Skip to content

Commit

Permalink
fix: schedule creation authorization and no-wipe validation
Browse files Browse the repository at this point in the history 
feat: added ostype to self-schedule

closes: #563
closes: #564
closes: #565
Change-Id: I9b7d31a505fd325cc5fa138ed472179d0aa41e4d
  • Loading branch information
@grafuls
grafuls committed Jan 16, 2025
1 parent 8055b8d commit a06cab7
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 3 deletions.
2 changes: 1 addition & 1 deletion src/quads/server/blueprints/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ def decorated_function(*args, **kwargs) -> Response:
"error": "Bad Request",
}
return Response(response=json.dumps(response), status=400)
g.current_user = username
g.current_user = current_user
return f(*args, **kwargs)

return decorated_function
Expand Down
4 changes: 3 additions & 1 deletion src/quads/server/blueprints/assignments.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,7 @@ def create_self_assignment() -> Response:
qinq = data.get("qinq")
wipe = data.get("wipe")
cc_user = data.get("cc_user")
ostype = data.get("ostype")

required_fields = [
"description",
Expand Down Expand Up @@ -308,6 +309,7 @@ def create_self_assignment() -> Response:
"ccuser": cc_user,
"is_self_schedule": True,
"cloud": _cloud.name,
"ostype": ostype,
}
if _vlan:
kwargs["vlan_id"] = int(vlan)
Expand Down Expand Up @@ -456,7 +458,7 @@ def terminate_assignment(assignment_id) -> Response:
}
return make_response(jsonify(response), 400)

username = g.current_user.split("@")[0]
username = g.current_user.email.split("@")[0]
if username != _assignment.owner:
response = {
"status_code": 403,
Expand Down
9 changes: 8 additions & 1 deletion src/quads/server/blueprints/schedules.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
from datetime import datetime, timedelta

from flask import Blueprint, Response, jsonify, make_response, request
from flask import Blueprint, Response, g, jsonify, make_response, request

from quads.config import Config
from quads.server.blueprints import check_access
Expand Down Expand Up @@ -114,6 +114,13 @@ def create_schedule() -> Response:
"message": f"No active assignment for cloud: {cloud}",
}
return make_response(jsonify(response), 400)
if not _assignment.is_self_schedule and "admin" not in [role.name for role in g.current_user.roles]:
response = {
"status_code": 403,
"error": "Forbidden",
"message": f"You({g.current_user.email}) don't have permission to create a schedule on {cloud}",
}
return make_response(jsonify(response), 403)

existing_schedules = ScheduleDao.get_current_schedule(cloud=_cloud)
if _assignment.is_self_schedule and len(existing_schedules) >= Config.get("ssm_host_limit", 10):
Expand Down
3 changes: 3 additions & 0 deletions src/quads/tools/validate_env.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -409,6 +409,9 @@ async def main(_args, _logger=None): # pragma: no cover
except Exception as ex:
logger.debug(ex)
logger.info("Failed validation for %s" % ass.cloud.name)
elif _schedule_count and not _assignment.wipe:
logger.info(f"Auto-Validating {ass.cloud.name} as marked for no wipe")
quads.update_assignment(ass.id, {"validated": True})


if __name__ == "__main__": # pragma: no cover
Expand Down

0 comments on commit a06cab7

Please sign in to comment.