Merge pull request #7 from sandwichcloud/keypair

rename public key to keypair, add keypair policies, and make network …

ingredients_db/alembic/versions/1fdbfd6b0eea_create_instance.py

@@ -26,7 +26,7 @@ def upgrade():
         sa.Column('name', sa.String, nullable=False),
         sa.Column('tags', HSTORE),
         sa.Column('state', sa.Enum(InstanceState), default=InstanceState.BUILDING, nullable=False),
-        sa.Column('network_port_id', sau.UUIDType, sa.ForeignKey('network_ports.id', ondelete='RESTRICT')),
+        sa.Column('network_port_id', sau.UUIDType, sa.ForeignKey('network_ports.id', ondelete='RESTRICT'), index=True),
         sa.Column('region_id', sau.UUIDType, sa.ForeignKey('regions.id', ondelete='RESTRICT'), nullable=False),
         sa.Column('zone_id', sau.UUIDType, sa.ForeignKey('zones.id', ondelete='RESTRICT')),
         sa.Column('service_account_id', sau.UUIDType, sa.ForeignKey('authn_service_accounts.id', ondelete='RESTRICT'),

ingredients_db/alembic/versions/b129792f908b_create_network_port.py

@@ -22,6 +22,8 @@ def upgrade():
         sa.Column('id', sau.UUIDType, server_default=sa.text("uuid_generate_v4()"), primary_key=True),
 
         sa.Column('network_id', sau.UUIDType, sa.ForeignKey('networks.id', ondelete='RESTRICT'), nullable=False),
+        sa.Column('project_id', sau.UUIDType, sa.ForeignKey('projects.id', ondelete='CASCADE'), nullable=False,
+                  index=True),
         sa.Column('ip_address', sau.IPAddressType),
 
         sa.Column('created_at', sau.ArrowType(timezone=True), server_default=sa.text('clock_timestamp()'),

ingredients_db/alembic/versions/ba0652dfa1be_create_public_keys.py → ingredients_db/alembic/versions/ba0652dfa1be_create_keypairs.py

@@ -1,4 +1,4 @@
-"""create public keys
+"""create keypairs
 
 Revision ID: ba0652dfa1be
 Revises: 1fdbfd6b0eea
@@ -18,10 +18,10 @@
 
 def upgrade():
     op.create_table(
-        'public_keys',
+        'keypairs',
         sa.Column('id', sau.UUIDType, server_default=sa.text("uuid_generate_v4()"), primary_key=True),
         sa.Column('name', sa.String, nullable=False),
-        sa.Column('key', sa.Text, nullable=False),
+        sa.Column('public_key', sa.Text, nullable=False),
 
         sa.Column('project_id', sau.UUIDType, sa.ForeignKey('projects.id', ondelete='CASCADE'), nullable=False),
 
@@ -33,10 +33,10 @@ def upgrade():
     )
 
     op.create_table(
-        'instance_public_keys',
+        'instance_keypairs',
         sa.Column('id', sau.UUIDType, server_default=sa.text("uuid_generate_v4()"), primary_key=True),
 
-        sa.Column('public_key_id', sau.UUIDType, sa.ForeignKey('public_keys.id', ondelete='CASCADE')),
+        sa.Column('keypair_id', sau.UUIDType, sa.ForeignKey('keypairs.id', ondelete='CASCADE')),
         sa.Column('instance_id', sau.UUIDType, sa.ForeignKey('instances.id', ondelete='CASCADE')),
 
         sa.Column('created_at', sau.ArrowType(timezone=True), server_default=sa.text('clock_timestamp()'),
@@ -48,5 +48,5 @@ def upgrade():
 
 
 def downgrade():
-    op.drop_table('instance_public_keys')
-    op.drop_table('public_keys')
+    op.drop_table('instance_keypairs')
+    op.drop_table('keypairs')

ingredients_db/alembic/versions/dadf4ada480a_create_authz.py

@@ -473,6 +473,63 @@ def upgrade():
             {
                 "name": "builtin:users:role:remove",
                 "description": "Ability to remove a user from a role"
+            },
+
+            # Keypairs
+            {
+                "name": "keypairs:create",
+                "description": "Ability to create a keypair",
+                "tags": [
+                    "project_member"
+                ]
+            },
+            {
+                "name": "keypairs:get",
+                "description": "Ability to get a keypair",
+                "tags": [
+                    "project_member",
+                    "service_account"
+                ]
+            },
+            {
+                "name": "keypairs:list",
+                "description": "Ability to list keypairs",
+                "tags": [
+                    "project_member",
+                    "service_account"
+                ]
+            },
+            {
+                "name": "keypairs:delete",
+                "description": "Ability to delete a keypair",
+                "tags": [
+                    "project_member"
+                ]
+            },
+
+            # Network Ports
+            {
+                "name": "network_ports:get",
+                "description": "Ability to get a network port",
+                "tags": [
+                    "project_member",
+                    "service_account"
+                ]
+            },
+            {
+                "name": "network_ports:list",
+                "description": "Ability to list  network ports",
+                "tags": [
+                    "project_member",
+                    "service_account"
+                ]
+            },
+            {
+                "name": "network_ports:delete",
+                "description": "Ability to delete a network port",
+                "tags": [
+                    "project_member"
+                ]
             }
 
         ],

ingredients_db/models/instance.py

@@ -7,9 +7,9 @@
 
 from ingredients_db.database import Base
 from ingredients_db.models.authn import ServiceAccountMixin
+from ingredients_db.models.keypair import Keypair
 from ingredients_db.models.network_port import NetworkableMixin
 from ingredients_db.models.project import ProjectMixin
-from ingredients_db.models.public_key import PublicKey
 from ingredients_db.models.region import RegionableNixin
 from ingredients_db.models.task import TaskMixin
 from ingredients_db.models.zones import ZonableMixin
@@ -39,19 +39,19 @@ class Instance(Base, TaskMixin, NetworkableMixin, ProjectMixin, RegionableNixin,
 
     image_id = Column(UUIDType, ForeignKey('images.id', ondelete='SET NULL'))
 
-    public_keys = relationship(PublicKey, secondary='instance_public_keys')
+    keypairs = relationship(Keypair, secondary='instance_keypairs')
 
     created_at = Column(ArrowType(timezone=True), server_default=text('clock_timestamp()'), nullable=False, index=True)
     updated_at = Column(ArrowType(timezone=True), server_default=text('clock_timestamp()'),
                         onupdate=text('clock_timestamp()'), nullable=False)
 
 
-class InstancePublicKey(Base):
-    __tablename__ = 'instance_public_keys'
+class InstanceKeypair(Base):
+    __tablename__ = 'instance_keypairs'
 
     id = Column(UUIDType, server_default=text("uuid_generate_v4()"), primary_key=True)
 
-    public_key_id = Column(UUIDType, ForeignKey('public_keys.id', ondelete='CASCADE'))
+    keypair_id = Column(UUIDType, ForeignKey('keypairs.id', ondelete='CASCADE'))
     instance_id = Column(UUIDType, ForeignKey('instances.id', ondelete='CASCADE'))
 
     created_at = Column(ArrowType(timezone=True), server_default=text('clock_timestamp()'), nullable=False, index=True)

ingredients_db/models/public_key.py → ingredients_db/models/keypair.py

@@ -5,12 +5,12 @@
 
 
 @generic_repr
-class PublicKey(Base):
-    __tablename__ = 'public_keys'
+class Keypair(Base):
+    __tablename__ = 'keypairs'
 
     id = Column(UUIDType, server_default=text("uuid_generate_v4()"), primary_key=True)
     name = Column(String, nullable=False)
-    key = Column(Text, nullable=False)
+    public_key = Column(Text, nullable=False)
 
     project_id = Column(UUIDType, ForeignKey('projects.id', ondelete='CASCADE'), nullable=False)
 

ingredients_db/models/network_port.py

@@ -12,6 +12,7 @@ class NetworkPort(Base):
     id = Column(UUIDType, server_default=text("uuid_generate_v4()"), primary_key=True)
 
     network_id = Column(UUIDType, ForeignKey('networks.id', ondelete='RESTRICT'), nullable=False)
+    project_id = Column(UUIDType, ForeignKey('projects.id', ondelete='CASCADE'), nullable=False, index=True)
     ip_address = Column(IPAddressType)
 
     created_at = Column(ArrowType(timezone=True), server_default=text('clock_timestamp()'), nullable=False, index=True)
@@ -22,4 +23,4 @@ class NetworkPort(Base):
 class NetworkableMixin(object):
     @declared_attr
     def network_port_id(cls):
-        return Column(UUIDType, ForeignKey('network_ports.id', ondelete='RESTRICT'))
+        return Column(UUIDType, ForeignKey('network_ports.id', ondelete='RESTRICT'), index=True)

ingredients_db/test/test_migrations.py

@@ -71,11 +71,11 @@ def test_model_and_migration_schemas_are_the_same(self, uri_left, uri_right, ale
         prepare_schema_from_migrations(uri_left, alembic_config_left)
 
         from ingredients_db.models.images import Image, ImageMembers
-        from ingredients_db.models.instance import Instance, InstancePublicKey
+        from ingredients_db.models.instance import Instance, InstanceKeypair
         from ingredients_db.models.network import Network
         from ingredients_db.models.network_port import NetworkPort
         from ingredients_db.models.project import Project, ProjectMembers
-        from ingredients_db.models.public_key import PublicKey
+        from ingredients_db.models.keypair import Keypair
         from ingredients_db.models.task import Task
         from ingredients_db.models.authn import AuthNUser, AuthNServiceAccount
         from ingredients_db.models.authz import AuthZPolicy, AuthZRole, AuthZRolePolicy
@@ -87,12 +87,12 @@ def test_model_and_migration_schemas_are_the_same(self, uri_left, uri_right, ale
         Image.mro()
         ImageMembers.mro()
         Instance.mro()
-        InstancePublicKey.mro()
+        InstanceKeypair.mro()
         Network.mro()
         NetworkPort.mro()
         Project.mro()
         ProjectMembers.mro()
-        PublicKey.mro()
+        Keypair.mro()
         Task.mro()
         AuthNUser.mro()
         AuthNServiceAccount.mro()