Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
EOLE
Zéphir
Services
Server Manager
Commits
00976788
Commit
00976788
authored
Mar 19, 2019
by
Lionel Morin
Browse files
Merge branch 'acl' into 'develop'
Acl See merge request
!7
parents
5ba57f2c
4648da41
Pipeline
#319
failed with stage
in 0 seconds
Changes
9
Pipelines
1
Expand all
Hide whitespace changes
Inline
Side-by-side
Dockerfile
View file @
00976788
...
...
@@ -38,7 +38,7 @@ RUN git clone "${CONTAINERPILOT_REPO_URL}" "/tmp/orchestrate" \
# API messages description
ARG
MESSAGES_API_REPO_URL=https://gitlab.mim.ovh/EOLE/Zephir/messages-api.git
ARG
MESSAGES_API_REPO_REF=0.0.
5
-dev
ARG
MESSAGES_API_REPO_REF=0.0.
6
-dev
RUN
git clone
"
${
MESSAGES_API_REPO_URL
}
"
"/tmp/messages-api"
\
&&
cd
/tmp/messages-api
\
...
...
@@ -47,13 +47,12 @@ RUN git clone "${MESSAGES_API_REPO_URL}" "/tmp/messages-api" \
# Common python Zéphir library
ARG
PYTHON_ZEPHIR_REPO_URL=https://gitlab.mim.ovh/EOLE/Zephir/python-zephir.git
ARG
PYTHON_ZEPHIR_REPO_REF=0.0.
2
-dev
ARG
PYTHON_ZEPHIR_REPO_REF=0.0.
3
-dev
RUN
git clone
"
${
PYTHON_ZEPHIR_REPO_URL
}
"
"/tmp/python-zephir"
\
&&
cd
/tmp/python-zephir
\
&&
git checkout
"
${
PYTHON_ZEPHIR_REPO_REF
}
"
####
#### Target layer
####
...
...
@@ -64,7 +63,7 @@ MAINTAINER Pôle EOLE <eole@ac-dijon.fr>
# Packages required for working service
ENV
DEBIAN_FRONTEND=noninteractive
RUN
apt-get update
-y
&&
apt-get
install
-y
\
gnupg
\
gnupg
\
jq
\
locales
\
openssl
\
...
...
@@ -76,6 +75,7 @@ RUN apt-get update -y && apt-get install -y \
python3-psycopg2
\
python3-requests
\
python3-yaml
\
python3-pip
\
sqitch
\
tzdata
...
...
@@ -95,6 +95,9 @@ ENV LC_ALL fr_FR.UTF-8
RUN
ln
-fs
/usr/share/zoneinfo/Europe/Paris /etc/localtime
RUN
dpkg-reconfigure
--frontend
noninteractive tzdata
RUN
pip3
install
casbin
# Sqitch
RUN
sqitch config
--user
user.name
'Equipe EOLE'
\
&&
sqitch config
--user
user.email
'eole@ac-dijon.fr'
...
...
@@ -115,6 +118,7 @@ COPY --from=build /tmp/orchestrate/${services_conf_filename}.ctmpl ${services_co
# Install libraries required by service
COPY
--from=build /tmp/python-zephir/zephir /usr/lib/python3/dist-packages/zephir
COPY
--from=build /tmp/python-zephir/acl /etc/acl
COPY
--from=build /tmp/messages-api/messages /srv/messages
# Manage container with ContainerPilot
...
...
@@ -133,3 +137,4 @@ COPY src/python/server /usr/lib/python3/dist-packages/server
RUN
mkdir
-p
/srv/bin
COPY
scripts/* /srv/bin/
COPY
migrations /migrations
COPY
acl/* /etc/acl/
\ No newline at end of file
acl/model.conf
deleted
100644 → 0
View file @
5ba57f2c
[
request_definition
]
r
=
sub
,
obj
,
act
[
policy_definition
]
p
=
sub
,
obj
,
act
[
role_definition
]
g
=
_
,
_
[
policy_effect
]
e
=
some
(
where
(
p
.
