implemented add host, authenticate user before performing action of vm
This commit is contained in:
parent
68f9bebccb
commit
c474282b33
4 changed files with 123 additions and 39 deletions
1
Pipfile
1
Pipfile
|
@ -14,6 +14,7 @@ flask-restful = "*"
|
||||||
etcd3 = "*"
|
etcd3 = "*"
|
||||||
gunicorn = "*"
|
gunicorn = "*"
|
||||||
bitmath = "*"
|
bitmath = "*"
|
||||||
|
pylint = "*"
|
||||||
|
|
||||||
[requires]
|
[requires]
|
||||||
python_version = "3.7"
|
python_version = "3.7"
|
||||||
|
|
14
helper.py
14
helper.py
|
@ -8,22 +8,22 @@ from pyotp import TOTP
|
||||||
def check_otp(name, realm, token):
|
def check_otp(name, realm, token):
|
||||||
try:
|
try:
|
||||||
data = {
|
data = {
|
||||||
"auth_name": config('AUTH_NAME', ''),
|
"auth_name": config("AUTH_NAME", ""),
|
||||||
"auth_token": TOTP(config('AUTH_SEED', '')).now(),
|
"auth_token": TOTP(config("AUTH_SEED", "")).now(),
|
||||||
"auth_realm": config('AUTH_REALM', ''),
|
"auth_realm": config("AUTH_REALM", ""),
|
||||||
"name": name,
|
"name": name,
|
||||||
"realm": realm,
|
"realm": realm,
|
||||||
"token": token
|
"token": token,
|
||||||
}
|
}
|
||||||
except binascii.Error:
|
except binascii.Error:
|
||||||
return 400
|
return 400
|
||||||
|
|
||||||
response = requests.post(
|
response = requests.post(
|
||||||
"{OTP_SERVER}{OTP_VERIFY_ENDPOINT}".format(
|
"{OTP_SERVER}{OTP_VERIFY_ENDPOINT}".format(
|
||||||
OTP_SERVER=config('OTP_SERVER', ''),
|
OTP_SERVER=config("OTP_SERVER", ""),
|
||||||
OTP_VERIFY_ENDPOINT=config('OTP_VERIFY_ENDPOINT', 'verify/')
|
OTP_VERIFY_ENDPOINT=config("OTP_VERIFY_ENDPOINT", "verify/"),
|
||||||
),
|
),
|
||||||
data=data
|
data=data,
|
||||||
)
|
)
|
||||||
return response.status_code
|
return response.status_code
|
||||||
|
|
||||||
|
|
134
main.py
134
main.py
|
@ -1,6 +1,7 @@
|
||||||
# TODO
|
# TODO
|
||||||
# convert etcd3 usage to etcd3_wrapper
|
# 1. Allow user of realm ungleich-admin to perform any action on
|
||||||
import etcd3
|
# any user vm.
|
||||||
|
|
||||||
import json
|
import json
|
||||||
|
|
||||||
from helper import check_otp, add_otp_args, add_vmid_args
|
from helper import check_otp, add_otp_args, add_vmid_args
|
||||||
|
@ -10,11 +11,11 @@ from decouple import config
|
||||||
from uuid import uuid4
|
from uuid import uuid4
|
||||||
from etcd3_wrapper import Etcd3Wrapper
|
from etcd3_wrapper import Etcd3Wrapper
|
||||||
from specs_parser import SpecsParser
|
from specs_parser import SpecsParser
|
||||||
|
from functools import wraps
|
||||||
|
|
||||||
app = Flask(__name__)
|
app = Flask(__name__)
|
||||||
api = Api(app)
|
api = Api(app)
|
||||||
|
|
||||||
etcd_client = etcd3.client(host=config("ETCD_HOST"), port=int(config("ETCD_PORT")))
|
|
||||||
client = Etcd3Wrapper()
|
client = Etcd3Wrapper()
|
||||||
|
|
||||||
# CreateVM argparser
|
# CreateVM argparser
|
||||||
|
@ -48,6 +49,12 @@ add_otp_args(uservm_argparser)
|
||||||
# Specs parser
|
# Specs parser
|
||||||
specs_parser = SpecsParser(exceptional_devices=["cpu"])
|
specs_parser = SpecsParser(exceptional_devices=["cpu"])
|
||||||
|
|
||||||
