def regenerate_robot_token(robot_shortname, parent):
robot_username = format_robot_username(parent.username, robot_shortname)
robot, metadata = lookup_robot_and_metadata(robot_username)
password = random_string_generator(length=64)()
robot.email = str(uuid4())
robot.uuid = str(uuid4())
service = LoginService.get(name="quayrobot")
login = FederatedLogin.get(FederatedLogin.user == robot,
FederatedLogin.service == service)
login.service_ident = "robot:%s" % (robot.id)
try:
token_data = RobotAccountToken.get(robot_account=robot)
except RobotAccountToken.DoesNotExist:
token_data = RobotAccountToken.create(robot_account=robot)
token_data.token = password
with db_transaction():
token_data.save()
login.save()
robot.save()
return robot, password, metadata
def create_robot(robot_shortname, parent, description="", unstructured_metadata=None):
(username_valid, username_issue) = validate_username(robot_shortname)
if not username_valid:
raise InvalidRobotException(
"The name for the robot '%s' is invalid: %s" % (robot_shortname, username_issue)
)
username = format_robot_username(parent.username, robot_shortname)
try:
User.get(User.username == username)
msg = "Existing robot with name: %s" % username
logger.info(msg)
raise InvalidRobotException(msg)
except User.DoesNotExist:
pass
service = LoginService.get(name="quayrobot")
try:
with db_transaction():
created = User.create(username=username, email=str(uuid.uuid4()), robot=True)
token = random_string_generator(length=64)()
RobotAccountToken.create(robot_account=created, token=token, fully_migrated=True)
FederatedLogin.create(
user=created, service=service, service_ident="robot:%s" % created.id
)
RobotAccountMetadata.create(
robot_account=created,
description=description[0:255],
unstructured_json=unstructured_metadata or {},
)
return created, token
except Exception as ex:
raise DataModelException(ex.message)
def process(resources):
response = []
changed = True
for resource in resources:
p_state = resource["state"]
p_name = resource["name"]
try:
login_service = LoginService.get(name=p_name)
except LoginService.DoesNotExist:
login_service = None
if p_state == "absent":
if login_service is not None:
changed = True
login_service.delete_instance()
response.append("Login Service '%s' deleted" % p_name)
changed = True
else:
response.append("Login Service '%s' does not exist" % p_name)
else:
if login_service is None:
changed = True
login_service = LoginService.create(name=p_name)
response.append("Login Service '%s' created" % p_name)
else:
response.append("Login Service '%s' exists" % p_name)
return {"failed": False, "changed": changed, "meta": response}, 200
def set_team_syncing(team, login_service_name, config):
""" Sets the given team to sync to the given service using the given config. """
login_service = LoginService.get(name=login_service_name)
return TeamSync.create(team=team,
transaction_id="",
service=login_service,
config=json.dumps(config))
def detach_external_login(user, service_name):
try:
service = LoginService.get(name=service_name)
except LoginService.DoesNotExist:
return
FederatedLogin.delete().where(FederatedLogin.user == user,
FederatedLogin.service == service).execute()
def get_federated_team_member_mapping(team, login_service_name):
""" Returns a dict of all federated IDs for all team members in the team whose users are
bound to the login service within the given name. The dictionary is from federated service
identifier (username) to their Quay User table ID.
"""
login_service = LoginService.get(name=login_service_name)
query = (FederatedLogin.select(
FederatedLogin.service_ident,
User.id).join(User).join(TeamMember).join(Team).where(
Team.id == team, User.robot == False,
FederatedLogin.service == login_service))
return dict(query.tuples())
def _get_login_service(service_id):
try:
return LoginService.get(LoginService.name == service_id)
except LoginService.DoesNotExist:
return LoginService.create(name=service_id)
