def validate_project_token(token):
if not ("project" in token and "id" in token['project'] and validate_uuid(token['project']['id'])
and "id" in token and validate_uuid(token['id'])):
return False
r = g.db.execute_one('''
SELECT id FROM auth_token
WHERE id = %s AND project_id = %s
''', (token['id'], token['project']['id'],))
if not r:
logger.warn('project token not valid')
return False
return True
def get(self, parent_job_id):
job_id = g.token['job']['id']
if not validate_uuid(parent_job_id):
abort(400, "Invalid uuid")
filename = request.args.get('filename', None)
if not filename:
abort(400, "Invalid filename")
dependencies = g.db.execute_one('''
SELECT dependencies
FROM job
WHERE id = %s
''', [job_id])[0]
is_valid_dependency = False
for dep in dependencies:
if dep['job-id'] == parent_job_id:
is_valid_dependency = True
break
if not is_valid_dependency:
abort(404, "Job not found")
key = "%s/%s" % (parent_job_id, filename)
g.release_db()
f = storage.download_output(key)
if not f:
abort(404)
return send_file(f)
def delete(self, project_id, secret_id):
'''
Delete a secret
'''
if not validate_uuid(secret_id):
abort(400, "Invalid secret uuid.")
num_secrets = g.db.execute_one(
"""
SELECT COUNT(*) FROM secret
WHERE project_id = %s and id = %s
""", [project_id, secret_id])[0]
if num_secrets == 0:
return abort(400, 'Such secret does not exist.')
num_keys = g.db.execute_one(
"""
SELECT COUNT(*) FROM sshkey
WHERE project_id = %s and secret_id = %s
""", [project_id, secret_id])[0]
if num_keys != 0:
return abort(400, 'Secret is still used SSH Key.')
g.db.execute(
"""
DELETE FROM secret WHERE project_id = %s and id = %s
""", [project_id, secret_id])
g.db.commit()
return OK('Successfully deleted secret.')
def delete(self, project_id):
'''
Delete a project
'''
if not validate_uuid(project_id):
abort(400, "Invalid project uuid.")
project = g.db.execute_one_dict("""
DELETE FROM project WHERE id = %s RETURNING type
""", [project_id])
if not project:
abort(400, 'Project with such an id does not exist.')
if project['type'] == 'github':
repo = g.db.execute_one_dict('''
SELECT name, github_owner, github_hook_id
FROM repository
WHERE project_id = %s
''', [project_id])
gh_owner = repo['github_owner']
gh_hook_id = repo['github_hook_id']
gh_repo_name = repo['name']
user = g.db.execute_one_dict('''
SELECT github_api_token
FROM "user"
WHERE id = %s
''', [g.token['user']['id']])
gh_api_token = user['github_api_token']
headers = {
"Authorization": "token " + gh_api_token,
"User-Agent": "InfraBox"
}
url = '%s/repos/%s/%s/hooks/%s' % (os.environ['INFRABOX_GITHUB_API_URL'],
gh_owner, gh_repo_name, gh_hook_id)
# TODO(ib-steffen): allow custom ca bundles
requests.delete(url, headers=headers, verify=False)
# TODO: delete all tables
g.db.execute('''
DELETE FROM repository
WHERE project_id = %s
''', [project_id])
g.db.execute('''
DELETE FROM collaborator
WHERE project_id = %s
''', [project_id])
g.db.commit()
# Updated collaborator and project data will be pushed with next push cycle to Open Policy Agent
return OK('deleted project')
def validate_user_token(token):
if not ("user" in token and "id" in token["user"] and validate_uuid(token['user']['id'])):
return False
u = g.db.execute_one('''
SELECT id FROM "user" WHERE id = %s
''', [token['user']['id']])
if not u:
logger.warn('user not found')
return False
return True
def enrich_job_token(token):
if not ("job" in token and "id" in token["job"] and validate_uuid(token["job"]["id"])):
raise LookupError('invalid job id')
job_id = token["job"]["id"]
r = g.db.execute_one('''
SELECT state, project_id, name
FROM job
WHERE id = %s''', [job_id])
if not r:
raise LookupError('job not found')
token['job']['state'] = r[0]
token['job']['name'] = r[2]
token['project'] = {}
token['project']['id'] = r[1]
return token
def delete(self, project_id, cronjob_id):
'''
Delete a cronjob
'''
if not validate_uuid(cronjob_id):
abort(400, "Invalid cronjob uuid.")
num_cronjobs = g.db.execute_one("""
SELECT COUNT(*) FROM cronjob
WHERE project_id = %s and id = %s
""", [project_id, cronjob_id])[0]
if num_cronjobs == 0:
return abort(400, 'Cronjob does not exist.')
g.db.execute("""
DELETE FROM cronjob WHERE project_id = %s and id = %s
""", [project_id, cronjob_id])
g.db.commit()
return OK('Successfully deleted cronjob.')
def delete(self, project_id, sshkey_id):
'''
Delete a sshkey
'''
if not validate_uuid(sshkey_id):
abort(400, "Invalid sshkey uuid.")
num_sshkeys = g.db.execute_one(
"""
SELECT COUNT(*) FROM sshkey
WHERE project_id = %s and id = %s
""", [project_id, sshkey_id])[0]
if num_sshkeys == 0:
return abort(400, 'SSH Key does not exist.')
g.db.execute(
"""
DELETE FROM sshkey WHERE project_id = %s and id = %s
""", [project_id, sshkey_id])
g.db.commit()
return OK('Successfully deleted SSH Key.')
def delete(self, project_id, token_id):
'''
Delete a token
'''
if not validate_uuid(token_id):
abort(400, "Invalid project-token uuid.")
num_tokens = g.db.execute_one(
"""
SELECT COUNT(*) FROM auth_token
WHERE project_id = %s and id = %s
""", [project_id, token_id])[0]
if num_tokens == 0:
return abort(404, 'Such token does not exist.')
g.db.execute(
"""
DELETE FROM auth_token
WHERE project_id = %s and id = %s
""", [project_id, token_id])
g.db.commit()
return OK('Successfully deleted token.')
def get(self, parent_job_id):
job_id = g.token['job']['id']
if not validate_uuid(parent_job_id):
abort(400, "Invalid uuid")
filename = request.args.get('filename', None)
if not filename:
abort(400, "Invalid filename")
dependencies = g.db.execute_one(
'''
SELECT dependencies
FROM job
WHERE id = %s
''', [job_id])[0]
is_valid_dependency = False
for dep in dependencies:
if dep['job-id'] == parent_job_id:
is_valid_dependency = True
break
if not is_valid_dependency:
abort(404, "Job not found")
key = "%s/%s" % (parent_job_id, filename)
f = storage.download_output(key)
if f:
g.release_db()
return send_file(f)
c = g.db.execute_one_dict(
'''
SELECT *
FROM cluster
WHERE name= (
SELECT cluster_name
FROM job
where id = %s)
''', [parent_job_id])
g.release_db()
if c['name'] == os.environ['INFRABOX_CLUSTER_NAME']:
abort(404)
token = encode_job_token(job_id)
headers = {'Authorization': 'token ' + token}
url = '%s/api/job/output/%s?filename=%s' % (c['root_url'],
parent_job_id, filename)
try:
r = requests.get(url, headers=headers, timeout=120, verify=False)
if r.status_code != 200:
f = None
else:
f = BytesIO(r.content)
f.seek(0)
except:
f = None
if not f:
abort(404)
return send_file(f, attachment_filename=filename)