|
# AddHost argparser
|
||||||
|
addhost_argparser = reqparse.RequestParser()
|
||||||
|
addhost_argparser.add_argument("hostname", type=str, required=True)
|
||||||
|
addhost_argparser.add_argument("specs", type=dict, required=True)
|
||||||
|
add_otp_args(addhost_argparser)
|
||||||
|
|
||||||
|
|
||||||
def is_image_valid(image_uuid):
|
def is_image_valid(image_uuid):
|
||||||
images = client.get_prefix("/v1/image/")
|
images = client.get_prefix("/v1/image/")
|
||||||
|
@ -57,25 +64,36 @@ def is_image_valid(image_uuid):
|
||||||
class CreateVM(Resource):
|
class CreateVM(Resource):
|
||||||
def post(self):
|
def post(self):
|
||||||
createvm_args = createvm_argparser.parse_args()
|
createvm_args = createvm_argparser.parse_args()
|
||||||
name, realm, token, specs, image_uuid = createvm_args.name, createvm_args.realm,\
|
name, realm, token, specs, image_uuid = (
|
||||||
createvm_args.token, createvm_args.specs,\
|
createvm_args.name,
|
||||||
createvm_args.image_uuid
|
createvm_args.realm,
|
||||||
|
createvm_args.token,
|
||||||
|
createvm_args.specs,
|
||||||
|
createvm_args.image_uuid,
|
||||||
|
)
|
||||||
|
|
||||||
if check_otp(name, realm, token) == 200:
|
if check_otp(name, realm, token) == 200:
|
||||||
# User is good
|
# User is good
|
||||||
if is_image_valid(image_uuid):
|
if is_image_valid(image_uuid):
|
||||||
if not specs_parser.transform_specs(specs):
|
if not specs_parser.transform_specs(specs):
|
||||||
return {"message": f"""Invalid unit - Please use following units {specs_parser.get_allowed_units()}"""}, 400
|
return (
|
||||||
|
{
|
||||||
|
"message": f"""Invalid unit - Please use following units {specs_parser.get_allowed_units()}"""
|
||||||
|
},
|
||||||
|
400,
|
||||||
|
)
|
||||||
|
|
||||||
print(specs)
|
print(specs)
|
||||||
vm_key = f"/v1/vm/{uuid4().hex}"
|
vm_key = f"/v1/vm/{uuid4().hex}"
|
||||||
vm_entry = {"owner": name,
|
vm_entry = {
|
||||||
|
"owner": name,
|
||||||
"specs": specs,
|
"specs": specs,
|
||||||
"hostname": "",
|
"hostname": "",
|
||||||
"status": "REQUESTED_NEW",
|
"status": "REQUESTED_NEW",
|
||||||
"image_uuid": image_uuid}
|
"image_uuid": image_uuid,
|
||||||
|
}
|
||||||
|
|
||||||
etcd_client.put(vm_key, json.dumps(vm_entry))
|
client.put(vm_key, vm_entry, value_in_json=True)
|
||||||
|
|
||||||
return {"message": "VM Creation Queued"}, 200
|
return {"message": "VM Creation Queued"}, 200
|
||||||
else:
|
else:
|
||||||
|
@ -87,18 +105,23 @@ class CreateVM(Resource):
|
||||||
class DeleteVM(Resource):
|
class DeleteVM(Resource):
|
||||||
def post(self):
|
def post(self):
|
||||||
deletevm_args = deletevm_argparser.parse_args()
|
deletevm_args = deletevm_argparser.parse_args()
|
||||||
name, realm, token, vmid = deletevm_args.name, deletevm_args.realm,\
|
name, realm, token, vmid = (
|
||||||
deletevm_args.token, deletevm_args.vmid
|
deletevm_args.name,
|
||||||
|
deletevm_args.realm,
|
||||||
|
deletevm_args.token,
|
||||||
|
deletevm_args.vmid,
|
||||||
|
)
|
||||||
|
|
||||||
if check_otp(name, realm, token) == 200:
|
if check_otp(name, realm, token) == 200:
|
||||||
# User is good
|
# User is good
|
||||||
|
|
||||||
vmentry_etcd = etcd_client.get(f"/v1/vm/{vmid}")[0]
|
vmentry_etcd = client.get(f"/v1/vm/{vmid}").value
|
||||||
if vmentry_etcd:
|
if vmentry_etcd:
|
||||||
vmentry_etcd = json.loads(vmentry_etcd)
|
vmentry_etcd = json.loads(vmentry_etcd)
|
||||||
vmentry_etcd["status"] = "REQUESTED_DELETE"
|
vmentry_etcd["status"] = "REQUESTED_DELETE"
|
||||||
|
|
||||||
etcd_client.put(f"/v1/vm/{vmid}", json.dumps(vmentry_etcd))
|
client.put(f"/v1/vm/{vmid}", vmentry_etcd,
|
||||||
|
value_in_json=True)
|
||||||
|
|
||||||
return {"message": "VM Deletion Queued"}, 200
|
return {"message": "VM Deletion Queued"}, 200
|
||||||
else:
|
else:
|
||||||
|
@ -110,7 +133,7 @@ class DeleteVM(Resource):
|
||||||
class VmStatus(Resource):
|
class VmStatus(Resource):
|
||||||
def get(self):
|
def get(self):
|
||||||
args = vmstatus_argparser.parse_args()
|
args = vmstatus_argparser.parse_args()
|
||||||
r = etcd_client.get(f"/v1/vm/{args.vmid}")[0]
|
r = client.get(f"/v1/vm/{args.vmid}").value
|
||||||
print(r)
|
print(r)
|
||||||
if r:
|
if r:
|
||||||
r = dict(json.loads(r.decode("utf-8")))
|
r = dict(json.loads(r.decode("utf-8")))
|
||||||
|
@ -127,13 +150,18 @@ class CreateImage(Resource):
|
||||||
|
|
||||||
file_entry = client.get(f"/v1/files/{image_file_uuid}")
|
file_entry = client.get(f"/v1/files/{image_file_uuid}")
|
||||||
if file_entry is None:
|
if file_entry is None:
|
||||||
return {
|
return (
|
||||||
"Message":
|
{"Message": f"Image File with uuid '{image_file_uuid}' Not Found"},
|
||||||
f"Image File with uuid '{image_file_uuid}' Not Found"}, 400
|
400,
|
||||||
|
)
|
||||||
|
|
||||||
file_entry_value = json.loads(file_entry.value)
|
file_entry_value = json.loads(file_entry.value)
|
||||||
|
|
||||||
image_store = list(filter(lambda s: json.loads(s.value)["name"] == image_store_name, image_stores))
|
image_store = list(
|
||||||
|
filter(
|
||||||
|
lambda s: json.loads(s.value)["name"] == image_store_name, image_stores
|
||||||
|
)
|
||||||
|
)
|
||||||
if not image_store:
|
if not image_store:
|
||||||
return {"Message": f"Store '{image_store_name}' does not exists"}, 400
|
return {"Message": f"Store '{image_store_name}' does not exists"}, 400
|
||||||
|
|
||||||
|
@ -144,7 +172,7 @@ class CreateImage(Resource):
|
||||||
"filename": file_entry_value["filename"],
|
"filename": file_entry_value["filename"],
|
||||||
"name": args.name,
|
"name": args.name,
|
||||||
"store_name": image_store_name,
|
"store_name": image_store_name,
|
||||||
"visibility": "public"
|
"visibility": "public",
|
||||||
}
|
}
|
||||||
client.put(f"/v1/image/{image_file_uuid}", json.dumps(image_entry_json))
|
client.put(f"/v1/image/{image_file_uuid}", json.dumps(image_entry_json))
|
||||||
|
|
||||||
|
@ -168,6 +196,8 @@ class StartVM(Resource):
|
||||||
|
|
||||||
if check_otp(name, realm, token) == 200:
|
if check_otp(name, realm, token) == 200:
|
||||||
vm = client.get(f"/v1/vm/{vm_uuid}", value_in_json=True)
|
vm = client.get(f"/v1/vm/{vm_uuid}", value_in_json=True)
|
||||||
|
if vm.value["owner"] != name:
|
||||||
|
return {"message": "Invalid User"}
|
||||||
if vm:
|
if vm:
|
||||||
vm.value["status"] = "REQUESTED_START"
|
vm.value["status"] = "REQUESTED_START"
|
||||||
client.put(vm.key, json.dumps(vm.value))
|
client.put(vm.key, json.dumps(vm.value))
|
||||||
|
@ -185,6 +215,8 @@ class SuspendVM(Resource):
|
||||||
|
|
||||||
if check_otp(name, realm, token) == 200:
|
if check_otp(name, realm, token) == 200:
|
||||||
vm = client.get(f"/v1/vm/{vm_uuid}", value_in_json=True)
|
vm = client.get(f"/v1/vm/{vm_uuid}", value_in_json=True)
|
||||||
|
if vm.value["owner"] != name:
|
||||||
|
return {"message": "Invalid User"}
|
||||||
if vm:
|
if vm:
|
||||||
vm.value["status"] = "REQUESTED_SUSPEND"
|
vm.value["status"] = "REQUESTED_SUSPEND"
|
||||||
client.put(vm.key, json.dumps(vm.value))
|
client.put(vm.key, json.dumps(vm.value))
|
||||||
|
@ -202,6 +234,8 @@ class ResumeVM(Resource):
|
||||||
|
|
||||||
if check_otp(name, realm, token) == 200:
|
if check_otp(name, realm, token) == 200:
|
||||||
vm = client.get(f"/v1/vm/{vm_uuid}", value_in_json=True)
|
vm = client.get(f"/v1/vm/{vm_uuid}", value_in_json=True)
|
||||||
|
if vm.value["owner"] != name:
|
||||||
|
return {"message": "Invalid User"}
|
||||||
if vm:
|
if vm:
|
||||||
vm.value["status"] = "REQUESTED_RESUME"
|
vm.value["status"] = "REQUESTED_RESUME"
|
||||||
client.put(vm.key, json.dumps(vm.value))
|
client.put(vm.key, json.dumps(vm.value))
|
||||||
|
@ -219,6 +253,9 @@ class ShutdownVM(Resource):
|
||||||
|
|
||||||
if check_otp(name, realm, token) == 200:
|
if check_otp(name, realm, token) == 200:
|
||||||
vm = client.get(f"/v1/vm/{vm_uuid}", value_in_json=True)
|
vm = client.get(f"/v1/vm/{vm_uuid}", value_in_json=True)
|
||||||
|
if vm.value["owner"] != name:
|
||||||
|
return {"message": "Invalid User"}
|
||||||
|
|
||||||
if vm:
|
if vm:
|
||||||
vm.value["status"] = "REQUESTED_SHUTDOWN"
|
vm.value["status"] = "REQUESTED_SHUTDOWN"
|
||||||
client.put(vm.key, json.dumps(vm.value))
|
client.put(vm.key, json.dumps(vm.value))
|
||||||
|
@ -240,11 +277,13 @@ class ListUserVM(Resource):
|
||||||
return_vms = []
|
return_vms = []
|
||||||
user_vms = list(filter(lambda v: v.value["owner"] == name, vms))
|
user_vms = list(filter(lambda v: v.value["owner"] == name, vms))
|
||||||
for vm in user_vms:
|
for vm in user_vms:
|
||||||
return_vms.append({
|
return_vms.append(
|
||||||
|
{
|
||||||
"vm_uuid": vm.key.split("/")[-1],
|
"vm_uuid": vm.key.split("/")[-1],
|
||||||
"specs": vm.value["specs"],
|
"specs": vm.value["specs"],
|
||||||
"status": vm.value["status"]
|
"status": vm.value["status"],
|
||||||
})
|
}
|
||||||
|
)
|
||||||
return {"message": return_vms}, 200
|
return {"message": return_vms}, 200
|
||||||
else:
|
else:
|
||||||
return {"message": "No VM found"}, 404
|
return {"message": "No VM found"}, 404
|
||||||
|
@ -263,15 +302,55 @@ class ListUserFiles(Resource):
|
||||||
return_files = []
|
return_files = []
|
||||||
user_files = list(filter(lambda f: f.value["owner"] == name, files))
|
user_files = list(filter(lambda f: f.value["owner"] == name, files))
|
||||||
for file in user_files:
|
for file in user_files:
|
||||||
return_files.append({
|
return_files.append(
|
||||||
"filename": vm.value["filename"]
|
{
|
||||||
})
|
"filename": file.value["filename"],
|
||||||
|
"uuid": file.key.split("/")[-1],
|
||||||
|
}
|
||||||
|
)
|
||||||
return {"message": return_files}, 200
|
return {"message": return_files}, 200
|
||||||
else:
|
else:
|
||||||
return {"message": "No File found"}, 404
|
return {"message": "No File found"}, 404
|
||||||
else:
|
else:
|
||||||
return {"message": "Invalid Credentials"}, 400
|
return {"message": "Invalid Credentials"}, 400
|
||||||
|
|
||||||
|
|
||||||
|
class CreateHost(Resource):
|
||||||
|
def post(self):
|
||||||
|
args = addhost_argparser.parse_args()
|
||||||
|
name, realm, token, specs, hostname = (
|
||||||
|
args.name,
|
||||||
|
args.realm,
|
||||||
|
args.token,
|
||||||
|
args.specs,
|
||||||
|
args.hostname,
|
||||||
|
)
|
||||||
|
|
||||||
|
if realm == "ungleich-admin" and check_otp(name, realm, token) == 200:
|
||||||
|
# User is good
|
||||||
|
if not specs_parser.transform_specs(specs):
|
||||||
|
return (
|
||||||
|
{
|
||||||
|
"message": f"""Invalid unit - Please use following units {specs_parser.get_allowed_units()}"""
|
||||||
|
},
|
||||||
|
400,
|
||||||
|
)
|
||||||
|
|
||||||
|
print(specs)
|
||||||
|
host_key = f"/v1/host/{uuid4().hex}"
|
||||||
|
host_entry = {
|
||||||
|
"specs": specs,
|
||||||
|
"hostname": hostname,
|
||||||
|
"status": "DEAD",
|
||||||
|
"last_heart_beat": "",
|
||||||
|
}
|
||||||
|
client.put(host_key, host_entry, value_in_json=True)
|
||||||
|
|
||||||
|
return {"message": "Host Created"}, 200
|
||||||
|
else:
|
||||||
|
return {"message": "Invalid Credentials/Insufficient Permission"}, 400
|
||||||
|
|
||||||
|
|
||||||
api.add_resource(CreateVM, "/vm/create")
|
api.add_resource(CreateVM, "/vm/create")
|
||||||
api.add_resource(DeleteVM, "/vm/delete")
|
api.add_resource(DeleteVM, "/vm/delete")
|
||||||
api.add_resource(VmStatus, "/vm/status")
|
api.add_resource(VmStatus, "/vm/status")
|
||||||
|
@ -287,5 +366,8 @@ api.add_resource(ListPublicImages, "/image/list-public")
|
||||||
api.add_resource(ListUserVM, "/user/vms")
|
api.add_resource(ListUserVM, "/user/vms")
|
||||||
api.add_resource(ListUserFiles, "/user/files")
|
api.add_resource(ListUserFiles, "/user/files")
|
||||||
|
|
||||||
|
api.add_resource(CreateHost, "/host/create")
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
app.run(host="::", debug=True)
|
app.run(host="::", debug=True)
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
import bitmath
|
import bitmath
|
||||||
|
|
||||||
|
|
||||||
class SpecsParser(object):
|
class SpecsParser(object):
|
||||||
def __init__(self, exceptional_devices, allowed_unit = 10):
|
def __init__(self, exceptional_devices, allowed_unit=10):
|
||||||
self.exceptional_devices = exceptional_devices
|
self.exceptional_devices = exceptional_devices
|
||||||
self.allowed_unit = allowed_unit
|
self.allowed_unit = allowed_unit
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue