Merge branch 'ldapper'
Conflicts: Dockerfile app.py data/database.py endpoints/index.py test/data/test.db
This commit is contained in:
Jake Moshenko
commit
f6726bd0a4
25 changed files with 1157 additions and 94 deletions
|
|
@ -8,19 +8,19 @@ from peewee import *
|
|||
from sqlalchemy.engine.url import make_url
|
||||
from urlparse import urlparse
|
||||
|
||||
from app import app
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
SCHEME_DRIVERS = {
|
||||
'mysql': MySQLDatabase,
|
||||
'mysql+pymysql': MySQLDatabase,
|
||||
'sqlite': SqliteDatabase,
|
||||
}
|
||||
|
||||
db = Proxy()
|
||||
|
||||
def generate_db(config_object):
|
||||
def configure(config_object):
|
||||
db_kwargs = dict(config_object['DB_CONNECTION_ARGS'])
|
||||
parsed_url = make_url(config_object['DB_URI'])
|
||||
|
||||
|
|
@ -33,10 +33,8 @@ def generate_db(config_object):
|
|||
if parsed_url.password:
|
||||
db_kwargs['passwd'] = parsed_url.password
|
||||
|
||||
return SCHEME_DRIVERS[parsed_url.drivername](parsed_url.database, **db_kwargs)
|
||||
|
||||
|
||||
db = generate_db(app.config)
|
||||
real_db = SCHEME_DRIVERS[parsed_url.drivername](parsed_url.database, **db_kwargs)
|
||||
db.initialize(real_db)
|
||||
|
||||
|
||||
def random_string_generator(length=16):
|
||||
|
|
|
|||
|
|
@ -2,15 +2,17 @@ from __future__ import with_statement
|
|||
from alembic import context
|
||||
from sqlalchemy import engine_from_config, pool
|
||||
from logging.config import fileConfig
|
||||
from urllib import unquote
|
||||
from peewee import SqliteDatabase
|
||||
|
||||
from data.database import all_models
|
||||
from data.database import all_models, db
|
||||
from app import app
|
||||
from data.model.sqlalchemybridge import gen_sqlalchemy_metadata
|
||||
|
||||
# this is the Alembic Config object, which provides
|
||||
# access to the values within the .ini file in use.
|
||||
config = context.config
|
||||
config.set_main_option('sqlalchemy.url', app.config['DB_URI'])
|
||||
config.set_main_option('sqlalchemy.url', unquote(app.config['DB_URI']))
|
||||
|
||||
# Interpret the config file for Python logging.
|
||||
# This line sets up loggers basically.
|
||||
|
|
@ -39,8 +41,8 @@ def run_migrations_offline():
|
|||
script output.
|
||||
|
||||
"""
|
||||
url = app.config['DB_CONNECTION']
|
||||
context.configure(url=url, target_metadata=target_metadata)
|
||||
url = unquote(app.config['DB_URI'])
|
||||
context.configure(url=url, target_metadata=target_metadata, transactional_ddl=True)
|
||||
|
||||
with context.begin_transaction():
|
||||
context.run_migrations()
|
||||
|
|
@ -52,6 +54,11 @@ def run_migrations_online():
|
|||
and associate a connection with the context.
|
||||
|
||||
"""
|
||||
|
||||
if isinstance(db.obj, SqliteDatabase):
|
||||
print ('Skipping Sqlite migration!')
|
||||
return
|
||||
|
||||
engine = engine_from_config(
|
||||
config.get_section(config.config_ini_section),
|
||||
prefix='sqlalchemy.',
|
||||
|
|
|
|||
607
data/migrations/versions/5a07499ce53f_set_up_initial_database.py
Normal file
607
data/migrations/versions/5a07499ce53f_set_up_initial_database.py
Normal file
|
|
@ -0,0 +1,607 @@
|
|||
"""Set up initial database
|
||||
|
||||
Revision ID: 5a07499ce53f
|
||||
Revises: None
|
||||
Create Date: 2014-05-13 11:26:51.808426
|
||||
|
||||
"""
|
||||
|
||||
# revision identifiers, used by Alembic.
|
||||
revision = '5a07499ce53f'
|
||||
down_revision = None
|
||||
|
||||
from alembic import op
|
||||
from data.model.sqlalchemybridge import gen_sqlalchemy_metadata
|
||||
from data.database import all_models
|
||||
import sqlalchemy as sa
|
||||
|
||||
|
||||
def upgrade():
|
||||
schema = gen_sqlalchemy_metadata(all_models)
|
||||
|
||||
### commands auto generated by Alembic - please adjust! ###
|
||||
op.create_table('loginservice',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('name', sa.String(length=255), nullable=False),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('loginservice_name', 'loginservice', ['name'], unique=True)
|
||||
|
||||
op.bulk_insert(schema.tables['loginservice'],
|
||||
[
|
||||
{'id':1, 'name':'github'},
|
||||
{'id':2, 'name':'quayrobot'},
|
||||
{'id':3, 'name':'ldap'},
|
||||
])
|
||||
|
||||
op.create_table('imagestorage',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('uuid', sa.String(length=255), nullable=False),
|
||||
sa.Column('checksum', sa.String(length=255), nullable=True),
|
||||
sa.Column('created', sa.DateTime(), nullable=True),
|
||||
sa.Column('comment', sa.Text(), nullable=True),
|
||||
sa.Column('command', sa.Text(), nullable=True),
|
||||
sa.Column('image_size', sa.BigInteger(), nullable=True),
|
||||
sa.Column('uploading', sa.Boolean(), nullable=True),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_table('queueitem',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('queue_name', sa.String(length=1024), nullable=False),
|
||||
sa.Column('body', sa.Text(), nullable=False),
|
||||
sa.Column('available_after', sa.DateTime(), nullable=False),
|
||||
sa.Column('available', sa.Boolean(), nullable=False),
|
||||
sa.Column('processing_expires', sa.DateTime(), nullable=True),
|
||||
sa.Column('retries_remaining', sa.Integer(), nullable=False),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('queueitem_available', 'queueitem', ['available'], unique=False)
|
||||
op.create_index('queueitem_available_after', 'queueitem', ['available_after'], unique=False)
|
||||
op.create_index('queueitem_processing_expires', 'queueitem', ['processing_expires'], unique=False)
|
||||
op.create_index('queueitem_queue_name', 'queueitem', ['queue_name'], unique=False)
|
||||
op.create_table('role',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('name', sa.String(length=255), nullable=False),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('role_name', 'role', ['name'], unique=False)
|
||||
|
||||
op.bulk_insert(schema.tables['role'],
|
||||
[
|
||||
{'id':1, 'name':'admin'},
|
||||
{'id':2, 'name':'write'},
|
||||
{'id':3, 'name':'read'},
|
||||
])
|
||||
|
||||
op.create_table('logentrykind',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('name', sa.String(length=255), nullable=False),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('logentrykind_name', 'logentrykind', ['name'], unique=False)
|
||||
|
||||
op.bulk_insert(schema.tables['logentrykind'],
|
||||
[
|
||||
{'id':1, 'name':'account_change_plan'},
|
||||
