def create_feeders(user): values = flask.request.json check_json_is_valid(create_feeder_schema, values) values.update(v1_utils.common_values_dict()) if user.is_not_epm() and user.is_not_super_admin(): raise dci_exc.Unauthorized() values.update({ # XXX(fc): this should be populated as a default value from the # model, but we don't return values from the database :( 'api_secret': signature.gen_secret(), 'data': values.get('data', {}), }) query = _TABLE.insert().values(**values) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(_TABLE.name, 'name') return flask.Response(json.dumps({'feeder': values}), 201, headers={'ETag': values['etag']}, content_type='application/json')
def authenticate(self): auth_header = self.request.headers.get('Authorization').split(' ') if len(auth_header) != 2: return False bearer, token = auth_header conf = dci_config.CONFIG try: decoded_token = auth.decode_jwt(token, conf['SSO_PUBLIC_KEY'], conf['SSO_CLIENT_ID']) except (jwt_exc.DecodeError, ValueError): decoded_token = sso.decode_token_with_latest_public_key(token) except jwt_exc.ExpiredSignatureError: raise dci_exc.DCIException('JWT token expired, please refresh.', status_code=401) team_id = None ro_group = conf['SSO_READ_ONLY_GROUP'] realm_access = decoded_token['realm_access'] if 'roles' in realm_access and ro_group in realm_access['roles']: team_id = flask.g.team_redhat_id user_info = self._get_user_info(decoded_token, team_id) try: self.identity = self._get_or_create_user(user_info) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(models.USERS.name, 'username') return True
def create_feeders(user): values = v1_utils.common_values_dict(user) values.update(schemas.feeder.post(flask.request.json)) if not user.is_in_team(values['team_id']): raise auth.UNAUTHORIZED values.update({ # XXX(fc): this should be populated as a default value from the # model, but we don't return values from the database :( 'api_secret': signature.gen_secret(), 'role_id': auth.get_role_id('FEEDER'), 'data': values.get('data', {}), }) query = _TABLE.insert().values(**values) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(_TABLE.name, 'name') return flask.Response(json.dumps({'feeder': values}), 201, headers={'ETag': values['etag']}, content_type='application/json')
def attach_issue(resource_id, table, user_id): data = flask.request.json check_json_is_valid(issue_schema, data) issue = _get_or_create_issue(data) # Second, insert a join record in the JOIN_JOBS_ISSUES or # JOIN_COMPONENTS_ISSUES database. if table.name == 'jobs': join_table = models.JOIN_JOBS_ISSUES else: join_table = models.JOIN_COMPONENTS_ISSUES key = '%s_id' % table.name[0:-1] query = join_table.insert().values({ 'user_id': user_id, 'issue_id': issue['id'], key: resource_id }) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(join_table.name, '%s, issue_id' % key) result = json.dumps({'issue': dict(issue)}) return flask.Response(result, 201, content_type='application/json')
def create_users(user): values = v1_utils.common_values_dict(user) values.update(schemas.user.post(flask.request.json)) if not (auth.is_admin(user) or auth.is_admin_user(user, values['team_id'])): raise auth.UNAUTHORIZED role_id = values.get('role_id', auth.get_role_id('USER')) if not auth.is_admin(user) and role_id == auth.get_role_id('SUPER_ADMIN'): raise auth.UNAUTHORIZED values.update({ 'password': auth.hash_password(values.get('password')), 'role_id': role_id }) query = _TABLE.insert().values(**values) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(_TABLE.name, 'name') # remove the password in the result for security reasons del values['password'] return flask.Response(json.dumps({'user': values}), 201, headers={'ETag': values['etag']}, content_type='application/json')
def delete_tag_from_job(user, job_id, tag_id): """Delete a tag from a job.""" _JJT = models.JOIN_JOBS_TAGS job = v1_utils.verify_existence_and_get(job_id, _TABLE) if user.is_not_in_team(job['team_id']) and user.is_not_epm(): raise dci_exc.Unauthorized() tag = v1_utils.verify_existence_and_get(tag_id, models.TAGS) tag_name = tag['name'] with flask.g.db_conn.begin(): query = _JJT.delete().where( sql.and_(_JJT.c.tag_id == tag_id, _JJT.c.job_id == job_id)) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict('tag', 'tag_id') # update the job tag field job_values = {} job_values['etag'] = utils.gen_etag() tag_name = [tag_name] if tag_name else [] job_values['tag'] = list(set(job['tag']) - set(tag_name)) query = _TABLE.update().where(_TABLE.c.id == job_id).values( **job_values) result = flask.g.db_conn.execute(query) if not result.rowcount: raise dci_exc.DCIConflict('Job', job_id) return flask.Response(None, 204, content_type='application/json')
