From ce7112e08a3fa32a97a5f3b3c4e913b5496b0640 Mon Sep 17 00:00:00 2001 From: Michael DeHaan Date: Tue, 26 Mar 2013 22:24:03 -0400 Subject: [PATCH] Update variable schema to use a 1:1 resource, and allow access via GET/PUT. GET if object does not exist will create the resource. --- lib/main/base_views.py | 71 +++++++ lib/main/migrations/0003_changes.py | 294 ++++++++++++++++++++++++++++ lib/main/models/__init__.py | 30 ++- lib/main/serializers.py | 14 ++ lib/main/tests/inventory.py | 52 +++-- lib/main/views.py | 30 ++- lib/urls.py | 41 +++- 7 files changed, 497 insertions(+), 35 deletions(-) create mode 100644 lib/main/migrations/0003_changes.py diff --git a/lib/main/base_views.py b/lib/main/base_views.py index c217837449..a7a50893d5 100644 --- a/lib/main/base_views.py +++ b/lib/main/base_views.py @@ -207,4 +207,75 @@ class BaseDetail(generics.RetrieveUpdateDestroyAPIView): ''' scrub any fields the user cannot/should not put, based on user context. This runs after read-only serialization filtering ''' pass +class VariableBaseDetail(BaseDetail): + ''' + an object that is always 1 to 1 with the foreign key of another object + and does not have it's own key, such as HostVariableDetail + ''' + def destroy(self, request, *args, **kwargs): + raise PermissionDenied() + + def delete_permissions_check(self, request, obj): + raise PermissionDenied() + + def item_permissions_check(self, request, obj): + import epdb; epdb.st() + through_obj = self.__class__.parent_model.objects.get(pk = self.request.args['pk']) + if request.method == 'GET': + return self.__class__.parent_model.can_user_read(request.user, through_obj) + elif request.method in [ 'PUT' ]: + return self.__class__.parent_model.can_user_administrate(request.user, through_obj) + return False + + def put(self, request, *args, **kwargs): + # FIXME: lots of overlap between put and get here, need to refactor + + through_obj = self.__class__.parent_model.objects.get(pk=kwargs['pk']) + + has_permission = Inventory._has_permission_types(request.user, through_obj.inventory, PERMISSION_TYPES_ALLOWING_INVENTORY_WRITE) + + if not has_permission: + raise PermissionDenied() + + this_object = None + + try: + this_object = getattr(through_obj, self.__class__.reverse_relationship, None) + except: + pass + + if this_object is None: + this_object = self.__class__.model.objects.create(data=python_json.dumps(request.DATA)) + else: + this_object.data = python_json.dumps(request.DATA) + this_object.save() + setattr(through_obj, self.__class__.reverse_relationship, this_object) + through_obj.save() + + return Response(status=status.HTTP_200_OK, data=python_json.loads(this_object.data)) + + + def get(self, request, *args, **kwargs): + + # if null, recreate a blank object + through_obj = self.__class__.parent_model.objects.get(pk=kwargs['pk']) + this_object = None + + try: + this_object = getattr(through_obj, self.__class__.reverse_relationship, None) + except Exception, e: + pass + + if this_object is None: + new_args = {} + new_args['data'] = python_json.dumps(dict()) + this_object = self.__class__.model.objects.create(**new_args) + setattr(through_obj, self.__class__.reverse_relationship, this_object) + through_obj.save() + + has_permission = Inventory._has_permission_types(request.user, through_obj.inventory, PERMISSION_TYPES_ALLOWING_INVENTORY_WRITE) + if not has_permission: + raise PermissionDenied() + return Response(status=status.HTTP_200_OK, data=python_json.loads(this_object.data)) + diff --git a/lib/main/migrations/0003_changes.py b/lib/main/migrations/0003_changes.py new file mode 100644 index 0000000000..b0672a2992 --- /dev/null +++ b/lib/main/migrations/0003_changes.py @@ -0,0 +1,294 @@ +# -*- coding: utf-8 -*- +import datetime +from south.db import db +from south.v2 import SchemaMigration +from django.db import models + + +class Migration(SchemaMigration): + + def forwards(self, orm): + # Removing unique constraint on 'VariableData', fields ['name'] + db.delete_unique(u'main_variabledata', ['name']) + + # Adding unique constraint on 'Inventory', fields ['organization', 'name'] + db.create_unique(u'main_inventory', ['organization_id', 'name']) + + # Adding field 'Host.variable_data' + db.add_column(u'main_host', 'variable_data', + self.gf('django.db.models.fields.related.OneToOneField')(related_name='host', unique=True, on_delete=models.SET_NULL, default=None, to=orm['main.VariableData'], blank=True, null=True), + keep_default=False) + + # Adding unique constraint on 'Host', fields ['name', 'inventory'] + db.create_unique(u'main_host', ['name', 