def make_auth_db(): model.AuthGlobalConfig(key=model.root_key()).put() model.AuthIPWhitelistAssignments( key=model.ip_whitelist_assignments_key()).put() model.AuthGroup(key=model.group_key('A group')).put() model.AuthIPWhitelist(key=model.ip_whitelist_key('A whitelist')).put() model.replicate_auth_db()
def modify(**kwargs): e = model.root_key().get() or model.AuthGlobalConfig(key=model.root_key()) e.populate(**kwargs) e.record_revision( modified_by=model.Identity.from_bytes('user:[email protected]'), modified_ts=utils.utcnow(), comment='Comment') e.put() model.replicate_auth_db()
def remove(name): e = model.ip_whitelist_key(name).get() if e: e.record_deletion( modified_by=model.Identity.from_bytes('user:[email protected]'), modified_ts=utils.utcnow(), comment='Comment') e.key.delete() model.replicate_auth_db()
def modify(**kwargs): e = model.root_key().get() or model.AuthGlobalConfig( key=model.root_key()) e.populate(**kwargs) e.record_revision( modified_by=model.Identity.from_bytes('user:[email protected]'), modified_ts=utils.utcnow(), comment='Comment') e.put() model.replicate_auth_db()
def modify(assignments): key = model.ip_whitelist_assignments_key() e = key.get() or model.AuthIPWhitelistAssignments(key=key) e.record_revision( modified_by=model.Identity.from_bytes('user:[email protected]'), modified_ts=datetime.datetime(2015, 1, 1, 1, 1), comment='Comment') e.assignments = assignments e.put() model.replicate_auth_db()
def remove(name, commit=True): e = model.group_key(name).get() if e: e.record_deletion( modified_by=model.Identity.from_bytes('user:[email protected]'), modified_ts=utils.utcnow(), comment='Comment') e.key.delete() if commit: model.replicate_auth_db()
def update_stored(): stored = model.realms_globals_key().get() if not stored: stored = model.AuthRealmsGlobals(key=model.realms_globals_key()) if perms_to_map(stored.permissions) == db.permissions: logging.info('Skipping, already up-to-date') return stored.permissions = sorted(db.permissions.values(), key=lambda p: p.name) stored.record_revision( modified_by=model.get_service_self_identity(), comment='Updating permissions to rev "%s"' % db.revision) stored.put() model.replicate_auth_db()
def modify(name, commit=True, **kwargs): k = model.group_key(name) e = k.get() if not e: e = model.AuthGroup(key=k, created_by=ident_a, created_ts=utils.utcnow()) e.record_revision(modified_by=ident_a, modified_ts=utils.utcnow(), comment='Comment') e.populate(**kwargs) e.put() if commit: model.replicate_auth_db()
def modify(name, **kwargs): k = model.ip_whitelist_key(name) e = k.get() if not e: e = model.AuthIPWhitelist( key=k, created_by=model.Identity.from_bytes('user:[email protected]'), created_ts=utils.utcnow()) e.record_revision( modified_by=model.Identity.from_bytes('user:[email protected]'), modified_ts=utils.utcnow(), comment='Comment') e.populate(**kwargs) e.put() model.replicate_auth_db()
def delete_realms(project_id): """Performs an AuthDB transaction that deletes all realms of some project. Args: project_id: ID of the project being deleted. """ realms = model.project_realms_key(project_id).get() if not realms: return # already gone realms.record_deletion( modified_by=model.get_service_self_identity(), comment='No longer in the configs') realms.key.delete() project_realms_meta_key(project_id).delete() model.replicate_auth_db()
def modify(name, commit=True, **kwargs): k = model.group_key(name) e = k.get() if not e: e = model.AuthGroup( key=k, created_by=ident_a, created_ts=utils.utcnow()) e.record_revision( modified_by=ident_a, modified_ts=utils.utcnow(), comment='Comment') e.populate(**kwargs) e.put() if commit: model.replicate_auth_db()
def update(): existing = ndb.get_multi( model.project_realms_key(rev.project_id) for rev, _ in expanded ) updated = [] metas = [] for (rev, realms), ent in zip(expanded, existing): logging.info('Visiting project "%s"...', rev.project_id) if not ent: logging.info('New realms config in project "%s"', rev.project_id) ent = model.AuthProjectRealms( key=model.project_realms_key(rev.project_id), realms=realms, config_rev=rev.config_rev, perms_rev=db.revision) ent.record_revision( modified_by=model.get_service_self_identity(), comment='New realms config') updated.append(ent) elif ent.realms != realms: logging.info('Updated realms config in project "%s"', rev.project_id) ent.realms = realms ent.config_rev = rev.config_rev ent.perms_rev = db.revision ent.record_revision( modified_by=model.get_service_self_identity(), comment=comment) updated.append(ent) else: logging.info('Realms config in project "%s" are fresh', rev.project_id) # Always update AuthProjectRealmsMeta to match the state we just checked. metas.append(AuthProjectRealmsMeta( key=project_realms_meta_key(rev.project_id), config_rev=rev.config_rev, perms_rev=db.revision, config_digest=rev.config_digest, modified_ts=utils.utcnow(), )) logging.info('Persisting changes...') ndb.put_multi(updated + metas) if updated: model.replicate_auth_db()
def _update_authdb_configs(configs): """Pushes new configs to AuthDB entity group. Args: configs: dict {config path -> (Revision tuple, <config>)}. """ revs = _imported_config_revisions_key().get() if not revs: revs = _ImportedConfigRevisions(key=_imported_config_revisions_key(), revisions={}) some_dirty = False for path, (rev, conf) in sorted(configs.iteritems()): dirty = _CONFIG_SCHEMAS[path]['updater'](rev, conf) revs.revisions[path] = {'rev': rev.revision, 'url': rev.url} logging.info('Processed %s at rev %s: %s', path, rev.revision, 'updated' if dirty else 'up-to-date') some_dirty = some_dirty or dirty revs.put() if some_dirty: model.replicate_auth_db()
def _update_authdb_configs(configs): """Pushes new configs to AuthDB entity group. Args: configs: dict {config path -> (Revision tuple, <config>)}. Returns: True if anything has changed since last import. """ # Get model.AuthGlobalConfig entity, to potentially update it. root = model.root_key().get() orig = root.to_dict() revs = _imported_config_revisions_key().get() if not revs: revs = _ImportedConfigRevisions(key=_imported_config_revisions_key(), revisions={}) ingested_revs = {} # path -> Revision for path, (rev, conf) in sorted(configs.items()): dirty = _CONFIG_SCHEMAS[path]['updater'](root, rev, conf) revs.revisions[path] = {'rev': rev.revision, 'url': rev.url} logging.info('Processed %s at rev %s: %s', path, rev.revision, 'updated' if dirty else 'up-to-date') if dirty: ingested_revs[path] = rev if root.to_dict() != orig: assert ingested_revs report = ', '.join('%s@%s' % (p, rev.revision) for p, rev in sorted(ingested_revs.items())) logging.info('Global config has been updated: %s', report) root.record_revision(modified_by=model.get_service_self_identity(), modified_ts=utils.utcnow(), comment='Importing configs: %s' % report) root.put() revs.put() if ingested_revs: model.replicate_auth_db() return bool(ingested_revs)
def _update_authdb_configs(configs): """Pushes new configs to AuthDB entity group. Args: configs: dict {config path -> (Revision tuple, <config>)}. """ revs = _imported_config_revisions_key().get() if not revs: revs = _ImportedConfigRevisions( key=_imported_config_revisions_key(), revisions={}) some_dirty = False for path, (rev, conf) in sorted(configs.iteritems()): dirty = _CONFIG_SCHEMAS[path]['updater'](rev, conf) revs.revisions[path] = {'rev': rev.revision, 'url': rev.url} logging.info( 'Processed %s at rev %s: %s', path, rev.revision, 'updated' if dirty else 'up-to-date') some_dirty = some_dirty or dirty revs.put() if some_dirty: model.replicate_auth_db()
def run(): callback() return model.replicate_auth_db()
def trigger(): cur = model.get_replication_state() if cur.auth_db_rev == state.auth_db_rev: model.replicate_auth_db()