def validate_project_token(token): if not ("project" in token and "id" in token['project'] and validate_uuid(token['project']['id']) and "id" in token and validate_uuid(token['id'])): return False r = g.db.execute_one(''' SELECT id FROM auth_token WHERE id = %s AND project_id = %s ''', (token['id'], token['project']['id'],)) if not r: logger.warn('project token not valid') return False return True
def get(self, parent_job_id): job_id = g.token['job']['id'] if not validate_uuid(parent_job_id): abort(400, "Invalid uuid") filename = request.args.get('filename', None) if not filename: abort(400, "Invalid filename") dependencies = g.db.execute_one(''' SELECT dependencies FROM job WHERE id = %s ''', [job_id])[0] is_valid_dependency = False for dep in dependencies: if dep['job-id'] == parent_job_id: is_valid_dependency = True break if not is_valid_dependency: abort(404, "Job not found") key = "%s/%s" % (parent_job_id, filename) g.release_db() f = storage.download_output(key) if not f: abort(404) return send_file(f)
def delete(self, project_id, secret_id): ''' Delete a secret ''' if not validate_uuid(secret_id): abort(400, "Invalid secret uuid.") num_secrets = g.db.execute_one( """ SELECT COUNT(*) FROM secret WHERE project_id = %s and id = %s """, [project_id, secret_id])[0] if num_secrets == 0: return abort(400, 'Such secret does not exist.') num_keys = g.db.execute_one( """ SELECT COUNT(*) FROM sshkey WHERE project_id = %s and secret_id = %s """, [project_id, secret_id])[0] if num_keys != 0: return abort(400, 'Secret is still used SSH Key.') g.db.execute( """ DELETE FROM secret WHERE project_id = %s and id = %s """, [project_id, secret_id]) g.db.commit() return OK('Successfully deleted secret.')
def delete(self, project_id): ''' Delete a project ''' if not validate_uuid(project_id): abort(400, "Invalid project uuid.") project = g.db.execute_one_dict(""" DELETE FROM project WHERE id = %s RETURNING type """, [project_id]) if not project: abort(400, 'Project with such an id does not exist.') if project['type'] == 'github': repo = g.db.execute_one_dict(''' SELECT name, github_owner, github_hook_id FROM repository WHERE project_id = %s ''', [project_id]) gh_owner = repo['github_owner'] gh_hook_id = repo['github_hook_id'] gh_repo_name = repo['name'] user = g.db.execute_one_dict(''' SELECT github_api_token FROM "user" WHERE id = %s ''', [g.token['user']['id']]) gh_api_token = user['github_api_token'] headers = { "Authorization": "token " + gh_api_token, "User-Agent": "InfraBox" } url = '%s/repos/%s/%s/hooks/%s' % (os.environ['INFRABOX_GITHUB_API_URL'], gh_owner, gh_repo_name, gh_hook_id) # TODO(ib-steffen): allow custom ca bundles requests.delete(url, headers=headers, verify=False) # TODO: delete all tables g.db.execute(''' DELETE FROM repository WHERE project_id = %s ''', [project_id]) g.db.execute(''' DELETE FROM collaborator WHERE project_id = %s ''', [project_id]) g.db.commit() # Updated collaborator and project data will be pushed with next push cycle to Open Policy Agent return OK('deleted project')
def validate_user_token(token): if not ("user" in token and "id" in token["user"] and validate_uuid(token['user']['id'])): return False u = g.db.execute_one(''' SELECT id FROM "user" WHERE id = %s ''', [token['user']['id']]) if not u: logger.warn('user not found') return False return True
def enrich_job_token(token): if not ("job" in token and "id" in token["job"] and validate_uuid(token["job"]["id"])): raise LookupError('invalid job id') job_id = token["job"]["id"] r = g.db.execute_one(''' SELECT state, project_id, name FROM job WHERE id = %s''', [job_id]) if not r: raise LookupError('job not found') token['job']['state'] = r[0] token['job']['name'] = r[2] token['project'] = {} token['project']['id'] = r[1] return token
def delete(self, project_id, cronjob_id): ''' Delete a cronjob ''' if not validate_uuid(cronjob_id): abort(400, "Invalid cronjob uuid.") num_cronjobs = g.db.execute_one(""" SELECT COUNT(*) FROM cronjob WHERE project_id = %s and id = %s """, [project_id, cronjob_id])[0] if num_cronjobs == 0: return abort(400, 'Cronjob does not exist.') g.db.execute(""" DELETE FROM cronjob WHERE project_id = %s and id = %s """, [project_id, cronjob_id]) g.db.commit() return OK('Successfully deleted cronjob.')
def delete(self, project_id, sshkey_id): ''' Delete a sshkey ''' if not validate_uuid(sshkey_id): abort(400, "Invalid sshkey uuid.") num_sshkeys = g.db.execute_one( """ SELECT COUNT(*) FROM sshkey WHERE project_id = %s and id = %s """, [project_id, sshkey_id])[0] if num_sshkeys == 0: return abort(400, 'SSH Key does not exist.') g.db.execute( """ DELETE FROM sshkey WHERE project_id = %s and id = %s """, [project_id, sshkey_id]) g.db.commit() return OK('Successfully deleted SSH Key.')
def delete(self, project_id, token_id): ''' Delete a token ''' if not validate_uuid(token_id): abort(400, "Invalid project-token uuid.") num_tokens = g.db.execute_one( """ SELECT COUNT(*) FROM auth_token WHERE project_id = %s and id = %s """, [project_id, token_id])[0] if num_tokens == 0: return abort(404, 'Such token does not exist.') g.db.execute( """ DELETE FROM auth_token WHERE project_id = %s and id = %s """, [project_id, token_id]) g.db.commit() return OK('Successfully deleted token.')
def get(self, parent_job_id): job_id = g.token['job']['id'] if not validate_uuid(parent_job_id): abort(400, "Invalid uuid") filename = request.args.get('filename', None) if not filename: abort(400, "Invalid filename") dependencies = g.db.execute_one( ''' SELECT dependencies FROM job WHERE id = %s ''', [job_id])[0] is_valid_dependency = False for dep in dependencies: if dep['job-id'] == parent_job_id: is_valid_dependency = True break if not is_valid_dependency: abort(404, "Job not found") key = "%s/%s" % (parent_job_id, filename) f = storage.download_output(key) if f: g.release_db() return send_file(f) c = g.db.execute_one_dict( ''' SELECT * FROM cluster WHERE name= ( SELECT cluster_name FROM job where id = %s) ''', [parent_job_id]) g.release_db() if c['name'] == os.environ['INFRABOX_CLUSTER_NAME']: abort(404) token = encode_job_token(job_id) headers = {'Authorization': 'token ' + token} url = '%s/api/job/output/%s?filename=%s' % (c['root_url'], parent_job_id, filename) try: r = requests.get(url, headers=headers, timeout=120, verify=False) if r.status_code != 200: f = None else: f = BytesIO(r.content) f.seek(0) except: f = None if not f: abort(404) return send_file(f, attachment_filename=filename)