'inventory_id']) + + # Adding field 'Group.variable_data' + db.add_column(u'main_group', 'variable_data', + self.gf('django.db.models.fields.related.OneToOneField')(related_name='group', unique=True, on_delete=models.SET_NULL, default=None, to=orm['main.VariableData'], blank=True, null=True), + keep_default=False) + + # Removing M2M table for field hosts on 'Group' + db.delete_table('main_group_hosts') + + # Adding unique constraint on 'Group', fields ['name', 'inventory'] + db.create_unique(u'main_group', ['name', 'inventory_id']) + + # Deleting field 'VariableData.host' + db.delete_column(u'main_variabledata', 'host_id') + + # Deleting field 'VariableData.group' + db.delete_column(u'main_variabledata', 'group_id') + + + def backwards(self, orm): + # Removing unique constraint on 'Group', fields ['name', 'inventory'] + db.delete_unique(u'main_group', ['name', 'inventory_id']) + + # Removing unique constraint on 'Host', fields ['name', 'inventory'] + db.delete_unique(u'main_host', ['name', 'inventory_id']) + + # Removing unique constraint on 'Inventory', fields ['organization', 'name'] + db.delete_unique(u'main_inventory', ['organization_id', 'name']) + + # Deleting field 'Host.variable_data' + db.delete_column(u'main_host', 'variable_data_id') + + # Deleting field 'Group.variable_data' + db.delete_column(u'main_group', 'variable_data_id') + + # Adding M2M table for field hosts on 'Group' + db.create_table(u'main_group_hosts', ( + ('id', models.AutoField(verbose_name='ID', primary_key=True, auto_created=True)), + ('group', models.ForeignKey(orm['main.group'], null=False)), + ('host', models.ForeignKey(orm['main.host'], null=False)) + )) + db.create_unique(u'main_group_hosts', ['group_id', 'host_id']) + + # Adding field 'VariableData.host' + db.add_column(u'main_variabledata', 'host', + self.gf('django.db.models.fields.related.ForeignKey')(related_name='variable_data', on_delete=models.SET_NULL, default=None, to=orm['main.Host'], blank=True, null=True), + keep_default=False) + + # Adding field 'VariableData.group' + db.add_column(u'main_variabledata', 'group', + self.gf('django.db.models.fields.related.ForeignKey')(related_name='variable_data', on_delete=models.SET_NULL, default=None, to=orm['main.Group'], blank=True, null=True), + keep_default=False) + + # Adding unique constraint on 'VariableData', fields ['name'] + db.create_unique(u'main_variabledata', ['name']) + + + models = { + u'auth.group': { + 'Meta': {'object_name': 'Group'}, + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}), + 'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}) + }, + u'auth.permission': { + 'Meta': {'ordering': "(u'content_type__app_label', u'content_type__model', u'codename')", 'unique_together': "((u'content_type', u'codename'),)", 'object_name': 'Permission'}, + 'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}), + 'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '50'}) + }, + u'auth.user': { + 'Meta': {'object_name': 'User'}, + 'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}), + 'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}), + 'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}), + 'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}), + 'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), + 'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}), + 'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}), + 'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}), + 'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}), + 'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}), + 'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'}) + }, + u'contenttypes.contenttype': { + 'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"}, + 'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '100'}) + }, + 'main.audittrail': { + 'Meta': {'object_name': 'AuditTrail'}, + 'comment': ('django.db.models.fields.TextField', [], {}), + 'delta': ('django.db.models.fields.TextField', [], {}), + 'detail': ('django.db.models.fields.TextField', [], {}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'modified_by': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'on_delete': 'models.SET_NULL', 'blank': 'True'}), + 'resource_type': ('django.db.models.fields.CharField', [], {'max_length': '64'}), + 'tag': ('django.db.models.fields.related.ForeignKey', [], {'to': "orm['main.Tag']", 'null': 'True', 'on_delete': 'models.SET_NULL', 'blank': 'True'}) + }, + 'main.credential': { + 'Meta': {'object_name': 'Credential'}, + 'active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}), + 'audit_trail': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'credential_by_audit_trail'", 'blank': 'True', 'to': "orm['main.AuditTrail']"}), + 'created_by': ('django.db.models.fields.related.ForeignKey', [], {'related_name': '"{\'class\': \'credential\', \'app_label\': \'main\'}(class)s_created"', 'null': 'True', 'on_delete': 'models.SET_NULL', 'to': u"orm['auth.User']"}), + 'creation_date': ('django.db.models.fields.DateField', [], {'auto_now_add': 'True', 'blank': 'True'}), + 'description': ('django.db.models.fields.TextField', [], {'default': "''", 'blank': 'True'}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '512'}), + 'project': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'credentials'", 'on_delete': 'models.SET_NULL', 'default': 'None', 'to': u"orm['main.Project']", 'blank': 'True', 'null': 'True'}), + 'ssh_key_data': ('django.db.models.fields.TextField', [], {'default': "''", 'blank': 'True'}), + 'ssh_key_path': ('django.db.models.fields.CharField', [], {'default': "''", 'max_length': '4096', 'blank': 'True'}), + 'ssh_key_unlock': ('django.db.models.fields.CharField', [], {'default': "''", 'max_length': '1024', 'blank': 'True'}), + 'ssh_password': ('django.db.models.fields.CharField', [], {'default': "''", 'max_length': '1024', 'blank': 'True'}), + 'sudo_password': ('django.db.models.fields.CharField', [], {'default': "''", 'max_length': '1024', 'blank': 'True'}), + 'tags': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'credential_by_tag'", 'blank': 'True', 'to': "orm['main.Tag']"}), + 'team': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'credentials'", 'on_delete': 'models.SET_NULL', 'default': 'None', 'to': "orm['main.Team']", 'blank': 'True', 'null': 'True'}), + 'user': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'credentials'", 'on_delete': 'models.SET_NULL', 'default': 'None', 'to': u"orm['auth.User']", 'blank': 'True', 'null': 'True'}) + }, + 'main.group': { + 'Meta': {'unique_together': "(('name', 'inventory'),)", 'object_name': 'Group'}, + 'active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}), + 'audit_trail': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'group_by_audit_trail'", 'blank': 'True', 'to': "orm['main.AuditTrail']"}), + 'created_by': ('django.db.models.fields.related.ForeignKey', [], {'related_name': '"{\'class\': \'group\', \'app_label\': \'main\'}(class)s_created"', 'null': 'True', 'on_delete': 'models.SET_NULL', 'to': u"orm['auth.User']"}), + 'creation_date': ('django.db.models.fields.DateField', [], {'auto_now_add': 'True', 'blank': 'True'}), + 'description': ('django.db.models.fields.TextField', [], {'default': "''", 'blank': 'True'}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'inventory': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'groups'", 'to': "orm['main.Inventory']"}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '512'}), + 'parents': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'children'", 'blank': 'True', 'to': "orm['main.Group']"}), + 'tags': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'group_by_tag'", 'blank': 'True', 'to': "orm['main.Tag']"}), + 'variable_data': ('django.db.models.fields.related.OneToOneField', [], {'related_name': "'group'", 'unique': 'True', 'on_delete': 'models.SET_NULL', 'default': 'None', 'to': "orm['main.VariableData']", 'blank': 'True', 'null': 'True'}) + }, + 'main.host': { + 'Meta': {'unique_together': "(('name', 'inventory'),)", 'object_name': 'Host'}, + 'active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}), + 'audit_trail': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'host_by_audit_trail'", 'blank': 'True', 'to': "orm['main.AuditTrail']"}), + 'created_by': ('django.db.models.fields.related.ForeignKey', [], {'related_name': '"{\'class\': \'host\', \'app_label\': \'main\'}(class)s_created"', 'null': 'True', 'on_delete': 'models.SET_NULL', 'to': u"orm['auth.User']"}), + 'creation_date': ('django.db.models.fields.DateField', [], {'auto_now_add': 'True', 'blank': 'True'}), + 'description': ('django.db.models.fields.TextField', [], {'default': "''", 'blank': 'True'}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'inventory': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'hosts'", 'to': "orm['main.Inventory']"}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '512'}), + 'tags': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'host_by_tag'", 'blank': 'True', 'to': "orm['main.Tag']"}), + 'variable_data': ('django.db.models.fields.related.OneToOneField', [], {'related_name': "'host'", 'unique': 'True', 'on_delete': 'models.SET_NULL', 'default': 'None', 'to': "orm['main.VariableData']", 'blank': 'True', 'null': 'True'}) + }, + 'main.inventory': { + 'Meta': {'unique_together': "(('name', 'organization'),)", 'object_name': 'Inventory'}, + 'active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}), + 'audit_trail': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'inventory_by_audit_trail'", 'blank': 'True', 'to': "orm['main.AuditTrail']"}), + 'created_by': ('django.db.models.fields.related.ForeignKey', [], {'related_name': '"{\'class\': \'inventory\', \'app_label\': \'main\'}(class)s_created"', 'null': 'True', 'on_delete': 'models.SET_NULL', 'to': u"orm['auth.User']"}), + 'creation_date': ('django.db.models.fields.DateField', [], {'auto_now_add': 'True', 'blank': 'True'}), + 'description': ('django.db.models.fields.TextField', [], {'default': "''", 'blank': 'True'}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '512'}), + 'organization': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'inventories'", 'to': "orm['main.Organization']"}), + 'tags': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'inventory_by_tag'", 'blank': 'True', 'to': "orm['main.Tag']"}) + }, + 'main.launchjob': { + 'Meta': {'object_name': 'LaunchJob'}, + 'active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}), + 'audit_trail': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'launchjob_by_audit_trail'", 'blank': 'True', 'to': "orm['main.AuditTrail']"}), + 'created_by': ('django.db.models.fields.related.ForeignKey', [], {'related_name': '"{\'class\': \'launchjob\', \'app_label\': \'main\'}(class)s_created"', 'null': 'True', 'on_delete': 'models.SET_NULL', 'to': u"orm['auth.User']"}), + 'creation_date': ('django.db.models.fields.DateField', [], {'auto_now_add': 'True', 'blank': 'True'}), + 'credential': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'launch_jobs'", 'on_delete': 'models.SET_NULL', 'default': 'None', 'to': "orm['main.Credential']", 'blank': 'True', 'null': 'True'}), + 'description': ('django.db.models.fields.TextField', [], {'default': "''", 'blank': 'True'}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'inventory': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'launch_jobs'", 'on_delete': 'models.SET_NULL', 'default': 'None', 'to': "orm['main.Inventory']", 'blank': 'True', 'null': 'True'}), + 'job_type': ('django.db.models.fields.CharField', [], {'max_length': '64'}), + 'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '512'}), + 'project': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'launch_jobs'", 'on_delete': 'models.SET_NULL', 'default': 'None', 'to': u"orm['main.Project']", 'blank': 'True', 'null': 'True'}), + 'tags': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'launchjob_by_tag'", 'blank': 'True', 'to': "orm['main.Tag']"}), + 'user': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'launch_jobs'", 'on_delete': 'models.SET_NULL', 'default': 'None', 'to': u"orm['auth.User']", 'blank': 'True', 'null': 'True'}) + }, + 'main.launchjobstatus': { + 'Meta': {'object_name': 'LaunchJobStatus'}, + 'active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}), + 'audit_trail': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'launchjobstatus_by_audit_trail'", 'blank': 'True', 'to': "orm['main.AuditTrail']"}), + 'created_by': ('django.db.models.fields.related.ForeignKey', [], {'related_name': '"{\'class\': \'launchjobstatus\', \'app_label\': \'main\'}(class)s_created"', 'null': 'True', 'on_delete': 'models.SET_NULL', 'to': u"orm['auth.User']"}), + 'creation_date': ('django.db.models.fields.DateField', [], {'auto_now_add': 'True', 'blank': 'True'}), + 'description': ('django.db.models.fields.TextField', [], {'default': "''", 'blank': 'True'}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'launch_job': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'launch_job_statuses'", 'null': 'True', 'on_delete': 'models.SET_NULL', 'to': "orm['main.LaunchJob']"}), + 'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '512'}), + 'result_data': ('django.db.models.fields.TextField', [], {}), + 'status': ('django.db.models.fields.IntegerField', [], {}), + 'tags': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'launchjobstatus_by_tag'", 'blank': 'True', 'to': "orm['main.Tag']"}) + }, + 'main.organization': { + 'Meta': {'object_name': 'Organization'}, + 'active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}), + 'admins': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'admin_of_organizations'", 'blank': 'True', 'to': u"orm['auth.User']"}), + 'audit_trail': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'organization_by_audit_trail'", 'blank': 'True', 'to': "orm['main.AuditTrail']"}), + 'created_by': ('django.db.models.fields.related.ForeignKey', [], {'related_name': '"{\'class\': \'organization\', \'app_label\': \'main\'}(class)s_created"', 'null': 'True', 'on_delete': 'models.SET_NULL', 'to': u"orm['auth.User']"}), + 'creation_date': ('django.db.models.fields.DateField', [], {'auto_now_add': 'True', 'blank': 'True'}), + 'description': ('django.db.models.fields.TextField', [], {'default': "''", 'blank': 'True'}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '512'}), + 'projects': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'organizations'", 'blank': 'True', 'to': u"orm['main.Project']"}), + 'tags': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'organization_by_tag'", 'blank': 'True', 'to': "orm['main.Tag']"}), + 'users': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'organizations'", 'blank': 'True', 'to': u"orm['auth.User']"}) + }, + 'main.permission': { + 'Meta': {'object_name': 'Permission'}, + 'active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}), + 'audit_trail': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'permission_by_audit_trail'", 'blank': 'True', 'to': "orm['main.AuditTrail']"}), + 'created_by': ('django.db.models.fields.related.ForeignKey', [], {'related_name': '"{\'class\': \'permission\', \'app_label\': \'main\'}(class)s_created"', 'null': 'True', 'on_delete': 'models.SET_NULL', 'to': u"orm['auth.User']"}), + 'creation_date': ('django.db.models.fields.DateField', [], {'auto_now_add': 'True', 'blank': 'True'}), + 'description': ('django.db.models.fields.TextField', [], {'default': "''", 'blank': 'True'}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'inventory': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'permissions'", 'null': 'True', 'on_delete': 'models.SET_NULL', 'to': "orm['main.Inventory']"}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '512'}), + 'permission_type': ('django.db.models.fields.CharField', [], {'max_length': '64'}), + 'project': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'permissions'", 'null': 'True', 'on_delete': 'models.SET_NULL', 'to': u"orm['main.Project']"}), + 'tags': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'permission_by_tag'", 'blank': 'True', 'to': "orm['main.Tag']"}), + 'team': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'permissions'", 'null': 'True', 'on_delete': 'models.SET_NULL', 'to': "orm['main.Team']"}), + 'user': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'permissions'", 'null': 'True', 'on_delete': 'models.SET_NULL', 'to': u"orm['auth.User']"}) + }, + u'main.project': { + 'Meta': {'object_name': 'Project'}, + 'active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}), + 'audit_trail': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'project_by_audit_trail'", 'blank': 'True', 'to': "orm['main.AuditTrail']"}), + 'created_by': ('django.db.models.fields.related.ForeignKey', [], {'related_name': '"{\'class\': \'project\', \'app_label\': u\'main\'}(class)s_created"', 'null': 'True', 'on_delete': 'models.SET_NULL', 'to': u"orm['auth.User']"}), + 'creation_date': ('django.db.models.fields.DateField', [], {'auto_now_add': 'True', 'blank': 'True'}), + 'default_playbook': ('django.db.models.fields.CharField', [], {'max_length': '1024'}), + 'description': ('django.db.models.fields.TextField', [], {'default': "''", 'blank': 'True'}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'inventories': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'projects'", 'blank': 'True', 'to': "orm['main.Inventory']"}), + 'local_repository': ('django.db.models.fields.CharField', [], {'max_length': '1024'}), + 'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '512'}), + 'scm_type': ('django.db.models.fields.CharField', [], {'max_length': '64'}), + 'tags': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'project_by_tag'", 'blank': 'True', 'to': "orm['main.Tag']"}) + }, + 'main.tag': { + 'Meta': {'object_name': 'Tag'}, + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '512'}) + }, + 'main.team': { + 'Meta': {'object_name': 'Team'}, + 'active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}), + 'audit_trail': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'team_by_audit_trail'", 'blank': 'True', 'to': "orm['main.AuditTrail']"}), + 'created_by': ('django.db.models.fields.related.ForeignKey', [], {'related_name': '"{\'class\': \'team\', \'app_label\': \'main\'}(class)s_created"', 'null': 'True', 'on_delete': 'models.SET_NULL', 'to': u"orm['auth.User']"}), + 'creation_date': ('django.db.models.fields.DateField', [], {'auto_now_add': 'True', 'blank': 'True'}), + 'description': ('django.db.models.fields.TextField', [], {'default': "''", 'blank': 'True'}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '512'}), + 'organizations': ('django.db.models.fields.related.ManyToManyField', [], {'related_name': "'teams'", 'symmetrical': 'False', 'to': "orm['main.Organization']"}), + 'projects': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'teams'", 'blank': 'True', 'to': u"orm['main.Project']"}), + 'tags': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'team_by_tag'", 'blank': 'True', 'to': "orm['main.Tag']"}), + 'users': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'teams'", 'blank': 'True', 'to': u"orm['auth.User']"}) + }, + 'main.variabledata': { + 'Meta': {'object_name': 'VariableData'}, + 'active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}), + 'audit_trail': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'variabledata_by_audit_trail'", 'blank': 'True', 'to': "orm['main.AuditTrail']"}), + 'created_by': ('django.db.models.fields.related.ForeignKey', [], {'related_name': '"{\'class\': \'variabledata\', \'app_label\': \'main\'}(class)s_created"', 'null': 'True', 'on_delete': 'models.SET_NULL', 'to': u"orm['auth.User']"}), + 'creation_date': ('django.db.models.fields.DateField', [], {'auto_now_add': 'True', 'blank': 'True'}), + 'data': ('django.db.models.fields.TextField', [], {}), + 'description': ('django.db.models.fields.TextField', [], {'default': "''", 'blank': 'True'}), + u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}), + 'name': ('django.db.models.fields.CharField', [], {'max_length': '512'}), + 'tags': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'related_name': "'variabledata_by_tag'", 'blank': 'True', 'to': "orm['main.Tag']"}) + } + } + + complete_apps = ['main'] \ No newline at end of file diff --git a/lib/main/models/__init__.py b/lib/main/models/__init__.py index 8d07973110..01f905a946 100644 --- a/lib/main/models/__init__.py +++ b/lib/main/models/__init__.py @@ -374,8 +374,9 @@ class Host(CommonModelNameNotUnique): class Meta: app_label = 'main' unique_together = (("name", "inventory"),) - - inventory = models.ForeignKey('Inventory', null=False, related_name='hosts') + + variable_data = models.OneToOneField('VariableData', null=True, default=None, blank=True, on_delete=SET_NULL, related_name='host') + inventory = models.ForeignKey('Inventory', null=False, related_name='hosts') def __unicode__(self): return self.name @@ -392,7 +393,6 @@ class Host(CommonModelNameNotUnique): rc = Inventory._has_permission_types(user, inventory, PERMISSION_TYPES_ALLOWING_INVENTORY_WRITE) return rc - def get_absolute_url(self): import lib.urls return reverse(lib.urls.views_HostsDetail, args=(self.pk,)) @@ -407,9 +407,9 @@ class Group(CommonModelNameNotUnique): app_label = 'main' unique_together = (("name", "inventory"),) - inventory = models.ForeignKey('Inventory', null=False, related_name='groups') - parents = models.ManyToManyField('self', symmetrical=False, related_name='children', blank=True) - hosts = models.ManyToManyField('Host', related_name='groups', blank=True) + inventory = models.ForeignKey('Inventory', null=False, related_name='groups') + parents = models.ManyToManyField('self', symmetrical=False, related_name='children', blank=True) + variable_data = models.OneToOneField('VariableData', null=True, default=None, blank=True, on_delete=SET_NULL, related_name='group') def __unicode__(self): return self.name @@ -436,15 +436,27 @@ class VariableData(CommonModelNameNotUnique): class Meta: app_label = 'main' verbose_name_plural = _('variable data') - unique_together = (("host", "group"),) - host = models.ForeignKey('Host', null=True, default=None, blank=True, on_delete=SET_NULL, related_name='variable_data') - group = models.ForeignKey('Group', null=True, default=None, blank=True, on_delete=SET_NULL, related_name='variable_data') + #host = models.OneToOneField('Host', null=True, default=None, blank=True, on_delete=SET_NULL, related_name='variable_data') + #group = models.OneToOneField('Group', null=True, default=None, blank=True, on_delete=SET_NULL, related_name='variable_data') data = models.TextField() # FIXME: JsonField def __unicode__(self): return '%s = %s' % (self.name, self.data) + def get_absolute_url(self): + import lib.urls + return reverse(lib.urls.views_VariableDetail, args=(self.pk,)) + + @classmethod + def can_user_read(cls, user, obj): + ''' a user can be read if they are on the same team or can be administrated ''' + if obj.host is not None: + return Inventory.can_user_read(user, obj.host.inventory) + if obj.group is not None: + return Inventory.can_user_read(user, obj.group.inventory) + return False + class Credential(CommonModel): ''' A credential contains information about how to talk to a remote set of hosts diff --git a/lib/main/serializers.py b/lib/main/serializers.py index 3c60e0212a..c3f422aa27 100644 --- a/lib/main/serializers.py +++ b/lib/main/serializers.py @@ -171,5 +171,19 @@ class TagSerializer(BaseSerializer): def get_related(self, obj): return dict() +class VariableDataSerializer(BaseSerializer): + + # add the URL and related resources + url = serializers.CharField(source='get_absolute_url', read_only=True) + related = serializers.SerializerMethodField('get_related') + + class Meta: + model = VariableData + fields = ('url', 'id', 'data', 'related', 'name', 'description', 'creation_date') + + def get_related(self, obj): + # FIXME: related resources, maybe just the audit trail + return dict() + diff --git a/lib/main/tests/inventory.py b/lib/main/tests/inventory.py index aaea225c1e..f2935469b4 100644 --- a/lib/main/tests/inventory.py +++ b/lib/main/tests/inventory.py @@ -191,17 +191,17 @@ class InventoryTest(BaseTest): new_host_e = dict(name='web104.example.com') # a super user can associate hosts with inventories - added_by_collection = self.post(url, data=new_host_a, expect=201, auth=self.get_super_credentials()) + added_by_collection_a = self.post(url, data=new_host_a, expect=201, auth=self.get_super_credentials()) # an org admin can associate hosts with inventories - added_by_collection = self.post(url, data=new_host_b, expect=201, auth=self.get_normal_credentials()) + added_by_collection_b = self.post(url, data=new_host_b, expect=201, auth=self.get_normal_credentials()) # a normal user cannot associate hosts with inventories - added_by_collection = self.post(url, data=new_host_c, expect=403, auth=self.get_nobody_credentials()) + added_by_collection_c = self.post(url, data=new_host_c, expect=403, auth=self.get_nobody_credentials()) # a normal user with edit permission on the inventory can associate hosts with inventories url5 = '/api/v1/inventories/5/hosts/' - added_by_collection = self.post(url5, data=new_host_d, expect=201, auth=self.get_other_credentials()) + added_by_collection_d = self.post(url5, data=new_host_d, expect=201, auth=self.get_other_credentials()) ################################################## # GROUPS->inventories POST via subcollection @@ -231,11 +231,40 @@ class InventoryTest(BaseTest): ################################################### # VARIABLES + vars_a = dict(asdf=1234, dog='fido', cat='fluffy', unstructured=dict(a=[1,2,3],b=dict(x=2,y=3))) + vars_b = dict(asdf=4321, dog='barky', cat='snarf', unstructured=dict(a=[1,2,3],b=dict(x=2,y=3))) + vars_c = dict(asdf=5555, dog='mouse', cat='mogwai', unstructured=dict(a=[3,0,3],b=dict(z=2600))) + + # attempting to get a variable object creates it, even though it does not already exist + vdata_url = "/api/v1/hosts/%s/variable_data/" % (added_by_collection_a['id']) + got = self.get(vdata_url, expect=200, auth=self.get_super_credentials()) + self.assertEquals(got, dict()) + + # super user can create variable objects # an org admin can create variable objects (defers to inventory permissions) + got = self.put(vdata_url, data=vars_a, expect=200, auth=self.get_super_credentials()) + self.assertEquals(got, vars_a) - # a normal user cannot create variable objects + # verify that we can update things and get them back + got = self.put(vdata_url, data=vars_c, expect=200, auth=self.get_super_credentials()) + self.assertEquals(got, vars_c) + got = self.get(vdata_url, expect=200, auth=self.get_super_credentials()) + self.assertEquals(got, vars_c) - # a normal user with at least one inventory edit permission can create variable objects + # a normal user cannot edit variable objects + self.put(vdata_url, data=vars_a, expect=403, auth=self.get_nobody_credentials()) + + # a normal user with inventory write permissions can edit variable objects + vdata_url = "/api/v1/hosts/1/variable_data/" + got = self.put(vdata_url, data=vars_b, expect=200, auth=self.get_normal_credentials()) + self.assertEquals(got, vars_b) + + # this URL is not one end users will use, but is what you get back from a put + # as a result, it also needs to be access controlled and working. You will not + # be able to put to it. + backend_url = '/api/v1/variable_data/1/' + got = self.get(backend_url, expect=200, auth=self.get_normal_credentials()) + got = self.put(backend_url, data=dict(), expect=403, auth=self.get_super_credentials()) ################################################### # VARIABLES -> GROUPS @@ -248,17 +277,6 @@ class InventoryTest(BaseTest): # a normal user with inventory edit permissions can associate variable objects with groups - #################################################### - # VARIABLES -> HOSTS - - # a super user can associate variable objects with hosts - - # an org admin can associate variable objects with hosts - - # a normal user cannot associate variable objects with hosts - - # a normal user with inventory edit permissions can associate variable objects with hosts - #################################################### # SUBGROUPS diff --git a/lib/main/views.py b/lib/main/views.py index 05be6c38c0..753f85e394 100644 --- a/lib/main/views.py +++ b/lib/main/views.py @@ -29,7 +29,7 @@ from rest_framework.response import Response from rest_framework import status import exceptions import datetime -from base_views import BaseList, BaseDetail, BaseSubList +from base_views import * class OrganizationsList(BaseList): @@ -389,4 +389,32 @@ class InventoryGroupsList(BaseSubList): # FIXME: more DRY methods like this return Inventory._filter_queryset(Inventory.objects.get(pk=self.kwargs['pk']).groups) +class GroupsVariableDetail(VariableBaseDetail): + + model = VariableData + serializer_class = VariableDataSerializer + permission_classes = (CustomRbac,) + parent_model = Group + reverse_relationship = 'variable_data' + relationship = 'group' + +class HostsVariableDetail(VariableBaseDetail): + + model = VariableData + serializer_class = VariableDataSerializer + permission_classes = (CustomRbac,) + parent_model = Host + reverse_relationship = 'variable_data' + relationship = 'host' + +class VariableDetail(BaseDetail): + + model = VariableData + serializer_class = VariableDataSerializer + permission_classes = (CustomRbac,) + + def put(self, request, *args, **kwargs): + raise PermissionDenied() + + diff --git a/lib/urls.py b/lib/urls.py index 23cc1c4769..807093d54e 100644 --- a/lib/urls.py +++ b/lib/urls.py @@ -52,12 +52,15 @@ views_InventoryGroupsList = views.InventoryGroupsList.as_view() # group service views_GroupsList = views.GroupsList.as_view() views_GroupsDetail = views.GroupsDetail.as_view() +views_GroupsVariableDetail = views.GroupsVariableDetail.as_view() # host service views_HostsList = views.HostsList.as_view() views_HostsDetail = views.HostsDetail.as_view() +views_HostsVariableDetail = views.HostsVariableDetail.as_view() -# inventory variable service +# seperate variable data +views_VariableDetail = views.VariableDetail.as_view() # log data services @@ -66,10 +69,11 @@ views_HostsDetail = views.HostsDetail.as_view() # jobs services # tags service -views_TagsDetail = views.TagsDetail.as_view() +views_TagsDetail = views.TagsDetail.as_view() urlpatterns = patterns('', + # organizations service url(r'^api/v1/organizations/$', views_OrganizationsList), url(r'^api/v1/organizations/(?P[0-9]+)/$', views_OrganizationsDetail), @@ -91,8 +95,14 @@ urlpatterns = patterns('', url(r'^api/v1/projects/(?P[0-9]+)/$', views_ProjectsDetail), # audit trail service + # api/v1/audit_trails/ + # api/v1/audit_trails/N/ + # and ./audit_trails/ on all resources # team service + # api/v1/teams/ + # api/v1/teams/N/ + # api/v1/teams/N/users/ # inventory service url(r'^api/v1/inventories/$', views_InventoryList), @@ -108,16 +118,31 @@ urlpatterns = patterns('', url(r'^api/v1/groups/$', views_GroupsList), url(r'^api/v1/groups/(?P[0-9]+)/$', views_GroupsDetail), - # inventory variable service + # variable data + url(r'^api/v1/hosts/(?P[0-9]+)/variable_data/$', views_HostsVariableDetail), + url(r'^api/v1/groups/(?P[0-9]+)/variable_data/$', views_GroupsVariableDetail), + url(r'^api/v1/variable_data/(?P[0-9]+)/$', views_VariableDetail), - # log data services + # log data (results) services - # events services - - # jobs services + # jobs & job status services + # /jobs/ + # /jobs/N/ + # /job_statuses/ + # /job_statuses/N/ # tags service - url(r'^api/v1/tags/(?P[0-9]+)/$', views_TagsDetail), + url(r'^api/v1/tags/(?P[0-9]+)/$', views_TagsDetail), + # ... and tag relations on all resources + + # credentials services + # ... users + # ... teams + # ... projects (?) + + # permissions services + # ... users + # ... teams )