Commit 4648da41 authored by Matthieu Lamalle's avatar Matthieu Lamalle Committed by Lionel Morin

Acl

parent 5ba57f2c
......@@ -38,7 +38,7 @@ RUN git clone "${CONTAINERPILOT_REPO_URL}" "/tmp/orchestrate" \
# API messages description
ARG MESSAGES_API_REPO_URL=https://gitlab.mim.ovh/EOLE/Zephir/messages-api.git
ARG MESSAGES_API_REPO_REF=0.0.5-dev
ARG MESSAGES_API_REPO_REF=0.0.6-dev
RUN git clone "${MESSAGES_API_REPO_URL}" "/tmp/messages-api" \
&& cd /tmp/messages-api \
......@@ -47,13 +47,12 @@ RUN git clone "${MESSAGES_API_REPO_URL}" "/tmp/messages-api" \
# Common python Zéphir library
ARG PYTHON_ZEPHIR_REPO_URL=https://gitlab.mim.ovh/EOLE/Zephir/python-zephir.git
ARG PYTHON_ZEPHIR_REPO_REF=0.0.2-dev
ARG PYTHON_ZEPHIR_REPO_REF=0.0.3-dev
RUN git clone "${PYTHON_ZEPHIR_REPO_URL}" "/tmp/python-zephir" \
&& cd /tmp/python-zephir \
&& git checkout "${PYTHON_ZEPHIR_REPO_REF}"
####
#### Target layer
####
......@@ -64,7 +63,7 @@ MAINTAINER Pôle EOLE <eole@ac-dijon.fr>
# Packages required for working service
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update -y && apt-get install -y \
gnupg \
gnupg \
jq \
locales \
openssl \
......@@ -76,6 +75,7 @@ RUN apt-get update -y && apt-get install -y \
python3-psycopg2 \
python3-requests \
python3-yaml \
python3-pip \
sqitch \
tzdata
......@@ -95,6 +95,9 @@ ENV LC_ALL fr_FR.UTF-8
RUN ln -fs /usr/share/zoneinfo/Europe/Paris /etc/localtime
RUN dpkg-reconfigure --frontend noninteractive tzdata
RUN pip3 install casbin
# Sqitch
RUN sqitch config --user user.name 'Equipe EOLE'\
&& sqitch config --user user.email 'eole@ac-dijon.fr'
......@@ -115,6 +118,7 @@ COPY --from=build /tmp/orchestrate/${services_conf_filename}.ctmpl ${services_co
# Install libraries required by service
COPY --from=build /tmp/python-zephir/zephir /usr/lib/python3/dist-packages/zephir
COPY --from=build /tmp/python-zephir/acl /etc/acl
COPY --from=build /tmp/messages-api/messages /srv/messages
# Manage container with ContainerPilot
......@@ -133,3 +137,4 @@ COPY src/python/server /usr/lib/python3/dist-packages/server
RUN mkdir -p /srv/bin
COPY scripts/* /srv/bin/
COPY migrations /migrations
COPY acl/* /etc/acl/
\ No newline at end of file
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[role_definition]
g = _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
\ No newline at end of file
p, admin, server/*, create
p, admin, server/*, describe
p, admin, server/*, delete
p, admin, server/*, update
p, admin, v1.server.create, allowed
p, admin, v1.server.update, allowed
p, admin, v1.server.delete, allowed
p, user, server/*, describe
p, admin, v1.serverselection.create, allowed
p, admin, v1.serverselection.update, allowed
p, admin, v1.serverselection.delete, allowed
p, admin, v1.serverselection.server.add, allowed
p, admin, v1.serverselection.server.remove, allowed
p, admin, v1.serverselection.user.add, allowed
p, admin, v1.serverselection.user.remove, allowed
p, admin, v1.serverselection.user.update, allowed
p, manager, v1.server.exec.deploy, allowed
p, manager, v1.server.exec.command, allowed
p, manager, v1.server.peering-conf.get, allowed
p, manager, v1.server.exec.list, allowed
p, manager, v1.server.exec.describe, allowed
p, manager, v1.serverselection.exec.deploy, allowed
p, manager, v1.serverselection.exec.command, allowed
p, viewer, v1.server.list, allowed
p, viewer, v1.server.describe, allowed
p, viewer, v1.server.config.get, allowed
p, viewer, v1.serverselection.list, allowed
p, viewer, v1.serverselection.describe, allowed
g, owner, admin
g, admin, manager
g, manager, viewer
......@@ -21,7 +21,7 @@ CREATE TABLE ServerSelection (
ServerSelectionId SERIAL PRIMARY KEY,
ServerSelectionName VARCHAR(255) NOT NULL,
ServerSelectionDescription VARCHAR(255) NOT NULL,
ServerSelectionServersId INTEGER [],
ServerSelectionServersId INTEGER [] DEFAULT '{}',
ServerSelectionUsers hstore,
Dynamique BOOLEAN NOT NULL,
Requete VARCHAR(255)
......