{'id':2, 'name':'account_change_cc'},
|
||||
{'id':3, 'name':'account_change_password'},
|
||||
{'id':4, 'name':'account_convert'},
|
||||
|
||||
{'id':5, 'name':'create_robot'},
|
||||
{'id':6, 'name':'delete_robot'},
|
||||
|
||||
{'id':7, 'name':'create_repo'},
|
||||
{'id':8, 'name':'push_repo'},
|
||||
{'id':9, 'name':'pull_repo'},
|
||||
{'id':10, 'name':'delete_repo'},
|
||||
{'id':11, 'name':'create_tag'},
|
||||
{'id':12, 'name':'move_tag'},
|
||||
{'id':13, 'name':'delete_tag'},
|
||||
{'id':14, 'name':'add_repo_permission'},
|
||||
{'id':15, 'name':'change_repo_permission'},
|
||||
{'id':16, 'name':'delete_repo_permission'},
|
||||
{'id':17, 'name':'change_repo_visibility'},
|
||||
{'id':18, 'name':'add_repo_accesstoken'},
|
||||
{'id':19, 'name':'delete_repo_accesstoken'},
|
||||
{'id':20, 'name':'add_repo_webhook'},
|
||||
{'id':21, 'name':'delete_repo_webhook'},
|
||||
{'id':22, 'name':'set_repo_description'},
|
||||
|
||||
{'id':23, 'name':'build_dockerfile'},
|
||||
|
||||
{'id':24, 'name':'org_create_team'},
|
||||
{'id':25, 'name':'org_delete_team'},
|
||||
{'id':26, 'name':'org_add_team_member'},
|
||||
{'id':27, 'name':'org_remove_team_member'},
|
||||
{'id':28, 'name':'org_set_team_description'},
|
||||
{'id':29, 'name':'org_set_team_role'},
|
||||
|
||||
{'id':30, 'name':'create_prototype_permission'},
|
||||
{'id':31, 'name':'modify_prototype_permission'},
|
||||
{'id':32, 'name':'delete_prototype_permission'},
|
||||
|
||||
{'id':33, 'name':'setup_repo_trigger'},
|
||||
{'id':34, 'name':'delete_repo_trigger'},
|
||||
|
||||
{'id':35, 'name':'create_application'},
|
||||
{'id':36, 'name':'update_application'},
|
||||
{'id':37, 'name':'delete_application'},
|
||||
{'id':38, 'name':'reset_application_client_secret'},
|
||||
])
|
||||
|
||||
op.create_table('notificationkind',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('name', sa.String(length=255), nullable=False),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('notificationkind_name', 'notificationkind', ['name'], unique=False)
|
||||
|
||||
op.bulk_insert(schema.tables['notificationkind'],
|
||||
[
|
||||
{'id':1, 'name':'password_required'},
|
||||
{'id':2, 'name':'over_private_usage'},
|
||||
])
|
||||
|
||||
op.create_table('teamrole',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('name', sa.String(length=255), nullable=False),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('teamrole_name', 'teamrole', ['name'], unique=False)
|
||||
|
||||
op.bulk_insert(schema.tables['teamrole'],
|
||||
[
|
||||
{'id':1, 'name':'admin'},
|
||||
{'id':2, 'name':'creator'},
|
||||
{'id':3, 'name':'member'},
|
||||
])
|
||||
|
||||
op.create_table('visibility',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('name', sa.String(length=255), nullable=False),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('visibility_name', 'visibility', ['name'], unique=False)
|
||||
|
||||
op.bulk_insert(schema.tables['visibility'],
|
||||
[
|
||||
{'id':1, 'name':'public'},
|
||||
{'id':2, 'name':'private'},
|
||||
])
|
||||
|
||||
op.create_table('user',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('username', sa.String(length=255), nullable=False),
|
||||
sa.Column('password_hash', sa.String(length=255), nullable=True),
|
||||
sa.Column('email', sa.String(length=255), nullable=False),
|
||||
sa.Column('verified', sa.Boolean(), nullable=False),
|
||||
sa.Column('stripe_id', sa.String(length=255), nullable=True),
|
||||
sa.Column('organization', sa.Boolean(), nullable=False),
|
||||
sa.Column('robot', sa.Boolean(), nullable=False),
|
||||
sa.Column('invoice_email', sa.Boolean(), nullable=False),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('user_email', 'user', ['email'], unique=True)
|
||||
op.create_index('user_organization', 'user', ['organization'], unique=False)
|
||||
op.create_index('user_robot', 'user', ['robot'], unique=False)
|
||||
op.create_index('user_stripe_id', 'user', ['stripe_id'], unique=False)
|
||||
op.create_index('user_username', 'user', ['username'], unique=True)
|
||||
op.create_table('buildtriggerservice',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('name', sa.String(length=255), nullable=False),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('buildtriggerservice_name', 'buildtriggerservice', ['name'], unique=False)
|
||||
|
||||
op.bulk_insert(schema.tables['buildtriggerservice'],
|
||||
[
|
||||
{'id':1, 'name':'github'},
|
||||
])
|
||||
|
||||
op.create_table('federatedlogin',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('user_id', sa.Integer(), nullable=False),
|
||||
sa.Column('service_id', sa.Integer(), nullable=False),
|
||||
sa.Column('service_ident', sa.String(length=255, collation='utf8_general_ci'), nullable=False),
|
||||
sa.ForeignKeyConstraint(['service_id'], ['loginservice.id'], ),
|
||||
sa.ForeignKeyConstraint(['user_id'], ['user.id'], ),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('federatedlogin_service_id', 'federatedlogin', ['service_id'], unique=False)
|
||||
op.create_index('federatedlogin_service_id_service_ident', 'federatedlogin', ['service_id', 'service_ident'], unique=True)
|
||||
op.create_index('federatedlogin_service_id_user_id', 'federatedlogin', ['service_id', 'user_id'], unique=True)
|
||||
op.create_index('federatedlogin_user_id', 'federatedlogin', ['user_id'], unique=False)
|
||||
op.create_table('oauthapplication',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('client_id', sa.String(length=255), nullable=False),
|
||||
sa.Column('client_secret', sa.String(length=255), nullable=False),
|
||||
sa.Column('redirect_uri', sa.String(length=255), nullable=False),
|
||||
sa.Column('application_uri', sa.String(length=255), nullable=False),
|
||||
sa.Column('organization_id', sa.Integer(), nullable=False),
|
||||
sa.Column('name', sa.String(length=255), nullable=False),
|
||||
sa.Column('description', sa.Text(), nullable=False),
|
||||
sa.Column('gravatar_email', sa.String(length=255), nullable=True),
|
||||
sa.ForeignKeyConstraint(['organization_id'], ['user.id'], ),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('oauthapplication_client_id', 'oauthapplication', ['client_id'], unique=False)
|
||||
op.create_index('oauthapplication_organization_id', 'oauthapplication', ['organization_id'], unique=False)
|
||||
op.create_table('notification',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('uuid', sa.String(length=255), nullable=False),
