quay/app.py

import logging
import os
import json

from flask import Flask, Config, request, Request
from flask.ext.principal import Principal
from flask.ext.login import LoginManager, UserMixin
from flask.ext.mail import Mail

import features

from avatars.avatars import Avatar
from storage import Storage

from avatars.avatars import Avatar

from data import model
from data import database
from data.userfiles import Userfiles
from data.users import UserAuthentication
from data.billing import Billing
from data.buildlogs import BuildLogs
from data.archivedlogs import LogArchive
from data.userevent import UserEventsBuilderModule
from data.queue import WorkQueue
from util.analytics import Analytics
from util.exceptionlog import Sentry
from util.names import urn_generator
from util.oauth import GoogleOAuthConfig, GithubOAuthConfig
from util.signing import Signer
from util.queuemetrics import QueueMetrics
from util.config.provider import FileConfigProvider, TestConfigProvider
from util.config.configutil import generate_secret_key
from util.config.superusermanager import SuperUserManager

# pylint: disable=invalid-name,too-many-public-methods,too-few-public-methods,too-many-ancestors
class Config(BaseConfig):
  """ Flask config enhanced with a `from_yamlfile` method """

  def from_yamlfile(self, config_file):
    with open(config_file) as f:
      c = yaml.load(f)
      if not c:
        logger.debug('Empty YAML config file')
        return

      if isinstance(c, str):
        raise Exception('Invalid YAML config file: ' + str(c))

      for key in c.iterkeys():
        if key.isupper():
          self[key] = c[key]

class Flask(BaseFlask):
  """ Extends the Flask class to implement our custom Config class. """

  def make_config(self, instance_relative=False):
    root_path = self.instance_path if instance_relative else self.root_path
    return Config(root_path, self.default_config)


OVERRIDE_CONFIG_DIRECTORY = 'conf/stack/'
OVERRIDE_CONFIG_YAML_FILENAME = 'conf/stack/config.yaml'
OVERRIDE_CONFIG_PY_FILENAME = 'conf/stack/config.py'

OVERRIDE_CONFIG_KEY = 'QUAY_OVERRIDE_CONFIG'
LICENSE_FILENAME = 'conf/stack/license.enc'
>>>>>>> master


app = Flask(__name__)
logger = logging.getLogger(__name__)
profile = logging.getLogger('profile')

CONFIG_PROVIDER = FileConfigProvider('conf/stack/', 'config.yaml', 'config.py')

# Instantiate the default configuration (for test or for normal operation).
if 'TEST' in os.environ:
  CONFIG_PROVIDER = TestConfigProvider()

  from test.testconfig import TestConfig
  logger.debug('Loading test config.')
  app.config.from_object(TestConfig())
else:
  from config import DefaultConfig
  logger.debug('Loading default config.')
  app.config.from_object(DefaultConfig())
  app.teardown_request(database.close_db_filter)

# Load the override config via the provider.
CONFIG_PROVIDER.update_app_config(app.config)

# Update any configuration found in the override environment variable.
OVERRIDE_CONFIG_KEY = 'QUAY_OVERRIDE_CONFIG'

environ_config = json.loads(os.environ.get(OVERRIDE_CONFIG_KEY, '{}'))
app.config.update(environ_config)


class RequestWithId(Request):
  request_gen = staticmethod(urn_generator(['request']))

  def __init__(self, *args, **kwargs):
    super(RequestWithId, self).__init__(*args, **kwargs)
    self.request_id = self.request_gen()


@app.before_request
def _request_start():
  profile.debug('Starting request: %s', request.path)


@app.after_request
def _request_end(r):
  profile.debug('Ending request: %s', request.path)
  return r


class InjectingFilter(logging.Filter):
  def filter(self, record):
    record.msg = '[%s] %s' % (request.request_id, record.msg)
    return True

profile.addFilter(InjectingFilter())

app.request_class = RequestWithId

features.import_features(app.config)

Principal(app, use_sessions=False)

avatar = Avatar(app)
login_manager = LoginManager(app)
mail = Mail(app)
storage = Storage(app)
userfiles = Userfiles(app, storage)
log_archive = LogArchive(app, storage)
analytics = Analytics(app)
billing = Billing(app)
sentry = Sentry(app)
build_logs = BuildLogs(app)
authentication = UserAuthentication(app)
userevents = UserEventsBuilderModule(app)
superusers = SuperUserManager(app)
signer = Signer(app, OVERRIDE_CONFIG_DIRECTORY)
queue_metrics = QueueMetrics(app)

tf = app.config['DB_TRANSACTION_FACTORY']

github_login = GithubOAuthConfig(app.config, 'GITHUB_LOGIN_CONFIG')
github_trigger = GithubOAuthConfig(app.config, 'GITHUB_TRIGGER_CONFIG')
google_login = GoogleOAuthConfig(app.config, 'GOOGLE_LOGIN_CONFIG')
oauth_apps = [github_login, github_trigger, google_login]

image_diff_queue = WorkQueue(app.config['DIFFS_QUEUE_NAME'], tf)
dockerfile_build_queue = WorkQueue(app.config['DOCKERFILE_BUILD_QUEUE_NAME'], tf,
                                   reporter=queue_metrics.report)
notification_queue = WorkQueue(app.config['NOTIFICATION_QUEUE_NAME'], tf)

database.configure(app.config)
model.config.app_config = app.config
model.config.store = storage

# Generate a secret key if none was specified.
if app.config['SECRET_KEY'] is None:
  logger.debug('Generating in-memory secret key')
  app.config['SECRET_KEY'] = generate_secret_key()

@login_manager.user_loader
def load_user(user_uuid):
  logger.debug('User loader loading deferred user with uuid: %s' % user_uuid)
  return LoginWrappedDBUser(user_uuid)

class LoginWrappedDBUser(UserMixin):
  def __init__(self, user_uuid, db_user=None):
    self._uuid = user_uuid
    self._db_user = db_user

  def db_user(self):
    if not self._db_user:
      self._db_user = model.get_user_by_uuid(self._uuid)
    return self._db_user

  def is_authenticated(self):
    return self.db_user() is not None

  def is_active(self):
    return self.db_user().verified

  def get_id(self):
    return unicode(self._uuid)

def get_app_url():
  return '%s://%s' % (app.config['PREFERRED_URL_SCHEME'], app.config['SERVER_HOSTNAME'])
Add some login machinery. 2013-09-23 16:37:40 +00:00			`import logging`
Use production config in production and dev config in dev. 2013-10-01 03:54:12 +00:00			`import os`
Add config override to allow for specialization using environment variables. 2014-06-23 15:24:54 +00:00			`import json`
Add some login machinery. 2013-09-23 16:37:40 +00:00
Move config handling into a provider class to make testing much easier 2015-01-09 21:23:31 +00:00			`from flask import Flask, Config, request, Request`
Integrate flask-principal in order to provide RBAC. 2013-09-20 22:38:17 +00:00			`from flask.ext.principal import Principal`
Fix exception handling in the registry health check and make sure the user_loader is registered before the process is forked 2015-01-17 03:41:54 +00:00			`from flask.ext.login import LoginManager, UserMixin`
Send a confirmation email when an account is created. Links don't do anything yet. 2013-09-27 23:29:01 +00:00			`from flask.ext.mail import Mail`
Add analytics on push and pull repo events in the backend. 2013-10-03 20:19:01 +00:00
Add a features modules that process the flask dict. 2014-04-03 22:47:17 +00:00			`import features`

Merge branch 'master' into v2 2015-02-05 20:37:14 +00:00			`from avatars.avatars import Avatar`
First attempt at making config loadable through string config overrides in an env variable. 2014-04-03 21:31:46 +00:00			`from storage import Storage`
Merge branch 'grunt-js-folder' of https://github.com/coreos-inc/quay into ackbar 2015-01-23 22:26:14 +00:00
			`from avatars.avatars import Avatar`

Add an alembic migration for the full initial database with the data. Switch LDAP to using bind and creating a federated login entry. Add LDAP support to the registry and index endpoints. Add a username transliteration and suggestion mechanism. Switch the database and model to require a manual initialization call. 2014-05-13 16:17:26 +00:00			`from data import model`
			`from data import database`
First attempt at making config loadable through string config overrides in an env variable. 2014-04-03 21:31:46 +00:00			`from data.userfiles import Userfiles`
First stab at LDAP integration. 2014-05-09 21:39:43 +00:00			`from data.users import UserAuthentication`
Fix the tests and implement a fake stripe. 2014-04-10 19:20:16 +00:00			`from data.billing import Billing`
Set up the build logs to use our fake build logs on test and local. 2014-05-09 22:45:11 +00:00			`from data.buildlogs import BuildLogs`
Archived logs commit 1. Squash me. 2014-09-08 20:43:17 +00:00			`from data.archivedlogs import LogArchive`
Split out the redis hostname for user events and build logs as a string config. Modularize the user events and fix all callers. 2014-05-30 18:25:29 +00:00			`from data.userevent import UserEventsBuilderModule`
Change to only run the cloud watch reporter in the gunicorn_web 2015-01-16 18:44:29 +00:00			`from data.queue import WorkQueue`
Move config handling into a provider class to make testing much easier 2015-01-09 21:23:31 +00:00			`from util.analytics import Analytics`
			`from util.exceptionlog import Sentry`
			`from util.names import urn_generator`
			`from util.oauth import GoogleOAuthConfig, GithubOAuthConfig`
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`from util.signing import Signer`
Move config handling into a provider class to make testing much easier 2015-01-09 21:23:31 +00:00			`from util.queuemetrics import QueueMetrics`
Merge branch 'grunt-js-folder' of https://github.com/coreos-inc/quay into ackbar 2015-01-23 22:26:14 +00:00			`from util.config.provider import FileConfigProvider, TestConfigProvider`
Move config handling into a provider class to make testing much easier 2015-01-09 21:23:31 +00:00			`from util.config.configutil import generate_secret_key`
Add an in-memory superusermanager, which stores the current list of superusers in a process-shared Value. We do this because in the ER, when we add a new superuser, we need to ensure that ALL workers have their lists updated (otherwise we get the behavior that some workers validate the new permission and others do not). 2015-01-20 17:43:11 +00:00			`from util.config.superusermanager import SuperUserManager`
Fix support for multiple stack configurations and move most secrets into the quay-config project. 2014-04-07 20:59:22 +00:00
Merge branch 'master' into v2 2015-02-05 20:37:14 +00:00			`# pylint: disable=invalid-name,too-many-public-methods,too-few-public-methods,too-many-ancestors`
Add support for parsing YAML override config, in addition to Python config 2014-08-22 00:36:11 +00:00			`class Config(BaseConfig):`
			""" Flask config enhanced with a `from_yamlfile` method """
Strip whitespace from ALL the things. 2014-11-24 21:07:38 +00:00
Add support for parsing YAML override config, in addition to Python config 2014-08-22 00:36:11 +00:00			`def from_yamlfile(self, config_file):`
			`with open(config_file) as f:`
			`c = yaml.load(f)`
			`if not c:`
			`logger.debug('Empty YAML config file')`
			`return`

			`if isinstance(c, str):`
			`raise Exception('Invalid YAML config file: ' + str(c))`

			`for key in c.iterkeys():`
			`if key.isupper():`
			`self[key] = c[key]`

			`class Flask(BaseFlask):`
			`""" Extends the Flask class to implement our custom Config class. """`

			`def make_config(self, instance_relative=False):`
			`root_path = self.instance_path if instance_relative else self.root_path`
			`return Config(root_path, self.default_config)`


Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`OVERRIDE_CONFIG_DIRECTORY = 'conf/stack/'`
Add support for parsing YAML override config, in addition to Python config 2014-08-22 00:36:11 +00:00			`OVERRIDE_CONFIG_YAML_FILENAME = 'conf/stack/config.yaml'`
			`OVERRIDE_CONFIG_PY_FILENAME = 'conf/stack/config.py'`

Add config override to allow for specialization using environment variables. 2014-06-23 15:24:54 +00:00			`OVERRIDE_CONFIG_KEY = 'QUAY_OVERRIDE_CONFIG'`
Eliminate a lot of the if cases in create_user by separating them out. Add a limit to the number of users which can be created based on the license. Add support for creating and loading licenses. 2014-05-28 17:51:52 +00:00			`LICENSE_FILENAME = 'conf/stack/license.enc'`
Merge branch 'master' into ackbar 2015-02-09 22:16:42 +00:00			`>>>>>>> master`
Fix support for multiple stack configurations and move most secrets into the quay-config project. 2014-04-07 20:59:22 +00:00

Index that kinda works and is backed by a database. Still lots to do. 2013-09-20 15:55:44 +00:00			`app = Flask(__name__)`
Add analytics on push and pull repo events in the backend. 2013-10-03 20:19:01 +00:00			`logger = logging.getLogger(__name__)`
Split the app into separate backends, which can use different worker types and different timeouts. 2014-10-14 17:58:08 +00:00			`profile = logging.getLogger('profile')`
Add analytics on push and pull repo events in the backend. 2013-10-03 20:19:01 +00:00
Move config handling into a provider class to make testing much easier 2015-01-09 21:23:31 +00:00			`CONFIG_PROVIDER = FileConfigProvider('conf/stack/', 'config.yaml', 'config.py')`
Use production config in production and dev config in dev. 2013-10-01 03:54:12 +00:00
Move config handling into a provider class to make testing much easier 2015-01-09 21:23:31 +00:00			`# Instantiate the default configuration (for test or for normal operation).`
Fix support for multiple stack configurations and move most secrets into the quay-config project. 2014-04-07 20:59:22 +00:00			`if 'TEST' in os.environ:`
Move config handling into a provider class to make testing much easier 2015-01-09 21:23:31 +00:00			`CONFIG_PROVIDER = TestConfigProvider()`

Fix support for multiple stack configurations and move most secrets into the quay-config project. 2014-04-07 20:59:22 +00:00			`from test.testconfig import TestConfig`
			`logger.debug('Loading test config.')`
			`app.config.from_object(TestConfig())`
			`else:`
			`from config import DefaultConfig`
			`logger.debug('Loading default config.')`
			`app.config.from_object(DefaultConfig())`
Move config handling into a provider class to make testing much easier 2015-01-09 21:23:31 +00:00			`app.teardown_request(database.close_db_filter)`
First attempt at making config loadable through string config overrides in an env variable. 2014-04-03 21:31:46 +00:00
Move config handling into a provider class to make testing much easier 2015-01-09 21:23:31 +00:00			`# Load the override config via the provider.`
			`CONFIG_PROVIDER.update_app_config(app.config)`
Send a confirmation email when an account is created. Links don't do anything yet. 2013-09-27 23:29:01 +00:00
Move config handling into a provider class to make testing much easier 2015-01-09 21:23:31 +00:00			`# Update any configuration found in the override environment variable.`
			`OVERRIDE_CONFIG_KEY = 'QUAY_OVERRIDE_CONFIG'`
Add config override to allow for specialization using environment variables. 2014-06-23 15:24:54 +00:00
Move config handling into a provider class to make testing much easier 2015-01-09 21:23:31 +00:00			`environ_config = json.loads(os.environ.get(OVERRIDE_CONFIG_KEY, '{}'))`
			`app.config.update(environ_config)`
Split the app into separate backends, which can use different worker types and different timeouts. 2014-10-14 17:58:08 +00:00

			`class RequestWithId(Request):`
			`request_gen = staticmethod(urn_generator(['request']))`

			`def __init__(self, args, *kwargs):`
			`super(RequestWithId, self).__init__(args, *kwargs)`
			`self.request_id = self.request_gen()`


			`@app.before_request`
			`def _request_start():`
			`profile.debug('Starting request: %s', request.path)`


			`@app.after_request`
			`def _request_end(r):`
			`profile.debug('Ending request: %s', request.path)`
			`return r`


			`class InjectingFilter(logging.Filter):`
			`def filter(self, record):`
			`record.msg = '[%s] %s' % (request.request_id, record.msg)`
			`return True`

			`profile.addFilter(InjectingFilter())`

			`app.request_class = RequestWithId`

Add a features modules that process the flask dict. 2014-04-03 22:47:17 +00:00			`features.import_features(app.config)`

Fix cookie auth to work with oauth token auth. Make sure user loading is truly deferred to save DB connections. 2014-03-17 16:01:13 +00:00			`Principal(app, use_sessions=False)`
Integrate flask-principal in order to provide RBAC. 2013-09-20 22:38:17 +00:00
Add a configurable avatar system and add an internal avatar system for enterprise 2014-11-25 00:25:13 +00:00			`avatar = Avatar(app)`
Add the olark feature flag to the default config and fix the usage of flask modules. 2014-04-09 03:05:45 +00:00			`login_manager = LoginManager(app)`
			`mail = Mail(app)`
			`storage = Storage(app)`
Add a new RadosGW storage engine. Allow engines to distinguish not only between those that can support direct uploads and downloads, but those that support doing it through the browser. Rename resumeable->resumable. 2014-09-09 19:54:03 +00:00			`userfiles = Userfiles(app, storage)`
Merge remote-tracking branch 'origin/master' into waltermitty Conflicts: app.py data/userfiles.py 2014-09-11 15:18:28 +00:00			`log_archive = LogArchive(app, storage)`
Add the olark feature flag to the default config and fix the usage of flask modules. 2014-04-09 03:05:45 +00:00			`analytics = Analytics(app)`
Fix the tests and implement a fake stripe. 2014-04-10 19:20:16 +00:00			`billing = Billing(app)`
Add sentry exception monitoring. 2014-04-28 22:59:22 +00:00			`sentry = Sentry(app)`
Set up the build logs to use our fake build logs on test and local. 2014-05-09 22:45:11 +00:00			`build_logs = BuildLogs(app)`
Add an alembic migration for the full initial database with the data. Switch LDAP to using bind and creating a federated login entry. Add LDAP support to the registry and index endpoints. Add a username transliteration and suggestion mechanism. Switch the database and model to require a manual initialization call. 2014-05-13 16:17:26 +00:00			`authentication = UserAuthentication(app)`
Split out the redis hostname for user events and build logs as a string config. Modularize the user events and fix all callers. 2014-05-30 18:25:29 +00:00			`userevents = UserEventsBuilderModule(app)`
Add an in-memory superusermanager, which stores the current list of superusers in a process-shared Value. We do this because in the ER, when we add a new superuser, we need to ensure that ALL workers have their lists updated (otherwise we get the behavior that some workers validate the new permission and others do not). 2015-01-20 17:43:11 +00:00			`superusers = SuperUserManager(app)`
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`signer = Signer(app, OVERRIDE_CONFIG_DIRECTORY)`
Change to only run the cloud watch reporter in the gunicorn_web 2015-01-16 18:44:29 +00:00			`queue_metrics = QueueMetrics(app)`

			`tf = app.config['DB_TRANSACTION_FACTORY']`
Add a queue capacity reporter plugin to the queue. Move the queue definitions to app. Add a cloudwatch reporter to the dockerfile build queue. 2014-05-21 23:50:37 +00:00
Get end-to-end configuration setup working, including verification (except for Github, which is in progress) 2015-01-07 21:20:51 +00:00			`github_login = GithubOAuthConfig(app.config, 'GITHUB_LOGIN_CONFIG')`
			`github_trigger = GithubOAuthConfig(app.config, 'GITHUB_TRIGGER_CONFIG')`
			`google_login = GoogleOAuthConfig(app.config, 'GOOGLE_LOGIN_CONFIG')`
- Make the OAuth config system centralized - Add support for Github Enterprise login 2014-11-05 21:43:37 +00:00			`oauth_apps = [github_login, github_trigger, google_login]`

Merge branch 'ldapper' Conflicts: Dockerfile app.py data/database.py endpoints/index.py test/data/test.db 2014-05-22 16:13:41 +00:00			`image_diff_queue = WorkQueue(app.config['DIFFS_QUEUE_NAME'], tf)`
			`dockerfile_build_queue = WorkQueue(app.config['DOCKERFILE_BUILD_QUEUE_NAME'], tf,`
Add a queue capacity reporter plugin to the queue. Move the queue definitions to app. Add a cloudwatch reporter to the dockerfile build queue. 2014-05-21 23:50:37 +00:00			`reporter=queue_metrics.report)`
Convert over to notifications system. Note this is incomplete 2014-07-18 02:51:58 +00:00			`notification_queue = WorkQueue(app.config['NOTIFICATION_QUEUE_NAME'], tf)`
Merge branch 'ldapper' Conflicts: Dockerfile app.py data/database.py endpoints/index.py test/data/test.db 2014-05-22 16:13:41 +00:00
Add an alembic migration for the full initial database with the data. Switch LDAP to using bind and creating a federated login entry. Add LDAP support to the registry and index endpoints. Add a username transliteration and suggestion mechanism. Switch the database and model to require a manual initialization call. 2014-05-13 16:17:26 +00:00			`database.configure(app.config)`
			`model.config.app_config = app.config`
			`model.config.store = storage`
Make sure all user emails that can be sent in enterprise properly adjust to the app's URL 2014-07-29 17:47:54 +00:00
Fix handling of secret key: We now generate it on app startup if it doesn't exist in the config (which it doesn't anymore in the base config.py). 2015-01-05 17:31:02 +00:00			`# Generate a secret key if none was specified.`
			`if app.config['SECRET_KEY'] is None:`
			`logger.debug('Generating in-memory secret key')`
			`app.config['SECRET_KEY'] = generate_secret_key()`

Fix exception handling in the registry health check and make sure the user_loader is registered before the process is forked 2015-01-17 03:41:54 +00:00			`@login_manager.user_loader`
			`def load_user(user_uuid):`
			`logger.debug('User loader loading deferred user with uuid: %s' % user_uuid)`
			`return LoginWrappedDBUser(user_uuid)`

			`class LoginWrappedDBUser(UserMixin):`
			`def __init__(self, user_uuid, db_user=None):`
			`self._uuid = user_uuid`
			`self._db_user = db_user`

			`def db_user(self):`
			`if not self._db_user:`
			`self._db_user = model.get_user_by_uuid(self._uuid)`
			`return self._db_user`

			`def is_authenticated(self):`
			`return self.db_user() is not None`

			`def is_active(self):`
			`return self.db_user().verified`

			`def get_id(self):`
			`return unicode(self._uuid)`

Make sure all user emails that can be sent in enterprise properly adjust to the app's URL 2014-07-29 17:47:54 +00:00			`def get_app_url():`
			`return '%s://%s' % (app.config['PREFERRED_URL_SCHEME'], app.config['SERVER_HOSTNAME'])`