RubyGems - bosh-director - Versions diffs - 1.3202.0 → 1.3213.0 - Mend

bosh-director 1.3202.0 → 1.3213.0

Files changed (128) hide show

data/lib/bosh/director/api/controllers/locks_controller.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module Bosh::Director
         locks = []
         lock_keys = redis.keys('lock:*')
-        # Deliberatelly not using redis futures here as we expect that the number of lock keys will be very small
+        # Deliberately not using redis futures here as we expect that the number of lock keys will be very small
         lock_keys.each do |lock_key|
           lock_value = redis.get(lock_key)
           unless lock_value.nil?

data/lib/bosh/director/api/controllers/packages_controller.rb CHANGED Viewed

@@ -34,9 +34,8 @@ module Bosh::Director
         end
         matching_packages = Models::Package.join(Models::CompiledPackage, :package_id=>:id)
-                                .select(:packages__name, :packages__fingerprint, :compiled_packages__dependency_key, :stemcells__operating_system, :stemcells__version)
-                                .join(Models::Stemcell, :id=>:stemcell_id)
-                                .where(fingerprint: fingerprint_list).all
+                              .select(:packages__name, :packages__fingerprint, :compiled_packages__dependency_key, :stemcell_os, :stemcell_version)
+                              .where(fingerprint: fingerprint_list).all
         matching_packages = filter_matching_packages(matching_packages, manifest)
@@ -45,45 +44,15 @@ module Bosh::Director
       # dependencies & stemcell should also match
       def filter_matching_packages(matching_packages, manifest)
+        compiled_release_manifest = CompiledRelease::Manifest.new(manifest)
         filtered_packages = []
         matching_packages.each do |package|
-          stemcell_match = "#{package[:operating_system]}/#{package[:version]}" == compiled_package_meta(package.name, manifest)['stemcell']
-          dependencies_match = package[:dependency_key] == dependency_key(package, manifest)
-          if stemcell_match && dependencies_match
+          if compiled_release_manifest.has_matching_package(package.name, package[:stemcell_os], package[:stemcell_version], package[:dependency_key])
             filtered_packages << package
           end
         end
         filtered_packages
       end
-      def dependency_key(package, manifest)
-        compiled_package_meta = compiled_package_meta(package.name, manifest)
-        dependencies = transitive_dependencies(compiled_package_meta, manifest)
-        key = dependencies.to_a.sort_by {|k| k["name"]}.map { |p| [p['name'], p['version']]}
-        Yajl::Encoder.encode(key)
-      end
-      def transitive_dependencies(compiled_package_meta, manifest)
-        dependencies = Set.new
-        return dependencies if compiled_package_meta['dependencies'].nil?
-        compiled_package_meta['dependencies'].each do |dependency_package_name|
-          dependency_compiled_package_meta = compiled_package_meta(dependency_package_name, manifest)
-          dependencies << dependency_compiled_package_meta
-          dependencies.merge(transitive_dependencies(dependency_compiled_package_meta, manifest))
-        end
-        dependencies
-      end
-      def compiled_package_meta(package_name, manifest)
-        manifest['compiled_packages'].select { |p| p['name'] == package_name}[0]
-      end
     end
   end
 end

data/lib/bosh/director/api/controllers/releases_controller.rb CHANGED Viewed

@@ -24,7 +24,7 @@ module Bosh::Director
         redirect "/tasks/#{task.id}"
       end
-      get '/', scope: :read do
+      get '/', scope: :read_releases do
         releases = @release_manager.get_all_releases
         json_encode(releases)
@@ -45,7 +45,7 @@ module Bosh::Director
         redirect "/tasks/#{task.id}"
       end
-      get '/:name', scope: :read do
+      get '/:name', scope: :read_releases do
         name = params[:name].to_s.strip
         if params['version']
@@ -107,6 +107,8 @@ module Bosh::Director
               'blobstore_id' => template.blobstore_id,
               'sha1' => template.sha1,
               'fingerprint' => template.fingerprint.to_s,
+              'consumes' => template.consumes,
+              'provides' => template.provides
           }
         end
@@ -116,9 +118,9 @@ module Bosh::Director
               'blobstore_id' => package.blobstore_id,
               'sha1' => package.sha1,
               'fingerprint' => package.fingerprint.to_s,
-              'compiled_packages' => package.compiled_packages.sort_by { |cp| [cp.stemcell.name, cp.stemcell.version] }.map do |compiled|
+              'compiled_packages' => package.compiled_packages.sort_by { |cp| [cp.stemcell_os, cp.stemcell_version] }.map do |compiled|
                 {
-                    'stemcell' => "#{compiled.stemcell.name}/#{compiled.stemcell.version}",
+                    'stemcell' => "#{compiled.stemcell_os}/#{compiled.stemcell_version}",
                     'sha1' => compiled.sha1,
                     'blobstore_id' => compiled.blobstore_id,
                 }

data/lib/bosh/director/api/controllers/runtime_configs_controller.rb ADDED Viewed