|
||||
sa.Column('kind_id', sa.Integer(), nullable=False),
|
||||
sa.Column('target_id', sa.Integer(), nullable=False),
|
||||
sa.Column('metadata_json', sa.Text(), nullable=False),
|
||||
sa.Column('created', sa.DateTime(), nullable=False),
|
||||
sa.ForeignKeyConstraint(['kind_id'], ['notificationkind.id'], ),
|
||||
sa.ForeignKeyConstraint(['target_id'], ['user.id'], ),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('notification_created', 'notification', ['created'], unique=False)
|
||||
op.create_index('notification_kind_id', 'notification', ['kind_id'], unique=False)
|
||||
op.create_index('notification_target_id', 'notification', ['target_id'], unique=False)
|
||||
op.create_index('notification_uuid', 'notification', ['uuid'], unique=False)
|
||||
op.create_table('emailconfirmation',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('code', sa.String(length=255), nullable=False),
|
||||
sa.Column('user_id', sa.Integer(), nullable=False),
|
||||
sa.Column('pw_reset', sa.Boolean(), nullable=False),
|
||||
sa.Column('new_email', sa.String(length=255), nullable=True),
|
||||
sa.Column('email_confirm', sa.Boolean(), nullable=False),
|
||||
sa.Column('created', sa.DateTime(), nullable=False),
|
||||
sa.ForeignKeyConstraint(['user_id'], ['user.id'], ),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('emailconfirmation_code', 'emailconfirmation', ['code'], unique=True)
|
||||
op.create_index('emailconfirmation_user_id', 'emailconfirmation', ['user_id'], unique=False)
|
||||
op.create_table('team',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('name', sa.String(length=255), nullable=False),
|
||||
sa.Column('organization_id', sa.Integer(), nullable=False),
|
||||
sa.Column('role_id', sa.Integer(), nullable=False),
|
||||
sa.Column('description', sa.Text(), nullable=False),
|
||||
sa.ForeignKeyConstraint(['organization_id'], ['user.id'], ),
|
||||
sa.ForeignKeyConstraint(['role_id'], ['teamrole.id'], ),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('team_name', 'team', ['name'], unique=False)
|
||||
op.create_index('team_name_organization_id', 'team', ['name', 'organization_id'], unique=True)
|
||||
op.create_index('team_organization_id', 'team', ['organization_id'], unique=False)
|
||||
op.create_index('team_role_id', 'team', ['role_id'], unique=False)
|
||||
op.create_table('repository',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('namespace', sa.String(length=255), nullable=False),
|
||||
sa.Column('name', sa.String(length=255), nullable=False),
|
||||
sa.Column('visibility_id', sa.Integer(), nullable=False),
|
||||
sa.Column('description', sa.Text(), nullable=True),
|
||||
sa.Column('badge_token', sa.String(length=255), nullable=False),
|
||||
sa.ForeignKeyConstraint(['visibility_id'], ['visibility.id'], ),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('repository_namespace_name', 'repository', ['namespace', 'name'], unique=True)
|
||||
op.create_index('repository_visibility_id', 'repository', ['visibility_id'], unique=False)
|
||||
op.create_table('accesstoken',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('friendly_name', sa.String(length=255), nullable=True),
|
||||
sa.Column('code', sa.String(length=255), nullable=False),
|
||||
sa.Column('repository_id', sa.Integer(), nullable=False),
|
||||
sa.Column('created', sa.DateTime(), nullable=False),
|
||||
sa.Column('role_id', sa.Integer(), nullable=False),
|
||||
sa.Column('temporary', sa.Boolean(), nullable=False),
|
||||
sa.ForeignKeyConstraint(['repository_id'], ['repository.id'], ),
|
||||
sa.ForeignKeyConstraint(['role_id'], ['role.id'], ),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('accesstoken_code', 'accesstoken', ['code'], unique=True)
|
||||
op.create_index('accesstoken_repository_id', 'accesstoken', ['repository_id'], unique=False)
|
||||
op.create_index('accesstoken_role_id', 'accesstoken', ['role_id'], unique=False)
|
||||
op.create_table('repositorypermission',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('team_id', sa.Integer(), nullable=True),
|
||||
sa.Column('user_id', sa.Integer(), nullable=True),
|
||||
sa.Column('repository_id', sa.Integer(), nullable=False),
|
||||
sa.Column('role_id', sa.Integer(), nullable=False),
|
||||
sa.ForeignKeyConstraint(['repository_id'], ['repository.id'], ),
|
||||
sa.ForeignKeyConstraint(['role_id'], ['role.id'], ),
|
||||
sa.ForeignKeyConstraint(['team_id'], ['team.id'], ),
|
||||
sa.ForeignKeyConstraint(['user_id'], ['user.id'], ),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('repositorypermission_repository_id', 'repositorypermission', ['repository_id'], unique=False)
|
||||
op.create_index('repositorypermission_role_id', 'repositorypermission', ['role_id'], unique=False)
|
||||
op.create_index('repositorypermission_team_id', 'repositorypermission', ['team_id'], unique=False)
|
||||
op.create_index('repositorypermission_team_id_repository_id', 'repositorypermission', ['team_id', 'repository_id'], unique=True)
|
||||
op.create_index('repositorypermission_user_id', 'repositorypermission', ['user_id'], unique=False)
|
||||
op.create_index('repositorypermission_user_id_repository_id', 'repositorypermission', ['user_id', 'repository_id'], unique=True)
|
||||
op.create_table('oauthaccesstoken',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('uuid', sa.String(length=255), nullable=False),
|
||||
sa.Column('application_id', sa.Integer(), nullable=False),
|
||||
sa.Column('authorized_user_id', sa.Integer(), nullable=False),
|
||||
sa.Column('scope', sa.String(length=255), nullable=False),
|
||||
sa.Column('access_token', sa.String(length=255), nullable=False),
|
||||
sa.Column('token_type', sa.String(length=255), nullable=False),
|
||||
sa.Column('expires_at', sa.DateTime(), nullable=False),
|
||||
sa.Column('refresh_token', sa.String(length=255), nullable=True),
|
||||
sa.Column('data', sa.Text(), nullable=False),
|
||||
sa.ForeignKeyConstraint(['application_id'], ['oauthapplication.id'], ),
|
||||
sa.ForeignKeyConstraint(['authorized_user_id'], ['user.id'], ),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('oauthaccesstoken_access_token', 'oauthaccesstoken', ['access_token'], unique=False)
|
||||
op.create_index('oauthaccesstoken_application_id', 'oauthaccesstoken', ['application_id'], unique=False)
|
||||
