diff --git a/devops-service/routes/v2.0/handlers/bootstrap_templates.rb b/devops-service/app/api2/handlers/bootstrap_templates.rb similarity index 100% rename from devops-service/routes/v2.0/handlers/bootstrap_templates.rb rename to devops-service/app/api2/handlers/bootstrap_templates.rb diff --git a/devops-service/routes/v2.0/handlers/deploy.rb b/devops-service/app/api2/handlers/deploy.rb similarity index 100% rename from devops-service/routes/v2.0/handlers/deploy.rb rename to devops-service/app/api2/handlers/deploy.rb diff --git a/devops-service/app/api2/handlers/filter.rb b/devops-service/app/api2/handlers/filter.rb new file mode 100644 index 0000000..9c51c28 --- /dev/null +++ b/devops-service/app/api2/handlers/filter.rb @@ -0,0 +1,26 @@ +module Devops + module API2_0 + module Handler + class Filter + + def initialize provider + @provider = provider + end + + def available_images + Devops::Db.connector.available_images(@provider) + end + + def add_images images + Devops::Db.connector.add_available_images(images, @provider) + end + + def delete_images images + Devops::Db.connector.delete_available_images(images, @provider) + end + + end + end + end +end + diff --git a/devops-service/routes/v2.0/handlers/flavor.rb b/devops-service/app/api2/handlers/flavor.rb similarity index 100% rename from devops-service/routes/v2.0/handlers/flavor.rb rename to devops-service/app/api2/handlers/flavor.rb diff --git a/devops-service/app/api2/handlers/group.rb b/devops-service/app/api2/handlers/group.rb new file mode 100644 index 0000000..2016d88 --- /dev/null +++ b/devops-service/app/api2/handlers/group.rb @@ -0,0 +1,20 @@ +require "providers/provider_factory" + +module Devops + module API2_0 + module Handler + class Group + + def initialize provider + @provider = provider + end + + def groups params + p = ::Provider::ProviderFactory.get @provider + p.groups(params) + end + end + end + end +end + diff --git a/devops-service/routes/v2.0/handlers/image.rb b/devops-service/app/api2/handlers/image.rb similarity index 100% rename from devops-service/routes/v2.0/handlers/image.rb rename to devops-service/app/api2/handlers/image.rb diff --git a/devops-service/routes/v2.0/handlers/key.rb b/devops-service/app/api2/handlers/key.rb similarity index 100% rename from devops-service/routes/v2.0/handlers/key.rb rename to devops-service/app/api2/handlers/key.rb diff --git a/devops-service/routes/v2.0/handlers/network.rb b/devops-service/app/api2/handlers/network.rb similarity index 100% rename from devops-service/routes/v2.0/handlers/network.rb rename to devops-service/app/api2/handlers/network.rb diff --git a/devops-service/routes/v2.0/handlers/project.rb b/devops-service/app/api2/handlers/project.rb similarity index 100% rename from devops-service/routes/v2.0/handlers/project.rb rename to devops-service/app/api2/handlers/project.rb diff --git a/devops-service/app/api2/handlers/provider.rb b/devops-service/app/api2/handlers/provider.rb new file mode 100644 index 0000000..56aec3e --- /dev/null +++ b/devops-service/app/api2/handlers/provider.rb @@ -0,0 +1,15 @@ +require "providers/provider_factory" + +module Devops + module API2_0 + module Handler + class Provider + + def providers + ::Provider::ProviderFactory.providers + end + + end + end + end +end diff --git a/devops-service/routes/v2.0/handlers/report.rb b/devops-service/app/api2/handlers/report.rb similarity index 100% rename from devops-service/routes/v2.0/handlers/report.rb rename to devops-service/app/api2/handlers/report.rb diff --git a/devops-service/routes/v2.0/handlers/script.rb b/devops-service/app/api2/handlers/script.rb similarity index 100% rename from devops-service/routes/v2.0/handlers/script.rb rename to devops-service/app/api2/handlers/script.rb diff --git a/devops-service/routes/v2.0/handlers/server.rb b/devops-service/app/api2/handlers/server.rb similarity index 100% rename from devops-service/routes/v2.0/handlers/server.rb rename to devops-service/app/api2/handlers/server.rb diff --git a/devops-service/routes/v2.0/handlers/stack.rb b/devops-service/app/api2/handlers/stack.rb similarity index 100% rename from devops-service/routes/v2.0/handlers/stack.rb rename to devops-service/app/api2/handlers/stack.rb diff --git a/devops-service/routes/v2.0/handlers/stack_template.rb b/devops-service/app/api2/handlers/stack_template.rb similarity index 100% rename from devops-service/routes/v2.0/handlers/stack_template.rb rename to devops-service/app/api2/handlers/stack_template.rb diff --git a/devops-service/routes/v2.0/handlers/stack_template_preset.rb b/devops-service/app/api2/handlers/stack_template_preset.rb similarity index 100% rename from devops-service/routes/v2.0/handlers/stack_template_preset.rb rename to devops-service/app/api2/handlers/stack_template_preset.rb diff --git a/devops-service/routes/v2.0/handlers/status.rb b/devops-service/app/api2/handlers/status.rb similarity index 100% rename from devops-service/routes/v2.0/handlers/status.rb rename to devops-service/app/api2/handlers/status.rb diff --git a/devops-service/routes/v2.0/handlers/tag.rb b/devops-service/app/api2/handlers/tag.rb similarity index 100% rename from devops-service/routes/v2.0/handlers/tag.rb rename to devops-service/app/api2/handlers/tag.rb diff --git a/devops-service/app/api2/handlers/user.rb b/devops-service/app/api2/handlers/user.rb new file mode 100644 index 0000000..9da89ca --- /dev/null +++ b/devops-service/app/api2/handlers/user.rb @@ -0,0 +1,47 @@ +require "db/mongo/models/user" + +module Devops + module API2_0 + module Handler + class User + + def users + Devops::Db.connector.users + end + + def create body + Devops::Db.connector.user_insert Devops::Model::User.new(body) + end + + def delete user_id + Devops::Db.connector.user_delete user_id + end + + def change_user_privileges user_id, cmd, privileges + change_user(user_id) do + user.grant(cmd, privileges) + end + end + + def change_email user_id, val + change_user(user_id) do + user.email = val + end + end + + def change_password user_id, val + change_user(user_id) do + user.password = val + end + end + + def change_user user_id + user = Devops::Db.connector.user user_id + yield(user) + Devops::Db.connector.user_update user + end + end + end + end +end + diff --git a/devops-service/helpers/request.rb b/devops-service/app/api2/helpers/request.rb similarity index 100% rename from devops-service/helpers/request.rb rename to devops-service/app/api2/helpers/request.rb diff --git a/devops-service/helpers/version_2.rb b/devops-service/app/api2/helpers/version_2.rb similarity index 94% rename from devops-service/helpers/version_2.rb rename to devops-service/app/api2/helpers/version_2.rb index edcc30a..c201032 100644 --- a/devops-service/helpers/version_2.rb +++ b/devops-service/app/api2/helpers/version_2.rb @@ -5,7 +5,7 @@ require "sinatra/json" require "providers/provider_factory" module Devops - module Version2_0 + module API2_0 module Helpers def create_response msg, obj=nil, rstatus=200 @@ -23,11 +23,10 @@ module Devops def check_privileges cmd, p # somewhy REMOTE_USER is missing - user = request.env['HTTP_REMOTE_USER'] || request.env['REMOTE_USER'] - settings.mongo.check_user_privileges(user, cmd, p) + user = request.env['USER'] + user.check_privileges(cmd, p) end - def check_provider provider list = ::Provider::ProviderFactory.providers halt_response("Invalid provider '#{provider}', available providers: '#{list.join("', '")}'", 404) unless list.include?(provider) diff --git a/devops-service/routes/v2.0/bootstrap_templates.rb b/devops-service/app/api2/routes/bootstrap_templates.rb similarity index 100% rename from devops-service/routes/v2.0/bootstrap_templates.rb rename to devops-service/app/api2/routes/bootstrap_templates.rb diff --git a/devops-service/routes/v2.0/deploy.rb b/devops-service/app/api2/routes/deploy.rb similarity index 100% rename from devops-service/routes/v2.0/deploy.rb rename to devops-service/app/api2/routes/deploy.rb diff --git a/devops-service/routes/v2.0/filter.rb b/devops-service/app/api2/routes/filter.rb similarity index 59% rename from devops-service/routes/v2.0/filter.rb rename to devops-service/app/api2/routes/filter.rb index 6563e5e..bbce987 100644 --- a/devops-service/routes/v2.0/filter.rb +++ b/devops-service/app/api2/routes/filter.rb @@ -1,20 +1,10 @@ module Devops - module Version2_0 + module API2_0 module Routes module FilterRoutes def self.registered(app) - app.before "/filter/:provider/image" do - protect! - check_headers :accept, :content_type - check_privileges("filter", "w") - check_provider(params[:provider]) - @images = create_object_from_json_body(Array) - halt_response("Request body should not be an empty array") if @images.empty? - check_array(@images, "Request body should contains an array with strings") - end - # Get list of images filters for :provider # # Devops can works with images from filters list only @@ -33,7 +23,12 @@ module Devops # [ # "36dc7618-4178-4e29-be43-286fbfe90f50" # ] - app.get_with_headers "/filter/:provider/images", :headers => [:accept], &Devops::Version2_0::Handler::Filter.get_filters + app.get_with_headers "/filter/:provider/images", :headers => [:accept] do#, &Devops::API2_0::Handler::Filter.get_filters + check_privileges("filter", "r") + provider = params[:provider] + check_provider(provider) + json Devops::API2_0::Handler::Filter.new(provider).available_images + end hash = {} @@ -50,7 +45,15 @@ module Devops # ] -> array of image ids to add to filter # # * *Returns* : list of images filters for :provider - hash["PUT"] = Devops::Version2_0::Handler::Filter.add_filter + hash["PUT"] = lambda { #Devops::API2_0::Handler::Filter.add_filter + check_privileges("filter", "w") + provider = params[:provider] + check_provider(provider) + images = create_object_from_json_body(Array) + halt_response("Request body should not be an empty array") if images.empty? + check_array(images, "Request body should contains an array with strings") + create_response("Updated", {:images => Devops::API2_0::Handler::Filter.new(provider).add_images(images)}) + } # Delete image ids from filter for :provider # @@ -65,7 +68,15 @@ module Devops # ] -> array of image ids to delete from filter # # * *Returns* : list of images filters for :provider - hash["DELETE"] = Devops::Version2_0::Handler::Filter.delete_filter + hash["DELETE"] = lambda {#Devops::API2_0::Handler::Filter.delete_filter + check_privileges("filter", "w") + provider = params[:provider] + check_provider(provider) + images = create_object_from_json_body(Array) + halt_response("Request body should not be an empty array") if images.empty? + check_array(images, "Request body should contains an array with strings") + create_response("Deleted", {:images => Devops::API2_0::Handler::Filter.new(provider).delete_images(images)}) + } app.multi_routes "/filter/:provider/image", {:headers => [:accept, :content_type]}, hash diff --git a/devops-service/routes/v2.0/flavor.rb b/devops-service/app/api2/routes/flavor.rb similarity index 100% rename from devops-service/routes/v2.0/flavor.rb rename to devops-service/app/api2/routes/flavor.rb diff --git a/devops-service/routes/v2.0/group.rb b/devops-service/app/api2/routes/group.rb similarity index 82% rename from devops-service/routes/v2.0/group.rb rename to devops-service/app/api2/routes/group.rb index ef450f4..ed8238e 100644 --- a/devops-service/routes/v2.0/group.rb +++ b/devops-service/app/api2/routes/group.rb @@ -1,6 +1,6 @@ # encoding: UTF-8 module Devops - module Version2_0 + module API2_0 module Routes module GroupRoutes @@ -44,7 +44,12 @@ module Devops # } # } # TODO: vpc support for ec2 - app.get_with_headers "/groups/:provider", :headers => [:accept], &Devops::Version2_0::Handler::Group.get_groups + app.get_with_headers "/groups/:provider", :headers => [:accept] do#, &Devops::Version2_0::Handler::Group.get_groups + check_privileges("group", "r") + provider = params[:provider] + check_provider(provider) + json Devops::API2_0::Handler::Group.new(provider).groups(params) + end puts "Group routes initialized" end diff --git a/devops-service/routes/v2.0/image.rb b/devops-service/app/api2/routes/image.rb similarity index 100% rename from devops-service/routes/v2.0/image.rb rename to devops-service/app/api2/routes/image.rb diff --git a/devops-service/routes/v2.0/key.rb b/devops-service/app/api2/routes/key.rb similarity index 97% rename from devops-service/routes/v2.0/key.rb rename to devops-service/app/api2/routes/key.rb index 956b25f..13d4be4 100644 --- a/devops-service/routes/v2.0/key.rb +++ b/devops-service/app/api2/routes/key.rb @@ -1,5 +1,4 @@ require "json" -require "db/exceptions/invalid_record" require "db/mongo/models/key" require "fileutils" diff --git a/devops-service/routes/v2.0/network.rb b/devops-service/app/api2/routes/network.rb similarity index 100% rename from devops-service/routes/v2.0/network.rb rename to devops-service/app/api2/routes/network.rb diff --git a/devops-service/routes/v2.0/project.rb b/devops-service/app/api2/routes/project.rb similarity index 100% rename from devops-service/routes/v2.0/project.rb rename to devops-service/app/api2/routes/project.rb diff --git a/devops-service/routes/v2.0/provider.rb b/devops-service/app/api2/routes/provider.rb similarity index 74% rename from devops-service/routes/v2.0/provider.rb rename to devops-service/app/api2/routes/provider.rb index ab48ced..d625ed2 100644 --- a/devops-service/routes/v2.0/provider.rb +++ b/devops-service/app/api2/routes/provider.rb @@ -4,7 +4,7 @@ require "json" require "providers/provider_factory" module Devops - module Version2_0 + module API2_0 module Routes module ProviderRoutes @@ -22,7 +22,10 @@ module Devops # "ec2", # "openstack" # ] - app.get_with_headers "/providers", :headers => [:accept], &Devops::Version2_0::Handler::Provider.get_providers + app.get_with_headers "/providers", :headers => [:accept] do#, &Devops::Version2_0::Handler::Provider.get_providers + check_privileges("provider", "r") + json Devops::API2_0::Handler::Provider.new.providers + end puts "Provider routes initialized" end diff --git a/devops-service/routes/v2.0/report.rb b/devops-service/app/api2/routes/report.rb similarity index 100% rename from devops-service/routes/v2.0/report.rb rename to devops-service/app/api2/routes/report.rb diff --git a/devops-service/routes/v2.0/script.rb b/devops-service/app/api2/routes/script.rb similarity index 100% rename from devops-service/routes/v2.0/script.rb rename to devops-service/app/api2/routes/script.rb diff --git a/devops-service/routes/v2.0/server.rb b/devops-service/app/api2/routes/server.rb similarity index 100% rename from devops-service/routes/v2.0/server.rb rename to devops-service/app/api2/routes/server.rb diff --git a/devops-service/routes/v2.0/stack.rb b/devops-service/app/api2/routes/stack.rb similarity index 100% rename from devops-service/routes/v2.0/stack.rb rename to devops-service/app/api2/routes/stack.rb diff --git a/devops-service/routes/v2.0/stack_template.rb b/devops-service/app/api2/routes/stack_template.rb similarity index 100% rename from devops-service/routes/v2.0/stack_template.rb rename to devops-service/app/api2/routes/stack_template.rb diff --git a/devops-service/routes/v2.0/stack_template_presets.rb b/devops-service/app/api2/routes/stack_template_presets.rb similarity index 100% rename from devops-service/routes/v2.0/stack_template_presets.rb rename to devops-service/app/api2/routes/stack_template_presets.rb diff --git a/devops-service/routes/v2.0/status.rb b/devops-service/app/api2/routes/status.rb similarity index 100% rename from devops-service/routes/v2.0/status.rb rename to devops-service/app/api2/routes/status.rb diff --git a/devops-service/routes/v2.0/tag.rb b/devops-service/app/api2/routes/tag.rb similarity index 100% rename from devops-service/routes/v2.0/tag.rb rename to devops-service/app/api2/routes/tag.rb diff --git a/devops-service/routes/v2.0/user.rb b/devops-service/app/api2/routes/user.rb similarity index 50% rename from devops-service/routes/v2.0/user.rb rename to devops-service/app/api2/routes/user.rb index 5a3ea28..912d566 100644 --- a/devops-service/routes/v2.0/user.rb +++ b/devops-service/app/api2/routes/user.rb @@ -1,5 +1,5 @@ module Devops - module Version2_0 + module API2_0 module Routes module UserRoutes @@ -33,7 +33,11 @@ module Devops # "id": "test" # } # ] - app.get_with_headers "/users", :headers => [:accept], &Devops::Version2_0::Handler::User.get_users + app.get_with_headers "/users", :headers => [:accept] do#, &Devops::API2_0::Handler::User.get_users + check_privileges("user", "r") + users = Devops::API2_0::Handler::User.new.users.map {|i| h = i.to_hash; h.delete("password"); h} + json users + end # Create user # @@ -51,7 +55,15 @@ module Devops # # * *Returns* : # 201 - Created - app.post_with_headers "/user", :headers => [:accept, :content_type], &Devops::Version2_0::Handler::User.create_user + app.post_with_headers "/user", :headers => [:accept, :content_type] do#, &Devops::API2_0::Handler::User.create_user + check_privileges("user", "w") + user = create_object_from_json_body + ["username", "password", "email"].each do |p| + check_string(user[p], "Parameter '#{p}' must be a not empty string") + end + Devops::API2_0::Handler::User.new.create(user) + create_response("Created", nil, 201) + end hash = {} # Delete user @@ -63,7 +75,24 @@ module Devops # # * *Returns* : # 200 - Deleted - hash["DELETE"] = Devops::Version2_0::Handler::User.delete_user + hash["DELETE"] = lambda { + check_privileges("user", "w") + projects = Devops::Db.connector.projects_by_user params[:user] + if !projects.empty? + str = "" + projects.each do |p| + p.deploy_envs.each do |e| + str+="#{p.id}.#{e.identifier} " if e.users.include? params[:user] + end + end + logger.info projects + raise DependencyError.new "Deleting is forbidden: User is included in #{str}" + #return [400, "Deleting is forbidden: User is included in #{str}"] + end + + Devops::API2_0::Handler::User.new.delete(params[:user]) + create_response("User '#{params[:user]}' removed") + } # Change user privileges # @@ -80,7 +109,14 @@ module Devops # # * *Returns* : # 200 - Updated - hash["PUT"] = Devops::Version2_0::Handler::User.change_user_privileges + hash["PUT"] = lambda { + check_privileges("user", "w") + data = create_object_from_json_body + cmd = check_string(data["cmd"], "Parameter 'cmd' should be a not empty string", true) || "" + privileges = check_string(data["privileges"], "Parameter 'privileges' should be a not empty string", true) || "" + Devops::API2_0::Handler::User.new.change_user_privileges(params[:user], cmd, privileges) + create_response("Updated") + } app.multi_routes "/user/:user", {:headers => [:accept, :content_type]}, hash # Change user email/password @@ -97,7 +133,20 @@ module Devops # # * *Returns* : # 200 - Updated - app.put_with_headers %r{\A/user/#{DevopsConfig::OBJECT_NAME}/(email|password)\z}, :headers => [:accept, :content_type], &Devops::Version2_0::Handler::User.change_user_email_or_password + app.put_with_headers %r{\A/user/#{DevopsConfig::OBJECT_NAME}/(email|password)\z}, :headers => [:accept, :content_type] do#, &Devops::API2_0::Handler::User.change_user_email_or_password + check_privileges("user", "w") + action = File.basename(request.path) + u = File.basename(File.dirname(request.path)) + raise InvalidPrivileges.new("Access denied for '#{request.env['REMOTE_USER']}'") if u == Devops::Model::User::ROOT_USER_NAME and request.env['REMOTE_USER'] != Devops::Model::User::ROOT_USER_NAME + + check_privileges("user", "w") unless request.env['REMOTE_USER'] == u + + body = create_object_from_json_body + p = check_string(body[action], "Parameter '#{action}' must be a not empty string") + h = Devops::API2_0::Handler::User.new + h.send("change_#{action}=", p) + create_response("Updated") + end puts "User routes initialized" end diff --git a/devops-service/routes/v2.0.rb b/devops-service/app/api2/routes/v2.0.rb similarity index 79% rename from devops-service/routes/v2.0.rb rename to devops-service/app/api2/routes/v2.0.rb index 1d3cc4a..79b13cf 100644 --- a/devops-service/routes/v2.0.rb +++ b/devops-service/app/api2/routes/v2.0.rb @@ -1,25 +1,31 @@ require "sinatra/base" require "sinatra/streaming" -require "helpers/version_2" require "json" require "fog" require "auth/devops_auth" -require "db/exceptions/invalid_record" -require "db/exceptions/record_not_found" +require "exceptions/invalid_record" +require "exceptions/record_not_found" require "exceptions/dependency_error" +require 'core/devops-logger' + +require_relative "../helpers/version_2" module Devops class Api2 < Sinatra::Base include Sinatra::JSON helpers Sinatra::Streaming - helpers Devops::Version2_0::Helpers + helpers Devops::API2_0::Helpers register Sinatra::DevopsAuth configure :production do + config = DevopsConfig.config + log_file = File.join(config[:log_dir], "devops-api2.log") + logger = DevopsLogger.create(log_file, Logger::DEBUG) + use Rack::CommonLogger, logger disable :dump_errors disable :show_exceptions set :logging, Logger::INFO @@ -27,11 +33,14 @@ module Devops end configure :development do - set :logging, Logger::DEBUG + config = DevopsConfig.config + log_file = File.join(config[:log_dir], "devops-api2.log") + logger = DevopsLogger.create(log_file, Logger::DEBUG) + use Rack::CommonLogger, logger disable :raise_errors # disable :dump_errors set :show_exceptions, :after_handler - puts "Development mode" + logger.info "Development mode" end not_found do diff --git a/devops-service/app/devops-api2.rb b/devops-service/app/devops-api2.rb index 2000242..1b32eac 100644 --- a/devops-service/app/devops-api2.rb +++ b/devops-service/app/devops-api2.rb @@ -2,13 +2,15 @@ module Devops class DevopsApi2Application < Application def prepare - require "routes/v2.0" - require "routes/v2.0/handlers/provider" + require_relative "api2/routes/v2.0" + require_relative "api2/handlers/provider" + require_relative "api2/handlers/flavor" + require_relative "api2/handlers/filter" + require_relative "api2/handlers/group" + require_relative "api2/handlers/user" +=begin require "routes/v2.0/handlers/bootstrap_templates" require "routes/v2.0/handlers/deploy" - require "routes/v2.0/handlers/filter" - require "routes/v2.0/handlers/flavor" - require "routes/v2.0/handlers/group" require "routes/v2.0/handlers/image" require "routes/v2.0/handlers/network" require "routes/v2.0/handlers/key" @@ -16,12 +18,12 @@ module Devops require "routes/v2.0/handlers/script" require "routes/v2.0/handlers/status" require "routes/v2.0/handlers/tag" - require "routes/v2.0/handlers/user" require "routes/v2.0/handlers/server" require "routes/v2.0/handlers/stack" require "routes/v2.0/handlers/stack_template" - require "routes/v2.0/stack_template_presets" require "routes/v2.0/handlers/report" + require_relative "api2/routes/handlers/stack_template_preset" +=end require 'lib/stubber' end @@ -42,27 +44,26 @@ module Devops end def routes - require "routes/v2.0/flavor" - require "routes/v2.0/image" - require "routes/v2.0/filter" - require "routes/v2.0/network" - require "routes/v2.0/group" - require "routes/v2.0/deploy" - require "routes/v2.0/project" - require "routes/v2.0/key" - require "routes/v2.0/user" - require "routes/v2.0/provider" - require "routes/v2.0/tag" - require "routes/v2.0/server" - require "routes/v2.0/script" - require "routes/v2.0/status" - require "routes/v2.0/bootstrap_templates" - require "routes/v2.0/stack" - require "routes/v2.0/stack_template" - require "routes/v2.0/handlers/stack_template_preset" - require "routes/v2.0/report" + require_relative "api2/routes/flavor" + require_relative "api2/routes/image" + require_relative "api2/routes/filter" + require_relative "api2/routes/network" + require_relative "api2/routes/group" + require_relative "api2/routes/deploy" + require_relative "api2/routes/project" + require_relative "api2/routes/key" + require_relative "api2/routes/user" + require_relative "api2/routes/provider" + require_relative "api2/routes/tag" + require_relative "api2/routes/server" + require_relative "api2/routes/script" + require_relative "api2/routes/status" + require_relative "api2/routes/bootstrap_templates" + require_relative "api2/routes/stack" + require_relative "api2/routes/stack_template" + require_relative "api2/routes/report" - routes = Devops::Version2_0::Routes.constants.collect{|s| Devops::Version2_0::Routes.const_get(s)}.select {|const| const.class == Module} + routes = Devops::API2_0::Routes.constants.collect{|s| Devops::API2_0::Routes.const_get(s)}.select {|const| const.class == Module} routes.each do |r| Devops::Api2.register r end diff --git a/devops-service/applications.rb b/devops-service/applications.rb index 27f1bcd..cbccf94 100644 --- a/devops-service/applications.rb +++ b/devops-service/applications.rb @@ -1,4 +1,4 @@ require "app/sidekiq_web" require "app/devops-client" require "app/devops-version" -#require "app/devops-api2" +require "app/devops-api2" diff --git a/devops-service/auth/devops_auth.rb b/devops-service/auth/devops_auth.rb index b7f2976..2e84e53 100644 --- a/devops-service/auth/devops_auth.rb +++ b/devops-service/auth/devops_auth.rb @@ -12,8 +12,9 @@ module Sinatra if @auth.provided? and @auth.basic? and @auth.credentials c = @auth.credentials begin - Devops::Db.connector.user_auth(c[0], c[1]) + u = Devops::Db.connector.user_auth(c[0], c[1]) request.env['REMOTE_USER'] = c[0] + request.env['USER'] = u true rescue RecordNotFound => e false diff --git a/devops-service/commands/server.rb b/devops-service/commands/server.rb index 3f6b2f6..d690f93 100644 --- a/devops-service/commands/server.rb +++ b/devops-service/commands/server.rb @@ -1,6 +1,6 @@ require "commands/knife_commands" require "commands/deploy" -require "db/exceptions/record_not_found" +require "exceptions/record_not_found" module ServerCommands diff --git a/devops-service/db/mongo/connectors/base.rb b/devops-service/db/mongo/connectors/base.rb index 36f9047..278519e 100644 --- a/devops-service/db/mongo/connectors/base.rb +++ b/devops-service/db/mongo/connectors/base.rb @@ -1,5 +1,5 @@ -require "db/exceptions/record_not_found" -require "db/exceptions/invalid_record" +require "exceptions/record_not_found" +require "exceptions/invalid_record" require "exceptions/invalid_command" require "exceptions/invalid_privileges" diff --git a/devops-service/db/mongo/connectors/user.rb b/devops-service/db/mongo/connectors/user.rb index 7954b63..bf83e69 100644 --- a/devops-service/db/mongo/connectors/user.rb +++ b/devops-service/db/mongo/connectors/user.rb @@ -1,3 +1,4 @@ +require "db/mongo/models/user" module Connectors class User < Base include Helpers::InsertCommand, @@ -13,6 +14,7 @@ module Connectors def user_auth user, password u = collection.find('_id' => user, 'password' => password).to_a.first raise RecordNotFound.new('Invalid username or password') if u.nil? + model_from_bson(u) end def users(ids=nil) @@ -33,19 +35,6 @@ module Connectors collection.insert(root.to_mongo_hash) end - def check_user_privileges(id, cmd, required_privelege) - user = show(id) - - unless Devops::Model::User::PRIVILEGES.include?(required_privelege) - raise InvalidPrivileges.new("Access internal problem with privilege '#{required_privelege}'") - end - - unless user.can?(cmd, required_privelege) - raise InvalidPrivileges.new("Access denied for '#{user.id}'") - end - true - end - private def model_from_bson(bson) diff --git a/devops-service/db/mongo/models/image.rb b/devops-service/db/mongo/models/image.rb index 16d9fbd..f537248 100644 --- a/devops-service/db/mongo/models/image.rb +++ b/devops-service/db/mongo/models/image.rb @@ -1,7 +1,6 @@ -require "db/exceptions/invalid_record" require "db/mongo/models/mongo_model" -require "db/validators/image/bootstrap_template.rb" -require "db/validators/image/image_in_filter.rb" +require "db/validators/image/bootstrap_template" +require "db/validators/image/image_in_filter" module Devops module Model diff --git a/devops-service/db/mongo/models/key.rb b/devops-service/db/mongo/models/key.rb index 9746ab2..74184e4 100644 --- a/devops-service/db/mongo/models/key.rb +++ b/devops-service/db/mongo/models/key.rb @@ -1,6 +1,7 @@ -require "db/exceptions/invalid_record" require "db/mongo/models/mongo_model" require "json" +require "db/validators/key/file_existence" +require "db/validators/key/scope" module Devops module Model diff --git a/devops-service/db/mongo/models/mongo_model.rb b/devops-service/db/mongo/models/mongo_model.rb index 316276a..40168d5 100644 --- a/devops-service/db/mongo/models/mongo_model.rb +++ b/devops-service/db/mongo/models/mongo_model.rb @@ -1,5 +1,5 @@ require "providers/provider_factory" -require "db/exceptions/invalid_record" +require "exceptions/invalid_record" require "json" module Devops diff --git a/devops-service/db/mongo/models/user.rb b/devops-service/db/mongo/models/user.rb index 73fdc05..9e50a3f 100644 --- a/devops-service/db/mongo/models/user.rb +++ b/devops-service/db/mongo/models/user.rb @@ -1,4 +1,4 @@ -require "db/exceptions/invalid_record" +require "exceptions/invalid_record" require "exceptions/invalid_command" require "db/mongo/models/mongo_model" @@ -70,15 +70,11 @@ module Devops o end - def can?(command, privilege) - p = self.privileges[command] || [] - p.include?(privilege) - end - - def check_privilege cmd, priv - p = self.privileges[cmd] - return false if p.nil? - return p.include?(priv) + def check_privileges cmd, required_privelege + unless PRIVILEGES.include?(required_privelege) + raise InvalidPrivileges.new("Access internal problem with privilege '#{required_privelege}'") + end + can?(cmd, required_privelege) end def self.create_root @@ -89,6 +85,12 @@ module Devops end private + + def can?(command, privilege) + p = self.privileges[command] || [] + p.include?(privilege) + end + def privileges_with_value value, options={} privileges = {} [ diff --git a/devops-service/db/validators/key/file_existence.rb b/devops-service/db/validators/key/file_existence.rb index a14a6b5..e11885a 100644 --- a/devops-service/db/validators/key/file_existence.rb +++ b/devops-service/db/validators/key/file_existence.rb @@ -1,7 +1,9 @@ module Validators - class Key::FileExistence < Base + module Key + class FileExistence < Base - delegate_to_helper_validator { Helpers::FileExistence.new(@model.path) } + delegate_to_helper_validator { Helpers::FileExistence.new(@model.path) } + end end end diff --git a/devops-service/db/exceptions/invalid_record.rb b/devops-service/exceptions/invalid_record.rb similarity index 100% rename from devops-service/db/exceptions/invalid_record.rb rename to devops-service/exceptions/invalid_record.rb diff --git a/devops-service/db/exceptions/record_not_found.rb b/devops-service/exceptions/record_not_found.rb similarity index 100% rename from devops-service/db/exceptions/record_not_found.rb rename to devops-service/exceptions/record_not_found.rb diff --git a/devops-service/routes/v2.0/handlers/filter.rb b/devops-service/routes/v2.0/handlers/filter.rb deleted file mode 100644 index b8c17aa..0000000 --- a/devops-service/routes/v2.0/handlers/filter.rb +++ /dev/null @@ -1,32 +0,0 @@ -module Devops - module Version2_0 - module Handler - class Filter - - def self.get_filters - lambda { - check_privileges("filter", "r") - check_provider(params[:provider]) - json settings.mongo.available_images(params[:provider]) - } - end - - def self.add_filter - lambda { - create_response("Updated", {:images => settings.mongo.add_available_images(@images, params[:provider])}) - } - end - - def self.delete_filter - lambda { - # f = FilterHandler.new(?) #request, params -# f.delete - # create_response("Deleted", {:images => f.delete})# settings.mongo.delete_available_images(@images, params[:provider])}) - } - end - - end - end - end -end - diff --git a/devops-service/routes/v2.0/handlers/group.rb b/devops-service/routes/v2.0/handlers/group.rb deleted file mode 100644 index eca44de..0000000 --- a/devops-service/routes/v2.0/handlers/group.rb +++ /dev/null @@ -1,19 +0,0 @@ -require "providers/provider_factory" - -module Devops - module Version2_0 - module Handler - class Group - def self.get_groups - lambda { - check_privileges("group", "r") - check_provider(params[:provider]) - p = ::Provider::ProviderFactory.get params[:provider] - json p.groups(params) - } - end - end - end - end -end - diff --git a/devops-service/routes/v2.0/handlers/provider.rb b/devops-service/routes/v2.0/handlers/provider.rb deleted file mode 100644 index a777dc6..0000000 --- a/devops-service/routes/v2.0/handlers/provider.rb +++ /dev/null @@ -1,16 +0,0 @@ -require "providers/provider_factory" - -module Devops - module Version2_0 - module Handler - class Provider - def self.get_providers - lambda { - check_privileges("provider", "r") - json ::Provider::ProviderFactory.providers - } - end - end - end - end -end diff --git a/devops-service/routes/v2.0/handlers/user.rb b/devops-service/routes/v2.0/handlers/user.rb deleted file mode 100644 index 2a8da88..0000000 --- a/devops-service/routes/v2.0/handlers/user.rb +++ /dev/null @@ -1,85 +0,0 @@ -require "db/exceptions/invalid_record" -require "db/mongo/models/user" - -module Devops - module Version2_0 - module Handler - class User - - def self.get_users - lambda { - check_privileges("user", "r") - users = Devops::Db.connector.users.map {|i| i.to_hash} - users.each {|u| u.delete("password")} - json users - } - end - - def self.create_user - lambda { - check_privileges("user", "w") - user = create_object_from_json_body - ["username", "password", "email"].each do |p| - check_string(user[p], "Parameter '#{p}' must be a not empty string") - end - Devops::Db.connector.user_insert Devops::Model::User.new(user) - create_response("Created", nil, 201) - } - end - - def self.delete_user - lambda { - check_privileges("user", "w") - projects = Devops::Db.connector.projects_by_user params[:user] - if !projects.empty? - str = "" - projects.each do |p| - p.deploy_envs.each do |e| - str+="#{p.id}.#{e.identifier} " if e.users.include? params[:user] - end - end - logger.info projects - raise DependencyError.new "Deleting is forbidden: User is included in #{str}" - #return [400, "Deleting is forbidden: User is included in #{str}"] - end - - r = Devops::Db.connector.user_delete params[:user] - create_response("User '#{params[:user]}' removed") - } - end - - def self.change_user_privileges - lambda { - check_privileges("user", "w") - data = create_object_from_json_body - user = Devops::Db.connector.user params[:user] - cmd = check_string(data["cmd"], "Parameter 'cmd' should be a not empty string", true) || "" - privileges = check_string(data["privileges"], "Parameter 'privileges' should be a not empty string", true) || "" - user.grant(cmd, privileges) - Devops::Db.connector.user_update user - create_response("Updated") - } - end - - def self.change_user_email_or_password - lambda { - check_privileges("user", "w") - action = File.basename(request.path) - u = File.basename(File.dirname(request.path)) - raise InvalidPrivileges.new("Access denied for '#{request.env['REMOTE_USER']}'") if u == Devops::Model::User::ROOT_USER_NAME and request.env['REMOTE_USER'] != Devops::Model::User::ROOT_USER_NAME - - check_privileges("user", "w") unless request.env['REMOTE_USER'] == u - - body = create_object_from_json_body - p = check_string(body[action], "Parameter '#{action}' must be a not empty string") - user = Devops::Db.connector.user u - user.send("#{action}=", p) - Devops::Db.connector.user_update user - create_response("Updated") - } - end - end - end - end -end -