def make_auth_db():
model.AuthGlobalConfig(key=model.root_key()).put()
model.AuthIPWhitelistAssignments(
key=model.ip_whitelist_assignments_key()).put()
model.AuthGroup(key=model.group_key('A group')).put()
model.AuthIPWhitelist(key=model.ip_whitelist_key('A whitelist')).put()
model.replicate_auth_db()
def modify(**kwargs):
e = model.root_key().get() or model.AuthGlobalConfig(key=model.root_key())
e.populate(**kwargs)
e.record_revision(
modified_by=model.Identity.from_bytes('user:[email protected]'),
modified_ts=utils.utcnow(),
comment='Comment')
e.put()
model.replicate_auth_db()
def remove(name):
e = model.ip_whitelist_key(name).get()
if e:
e.record_deletion(
modified_by=model.Identity.from_bytes('user:[email protected]'),
modified_ts=utils.utcnow(),
comment='Comment')
e.key.delete()
model.replicate_auth_db()
def modify(**kwargs):
e = model.root_key().get() or model.AuthGlobalConfig(
key=model.root_key())
e.populate(**kwargs)
e.record_revision(
modified_by=model.Identity.from_bytes('user:[email protected]'),
modified_ts=utils.utcnow(),
comment='Comment')
e.put()
model.replicate_auth_db()
def modify(assignments):
key = model.ip_whitelist_assignments_key()
e = key.get() or model.AuthIPWhitelistAssignments(key=key)
e.record_revision(
modified_by=model.Identity.from_bytes('user:[email protected]'),
modified_ts=datetime.datetime(2015, 1, 1, 1, 1),
comment='Comment')
e.assignments = assignments
e.put()
model.replicate_auth_db()
def modify(assignments):
key = model.ip_whitelist_assignments_key()
e = key.get() or model.AuthIPWhitelistAssignments(key=key)
e.record_revision(
modified_by=model.Identity.from_bytes('user:[email protected]'),
modified_ts=datetime.datetime(2015, 1, 1, 1, 1),
comment='Comment')
e.assignments = assignments
e.put()
model.replicate_auth_db()
def remove(name, commit=True):
e = model.group_key(name).get()
if e:
e.record_deletion(
modified_by=model.Identity.from_bytes('user:[email protected]'),
modified_ts=utils.utcnow(),
comment='Comment')
e.key.delete()
if commit:
model.replicate_auth_db()
def update_stored():
stored = model.realms_globals_key().get()
if not stored:
stored = model.AuthRealmsGlobals(key=model.realms_globals_key())
if perms_to_map(stored.permissions) == db.permissions:
logging.info('Skipping, already up-to-date')
return
stored.permissions = sorted(db.permissions.values(), key=lambda p: p.name)
stored.record_revision(
modified_by=model.get_service_self_identity(),
comment='Updating permissions to rev "%s"' % db.revision)
stored.put()
model.replicate_auth_db()
def modify(name, commit=True, **kwargs):
k = model.group_key(name)
e = k.get()
if not e:
e = model.AuthGroup(key=k,
created_by=ident_a,
created_ts=utils.utcnow())
e.record_revision(modified_by=ident_a,
modified_ts=utils.utcnow(),
comment='Comment')
e.populate(**kwargs)
e.put()
if commit:
model.replicate_auth_db()
def modify(name, **kwargs):
k = model.ip_whitelist_key(name)
e = k.get()
if not e:
e = model.AuthIPWhitelist(
key=k,
created_by=model.Identity.from_bytes('user:[email protected]'),
created_ts=utils.utcnow())
e.record_revision(
modified_by=model.Identity.from_bytes('user:[email protected]'),
modified_ts=utils.utcnow(),
comment='Comment')
e.populate(**kwargs)
e.put()
model.replicate_auth_db()
def modify(name, **kwargs):
k = model.ip_whitelist_key(name)
e = k.get()
if not e:
e = model.AuthIPWhitelist(
key=k,
created_by=model.Identity.from_bytes('user:[email protected]'),
created_ts=utils.utcnow())
e.record_revision(
modified_by=model.Identity.from_bytes('user:[email protected]'),
modified_ts=utils.utcnow(),
comment='Comment')
e.populate(**kwargs)
e.put()
model.replicate_auth_db()
def delete_realms(project_id):
"""Performs an AuthDB transaction that deletes all realms of some project.
Args:
project_id: ID of the project being deleted.
