def create_awg_user(users, db_session):
s = db_session
for username in list(users.keys()):
user = query_for_user(session=s, username=username)
if not user:
user = User(username=username)
s.add(user)
projects = {}
for project_data in users[username]["projects"]:
auth_id = project_data["auth_id"]
p_name = project_data.get("name", auth_id)
project = s.query(Project).filter(Project.auth_id == auth_id).first()
if not project:
project = Project(name=p_name, auth_id=auth_id)
s.add(project)
projects[p_name] = project
groups = users[username].get("groups", [])
for group in groups:
group_name = group["name"]
group_desc = group["description"]
grp = s.query(Group).filter(Group.name == group_name).first()
if not grp:
grp = Group()
grp.name = group_name
grp.description = group_desc
s.add(grp)
s.flush()
UserToGroup(group=grp, user=user)
for projectname in group["projects"]:
gap = (
s.query(AccessPrivilege)
.join(AccessPrivilege.project)
.join(AccessPrivilege.group)
.filter(Project.name == projectname, Group.name == group_name)
.first()
)
if not gap:
project = projects[projectname]
gap = AccessPrivilege(project_id=project.id, group_id=grp.id)
s.add(gap)
s.flush()
ap = (
s.query(AccessPrivilege)
.join(AccessPrivilege.project)
.join(AccessPrivilege.user)
.filter(Project.name == projectname, User.username == user.username)
.first()
)
privilege = {"read"}
if not ap:
project = projects[projectname]
ap = AccessPrivilege(
project=project, user=user, privilege=privilege
)
s.add(ap)
s.flush()
return user.id, user.username
def create_user(users, db_session, is_admin=False):
s = db_session
for username in list(users.keys()):
user = query_for_user(session=s, username=username)
if not user:
user = User(username=username, is_admin=is_admin)
s.add(user)
for project_data in users[username]["projects"]:
privilege = project_data["privilege"]
auth_id = project_data["auth_id"]
p_name = project_data.get("name", auth_id)
project = s.query(Project).filter(
Project.auth_id == auth_id).first()
if not project:
project = Project(name=p_name, auth_id=auth_id)
s.add(project)
ap = (s.query(AccessPrivilege).join(
AccessPrivilege.project).join(AccessPrivilege.user).filter(
Project.name == p_name,
User.username == user.username).first())
if not ap:
ap = AccessPrivilege(project=project,
user=user,
privilege=privilege)
s.add(ap)
else:
ap.privilege = privilege
return user.id, user.username
def create_awg_groups(data, db_session):
s = db_session
projects = {}
for project_data in data["projects"]:
auth_id = project_data["auth_id"]
p_name = project_data.get("name", auth_id)
project = s.query(Project).filter(Project.auth_id == auth_id).first()
if not project:
project = Project(name=p_name, auth_id=auth_id)
s.add(project)
projects[p_name] = project
for group in data["groups"]:
group_name = group["name"]
group_desc = group["description"]
grp = s.query(Group).filter(Group.name == group_name).first()
if not grp:
grp = Group()
grp.name = group_name
grp.description = group_desc
s.add(grp)
for projectname in group["projects"]:
gap = (s.query(AccessPrivilege).join(
AccessPrivilege.project).join(AccessPrivilege.group).filter(
Project.name == projectname,
Group.name == group_name).first())
if not gap:
project = projects[projectname]
gap = AccessPrivilege(project_id=project.id, group_id=grp.id)
s.add(gap)
s.flush()
def _grant_from_db(self, sess, to_add, user_info, user_project,
auth_provider_list):
"""
Grant user access to projects in the auth database
Args:
sess: sqlalchemy session
to_add: a set of (username, project.auth_id) to be granted
user_project:
a dictionary of {username: {project: {'read','write'}}
Return:
None
"""
for (username, project_auth_id) in to_add:
u = query_for_user(session=sess, username=username)
auth_provider = auth_provider_list[0]
if "dbgap_role" not in user_info[username]["tags"]:
auth_provider = auth_provider_list[1]
user_access = AccessPrivilege(
user=u,
project=self._projects[project_auth_id],
privilege=list(user_project[username][project_auth_id]),
auth_provider=auth_provider,
)
self.logger.info("grant user {} to {} with access {}".format(
username, user_access.project, user_access.privilege))
sess.add(user_access)
def test_linked_user_with_access(db_session, test_linked_user, test_project):
access_privilege = AccessPrivilege(user_id=test_linked_user.user_id,
project_id=test_project.id)
db_session.add(access_privilege)
db_session.commit()
yield test_linked_user
def test_delete_user_with_access_privilege(app, db_session):
user = User(username="******")
project = Project(id=1, name="test-project")
access_privilege = AccessPrivilege(user=user, privilege=["read"], project=project)
db_session.add(user)
db_session.add(project)
db_session.add(access_privilege)
db_session.commit()
delete_users(config["DB"], [user.username])
remaining_usernames = db_session.query(User.username).all()
assert db_session.query(User).count() == 0, remaining_usernames
def create_providers(data, db_session):
s = db_session
providers = data["providers"]
for provider in providers:
prov = CloudProvider()
prov.name = provider["name"]
prov.backend = provider["backend"]
prov.service = provider["service"]
s.add(prov)
s.flush
for name, user in list(data["users"].items()):
new_user = User()
new_user.username = name
new_user.email = user["email"]
new_user.is_admin = user["is_admin"]
s.add(new_user)
user["id"] = new_user.id
for project in data["projects"]:
new_project = Project()
new_project.name = project["name"]
s.add(new_project)
for storage in project["storage_access"]:
provider = s.query(CloudProvider).filter_by(name=storage).first()
if provider:
new_storage_access = StorageAccess(provider_id=provider.id,
project_id=new_project.id)
s.add(new_storage_access)
for bucket in project["buckets"]:
new_bucket = Bucket()
new_bucket.name = bucket["name"]
provider = s.query(CloudProvider).filter_by(
name=bucket["provider"]).first()
new_bucket.provider_id = provider.id
s.add(new_bucket)
s.flush()
project_to_bucket = ProjectToBucket()
project_to_bucket.bucket_id = new_bucket.id
project_to_bucket.project_id = new_project.id
s.add(project_to_bucket)
s.flush()
for user in project["users"]:
access = AccessPrivilege()
access.user_id = data["users"][user["name"]]["id"]
access.project_id = new_project.id
s.add(access)
def create_user_by_username_project(current_session, new_user, proj):
"""
Create a user for a specific project
"""
project = (
current_session.query(Project)
.filter(Project.auth_id == proj["auth_id"])
.first()
)
if not project:
msg = "".join(["error: auth_id name ", proj["auth_id"], " not found"])
raise NotFound(msg)
# If am enforcing a full match.
# The table has keys that only comprehend two of the arguments
# I will address that option later.
# For now, we need a full match to replace or update
priv = (
current_session.query(AccessPrivilege)
.filter(
AccessPrivilege.user_id == new_user.id,
AccessPrivilege.project_id == project.id,
)
.first()
)
if priv:
# I update the only updatable field
priv.privilege = proj["privilege"]
else:
priv = AccessPrivilege(
user_id=new_user.id, project_id=project.id, privilege=proj["privilege"]
)
current_session.add(priv)
current_session.flush()
return {"user": new_user, "project": project, "privileges": priv}
def _grant_from_db(self, s, userinfo, to_add, auth_provider):
'''
Grant user access to projects in the auth database
Args:
s: sqlalchemy session
to_add: a set of (username, project.auth_id) to be granted
Return:
None
'''
for (username, project_auth_id) in to_add:
u = s.query(User).filter(User.username == username).first()
if not u:
self.logger.info('create user {}'.format(username))
u = User(username=username)
u.email = userinfo[username]['email']
s.add(u)
self.logger.info('grant {} access to {} in db'.format(
username, project_auth_id))
user_access = AccessPrivilege(
user=u,
project=self._projects[project_auth_id],
privilege=['read-storage'],
auth_provider=auth_provider)
s.add(user_access)
def get_project_to_group():
return AccessPrivilege()