class GroupRoleBinding(BaseModelMixin):
__tablename__ = "group_role_binding"
__table_args__ = (db.UniqueConstraint('group_id',
'role_id',
name='unique_group_role'), )
group_id = db.Column(db.CHAR(128), nullable=False)
role_id = db.Column(db.Integer,
db.ForeignKey('role.id', ondelete='CASCADE'),
nullable=False)
def __str__(self):
return "GroupRoleBinding: {} -> {}".format(self.group_id,
self.role.name)
@classmethod
def create(cls, group_id, role):
gr = cls(group_id=group_id, role_id=role.id)
db.session.add(gr)
db.session.commit()
return gr
@classmethod
def get_roles_by_id(cls, group_id):
l = cls.query.filter_by(group_id=group_id)
return [binding.role for binding in l]
class UserRoleBinding(BaseModelMixin):
__tablename__ = "user_role_binding"
__table_args__ = (db.UniqueConstraint('username',
'role_id',
name='unique_user_role'), )
username = db.Column(db.CHAR(128), nullable=False)
role_id = db.Column(db.Integer,
db.ForeignKey('role.id', ondelete='CASCADE'),
nullable=False)
@classmethod
def create(cls, username, role):
ur = cls(username=username, role_id=role.id)
db.session.add(ur)
db.session.commit()
return ur
def __str__(self):
return "UserRoleBinding: {} -> {}".format(self.username, self.role)
@classmethod
def get_roles_by_name(cls, username):
l = cls.query.filter_by(username=username)
return [binding.role for binding in l]
SCALE = "scale"
STOP_CONTAINER = "stop_container"
ENTER_CONTAINER = "enter_container"
ADMIN = "admin"
KAE_ADMIN = "kae_admin"
_all_action_list = list(RBACAction)
_writer_action_list = _all_action_list[:-2]
role_app_association = db.Table(
'role_app_association',
db.Column('role_id',
db.Integer,
db.ForeignKey('role.id'),
primary_key=True),
db.Column('app_id', db.Integer, db.ForeignKey('app.id'), primary_key=True),
)
def check_rbac(actions, app=None, cluster=None, user=None):
"""
check if a user has the permission, cluster is optional argument,
:param actions:
:param app: if set to None, then this function will not check app
:param cluster: if set to None, then this function will not check cluster
:param user:
:return:
"""
import yaml
from sqlalchemy import event, DDL
from sqlalchemy.exc import IntegrityError
from flask import g
from sqlalchemy.orm.exc import StaleDataError
from werkzeug.utils import cached_property
from console.ext import db
from console.models.base import BaseModelMixin
from kaelib.spec import load_job_specs
from console.libs.utils import logger
job_user_association = db.Table(
'job_user_association',
db.Column('job_id', db.Integer, db.ForeignKey('job.id'), primary_key=True),
db.Column('user_id',
db.Integer,
db.ForeignKey('user.id'),
primary_key=True))
class Job(BaseModelMixin):
__tablename__ = "job"
name = db.Column(db.CHAR(64), nullable=False, unique=True)
git = db.Column(db.String(255), nullable=False, default='')
branch = db.Column(db.String(255), nullable=False, default='')
commit = db.Column(db.String(255), nullable=False, default='')
specs_text = db.Column(db.Text)