Merge pull request #452 from opdemand/external-push

Push domain object for external builder module

Author: mboersma

.coveragerc

@@ -8,7 +8,11 @@ omit =
     client/models.py
     cm/__init__.py
     cm/models.py
+    provider/digitalocean.py
+    provider/ec2.py
     provider/models.py
+    provider/rackspace.py
+    provider/static.py
     web/__init__.py
     web/models.py
     web/templatetags/__init__.py

api/migrations/0005_auto__add_push__add_unique_push_app_uuid.py

@@ -694,6 +694,31 @@ def __str__(self):
         return "{0}-v{1}".format(self.app.id, self.version)
 
 
+@python_2_unicode_compatible
+class Push(UuidAuditedModel):
+    """
+    Instance of a push used to trigger an application build
+    """
+    owner = models.ForeignKey(settings.AUTH_USER_MODEL)
+    app = models.ForeignKey('App')
+    sha = models.CharField(max_length=40)
+
+    fingerprint = models.CharField(max_length=255)
+    receive_user = models.CharField(max_length=255)
+    receive_repo = models.CharField(max_length=255)
+
+    ssh_connection = models.CharField(max_length=255)
+    ssh_original_command = models.CharField(max_length=255)
+
+    class Meta:
+        get_latest_by = 'created'
+        ordering = ['-created']
+        unique_together = (('app', 'uuid'),)
+
+    def __str__(self):
+        return "{0}-{1}".format(self.app.id, self.sha[8:])
+
+
 @python_2_unicode_compatible
 class Build(UuidAuditedModel):
     """

api/models.py

@@ -86,6 +86,18 @@ class Meta:
         read_only_fields = ('created', 'updated')
 
 
+class PushSerializer(serializers.ModelSerializer):
+    """Serialize a :class:`~api.models.Push` model."""
+
+    owner = serializers.Field(source='owner.username')
+    app = serializers.SlugRelatedField(slug_field='id')
+
+    class Meta:
+        """Metadata options for a :class:`PushSerializer`."""
+        model = models.Push
+        read_only_fields = ('uuid', 'created', 'updated')
+
+
 class ConfigSerializer(serializers.ModelSerializer):
     """Serialize a :class:`~api.models.Config` model."""
 

api/serializers.py

@@ -64,7 +64,7 @@ def test_auth(self):
         url = '/api/flavors'
         response = self.client.get(url)
         self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.data['count'], 2)
+        self.assertEqual(response.data['count'], 20)
         # test logout and login
         url = '/api/auth/logout/'
         response = self.client.post(url, content_type='application/json')

