def validate(self): if not FlaskForm.validate(self): return False # Cannot allow this Organization name, because it would cause issues on backend if self.organization_name.data == 'global': self.organization_name.errors.append('Cannot allow this Organization name for secret reasons, shush.') return False # TODO: remove these uniqueness checks after introduction of unique constraint # in ETCD storage class on backend client = get_kqueen_client(token=session['user']['token']) # Check if organization exists on backend response = client.organization.list() if response.status > 200: self.organization_name.errors.append('Can not contact backend at this time.') return False organizations = response.data organization_names = [org['name'] for org in organizations] organization_namespaces = [o['namespace'] for o in organizations] if self.organization_name.data in organization_names or slugify(self.organization_name.data) in organization_namespaces: self.organization_name.errors.append('Organization {} already exists.'.format(self.organization_name.data)) return False return True
def authenticate(username, password): user = {} client = get_kqueen_client(username=username, password=password) token, error = client.base.login() if token: _user = client.user.whoami() user = _user.data user['token'] = token return user, error
def login(): error = None if request.method == 'POST': user, _error = authenticate(request.form['username'], request.form['password']) if user: session['user'] = user client = get_kqueen_client(token=user['token']) organization_id = user['organization']['id'] response = client.organization.policy(organization_id) if response.status == -1: flash( 'Backend is unavailable at this time, please try again later.', 'danger') del session['user'] if 'policy' in session: del session['policy'] return render_template('ui/login.html', error=error) elif response.status > 200: flash( 'Could not contact authentication backend, please try again later.', 'danger') del session['user'] if 'policy' in session: del session['policy'] return render_template('ui/login.html', error=error) policy = response.data if policy and isinstance(policy, dict): session['policy'] = policy else: del session['user'] if 'policy' in session: del session['policy'] return render_template('ui/login.html', error=error) flash('You have been logged in', 'success') next_url = request.form.get('next', '') if next_url: return redirect(next_url) return redirect(url_for('ui.index')) elif _error: if _error['status'] == 401: error = 'Invalid credentials.' else: error = 'Could not contact authentication backend, please try again later.' return render_template('ui/login.html', error=error)
def test_token(): if session.get('user', None) and not app.testing: client = get_kqueen_client(token=session['user']['token']) organization_id = session['user']['organization']['id'] response = client.organization.policy(organization_id) if response.status == 401: flash('Session expired, please log in again.', 'warning') del session['user'] if 'policy' in session: del session['policy'] elif response.status == -1: flash('Backend is unavailable at this time, please try again later.', 'danger') del session['user'] if 'policy' in session: del session['policy'] policy = response.data if policy and isinstance(policy, dict): session['policy'] = policy
def validate(self): if not FlaskForm.validate(self): return False # TODO: remove these uniqueness checks after introduction of unique constraint # in ETCD storage class on backend client = get_kqueen_client(token=session['user']['token']) # Check if e-mail and username exists on backend response = client.user.list() if response.status > 200: self.email.errors.append('Can not contact backend at this time.') return False users = response.data user_emails = [u['email'] for u in users if 'email' in u] if self.email.data in user_emails: self.email.errors.append('This e-mail is already registered.') return False return True
def sanitize_resource_metadata(session, clusters, provisioners): from kqueen_ui import cache safe_types = ['text', 'integer', 'select', 'parameters'] token = session.get('user', {}).get('token', None) client = None engines = cache.get('provisioner-engines') deployed_clusters = 0 healthy_clusters = 0 healthy_provisioners = 0 if not engines: error = False if token: client = get_kqueen_client(token=token) else: error = True if client: engines_res = client.provisioner.engines() if engines_res.status > 200: error = True else: engines = engines_res.data cache.set('provisioner-engines', engines, timeout=5 * 60) if error: for cluster in clusters: cluster['metadata'] = {} for provisioner in provisioners: provisioner['parameters'] = {} engines = [] # sort clusters by date if isinstance(clusters, list): clusters.sort(key=lambda k: (k['created_at'], k['name'])) for cluster in clusters: if 'state' in cluster: if config.get('CLUSTER_PROVISIONING_STATE') != cluster['state']: deployed_clusters = deployed_clusters + 1 if cluster['state'] in [ config.get('CLUSTER_UPDATING_STATE'), config.get('CLUSTER_OK_STATE') ]: healthy_clusters = healthy_clusters + 1 if 'created_at' in cluster: cluster['created_at'] = format_datetime(cluster['created_at']) cluster_engine = cluster.get('provisioner', {}).get('engine') _engine_params = [ e['parameters'] for e in engines if e['name'] == cluster_engine ] if not len(_engine_params) == 1: del cluster['metadata'] continue engine_params = _engine_params[0].get('cluster') for param_name, param in engine_params.items(): if param['type'] not in safe_types: try: cluster['metadata'][param_name] = '*****************' except KeyError: pass cluster['metadata'] = OrderedDict( sorted(cluster['metadata'].items(), key=lambda t: t[0])) # sort provisioners by date if isinstance(provisioners, list): provisioners.sort(key=lambda k: (k['created_at'], k['name'])) for provisioner in provisioners: if 'state' in provisioner: if config.get('PROVISIONER_ERROR_STATE') != provisioner['state']: healthy_provisioners = healthy_provisioners + 1 if 'created_at' in provisioner: provisioner['created_at'] = format_datetime( provisioner['created_at']) provisioner_engine = provisioner.get('engine') _engine_params = [ e['parameters'] for e in engines if e['name'] == provisioner_engine ] if not len(_engine_params) == 1: del provisioner['parameters'] continue engine_params = _engine_params[0].get('provisioner') for param_name, param in engine_params.items(): if param['type'] not in safe_types: try: provisioner['parameters'][param_name] = '*****************' except KeyError: pass provisioner['parameters'] = OrderedDict( sorted(provisioner['parameters'].items(), key=lambda t: t[0])) cluster_health = 0 if healthy_clusters and deployed_clusters: cluster_health = int((healthy_clusters / deployed_clusters) * 100) provisioner_health = 0 if healthy_provisioners and provisioners: provisioner_health = int( (healthy_provisioners / len(provisioners)) * 100) overview = { 'cluster_count': len(clusters), 'cluster_max': len(clusters) if len(clusters) else 1, 'cluster_health': cluster_health, 'provisioner_count': len(provisioners), 'provisioner_max': len(provisioners) if len(provisioners) else 1, 'provisioner_health': provisioner_health, } return clusters, provisioners, overview
def _get_kqueen_client(self): token = session.get('user', {}).get('token', None) if token: return get_kqueen_client(token=token) return None
def metaparser(session, clusters=[], provisioners=[]): token = session.get('user', {}).get('token', None) client = None engines = cache.get('provisioner-engines') if not engines: abort = False if token: client = get_kqueen_client(token=token) else: abort = True if client: engines_res = client.provisioner.engines() if engines_res.status > 200: abort = True else: engines = engines_res.data cache.set('provisioner-engines', engines, timeout=5 * 60) if abort: for cluster in clusters: cluster['metadata'] = {} for provisioner in provisioners: provisioner['parameters'] = {} return clusters, provisioners for cluster in clusters: cluster_engine = cluster.get('provisioner', {}).get('engine') _engine_params = [ e['parameters'] for e in engines if e['name'] == cluster_engine ] if not len(_engine_params) == 1: del cluster['metadata'] continue engine_params = _engine_params[0].get('cluster') for param_name, param in engine_params.items(): if param['type'] not in ['text', 'integer', 'select']: try: cluster['metadata'][param_name] = '*****************' except KeyError: pass cluster['metadata'] = OrderedDict( sorted(cluster['metadata'].items(), key=lambda t: t[0])) for provisioner in provisioners: provisioner_engine = provisioner.get('engine') _engine_params = [ e['parameters'] for e in engines if e['name'] == provisioner_engine ] if not len(_engine_params) == 1: del provisioner['parameters'] continue engine_params = _engine_params[0].get('provisioner') for param_name, param in engine_params.items(): if param['type'] not in ['text', 'integer', 'select']: try: provisioner['parameters'][ param_name] = '*****************' except KeyError: pass provisioner['parameters'] = OrderedDict( sorted(provisioner['parameters'].items(), key=lambda t: t[0])) return clusters, provisioners