eft
==
allow
))
[
matchers
]
m
=
g
(
r
.
sub
,
p
.
sub
) &&
r
.
obj
==
p
.
obj
&&
r
.
act
==
p
.
act
\ No newline at end of file
acl/policy.csv
View file @
00976788
p, admin, server/*, create
p, admin, server/*, describe
p, admin, server/*, delete
p, admin, server/*, update
p, admin, v1.server.create, allowed
p, admin, v1.server.update, allowed
p, admin, v1.server.delete, allowed
p, user, server/*, describe
p, admin, v1.serverselection.create, allowed
p, admin, v1.serverselection.update, allowed
p, admin, v1.serverselection.delete, allowed
p, admin, v1.serverselection.server.add, allowed
p, admin, v1.serverselection.server.remove, allowed
p, admin, v1.serverselection.user.add, allowed
p, admin, v1.serverselection.user.remove, allowed
p, admin, v1.serverselection.user.update, allowed
p, manager, v1.server.exec.deploy, allowed
p, manager, v1.server.exec.command, allowed
p, manager, v1.server.peering-conf.get, allowed
p, manager, v1.server.exec.list, allowed
p, manager, v1.server.exec.describe, allowed
p, manager, v1.serverselection.exec.deploy, allowed
p, manager, v1.serverselection.exec.command, allowed
p, viewer, v1.server.list, allowed
p, viewer, v1.server.describe, allowed
p, viewer, v1.server.config.get, allowed
p, viewer, v1.serverselection.list, allowed
p, viewer, v1.serverselection.describe, allowed
g, owner, admin
g, admin, manager
g, manager, viewer
migrations/deploy/server_schema.sql
View file @
00976788
...
...
@@ -21,7 +21,7 @@ CREATE TABLE ServerSelection (
ServerSelectionId
SERIAL
PRIMARY
KEY
,
ServerSelectionName
VARCHAR
(
255
)
NOT
NULL
,
ServerSelectionDescription
VARCHAR
(
255
)
NOT
NULL
,
ServerSelectionServersId
INTEGER
[],
ServerSelectionServersId
INTEGER
[]
DEFAULT
'{}'
,
ServerSelectionUsers
hstore
,
Dynamique
BOOLEAN
NOT
NULL
,
Requete
VARCHAR
(
255
)
...
...
scripts/controller
View file @
00976788
This diff is collapsed.
Click to expand it.
src/python/server/server/lib.py
View file @
00976788
...
...
@@ -31,12 +31,12 @@ class Server():
"""
return
list_all_servers
(
cursor
)
def
describe_server
(
self
,
cursor
,
serverid
):
def
describe_server
(
self
,
cursor
,
serverid
,
environment
):
"""Get server information asynchronously from database
:param `int` serverid: server identifier
"""
return
fetch_server_dict
(
cursor
,
serverid
)
return
fetch_server_dict
(
cursor
,
serverid
,
environment
)
def
create_server
(
self
,
cursor
,
servername
,
serverdescription
,
servermodelid
):
"""Creates a server in database
...
...
src/python/server/server/query.py
View file @
00976788
...
...
@@ -10,6 +10,14 @@ FETCH_ALL_SERVERS = '''
FROM server
'''
"""
Fetch one server based on its ID
"""
FETCH_SERVER_ENV
=
'''
SELECT serverid, servername, serverdescription, servermodelid, zoneid, machineid, automation, serverenvironment, lastpeerconnection
FROM server
WHERE serverid = %s
'''
"""
Fetch one server based on its ID
"""
...
...