@@ -0,0 +1,41 @@
+require 'bosh/director/api/controllers/base_controller'
+module Bosh::Director
+  module Api::Controllers
+    class RuntimeConfigsController < BaseController
+      post '/', :consumes => :yaml do
+        manifest_text = request.body.read
+        validate_manifest_yml(manifest_text)
+        Bosh::Director::Api::RuntimeConfigManager.new.update(manifest_text)
+        status(201)
+      end
+      get '/', scope: :read do
+        if params['limit'].nil? || params['limit'].empty?
+          status(400)
+          body("limit is required")
+          return
+        end
+        begin
+          limit = Integer(params['limit'])
+        rescue ArgumentError
+          status(400)
+          body("limit is invalid: '#{params['limit']}' is not an integer")
+          return
+        end
+        runtime_configs = Bosh::Director::Api::RuntimeConfigManager.new.list(limit)
+        json_encode(
+            runtime_configs.map do |runtime_config|
+            {
+              "properties" => runtime_config.properties,
+              "created_at" => runtime_config.created_at,
+            }
+        end
+        )
+      end
+    end
+  end
+end

data/lib/bosh/director/api/controllers/stemcells_controller.rb CHANGED Viewed

@@ -22,7 +22,7 @@ module Bosh::Director
         redirect "/tasks/#{task.id}"
       end
-      get '/', scope: :read do
+      get '/', scope: :read_stemcells do
         stemcells = @stemcell_manager.find_all_stemcells
         json_encode(stemcells)
       end

data/lib/bosh/director/api/controllers/tasks_controller.rb CHANGED Viewed

@@ -3,7 +3,29 @@ require 'bosh/director/api/controllers/base_controller'
 module Bosh::Director
   module Api::Controllers
     class TasksController < BaseController
-      get '/', scope: :read do
+      def initialize(config)
+        super(config)
+        @deployment_manager = Api::DeploymentManager.new
+      end
+      def self.authorization(perm)
+        return unless perm
+        condition do
+          type = params[:type]
+          task = @task_manager.find_task(params[:id])
+          if type == 'debug' || type == 'cpi' || !type
+            check_access_to_task(task, :admin)
+          elsif type == 'event' || type == 'result'
+            check_access_to_task(task, :read)
+          else
+            raise UnauthorizedToAccessDeployment, "Unknown type #{type}"
+          end
+        end
+      end
+      get '/', scope: :list_tasks do
         dataset = Models::Task.dataset
         if limit = params['limit']
@@ -34,20 +56,48 @@ module Bosh::Director
           ])
         end
-        tasks = dataset.order_by(:timestamp.desc).map do |task|
+        deployment = params['deployment']
+        if deployment
+          dataset = dataset.filter(deployment_name: deployment)
+          deployment = @deployment_manager.find_by_name(deployment)
+          @permission_authorizer.granted_or_raise(deployment, :read, token_scopes)
+        end
+        tasks = dataset.order_by(:timestamp.desc).map
+        unless @permission_authorizer.is_granted?(:director, :read, token_scopes)
+          permitted_deployments = @deployment_manager.all_by_name_asc.select { |deployment|
+              @permission_authorizer.is_granted?(deployment, :read, token_scopes)
+            }.map { |deployment| deployment.name }
+          tasks = tasks.select do |task|
+            next false unless task.deployment_name
+            permitted_deployments.include?(task.deployment_name)
+          end
+        end
+        tasks = tasks.map do |task|
           if task_timeout?(task)
             task.state = :timeout
             task.save
           end
           @task_manager.task_to_hash(task)
         end
         content_type(:json)
         json_encode(tasks)
       end
-      get '/:id', scope: :read do
+      get '/:id', scope: :list_tasks do
         task = @task_manager.find_task(params[:id])
+        deployment_name = task.deployment_name
+        if deployment_name
+          check_access_to_deployment(deployment_name, :read)
+        elsif !@permission_authorizer.is_granted?(:director, :read, token_scopes)
+          raise UnauthorizedToAccessDeployment,
+            'One of the following scopes is required to access this task: ' +
+              @permission_authorizer.list_expected_scope(:director, :read, token_scopes).join(', ')
+        end
         if task_timeout?(task)
           task.state = :timeout
           task.save
@@ -60,7 +110,7 @@ module Bosh::Director
       # Sends back output of given task id and params[:type]
       # Example: `get /tasks/5/output?type=event` will send back the file
       # at /var/vcap/store/director/tasks/5/event
-      get '/:id/output', scope: Api::Extensions::Scoping::ParamsScope.new(:type, {event: :read, result: :read}) do
+      get '/:id/output', authorization: :task_output, scope: :authorization do
         log_type = params[:type] || 'debug'
         task = @task_manager.find_task(params[:id])
@@ -79,6 +129,23 @@ module Bosh::Director
       private
+      def check_access_to_task(task, scope)
+        if task.deployment_name
+          check_access_to_deployment(task.deployment_name, scope)
+        else
+          @permission_authorizer.granted_or_raise(:director, scope, token_scopes)
+        end
+      end
+      def check_access_to_deployment(deployment_name, scope)
+        begin
+          deployment = @deployment_manager.find_by_name(deployment_name)
+          @permission_authorizer.granted_or_raise(deployment, scope, token_scopes)
+        rescue DeploymentNotFound
+          @permission_authorizer.granted_or_raise(:director, :admin, token_scopes)
+        end
+      end
       def task_timeout?(task)
         # Some of the old task entries might not have the checkpoint_time
         unless task.checkpoint_time

