toggle_repo_trigger')

    LogEntryKind.create(name='create_app_specific_token')
    LogEntryKind.create(name='revoke_app_specific_token')

    ImageStorageLocation.create(name='local_eu')
    ImageStorageLocation.create(name='local_us')

    ApprBlobPlacementLocation.create(name='local_eu')
    ApprBlobPlacementLocation.create(name='local_us')

    ImageStorageTransformation.create(name='squash')
    ImageStorageTransformation.create(name='aci')

    ImageStorageSignatureKind.create(name='gpg2')

    # NOTE: These MUST be copied over to NotificationKind, since every external
    # notification can also generate a Quay.io notification.
    ExternalNotificationEvent.create(name='repo_push')
    ExternalNotificationEvent.create(name='build_queued')
    ExternalNotificationEvent.create(name='build_start')
    ExternalNotificationEvent.create(name='build_success')
    ExternalNotificationEvent.create(name='build_cancelled')
    ExternalNotificationEvent.create(name='build_failure')
    ExternalNotificationEvent.create(name='vulnerability_found')

    ExternalNotificationEvent.create(name='repo_mirror_sync_started')
    ExternalNotificationEvent.create(name='repo_mirror_sync_success')
    ExternalNotificationEvent.create(name='repo_mirror_sync_failed')

    ExternalNotificationMethod.create(name='quay_notification')
    ExternalNotificationMethod.create(name='email')
    ExternalNotificationMethod.create(name='webhook')

    ExternalNotificationMethod.create(name='flowdock')
    ExternalNotificationMethod.create(name='hipchat')
    ExternalNotificationMethod.create(name='slack')

    NotificationKind.create(name='repo_push')
    NotificationKind.create(name='build_queued')
    NotificationKind.create(name='build_start')
    NotificationKind.create(name='build_success')
    NotificationKind.create(name='build_cancelled')
    NotificationKind.create(name='build_failure')
    NotificationKind.create(name='vulnerability_found')
    NotificationKind.create(name='service_key_submitted')

    NotificationKind.create(name='password_required')
    NotificationKind.create(name='over_private_usage')
    NotificationKind.create(name='expiring_license')
    NotificationKind.create(name='maintenance')
    NotificationKind.create(name='org_team_invite')

    NotificationKind.create(name='repo_mirror_sync_started')
    NotificationKind.create(name='repo_mirror_sync_success')
    NotificationKind.create(name='repo_mirror_sync_failed')

    NotificationKind.create(name='test_notification')

    QuayRegion.create(name='us')
    QuayService.create(name='quay')

    MediaType.create(name='text/plain')
    MediaType.create(name='application/json')
    MediaType.create(name='text/markdown')
    MediaType.create(name='application/vnd.cnr.blob.v0.tar+gzip')
    MediaType.create(name='application/vnd.cnr.package-manifest.helm.v0.json')
    MediaType.create(name='application/vnd.cnr.package-manifest.kpm.v0.json')
    MediaType.create(
        name='application/vnd.cnr.package-manifest.docker-compose.v0.json')
    MediaType.create(name='application/vnd.cnr.package.kpm.v0.tar+gzip')
    MediaType.create(name='application/vnd.cnr.package.helm.v0.tar+gzip')
    MediaType.create(
        name='application/vnd.cnr.package.docker-compose.v0.tar+gzip')
    MediaType.create(name='application/vnd.cnr.manifests.v0.json')
    MediaType.create(name='application/vnd.cnr.manifest.list.v0.json')

    for media_type in DOCKER_SCHEMA1_CONTENT_TYPES:
        MediaType.create(name=media_type)

    for media_type in DOCKER_SCHEMA2_CONTENT_TYPES:
        MediaType.create(name=media_type)

    LabelSourceType.create(name='manifest')
    LabelSourceType.create(name='api', mutable=True)
    LabelSourceType.create(name='internal')

    UserPromptKind.create(name='confirm_username')
    UserPromptKind.create(name='enter_name')
    UserPromptKind.create(name='enter_company')

    RepositoryKind.create(name='image')
    RepositoryKind.create(name='application')

    ApprTagKind.create(name='tag')
    ApprTagKind.create(name='release')
    ApprTagKind.create(name='channel')

    DisableReason.create(name='user_toggled')
    DisableReason.create(name='successive_build_failures')
    DisableReason.create(name='successive_build_internal_errors')

    TagKind.create(name='tag')