api/tests/test_auth.py

@@ -0,0 +1,109 @@
+"""
+Unit tests for the Deis api app.
+
+Run the tests with "./manage.py test api"
+"""
+
+from __future__ import unicode_literals
+
+import json
+
+from django.test import TestCase
+from django.test.utils import override_settings
+
+from deis import settings
+
+
+@override_settings(CELERY_ALWAYS_EAGER=True)
+class PushTest(TestCase):
+
+    """Tests pushes into the push system"""
+
+    fixtures = ['tests.json']
+
+    def setUp(self):
+        self.assertTrue(
+            self.client.login(username='autotest', password='password'))
+        url = '/api/providers'
+        creds = {'secret_key': 'x' * 64, 'access_key': 1 * 20}
+        body = {'id': 'autotest', 'type': 'mock', 'creds': json.dumps(creds)}
+        response = self.client.post(url, json.dumps(body), content_type='application/json')
+        self.assertEqual(response.status_code, 201)
+        url = '/api/flavors'
+        body = {
+            'id': 'autotest',
+            'provider': 'autotest',
+            'params': json.dumps({'region': 'us-west-2'}),
+        }
+        response = self.client.post(url, json.dumps(body), content_type='application/json')
+        self.assertEqual(response.status_code, 201)
+        response = self.client.post('/api/formations', json.dumps(
+            {'id': 'autotest', 'domain': 'localhost.localdomain'}),
+            content_type='application/json')
+        self.assertEqual(response.status_code, 201)
+
+    def test_push(self):
+        """
+        Test that a user can push into the system
+        """
+        url = '/api/apps'
+        body = {'formation': 'autotest'}
+        response = self.client.post(url, json.dumps(body), content_type='application/json')
+        self.assertEqual(response.status_code, 201)
+        app_id = response.data['id']
+        # prepare a push body
+        body = {
+            'sha': 'df1e628f2244b73f9cdf944f880a2b3470a122f4',
+            'fingerprint': '88:25:ed:67:56:91:3d:c6:1b:7f:42:c6:9b:41:24:80',
+            'receive_user': 'autotest',
+            'receive_repo': 'repo.git',
+            'ssh_connection': '10.0.1.10 50337 172.17.0.143 22',
+            'ssh_original_command': "git-receive-pack 'repo.git'",
+        }
+        # post a request without the auth header
+        url = "/api/apps/{app_id}/push".format(**locals())
+        response = self.client.post(url, json.dumps(body), content_type='application/json')
+        self.assertEqual(response.status_code, 403)
+        # now try with the builder key in the special auth header
+        response = self.client.post(url, json.dumps(body), content_type='application/json',
+                                    HTTP_X_DEIS_BUILDER_AUTH=settings.BUILDER_KEY)
+        self.assertEqual(response.status_code, 201)
+        for k in ('owner', 'app', 'sha', 'fingerprint', 'receive_repo', 'receive_user',
+                  'ssh_connection', 'ssh_original_command'):
+            self.assertIn(k, response.data)
+
+    def test_push_abuse(self):
+        # create a legit app
+        url = '/api/apps'
+        body = {'formation': 'autotest'}
+        response = self.client.post(url, json.dumps(body), content_type='application/json')
+        self.assertEqual(response.status_code, 201)
+        app_id = response.data['id']
+        # register an evil user
+        username, password = 'eviluser', 'password'
+        first_name, last_name = 'Evil', 'User'
+        email = 'evil@deis.io'
+        submit = {
+            'username': username,
+            'password': password,
+            'first_name': first_name,
+            'last_name': last_name,
+            'email': email,
+        }
+        url = '/api/auth/register'
+        response = self.client.post(url, json.dumps(submit), content_type='application/json')
+        self.assertEqual(response.status_code, 201)
+        # prepare a push body that simulates a git push
+        body = {
+            'sha': 'df1e628f2244b73f9cdf944f880a2b3470a122f4',
+            'fingerprint': '88:25:ed:67:56:91:3d:c6:1b:7f:42:c6:9b:41:24:99',
+            'receive_user': 'eviluser',
+            'receive_repo': 'repo.git',
+            'ssh_connection': '10.0.1.10 50337 172.17.0.143 22',
+            'ssh_original_command': "git-receive-pack 'repo.git'",
+        }
+        # try to push as "eviluser"
+        url = "/api/apps/{app_id}/push".format(**locals())
+        response = self.client.post(url, json.dumps(body), content_type='application/json',
+                                    HTTP_X_DEIS_BUILDER_AUTH=settings.BUILDER_KEY)
+        self.assertEqual(response.status_code, 403)

api/tests/test_push.py

@@ -189,6 +189,10 @@
 Application Release Components
 ------------------------------
 
+.. http:post:: /api/apps/(string:id)/push/
+
+  Create a new :class:`~api.models.Push`.
+
 .. http:get:: /api/apps/(string:id)/config/
 
   List all :class:`~api.models.Config`\s.
@@ -405,6 +409,8 @@
     url(r'^formations/?',
         views.FormationViewSet.as_view({'get': 'list', 'post': 'create'})),
     # application release components
+    url(r'^apps/(?P<id>[-_\w]+)/push/?',
+        views.AppPushViewSet.as_view({'post': 'create'})),
     url(r'^apps/(?P<id>[-_\w]+)/config/?',
         views.AppConfigViewSet.as_view({'get': 'retrieve', 'post': 'create'})),
     url(r'^apps/(?P<id>[-_\w]+)/builds/(?P<uuid>[-_\w]+)/?',

api/urls.py

@@ -25,6 +25,8 @@
 
 from api import models, serializers, tasks
 
+from deis import settings
+
 
 class AnonymousAuthentication(BaseAuthentication):
 
@@ -108,6 +110,22 @@ def has_permission(self, request, view):
         return request.method in permissions.SAFE_METHODS or request.user.is_superuser
 
 
+class HasBuilderAuth(permissions.BasePermission):
+    """
+    View permission to allow builder to perform actions
+    with a special HTTP header
+    """
+
+    def has_permission(self, request, view):
+        """
+        Return `True` if permission is granted, `False` otherwise.
+        """
+        auth_header = request.environ.get('HTTP_X_DEIS_BUILDER_AUTH')
+        if not auth_header:
+            return False
+        return auth_header == settings.BUILDER_KEY
+
+
 class UserRegistrationView(viewsets.GenericViewSet,
                            viewsets.mixins.CreateModelMixin):
     model = User
@@ -532,6 +550,29 @@ def get_object(self, *args, **kwargs):
         raise PermissionDenied()
 