This diff is collapsed.
......@@ -31,12 +31,12 @@ class Server():
"""
return list_all_servers(cursor)
def describe_server(self, cursor, serverid):
def describe_server(self, cursor, serverid, environment):
"""Get server information asynchronously from database
:param `int` serverid: server identifier
"""
return fetch_server_dict(cursor, serverid)
return fetch_server_dict(cursor, serverid, environment)
def create_server(self, cursor, servername, serverdescription, servermodelid):
"""Creates a server in database
......
......@@ -10,6 +10,14 @@ FETCH_ALL_SERVERS = '''
FROM server
'''
"""
Fetch one server based on its ID
"""
FETCH_SERVER_ENV = '''
SELECT serverid, servername, serverdescription, servermodelid, zoneid, machineid, automation, serverenvironment, lastpeerconnection
FROM server
WHERE serverid = %s
'''
"""
Fetch one server based on its ID
"""
......@@ -150,11 +158,14 @@ def list_all_servers(cursor):
return ret
def fetch_server_dict(cursor, serverid: int):
server = fetchone(cursor, FETCH_SERVER, (serverid,), raises=False)
def fetch_server_dict(cursor, serverid: int, environment: bool):
if environment:
server = fetchone(cursor, FETCH_SERVER_ENV, (serverid,), raises=False)
else:
server = fetchone(cursor, FETCH_SERVER, (serverid,), raises=False)
if server is None:
raise ServerErrorUnknownServerId(_('Unable to find a server with ID {}').format(serverid))
return server_row_to_dict(server, serverenvironment=True)
return server_row_to_dict(server, serverenvironment=environment)
def fetch_server(cursor, serverid: int):
......
......@@ -36,38 +36,38 @@ class ServerSelection():
"""
return fetch_serverselection_dict(cursor, serverselectionid)
def list_user_serverselections(self, cursor, serverselectionuser):
def list_user_serverselections(self, cursor, username):
"""Get serverselections of a user
:param str serverselectionuser: user name to be add to the serverselection
:param str username: user name to be add to the serverselection
"""
return fetch_all_user_serverselections(cursor, serverselectionuser)
return fetch_all_user_serverselections(cursor, username)
def list_user_servers(self, cursor, serverselectionuser):
def list_user_servers(self, cursor, username):
"""Get serverselections of a user
:param str serverselectionuser: user name to be add to the serverselection
:param str username: user name to be add to the serverselection
"""
return fetch_all_user_servers(cursor, serverselectionuser)
return fetch_all_user_servers(cursor, username)
def default_user_serverselection(self, cursor, serverselectionuser):
def default_user_serverselection(self, cursor, username):
"""Get the default serverselection of a user
:param str serverselectionuser: user name to be add to the serverselection
:param str username: user name to be add to the serverselection
"""
return fetch_default_user_serverselection(cursor, serverselectionuser)
return fetch_default_user_serverselection(cursor, username)
def create_serverselection(self, cursor, serverselectionname, serverselectiondescription, serverselectionuser):
def create_serverselection(self, cursor, serverselectionname, serverselectiondescription, username):
"""Creates a serverselection in database
:param str serverselectionname: serverselection name
:param str serverselectiondescription: servermodel identifier
:param str serverselectionuser: user name to be add to the serverselection
:param str serverselectionuserrole: user role to be add to the serverselection
:param str username: user name to be add to the serverselection
:param str usernamerole: user role to be add to the serverselection
:return: newly created serverselection identifier
:rtype: int
"""
return insert_serverselection(cursor, serverselectionname, serverselectiondescription, serverselectionuser)