"""
realms = model.project_realms_key(project_id).get()
if not realms:
return # already gone
realms.record_deletion(
modified_by=model.get_service_self_identity(),
comment='No longer in the configs')
realms.key.delete()
project_realms_meta_key(project_id).delete()
model.replicate_auth_db()
def modify(name, commit=True, **kwargs):
k = model.group_key(name)
e = k.get()
if not e:
e = model.AuthGroup(
key=k,
created_by=ident_a,
created_ts=utils.utcnow())
e.record_revision(
modified_by=ident_a,
modified_ts=utils.utcnow(),
comment='Comment')
e.populate(**kwargs)
e.put()
if commit:
model.replicate_auth_db()
def update():
existing = ndb.get_multi(
model.project_realms_key(rev.project_id)
for rev, _ in expanded
)
updated = []
metas = []
for (rev, realms), ent in zip(expanded, existing):
logging.info('Visiting project "%s"...', rev.project_id)
if not ent:
logging.info('New realms config in project "%s"', rev.project_id)
ent = model.AuthProjectRealms(
key=model.project_realms_key(rev.project_id),
realms=realms,
config_rev=rev.config_rev,
perms_rev=db.revision)
ent.record_revision(
modified_by=model.get_service_self_identity(),
comment='New realms config')
updated.append(ent)
elif ent.realms != realms:
logging.info('Updated realms config in project "%s"', rev.project_id)
ent.realms = realms
ent.config_rev = rev.config_rev
ent.perms_rev = db.revision
ent.record_revision(
modified_by=model.get_service_self_identity(),
comment=comment)
updated.append(ent)
else:
logging.info('Realms config in project "%s" are fresh', rev.project_id)
# Always update AuthProjectRealmsMeta to match the state we just checked.
metas.append(AuthProjectRealmsMeta(
key=project_realms_meta_key(rev.project_id),
config_rev=rev.config_rev,
perms_rev=db.revision,
config_digest=rev.config_digest,
modified_ts=utils.utcnow(),
))
logging.info('Persisting changes...')
ndb.put_multi(updated + metas)
if updated:
model.replicate_auth_db()
def _update_authdb_configs(configs):
"""Pushes new configs to AuthDB entity group.
Args:
configs: dict {config path -> (Revision tuple, <config>)}.
"""
revs = _imported_config_revisions_key().get()
if not revs:
revs = _ImportedConfigRevisions(key=_imported_config_revisions_key(),
revisions={})
some_dirty = False
for path, (rev, conf) in sorted(configs.iteritems()):
dirty = _CONFIG_SCHEMAS[path]['updater'](rev, conf)
revs.revisions[path] = {'rev': rev.revision, 'url': rev.url}
logging.info('Processed %s at rev %s: %s', path, rev.revision,
'updated' if dirty else 'up-to-date')
some_dirty = some_dirty or dirty
revs.put()
if some_dirty:
model.replicate_auth_db()
def _update_authdb_configs(configs):
"""Pushes new configs to AuthDB entity group.
Args:
configs: dict {config path -> (Revision tuple, <config>)}.
Returns:
True if anything has changed since last import.
"""
# Get model.AuthGlobalConfig entity, to potentially update it.
root = model.root_key().get()
orig = root.to_dict()
revs = _imported_config_revisions_key().get()
if not revs:
revs = _ImportedConfigRevisions(key=_imported_config_revisions_key(),
revisions={})
ingested_revs = {} # path -> Revision
for path, (rev, conf) in sorted(configs.items()):
dirty = _CONFIG_SCHEMAS[path]['updater'](root, rev, conf)
revs.revisions[path] = {'rev': rev.revision, 'url': rev.url}
logging.info('Processed %s at rev %s: %s', path, rev.revision,
'updated' if dirty else 'up-to-date')
if dirty:
ingested_revs[path] = rev
if root.to_dict() != orig:
assert ingested_revs
report = ', '.join('%s@%s' % (p, rev.revision)
for p, rev in sorted(ingested_revs.items()))
logging.info('Global config has been updated: %s', report)
root.record_revision(modified_by=model.get_service_self_identity(),
modified_ts=utils.utcnow(),
comment='Importing configs: %s' % report)
root.put()
revs.put()
if ingested_revs:
model.replicate_auth_db()
return bool(ingested_revs)
def _update_authdb_configs(configs):
"""Pushes new configs to AuthDB entity group.
Args:
configs: dict {config path -> (Revision tuple, <config>)}.
"""
revs = _imported_config_revisions_key().get()
if not revs:
revs = _ImportedConfigRevisions(
key=_imported_config_revisions_key(),
revisions={})
some_dirty = False
for path, (rev, conf) in sorted(configs.iteritems()):
dirty = _CONFIG_SCHEMAS[path]['updater'](rev, conf)
revs.revisions[path] = {'rev': rev.revision, 'url': rev.url}
logging.info(
'Processed %s at rev %s: %s', path, rev.revision,
'updated' if dirty else 'up-to-date')
some_dirty = some_dirty or dirty
revs.put()
if some_dirty:
model.replicate_auth_db()
def run():
callback()
return model.replicate_auth_db()
def run(): callback() return model.replicate_auth_db()
def trigger():
cur = model.get_replication_state()
if cur.auth_db_rev == state.auth_db_rev:
model.replicate_auth_db()
