def create_feeders(user):
values = flask.request.json
check_json_is_valid(create_feeder_schema, values)
values.update(v1_utils.common_values_dict())
if user.is_not_epm() and user.is_not_super_admin():
raise dci_exc.Unauthorized()
values.update({
# XXX(fc): this should be populated as a default value from the
# model, but we don't return values from the database :(
'api_secret': signature.gen_secret(),
'data': values.get('data', {}),
})
query = _TABLE.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(_TABLE.name, 'name')
return flask.Response(json.dumps({'feeder': values}),
201,
headers={'ETag': values['etag']},
content_type='application/json')
def authenticate(self):
auth_header = self.request.headers.get('Authorization').split(' ')
if len(auth_header) != 2:
return False
bearer, token = auth_header
conf = dci_config.CONFIG
try:
decoded_token = auth.decode_jwt(token, conf['SSO_PUBLIC_KEY'],
conf['SSO_CLIENT_ID'])
except (jwt_exc.DecodeError, ValueError):
decoded_token = sso.decode_token_with_latest_public_key(token)
except jwt_exc.ExpiredSignatureError:
raise dci_exc.DCIException('JWT token expired, please refresh.',
status_code=401)
team_id = None
ro_group = conf['SSO_READ_ONLY_GROUP']
realm_access = decoded_token['realm_access']
if 'roles' in realm_access and ro_group in realm_access['roles']:
team_id = flask.g.team_redhat_id
user_info = self._get_user_info(decoded_token, team_id)
try:
self.identity = self._get_or_create_user(user_info)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(models.USERS.name, 'username')
return True
def create_feeders(user):
values = v1_utils.common_values_dict(user)
values.update(schemas.feeder.post(flask.request.json))
if not user.is_in_team(values['team_id']):
raise auth.UNAUTHORIZED
values.update({
# XXX(fc): this should be populated as a default value from the
# model, but we don't return values from the database :(
'api_secret': signature.gen_secret(),
'role_id': auth.get_role_id('FEEDER'),
'data': values.get('data', {}),
})
query = _TABLE.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(_TABLE.name, 'name')
return flask.Response(json.dumps({'feeder': values}),
201,
headers={'ETag': values['etag']},
content_type='application/json')
def attach_issue(resource_id, table, user_id):
data = flask.request.json
check_json_is_valid(issue_schema, data)
issue = _get_or_create_issue(data)
# Second, insert a join record in the JOIN_JOBS_ISSUES or
# JOIN_COMPONENTS_ISSUES database.
if table.name == 'jobs':
join_table = models.JOIN_JOBS_ISSUES
else:
join_table = models.JOIN_COMPONENTS_ISSUES
key = '%s_id' % table.name[0:-1]
query = join_table.insert().values({
'user_id': user_id,
'issue_id': issue['id'],
key: resource_id
})
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(join_table.name,
'%s, issue_id' % key)
result = json.dumps({'issue': dict(issue)})
return flask.Response(result, 201, content_type='application/json')
def create_users(user):
values = v1_utils.common_values_dict(user)
values.update(schemas.user.post(flask.request.json))
if not (auth.is_admin(user)
or auth.is_admin_user(user, values['team_id'])):
raise auth.UNAUTHORIZED
role_id = values.get('role_id', auth.get_role_id('USER'))
if not auth.is_admin(user) and role_id == auth.get_role_id('SUPER_ADMIN'):
raise auth.UNAUTHORIZED
values.update({
'password': auth.hash_password(values.get('password')),
'role_id': role_id
})
query = _TABLE.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(_TABLE.name, 'name')
# remove the password in the result for security reasons
del values['password']
return flask.Response(json.dumps({'user': values}),
201,
headers={'ETag': values['etag']},
content_type='application/json')
def delete_tag_from_job(user, job_id, tag_id):
"""Delete a tag from a job."""
_JJT = models.JOIN_JOBS_TAGS
job = v1_utils.verify_existence_and_get(job_id, _TABLE)
if user.is_not_in_team(job['team_id']) and user.is_not_epm():
raise dci_exc.Unauthorized()
tag = v1_utils.verify_existence_and_get(tag_id, models.TAGS)
tag_name = tag['name']
with flask.g.db_conn.begin():
query = _JJT.delete().where(
sql.and_(_JJT.c.tag_id == tag_id, _JJT.c.job_id == job_id))
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict('tag', 'tag_id')
# update the job tag field
job_values = {}
job_values['etag'] = utils.gen_etag()
tag_name = [tag_name] if tag_name else []
job_values['tag'] = list(set(job['tag']) - set(tag_name))
query = _TABLE.update().where(_TABLE.c.id == job_id).values(
**job_values)
result = flask.g.db_conn.execute(query)
if not result.rowcount:
raise dci_exc.DCIConflict('Job', job_id)
return flask.Response(None, 204, content_type='application/json')
def create_remotecis(user):
values = v1_utils.common_values_dict(user)
values.update(schemas.remoteci.post(flask.request.json))
# If it's not a super admin nor belongs to the same team_id
if not (auth.is_admin(user)
or auth.is_in_team(user, values.get('team_id'))):
raise auth.UNAUTHORIZED
values.update({
'data': values.get('data', {}),
# XXX(fc): this should be populated as a default value from the
# model, but we don't return values from the database :(
'api_secret': signature.gen_secret(),
})
query = _TABLE.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(_TABLE.name, 'name')
return flask.Response(json.dumps({'remoteci': values}),
201,
headers={'ETag': values['etag']},
content_type='application/json')
def create_topics(user):
values = flask.request.json
check_json_is_valid(create_topic_schema, values)
values.update(v1_utils.common_values_dict())
if user.is_not_super_admin() and user.is_not_epm() and user.is_not_feeder(
): # noqa
raise dci_exc.Unauthorized()
# todo(yassine): enabled when client updated.
# if values['component_types'] == []:
# raise dci_exc.DCIException('component_types should not be void')
query = _TABLE.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(_TABLE.name, 'name')
result = json.dumps({'topic': values})
return flask.Response(result,
201,
headers={'ETag': values['etag']},
content_type='application/json')
def add_team_to_topic(user, topic_id):
# TODO(yassine): use voluptuous schema
data_json = flask.request.json
team_id = data_json.get('team_id')
topic = v1_utils.verify_existence_and_get(topic_id, _TABLE)
team_id = v1_utils.verify_existence_and_get(team_id, models.TEAMS,
get_id=True)
if not user.is_super_admin() and \
not (user.is_team_product_owner(team_id) and
user.product_id == topic['product_id']):
raise auth.UNAUTHORIZED
values = {'topic_id': topic['id'],
'team_id': team_id}
query = models.JOINS_TOPICS_TEAMS.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(models.JOINS_TOPICS_TEAMS.name,
'team_id, topic_id')
result = json.dumps(values)
return flask.Response(result, 201, content_type='application/json')
def create_users(user):
values = flask.request.json
check_json_is_valid(create_user_schema, values)
values.update(v1_utils.common_values_dict())
if user.is_not_super_admin():
raise dci_exc.Unauthorized()
values.update({
'password': auth.hash_password(values.get('password')),
'fullname': values.get('fullname', values['name']),
'timezone': values.get('timezone', 'UTC'),
'sso_username': None
})
query = _TABLE.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(_TABLE.name, 'name')
# remove the password in the result for security reasons
del values['password']
return flask.Response(json.dumps({'user': values}),
201,
headers={'ETag': values['etag']},
content_type='application/json')
def attach_issue(resource_id, table, user_id):
"""Attach an issue to a specific job."""
values = schemas.issue.post(flask.request.json)
if 'github.com' in values['url']:
type = 'github'
else:
type = 'bugzilla'
issue_id = utils.gen_uuid()
values.update({
'id': issue_id,
'created_at': datetime.datetime.utcnow().isoformat(),
'tracker': type,
})
# First, insert the issue if it doesn't already exist
# in the issues table. If it already exists, ignore the
# exceptions, and keep proceeding.
query = _TABLE.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
# It is not a real failure it the issue have been tried
# to inserted a second time. As long as it is once, we are
# good to proceed
query = (sql.select([_TABLE]).where(_TABLE.c.url == values['url']))
rows = list(flask.g.db_conn.execute(query))
issue_id = rows[0][0] # the 'id' field of the issues table.
