initial import for Open Source 🎉

workers/servicekeyworker/models_interface.py

@@ -0,0 +1,28 @@
+from abc import ABCMeta, abstractmethod
+from six import add_metaclass
+
+
+@add_metaclass(ABCMeta)
+class ServiceKeyWorkerDataInterface(object):
+  """
+  Interface that represents all data store interactions required by the service key worker.
+  """
+
+  @abstractmethod
+  def set_key_expiration(self, key_id, expiration_date):
+    """ Sets the expiration date of the service key with the given key ID to that given. """
+    pass
+
+  @abstractmethod
+  def create_service_key_for_testing(self, expiration):
+    """ Creates a service key for testing with the given expiration. Returns the KID for
+        key.
+    """
+    pass
+
+  @abstractmethod
+  def get_service_key_expiration(self, key_id):
+    """ Returns the expiration date for the key with the given ID. If the key doesn't exist or
+        does not have an expiration, returns None.
+    """
+    pass

workers/servicekeyworker/models_pre_oci.py

@@ -0,0 +1,21 @@
+from data import model
+from workers.servicekeyworker.models_interface import ServiceKeyWorkerDataInterface
+
+
+class PreOCIModel(ServiceKeyWorkerDataInterface):
+  def set_key_expiration(self, kid, expiration_date):
+    model.service_keys.set_key_expiration(kid, expiration_date)
+
+  def create_service_key_for_testing(self, expiration):
+    key = model.service_keys.create_service_key('test', 'somekid', 'quay', '', {}, expiration)
+    return key.kid
+
+  def get_service_key_expiration(self, kid):
+    try:
+      key = model.service_keys.get_service_key(kid, approved_only=False)
+      return key.expiration_date
+    except model.ServiceKeyDoesNotExist:
+      return None
+
+
+pre_oci_model = PreOCIModel()

workers/servicekeyworker/servicekeyworker.py

@@ -0,0 +1,41 @@
+import logging
+from datetime import datetime, timedelta
+
+from app import app, instance_keys, metric_queue
+from workers.servicekeyworker.models_pre_oci import pre_oci_model as model
+from workers.worker import Worker
+
+logger = logging.getLogger(__name__)
+
+
+class ServiceKeyWorker(Worker):
+  def __init__(self):
+    super(ServiceKeyWorker, self).__init__()
+    self.add_operation(self._refresh_service_key,
+                       app.config.get('INSTANCE_SERVICE_KEY_REFRESH', 60) * 60)
+
+  def _refresh_service_key(self):
+    """
+    Refreshes the instance's active service key so it doesn't get garbage collected.
+    """
+    expiration_time = timedelta(minutes=instance_keys.service_key_expiration)
+    new_expiration = datetime.utcnow() + expiration_time
+
+    logger.debug('Starting automatic refresh of service key %s to new expiration %s',
+                 instance_keys.local_key_id, new_expiration)
+    try:
+      model.set_key_expiration(instance_keys.local_key_id, new_expiration)
+    except Exception as ex:
+      logger.exception('Failure for automatic refresh of service key %s with new expiration %s',
+                       instance_keys.local_key_id, new_expiration)
+      metric_queue.instance_key_renewal_failure.Inc(labelvalues=[instance_keys.local_key_id])
+      raise ex
+
+    logger.debug('Finished automatic refresh of service key %s with new expiration %s',
+                 instance_keys.local_key_id, new_expiration)
+    metric_queue.instance_key_renewal_success.Inc(labelvalues=[instance_keys.local_key_id])
+
+
+if __name__ == "__main__":
+  worker = ServiceKeyWorker()
+  worker.start()

workers/servicekeyworker/test/test_servicekeyworker.py

@@ -0,0 +1,23 @@
+from datetime import datetime, timedelta
+from mock import patch
+
+from data import model
+from workers.servicekeyworker.servicekeyworker import ServiceKeyWorker
+from util.morecollections import AttrDict
+
+from test.fixtures import *
+from workers.servicekeyworker.models_pre_oci import pre_oci_model as model
+
+def test_refresh_service_key(initialized_db):
+  # Create a service key for testing.
+  original_expiration = datetime.utcnow() + timedelta(minutes=10)
+  test_key_kid = model.create_service_key_for_testing(original_expiration)
+  assert model.get_service_key_expiration(test_key_kid)
+
+  instance_keys = AttrDict(dict(local_key_id=test_key_kid, service_key_expiration=30))
+  with patch('workers.servicekeyworker.servicekeyworker.instance_keys', instance_keys):
+    worker = ServiceKeyWorker()
+    worker._refresh_service_key()
+
+  # Ensure the key's expiration was changed.
+  assert model.get_service_key_expiration(test_key_kid) > original_expiration