 
+class AppPushViewSet(viewsets.ModelViewSet):
+    """RESTful views for :class:`~api.models.Push`."""
+
+    model = models.Push
+    serializer_class = serializers.PushSerializer
+
+    permission_classes = (HasBuilderAuth,)
+
+    def pre_save(self, obj):
+        # SECURITY: we trust the receive_user field to map to the push owner
+        obj.owner = self.request.DATA['owner']
+
+    def create(self, request, *args, **kwargs):
+        request._data = request.DATA.copy()
+        app = request.DATA['app'] = get_object_or_404(models.App, id=self.kwargs['id'])
+        # check the user is authorized for this app
+        user = request.DATA['owner'] = get_object_or_404(
+            User, username=self.request.DATA['receive_user'])
+        if user == app.owner or user in get_users_with_perms(app):
+            return super(AppPushViewSet, self).create(request, *args, **kwargs)
+        raise PermissionDenied()
+
+
 class AppConfigViewSet(BaseAppViewSet):
     """RESTful views for :class:`~api.models.Config`."""
 

api/views.py

@@ -264,42 +264,38 @@
 # default deis settings
 DEIS_LOG_DIR = os.path.abspath(os.path.join(__file__, '..', '..', 'logs'))
 LOG_LINES = 1000
+TEMPDIR = tempfile.mkdtemp(prefix='deis')
+
+# security keys and auth tokens
+SECRET_KEY = os.environ.get('DEIS_SECRET_KEY', 'CHANGEME_sapm$s%upvsw5l_zuy_&29rkywd^78ff(qi')
+BUILDER_KEY = os.environ.get('DEIS_BUILDER_KEY', 'CHANGEME_sapm$s%upvsw5l_zuy_&29rkywd^78ff(qi')
 
 # the config management module to use in api.models
-CM_MODULE = 'cm.mock'
-TEMPDIR = tempfile.mkdtemp(prefix='deis')
+CM_MODULE = os.environ.get('DEIS_CM_MODULE', 'cm.mock')
 
 # default providers, typically overriden in local_settings to include ec2, etc.
-PROVIDER_MODULES = ('mock',)
+PROVIDER_MODULES = ('mock', 'digitalocean', 'ec2', 'rackspace', 'static')
+
+# default to sqlite3, but allow postgresql config through envvars
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.' + os.environ.get('DATABASE_ENGINE', 'postgresql_psycopg2'),
+        'NAME': os.environ.get('DATABASE_NAME', 'deis'),
+        'USER': os.environ.get('DATABASE_USER', 'deis'),
+        'PASSWORD': os.environ.get('DATABASE_PASSWORD', 'deis'),
+        'HOST': os.environ.get('DATABASE_HOST', 'localhost'),
+    }
+}
+
+# SECURITY: change this to allowed fqdn's to prevent host poisioning attacks
+# see https://docs.djangoproject.com/en/1.5/ref/settings/#std:setting-ALLOWED_HOSTS
+ALLOWED_HOSTS = ['*']
 
 # Create a file named "local_settings.py" to contain sensitive settings data
 # such as database configuration, admin email, or passwords and keys. It
 # should also be used for any settings which differ between development
 # and production.
 # The local_settings.py file should *not* be checked in to version control.
-# A local_setings.py configured for development might look like this:
-#
-# DEBUG = TEMPLATE_DEBUG = True
-# ADMINS = (
-#     ('Abraham Lincoln', 'abe@example.com'),
-#     ('George Washington', 'george@example.com'),
-# )
-# DATABASES = {
-#     'default': {
-#         'ENGINE': 'django.db.backends.sqlite3',
-#         'NAME': 'deis.db',
-#         'USER': '',
-#         'PASSWORD': '',
-#         'HOST': '',
-#         'PORT': '',
-#     }
-# }
-# SECRET_KEY = 'CHANGEME_sapm$s%upvsw5l_zuy_&29rkywd^78ff(qilmw1#g'
-# EMAIL_HOST = 'smtp.sendgrid.com'
-# EMAIL_PORT = 587
-# EMAIL_HOST_USER = 'foo'
-# EMAIL_HOST_PASSWORD = 'bar'
-
 
 try:
     from .local_settings import *  # @UnusedWildImport # noqa