op.create_index('oauthaccesstoken_authorized_user_id', 'oauthaccesstoken', ['authorized_user_id'], unique=False)
|
||||
op.create_index('oauthaccesstoken_refresh_token', 'oauthaccesstoken', ['refresh_token'], unique=False)
|
||||
op.create_index('oauthaccesstoken_uuid', 'oauthaccesstoken', ['uuid'], unique=False)
|
||||
op.create_table('teammember',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('user_id', sa.Integer(), nullable=False),
|
||||
sa.Column('team_id', sa.Integer(), nullable=False),
|
||||
sa.ForeignKeyConstraint(['team_id'], ['team.id'], ),
|
||||
sa.ForeignKeyConstraint(['user_id'], ['user.id'], ),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('teammember_team_id', 'teammember', ['team_id'], unique=False)
|
||||
op.create_index('teammember_user_id', 'teammember', ['user_id'], unique=False)
|
||||
op.create_index('teammember_user_id_team_id', 'teammember', ['user_id', 'team_id'], unique=True)
|
||||
op.create_table('webhook',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('public_id', sa.String(length=255), nullable=False),
|
||||
sa.Column('repository_id', sa.Integer(), nullable=False),
|
||||
sa.Column('parameters', sa.Text(), nullable=False),
|
||||
sa.ForeignKeyConstraint(['repository_id'], ['repository.id'], ),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('webhook_public_id', 'webhook', ['public_id'], unique=True)
|
||||
op.create_index('webhook_repository_id', 'webhook', ['repository_id'], unique=False)
|
||||
op.create_table('oauthauthorizationcode',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('application_id', sa.Integer(), nullable=False),
|
||||
sa.Column('code', sa.String(length=255), nullable=False),
|
||||
sa.Column('scope', sa.String(length=255), nullable=False),
|
||||
sa.Column('data', sa.Text(), nullable=False),
|
||||
sa.ForeignKeyConstraint(['application_id'], ['oauthapplication.id'], ),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('oauthauthorizationcode_application_id', 'oauthauthorizationcode', ['application_id'], unique=False)
|
||||
op.create_index('oauthauthorizationcode_code', 'oauthauthorizationcode', ['code'], unique=False)
|
||||
op.create_table('image',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('docker_image_id', sa.String(length=255), nullable=False),
|
||||
sa.Column('checksum', sa.String(length=255), nullable=True),
|
||||
sa.Column('created', sa.DateTime(), nullable=True),
|
||||
sa.Column('comment', sa.Text(), nullable=True),
|
||||
sa.Column('command', sa.Text(), nullable=True),
|
||||
sa.Column('repository_id', sa.Integer(), nullable=False),
|
||||
sa.Column('image_size', sa.BigInteger(), nullable=True),
|
||||
sa.Column('ancestors', sa.String(length=60535, collation='latin1_swedish_ci'), nullable=True),
|
||||
sa.Column('storage_id', sa.Integer(), nullable=True),
|
||||
sa.ForeignKeyConstraint(['repository_id'], ['repository.id'], ),
|
||||
sa.ForeignKeyConstraint(['storage_id'], ['imagestorage.id'], ),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('image_ancestors', 'image', ['ancestors'], unique=False)
|
||||
op.create_index('image_repository_id', 'image', ['repository_id'], unique=False)
|
||||
op.create_index('image_repository_id_docker_image_id', 'image', ['repository_id', 'docker_image_id'], unique=False)
|
||||
op.create_index('image_storage_id', 'image', ['storage_id'], unique=False)
|
||||
op.create_table('permissionprototype',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('org_id', sa.Integer(), nullable=False),
|
||||
sa.Column('uuid', sa.String(length=255), nullable=False),
|
||||
sa.Column('activating_user_id', sa.Integer(), nullable=True),
|
||||
sa.Column('delegate_user_id', sa.Integer(), nullable=True),
|
||||
sa.Column('delegate_team_id', sa.Integer(), nullable=True),
|
||||
sa.Column('role_id', sa.Integer(), nullable=False),
|
||||
sa.ForeignKeyConstraint(['activating_user_id'], ['user.id'], ),
|
||||
sa.ForeignKeyConstraint(['delegate_team_id'], ['team.id'], ),
|
||||
sa.ForeignKeyConstraint(['delegate_user_id'], ['user.id'], ),
|
||||
sa.ForeignKeyConstraint(['org_id'], ['user.id'], ),
|
||||
sa.ForeignKeyConstraint(['role_id'], ['role.id'], ),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('permissionprototype_activating_user_id', 'permissionprototype', ['activating_user_id'], unique=False)
|
||||
op.create_index('permissionprototype_delegate_team_id', 'permissionprototype', ['delegate_team_id'], unique=False)
|
||||
op.create_index('permissionprototype_delegate_user_id', 'permissionprototype', ['delegate_user_id'], unique=False)
|
||||
op.create_index('permissionprototype_org_id', 'permissionprototype', ['org_id'], unique=False)
|
||||
op.create_index('permissionprototype_org_id_activating_user_id', 'permissionprototype', ['org_id', 'activating_user_id'], unique=False)
|
||||
op.create_index('permissionprototype_role_id', 'permissionprototype', ['role_id'], unique=False)
|
||||
op.create_table('repositorytag',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('name', sa.String(length=255), nullable=False),
|
||||
sa.Column('image_id', sa.Integer(), nullable=False),
|
||||
sa.Column('repository_id', sa.Integer(), nullable=False),
|
||||
sa.ForeignKeyConstraint(['image_id'], ['image.id'], ),
|
||||
sa.ForeignKeyConstraint(['repository_id'], ['repository.id'], ),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('repositorytag_image_id', 'repositorytag', ['image_id'], unique=False)
|
||||
op.create_index('repositorytag_repository_id', 'repositorytag', ['repository_id'], unique=False)
|
||||
op.create_index('repositorytag_repository_id_name', 'repositorytag', ['repository_id', 'name'], unique=True)
|
||||
op.create_table('logentry',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('kind_id', sa.Integer(), nullable=False),
|
||||
sa.Column('account_id', sa.Integer(), nullable=False),
|
||||
sa.Column('performer_id', sa.Integer(), nullable=True),
|
||||
sa.Column('repository_id', sa.Integer(), nullable=True),
|
||||
sa.Column('access_token_id', sa.Integer(), nullable=True),
|
||||
sa.Column('datetime', sa.DateTime(), nullable=False),
|
||||
sa.Column('ip', sa.String(length=255), nullable=True),
|
||||
sa.Column('metadata_json', sa.Text(), nullable=False),
|
||||
sa.ForeignKeyConstraint(['access_token_id'], ['accesstoken.id'], ),
|
||||
sa.ForeignKeyConstraint(['account_id'], ['user.id'], ),
|
||||
sa.ForeignKeyConstraint(['kind_id'], ['logentrykind.id'], ),
|
||||