return insert_serverselection(cursor, serverselectionname, serverselectiondescription, username)
def update_serverselection(self, cursor, serverselectionid, serverselectionname, serverselectiondescription, dynamique, requete):
"""Updates a serverselection in database
......@@ -92,28 +92,28 @@ class ServerSelection():
def erase_serverselection(self, cursor):
erase_serverselection(cursor)
def add_server_to_selection(self, cursor, serverselectionserversid, serverselectionid):
def add_server_to_selection(self, cursor, serverid, serverselectionid):
"""Add a server to a serverselection in database
:param int serverselectionserversid: server identifier
:param int serverid: server identifier
:param int serverselectionid: serverselection identifier
:return bool: True for addition success, False either
"""
return add_server_to_serverselection(cursor, serverselectionserversid, serverselectionid)
return add_server_to_serverselection(cursor, serverid, serverselectionid)
def remove_server_from_selection(self, cursor, serverselectionserversid, serverselectionid):
def remove_server_from_selection(self, cursor, serverid, serverselectionid):
"""Remove a server from a serverselection in database
:param int serverselectionserversid: server identifier
:param int serverid: server identifier
:param int serverselectionid: serverselection identifier
:return bool: True for addition success, False either
"""
return remove_server_from_serverselection(cursor, serverselectionserversid, serverselectionid)
return remove_server_from_serverselection(cursor, serverid, serverselectionid)
def add_user_to_serverselection(self, cursor, serverselectionid, username, role):
"""Add a user to a serverselection
:param int serverselectionserversid: server identifier
:param int serverid: server identifier
:param str username: user name to be add to the serverseleciton
:param str role: user role to be add to the serverseleciton
:return bool: True for addition success, False either
......@@ -123,7 +123,7 @@ class ServerSelection():
def remove_user_from_serverselection(self, cursor, serverselectionid, username):
"""Remove a user from a serverselection
:param int serverselectionserversid: server identifier
:param int serverid: server identifier
:param int serverselectionid: serverselection identifier
:param str username: user name to be add to the serverseleciton
:return bool: True for addition success, False either
......@@ -133,7 +133,7 @@ class ServerSelection():
def update_user_to_serverselection(self, cursor, serverselectionid, username, role):
"""Update a user from a serverselection
:param int serverselectionserversid: server identifier
:param int serverid: server identifier
:param str username: user name to be add to the serverseleciton
:param str role: user role to be add to the serverseleciton
:return bool: True for addition success, False either
......@@ -143,7 +143,7 @@ class ServerSelection():
def get_serverselection_user_role(self, cursor, serverselectionid, username):
"""Update a user from a serverselection
:param int serverselectionserversid: server identifier
:param int serverid: server identifier
:param str username: user name to be add to the serverseleciton
:param str role: user role to be add to the serverseleciton
:return bool: True for addition success, False either
......@@ -153,7 +153,7 @@ class ServerSelection():
def get_serverselection_user_server_role(self, cursor, serverid, username):
"""Update a user from a serverselection
:param int serverselectionserversid: server identifier
:param int serverid: server identifier
:param str username: user name to be add to the serverseleciton
:param str role: user role to be add to the serverseleciton
:return bool: True for addition success, False either
......
