Add support for metadata on robot accounts
Fixes https://jira.coreos.com/browse/QUAY-847 Fixes https://jira.coreos.com/browse/QUAY-816
This commit is contained in:
Joseph Schorr
parent
a693771345
commit
254cdfe43a
8 changed files with 229 additions and 52 deletions
|
|
@ -2,14 +2,31 @@
|
|||
|
||||
from endpoints.api import (resource, nickname, ApiResource, log_action, related_user_resource,
|
||||
require_user_admin, require_scope, path_param, parse_args,
|
||||
truthy_bool, query_param)
|
||||
truthy_bool, query_param, validate_json_request)
|
||||
from endpoints.api.robot_models_pre_oci import pre_oci_model as model
|
||||
from endpoints.exception import Unauthorized
|
||||
from auth.permissions import AdministerOrganizationPermission, OrganizationMemberPermission
|
||||
from auth.auth_context import get_authenticated_user
|
||||
from auth import scopes
|
||||
from util.names import format_robot_username
|
||||
from flask import abort
|
||||
from flask import abort, request
|
||||
|
||||
|
||||
CREATE_ROBOT_SCHEMA = {
|
||||
'type': 'object',
|
||||
'description': 'Optional data for creating a robot',
|
||||
'properties': {
|
||||
'description': {
|
||||
'type': 'string',
|
||||
'description': 'Optional text description for the robot',
|
||||
'maxLength': 255,
|
||||
},
|
||||
'unstructured_metadata': {
|
||||
'type': 'object',
|
||||
'description': 'Optional unstructured metadata for the robot',
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
def robots_list(prefix, include_permissions=False):
|
||||
|
|
@ -38,6 +55,9 @@ class UserRobotList(ApiResource):
|
|||
'The short name for the robot, without any user or organization prefix')
|
||||
class UserRobot(ApiResource):
|
||||
""" Resource for managing a user's robots. """
|
||||
schemas = {
|
||||
'CreateRobot': CREATE_ROBOT_SCHEMA,
|
||||
}
|
||||
|
||||
@require_user_admin
|
||||
@nickname('getUserRobot')
|
||||
|
|
@ -45,16 +65,23 @@ class UserRobot(ApiResource):
|
|||
""" Returns the user's robot with the specified name. """
|
||||
parent = get_authenticated_user()
|
||||
robot = model.get_user_robot(robot_shortname, parent)
|
||||
return robot.to_dict()
|
||||
return robot.to_dict(include_metadata=True)
|
||||
|
||||
@require_user_admin
|
||||
@nickname('createUserRobot')
|
||||
@validate_json_request('CreateRobot', optional=True)
|
||||
def put(self, robot_shortname):
|
||||
""" Create a new user robot with the specified name. """
|
||||
parent = get_authenticated_user()
|
||||
robot = model.create_user_robot(robot_shortname, parent)
|
||||
log_action('create_robot', parent.username, {'robot': robot_shortname})
|
||||
return robot.to_dict(), 201
|
||||
create_data = request.get_json() or {}
|
||||
robot = model.create_user_robot(robot_shortname, parent, create_data.get('description'),
|
||||
create_data.get('unstructured_metadata'))
|
||||
log_action('create_robot', parent.username, {
|
||||
'robot': robot_shortname,
|
||||
'description': create_data.get('description'),
|
||||
'unstructured_metadata': create_data.get('unstructured_metadata'),
|
||||
})
|
||||
return robot.to_dict(include_metadata=True), 201
|
||||
|
||||
@require_user_admin
|
||||
@nickname('deleteUserRobot')
|
||||
|
|
@ -82,6 +109,7 @@ class OrgRobotList(ApiResource):
|
|||
""" List the organization's robots. """
|
||||
permission = OrganizationMemberPermission(orgname)
|
||||
if permission.can():
|
||||
include_metadata = AdministerOrganizationPermission(orgname).can()
|
||||
return robots_list(orgname, include_permissions=parsed_args.get('permissions', False))
|
||||
|
||||
raise Unauthorized()
|
||||
|
|
@ -94,6 +122,9 @@ class OrgRobotList(ApiResource):
|
|||
@related_user_resource(UserRobot)
|
||||
class OrgRobot(ApiResource):
|
||||
""" Resource for managing an organization's robots. """
|
||||
schemas = {
|
||||
'CreateRobot': CREATE_ROBOT_SCHEMA,
|
||||
}
|
||||
|
||||
@require_scope(scopes.ORG_ADMIN)
|
||||
@nickname('getOrgRobot')
|
||||
|
|
@ -102,19 +133,26 @@ class OrgRobot(ApiResource):
|
|||
permission = AdministerOrganizationPermission(orgname)
|
||||
if permission.can():
|
||||
robot = model.get_org_robot(robot_shortname, orgname)
|
||||
return robot.to_dict()
|
||||
return robot.to_dict(include_metadata=True)
|
||||
|
||||
raise Unauthorized()
|
||||
|
||||
@require_scope(scopes.ORG_ADMIN)
|
||||
@nickname('createOrgRobot')
|
||||
@validate_json_request('CreateRobot', optional=True)
|
||||
def put(self, orgname, robot_shortname):
|
||||
""" Create a new robot in the organization. """
|
||||
permission = AdministerOrganizationPermission(orgname)
|
||||
if permission.can():
|
||||
robot = model.create_org_robot(robot_shortname, orgname)
|
||||
log_action('create_robot', orgname, {'robot': robot_shortname})
|
||||
return robot.to_dict(), 201
|
||||
create_data = request.get_json() or {}
|
||||
robot = model.create_org_robot(robot_shortname, orgname, create_data.get('description'),
|
||||
create_data.get('unstructured_metadata'))
|
||||
log_action('create_robot', orgname, {
|
||||
'robot': robot_shortname,
|
||||
'description': create_data.get('description'),
|
||||
'unstructured_metadata': create_data.get('unstructured_metadata'),
|
||||
})
|
||||
return robot.to_dict(include_metadata=True), 201
|
||||
|
||||
raise Unauthorized()
|
||||
|
||||
|
|
|
|||
Reference in a new issue