quay/data/database.py

import string
import logging

from random import SystemRandom
from datetime import datetime
from peewee import *
from peewee import create_model_tables

from app import app


logger = logging.getLogger(__name__)
db = app.config['DB_DRIVER'](app.config['DB_NAME'],
                             **app.config['DB_CONNECTION_ARGS'])


def close_db(exc):
  if not db.is_closed():
    logger.debug('Disconnecting from database.')
    db.close()


app.teardown_request(close_db)


class BaseModel(Model):
  class Meta:
    database = db


class User(BaseModel):
  username = CharField(unique=True, index=True)
  password_hash = CharField(null=True)
  email = CharField(unique=True, index=True)
  verified = BooleanField(default=False)
  stripe_id = CharField(index=True, null=True)
  organization = BooleanField(default=False, index=True)


class Team(BaseModel):
  name = CharField(index=True)
  organization = ForeignKeyField(User, index=True)

  class Meta:
    database = db
    indexes = (
      # A team name must be unique within an organization
      (('name', 'organization'), True),
    )


class TeamMember(BaseModel):
  user = ForeignKeyField(User, index=True)
  team = ForeignKeyField(Team, index=True)

  class Meta:
    database = db
    indexes = (
      # A user may belong to a team only once
      (('user', 'team'), True),
    )


class LoginService(BaseModel):
  name = CharField(unique=True, index=True)


class FederatedLogin(BaseModel):
  user = ForeignKeyField(User, index=True)
  service = ForeignKeyField(LoginService, index=True)
  service_ident = CharField()

  class Meta:
    database = db
    indexes = (
      # create a unique index on service and the local service id
      (('service', 'service_ident'), True),

      # a user may only have one federated login per service
      (('service', 'user'), True),
    )


class Visibility(BaseModel):
  name = CharField(index=True)


class Repository(BaseModel):
  namespace = CharField()
  name = CharField()
  visibility = ForeignKeyField(Visibility)
  description = TextField(null=True)

  class Meta:
    database = db
    indexes = (
      # create a unique index on namespace and name
      (('namespace', 'name'), True),
    )


class Role(BaseModel):
  name = CharField(index=True)


class RepositoryPermission(BaseModel):
  team = ForeignKeyField(Team, index=True, null=True)
  user = ForeignKeyField(User, index=True, null=True)
  repository = ForeignKeyField(Repository, index=True)
  role = ForeignKeyField(Role)

  class Meta:
    database = db
    indexes = (
      (('team', 'repository'), True),
      (('user', 'repository'), True),
    )


class TeamPermission(BaseModel):
  team = ForeignKeyField(Team, index=True)
  organization = ForeignKeyField(User, index=True)
  role = ForeignKeyField(Role)

  class Meta:
    database = db
    indexes = (
      (('team', 'organization'), True),
    )


def random_string_generator(length=16):
  def random_string():
    random = SystemRandom()
    return ''.join([random.choice(string.ascii_uppercase + string.digits)
                   for x in range(length)])
  return random_string


class AccessToken(BaseModel):
  friendly_name = CharField(null=True)
  code = CharField(default=random_string_generator(length=64), unique=True,
                   index=True)
  repository = ForeignKeyField(Repository)
  created = DateTimeField(default=datetime.now)
  role = ForeignKeyField(Role)
  temporary = BooleanField(default=True)


class EmailConfirmation(BaseModel):
  code = CharField(default=random_string_generator(), unique=True, index=True)
  user = ForeignKeyField(User)
  pw_reset = BooleanField(default=False)
  email_confirm = BooleanField(default=False)
  created = DateTimeField(default=datetime.now)


class Image(BaseModel):
  # This class is intentionally denormalized. Even though images are supposed
  # to be globally unique we can't treat them as such for permissions and
  # security reasons. So rather than Repository <-> Image being many to many
  # each image now belongs to exactly one repository.
  docker_image_id = CharField()
  checksum = CharField(null=True)
  created = DateTimeField(null=True)
  comment = TextField(null=True)
  repository = ForeignKeyField(Repository)

