From c5ad66bde2aefe42bbf4cdb4ec0c7adbba286c28 Mon Sep 17 00:00:00 2001 From: Ryan Belgrave Date: Mon, 4 Dec 2017 20:36:14 -0600 Subject: [PATCH] rename public key to keypair, add keypair policies, and make network ports have project_id --- .../versions/1fdbfd6b0eea_create_instance.py | 2 +- .../b129792f908b_create_network_port.py | 2 + ...eys.py => ba0652dfa1be_create_keypairs.py} | 14 ++--- .../versions/dadf4ada480a_create_authz.py | 57 +++++++++++++++++++ ingredients_db/models/instance.py | 10 ++-- .../models/{public_key.py => keypair.py} | 6 +- ingredients_db/models/network_port.py | 3 +- ingredients_db/test/test_migrations.py | 8 +-- 8 files changed, 81 insertions(+), 21 deletions(-) rename ingredients_db/alembic/versions/{ba0652dfa1be_create_public_keys.py => ba0652dfa1be_create_keypairs.py} (83%) rename ingredients_db/models/{public_key.py => keypair.py} (87%) diff --git a/ingredients_db/alembic/versions/1fdbfd6b0eea_create_instance.py b/ingredients_db/alembic/versions/1fdbfd6b0eea_create_instance.py index aaacf1c..106d82e 100644 --- a/ingredients_db/alembic/versions/1fdbfd6b0eea_create_instance.py +++ b/ingredients_db/alembic/versions/1fdbfd6b0eea_create_instance.py @@ -26,7 +26,7 @@ def upgrade(): sa.Column('name', sa.String, nullable=False), sa.Column('tags', HSTORE), sa.Column('state', sa.Enum(InstanceState), default=InstanceState.BUILDING, nullable=False), - sa.Column('network_port_id', sau.UUIDType, sa.ForeignKey('network_ports.id', ondelete='RESTRICT')), + sa.Column('network_port_id', sau.UUIDType, sa.ForeignKey('network_ports.id', ondelete='RESTRICT'), index=True), sa.Column('region_id', sau.UUIDType, sa.ForeignKey('regions.id', ondelete='RESTRICT'), nullable=False), sa.Column('zone_id', sau.UUIDType, sa.ForeignKey('zones.id', ondelete='RESTRICT')), sa.Column('service_account_id', sau.UUIDType, sa.ForeignKey('authn_service_accounts.id', ondelete='RESTRICT'), diff --git a/ingredients_db/alembic/versions/b129792f908b_create_network_port.py b/ingredients_db/alembic/versions/b129792f908b_create_network_port.py index 6761050..9d1602c 100644 --- a/ingredients_db/alembic/versions/b129792f908b_create_network_port.py +++ b/ingredients_db/alembic/versions/b129792f908b_create_network_port.py @@ -22,6 +22,8 @@ def upgrade(): sa.Column('id', sau.UUIDType, server_default=sa.text("uuid_generate_v4()"), primary_key=True), sa.Column('network_id', sau.UUIDType, sa.ForeignKey('networks.id', ondelete='RESTRICT'), nullable=False), + sa.Column('project_id', sau.UUIDType, sa.ForeignKey('projects.id', ondelete='CASCADE'), nullable=False, + index=True), sa.Column('ip_address', sau.IPAddressType), sa.Column('created_at', sau.ArrowType(timezone=True), server_default=sa.text('clock_timestamp()'), diff --git a/ingredients_db/alembic/versions/ba0652dfa1be_create_public_keys.py b/ingredients_db/alembic/versions/ba0652dfa1be_create_keypairs.py similarity index 83% rename from ingredients_db/alembic/versions/ba0652dfa1be_create_public_keys.py rename to ingredients_db/alembic/versions/ba0652dfa1be_create_keypairs.py index 08c5f99..fb7ed58 100644 --- a/ingredients_db/alembic/versions/ba0652dfa1be_create_public_keys.py +++ b/ingredients_db/alembic/versions/ba0652dfa1be_create_keypairs.py @@ -1,4 +1,4 @@ -"""create public keys +"""create keypairs Revision ID: ba0652dfa1be Revises: 1fdbfd6b0eea @@ -18,10 +18,10 @@ def upgrade(): op.create_table( - 'public_keys', + 'keypairs', sa.Column('id', sau.UUIDType, server_default=sa.text("uuid_generate_v4()"), primary_key=True), sa.Column('name', sa.String, nullable=False), - sa.Column('key', sa.Text, nullable=False), + sa.Column('public_key', sa.Text, nullable=False), sa.Column('project_id', sau.UUIDType, sa.ForeignKey('projects.id', ondelete='CASCADE'), nullable=False), @@ -33,10 +33,10 @@ def upgrade(): ) op.create_table( - 'instance_public_keys', + 'instance_keypairs', sa.Column('id', sau.UUIDType, server_default=sa.text("uuid_generate_v4()"), primary_key=True), - sa.Column('public_key_id', sau.UUIDType, sa.ForeignKey('public_keys.id', ondelete='CASCADE')), + sa.Column('keypair_id', sau.UUIDType, sa.ForeignKey('keypairs.id', ondelete='CASCADE')), sa.Column('instance_id', sau.UUIDType, sa.ForeignKey('instances.id', ondelete='CASCADE')), sa.Column('created_at', sau.ArrowType(timezone=True), server_default=sa.text('clock_timestamp()'), @@ -48,5 +48,5 @@ def upgrade(): def downgrade(): - op.drop_table('instance_public_keys') - op.drop_table('public_keys') + op.drop_table('instance_keypairs') + op.drop_table('keypairs') diff --git a/ingredients_db/alembic/versions/dadf4ada480a_create_authz.py b/ingredients_db/alembic/versions/dadf4ada480a_create_authz.py index 128fb06..daecd16 100644 --- a/ingredients_db/alembic/versions/dadf4ada480a_create_authz.py +++ b/ingredients_db/alembic/versions/dadf4ada480a_create_authz.py @@ -473,6 +473,63 @@ def upgrade(): { "name": "builtin:users:role:remove", "description": "Ability to remove a user from a role" + }, + + # Keypairs + { + "name": "keypairs:create", + "description": "Ability to create a keypair", + "tags": [ + "project_member" + ] + }, + { + "name": "keypairs:get", + "description": "Ability to get a keypair", + "tags": [ + "project_member", + "service_account" + ] + }, + { + "name": "keypairs:list", + "description": "Ability to list keypairs", + "tags": [ + "project_member", + "service_account" + ] + }, + { + "name": "keypairs:delete", + "description": "Ability to delete a keypair", + "tags": [ + "project_member" + ] + }, + + # Network Ports + { + "name": "network_ports:get", + "description": "Ability to get a network port", + "tags": [ + "project_member", + "service_account" + ] + }, + { + "name": "network_ports:list", + "description": "Ability to list network ports", + "tags": [ + "project_member", + "service_account" + ] + }, + { + "name": "network_ports:delete", + "description": "Ability to delete a network port", + "tags": [ + "project_member" + ] } ], diff --git a/ingredients_db/models/instance.py b/ingredients_db/models/instance.py index 9035af2..a4d6f48 100644 --- a/ingredients_db/models/instance.py +++ b/ingredients_db/models/instance.py @@ -7,9 +7,9 @@ from ingredients_db.database import Base from ingredients_db.models.authn import ServiceAccountMixin +from ingredients_db.models.keypair import Keypair from ingredients_db.models.network_port import NetworkableMixin from ingredients_db.models.project import ProjectMixin -from ingredients_db.models.public_key import PublicKey from ingredients_db.models.region import RegionableNixin from ingredients_db.models.task import TaskMixin from ingredients_db.models.zones import ZonableMixin @@ -39,19 +39,19 @@ class Instance(Base, TaskMixin, NetworkableMixin, ProjectMixin, RegionableNixin, image_id = Column(UUIDType, ForeignKey('images.id', ondelete='SET NULL')) - public_keys = relationship(PublicKey, secondary='instance_public_keys') + keypairs = relationship(Keypair, secondary='instance_keypairs') created_at = Column(ArrowType(timezone=True), server_default=text('clock_timestamp()'), nullable=False, index=True) updated_at = Column(ArrowType(timezone=True), server_default=text('clock_timestamp()'), onupdate=text('clock_timestamp()'), nullable=False) -class InstancePublicKey(Base): - __tablename__ = 'instance_public_keys' +class InstanceKeypair(Base): + __tablename__ = 'instance_keypairs' id = Column(UUIDType, server_default=text("uuid_generate_v4()"), primary_key=True) - public_key_id = Column(UUIDType, ForeignKey('public_keys.id', ondelete='CASCADE')) + keypair_id = Column(UUIDType, ForeignKey('keypairs.id', ondelete='CASCADE')) instance_id = Column(UUIDType, ForeignKey('instances.id', ondelete='CASCADE')) created_at = Column(ArrowType(timezone=True), server_default=text('clock_timestamp()'), nullable=False, index=True) diff --git a/ingredients_db/models/public_key.py b/ingredients_db/models/keypair.py similarity index 87% rename from ingredients_db/models/public_key.py rename to ingredients_db/models/keypair.py index 3ab622b..b9a4146 100644 --- a/ingredients_db/models/public_key.py +++ b/ingredients_db/models/keypair.py @@ -5,12 +5,12 @@ @generic_repr -class PublicKey(Base): - __tablename__ = 'public_keys' +class Keypair(Base): + __tablename__ = 'keypairs' id = Column(UUIDType, server_default=text("uuid_generate_v4()"), primary_key=True) name = Column(String, nullable=False) - key = Column(Text, nullable=False) + public_key = Column(Text, nullable=False) project_id = Column(UUIDType, ForeignKey('projects.id', ondelete='CASCADE'), nullable=False) diff --git a/ingredients_db/models/network_port.py b/ingredients_db/models/network_port.py index 09f227e..07d412d 100644 --- a/ingredients_db/models/network_port.py +++ b/ingredients_db/models/network_port.py @@ -12,6 +12,7 @@ class NetworkPort(Base): id = Column(UUIDType, server_default=text("uuid_generate_v4()"), primary_key=True) network_id = Column(UUIDType, ForeignKey('networks.id', ondelete='RESTRICT'), nullable=False) + project_id = Column(UUIDType, ForeignKey('projects.id', ondelete='CASCADE'), nullable=False, index=True) ip_address = Column(IPAddressType) created_at = Column(ArrowType(timezone=True), server_default=text('clock_timestamp()'), nullable=False, index=True) @@ -22,4 +23,4 @@ class NetworkPort(Base): class NetworkableMixin(object): @declared_attr def network_port_id(cls): - return Column(UUIDType, ForeignKey('network_ports.id', ondelete='RESTRICT')) + return Column(UUIDType, ForeignKey('network_ports.id', ondelete='RESTRICT'), index=True) diff --git a/ingredients_db/test/test_migrations.py b/ingredients_db/test/test_migrations.py index 0cab1d0..56fd8ee 100644 --- a/ingredients_db/test/test_migrations.py +++ b/ingredients_db/test/test_migrations.py @@ -71,11 +71,11 @@ def test_model_and_migration_schemas_are_the_same(self, uri_left, uri_right, ale prepare_schema_from_migrations(uri_left, alembic_config_left) from ingredients_db.models.images import Image, ImageMembers - from ingredients_db.models.instance import Instance, InstancePublicKey + from ingredients_db.models.instance import Instance, InstanceKeypair from ingredients_db.models.network import Network from ingredients_db.models.network_port import NetworkPort from ingredients_db.models.project import Project, ProjectMembers - from ingredients_db.models.public_key import PublicKey + from ingredients_db.models.keypair import Keypair from ingredients_db.models.task import Task from ingredients_db.models.authn import AuthNUser, AuthNServiceAccount from ingredients_db.models.authz import AuthZPolicy, AuthZRole, AuthZRolePolicy @@ -87,12 +87,12 @@ def test_model_and_migration_schemas_are_the_same(self, uri_left, uri_right, ale Image.mro() ImageMembers.mro() Instance.mro() - InstancePublicKey.mro() + InstanceKeypair.mro() Network.mro() NetworkPort.mro() Project.mro() ProjectMembers.mro() - PublicKey.mro() + Keypair.mro() Task.mro() AuthNUser.mro() AuthNServiceAccount.mro()