Merge pull request #1698 from coreos-inc/delete-namespace

Add support for deleting namespaces (users, organizations)
2016-10-21 16:54:52 -04:00 · 2016-10-21 16:54:52 -04:00 · edc2bc8b93
commit edc2bc8b93
parent 1bbc110280 73eb66eac5
23 changed files with 407 additions and 33 deletions
--- a/endpoints/api/organization.py
+++ b/endpoints/api/organization.py
@ -6,10 +6,10 @@ from flask import request

 import features

-from app import billing as stripe, avatar
+from app import billing as stripe, avatar, all_queues
 from endpoints.api import (resource, nickname, ApiResource, validate_json_request, request_error,
                           related_user_resource, internal_only, require_user_admin, log_action,
-                           show_if, path_param, require_scope)
+                           show_if, path_param, require_scope, require_fresh_login)
 from endpoints.exception import Unauthorized, NotFound
 from endpoints.api.user import User, PrivateRepositories
 from auth.permissions import (AdministerOrganizationPermission, OrganizationMemberPermission,
@ -199,6 +199,23 @@ class Organization(ApiResource):
    raise Unauthorized()


+  @require_scope(scopes.ORG_ADMIN)
+  @require_fresh_login
+  @nickname('deleteOrganization')
+  def delete(self, orgname):
+    """ Deletes the specified organization. """
+    permission = AdministerOrganizationPermission(orgname)
+    if permission.can():
+      try:
+        org = model.organization.get_organization(orgname)
+      except model.InvalidOrganizationException:
+        raise NotFound()
+
+      model.user.delete_user(org, all_queues)
+
+    return 'Deleted', 204
+
+
@resource('/v1/organization/<orgname>/private')
@path_param('orgname', 'The name of the organization')
@internal_only
--- a/endpoints/api/repository.py
+++ b/endpoints/api/repository.py
@ -8,8 +8,8 @@ from datetime import timedelta, datetime

 from flask import request, abort

+from app import dockerfile_build_queue
 from data import model
-from data.database import Repository as RepositoryTable
 from endpoints.api import (truthy_bool, format_date, nickname, log_action, validate_json_request,
                           require_repo_read, require_repo_write, require_repo_admin,
                           RepositoryParamResource, resource, query_param, parse_args, ApiResource,
@ -353,9 +353,14 @@ class Repository(RepositoryParamResource):
    """ Delete a repository. """
    model.repository.purge_repository(namespace, repository)
    user = model.user.get_namespace_user(namespace)
+
    if features.BILLING:
      plan = get_namespace_plan(namespace)
      check_repository_usage(user, plan)
+
+    # Remove any builds from the queue.
+    dockerfile_build_queue.delete_namespaced_items(namespace, repository)
+
    log_action('delete_repo', namespace,
               {'repo': repository, 'namespace': namespace})
    return 'Deleted', 204
--- a/endpoints/api/superuser.py
+++ b/endpoints/api/superuser.py
@ -11,7 +11,8 @@ from flask import request, make_response, jsonify

 import features

-from app import app, avatar, superusers, authentication, config_provider, license_validator
+from app import (app, avatar, superusers, authentication, config_provider, license_validator,
+                 all_queues)
 from auth import scopes
 from auth.auth_context import get_authenticated_user
 from auth.permissions import SuperUserPermission
@ -366,7 +367,7 @@ class SuperUserManagement(ApiResource):
      if superusers.is_superuser(username):
        abort(403)

-      model.user.delete_user(user)
+      model.user.delete_user(user, all_queues, force=True)
      return 'Deleted', 204

    abort(403)
@ -500,7 +501,7 @@ class SuperUserOrganizationManagement(ApiResource):
    if SuperUserPermission().can():
      org = model.organization.get_organization(name)

-      model.user.delete_user(org)
+      model.user.delete_user(org, all_queues)
      return 'Deleted', 204

    abort(403)
--- a/endpoints/api/user.py
+++ b/endpoints/api/user.py
@ -10,7 +10,7 @@ from peewee import IntegrityError

 import features

-from app import app, billing as stripe, authentication, avatar, user_analytics
+from app import app, billing as stripe, authentication, avatar, user_analytics, all_queues
 from auth import scopes
 from auth.auth_context import get_authenticated_user
 from auth.permissions import (AdministerOrganizationPermission, CreateRepositoryPermission,
@ -346,9 +346,11 @@ class User(ApiResource):
  @validate_json_request('NewUser')
  def post(self):
    """ Create a new user. """
+    if app.config['AUTHENTICATION_TYPE'] != 'Database':
+      abort(404)
+
    user_data = request.get_json()
    invite_code = user_data.get('invite_code', '')
-
    existing_user = model.user.get_nonrobot_user(user_data['username'])
    if existing_user:
      raise request_error(message='The username already exists')
@ -370,6 +372,19 @@ class User(ApiResource):
    except model.user.DataModelException as ex:
      raise request_error(exception=ex)

+  @require_user_admin
+  @require_fresh_login
+  @nickname('deleteCurrentUser')
+  @internal_only
+  def delete(self):
+    """ Deletes the current user. """
+    if app.config['AUTHENTICATION_TYPE'] != 'Database':
+      abort(404)
+
+    model.user.delete_user(get_authenticated_user(), all_queues)
+    return 'Deleted', 204
+
+
@resource('/v1/user/private')
@internal_only
@show_if(features.BILLING)