sa.ForeignKeyConstraint(['performer_id'], ['user.id'], ),
|
||||
sa.ForeignKeyConstraint(['repository_id'], ['repository.id'], ),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('logentry_access_token_id', 'logentry', ['access_token_id'], unique=False)
|
||||
op.create_index('logentry_account_id', 'logentry', ['account_id'], unique=False)
|
||||
op.create_index('logentry_datetime', 'logentry', ['datetime'], unique=False)
|
||||
op.create_index('logentry_kind_id', 'logentry', ['kind_id'], unique=False)
|
||||
op.create_index('logentry_performer_id', 'logentry', ['performer_id'], unique=False)
|
||||
op.create_index('logentry_repository_id', 'logentry', ['repository_id'], unique=False)
|
||||
op.create_table('repositorybuildtrigger',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('uuid', sa.String(length=255), nullable=False),
|
||||
sa.Column('service_id', sa.Integer(), nullable=False),
|
||||
sa.Column('repository_id', sa.Integer(), nullable=False),
|
||||
sa.Column('connected_user_id', sa.Integer(), nullable=False),
|
||||
sa.Column('auth_token', sa.String(length=255), nullable=False),
|
||||
sa.Column('config', sa.Text(), nullable=False),
|
||||
sa.Column('write_token_id', sa.Integer(), nullable=True),
|
||||
sa.Column('pull_robot_id', sa.Integer(), nullable=True),
|
||||
sa.ForeignKeyConstraint(['connected_user_id'], ['user.id'], ),
|
||||
sa.ForeignKeyConstraint(['pull_robot_id'], ['user.id'], ),
|
||||
sa.ForeignKeyConstraint(['repository_id'], ['repository.id'], ),
|
||||
sa.ForeignKeyConstraint(['service_id'], ['buildtriggerservice.id'], ),
|
||||
sa.ForeignKeyConstraint(['write_token_id'], ['accesstoken.id'], ),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('repositorybuildtrigger_connected_user_id', 'repositorybuildtrigger', ['connected_user_id'], unique=False)
|
||||
op.create_index('repositorybuildtrigger_pull_robot_id', 'repositorybuildtrigger', ['pull_robot_id'], unique=False)
|
||||
op.create_index('repositorybuildtrigger_repository_id', 'repositorybuildtrigger', ['repository_id'], unique=False)
|
||||
op.create_index('repositorybuildtrigger_service_id', 'repositorybuildtrigger', ['service_id'], unique=False)
|
||||
op.create_index('repositorybuildtrigger_write_token_id', 'repositorybuildtrigger', ['write_token_id'], unique=False)
|
||||
op.create_table('repositorybuild',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('uuid', sa.String(length=255), nullable=False),
|
||||
sa.Column('repository_id', sa.Integer(), nullable=False),
|
||||
sa.Column('access_token_id', sa.Integer(), nullable=False),
|
||||
sa.Column('resource_key', sa.String(length=255), nullable=False),
|
||||
sa.Column('job_config', sa.Text(), nullable=False),
|
||||
sa.Column('phase', sa.String(length=255), nullable=False),
|
||||
sa.Column('started', sa.DateTime(), nullable=False),
|
||||
sa.Column('display_name', sa.String(length=255), nullable=False),
|
||||
sa.Column('trigger_id', sa.Integer(), nullable=True),
|
||||
sa.Column('pull_robot_id', sa.Integer(), nullable=True),
|
||||
sa.ForeignKeyConstraint(['access_token_id'], ['accesstoken.id'], ),
|
||||
sa.ForeignKeyConstraint(['pull_robot_id'], ['user.id'], ),
|
||||
sa.ForeignKeyConstraint(['repository_id'], ['repository.id'], ),
|
||||
sa.ForeignKeyConstraint(['trigger_id'], ['repositorybuildtrigger.id'], ),
|
||||
sa.PrimaryKeyConstraint('id')
|
||||
)
|
||||
op.create_index('repositorybuild_access_token_id', 'repositorybuild', ['access_token_id'], unique=False)
|
||||
op.create_index('repositorybuild_pull_robot_id', 'repositorybuild', ['pull_robot_id'], unique=False)
|
||||
op.create_index('repositorybuild_repository_id', 'repositorybuild', ['repository_id'], unique=False)
|
||||
op.create_index('repositorybuild_resource_key', 'repositorybuild', ['resource_key'], unique=False)
|
||||
op.create_index('repositorybuild_trigger_id', 'repositorybuild', ['trigger_id'], unique=False)
|
||||
op.create_index('repositorybuild_uuid', 'repositorybuild', ['uuid'], unique=False)
|
||||
### end Alembic commands ###
|
||||
|
||||
|
||||
def downgrade():
|
||||
### commands auto generated by Alembic - please adjust! ###
|
||||
op.drop_index('repositorybuild_uuid', table_name='repositorybuild')
|
||||
op.drop_index('repositorybuild_trigger_id', table_name='repositorybuild')
|
||||
op.drop_index('repositorybuild_resource_key', table_name='repositorybuild')
|
||||
op.drop_index('repositorybuild_repository_id', table_name='repositorybuild')
|
||||
op.drop_index('repositorybuild_pull_robot_id', table_name='repositorybuild')
|
||||
op.drop_index('repositorybuild_access_token_id', table_name='repositorybuild')
|
||||
op.drop_table('repositorybuild')
|
||||
op.drop_index('repositorybuildtrigger_write_token_id', table_name='repositorybuildtrigger')
|
||||
op.drop_index('repositorybuildtrigger_service_id', table_name='repositorybuildtrigger')
|
||||
op.drop_index('repositorybuildtrigger_repository_id', table_name='repositorybuildtrigger')
|
||||
op.drop_index('repositorybuildtrigger_pull_robot_id', table_name='repositorybuildtrigger')
|
||||
op.drop_index('repositorybuildtrigger_connected_user_id', table_name='repositorybuildtrigger')
|
||||
op.drop_table('repositorybuildtrigger')
|
||||
op.drop_index('logentry_repository_id', table_name='logentry')
|
||||
op.drop_index('logentry_performer_id', table_name='logentry')
|
||||
op.drop_index('logentry_kind_id', table_name='logentry')
|
||||
op.drop_index('logentry_datetime', table_name='logentry')
|
||||
op.drop_index('logentry_account_id', table_name='logentry')
|
||||
op.drop_index('logentry_access_token_id', table_name='logentry')
|
||||
op.drop_table('logentry')
|
||||
op.drop_index('repositorytag_repository_id_name', table_name='repositorytag')
|
||||
op.drop_index('repositorytag_repository_id', table_name='repositorytag')
|
||||
op.drop_index('repositorytag_image_id', table_name='repositorytag')
|
||||
op.drop_table('repositorytag')
|
||||
op.drop_index('permissionprototype_role_id', table_name='permissionprototype')
|
||||
op.drop_index('permissionprototype_org_id_activating_user_id', table_name='permissionprototype')
|
||||
op.drop_index('permissionprototype_org_id', table_name='permissionprototype')
|
||||
op.drop_index('permissionprototype_delegate_user_id', table_name='permissionprototype')
|
||||
op.drop_index('permissionprototype_delegate_team_id', table_name='permissionprototype')
|
||||
op.drop_index('permissionprototype_activating_user_id', table_name='permissionprototype')
|
||||
op.drop_table('permissionprototype')
|
||||
op.drop_index('image_storage_id', table_name='image')
|
||||
op.drop_index('image_repository_id_docker_image_id', table_name='image')
|
||||
op.drop_index('image_repository_id', table_name='image')
|
||||
op.drop_index('image_ancestors', table_name='image')
|
||||
op.drop_table('image')
|
||||
op.drop_index('oauthauthorizationcode_code', table_name='oauthauthorizationcode')
|
||||
op.drop_index('oauthauthorizationcode_application_id', table_name='oauthauthorizationcode')
|
||||
op.drop_table('oauthauthorizationcode')
|
||||
op.drop_index('webhook_repository_id', table_name='webhook')
|
||||
op.drop_index('webhook_public_id', table_name='webhook')
|
||||
op.drop_table('webhook')
|
||||
op.drop_index('teammember_user_id_team_id', table_name='teammember')
|
||||
op.drop_index('teammember_user_id', table_name='teammember')
|
||||
op.drop_index('teammember_team_id', table_name='teammember')
|
||||
op.drop_table('teammember')
|
||||
op.drop_index('oauthaccesstoken_uuid', table_name='oauthaccesstoken')
|
||||
op.drop_index('oauthaccesstoken_refresh_token', table_name='oauthaccesstoken')
|
||||
op.drop_index('oauthaccesstoken_authorized_user_id', table_name='oauthaccesstoken')
|
||||
op.drop_index('oauthaccesstoken_application_id', table_name='oauthaccesstoken')
|
||||
op.drop_index('oauthaccesstoken_access_token', table_name='oauthaccesstoken')
|
||||
op.drop_table('oauthaccesstoken')
|
||||
op.drop_index('repositorypermission_user_id_repository_id', table_name='repositorypermission')
|
||||
op.drop_index('repositorypermission_user_id', table_name='repositorypermission')
|
||||
op.drop_index('repositorypermission_team_id_repository_id', table_name='repositorypermission')
|
||||
op.drop_index('repositorypermission_team_id', table_name='repositorypermission')
|
||||
op.drop_index('repositorypermission_role_id', table_name='repositorypermission')
|
||||
op.drop_index('repositorypermission_repository_id', table_name='repositorypermission')
|
||||
op.drop_table('repositorypermission')
|
||||
op.drop_index('accesstoken_role_id', table_name='accesstoken')
|
||||
op.drop_index('accesstoken_repository_id', table_name='accesstoken')
|
||||
op.drop_index('accesstoken_code', table_name='accesstoken')
|
||||
op.drop_table('accesstoken')
|
||||
op.drop_index('repository_visibility_id', table_name='repository')
|
||||
op.drop_index('repository_namespace_name', table_name='repository')
|
||||
op.drop_table('repository')
|
||||
op.drop_index('team_role_id', table_name='team')
|
||||
op.drop_index('team_organization_id', table_name='team')
|
||||
op.drop_index('team_name_organization_id', table_name='team')
|
||||
op.drop_index('team_name', table_name='team')
|
||||
op.drop_table('team')
|
||||
op.drop_index('emailconfirmation_user_id', table_name='emailconfirmation')
|
||||
op.drop_index('emailconfirmation_code', table_name='emailconfirmation')
|
||||
op.drop_table('emailconfirmation')
|
||||
op.drop_index('notification_uuid', table_name='notification')
|
||||
op.drop_index('notification_target_id', table_name='notification')
|
||||
op.drop_index('notification_kind_id', table_name='notification')
|
||||
op.drop_index('notification_created', table_name='notification')
|
||||
op.drop_table('notification')
|
||||
op.drop_index('oauthapplication_organization_id', table_name='oauthapplication')
|
||||
op.drop_index('oauthapplication_client_id', table_name='oauthapplication')
|
||||
op.drop_table('oauthapplication')
|
||||
op.drop_index('federatedlogin_user_id', table_name='federatedlogin')
|
||||
op.drop_index('federatedlogin_service_id_user_id', table_name='federatedlogin')
|
||||
op.drop_index('federatedlogin_service_id_service_ident', table_name='federatedlogin')
|
||||
op.drop_index('federatedlogin_service_id', table_name='federatedlogin')
|
||||
op.drop_table('federatedlogin')
|
||||
op.drop_index('buildtriggerservice_name', table_name='buildtriggerservice')
|
||||
op.drop_table('buildtriggerservice')
|
||||
op.drop_index('user_username', table_name='user')
|
||||
op.drop_index('user_stripe_id', table_name='user')
|
||||
op.drop_index('user_robot', table_name='user')
|
||||
op.drop_index('user_organization', table_name='user')
|
||||
op.drop_index('user_email', table_name='user')
|
||||
op.drop_table('user')
|
||||
op.drop_index('visibility_name', table_name='visibility')
|
||||
op.drop_table('visibility')
|
||||
op.drop_index('teamrole_name', table_name='teamrole')
|
||||
op.drop_table('teamrole')
|
||||
op.drop_index('notificationkind_name', table_name='notificationkind')
|
||||
op.drop_table('notificationkind')
|
||||
op.drop_index('logentrykind_name', table_name='logentrykind')
|
||||
op.drop_table('logentrykind')
|
||||
op.drop_index('role_name', table_name='role')
|
||||
op.drop_table('role')
|
||||
op.drop_index('queueitem_queue_name', table_name='queueitem')
|
||||
op.drop_index('queueitem_processing_expires', table_name='queueitem')
|
||||
op.drop_index('queueitem_available_after', table_name='queueitem')
|
||||
op.drop_index('queueitem_available', table_name='queueitem')
|
||||
op.drop_table('queueitem')
|
||||
op.drop_table('imagestorage')
|
||||
op.drop_index('loginservice_name', table_name='loginservice')
|
||||
op.drop_table('loginservice')
|
||||
### end Alembic commands ###
|
||||
|
|
@ -8,11 +8,17 @@ from data.database import *
|
|||
from util.validation import *
|
||||
from util.names import format_robot_username
|
||||
|
||||
from app import storage as store
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
transaction_factory = app.config['DB_TRANSACTION_FACTORY']
|
||||
|
||||
|
||||
class Config(object):
|
||||
def __init__(self):
|
||||
self.app_config = None
|
||||
self.store = None
|
||||
|
||||
config = Config()
|
||||
|
||||
|
||||
class DataModelException(Exception):
|
||||
pass
|
||||
|
|
@ -58,7 +64,7 @@ class InvalidBuildTriggerException(DataModelException):
|
|||
pass
|
||||
|
||||
|
||||
def create_user(username, password, email, is_organization=False):
|
||||
def create_user(username, password, email, add_change_pw_notification=True):
|
||||
if not validate_email(email):
|
||||
raise InvalidEmailAddressException('Invalid email address: %s' % email)
|
||||
|
||||
|
|
@ -97,7 +103,7 @@ def create_user(username, password, email, is_organization=False):