  # '/' separated list of ancestory ids, e.g. /1/2/6/7/10/
  ancestors = CharField(index=True, default='/', max_length=64535)

  class Meta:
    database = db
    indexes = (
      # we don't really want duplicates
      (('repository', 'docker_image_id'), True),
    )


class RepositoryTag(BaseModel):
  name = CharField()
  image = ForeignKeyField(Image)
  repository = ForeignKeyField(Repository)

  class Meta:
    database = db
    indexes = (
      (('repository', 'name'), True),
    )


class RepositoryBuild(BaseModel):
  repository = ForeignKeyField(Repository)
  access_token = ForeignKeyField(AccessToken)
  resource_key = CharField()
  tag = CharField()
  build_node_id = IntegerField(null=True)
  phase = CharField(default='waiting')
  status_url = CharField(null=True)


class QueueItem(BaseModel):
  queue_name = CharField(index=True)
  body = TextField()
  available_after = DateTimeField(default=datetime.now, index=True)
  available = BooleanField(default=True, index=True)
  processing_expires = DateTimeField(null=True, index=True)


def initialize_db():
  create_model_tables([User, Repository, Image, AccessToken, Role,
                       RepositoryPermission, Visibility, RepositoryTag,
                       EmailConfirmation, FederatedLogin, LoginService,
                       QueueItem, RepositoryBuild, Team, TeamMember,
                       TeamPermission])
  Role.create(name='admin')
  Role.create(name='write')
  Role.create(name='read')
  Visibility.create(name='public')
  Visibility.create(name='private')
  LoginService.create(name='github')
Index that kinda works and is backed by a database. Still lots to do. 2013-09-20 15:55:44 +00:00			`import string`
Open and close the db connection at the beginning and end of each request. 2013-10-02 16:43:45 +00:00			`import logging`
Index that kinda works and is backed by a database. Still lots to do. 2013-09-20 15:55:44 +00:00
Switch the registry and index to use real s3 and rds. 2013-09-30 23:10:27 +00:00			`from random import SystemRandom`
			`from datetime import datetime`
Index that kinda works and is backed by a database. Still lots to do. 2013-09-20 15:55:44 +00:00			`from peewee import *`
			`from peewee import create_model_tables`

Switch the registry and index to use real s3 and rds. 2013-09-30 23:10:27 +00:00			`from app import app`

Index that kinda works and is backed by a database. Still lots to do. 2013-09-20 15:55:44 +00:00
Open and close the db connection at the beginning and end of each request. 2013-10-02 16:43:45 +00:00			`logger = logging.getLogger(__name__)`
Switch the registry and index to use real s3 and rds. 2013-09-30 23:10:27 +00:00			`db = app.config['DB_DRIVER'](app.config['DB_NAME'],`
			`**app.config['DB_CONNECTION_ARGS'])`
Index that kinda works and is backed by a database. Still lots to do. 2013-09-20 15:55:44 +00:00

Open and close the db connection at the beginning and end of each request. 2013-10-02 16:43:45 +00:00			`def close_db(exc):`
			`if not db.is_closed():`
			`logger.debug('Disconnecting from database.')`
			`db.close()`


			`app.teardown_request(close_db)`


Index that kinda works and is backed by a database. Still lots to do. 2013-09-20 15:55:44 +00:00			`class BaseModel(Model):`
			`class Meta:`
			`database = db`


			`class User(BaseModel):`
Create indices that we will probably need. 2013-09-28 03:33:59 +00:00			`username = CharField(unique=True, index=True)`
First iteration of sign-in with gihub. 2013-10-10 03:00:34 +00:00			`password_hash = CharField(null=True)`
Create indices that we will probably need. 2013-09-28 03:33:59 +00:00			`email = CharField(unique=True, index=True)`
Handle the confirmation codes to validate user emails. 2013-09-27 23:55:04 +00:00			`verified = BooleanField(default=False)`
Checkpointing stripe work. 2013-10-02 04:48:03 +00:00			`stripe_id = CharField(index=True, null=True)`
Prepare the underlying data model for organizations. 2013-10-31 20:46:04 +00:00			`organization = BooleanField(default=False, index=True)`


			`class Team(BaseModel):`
Flesh out some of the organization methods and fix the models. 2013-11-01 23:34:17 +00:00			`name = CharField(index=True)`
Prepare the underlying data model for organizations. 2013-10-31 20:46:04 +00:00			`organization = ForeignKeyField(User, index=True)`

Flesh out some of the organization methods and fix the models. 2013-11-01 23:34:17 +00:00			`class Meta:`
			`database = db`
			`indexes = (`
			`# A team name must be unique within an organization`
			`(('name', 'organization'), True),`
			`)`

Prepare the underlying data model for organizations. 2013-10-31 20:46:04 +00:00
			`class TeamMember(BaseModel):`
			`user = ForeignKeyField(User, index=True)`
			`team = ForeignKeyField(Team, index=True)`

			`class Meta:`
			`database = db`
			`indexes = (`
			`# A user may belong to a team only once`
			`(('user', 'team'), True),`
			`)`
Index that kinda works and is backed by a database. Still lots to do. 2013-09-20 15:55:44 +00:00

First iteration of sign-in with gihub. 2013-10-10 03:00:34 +00:00			`class LoginService(BaseModel):`
			`name = CharField(unique=True, index=True)`


			`class FederatedLogin(BaseModel):`
			`user = ForeignKeyField(User, index=True)`
			`service = ForeignKeyField(LoginService, index=True)`
			`service_ident = CharField()`

			`class Meta:`
			`database = db`
			`indexes = (`
			`# create a unique index on service and the local service id`
			`(('service', 'service_ident'), True),`

			`# a user may only have one federated login per service`
			`(('service', 'user'), True),`
			`)`


Integrate flask-principal in order to provide RBAC. 2013-09-20 22:38:17 +00:00			`class Visibility(BaseModel):`
Create indices that we will probably need. 2013-09-28 03:33:59 +00:00			`name = CharField(index=True)`
Integrate flask-principal in order to provide RBAC. 2013-09-20 22:38:17 +00:00

Index that kinda works and is backed by a database. Still lots to do. 2013-09-20 15:55:44 +00:00			`class Repository(BaseModel):`
			`namespace = CharField()`
			`name = CharField()`
Integrate flask-principal in order to provide RBAC. 2013-09-20 22:38:17 +00:00			`visibility = ForeignKeyField(Visibility)`
Long description fields should have been text rather than blob. 2013-10-01 03:22:52 +00:00			`description = TextField(null=True)`
Index that kinda works and is backed by a database. Still lots to do. 2013-09-20 15:55:44 +00:00
			`class Meta:`
			`database = db`
			`indexes = (`
			`# create a unique index on namespace and name`
			`(('namespace', 'name'), True),`
			`)`


Integrate flask-principal in order to provide RBAC. 2013-09-20 22:38:17 +00:00			`class Role(BaseModel):`
Create indices that we will probably need. 2013-09-28 03:33:59 +00:00			`name = CharField(index=True)`
Integrate flask-principal in order to provide RBAC. 2013-09-20 22:38:17 +00:00

			`class RepositoryPermission(BaseModel):`
Flesh out some of the organization methods and fix the models. 2013-11-01 23:34:17 +00:00			`team = ForeignKeyField(Team, index=True, null=True)`
			`user = ForeignKeyField(User, index=True, null=True)`
Create indices that we will probably need. 2013-09-28 03:33:59 +00:00			`repository = ForeignKeyField(Repository, index=True)`
Integrate flask-principal in order to provide RBAC. 2013-09-20 22:38:17 +00:00			`role = ForeignKeyField(Role)`

Create indices that we will probably need. 2013-09-28 03:33:59 +00:00			`class Meta:`
			`database = db`
			`indexes = (`
Flesh out some of the organization methods and fix the models. 2013-11-01 23:34:17 +00:00			`(('team', 'repository'), True),`
Create indices that we will probably need. 2013-09-28 03:33:59 +00:00			`(('user', 'repository'), True),`
			`)`

Integrate flask-principal in order to provide RBAC. 2013-09-20 22:38:17 +00:00
Prepare the underlying data model for organizations. 2013-10-31 20:46:04 +00:00			`class TeamPermission(BaseModel):`
			`team = ForeignKeyField(Team, index=True)`
			`organization = ForeignKeyField(User, index=True)`
			`role = ForeignKeyField(Role)`

			`class Meta:`
			`database = db`
			`indexes = (`
			`(('team', 'organization'), True),`
			`)`


Index that kinda works and is backed by a database. Still lots to do. 2013-09-20 15:55:44 +00:00			`def random_string_generator(length=16):`
			`def random_string():`
			`random = SystemRandom()`
			`return ''.join([random.choice(string.ascii_uppercase + string.digits)`
			`for x in range(length)])`
			`return random_string`


			`class AccessToken(BaseModel):`
First stab at token auth. The UI could use a little bit of polishing. 2013-10-16 18:24:10 +00:00			`friendly_name = CharField(null=True)`
			`code = CharField(default=random_string_generator(length=64), unique=True,`
			`index=True)`
Index that kinda works and is backed by a database. Still lots to do. 2013-09-20 15:55:44 +00:00			`repository = ForeignKeyField(Repository)`
			`created = DateTimeField(default=datetime.now)`
First stab at token auth. The UI could use a little bit of polishing. 2013-10-16 18:24:10 +00:00			`role = ForeignKeyField(Role)`
			`temporary = BooleanField(default=True)`
Index that kinda works and is backed by a database. Still lots to do. 2013-09-20 15:55:44 +00:00

Send a confirmation email when an account is created. Links don't do anything yet. 2013-09-27 23:29:01 +00:00			`class EmailConfirmation(BaseModel):`
Create indices that we will probably need. 2013-09-28 03:33:59 +00:00			`code = CharField(default=random_string_generator(), unique=True, index=True)`
Send a confirmation email when an account is created. Links don't do anything yet. 2013-09-27 23:29:01 +00:00			`user = ForeignKeyField(User)`
			`pw_reset = BooleanField(default=False)`
			`email_confirm = BooleanField(default=False)`
			`created = DateTimeField(default=datetime.now)`


Index that kinda works and is backed by a database. Still lots to do. 2013-09-20 15:55:44 +00:00			`class Image(BaseModel):`
Make images belong to one repository only. Add a description field to the repository. Fix a bug with access tokens. Fix an embarrasing bug with multiple select criteria in peewee. Update the test db. 2013-09-26 19:58:11 +00:00			`# This class is intentionally denormalized. Even though images are supposed`
			`# to be globally unique we can't treat them as such for permissions and`
			`# security reasons. So rather than Repository <-> Image being many to many`
			`# each image now belongs to exactly one repository.`
Rename Image.image_id to Image.docker_image_id to reduce confusion. 2013-10-01 18:14:39 +00:00			`docker_image_id = CharField()`
Index that kinda works and is backed by a database. Still lots to do. 2013-09-20 15:55:44 +00:00			`checksum = CharField(null=True)`
Make images belong to one repository only. Add a description field to the repository. Fix a bug with access tokens. Fix an embarrasing bug with multiple select criteria in peewee. Update the test db. 2013-09-26 19:58:11 +00:00			`created = DateTimeField(null=True)`
Long description fields should have been text rather than blob. 2013-10-01 03:22:52 +00:00			`comment = TextField(null=True)`
Fix some stuff with logins and permissions, add tags to the mode. 2013-09-25 20:46:28 +00:00			`repository = ForeignKeyField(Repository)`

Add image ancestry and update the test db accordingly. 2013-09-30 19:30:00 +00:00			`# '/' separated list of ancestory ids, e.g. /1/2/6/7/10/`
Switch the registry and index to use real s3 and rds. 2013-09-30 23:10:27 +00:00			`ancestors = CharField(index=True, default='/', max_length=64535)`
Add image ancestry and update the test db accordingly. 2013-09-30 19:30:00 +00:00
Index that kinda works and is backed by a database. Still lots to do. 2013-09-20 15:55:44 +00:00			`class Meta:`
			`database = db`
			`indexes = (`
			`# we don't really want duplicates`
Rename Image.image_id to Image.docker_image_id to reduce confusion. 2013-10-01 18:14:39 +00:00			`(('repository', 'docker_image_id'), True),`
Index that kinda works and is backed by a database. Still lots to do. 2013-09-20 15:55:44 +00:00			`)`


Make images belong to one repository only. Add a description field to the repository. Fix a bug with access tokens. Fix an embarrasing bug with multiple select criteria in peewee. Update the test db. 2013-09-26 19:58:11 +00:00			`class RepositoryTag(BaseModel):`
			`name = CharField()`
			`image = ForeignKeyField(Image)`
			`repository = ForeignKeyField(Repository)`

Create indices that we will probably need. 2013-09-28 03:33:59 +00:00			`class Meta:`
			`database = db`
			`indexes = (`
			`(('repository', 'name'), True),`
			`)`

Make images belong to one repository only. Add a description field to the repository. Fix a bug with access tokens. Fix an embarrasing bug with multiple select criteria in peewee. Update the test db. 2013-09-26 19:58:11 +00:00
Add the first part of the build worker that runs on quay. 2013-10-24 20:37:03 +00:00			`class RepositoryBuild(BaseModel):`
Flesh out the create API and wire everything up together. Next up, testing. 2013-10-25 05:14:38 +00:00			`repository = ForeignKeyField(Repository)`
Add a test endpoint that allows us to manually create builds. Add access tokens to the build data. 2013-10-25 22:17:43 +00:00			`access_token = ForeignKeyField(AccessToken)`
Flesh out the create API and wire everything up together. Next up, testing. 2013-10-25 05:14:38 +00:00			`resource_key = CharField()`
Add a test endpoint that allows us to manually create builds. Add access tokens to the build data. 2013-10-25 22:17:43 +00:00			`tag = CharField()`
Fixes and refinements to the dockerfile build system. 2013-10-25 19:13:11 +00:00			`build_node_id = IntegerField(null=True)`
Add the first part of the build worker that runs on quay. 2013-10-24 20:37:03 +00:00			`phase = CharField(default='waiting')`
			`status_url = CharField(null=True)`


Fix a typo on the base model for the queue. 2013-10-18 18:30:49 +00:00			`class QueueItem(BaseModel):`
First few changes for the image diffs feature. 2013-10-17 22:25:19 +00:00			`queue_name = CharField(index=True)`
			`body = TextField()`
			`available_after = DateTimeField(default=datetime.now, index=True)`
			`available = BooleanField(default=True, index=True)`
			`processing_expires = DateTimeField(null=True, index=True)`


Fix a typo. 2013-09-20 23:35:35 +00:00			`def initialize_db():`
Make images belong to one repository only. Add a description field to the repository. Fix a bug with access tokens. Fix an embarrasing bug with multiple select criteria in peewee. Update the test db. 2013-09-26 19:58:11 +00:00			`create_model_tables([User, Repository, Image, AccessToken, Role,`
Handle the confirmation codes to validate user emails. 2013-09-27 23:55:04 +00:00			`RepositoryPermission, Visibility, RepositoryTag,`
First few changes for the image diffs feature. 2013-10-17 22:25:19 +00:00			`EmailConfirmation, FederatedLogin, LoginService,`
Prepare the underlying data model for organizations. 2013-10-31 20:46:04 +00:00			`QueueItem, RepositoryBuild, Team, TeamMember,`
			`TeamPermission])`
Integrate flask-principal in order to provide RBAC. 2013-09-20 22:38:17 +00:00			`Role.create(name='admin')`
			`Role.create(name='write')`
			`Role.create(name='read')`
			`Visibility.create(name='public')`
			`Visibility.create(name='private')`
First iteration of sign-in with gihub. 2013-10-10 03:00:34 +00:00			`LoginService.create(name='github')`