From 28d319ad2653fd11213970d2e7a938b001306539 Mon Sep 17 00:00:00 2001
From: Joseph Schorr <joseph.schorr@coreos.com>
Date: Tue, 20 Jan 2015 12:43:11 -0500
Subject: [PATCH] Add an in-memory superusermanager, which stores the current
 list of superusers in a process-shared Value. We do this because in the ER,
 when we add a new superuser, we need to ensure that ALL workers have their
 lists updated (otherwise we get the behavior that some workers validate the
 new permission and others do not).

---
 app.py                          |  2 ++
 auth/permissions.py             |  5 ++---
 endpoints/api/suconfig.py       |  6 +++---
 endpoints/api/superuser.py      | 10 ++++-----
 static/partials/super-user.html |  2 +-
 util/config/superusermanager.py | 38 +++++++++++++++++++++++++++++++++
 6 files changed, 51 insertions(+), 12 deletions(-)
 create mode 100644 util/config/superusermanager.py

diff --git a/app.py b/app.py
index b1281b760..6ce4fbf90 100644
--- a/app.py
+++ b/app.py
@@ -29,6 +29,7 @@ from util.names import urn_generator
 from util.oauth import GoogleOAuthConfig, GithubOAuthConfig
 from util.queuemetrics import QueueMetrics
 from util.config.configutil import generate_secret_key
+from util.config.superusermanager import SuperUserManager
 
 
 app = Flask(__name__)
@@ -105,6 +106,7 @@ build_logs = BuildLogs(app)
 queue_metrics = QueueMetrics(app)
 authentication = UserAuthentication(app)
 userevents = UserEventsBuilderModule(app)
+superusers = SuperUserManager(app)
 
 github_login = GithubOAuthConfig(app.config, 'GITHUB_LOGIN_CONFIG')
 github_trigger = GithubOAuthConfig(app.config, 'GITHUB_TRIGGER_CONFIG')
diff --git a/auth/permissions.py b/auth/permissions.py
index efa135155..47a41c257 100644
--- a/auth/permissions.py
+++ b/auth/permissions.py
@@ -7,7 +7,7 @@ from functools import partial
 import scopes
 
 from data import model
-from app import app
+from app import app, superusers
 
 
 logger = logging.getLogger(__name__)
@@ -94,8 +94,7 @@ class QuayDeferredPermissionUser(Identity):
         return super(QuayDeferredPermissionUser, self).can(permission)
 
       # Add the superuser need, if applicable.
-      if (user_object.username is not None and
-          user_object.username in app.config.get('SUPER_USERS', [])):
+      if superusers.is_superuser(user_object.username):
         self.provides.add(_SuperUserNeed())
 
       # Add the user specific permissions, only for non-oauth permission
diff --git a/endpoints/api/suconfig.py b/endpoints/api/suconfig.py
index 50b3635cf..05efb4cd7 100644
--- a/endpoints/api/suconfig.py
+++ b/endpoints/api/suconfig.py
@@ -7,7 +7,7 @@ from endpoints.api import (ApiResource, nickname, resource, internal_only, show_
                            require_fresh_login, request, validate_json_request, verify_not_prod)
 
 from endpoints.common import common_login
-from app import app, CONFIG_PROVIDER
+from app import app, CONFIG_PROVIDER, superusers
 from data import model
 from auth.permissions import SuperUserPermission
 from auth.auth_context import get_authenticated_user
@@ -49,7 +49,7 @@ class SuperUserRegistryStatus(ApiResource):
       'file_exists': file_exists,
       'is_testing': app.config['TESTING'],
       'valid_db': database_is_valid(),
-      'ready': not app.config['TESTING'] and file_exists and bool(app.config['SUPER_USERS'])
+      'ready': not app.config['TESTING'] and file_exists and superusers.has_superusers()
     }
 
 
@@ -215,7 +215,7 @@ class SuperUserCreateInitialSuperUser(ApiResource):
       CONFIG_PROVIDER.save_yaml(config_object)
 
       # Update the in-memory config for the new superuser.
-      app.config['SUPER_USERS'] = [username]
+      superusers.register_superuser(username)
 
       # Conduct login with that user.
       common_login(superuser)
diff --git a/endpoints/api/superuser.py b/endpoints/api/superuser.py
index c8717bd7b..a391b3130 100644
--- a/endpoints/api/superuser.py
+++ b/endpoints/api/superuser.py
@@ -4,7 +4,7 @@ import json
 import os
 
 from random import SystemRandom
-from app import app, avatar
+from app import app, avatar, superusers
 from flask import request
 
 from endpoints.api import (ApiResource, nickname, resource, validate_json_request, request_error,
@@ -109,7 +109,7 @@ def user_view(user):
     'email': user.email,
     'verified': user.verified,
     'avatar': avatar.compute_hash(user.email, name=user.username),
-    'super_user': user.username in app.config['SUPER_USERS']
+    'super_user': superusers.is_superuser(user.username)
   }
 
 @resource('/v1/superuser/usage/')
@@ -217,7 +217,7 @@ class SuperUserSendRecoveryEmail(ApiResource):
       if not user or user.organization or user.robot:
         abort(404)
 
-      if username in app.config['SUPER_USERS']:
+      if superusers.is_superuser(username):
           abort(403)
 
       code = model.create_reset_password_email_code(user.email)
@@ -277,7 +277,7 @@ class SuperUserManagement(ApiResource):
       if not user or user.organization or user.robot:
         abort(404)
 
-      if username in app.config['SUPER_USERS']:
+      if superusers.is_superuser(username):
           abort(403)
 
       model.delete_user(user)
@@ -296,7 +296,7 @@ class SuperUserManagement(ApiResource):
         if not user or user.organization or user.robot:
           abort(404)
 
-        if username in app.config['SUPER_USERS']:
+        if superusers.is_superuser(username):
           abort(403)
 
         user_data = request.get_json()
diff --git a/static/partials/super-user.html b/static/partials/super-user.html
index 847a0ed23..7800c9b1e 100644
--- a/static/partials/super-user.html
+++ b/static/partials/super-user.html
@@ -376,7 +376,7 @@
                 <td>Database Server:</td>
                 <td>
                   <span class="config-string-field" binding="fields.server"
-                        placeholder="localhost"></span>
+                        placeholder="dbserverhost"></span>
                   <div class="help-text">
                     The server (and optionally, custom port) where the database lives
                   </div>
diff --git a/util/config/superusermanager.py b/util/config/superusermanager.py
new file mode 100644
index 000000000..5930da9cf
--- /dev/null
+++ b/util/config/superusermanager.py
@@ -0,0 +1,38 @@
+from multiprocessing.sharedctypes import Value, Array
+from util.validation import MAX_LENGTH
+
+class SuperUserManager(object):
+  """ In-memory helper class for quickly accessing (and updating) the valid
+      set of super users. This class communicates across processes to ensure
+      that the shared set is always the same.
+  """
+
+  def __init__(self, app):
+    usernames = app.config.get('SUPER_USERS', [])
+    usernames_str = ','.join(usernames)
+
+    self._max_length = len(usernames_str) + MAX_LENGTH + 1
+    self._array = Array('c', self._max_length, lock=True)
+    self._array.value = usernames_str
+
+  def is_superuser(self, username):
+    """ Returns if the given username represents a super user. """
+    usernames = self._array.value.split(',')
+    return username in usernames
+
+  def register_superuser(self, username):
+    """ Registers a new username as a super user for the duration of the container.
+        Note that this does *not* change any underlying config files.
+    """
+    usernames = self._array.value.split(',')
+    usernames.append(username)
+    new_string = ','.join(usernames)
+
+    if len(new_string) <= self._max_length:
+      self._array.value = new_string
+    else:
+      raise Exception('Maximum superuser count reached. Please report this to support.')
+
+  def has_superusers(self):
+    """ Returns whether there are any superusers defined. """
+    return bool(self._array.value)