|
|||
|
||||
# If the password is None, then add a notification for the user to change
|
||||
# their password ASAP.
|
||||
if not pw_hash and not is_organization:
|
||||
if not pw_hash and add_change_pw_notification:
|
||||
create_notification('password_required', new_user)
|
||||
|
||||
return new_user
|
||||
|
|
@ -105,10 +111,18 @@ def create_user(username, password, email, is_organization=False):
|
|||
raise DataModelException(ex.message)
|
||||
|
||||
|
||||
def is_username_unique(test_username):
|
||||
try:
|
||||
User.get((User.username == test_username))
|
||||
return False
|
||||
except User.DoesNotExist:
|
||||
return True
|
||||
|
||||
|
||||
def create_organization(name, email, creating_user):
|
||||
try:
|
||||
# Create the org
|
||||
new_org = create_user(name, None, email, is_organization=True)
|
||||
new_org = create_user(name, None, email, add_change_pw_notification=False)
|
||||
new_org.organization = True
|
||||
new_org.save()
|
||||
|
||||
|
|
@ -340,18 +354,16 @@ def attach_federated_login(user, service_name, service_id):
|
|||
|
||||
|
||||
def verify_federated_login(service_name, service_id):
|
||||
selected = FederatedLogin.select(FederatedLogin, User)
|
||||
with_service = selected.join(LoginService)
|
||||
with_user = with_service.switch(FederatedLogin).join(User)
|
||||
found = with_user.where(FederatedLogin.service_ident == service_id,
|
||||
LoginService.name == service_name)
|
||||
|
||||
found_list = list(found)
|
||||
|
||||
if found_list:
|
||||
return found_list[0].user
|
||||
|
||||
return None
|
||||
try:
|
||||
found = (FederatedLogin
|
||||
.select(FederatedLogin, User)
|
||||
.join(LoginService)
|
||||
.switch(FederatedLogin).join(User)
|
||||
.where(FederatedLogin.service_ident == service_id, LoginService.name == service_name)
|
||||
.get())
|
||||
return found.user
|
||||
except FederatedLogin.DoesNotExist:
|
||||
return None
|
||||
|
||||
|
||||
def list_federated_logins(user):
|
||||
|
|
@ -935,7 +947,7 @@ def __translate_ancestry(old_ancestry, translations, repository, username):
|
|||
|
||||
def find_create_or_link_image(docker_image_id, repository, username,
|
||||
translations):
|
||||
with transaction_factory(db):
|
||||
with config.app_config['DB_TRANSACTION_FACTORY'](db):
|
||||
repo_image = get_repo_image(repository.namespace, repository.name,
|
||||
docker_image_id)
|
||||
if repo_image:
|
||||
|
|
@ -1018,7 +1030,7 @@ def set_image_size(docker_image_id, namespace_name, repository_name,
|
|||
|
||||
def set_image_metadata(docker_image_id, namespace_name, repository_name,
|
||||
created_date_str, comment, command, parent=None):
|
||||
with transaction_factory(db):
|
||||
with config.app_config['DB_TRANSACTION_FACTORY'](db):
|
||||
query = (Image
|
||||
.select(Image, ImageStorage)
|
||||
.join(Repository)
|
||||
|
|
@ -1064,7 +1076,7 @@ def list_repository_tags(namespace_name, repository_name):
|
|||
|
||||
|
||||
def garbage_collect_repository(namespace_name, repository_name):
|
||||
with transaction_factory(db):
|
||||
with config.app_config['DB_TRANSACTION_FACTORY'](db):
|
||||
# Get a list of all images used by tags in the repository
|
||||
tag_query = (RepositoryTag
|
||||
.select(RepositoryTag, Image, ImageStorage)
|
||||
|
|
@ -1098,10 +1110,10 @@ def garbage_collect_repository(namespace_name, repository_name):
|
|||
image_to_remove.storage.uuid)
|
||||
uuids_to_check_for_gc.add(image_to_remove.storage.uuid)
|
||||
else:
|
||||
image_path = store.image_path(namespace_name, repository_name,
|
||||
image_to_remove.docker_image_id, None)
|
||||
image_path = config.store.image_path(namespace_name, repository_name,
|
||||
image_to_remove.docker_image_id, None)
|
||||
logger.debug('Deleting image storage: %s', image_path)
|
||||
store.remove(image_path)
|
||||
config.store.remove(image_path)
|
||||
|
||||
image_to_remove.delete_instance()
|
||||
|
||||
|
|
@ -1116,10 +1128,9 @@ def garbage_collect_repository(namespace_name, repository_name):
|
|||
for storage in storage_to_remove:
|
||||
logger.debug('Garbage collecting image storage: %s', storage.uuid)
|
||||
storage.delete_instance()
|
||||
image_path = store.image_path(namespace_name, repository_name,
|
||||
image_to_remove.docker_image_id,
|
||||
storage.uuid)
|
||||
store.remove(image_path)
|
||||
image_path = config.store.image_path(namespace_name, repository_name,
|
||||
image_to_remove.docker_image_id, storage.uuid)
|
||||
config.store.remove(image_path)
|
||||
|
||||
return len(to_remove)
|
||||
|
||||
|
|
@ -1489,8 +1500,8 @@ def get_pull_credentials(robotname):
|
|||
return {
|
||||
'username': robot.username,
|
||||
'password': login_info.service_ident,
|
||||
'registry': '%s://%s/v1/' % (app.config['PREFERRED_URL_SCHEME'],
|
||||
app.config['SERVER_HOSTNAME']),
|
||||
'registry': '%s://%s/v1/' % (config.app_config['PREFERRED_URL_SCHEME'],
|
||||
config.app_config['SERVER_HOSTNAME']),
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,19 +1,17 @@
|
|||
from datetime import datetime, timedelta
|
||||
|
||||
from data.database import QueueItem, db
|
||||
from app import app
|
||||
|
||||
|
||||
transaction_factory = app.config['DB_TRANSACTION_FACTORY']
|
||||
|
||||
|
||||
MINIMUM_EXTENSION = timedelta(seconds=20)
|
||||
|
||||
|
||||
class WorkQueue(object):
|
||||
def __init__(self, queue_name, canonical_name_match_list=None, reporter=None):
|
||||
def __init__(self, queue_name, transaction_factory,
|
||||
canonical_name_match_list=None, reporter=None):
|
||||
self._queue_name = queue_name
|
||||
self._reporter = reporter
|
||||
self._transaction_factory = transaction_factory
|
||||
|
||||
if canonical_name_match_list is None:
|
||||
self._canonical_name_match_list = []
|
||||
|
|
@ -55,7 +53,7 @@ class WorkQueue(object):
|
|||
self._reporter(running, total_jobs)
|
||||
|
||||
def update_metrics(self):
|
||||
with transaction_factory(db):
|
||||
with self._transaction_factory(db):
|
||||
self._report_queue_metrics()
|
||||
|
||||
def put(self, canonical_name_list, message, available_after=0, retries_remaining=5):
|
||||
|
|
@ -74,7 +72,7 @@ class WorkQueue(object):
|
|||
available_date = datetime.now() + timedelta(seconds=available_after)
|
||||
params['available_after'] = available_date
|
||||
|
||||
with transaction_factory(db):