def create_remotecis(user): values = v1_utils.common_values_dict(user) values.update(schemas.remoteci.post(flask.request.json)) # If it's not a super admin nor belongs to the same team_id if not (auth.is_admin(user) or auth.is_in_team(user, values.get('team_id'))): raise auth.UNAUTHORIZED values.update({ 'data': values.get('data', {}), # XXX(fc): this should be populated as a default value from the # model, but we don't return values from the database :( 'api_secret': signature.gen_secret(), }) query = _TABLE.insert().values(**values) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(_TABLE.name, 'name') return flask.Response(json.dumps({'remoteci': values}), 201, headers={'ETag': values['etag']}, content_type='application/json')
def create_topics(user): values = flask.request.json check_json_is_valid(create_topic_schema, values) values.update(v1_utils.common_values_dict()) if user.is_not_super_admin() and user.is_not_epm() and user.is_not_feeder( ): # noqa raise dci_exc.Unauthorized() # todo(yassine): enabled when client updated. # if values['component_types'] == []: # raise dci_exc.DCIException('component_types should not be void') query = _TABLE.insert().values(**values) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(_TABLE.name, 'name') result = json.dumps({'topic': values}) return flask.Response(result, 201, headers={'ETag': values['etag']}, content_type='application/json')
def add_team_to_topic(user, topic_id): # TODO(yassine): use voluptuous schema data_json = flask.request.json team_id = data_json.get('team_id') topic = v1_utils.verify_existence_and_get(topic_id, _TABLE) team_id = v1_utils.verify_existence_and_get(team_id, models.TEAMS, get_id=True) if not user.is_super_admin() and \ not (user.is_team_product_owner(team_id) and user.product_id == topic['product_id']): raise auth.UNAUTHORIZED values = {'topic_id': topic['id'], 'team_id': team_id} query = models.JOINS_TOPICS_TEAMS.insert().values(**values) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(models.JOINS_TOPICS_TEAMS.name, 'team_id, topic_id') result = json.dumps(values) return flask.Response(result, 201, content_type='application/json')
def create_users(user): values = flask.request.json check_json_is_valid(create_user_schema, values) values.update(v1_utils.common_values_dict()) if user.is_not_super_admin(): raise dci_exc.Unauthorized() values.update({ 'password': auth.hash_password(values.get('password')), 'fullname': values.get('fullname', values['name']), 'timezone': values.get('timezone', 'UTC'), 'sso_username': None }) query = _TABLE.insert().values(**values) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(_TABLE.name, 'name') # remove the password in the result for security reasons del values['password'] return flask.Response(json.dumps({'user': values}), 201, headers={'ETag': values['etag']}, content_type='application/json')
def attach_issue(resource_id, table, user_id): """Attach an issue to a specific job.""" values = schemas.issue.post(flask.request.json) if 'github.com' in values['url']: type = 'github' else: type = 'bugzilla' issue_id = utils.gen_uuid() values.update({ 'id': issue_id, 'created_at': datetime.datetime.utcnow().isoformat(), 'tracker': type, }) # First, insert the issue if it doesn't already exist # in the issues table. If it already exists, ignore the # exceptions, and keep proceeding. query = _TABLE.insert().values(**values) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: # It is not a real failure it the issue have been tried # to inserted a second time. As long as it is once, we are # good to proceed query = (sql.select([_TABLE]).where(_TABLE.c.url == values['url'])) rows = list(flask.g.db_conn.execute(query)) issue_id = rows[0][0] # the 'id' field of the issues table. # Second, insert a join record in the JOIN_JOBS_ISSUES or # JOIN_COMPONENTS_ISSUES database. if table.name == 'jobs': join_table = models.JOIN_JOBS_ISSUES else: join_table = models.JOIN_COMPONENTS_ISSUES key = '%s_id' % table.name[0:-1] query = join_table.insert().values({ 'user_id': user_id, 'issue_id': issue_id, key: resource_id }) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(join_table.name, '%s, issue_id' % key) result = json.dumps({'issue': values}) return flask.Response(result, 201, content_type='application/json')
def add_test_to_remoteci(user, r_id): data_json = flask.request.json values = {'remoteci_id': r_id, 'test_id': data_json.get('test_id', None)} v1_utils.verify_existence_and_get(r_id, _TABLE) query = models.JOIN_REMOTECIS_TESTS.insert().values(**values) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(_TABLE.name, 'remoteci_id, test_id') result = json.dumps(values) return flask.Response(result, 201, content_type='application/json')
def delete_tag_for_component(user, c_id, tag_id): """Delete a tag on a specific component.""" # Todo : check c_id and tag_id exist in db query = _TABLE_TAGS.delete().where(_TABLE_TAGS.c.tag_id == tag_id and _TABLE_TAGS.c.component_id == c_id) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(_TABLE_TAGS.c.tag_id, 'tag_id') return flask.Response(None, 204, content_type='application/json')
def create_tests(user): values = v1_utils.common_values_dict(user) values.update(schemas.test.post(flask.request.json)) query = _TABLE.insert().values(**values) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(_TABLE.name, 'name') return flask.Response(json.dumps({'test': values}), 201, content_type='application/json')
def add_test_to_topic(user, topic_id): if not auth.is_admin(user): raise auth.UNAUTHORIZED data_json = flask.request.json values = {'topic_id': topic_id, 'test_id': data_json.get('test_id', None)} v1_utils.verify_existence_and_get(topic_id, _TABLE) query = models.JOIN_TOPICS_TESTS.insert().values(**values) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(_TABLE.name, 'topic_id, test_id') result = json.dumps(values) return flask.Response(result, 201, content_type='application/json')
def create_components(user): if not auth.is_admin(user): raise auth.UNAUTHORIZED values = v1_utils.common_values_dict(user) values.update(schemas.component.post(flask.request.json)) query = _TABLE.insert().values(**values) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(_TABLE.name, 'name') result = json.dumps({'component': values}) return flask.Response(result, 201, content_type='application/json')
def add_user_to_remoteci(user, r_id): remoteci = v1_utils.verify_existence_and_get(r_id, _TABLE) if user.is_not_in_team(remoteci['team_id']) and user.is_not_epm(): raise dci_exc.Unauthorized() query = models.JOIN_USER_REMOTECIS.insert().values({ 'user_id': user.id, 'remoteci_id': r_id }) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(_TABLE.name, 'remoteci_id, user_id') result = json.dumps({'user_id': user.id, 'remoteci_id': r_id}) return flask.Response(result, 201, content_type='application/json')
def create_components(user): values = flask.request.json check_json_is_valid(create_component_schema, values) values.update(v1_utils.common_values_dict()) if str(values['topic_id']) not in v1_utils.user_topic_ids(user): raise dci_exc.Unauthorized() query = _TABLE.insert().values(**values) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(_TABLE.name, 'name') result = json.dumps({'component': values}) return flask.Response(result, 201, content_type='application/json')
def add_permission_to_role(user, role_id): data_json = flask.request.json values = { 'role_id': role_id, 'permission_id': data_json.get('permission_id') } v1_utils.verify_existence_and_get(role_id, _TABLE) query = models.JOIN_ROLES_PERMISSIONS.insert().values(**values) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(_TABLE.name, 'role_id, permission_id') result = json.dumps(values) return flask.Response(result, 201, content_type='application/json')
def create_roles(user): values = v1_utils.common_values_dict(user) values.update(schemas.role.post(flask.request.json)) if not values['label']: values.update({'label': values['name'].upper()}) query = _TABLE.insert().values(**values) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(_TABLE.name, 'name') return flask.Response(json.dumps({'role': values}), 201, headers={'ETag': values['etag']}, content_type='application/json')
def create_teams(user): values = v1_utils.common_values_dict(user) values.update(schemas.team.post(flask.request.json)) if not auth.is_admin(user): raise auth.UNAUTHORIZED query = _TABLE.insert().values(**values) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(_TABLE.name, 'name') return flask.Response(json.dumps({'team': values}), 201, headers={'ETag': values['etag']}, content_type='application/json')
def delete_tag_from_job(user, job_id, tag_id): """Delete a tag from a job.""" _JJT = models.JOIN_JOBS_TAGS job = v1_utils.verify_existence_and_get(job_id, _TABLE) if user.is_not_in_team(job['team_id']) and user.is_not_epm(): raise dci_exc.Unauthorized() v1_utils.verify_existence_and_get(tag_id, models.TAGS) query = _JJT.delete().where( sql.and_(_JJT.c.tag_id == tag_id, _JJT.c.job_id == job_id)) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict('tag', 'tag_id') return flask.Response(None, 204, content_type='application/json')
def create_tests(user): values = flask.request.json check_json_is_valid(create_test_schema, values) values.update(v1_utils.common_values_dict()) # todo: remove team_id if 'team_id' in values: del values['team_id'] query = _TABLE.insert().values(**values) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(_TABLE.name, 'name') return flask.Response(json.dumps({'test': values}), 201, content_type='application/json')
def create_teams(user): values = v1_utils.common_values_dict(user) values.update(schemas.team.post(flask.request.json)) if not values['parent_id'] or \ (user.is_product_owner() and values['parent_id'] != user.team_id): values['parent_id'] = user.team_id query = _TABLE.insert().values(**values) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(_TABLE.name, 'name') return flask.Response( json.dumps({'team': values}), 201, headers={'ETag': values['etag']}, content_type='application/json' )
def create_teams(user): values = flask.request.json check_json_is_valid(create_team_schema, values) values.update(v1_utils.common_values_dict()) if user.is_not_super_admin() and user.is_not_epm(): raise dci_exc.Unauthorized() query = _TABLE.insert().values(**values) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(_TABLE.name, 'name') return flask.Response( json.dumps({'team': values}), 201, headers={'ETag': values['etag']}, content_type='application/json' )
def _create_user_and_get(self, decoded_token): """Create the user according to the token, this function assume that the token has been verified.""" user_values = { 'role_id': auth.get_role_id('USER'), 'name': decoded_token.get('username'), 'fullname': decoded_token.get('username'), 'sso_username': decoded_token.get('username'), 'team_id': None, 'email': decoded_token.get('email'), 'timezone': 'UTC', } query = models.USERS.insert().values(user_values) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(models.USERS.name, 'username') return self._get_user_from_sso_username(decoded_token.get('username'))
def create_topics(user): values = v1_utils.common_values_dict(user) values.update(schemas.topic.post(flask.request.json)) if not user.is_super_admin() and \ not ((user.is_product_owner() or user.is_feeder()) and user.product_id == values['product_id']): raise auth.UNAUTHORIZED # todo(yassine): enabled when client updated. # if values['component_types'] == []: # raise dci_exc.DCIException('component_types should not be void') query = _TABLE.insert().values(**values) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(_TABLE.name, 'name') result = json.dumps({'topic': values}) return flask.Response(result, 201, headers={'ETag': values['etag']}, content_type='application/json')
def add_team_to_product(user, product_id): values = flask.request.json check_json_is_valid(add_team_to_product_schema, values) team_id = values.get('team_id') product = v1_utils.verify_existence_and_get(product_id, _TABLE) team_id = v1_utils.verify_existence_and_get(team_id, models.TEAMS, get_id=True) if user.is_not_super_admin() and user.is_not_epm(): raise dci_exc.Unauthorized() values = {'product_id': product['id'], 'team_id': team_id} query = models.JOIN_PRODUCTS_TEAMS.insert().values(**values) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(models.JOIN_PRODUCTS_TEAMS.name, 'product_id', 'team_id') result = json.dumps(values) return flask.Response(result, 201, content_type='application/json')
def add_user_to_remoteci(user, r_id): values = schemas.remoteci_user.post(flask.request.json) values['remoteci_id'] = r_id remoteci = v1_utils.verify_existence_and_get(r_id, _TABLE) user_to_attach = v1_utils.verify_existence_and_get(values['user_id'], models.USERS) if values['user_id'] != user['id'] and \ not user.is_in_team(remoteci['team_id']) and \ user.is_regular_user(): raise auth.UNAUTHORIZED if user_to_attach['team_id'] != remoteci['team_id']: raise auth.UNAUTHORIZED query = models.JOIN_USER_REMOTECIS.insert().values(**values) try: flask.g.db_conn.execute(query) except sa_exc.IntegrityError: raise dci_exc.DCICreationConflict(_TABLE.name, 'remoteci_id, user_id') result = json.dumps(values) return flask.Response(result, 201, content_type='application/json')