# Second, insert a join record in the JOIN_JOBS_ISSUES or
# JOIN_COMPONENTS_ISSUES database.
if table.name == 'jobs':
join_table = models.JOIN_JOBS_ISSUES
else:
join_table = models.JOIN_COMPONENTS_ISSUES
key = '%s_id' % table.name[0:-1]
query = join_table.insert().values({
'user_id': user_id,
'issue_id': issue_id,
key: resource_id
})
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(join_table.name,
'%s, issue_id' % key)
result = json.dumps({'issue': values})
return flask.Response(result, 201, content_type='application/json')
def add_test_to_remoteci(user, r_id):
data_json = flask.request.json
values = {'remoteci_id': r_id, 'test_id': data_json.get('test_id', None)}
v1_utils.verify_existence_and_get(r_id, _TABLE)
query = models.JOIN_REMOTECIS_TESTS.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(_TABLE.name, 'remoteci_id, test_id')
result = json.dumps(values)
return flask.Response(result, 201, content_type='application/json')
def delete_tag_for_component(user, c_id, tag_id):
"""Delete a tag on a specific component."""
# Todo : check c_id and tag_id exist in db
query = _TABLE_TAGS.delete().where(_TABLE_TAGS.c.tag_id == tag_id and
_TABLE_TAGS.c.component_id == c_id)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(_TABLE_TAGS.c.tag_id, 'tag_id')
return flask.Response(None, 204, content_type='application/json')
def create_tests(user):
values = v1_utils.common_values_dict(user)
values.update(schemas.test.post(flask.request.json))
query = _TABLE.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(_TABLE.name, 'name')
return flask.Response(json.dumps({'test': values}),
201,
content_type='application/json')
def add_test_to_topic(user, topic_id):
if not auth.is_admin(user):
raise auth.UNAUTHORIZED
data_json = flask.request.json
values = {'topic_id': topic_id, 'test_id': data_json.get('test_id', None)}
v1_utils.verify_existence_and_get(topic_id, _TABLE)
query = models.JOIN_TOPICS_TESTS.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(_TABLE.name, 'topic_id, test_id')
result = json.dumps(values)
return flask.Response(result, 201, content_type='application/json')
def create_components(user):
if not auth.is_admin(user):
raise auth.UNAUTHORIZED
values = v1_utils.common_values_dict(user)
values.update(schemas.component.post(flask.request.json))
query = _TABLE.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(_TABLE.name, 'name')
result = json.dumps({'component': values})
return flask.Response(result, 201, content_type='application/json')
def add_user_to_remoteci(user, r_id):
remoteci = v1_utils.verify_existence_and_get(r_id, _TABLE)
if user.is_not_in_team(remoteci['team_id']) and user.is_not_epm():
raise dci_exc.Unauthorized()
query = models.JOIN_USER_REMOTECIS.insert().values({
'user_id': user.id,
'remoteci_id': r_id
})
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(_TABLE.name, 'remoteci_id, user_id')
result = json.dumps({'user_id': user.id, 'remoteci_id': r_id})
return flask.Response(result, 201, content_type='application/json')
def create_components(user):
values = flask.request.json
check_json_is_valid(create_component_schema, values)
values.update(v1_utils.common_values_dict())
if str(values['topic_id']) not in v1_utils.user_topic_ids(user):
raise dci_exc.Unauthorized()
query = _TABLE.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(_TABLE.name, 'name')
result = json.dumps({'component': values})
return flask.Response(result, 201, content_type='application/json')
def add_permission_to_role(user, role_id):
data_json = flask.request.json
values = {
'role_id': role_id,
'permission_id': data_json.get('permission_id')
}
v1_utils.verify_existence_and_get(role_id, _TABLE)
query = models.JOIN_ROLES_PERMISSIONS.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(_TABLE.name,
'role_id, permission_id')
result = json.dumps(values)
return flask.Response(result, 201, content_type='application/json')
def create_roles(user):
values = v1_utils.common_values_dict(user)
values.update(schemas.role.post(flask.request.json))
if not values['label']:
values.update({'label': values['name'].upper()})
query = _TABLE.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(_TABLE.name, 'name')
return flask.Response(json.dumps({'role': values}),
201,
headers={'ETag': values['etag']},
content_type='application/json')
def create_teams(user):
values = v1_utils.common_values_dict(user)
values.update(schemas.team.post(flask.request.json))
if not auth.is_admin(user):
raise auth.UNAUTHORIZED
query = _TABLE.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(_TABLE.name, 'name')
return flask.Response(json.dumps({'team': values}),
201,
headers={'ETag': values['etag']},
content_type='application/json')
def delete_tag_from_job(user, job_id, tag_id):
"""Delete a tag from a job."""