|
||||
with self._transaction_factory(db):
|
||||
QueueItem.create(**params)
|
||||
self._report_queue_metrics()
|
||||
|
||||
|
|
@ -87,7 +85,7 @@ class WorkQueue(object):
|
|||
|
||||
name_match_query = self._name_match_query()
|
||||
|
||||
with transaction_factory(db):
|
||||
with self._transaction_factory(db):
|
||||
running = self._running_jobs(now, name_match_query)
|
||||
|
||||
avail = QueueItem.select().where(QueueItem.queue_name ** name_match_query,
|
||||
|
|
@ -113,12 +111,12 @@ class WorkQueue(object):
|
|||
return item
|
||||
|
||||
def complete(self, completed_item):
|
||||
with transaction_factory(db):
|
||||
with self._transaction_factory(db):
|
||||
completed_item.delete_instance()
|
||||
self._report_queue_metrics()
|
||||
|
||||
def incomplete(self, incomplete_item, retry_after=300, restore_retry=False):
|
||||
with transaction_factory(db):
|
||||
with self._transaction_factory(db):
|
||||
retry_date = datetime.now() + timedelta(seconds=retry_after)
|
||||
incomplete_item.available_after = retry_date
|
||||
incomplete_item.available = True
|
||||
|
|
|
|||
144
data/users.py
Normal file
144
data/users.py
Normal file
|
|
@ -0,0 +1,144 @@
|
|||
import ldap
|
||||
import logging
|
||||
|
||||
from util.validation import generate_valid_usernames
|
||||
from data import model
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class DatabaseUsers(object):
|
||||
def verify_user(self, username_or_email, password):
|
||||
""" Simply delegate to the model implementation. """
|
||||
return model.verify_user(username_or_email, password)
|
||||
|
||||
def user_exists(self, username):
|
||||
return model.get_user(username) is not None
|
||||
|
||||
|
||||
class LDAPConnection(object):
|
||||
def __init__(self, ldap_uri, user_dn, user_pw):
|
||||
self._ldap_uri = ldap_uri
|
||||
self._user_dn = user_dn
|
||||
self._user_pw = user_pw
|
||||
self._conn = None
|
||||
|
||||
def __enter__(self):
|
||||
self._conn = ldap.initialize(self._ldap_uri)
|
||||
self._conn.simple_bind_s(self._user_dn, self._user_pw)
|
||||
return self._conn
|
||||
|
||||
def __exit__(self, exc_type, value, tb):
|
||||
self._conn.unbind_s()
|
||||
|
||||
|
||||
class LDAPUsers(object):
|
||||
def __init__(self, ldap_uri, base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr):
|
||||
self._ldap_conn = LDAPConnection(ldap_uri, admin_dn, admin_passwd)
|
||||
self._ldap_uri = ldap_uri
|
||||
self._base_dn = base_dn
|
||||
self._user_rdn = user_rdn
|
||||
self._uid_attr = uid_attr
|
||||
self._email_attr = email_attr
|
||||
|
||||
def _ldap_user_search(self, username_or_email):
|
||||
with self._ldap_conn as conn:
|
||||
logger.debug('Incoming username or email param: %s', username_or_email.__repr__())
|
||||
user_search_dn = ','.join(self._user_rdn + self._base_dn)
|
||||
query = u'(|({0}={2})({1}={2}))'.format(self._uid_attr, self._email_attr,
|
||||
username_or_email)
|
||||
user = conn.search_s(user_search_dn, ldap.SCOPE_SUBTREE, query.encode('utf-8'))
|
||||
|
||||
if len(user) != 1:
|
||||
return None
|
||||
|
||||
return user[0]
|
||||
|
||||
def verify_user(self, username_or_email, password):
|
||||
""" Verify the credentials with LDAP and if they are valid, create or update the user
|
||||
in our database. """
|
||||
|
||||
# Make sure that even if the server supports anonymous binds, we don't allow it
|
||||
if not password:
|
||||
return None
|
||||
|
||||
found_user = self._ldap_user_search(username_or_email)
|
||||
|
||||
if found_user is None:
|
||||
return None
|
||||
|
||||
found_dn, found_response = found_user
|
||||
|
||||
# First validate the password by binding as the user
|
||||
try:
|
||||
with LDAPConnection(self._ldap_uri, found_dn, password.encode('utf-8')):
|
||||
pass
|
||||
except ldap.INVALID_CREDENTIALS:
|
||||
return None
|
||||
|
||||
# Now check if we have a federated login for this user
|
||||
username = found_response[self._uid_attr][0].decode('utf-8')
|
||||
email = found_response[self._email_attr][0]
|
||||
db_user = model.verify_federated_login('ldap', username)
|
||||
|
||||
if not db_user:
|
||||
# We must create the user in our db
|
||||
valid_username = None
|
||||
for valid_username in generate_valid_usernames(username):
|
||||
if model.is_username_unique(valid_username):
|
||||
break
|
||||
|
||||
if not valid_username:
|
||||
logger.error('Unable to pick a username for user: %s', username)
|
||||
return None
|
||||
|
||||
db_user = model.create_user(valid_username, None, email, add_change_pw_notification=False)
|
||||
db_user.verified = True
|
||||
model.attach_federated_login(db_user, 'ldap', username)
|
||||
else:
|
||||
# Update the db attributes from ldap
|
||||
db_user.email = email
|
||||
|
||||
db_user.save()
|
||||
|
||||
return db_user
|
||||
|
||||
def user_exists(self, username):
|
||||
found_user = self._ldap_user_search(username)
|
||||
return found_user is not None
|
||||
|
||||
|
||||
class UserAuthentication(object):
|
||||
def __init__(self, app=None):
|
||||
self.app = app
|
||||
if app is not None:
|
||||
self.state = self.init_app(app)
|
||||
else:
|
||||
self.state = None
|
||||
|
||||
def init_app(self, app):
|
||||
authentication_type = app.config.get('AUTHENTICATION_TYPE', 'Database')
|
||||
|
||||
if authentication_type == 'Database':
|
||||
users = DatabaseUsers()
|
||||
elif authentication_type == 'LDAP':
|
||||
ldap_uri = app.config.get('LDAP_URI', 'ldap://localhost')
|
||||
base_dn = app.config.get('LDAP_BASE_DN')
|
||||
admin_dn = app.config.get('LDAP_ADMIN_DN')
|
||||
admin_passwd = app.config.get('LDAP_ADMIN_PASSWD')
|
||||
user_rdn = app.config.get('LDAP_USER_RDN', [])
|
||||
uid_attr = app.config.get('LDAP_UID_ATTR', 'uid')
|
||||
email_attr = app.config.get('LDAP_EMAIL_ATTR', 'mail')
|
||||
|
||||
users = LDAPUsers(ldap_uri, base_dn, admin_dn, admin_passwd, user_rdn, uid_attr, email_attr)
|
||||
|
||||
else:
|
||||
raise RuntimeError('Unknown authentication type: %s' % authentication_type)
|
||||
|
||||
# register extension with app
|
||||
app.extensions = getattr(app, 'extensions', {})
|
||||
app.extensions['authentication'] = users
|
||||
return users
|
||||
|
||||
def __getattr__(self, name):
|
||||
return getattr(self.state, name, None)
|
||||
Reference in a new issue