def handle(self,*args, **options):
if options['username'] is None:
raise CommandError("Please provide a username with --username")
bot.debug("Username: %s" %options['username'])
try:
user = User.objects.get(username=options['username'])
except User.DoesNotExist:
raise CommandError("This username does not exist.")
if user.is_staff is False: #and user.manager is False:
raise CommandError("This user already can't manage and build.")
else:
user.is_staff = False
bot.debug("%s can no longer manage and build." %(user.username))
user.save()
def handle(self, *args, **options):
if options['username'] is None:
raise CommandError("Please provide a username with --username")
bot.debug("Username: %s" % options['username'])
try:
user = User.objects.get(username=options['username'])
except User.DoesNotExist:
raise CommandError("This username does not exist.")
if user.admin is True: #and user.manager is True:
raise CommandError("This user can already manage and build.")
user.admin = True
#user.manager = True
user.save()
bot.debug("%s can now manage and build." % (user.username))
def handle(self,*args, **options):
if options['collection'] is None:
raise CommandError("Please provide a username with --collection")
bot.debug("Collection: %s" %options['collection'])
# results = collection_query(options['collection'])
results = Collection.objects.filter(Q(name__contains=options['collection']))
for result in results:
print(type(result))
print(" uri: "+result.get_uri())
print(" url: "+result.get_absolute_url())
print(" private display:"+result.get_private_display())
# print(" collection star:"+collection.has_collection_star())
# print(" edit permission:"+collection.has_edit_permission())
# print(" view permission:"+collection.has_view_permission())
# print(" owner:"+collection.owner)
# print(" owner id:"+collection.owner_id)
print(" private:"+str(result.private))
def get_request_user(auth, user=None):
"""get the user for the request from an authorization object
Parameters
==========
auth: the authentication object
user: will return as None if not able to obtain from auth
"""
values = _parse_header(auth)
if "Credential" not in values:
bot.debug("Headers missing, request is invalid.")
return user
_, username, _ = values["Credential"].split("/")
username = base64.b64decode(username).decode("utf-8")
try:
user = User.objects.get(username=username)
except:
bot.debug("%s is not a valid user, request invalid." % username)
return user
def get_request_user(auth, user=None):
'''get the user for the request from an authorization object
Parameters
==========
auth: the authentication object
user: will return as None if not able to obtain from auth
'''
values = _parse_header(auth)
if "Credential" not in values:
bot.debug('Headers missing, request is invalid.')
return user
kind,username,ts = values['Credential'].split('/')
username = base64.b64decode(username)
try:
user = User.objects.get(username=username)
except:
bot.debug('%s is not a valid user, request invalid.' %username)
return user
def delete_container(request, container):
'''delete a container only given authentication to do so'''
auth = request.META.get('HTTP_AUTHORIZATION', None)
if auth is None:
bot.debug("authentication is invalid.")
return False
timestamp = generate_timestamp()
payload = "delete|%s|%s|%s|%s|" % (container.collection.name, timestamp,
container.name, container.tag)
bot.debug("Request payload %s" % payload)
if not validate_request(auth, payload, "delete", timestamp):
bot.debug("request is invalid.")
return False
return True
def receive_build(collection, recipes, branch):
'''receive_build will receive a build from GitHub, and then trigger
the same Google Cloud Build but using a GitHub repository (recommended).
Parameters
==========
collection: the collection
recipes: a dictionary of modified recipe files to build
branch: the repository branch (kept as metadata)
'''
from .github import get_auth_token
context = get_build_context()
# Instantiate client with context (connects to buckets)
client = get_client(debug=True, **context)
print("RECIPES: %s" % recipes)
# Derive tag from the recipe, or default to latest
for recipe, metadata in recipes.items():
# First preference to command line, then recipe tag
tag = get_recipe_tag(recipe) or "latest"
# Get a container, if it exists, we've already written file here
try:
container = collection.containers.get(tag=tag)
except: # DoesNotExist
container = Container.objects.create(collection=collection,
tag=tag,
name=collection.name)
# If the container is frozen, no go
if container.frozen:
bot.debug('%s is frozen, will not trigger build.' % container)
continue
# Recipe path on Github
reponame = container.collection.metadata['github']['repo_name']
# If we don't have a commit, just send to recipe
if metadata['commit'] is None:
deffile = "https://www.github.com/%s/tree/%s/%s" %(reponame,
branch,
recipe)
else:
deffile = "https://www.github.com/%s/blob/%s/%s" %(reponame,
metadata['commit'],
recipe)
# Webhook response
webhook = "%s%s" % (settings.DOMAIN_NAME,
reverse('receive_build', kwargs={"cid": container.id}))
# Generate a one time use secret for jwt web token
container.metadata['builder'] = {"name":"google_build",
"deffile": deffile}
payload = create_container_payload(container) # does not save
# Generate the jwt token
jwt_token = generate_jwt_token(secret=container.metadata['builder']['secret'],
payload=payload)
# If the repo is private, we need to account for that
token = None
if collection.metadata['github'].get('private', False) is True:
token = get_auth_token(collection.owners.first())
# Submit the build with the GitHub repo and commit
response = client.build_repo("github.com/%s" % metadata['name'],
recipe=recipe,
headless=True,
token=token,
commit=metadata['commit'],
webhook=webhook,
extra_data={"token": jwt_token})
# Add the metadata
container.metadata['build_metadata'] = response['metadata']
container.save()
def validate_request(auth,
payload,
sender="push",
timestamp=None,
superuser=True):
'''validate header and payload for a request
Parameters
==========
auth: the Authorization header content
payload: the payload to assess
timestamp: the timestamp associated with the request
superuser: if the user must be superuser for validity
Returns
=======
True if the request is valid, False if not
'''
header, content = auth.split(' ')
content = content.split(',')
values = dict()
for entry in content:
key, val = re.split('=', entry, 1)
values[key] = val
if header != 'SREGISTRY-HMAC-SHA256':
bot.debug('Invalid SREGISTRY Authentication scheme, request invalid.')
return False
if "Credential" not in values or "Signature" not in values:
bot.debug('Headers missing, request is invalid.')
return False
bot.debug(values['Credential'])
kind, username, ts = values['Credential'].split('/')
username = base64.b64decode(username)
if kind != sender:
bot.debug(
'Mismatch between request kind (%s) and sender (%s), request invalid.'
% (kind, sender))
return False
if timestamp is not None:
if ts != timestamp:
bot.debug('%s is expired, must be %s.' % (ts, timestamp))
return False
try:
user = User.objects.get(username=username)
except:
bot.debug('%s is not a valid user, request invalid.' % username)
return False
if superuser is True:
if user.admin is False:
bot.debug('User %s is not a superuser, request invalid.' %
user.username)
return False
request_signature = values['Signature']
secret = user.token()
return validate_secret(secret, payload, request_signature)
def user_data(self, access_token, *args, **kwargs):
"""Loads user data from service"""
url = urljoin(settings.FIWARE_IDM_ENDPOINT,
'/user?' + urlencode({'access_token': access_token}))
bot.debug(self.get_json(url))
return self.get_json(url)
