def create_project(s, project_data):
auth_id = project_data["auth_id"]
name = project_data.get("name", auth_id)
project = s.query(Project).filter_by(name=name).first()
if project is None:
project = Project(name=name, auth_id=auth_id)
s.add(project)
if "storage_accesses" in project_data:
sa_list = project_data["storage_accesses"]
for storage_access in sa_list:
provider = storage_access["name"]
buckets = storage_access.get("buckets", [])
sa = (s.query(StorageAccess).join(
StorageAccess.provider, StorageAccess.project).filter(
Project.name == project.name).filter(
CloudProvider.name == provider).first())
if not sa:
c_provider = s.query(CloudProvider).filter_by(
name=provider).first()
sa = StorageAccess(provider=c_provider, project=project)
s.add(sa)
print("created storage access for {} to {}".format(
project.name, c_provider.name))
for bucket in buckets:
b = (s.query(Bucket).filter_by(name=bucket).join(
Bucket.provider).filter(
CloudProvider.name == provider).first())
print(b)
if not b:
b = Bucket(name=bucket)
b.provider = c_provider
s.add(b)
print("created bucket {} in db".format(bucket))
return project
def link_external_bucket(db, name):
"""
Link with bucket owned by an external party. This will create the bucket
in fence database and create a google group to access the bucket in both
Google and fence database.
The external party will need to add the google group read access to bucket
afterwards.
"""
cirrus_config.update(**config["CIRRUS_CFG"])
google_project_id = cirrus_config.GOOGLE_PROJECT_ID
db = SQLAlchemyDriver(db)
with db.session as current_session:
google_cloud_provider = _get_or_create_google_provider(current_session)
bucket_db_entry = Bucket(name=name, provider_id=google_cloud_provider.id)
current_session.add(bucket_db_entry)
current_session.commit()
privileges = ["read"]
access_group = _create_google_bucket_access_group(
current_session, name, bucket_db_entry.id, google_project_id, privileges
)
logger.info("bucket access group email: {}".format(access_group.email))
return access_group.email
def _create_or_update_google_bucket_and_db(
db_session,
name,
storage_class,
public,
requester_pays,
storage_creds_project_id,
project_auth_id,
access_logs_bucket,
):
"""
Handles creates the Google bucket and adding necessary db entry
"""
manager = GoogleCloudManager(
storage_creds_project_id, creds=cirrus_config.configs["GOOGLE_STORAGE_CREDS"]
)
with manager as g_mgr:
g_mgr.create_or_update_bucket(
name,
storage_class=storage_class,
public=public,
requester_pays=requester_pays,
access_logs_bucket=access_logs_bucket,
)
# add bucket to db
google_cloud_provider = _get_or_create_google_provider(db_session)
bucket_db_entry = (
db_session.query(Bucket)
.filter_by(name=name, provider_id=google_cloud_provider.id)
.first()
)
if not bucket_db_entry:
bucket_db_entry = Bucket(name=name, provider_id=google_cloud_provider.id)
db_session.add(bucket_db_entry)
db_session.commit()
logger.info("Successfully updated Google Bucket {}.".format(name))
# optionally link this new bucket to an existing project
if project_auth_id:
project_db_entry = (
db_session.query(Project).filter_by(auth_id=project_auth_id).first()
)
if project_db_entry:
project_linkage = (
db_session.query(ProjectToBucket)
.filter_by(
project_id=project_db_entry.id, bucket_id=bucket_db_entry.id
)
.first()
)
if not project_linkage:
project_linkage = ProjectToBucket(
project_id=project_db_entry.id,
bucket_id=bucket_db_entry.id,
privilege=["owner"], # TODO What should this be???
)
db_session.add(project_linkage)
db_session.commit()
logger.info(
"Successfully linked project with auth_id {} "
"to the bucket.".format(project_auth_id)
)
else:
logger.info(
"No project with auth_id {} found. No linking "
"occured.".format(project_auth_id)
)
# Add StorageAccess if it doesn't exist for the project
storage_access = (
db_session.query(StorageAccess)
.filter_by(
project_id=project_db_entry.id, provider_id=google_cloud_provider.id
)
.first()
)
if not storage_access:
storage_access = StorageAccess(
project_id=project_db_entry.id, provider_id=google_cloud_provider.id
)
db_session.add(storage_access)
db_session.commit()
return bucket_db_entry