data/lib/bosh/director/api/deployment_manager.rb CHANGED Viewed

@@ -4,61 +4,29 @@ module Bosh::Director
       include ApiHelper
       def initialize
-        @permission_authorizer = Bosh::Director::PermissionAuthorizer.new
+        @deployment_lookup = DeploymentLookup.new
       end
       def find_by_name(name)
-        DeploymentLookup.new.by_name(name)
+        @deployment_lookup.by_name(name)
       end
-      def find_available(token_scopes)
-        deployments = Bosh::Director::Models::Deployment.order_by(:name.asc).all
-        deployments.select do |deployment|
-          @permission_authorizer.is_authorized?(deployment.scopes.split((',')), token_scopes)
-        end
+      def all_by_name_asc
+        Bosh::Director::Models::Deployment.order_by(:name.asc).all
       end
-      def create_deployment(username, deployment_manifest, cloud_config, options = {})
-        random_name = "deployment-#{SecureRandom.uuid}"
-        deployment_manifest_dir = Dir::tmpdir
-        deployment_manifest_file = File.join(deployment_manifest_dir, random_name)
-        unless check_available_disk_space(deployment_manifest_dir, deployment_manifest.size)
-          raise NotEnoughDiskSpace, 'Uploading deployment manifest failed. ' +
-            "Insufficient space on BOSH director in #{deployment_manifest_dir}"
-        end
-        write_file(deployment_manifest_file, deployment_manifest)
+      def create_deployment(username, deployment_manifest_file_path, cloud_config, runtime_config, deployment_name, options = {})
         cloud_config_id = cloud_config.nil? ? nil : cloud_config.id
-        JobQueue.new.enqueue(username, Jobs::UpdateDeployment, 'create deployment', [deployment_manifest_file, cloud_config_id, options])
+        runtime_config_id = runtime_config.nil? ? nil : runtime_config.id
+        JobQueue.new.enqueue(username, Jobs::UpdateDeployment, 'create deployment', [deployment_manifest_file_path, cloud_config_id, runtime_config_id, options], deployment_name)
       end
       def delete_deployment(username, deployment, options = {})
-        JobQueue.new.enqueue(username, Jobs::DeleteDeployment, "delete deployment #{deployment.name}", [deployment.name, options])
-      end
-      def deployment_to_json(deployment)
-        result = {
-          'manifest' => deployment.manifest,
-        }
-        Yajl::Encoder.encode(result)
+        JobQueue.new.enqueue(username, Jobs::DeleteDeployment, "delete deployment #{deployment.name}", [deployment.name, options], deployment.name)
       end
-      def deployment_instances_to_json(deployment)
-        instances = []
-        filters = {:deployment_id => deployment.id}
-        Models::Instance.filter(filters).exclude(vm_cid: nil).each do |instance|
-          instances << {
-            'agent_id' => instance.agent_id,
-            'cid' => instance.vm_cid,
-            'job' => instance.job,
-            'index' => instance.index,
-            'id' => instance.uuid
-          }
-        end
-        Yajl::Encoder.encode(instances)
+      def deployment_instances_with_vms(deployment)
+        Models::Instance.where(deployment: deployment).exclude(vm_cid: nil)
       end
     end
   end

data/lib/bosh/director/api/extensions/scoping.rb CHANGED Viewed

@@ -2,8 +2,6 @@ module Bosh::Director
   module Api
     module Extensions
       module Scoping
-        ROUTES_WITH_EXTENDED_TIMEOUT = ['/stemcells', '/releases', '/restore']
         module Helpers
           def current_user
             @user.username if @user
@@ -15,11 +13,16 @@ module Bosh::Director
         end
         def self.registered(app)
-          app.set default_scope: :write
+          app.set default_scope: :admin
           app.helpers(Helpers)
         end
         def scope(allowed_scope)
+          if allowed_scope == :authorization
+            # handled by the :authorization option of the route
+            return
+          end
           condition do
             if allowed_scope == :default
               scope = settings.default_scope
@@ -29,29 +32,13 @@ module Bosh::Director
               scope = allowed_scope
             end
-            auth_provided = %w(HTTP_AUTHORIZATION X-HTTP_AUTHORIZATION X_HTTP_AUTHORIZATION).detect do |key|
-              request.env.has_key?(key)
-            end
-            if auth_provided
-              begin
-                extended_token_timeout = ROUTES_WITH_EXTENDED_TIMEOUT.include?(request.path) &&
-                    request.media_type == mime_type(:multipart) &&
-                    request.request_method == 'POST'
-                @user = identity_provider.get_user(request.env, extended_token_timeout: extended_token_timeout)
-              rescue AuthenticationError
-              end
-            end
-            if requires_authentication? && (@user.nil? || !identity_provider.valid_access?(@user, scope))
-              response['WWW-Authenticate'] = 'Basic realm="BOSH Director"'
+            if requires_authentication?
               if @user.nil?
-                message = "Not authorized: '#{request.path}'\n"
-              else
-                message = "Not authorized: '#{request.path}' requires one of the scopes: #{identity_provider.required_scopes(scope).join(", ")}\n"
+                # this should already be happening in base_controller#authentication
+                throw(:halt, [401, "Not authorized: '#{request.path}'\n"])
               end
-              throw(:halt, [401, message])
+              @permission_authorizer.granted_or_raise(:director, scope, @user.scopes)
             end
           end
         end

data/lib/bosh/director/api/instance_lookup.rb CHANGED Viewed

@@ -11,39 +11,23 @@ module Bosh::Director
         instance
       end
-      def by_attributes(deployment_name, job_name, job_index)
-        deployment = DeploymentLookup.new.by_name(deployment_name)
+      def by_attributes(deployment, job_name, job_index)
         # Postgres cannot coerce an empty string to integer, and fails on Models::Instance.find
         job_index = nil if job_index.is_a?(String) && job_index.empty?
-        filter = {
-          deployment_id: deployment.id,
-          job: job_name,
-          index: job_index
-        }
-        instance = Models::Instance.find(filter)
+        instance = Models::Instance.find(deployment: deployment, job: job_name, index: job_index)
         if instance.nil?
           raise InstanceNotFound,
-                "`#{deployment_name}/#{job_name}/#{job_index}' doesn't exist"
+                "`#{deployment.name}/#{job_name}/#{job_index}' doesn't exist"
         end
         instance
       end
-      def by_uuid(deployment_name, job_name, uuid)
-        deployment = DeploymentLookup.new.by_name(deployment_name)
-        filter = {
-            deployment_id: deployment.id,
-            job: job_name,
-            uuid: uuid
-        }
-        instance = Models::Instance.find(filter)
+      def by_uuid(deployment, job_name, uuid)
+        instance = Models::Instance.find(deployment: deployment, job: job_name, uuid: uuid)
         if instance.nil?
           raise InstanceNotFound,
-                "`#{deployment_name}/#{job_name}/#{uuid}' doesn't exist"
+                "`#{deployment.name}/#{job_name}/#{uuid}' doesn't exist"
         end
         instance
       end
@@ -59,6 +43,10 @@ module Bosh::Director
       def find_all
         Models::Instance.all
       end
+      def by_deployment(deployment)
+        Models::Instance.filter(deployment: deployment).all
+      end
     end
   end
 end