@@ -150,11 +158,14 @@ def list_all_servers(cursor):
return
ret
def
fetch_server_dict
(
cursor
,
serverid
:
int
):
server
=
fetchone
(
cursor
,
FETCH_SERVER
,
(
serverid
,),
raises
=
False
)
def
fetch_server_dict
(
cursor
,
serverid
:
int
,
environment
:
bool
):
if
environment
:
server
=
fetchone
(
cursor
,
FETCH_SERVER_ENV
,
(
serverid
,),
raises
=
False
)
else
:
server
=
fetchone
(
cursor
,
FETCH_SERVER
,
(
serverid
,),
raises
=
False
)
if
server
is
None
:
raise
ServerErrorUnknownServerId
(
_
(
'Unable to find a server with ID {}'
).
format
(
serverid
))
return
server_row_to_dict
(
server
,
serverenvironment
=
True
)
return
server_row_to_dict
(
server
,
serverenvironment
=
environment
)
def
fetch_server
(
cursor
,
serverid
:
int
):
...
...
src/python/server/serverselection/lib.py
View file @
00976788
...
...
@@ -36,38 +36,38 @@ class ServerSelection():
"""
return
fetch_serverselection_dict
(
cursor
,
serverselectionid
)
def
list_user_serverselections
(
self
,
cursor
,
ser
verselectionuser
):
def
list_user_serverselections
(
self
,
cursor
,
u
ser
name
):
"""Get serverselections of a user
:param str ser
verselectionuser
: user name to be add to the serverselection
:param str
u
ser
name
: user name to be add to the serverselection
"""
return
fetch_all_user_serverselections
(
cursor
,
ser
verselectionuser
)
return
fetch_all_user_serverselections
(
cursor
,
u
ser
name
)
def
list_user_servers
(
self
,
cursor
,
ser
verselectionuser
):
def
list_user_servers
(
self
,
cursor
,
u
ser
name
):
"""Get serverselections of a user
:param str ser
verselectionuser
: user name to be add to the serverselection
:param str
u
ser
name
: user name to be add to the serverselection
"""
return
fetch_all_user_servers
(
cursor
,
ser
verselectionuser
)
return
fetch_all_user_servers
(
cursor
,
u
ser
name
)
def
default_user_serverselection
(
self
,
cursor
,
ser
verselectionuser
):
def
default_user_serverselection
(
self
,
cursor
,
u
ser
name
):
"""Get the default serverselection of a user
:param str ser
verselectionuser
: user name to be add to the serverselection
:param str
u
ser
name
: user name to be add to the serverselection
"""
return
fetch_default_user_serverselection
(
cursor
,
ser
verselectionuser
)
return
fetch_default_user_serverselection
(
cursor
,
u
ser
name
)
def
create_serverselection
(
self
,
cursor
,
serverselectionname
,
serverselectiondescription
,
ser
verselectionuser
):
def
create_serverselection
(
self
,
cursor
,
serverselectionname
,
serverselectiondescription
,
u
ser
name
):
"""Creates a serverselection in database
:param str serverselectionname: serverselection name
:param str serverselectiondescription: servermodel identifier
:param str ser
verselectionuser
: user name to be add to the serverselection
:param str ser
verselectionuser
role: user role to be add to the serverselection
:param str
u
ser
name
: user name to be add to the serverselection
:param str
u
ser
name
role: user role to be add to the serverselection
:return: newly created serverselection identifier
:rtype: int
"""
return
insert_serverselection
(
cursor
,
serverselectionname
,
serverselectiondescription
,
ser
verselectionuser
)
return
insert_serverselection
(
cursor
,
serverselectionname
,
serverselectiondescription
,
u
ser
name
)
def
update_serverselection
(
self
,
cursor
,
serverselectionid
,
serverselectionname
,
serverselectiondescription
,
dynamique
,
requete
):
"""Updates a serverselection in database
...
...
@@ -92,28 +92,28 @@ class ServerSelection():
def
erase_serverselection
(
self
,
cursor
):
erase_serverselection
(
cursor
)
def
add_server_to_selection
(
self
,
cursor
,
server
selectionservers
id
,
serverselectionid
):
def
add_server_to_selection
(
self
,
cursor
,
serverid
,
serverselectionid
):
"""Add a server to a serverselection in database
:param int server
selectionservers
id: server identifier
:param int serverid: server identifier
:param int serverselectionid: serverselection identifier
:return bool: True for addition success, False either
"""
return
add_server_to_serverselection
(
cursor
,
server
selectionservers
id
,
serverselectionid
)
return
add_server_to_serverselection
(
cursor
,
serverid
,
serverselectionid
)
def
remove_server_from_selection
(
self
,
cursor
,
server
selectionservers
id
,
serverselectionid
):
def
remove_server_from_selection
(
self
,
cursor
,
serverid
,
serverselectionid
):
"""Remove a server from a serverselection in database
:param int server
selectionservers
id: server identifier
:param int serverid: server identifier
:param int serverselectionid: serverselection identifier
:return bool: True for addition success, False either
"""
return
remove_server_from_serverselection
(
cursor
,
server
selectionservers
id
,
serverselectionid
)
return
remove_server_from_serverselection
(
cursor
,
serverid
,
serverselectionid
)
def
add_user_to_serverselection
(
self
,
cursor
,
serverselectionid
,
username
,
role
):
"""Add a user to a serverselection
:param int server
selectionservers
id: server identifier
:param int serverid: server identifier
:param str username: user name to be add to the serverseleciton
:param str role: user role to be add to the serverseleciton
:return bool: True for addition success, False either
...
...
@@ -123,7 +123,7 @@ class ServerSelection():
def
remove_user_from_serverselection
(
self
,
cursor
,
serverselectionid
,
username
):
"""Remove a user from a serverselection
:param int server
selectionservers
id: server identifier
:param int serverid: server identifier
:param int serverselectionid: serverselection identifier
:param str username: user name to be add to the serverseleciton
:return bool: True for addition success, False either
...
...
@@ -133,7 +133,7 @@ class ServerSelection():
def
update_user_to_serverselection
(
self
,
cursor
,
serverselectionid
,
username
,
role
):
"""Update a user from a serverselection
:param int server
selectionservers
id: server identifier
:param int serverid: server identifier
:param str username: user name to be add to the serverseleciton
:param str role: user role to be add to the serverseleciton
:return bool: True for addition success, False either
...
...
@@ -143,7 +143,7 @@ class ServerSelection():
def
get_serverselection_user_role
(
self
,
cursor
,
serverselectionid
,
username
):
"""Update a user from a serverselection
:param int server
selectionservers
id: server identifier
:param int serverid: server identifier
:param str username: user name to be add to the serverseleciton
:param str role: user role to be add to the serverseleciton
:return bool: True for addition success, False either
...
...
@@ -153,7 +153,7 @@ class ServerSelection():
def
get_serverselection_user_server_role
(
self
,
cursor
,
serverid
,
username
):
"""Update a user from a serverselection
:param int server
selectionservers
id: server identifier
:param int serverid: server identifier
:param str username: user name to be add to the serverseleciton
:param str role: user role to be add to the serverseleciton
:return bool: True for addition success, False either
...
...
src/python/server/serverselection/query.py
View file @
00976788
...
...
@@ -28,7 +28,7 @@ FETCH_ALL_USER_SERVERSELECTIONS = '''
FROM serverselection
WHERE exist(serverselectionusers, %s)
'''
"""
Fetch the default serverselection of a user
"""
...
...
@@ -77,6 +77,7 @@ SERVERSELECTION_ADD_SERVER = '''
UPDATE serverselection
SET serverselectionserversid = array_append(serverselectionserversid, %s)
WHERE serverselectionid = %s
AND NOT (%s = ANY (serverselectionserversid))
RETURNING *
'''
...
...
@@ -91,7 +92,7 @@ SERVERSELECTION_REMOVE_SERVER = '''
'''
"""
Add User and Role to serverselection
Add User and Role to serverselection
"""
SERVERSELECTION_ADD_USER
=
'''
UPDATE serverselection
...
...
@@ -101,7 +102,7 @@ SERVERSELECTION_ADD_USER = '''
'''
"""
Remove User from serverselection
Remove User from serverselection
"""
SERVERSELECTION_REMOVE_USER
=
'''
UPDATE serverselection
...
...
@@ -111,7 +112,7 @@ SERVERSELECTION_REMOVE_USER = '''
'''
"""
Update User's Role from serverselection
Update User's Role from serverselection
"""
SERVERSELECTION_UPDATE_USER
=
'''
UPDATE serverselection
...
...
@@ -128,7 +129,7 @@ SERVERSELECTION_USER_SERVER_LIST = '''
FROM (
SELECT DISTINCT unnest(serverselectionserversid)
FROM serverselection
WHERE exist(serverselectionusers, %s))
WHERE exist(serverselectionusers, %s))
AS dt(c)
'''
...
...
@@ -139,6 +140,7 @@ FETCH_ROLE_USER_SERVERSELECTION = '''
SELECT serverselectionid, serverselectionusers->%s AS role
FROM serverselection
WHERE serverselectionid = %s
AND serverselectionusers->%s IS NOT NULL
'''
"""
...
...
@@ -148,6 +150,7 @@ FETCH_ROLE_USER_SERVER_SERVERSELECTION = '''
SELECT serverselectionid, serverselectionusers->%s AS role
FROM serverselection
WHERE %s = ANY(serverselectionserversid)
AND serverselectionusers->%s IS NOT NULL
'''
"""
...
...
@@ -170,7 +173,7 @@ def serverselection_row_to_dict(serverselection):
try
:
serverselection_obj
=
{
'serverselectionid'
:
serverselection
[
'serverselectionid'
],
'serverselectionname'
:
serverselection
[
'serverselectionname'
],
'serverselectiondescription'
:
serverselection
[
'serverselectiondescription'
]}
'serverselectiondescription'
:
serverselection
[
'serverselectiondescription'
]}
if
serverselection
[
'serverselectionserversid'
]
is
not
None
:
serverselection_obj
[
'serverselectionserversid'
]
=
serverselection
[
'serverselectionserversid'
]
if
serverselection
[
'serverselectionusers'
]
is
not
None
:
...
...
@@ -180,32 +183,32 @@ def serverselection_row_to_dict(serverselection):
if
serverselection
[
'requete'
]
is
not
None
:
serverselection_obj
[
'requete'
]
=
serverselection
[
'requete'
]
except
KeyError
:
serverselection_obj
=
{}
raise
(
ServerSelectionEmptyRecordDatabaseError
(
'No ServerSelection found'
))
serverselection_obj
=
{}
raise
(
ServerSelectionEmptyRecordDatabaseError
(
'No ServerSelection found'
))
return
serverselection_obj
def
serverselection_serversid_dict
(
serverselection
):
serverselection_obj
=
{}
if
serverselection
[
'serverselectionserversid'
]
is
not
None
:
serverselection_obj
[
'serverselectionserversid'
]
=
serverselection
[
'serverselectionserversid'
]
def
serverselection_serversid_dict
(
serverselection
):
serverselection_obj
=
{}
if
serverselection
[
'serverselectionserversid'
]
is
not
None
:
serverselection_obj
[
'serverselectionserversid'
]
=
serverselection
[
'serverselectionserversid'
]
return
serverselection_obj
def
serverselection_role_dict
(
serverselection
,
serverselectionuser
):
def
serverselection_role_dict
(
serverselection
,
serverselectionuser
):
try
:
serverselection_obj
=
{
'serverselectionid'
:
serverselection
[
'serverselectionid'
],
'username'
:
serverselectionuser
}
'username'
:
serverselectionuser
}
if
serverselection
[
'role'
]
is
not
None
:
serverselection_obj
[
'role'
]
=
serverselection
[
'role'
]
except
KeyError
:
serverselection_obj
=
{}
raise
(
ServerSelectionEmptyRecordDatabaseError
(
'No ServerSelection found'
))
serverselection_obj
=
{}
raise
(
ServerSelectionEmptyRecordDatabaseError
(
'No ServerSelection found'
))
return
serverselection_obj
def
fetch_serverselection_user_role
(
cursor
,
serverselectionuser
,
serverselectionid
):
return
serverselection_role_dict
(
fetchone
(
cursor
,
FETCH_ROLE_USER_SERVERSELECTION
,
(
serverselectionuser
,
serverselectionid
),
raises
=
True
),
serverselectionuser
)
return
serverselection_role_dict
(
fetchone
(
cursor
,
FETCH_ROLE_USER_SERVERSELECTION
,
(
serverselectionuser
,
serverselectionid
,
serverselectionuser
),
raises
=
True
),
serverselectionuser
)
def
fetch_serverselection_user_server_role
(
cursor
,
serverselectionuser
,
serverid
):
cursor
.
execute
(
FETCH_ROLE_USER_SERVER_SERVERSELECTION
,
(
serverselectionuser
,
serverid
))
cursor
.
execute
(
FETCH_ROLE_USER_SERVER_SERVERSELECTION
,
(
serverselectionuser
,
serverid
,
serverselectionuser
))
ret
=
[]
for
serverselection
in
cursor
.
fetchall
():
ret
.
append
(
serverselection_role_dict
(
serverselection
,
serverselectionuser
))
...
...
@@ -214,13 +217,13 @@ def fetch_serverselection_user_server_role(cursor, serverselectionuser, serverid
def
list_all_serverselections
(
cursor
):
cursor
.
execute
(
FETCH_ALL_SERVERSELECTIONS
)
ret
=
[]
for
serverselection
in
cursor
.
fetchall
():
for
serverselection
in
cursor
.
fetchall
():
ret
.
append
(
serverselection_row_to_dict
(
serverselection
))
return
ret
def
fetch_serverselection_dict
(
cursor
,
serverselectionid
):
def
fetch_serverselection_dict
(
cursor
,
serverselectionid
):
return
serverselection_row_to_dict
(
fetchone
(
cursor
,
FETCH_SERVERSELECTION
,
(
serverselectionid
,),
raises
=
True
))
def
fetch_serverselection
(
cursor
,
serverselectionid
):
fetched
=
fetchone
(
cursor
,
FETCH_SERVERSELECTION
,
(
serverselectionid
,))
if
fetched
is
None
:
...
...
@@ -244,9 +247,9 @@ def fetch_default_user_serverselection(cursor, serverselectionuser):
def
fetch_all_user_servers
(
cursor
,
serverselectionuser
):
return
serverselection_serversid_dict
(
fetchone
(
cursor
,
SERVERSELECTION_USER_SERVER_LIST
,
(
serverselectionuser
,),
raises
=
True
))
def
insert_serverselection
(
cursor
,
serverselectionname
,
serverselectiondescription
,
serverselectionuser
):
def
insert_serverselection
(
cursor
,
serverselectionname
,
serverselectiondescription
,
serverselectionuser
):
serverselectionuserrolehstore
=
serverselectionuser
+
'=>"owner"'
return
serverselection_row_to_dict
(
fetchone
(
cursor
,
SERVERSELECTION_INSERT
,
(
serverselectionname
,
serverselectiondescription
,
serverselectionuserrolehstore
),
raises
=
True
))
...
...
@@ -257,7 +260,7 @@ def delete_serverselection(cursor, serverselectionid):
return
serverselection_row_to_dict
(
fetchone
(
cursor
,
SERVERSELECTION_DELETE
,
(
serverselectionid
,),
raises
=
True
))
def
add_server_to_serverselection
(
cursor
,
serverselectionserversid
,
serverselectionid
):
return
serverselection_row_to_dict
(
fetchone
(
cursor
,
SERVERSELECTION_ADD_SERVER
,
(
serverselectionserversid
,
serverselectionid
),
raises
=
True
))
return
serverselection_row_to_dict
(
fetchone
(
cursor
,
SERVERSELECTION_ADD_SERVER
,
(
serverselectionserversid
,
serverselectionid
,
serverselectionserversid
),
raises
=
True
))
def
remove_server_from_serverselection
(
cursor
,
serverselectionserversid
,
serverselectionid
):
return
serverselection_row_to_dict
(
fetchone
(
cursor
,
SERVERSELECTION_REMOVE_SERVER
,
(
serverselectionserversid
,
serverselectionid
),
raises
=
True
))
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment