From 35b9f39178cc502a5283a1b37a65f7dd0838ae05 Mon Sep 17 00:00:00 2001 From: Sawyer Bergeron Date: Fri, 15 Oct 2021 14:14:46 -0400 Subject: Merge User Booking API Rev 1 (Try 3) Signed-off-by: Sawyer Bergeron Change-Id: Ie1eee0a59929f8da39f16bb6bc17ae3de4f1cba9 Signed-off-by: Sawyer Bergeron --- src/api/admin.py | 2 + src/api/migrations/0017_apilog.py | 27 +++ src/api/migrations/0018_apilog_ip_addr.py | 18 ++ src/api/migrations/0019_auto_20210322_1823.py | 19 +++ src/api/migrations/0020_auto_20210322_2218.py | 23 +++ src/api/migrations/0021_auto_20210405_1943.py | 18 ++ src/api/models.py | 97 ++++++++++- src/api/urls.py | 22 ++- src/api/views.py | 235 +++++++++++++++++++++++++- 9 files changed, 453 insertions(+), 8 deletions(-) create mode 100644 src/api/migrations/0017_apilog.py create mode 100644 src/api/migrations/0018_apilog_ip_addr.py create mode 100644 src/api/migrations/0019_auto_20210322_1823.py create mode 100644 src/api/migrations/0020_auto_20210322_2218.py create mode 100644 src/api/migrations/0021_auto_20210405_1943.py (limited to 'src/api') diff --git a/src/api/admin.py b/src/api/admin.py index 8b2fcb3..1e243a0 100644 --- a/src/api/admin.py +++ b/src/api/admin.py @@ -22,6 +22,7 @@ from api.models import ( SoftwareRelation, HostHardwareRelation, HostNetworkRelation, + APILog ) @@ -39,3 +40,4 @@ admin.site.register(AccessRelation) admin.site.register(SoftwareRelation) admin.site.register(HostHardwareRelation) admin.site.register(HostNetworkRelation) +admin.site.register(APILog) diff --git a/src/api/migrations/0017_apilog.py b/src/api/migrations/0017_apilog.py new file mode 100644 index 0000000..d209aef --- /dev/null +++ b/src/api/migrations/0017_apilog.py @@ -0,0 +1,27 @@ +# Generated by Django 2.2 on 2021-03-19 20:45 + +from django.conf import settings +import django.contrib.postgres.fields.jsonb +from django.db import migrations, models +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + migrations.swappable_dependency(settings.AUTH_USER_MODEL), + ('api', '0016_auto_20201109_2149'), + ] + + operations = [ + migrations.CreateModel( + name='APILog', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('call_time', models.DateTimeField(auto_now=True)), + ('endpoint', models.CharField(max_length=300)), + ('body', django.contrib.postgres.fields.jsonb.JSONField()), + ('user', models.ForeignKey(on_delete=django.db.models.deletion.PROTECT, to=settings.AUTH_USER_MODEL)), + ], + ), + ] diff --git a/src/api/migrations/0018_apilog_ip_addr.py b/src/api/migrations/0018_apilog_ip_addr.py new file mode 100644 index 0000000..4b7ce39 --- /dev/null +++ b/src/api/migrations/0018_apilog_ip_addr.py @@ -0,0 +1,18 @@ +# Generated by Django 2.2 on 2021-03-22 18:12 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('api', '0017_apilog'), + ] + + operations = [ + migrations.AddField( + model_name='apilog', + name='ip_addr', + field=models.GenericIPAddressField(null=True), + ), + ] diff --git a/src/api/migrations/0019_auto_20210322_1823.py b/src/api/migrations/0019_auto_20210322_1823.py new file mode 100644 index 0000000..b3c4cdf --- /dev/null +++ b/src/api/migrations/0019_auto_20210322_1823.py @@ -0,0 +1,19 @@ +# Generated by Django 2.2 on 2021-03-22 18:23 + +import django.contrib.postgres.fields.jsonb +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('api', '0018_apilog_ip_addr'), + ] + + operations = [ + migrations.AlterField( + model_name='apilog', + name='body', + field=django.contrib.postgres.fields.jsonb.JSONField(null=True), + ), + ] diff --git a/src/api/migrations/0020_auto_20210322_2218.py b/src/api/migrations/0020_auto_20210322_2218.py new file mode 100644 index 0000000..0252c79 --- /dev/null +++ b/src/api/migrations/0020_auto_20210322_2218.py @@ -0,0 +1,23 @@ +# Generated by Django 2.2 on 2021-03-22 22:18 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('api', '0019_auto_20210322_1823'), + ] + + operations = [ + migrations.AddField( + model_name='apilog', + name='method', + field=models.CharField(max_length=4, null=True), + ), + migrations.AlterField( + model_name='apilog', + name='endpoint', + field=models.CharField(max_length=300, null=True), + ), + ] diff --git a/src/api/migrations/0021_auto_20210405_1943.py b/src/api/migrations/0021_auto_20210405_1943.py new file mode 100644 index 0000000..ca6e741 --- /dev/null +++ b/src/api/migrations/0021_auto_20210405_1943.py @@ -0,0 +1,18 @@ +# Generated by Django 2.2 on 2021-04-05 19:43 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('api', '0020_auto_20210322_2218'), + ] + + operations = [ + migrations.AlterField( + model_name='apilog', + name='method', + field=models.CharField(max_length=6, null=True), + ), + ] diff --git a/src/api/models.py b/src/api/models.py index d1bb692..d85f3e9 100644 --- a/src/api/models.py +++ b/src/api/models.py @@ -12,6 +12,7 @@ from django.contrib.auth.models import User from django.db import models from django.core.exceptions import PermissionDenied, ValidationError from django.shortcuts import get_object_or_404 +from django.contrib.postgres.fields import JSONField from django.http import HttpResponseNotFound from django.urls import reverse from django.utils import timezone @@ -37,7 +38,7 @@ from account.models import Downtime, UserProfile from dashboard.utils import AbstractModelQuery -class JobStatus(object): +class JobStatus: """ A poor man's enum for a job's status. @@ -52,7 +53,7 @@ class JobStatus(object): ERROR = 300 -class LabManagerTracker(object): +class LabManagerTracker: @classmethod def get(cls, lab_name, token): @@ -72,7 +73,7 @@ class LabManagerTracker(object): raise PermissionDenied("Lab not authorized") -class LabManager(object): +class LabManager: """ Handles all lab REST calls. @@ -337,6 +338,96 @@ class LabManager(object): return profile_ser +class APILog(models.Model): + user = models.ForeignKey(User, on_delete=models.PROTECT) + call_time = models.DateTimeField(auto_now=True) + method = models.CharField(null=True, max_length=6) + endpoint = models.CharField(null=True, max_length=300) + ip_addr = models.GenericIPAddressField(protocol="both", null=True, unpack_ipv4=False) + body = JSONField(null=True) + + def __str__(self): + return "Call to {} at {} by {}".format( + self.endpoint, + self.call_time, + self.user.username + ) + + +class AutomationAPIManager: + @staticmethod + def serialize_booking(booking): + sbook = {} + sbook['id'] = booking.pk + sbook['owner'] = booking.owner.username + sbook['collaborators'] = [user.username for user in booking.collaborators.all()] + sbook['start'] = booking.start + sbook['end'] = booking.end + sbook['lab'] = AutomationAPIManager.serialize_lab(booking.lab) + sbook['purpose'] = booking.purpose + sbook['resourceBundle'] = AutomationAPIManager.serialize_bundle(booking.resource) + return sbook + + @staticmethod + def serialize_lab(lab): + slab = {} + slab['id'] = lab.pk + slab['name'] = lab.name + return slab + + @staticmethod + def serialize_bundle(bundle): + sbundle = {} + sbundle['id'] = bundle.pk + sbundle['resources'] = [ + AutomationAPIManager.serialize_server(server) + for server in bundle.get_resources()] + return sbundle + + @staticmethod + def serialize_server(server): + sserver = {} + sserver['id'] = server.pk + sserver['name'] = server.name + return sserver + + @staticmethod + def serialize_resource_profile(profile): + sprofile = {} + sprofile['id'] = profile.pk + sprofile['name'] = profile.name + return sprofile + + @staticmethod + def serialize_template(rec_temp_and_count): + template = rec_temp_and_count[0] + count = rec_temp_and_count[1] + + stemplate = {} + stemplate['id'] = template.pk + stemplate['name'] = template.name + stemplate['count_available'] = count + stemplate['resourceProfiles'] = [ + AutomationAPIManager.serialize_resource_profile(config.profile) + for config in template.getConfigs() + ] + return stemplate + + @staticmethod + def serialize_image(image): + simage = {} + simage['id'] = image.pk + simage['name'] = image.name + return simage + + @staticmethod + def serialize_userprofile(up): + sup = {} + sup['id'] = up.pk + sup['username'] = up.user.username + return sup + + class Job(models.Model): """ A Job to be performed by the Lab. diff --git a/src/api/urls.py b/src/api/urls.py index bae86ea..52a6fc7 100644 --- a/src/api/urls.py +++ b/src/api/urls.py @@ -45,7 +45,15 @@ from api.views import ( lab_users, lab_user, GenerateTokenView, - analytics_job + analytics_job, + user_bookings, + make_booking, + available_templates, + images_for_template, + specific_booking, + extend_booking, + all_users, + list_labs ) urlpatterns = [ @@ -65,5 +73,17 @@ urlpatterns = [ path('labs//jobs/getByType/DATA', analytics_job), path('labs//users', lab_users), path('labs//users/', lab_user), + + path('booking', user_bookings), + path('booking/', specific_booking), + path('booking//extendBooking/', extend_booking), + path('booking/makeBooking', make_booking), + + path('resource_inventory/availableTemplates', available_templates), + path('resource_inventory//images', images_for_template), + + path('users', all_users), + path('labs', list_labs), + url(r'^token$', GenerateTokenView.as_view(), name='generate_token'), ] diff --git a/src/api/views.py b/src/api/views.py index 2e5f33f..c0da1bc 100644 --- a/src/api/views.py +++ b/src/api/views.py @@ -8,9 +8,14 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## +import json +import math +import traceback +import sys +from datetime import timedelta from django.contrib.auth.decorators import login_required -from django.shortcuts import redirect +from django.shortcuts import redirect, get_object_or_404 from django.utils.decorators import method_decorator from django.utils import timezone from django.views import View @@ -23,12 +28,15 @@ from django.core.exceptions import ObjectDoesNotExist from api.serializers.booking_serializer import BookingSerializer from api.serializers.old_serializers import UserSerializer from api.forms import DowntimeForm -from account.models import UserProfile +from account.models import UserProfile, Lab from booking.models import Booking -from api.models import LabManagerTracker, get_task +from api.models import LabManagerTracker, AutomationAPIManager, get_task, APILog from notifier.manager import NotificationHandler from analytics.models import ActiveVPNUser -import json +from booking.quick_deployer import create_from_API +from resource_inventory.models import ResourceTemplate +from django.db.models import Q + """ API views. @@ -234,3 +242,222 @@ def done_jobs(request, lab_name=""): lab_token = request.META.get('HTTP_AUTH_TOKEN') lab_manager = LabManagerTracker.get(lab_name, lab_token) return JsonResponse(lab_manager.get_done_jobs(), safe=False) + + +def auth_and_log(request, endpoint): + """ + Function to authenticate an API user and log info + in the API log model. This is to keep record of + all calls to the dashboard + """ + user_token = request.META.get('HTTP_AUTH_TOKEN') + response = None + + if user_token is None: + return HttpResponse('Unauthorized', status=401) + + try: + token = Token.objects.get(key=user_token) + except Token.DoesNotExist: + token = None + response = HttpResponse('Unauthorized', status=401) + + x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR') + if x_forwarded_for: + ip = x_forwarded_for.split(',')[0] + else: + ip = request.META.get('REMOTE_ADDR') + + body = None + + if request.method in ['POST', 'PUT']: + try: + body = json.loads(request.body.decode('utf-8')), + except Exception: + response = HttpResponse('Invalid Request Body', status=400) + + APILog.objects.create( + user=token.user, + call_time=timezone.now(), + method=request.method, + endpoint=endpoint, + body=body, + ip_addr=ip + ) + + if response: + return response + else: + return token + + +""" +Booking API Views +""" + + +def user_bookings(request): + token = auth_and_log(request, 'booking') + + if isinstance(token, HttpResponse): + return token + + bookings = Booking.objects.filter(owner=token.user, end__gte=timezone.now()) + output = [AutomationAPIManager.serialize_booking(booking) + for booking in bookings] + return JsonResponse(output, safe=False) + + +@csrf_exempt +def specific_booking(request, booking_id=""): + token = auth_and_log(request, 'booking/{}'.format(booking_id)) + + if isinstance(token, HttpResponse): + return token + + booking = get_object_or_404(Booking, pk=booking_id, owner=token.user) + if request.method == "GET": + sbooking = AutomationAPIManager.serialize_booking(booking) + return JsonResponse(sbooking, safe=False) + + if request.method == "DELETE": + + if booking.end < timezone.now(): + return HttpResponse("Booking already over", status=400) + + booking.end = timezone.now() + booking.save() + return HttpResponse("Booking successfully cancelled") + + +@csrf_exempt +def extend_booking(request, booking_id="", days=""): + token = auth_and_log(request, 'booking/{}/extendBooking/{}'.format(booking_id, days)) + + if isinstance(token, HttpResponse): + return token + + booking = get_object_or_404(Booking, pk=booking_id, owner=token.user) + + if booking.end < timezone.now(): + return HttpResponse("This booking is already over, cannot extend") + + if days > 30: + return HttpResponse("Cannot extend a booking longer than 30 days") + + if booking.ext_count == 0: + return HttpResponse("Booking has already been extended 2 times, cannot extend again") + + booking.end += timedelta(days=days) + booking.ext_count -= 1 + booking.save() + + return HttpResponse("Booking successfully extended") + + +@csrf_exempt +def make_booking(request): + token = auth_and_log(request, 'booking/makeBooking') + + if isinstance(token, HttpResponse): + return token + + try: + booking = create_from_API(request.body, token.user) + + except Exception: + finalTrace = '' + exc_type, exc_value, exc_traceback = sys.exc_info() + for i in traceback.format_exception(exc_type, exc_value, exc_traceback): + finalTrace += '
' + i.strip() + return HttpResponse(finalTrace, status=400) + + sbooking = AutomationAPIManager.serialize_booking(booking) + return JsonResponse(sbooking, safe=False) + + +""" +Resource Inventory API Views +""" + + +def available_templates(request): + token = auth_and_log(request, 'resource_inventory/availableTemplates') + + if isinstance(token, HttpResponse): + return token + + # get available templates + # mirrors MultipleSelectFilter Widget + avt = [] + for lab in Lab.objects.all(): + for template in ResourceTemplate.objects.filter(Q(owner=token.user) | Q(public=True), lab=lab, temporary=False): + available_resources = lab.get_available_resources() + required_resources = template.get_required_resources() + least_available = 100 + + for resource, count_required in required_resources.items(): + try: + curr_count = math.floor(available_resources[str(resource)] / count_required) + if curr_count < least_available: + least_available = curr_count + except KeyError: + least_available = 0 + + if least_available > 0: + avt.append((template, least_available)) + + savt = [AutomationAPIManager.serialize_template(temp) + for temp in avt] + + return JsonResponse(savt, safe=False) + + +def images_for_template(request, template_id=""): + _ = auth_and_log(request, 'resource_inventory/{}/images'.format(template_id)) + + template = get_object_or_404(ResourceTemplate, pk=template_id) + images = [AutomationAPIManager.serialize_image(config.image) + for config in template.getConfigs()] + return JsonResponse(images, safe=False) + + +""" +User API Views +""" + + +def all_users(request): + token = auth_and_log(request, 'users') + + if token is None: + return HttpResponse('Unauthorized', status=401) + + users = [AutomationAPIManager.serialize_userprofile(up) + for up in UserProfile.objects.filter(public_user=True)] + + return JsonResponse(users, safe=False) + + +""" +Lab API Views +""" + + +def list_labs(request): + lab_list = [] + for lab in Lab.objects.all(): + lab_info = { + 'name': lab.name, + 'username': lab.lab_user.username, + 'status': lab.status, + 'project': lab.project, + 'description': lab.description, + 'location': lab.location, + 'info': lab.lab_info_link, + 'email': lab.contact_email, + 'phone': lab.contact_phone + } + lab_list.append(lab_info) + + return JsonResponse(lab_list, safe=False) -- cgit 1.2.3-korg