......@@ -28,7 +28,7 @@ FETCH_ALL_USER_SERVERSELECTIONS = '''
FROM serverselection
WHERE exist(serverselectionusers, %s)
'''
"""
Fetch the default serverselection of a user
"""
......@@ -77,6 +77,7 @@ SERVERSELECTION_ADD_SERVER = '''
UPDATE serverselection
SET serverselectionserversid = array_append(serverselectionserversid, %s)
WHERE serverselectionid = %s
AND NOT (%s = ANY (serverselectionserversid))
RETURNING *
'''
......@@ -91,7 +92,7 @@ SERVERSELECTION_REMOVE_SERVER = '''
'''
"""
Add User and Role to serverselection
Add User and Role to serverselection
"""
SERVERSELECTION_ADD_USER = '''
UPDATE serverselection
......@@ -101,7 +102,7 @@ SERVERSELECTION_ADD_USER = '''
'''
"""
Remove User from serverselection
Remove User from serverselection
"""
SERVERSELECTION_REMOVE_USER = '''
UPDATE serverselection
......@@ -111,7 +112,7 @@ SERVERSELECTION_REMOVE_USER = '''
'''
"""
Update User's Role from serverselection
Update User's Role from serverselection
"""
SERVERSELECTION_UPDATE_USER = '''
UPDATE serverselection
......@@ -128,7 +129,7 @@ SERVERSELECTION_USER_SERVER_LIST = '''
FROM (
SELECT DISTINCT unnest(serverselectionserversid)
FROM serverselection
WHERE exist(serverselectionusers, %s))
WHERE exist(serverselectionusers, %s))
AS dt(c)
'''
......@@ -139,6 +140,7 @@ FETCH_ROLE_USER_SERVERSELECTION = '''
SELECT serverselectionid, serverselectionusers->%s AS role
FROM serverselection
WHERE serverselectionid = %s
AND serverselectionusers->%s IS NOT NULL
'''
"""
......@@ -148,6 +150,7 @@ FETCH_ROLE_USER_SERVER_SERVERSELECTION = '''
SELECT serverselectionid, serverselectionusers->%s AS role
FROM serverselection
WHERE %s = ANY(serverselectionserversid)
AND serverselectionusers->%s IS NOT NULL
'''
"""
......@@ -170,7 +173,7 @@ def serverselection_row_to_dict(serverselection):
try:
serverselection_obj = {'serverselectionid': serverselection['serverselectionid'],
'serverselectionname': serverselection['serverselectionname'],
'serverselectiondescription': serverselection['serverselectiondescription']}
'serverselectiondescription': serverselection['serverselectiondescription']}
if serverselection['serverselectionserversid'] is not None:
serverselection_obj['serverselectionserversid'] = serverselection['serverselectionserversid']
if serverselection['serverselectionusers'] is not None:
......@@ -180,32 +183,32 @@ def serverselection_row_to_dict(serverselection):
if serverselection['requete'] is not None:
serverselection_obj['requete'] = serverselection['requete']
except KeyError:
serverselection_obj = {}
raise(ServerSelectionEmptyRecordDatabaseError('No ServerSelection found'))
serverselection_obj = {}
raise(ServerSelectionEmptyRecordDatabaseError('No ServerSelection found'))
return serverselection_obj
def serverselection_serversid_dict(serverselection):
serverselection_obj = {}
if serverselection['serverselectionserversid'] is not None:
serverselection_obj['serverselectionserversid'] = serverselection['serverselectionserversid']
def serverselection_serversid_dict(serverselection):
serverselection_obj = {}
if serverselection['serverselectionserversid'] is not None:
serverselection_obj['serverselectionserversid'] = serverselection['serverselectionserversid']
return serverselection_obj
def serverselection_role_dict(serverselection, serverselectionuser):
def serverselection_role_dict(serverselection, serverselectionuser):
try:
serverselection_obj = {'serverselectionid': serverselection['serverselectionid'],
'username': serverselectionuser}
'username': serverselectionuser}
