From c1ae226b542f2bd76c692d791c9fe70479617866 Mon Sep 17 00:00:00 2001 From: Parker Berberian Date: Tue, 23 Oct 2018 16:11:36 -0400 Subject: Fixes for access creation and removal Fixes include: - creating ssh access jobs for users with ssh keys - ensuring vpn access is revoked after booking ends Creates ssh access jobs with the user's ssh keys, if they exist Change-Id: Ia2e9f0c5a2f90b45732a5767a62b87a5a5492b94 Signed-off-by: Parker Berberian --- dashboard/src/api/models.py | 37 +++++++++++++++++++++++-------------- dashboard/src/dashboard/tasks.py | 6 +++++- 2 files changed, 28 insertions(+), 15 deletions(-) (limited to 'dashboard') diff --git a/dashboard/src/api/models.py b/dashboard/src/api/models.py index 7448ac4..9afc89a 100644 --- a/dashboard/src/api/models.py +++ b/dashboard/src/api/models.py @@ -321,10 +321,10 @@ class AccessConfig(TaskConfig): def to_dict(self): d = {} - d['access_type'] = self.access_type + d['access_type'] = self.access_type d['user'] = self.user.id d['revoke'] = self.revoke - d['context'] = self.context + d['context'] = json.loads(self.context) return d def get_delta(self): @@ -363,7 +363,7 @@ class AccessConfig(TaskConfig): self.delta = json.dumps(d) def set_context(self, context): - self.context = context + self.context = json.dumps(context) d = json.loads(self.delta) d['context'] = context self.delta = json.dumps(d) @@ -608,18 +608,28 @@ class JobFactory(object): hosts=hosts, job=job ) + all_users = list(booking.collaborators.all()) + all_users.append(booking.owner) cls.makeAccessConfig( - users=booking.collaborators.all(), - access_type="vpn", - revoke=False, - job=job - ) - cls.makeAccessConfig( - users=[booking.owner], + users=all_users, access_type="vpn", revoke=False, job=job ) + for user in all_users: + try: + cls.makeAccessConfig( + users=[user], + access_type="ssh", + revoke=False, + job=job, + context={ + "key": user.userprofile.ssh_public_key.read(), + "hosts": [host.labid for host in hosts] + } + ) + except Exception: + continue @classmethod def makeHardwareConfigs(cls, hosts=[], job=Job()): @@ -646,13 +656,15 @@ class JobFactory(object): hardware_config.save() @classmethod - def makeAccessConfig(cls, users, access_type, revoke=False, job=Job()): + def makeAccessConfig(cls, users, access_type, revoke=False, job=Job(), context=False): for user in users: relation = AccessRelation() relation.job = job config = AccessConfig() config.access_type = access_type config.user = user + if context: + config.set_context(context) config.save() relation.config = config relation.save() @@ -709,6 +721,3 @@ class JobFactory(object): return software_relation except: return None - - def makeAccess(cls, user, access_type, revoke): - pass diff --git a/dashboard/src/dashboard/tasks.py b/dashboard/src/dashboard/tasks.py index 48008b6..0f7af1c 100644 --- a/dashboard/src/dashboard/tasks.py +++ b/dashboard/src/dashboard/tasks.py @@ -73,7 +73,11 @@ def booking_poll(): def cleanup_access(qs): for relation in qs: - pass # TODO + if "vpn" in relation.config.access_type.lower(): + relation.config.set_revoke(True) + relation.config.save() + relation.status = JobStatus.NEW + relation.save() cleanup_set = Booking.objects.filter(end__lte=timezone.now()).filter(job__complete=False) -- cgit 1.2.3-korg