From a06cab7b4586e7f84de334ee806232a1f4e26a46 Mon Sep 17 00:00:00 2001 From: Gonzalo Rafuls Date: Thu, 16 Jan 2025 13:44:22 +0100 Subject: [PATCH] fix: schedule creation authorization and no-wipe validation feat: added ostype to self-schedule closes: https://github.com/redhat-performance/quads/issues/563 closes: https://github.com/redhat-performance/quads/issues/564 closes: https://github.com/redhat-performance/quads/issues/565 Change-Id: I9b7d31a505fd325cc5fa138ed472179d0aa41e4d --- src/quads/server/blueprints/__init__.py | 2 +- src/quads/server/blueprints/assignments.py | 4 +++- src/quads/server/blueprints/schedules.py | 9 ++++++++- src/quads/tools/validate_env.py | 3 +++ 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/src/quads/server/blueprints/__init__.py b/src/quads/server/blueprints/__init__.py index dbff3e1c..ac6241fb 100644 --- a/src/quads/server/blueprints/__init__.py +++ b/src/quads/server/blueprints/__init__.py @@ -76,7 +76,7 @@ def decorated_function(*args, **kwargs) -> Response: "error": "Bad Request", } return Response(response=json.dumps(response), status=400) - g.current_user = username + g.current_user = current_user return f(*args, **kwargs) return decorated_function diff --git a/src/quads/server/blueprints/assignments.py b/src/quads/server/blueprints/assignments.py index f2a08e8f..a37531d2 100644 --- a/src/quads/server/blueprints/assignments.py +++ b/src/quads/server/blueprints/assignments.py @@ -244,6 +244,7 @@ def create_self_assignment() -> Response: qinq = data.get("qinq") wipe = data.get("wipe") cc_user = data.get("cc_user") + ostype = data.get("ostype") required_fields = [ "description", @@ -308,6 +309,7 @@ def create_self_assignment() -> Response: "ccuser": cc_user, "is_self_schedule": True, "cloud": _cloud.name, + "ostype": ostype, } if _vlan: kwargs["vlan_id"] = int(vlan) @@ -456,7 +458,7 @@ def terminate_assignment(assignment_id) -> Response: } return make_response(jsonify(response), 400) - username = g.current_user.split("@")[0] + username = g.current_user.email.split("@")[0] if username != _assignment.owner: response = { "status_code": 403, diff --git a/src/quads/server/blueprints/schedules.py b/src/quads/server/blueprints/schedules.py index c3b01826..db7e5ad7 100644 --- a/src/quads/server/blueprints/schedules.py +++ b/src/quads/server/blueprints/schedules.py @@ -1,6 +1,6 @@ from datetime import datetime, timedelta -from flask import Blueprint, Response, jsonify, make_response, request +from flask import Blueprint, Response, g, jsonify, make_response, request from quads.config import Config from quads.server.blueprints import check_access @@ -114,6 +114,13 @@ def create_schedule() -> Response: "message": f"No active assignment for cloud: {cloud}", } return make_response(jsonify(response), 400) + if not _assignment.is_self_schedule and "admin" not in [role.name for role in g.current_user.roles]: + response = { + "status_code": 403, + "error": "Forbidden", + "message": f"You({g.current_user.email}) don't have permission to create a schedule on {cloud}", + } + return make_response(jsonify(response), 403) existing_schedules = ScheduleDao.get_current_schedule(cloud=_cloud) if _assignment.is_self_schedule and len(existing_schedules) >= Config.get("ssm_host_limit", 10): diff --git a/src/quads/tools/validate_env.py b/src/quads/tools/validate_env.py index 3d398232..1c491a4f 100755 --- a/src/quads/tools/validate_env.py +++ b/src/quads/tools/validate_env.py @@ -409,6 +409,9 @@ async def main(_args, _logger=None): # pragma: no cover except Exception as ex: logger.debug(ex) logger.info("Failed validation for %s" % ass.cloud.name) + elif _schedule_count and not _assignment.wipe: + logger.info(f"Auto-Validating {ass.cloud.name} as marked for no wipe") + quads.update_assignment(ass.id, {"validated": True}) if __name__ == "__main__": # pragma: no cover