if serverselection['role'] is not None:
serverselection_obj['role'] = serverselection['role']
except KeyError:
serverselection_obj = {}
raise(ServerSelectionEmptyRecordDatabaseError('No ServerSelection found'))
serverselection_obj = {}
raise(ServerSelectionEmptyRecordDatabaseError('No ServerSelection found'))
return serverselection_obj
def fetch_serverselection_user_role(cursor, serverselectionuser, serverselectionid):
return serverselection_role_dict(fetchone(cursor, FETCH_ROLE_USER_SERVERSELECTION, (serverselectionuser, serverselectionid), raises=True), serverselectionuser)
return serverselection_role_dict(fetchone(cursor, FETCH_ROLE_USER_SERVERSELECTION, (serverselectionuser, serverselectionid, serverselectionuser), raises=True), serverselectionuser)
def fetch_serverselection_user_server_role(cursor, serverselectionuser, serverid):
cursor.execute(FETCH_ROLE_USER_SERVER_SERVERSELECTION, (serverselectionuser, serverid))
cursor.execute(FETCH_ROLE_USER_SERVER_SERVERSELECTION, (serverselectionuser, serverid, serverselectionuser))
ret = []
for serverselection in cursor.fetchall():
ret.append(serverselection_role_dict(serverselection, serverselectionuser))
......@@ -214,13 +217,13 @@ def fetch_serverselection_user_server_role(cursor, serverselectionuser, serverid
def list_all_serverselections(cursor):
cursor.execute(FETCH_ALL_SERVERSELECTIONS)
ret = []
for serverselection in cursor.fetchall():
for serverselection in cursor.fetchall():
ret.append(serverselection_row_to_dict(serverselection))
return ret
def fetch_serverselection_dict(cursor, serverselectionid):
def fetch_serverselection_dict(cursor, serverselectionid):
return serverselection_row_to_dict(fetchone(cursor, FETCH_SERVERSELECTION, (serverselectionid,), raises=True))
def fetch_serverselection(cursor, serverselectionid):
fetched = fetchone(cursor, FETCH_SERVERSELECTION, (serverselectionid,))
if fetched is None:
......@@ -244,9 +247,9 @@ def fetch_default_user_serverselection(cursor, serverselectionuser):
def fetch_all_user_servers(cursor, serverselectionuser):
return serverselection_serversid_dict(fetchone(cursor, SERVERSELECTION_USER_SERVER_LIST, (serverselectionuser,), raises=True))
def insert_serverselection(cursor, serverselectionname, serverselectiondescription, serverselectionuser):
def insert_serverselection(cursor, serverselectionname, serverselectiondescription, serverselectionuser):
serverselectionuserrolehstore = serverselectionuser + '=>"owner"'
return serverselection_row_to_dict(fetchone(cursor, SERVERSELECTION_INSERT, (serverselectionname, serverselectiondescription, serverselectionuserrolehstore), raises=True))
......@@ -257,7 +260,7 @@ def delete_serverselection(cursor, serverselectionid):
return serverselection_row_to_dict(fetchone(cursor, SERVERSELECTION_DELETE, (serverselectionid,), raises=True))
def add_server_to_serverselection(cursor, serverselectionserversid, serverselectionid):
return serverselection_row_to_dict(fetchone(cursor, SERVERSELECTION_ADD_SERVER, (serverselectionserversid, serverselectionid), raises=True))
return serverselection_row_to_dict(fetchone(cursor, SERVERSELECTION_ADD_SERVER, (serverselectionserversid, serverselectionid, serverselectionserversid), raises=True))
def remove_server_from_serverselection(cursor, serverselectionserversid, serverselectionid):
return serverselection_row_to_dict(fetchone(cursor, SERVERSELECTION_REMOVE_SERVER, (serverselectionserversid, serverselectionid), raises=True))
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment