quay/app.py

import logging
import os
import json

from flask import Flask, request, Request, _request_ctx_stack
from flask.ext.principal import Principal
from flask.ext.login import LoginManager, UserMixin
from flask.ext.mail import Mail
from werkzeug.routing import BaseConverter

import features

from avatars.avatars import Avatar
from storage import Storage
from data import model
from data import database
from data.userfiles import Userfiles
from data.users import UserAuthentication
from data.billing import Billing
from data.buildlogs import BuildLogs
from data.archivedlogs import LogArchive
from data.userevent import UserEventsBuilderModule
from data.queue import WorkQueue
from util.analytics import Analytics
from util.exceptionlog import Sentry
from util.names import urn_generator
from util.oauth import GoogleOAuthConfig, GithubOAuthConfig, GitLabOAuthConfig
from util.signing import Signer
from util.queuemetrics import QueueMetrics
from util.config.provider import FileConfigProvider, TestConfigProvider
from util.config.configutil import generate_secret_key
from util.config.superusermanager import SuperUserManager
from buildman.jobutil.buildreporter import BuildMetrics

OVERRIDE_CONFIG_DIRECTORY = 'conf/stack/'
OVERRIDE_CONFIG_YAML_FILENAME = 'conf/stack/config.yaml'
OVERRIDE_CONFIG_PY_FILENAME = 'conf/stack/config.py'

OVERRIDE_CONFIG_KEY = 'QUAY_OVERRIDE_CONFIG'

CONFIG_PROVIDER = FileConfigProvider(OVERRIDE_CONFIG_DIRECTORY, 'config.yaml', 'config.py')

app = Flask(__name__)
logger = logging.getLogger(__name__)

class RegexConverter(BaseConverter):
  def __init__(self, url_map, *items):
    super(RegexConverter, self).__init__(url_map)
    logger.debug('Installing regex converter with regex: %s', items[0])
    self.regex = items[0]


app.url_map.converters['regex'] = RegexConverter

# Instantiate the default configuration (for test or for normal operation).
if 'TEST' in os.environ:
  CONFIG_PROVIDER = TestConfigProvider()

  from test.testconfig import TestConfig
  logger.debug('Loading test config.')
  app.config.from_object(TestConfig())
else:
  from config import DefaultConfig
  logger.debug('Loading default config.')
  app.config.from_object(DefaultConfig())
  app.teardown_request(database.close_db_filter)

# Load the override config via the provider.
CONFIG_PROVIDER.update_app_config(app.config)

# Update any configuration found in the override environment variable.
OVERRIDE_CONFIG_KEY = 'QUAY_OVERRIDE_CONFIG'

environ_config = json.loads(os.environ.get(OVERRIDE_CONFIG_KEY, '{}'))
app.config.update(environ_config)


class RequestWithId(Request):
  request_gen = staticmethod(urn_generator(['request']))

  def __init__(self, *args, **kwargs):
    super(RequestWithId, self).__init__(*args, **kwargs)
    self.request_id = self.request_gen()


@app.before_request
def _request_start():
  logger.debug('Starting request: %s', request.path)


@app.after_request
def _request_end(r):
  logger.debug('Ending request: %s', request.path)
  return r


class InjectingFilter(logging.Filter):
  def filter(self, record):
    if _request_ctx_stack.top is not None:
      record.msg = '[%s] %s' % (request.request_id, record.msg)
    return True

# Add the request id filter to all handlers of the root logger
for handler in logging.getLogger().handlers:
  handler.addFilter(InjectingFilter())

app.request_class = RequestWithId

features.import_features(app.config)

Principal(app, use_sessions=False)

avatar = Avatar(app)
login_manager = LoginManager(app)
mail = Mail(app)
storage = Storage(app)
userfiles = Userfiles(app, storage)
log_archive = LogArchive(app, storage)
analytics = Analytics(app)
billing = Billing(app)
sentry = Sentry(app)
build_logs = BuildLogs(app)
authentication = UserAuthentication(app, OVERRIDE_CONFIG_DIRECTORY)
userevents = UserEventsBuilderModule(app)
superusers = SuperUserManager(app)
signer = Signer(app, OVERRIDE_CONFIG_DIRECTORY)
queue_metrics = QueueMetrics(app)
build_metrics = BuildMetrics(app)

tf = app.config['DB_TRANSACTION_FACTORY']

github_login = GithubOAuthConfig(app.config, 'GITHUB_LOGIN_CONFIG')
github_trigger = GithubOAuthConfig(app.config, 'GITHUB_TRIGGER_CONFIG')
gitlab_trigger = GitLabOAuthConfig(app.config, 'GITLAB_TRIGGER_CONFIG')
google_login = GoogleOAuthConfig(app.config, 'GOOGLE_LOGIN_CONFIG')
oauth_apps = [github_login, github_trigger, gitlab_trigger, google_login]

image_diff_queue = WorkQueue(app.config['DIFFS_QUEUE_NAME'], tf)
dockerfile_build_queue = WorkQueue(app.config['DOCKERFILE_BUILD_QUEUE_NAME'], tf,
                                   reporter=queue_metrics.report)
notification_queue = WorkQueue(app.config['NOTIFICATION_QUEUE_NAME'], tf)

database.configure(app.config)
model.config.app_config = app.config
model.config.store = storage

# Generate a secret key if none was specified.
if app.config['SECRET_KEY'] is None:
  logger.debug('Generating in-memory secret key')
  app.config['SECRET_KEY'] = generate_secret_key()

@login_manager.user_loader
def load_user(user_uuid):
  logger.debug('User loader loading deferred user with uuid: %s' % user_uuid)
  return LoginWrappedDBUser(user_uuid)

class LoginWrappedDBUser(UserMixin):
  def __init__(self, user_uuid, db_user=None):
    self._uuid = user_uuid
    self._db_user = db_user

  def db_user(self):
    if not self._db_user:
      self._db_user = model.user.get_user_by_uuid(self._uuid)
    return self._db_user

  def is_authenticated(self):
    return self.db_user() is not None

  def is_active(self):
    return self.db_user().verified

  def get_id(self):
    return unicode(self._uuid)

def get_app_url():
  return '%s://%s' % (app.config['PREFERRED_URL_SCHEME'], app.config['SERVER_HOSTNAME'])
Add some login machinery. 2013-09-23 16:37:40 +00:00			`import logging`
Use production config in production and dev config in dev. 2013-10-01 03:54:12 +00:00			`import os`
Add config override to allow for specialization using environment variables. 2014-06-23 15:24:54 +00:00			`import json`
Add some login machinery. 2013-09-23 16:37:40 +00:00
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 21:25:41 +00:00			`from flask import Flask, request, Request, _request_ctx_stack`
Integrate flask-principal in order to provide RBAC. 2013-09-20 22:38:17 +00:00			`from flask.ext.principal import Principal`
Fix exception handling in the registry health check and make sure the user_loader is registered before the process is forked 2015-01-17 03:41:54 +00:00			`from flask.ext.login import LoginManager, UserMixin`
Send a confirmation email when an account is created. Links don't do anything yet. 2013-09-27 23:29:01 +00:00			`from flask.ext.mail import Mail`
Start of a v2 API. 2015-06-22 21:37:13 +00:00			`from werkzeug.routing import BaseConverter`
Add analytics on push and pull repo events in the backend. 2013-10-03 20:19:01 +00:00
Add a features modules that process the flask dict. 2014-04-03 22:47:17 +00:00			`import features`

Merge branch 'master' into v2 2015-02-05 20:37:14 +00:00			`from avatars.avatars import Avatar`
First attempt at making config loadable through string config overrides in an env variable. 2014-04-03 21:31:46 +00:00			`from storage import Storage`
Add an alembic migration for the full initial database with the data. Switch LDAP to using bind and creating a federated login entry. Add LDAP support to the registry and index endpoints. Add a username transliteration and suggestion mechanism. Switch the database and model to require a manual initialization call. 2014-05-13 16:17:26 +00:00			`from data import model`
			`from data import database`
First attempt at making config loadable through string config overrides in an env variable. 2014-04-03 21:31:46 +00:00			`from data.userfiles import Userfiles`
First stab at LDAP integration. 2014-05-09 21:39:43 +00:00			`from data.users import UserAuthentication`
Fix the tests and implement a fake stripe. 2014-04-10 19:20:16 +00:00			`from data.billing import Billing`
Set up the build logs to use our fake build logs on test and local. 2014-05-09 22:45:11 +00:00			`from data.buildlogs import BuildLogs`
Archived logs commit 1. Squash me. 2014-09-08 20:43:17 +00:00			`from data.archivedlogs import LogArchive`
Split out the redis hostname for user events and build logs as a string config. Modularize the user events and fix all callers. 2014-05-30 18:25:29 +00:00			`from data.userevent import UserEventsBuilderModule`
Change to only run the cloud watch reporter in the gunicorn_web 2015-01-16 18:44:29 +00:00			`from data.queue import WorkQueue`
Move config handling into a provider class to make testing much easier 2015-01-09 21:23:31 +00:00			`from util.analytics import Analytics`
			`from util.exceptionlog import Sentry`
			`from util.names import urn_generator`
gitlab oauth 2015-05-02 21:54:48 +00:00			`from util.oauth import GoogleOAuthConfig, GithubOAuthConfig, GitLabOAuthConfig`
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`from util.signing import Signer`
Move config handling into a provider class to make testing much easier 2015-01-09 21:23:31 +00:00			`from util.queuemetrics import QueueMetrics`
Merge branch 'grunt-js-folder' of https://github.com/coreos-inc/quay into ackbar 2015-01-23 22:26:14 +00:00			`from util.config.provider import FileConfigProvider, TestConfigProvider`
Move config handling into a provider class to make testing much easier 2015-01-09 21:23:31 +00:00			`from util.config.configutil import generate_secret_key`
Add an in-memory superusermanager, which stores the current list of superusers in a process-shared Value. We do this because in the ER, when we add a new superuser, we need to ensure that ALL workers have their lists updated (otherwise we get the behavior that some workers validate the new permission and others do not). 2015-01-20 17:43:11 +00:00			`from util.config.superusermanager import SuperUserManager`
buildman: add BuildMetrics and BuildReporter 2015-02-17 15:56:09 +00:00			`from buildman.jobutil.buildreporter import BuildMetrics`
Fix support for multiple stack configurations and move most secrets into the quay-config project. 2014-04-07 20:59:22 +00:00
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`OVERRIDE_CONFIG_DIRECTORY = 'conf/stack/'`
Add support for parsing YAML override config, in addition to Python config 2014-08-22 00:36:11 +00:00			`OVERRIDE_CONFIG_YAML_FILENAME = 'conf/stack/config.yaml'`
			`OVERRIDE_CONFIG_PY_FILENAME = 'conf/stack/config.py'`

Add config override to allow for specialization using environment variables. 2014-06-23 15:24:54 +00:00			`OVERRIDE_CONFIG_KEY = 'QUAY_OVERRIDE_CONFIG'`
Fix support for multiple stack configurations and move most secrets into the quay-config project. 2014-04-07 20:59:22 +00:00
Further merge fixes 2015-02-09 22:28:11 +00:00			`CONFIG_PROVIDER = FileConfigProvider(OVERRIDE_CONFIG_DIRECTORY, 'config.yaml', 'config.py')`
Fix support for multiple stack configurations and move most secrets into the quay-config project. 2014-04-07 20:59:22 +00:00
Index that kinda works and is backed by a database. Still lots to do. 2013-09-20 15:55:44 +00:00			`app = Flask(__name__)`
Add analytics on push and pull repo events in the backend. 2013-10-03 20:19:01 +00:00			`logger = logging.getLogger(__name__)`

Start of a v2 API. 2015-06-22 21:37:13 +00:00			`class RegexConverter(BaseConverter):`
			`def __init__(self, url_map, *items):`
			`super(RegexConverter, self).__init__(url_map)`
			`logger.debug('Installing regex converter with regex: %s', items[0])`
			`self.regex = items[0]`


			`app.url_map.converters['regex'] = RegexConverter`

Move config handling into a provider class to make testing much easier 2015-01-09 21:23:31 +00:00			`# Instantiate the default configuration (for test or for normal operation).`
Fix support for multiple stack configurations and move most secrets into the quay-config project. 2014-04-07 20:59:22 +00:00			`if 'TEST' in os.environ:`
Move config handling into a provider class to make testing much easier 2015-01-09 21:23:31 +00:00			`CONFIG_PROVIDER = TestConfigProvider()`

Fix support for multiple stack configurations and move most secrets into the quay-config project. 2014-04-07 20:59:22 +00:00			`from test.testconfig import TestConfig`
			`logger.debug('Loading test config.')`
			`app.config.from_object(TestConfig())`
			`else:`
			`from config import DefaultConfig`
			`logger.debug('Loading default config.')`
			`app.config.from_object(DefaultConfig())`
Move config handling into a provider class to make testing much easier 2015-01-09 21:23:31 +00:00			`app.teardown_request(database.close_db_filter)`
First attempt at making config loadable through string config overrides in an env variable. 2014-04-03 21:31:46 +00:00
Move config handling into a provider class to make testing much easier 2015-01-09 21:23:31 +00:00			`# Load the override config via the provider.`
			`CONFIG_PROVIDER.update_app_config(app.config)`
Send a confirmation email when an account is created. Links don't do anything yet. 2013-09-27 23:29:01 +00:00
Move config handling into a provider class to make testing much easier 2015-01-09 21:23:31 +00:00			`# Update any configuration found in the override environment variable.`
			`OVERRIDE_CONFIG_KEY = 'QUAY_OVERRIDE_CONFIG'`
Add config override to allow for specialization using environment variables. 2014-06-23 15:24:54 +00:00
Move config handling into a provider class to make testing much easier 2015-01-09 21:23:31 +00:00			`environ_config = json.loads(os.environ.get(OVERRIDE_CONFIG_KEY, '{}'))`
			`app.config.update(environ_config)`
Split the app into separate backends, which can use different worker types and different timeouts. 2014-10-14 17:58:08 +00:00

			`class RequestWithId(Request):`
			`request_gen = staticmethod(urn_generator(['request']))`

			`def __init__(self, args, *kwargs):`
			`super(RequestWithId, self).__init__(args, *kwargs)`
			`self.request_id = self.request_gen()`


			`@app.before_request`
			`def _request_start():`
Unify the logging infrastructure and turn the prod logging level to INFO in preparation for picking up a new cloud logger. 2015-02-11 19:15:18 +00:00			`logger.debug('Starting request: %s', request.path)`
Split the app into separate backends, which can use different worker types and different timeouts. 2014-10-14 17:58:08 +00:00

			`@app.after_request`
			`def _request_end(r):`
Unify the logging infrastructure and turn the prod logging level to INFO in preparation for picking up a new cloud logger. 2015-02-11 19:15:18 +00:00			`logger.debug('Ending request: %s', request.path)`
Split the app into separate backends, which can use different worker types and different timeouts. 2014-10-14 17:58:08 +00:00			`return r`


			`class InjectingFilter(logging.Filter):`
			`def filter(self, record):`
Unify the logging infrastructure and turn the prod logging level to INFO in preparation for picking up a new cloud logger. 2015-02-11 19:15:18 +00:00			`if _request_ctx_stack.top is not None:`
			`record.msg = '[%s] %s' % (request.request_id, record.msg)`
Split the app into separate backends, which can use different worker types and different timeouts. 2014-10-14 17:58:08 +00:00			`return True`

Unify the logging infrastructure and turn the prod logging level to INFO in preparation for picking up a new cloud logger. 2015-02-11 19:15:18 +00:00			`# Add the request id filter to all handlers of the root logger`
			`for handler in logging.getLogger().handlers:`
			`handler.addFilter(InjectingFilter())`
Split the app into separate backends, which can use different worker types and different timeouts. 2014-10-14 17:58:08 +00:00
			`app.request_class = RequestWithId`

Add a features modules that process the flask dict. 2014-04-03 22:47:17 +00:00			`features.import_features(app.config)`

Fix cookie auth to work with oauth token auth. Make sure user loading is truly deferred to save DB connections. 2014-03-17 16:01:13 +00:00			`Principal(app, use_sessions=False)`
Integrate flask-principal in order to provide RBAC. 2013-09-20 22:38:17 +00:00
Add a configurable avatar system and add an internal avatar system for enterprise 2014-11-25 00:25:13 +00:00			`avatar = Avatar(app)`
Add the olark feature flag to the default config and fix the usage of flask modules. 2014-04-09 03:05:45 +00:00			`login_manager = LoginManager(app)`
			`mail = Mail(app)`
			`storage = Storage(app)`
Add a new RadosGW storage engine. Allow engines to distinguish not only between those that can support direct uploads and downloads, but those that support doing it through the browser. Rename resumeable->resumable. 2014-09-09 19:54:03 +00:00			`userfiles = Userfiles(app, storage)`
Merge remote-tracking branch 'origin/master' into waltermitty Conflicts: app.py data/userfiles.py 2014-09-11 15:18:28 +00:00			`log_archive = LogArchive(app, storage)`
Add the olark feature flag to the default config and fix the usage of flask modules. 2014-04-09 03:05:45 +00:00			`analytics = Analytics(app)`
Fix the tests and implement a fake stripe. 2014-04-10 19:20:16 +00:00			`billing = Billing(app)`
Add sentry exception monitoring. 2014-04-28 22:59:22 +00:00			`sentry = Sentry(app)`
Set up the build logs to use our fake build logs on test and local. 2014-05-09 22:45:11 +00:00			`build_logs = BuildLogs(app)`
Refactor JWT auth to not import app locally 2015-06-12 21:58:19 +00:00			`authentication = UserAuthentication(app, OVERRIDE_CONFIG_DIRECTORY)`
Split out the redis hostname for user events and build logs as a string config. Modularize the user events and fix all callers. 2014-05-30 18:25:29 +00:00			`userevents = UserEventsBuilderModule(app)`
Add an in-memory superusermanager, which stores the current list of superusers in a process-shared Value. We do this because in the ER, when we add a new superuser, we need to ensure that ALL workers have their lists updated (otherwise we get the behavior that some workers validate the new permission and others do not). 2015-01-20 17:43:11 +00:00			`superusers = SuperUserManager(app)`
Add signing to the ACI converter 2015-02-04 20:29:24 +00:00			`signer = Signer(app, OVERRIDE_CONFIG_DIRECTORY)`
Change to only run the cloud watch reporter in the gunicorn_web 2015-01-16 18:44:29 +00:00			`queue_metrics = QueueMetrics(app)`
buildman: add BuildMetrics and BuildReporter 2015-02-17 15:56:09 +00:00			`build_metrics = BuildMetrics(app)`
Change to only run the cloud watch reporter in the gunicorn_web 2015-01-16 18:44:29 +00:00
			`tf = app.config['DB_TRANSACTION_FACTORY']`
Add a queue capacity reporter plugin to the queue. Move the queue definitions to app. Add a cloudwatch reporter to the dockerfile build queue. 2014-05-21 23:50:37 +00:00
Get end-to-end configuration setup working, including verification (except for Github, which is in progress) 2015-01-07 21:20:51 +00:00			`github_login = GithubOAuthConfig(app.config, 'GITHUB_LOGIN_CONFIG')`
			`github_trigger = GithubOAuthConfig(app.config, 'GITHUB_TRIGGER_CONFIG')`
gitlab oauth 2015-05-02 21:54:48 +00:00			`gitlab_trigger = GitLabOAuthConfig(app.config, 'GITLAB_TRIGGER_CONFIG')`
Get end-to-end configuration setup working, including verification (except for Github, which is in progress) 2015-01-07 21:20:51 +00:00			`google_login = GoogleOAuthConfig(app.config, 'GOOGLE_LOGIN_CONFIG')`
gitlab oauth 2015-05-02 21:54:48 +00:00			`oauth_apps = [github_login, github_trigger, gitlab_trigger, google_login]`
- Make the OAuth config system centralized - Add support for Github Enterprise login 2014-11-05 21:43:37 +00:00
Merge branch 'ldapper' Conflicts: Dockerfile app.py data/database.py endpoints/index.py test/data/test.db 2014-05-22 16:13:41 +00:00			`image_diff_queue = WorkQueue(app.config['DIFFS_QUEUE_NAME'], tf)`
			`dockerfile_build_queue = WorkQueue(app.config['DOCKERFILE_BUILD_QUEUE_NAME'], tf,`
Add a queue capacity reporter plugin to the queue. Move the queue definitions to app. Add a cloudwatch reporter to the dockerfile build queue. 2014-05-21 23:50:37 +00:00			`reporter=queue_metrics.report)`
Convert over to notifications system. Note this is incomplete 2014-07-18 02:51:58 +00:00			`notification_queue = WorkQueue(app.config['NOTIFICATION_QUEUE_NAME'], tf)`
Merge branch 'ldapper' Conflicts: Dockerfile app.py data/database.py endpoints/index.py test/data/test.db 2014-05-22 16:13:41 +00:00
Add an alembic migration for the full initial database with the data. Switch LDAP to using bind and creating a federated login entry. Add LDAP support to the registry and index endpoints. Add a username transliteration and suggestion mechanism. Switch the database and model to require a manual initialization call. 2014-05-13 16:17:26 +00:00			`database.configure(app.config)`
			`model.config.app_config = app.config`
			`model.config.store = storage`
Make sure all user emails that can be sent in enterprise properly adjust to the app's URL 2014-07-29 17:47:54 +00:00
Fix handling of secret key: We now generate it on app startup if it doesn't exist in the config (which it doesn't anymore in the base config.py). 2015-01-05 17:31:02 +00:00			`# Generate a secret key if none was specified.`
			`if app.config['SECRET_KEY'] is None:`
			`logger.debug('Generating in-memory secret key')`
			`app.config['SECRET_KEY'] = generate_secret_key()`

Fix exception handling in the registry health check and make sure the user_loader is registered before the process is forked 2015-01-17 03:41:54 +00:00			`@login_manager.user_loader`
			`def load_user(user_uuid):`
			`logger.debug('User loader loading deferred user with uuid: %s' % user_uuid)`
			`return LoginWrappedDBUser(user_uuid)`

			`class LoginWrappedDBUser(UserMixin):`
			`def __init__(self, user_uuid, db_user=None):`
			`self._uuid = user_uuid`
			`self._db_user = db_user`

			`def db_user(self):`
			`if not self._db_user:`
Accidental refactor, split out legacy.py into separate sumodules and update all call sites. 2015-07-15 21:25:41 +00:00			`self._db_user = model.user.get_user_by_uuid(self._uuid)`
Fix exception handling in the registry health check and make sure the user_loader is registered before the process is forked 2015-01-17 03:41:54 +00:00			`return self._db_user`

			`def is_authenticated(self):`
			`return self.db_user() is not None`

			`def is_active(self):`
			`return self.db_user().verified`

			`def get_id(self):`
			`return unicode(self._uuid)`

Make sure all user emails that can be sent in enterprise properly adjust to the app's URL 2014-07-29 17:47:54 +00:00			`def get_app_url():`
			`return '%s://%s' % (app.config['PREFERRED_URL_SCHEME'], app.config['SERVER_HOSTNAME'])`