_JJT = models.JOIN_JOBS_TAGS
job = v1_utils.verify_existence_and_get(job_id, _TABLE)
if user.is_not_in_team(job['team_id']) and user.is_not_epm():
raise dci_exc.Unauthorized()
v1_utils.verify_existence_and_get(tag_id, models.TAGS)
query = _JJT.delete().where(
sql.and_(_JJT.c.tag_id == tag_id, _JJT.c.job_id == job_id))
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict('tag', 'tag_id')
return flask.Response(None, 204, content_type='application/json')
def create_tests(user):
values = flask.request.json
check_json_is_valid(create_test_schema, values)
values.update(v1_utils.common_values_dict())
# todo: remove team_id
if 'team_id' in values:
del values['team_id']
query = _TABLE.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(_TABLE.name, 'name')
return flask.Response(json.dumps({'test': values}),
201,
content_type='application/json')
def create_teams(user):
values = v1_utils.common_values_dict(user)
values.update(schemas.team.post(flask.request.json))
if not values['parent_id'] or \
(user.is_product_owner() and values['parent_id'] != user.team_id):
values['parent_id'] = user.team_id
query = _TABLE.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(_TABLE.name, 'name')
return flask.Response(
json.dumps({'team': values}), 201,
headers={'ETag': values['etag']}, content_type='application/json'
)
def create_teams(user):
values = flask.request.json
check_json_is_valid(create_team_schema, values)
values.update(v1_utils.common_values_dict())
if user.is_not_super_admin() and user.is_not_epm():
raise dci_exc.Unauthorized()
query = _TABLE.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(_TABLE.name, 'name')
return flask.Response(
json.dumps({'team': values}), 201,
headers={'ETag': values['etag']}, content_type='application/json'
)
def _create_user_and_get(self, decoded_token):
"""Create the user according to the token, this function assume that
the token has been verified."""
user_values = {
'role_id': auth.get_role_id('USER'),
'name': decoded_token.get('username'),
'fullname': decoded_token.get('username'),
'sso_username': decoded_token.get('username'),
'team_id': None,
'email': decoded_token.get('email'),
'timezone': 'UTC',
}
query = models.USERS.insert().values(user_values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(models.USERS.name, 'username')
return self._get_user_from_sso_username(decoded_token.get('username'))
def create_topics(user):
values = v1_utils.common_values_dict(user)
values.update(schemas.topic.post(flask.request.json))
if not user.is_super_admin() and \
not ((user.is_product_owner() or user.is_feeder()) and
user.product_id == values['product_id']):
raise auth.UNAUTHORIZED
# todo(yassine): enabled when client updated.
# if values['component_types'] == []:
# raise dci_exc.DCIException('component_types should not be void')
query = _TABLE.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(_TABLE.name, 'name')
result = json.dumps({'topic': values})
return flask.Response(result, 201, headers={'ETag': values['etag']},
content_type='application/json')
def add_team_to_product(user, product_id):
values = flask.request.json
check_json_is_valid(add_team_to_product_schema, values)
team_id = values.get('team_id')
product = v1_utils.verify_existence_and_get(product_id, _TABLE)
team_id = v1_utils.verify_existence_and_get(team_id,
models.TEAMS,
get_id=True)
if user.is_not_super_admin() and user.is_not_epm():
raise dci_exc.Unauthorized()
values = {'product_id': product['id'], 'team_id': team_id}
query = models.JOIN_PRODUCTS_TEAMS.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(models.JOIN_PRODUCTS_TEAMS.name,
'product_id', 'team_id')
result = json.dumps(values)
return flask.Response(result, 201, content_type='application/json')
def add_user_to_remoteci(user, r_id):
values = schemas.remoteci_user.post(flask.request.json)
values['remoteci_id'] = r_id
remoteci = v1_utils.verify_existence_and_get(r_id, _TABLE)
user_to_attach = v1_utils.verify_existence_and_get(values['user_id'],
models.USERS)
if values['user_id'] != user['id'] and \
not user.is_in_team(remoteci['team_id']) and \
user.is_regular_user():
raise auth.UNAUTHORIZED
if user_to_attach['team_id'] != remoteci['team_id']:
raise auth.UNAUTHORIZED
query = models.JOIN_USER_REMOTECIS.insert().values(**values)
try:
flask.g.db_conn.execute(query)
except sa_exc.IntegrityError:
raise dci_exc.DCICreationConflict(_TABLE.name,
'remoteci_id, user_id')
result = json.dumps(values)
return flask.Response(result, 201, content_type='application/json')
