Merge branch 'main' into fix-max-activation-race

ansible · Feb 16, 2024 · 841c5fd · 841c5fd
2 parents 750ffa0 + e98d6a6
commit 841c5fd
Show file tree

Hide file tree

Showing 15 changed files with 129 additions and 490 deletions.
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -48,6 +48,7 @@ django-ansible-base = { git = "https://github.com/ansible/django-ansible-base.gi
 ] }
 jinja2 = ">=3.1.3,<3.2"
 django-split-settings = "^1.2.0"
+pexpect = "^4.9.0"
 
 [tool.poetry.group.test.dependencies]
 pytest = "*"

diff --git a/src/aap_eda/api/filters/__init__.py b/src/aap_eda/api/filters/__init__.py
@@ -27,7 +27,6 @@
     AuditRuleEventFilter,
     AuditRuleFilter,
     RulebookFilter,
-    RulesetFilter,
 )
 from .user import UserFilter
 
@@ -36,7 +35,6 @@
     "ProjectFilter",
     # rulebook
     "RulebookFilter",
-    "RulesetFilter",
     "AuditRuleFilter",
     "AuditRuleActionFilter",
     "AuditRuleEventFilter",

diff --git a/src/aap_eda/api/filters/rulebook.py b/src/aap_eda/api/filters/rulebook.py
@@ -35,18 +35,6 @@ class Meta:
         fields = ["name", "project_id"]
 
 
-class RulesetFilter(django_filters.FilterSet):
-    name = django_filters.CharFilter(
-        field_name="name",
-        lookup_expr="istartswith",
-        label="Filter by ruleset name.",
-    )
-
-    class Meta:
-        model = models.Ruleset
-        fields = ["name"]
-
-
 class AuditRuleFilter(django_filters.FilterSet):
     name = django_filters.CharFilter(
         field_name="name",

diff --git a/src/aap_eda/api/serializers/__init__.py b/src/aap_eda/api/serializers/__init__.py
@@ -61,10 +61,6 @@
     AuditRuleSerializer,
     RulebookRefSerializer,
     RulebookSerializer,
-    RuleOutSerializer,
-    RuleSerializer,
-    RulesetOutSerializer,
-    RulesetSerializer,
 )
 from .user import (
     AwxTokenCreateSerializer,
@@ -94,10 +90,6 @@
     "AuditRuleListSerializer",
     "RulebookSerializer",
     "RulebookRefSerializer",
-    "RulesetOutSerializer",
-    "RulesetSerializer",
-    "RuleOutSerializer",
-    "RuleSerializer",
     # activations
     "ActivationSerializer",
     "ActivationListSerializer",

diff --git a/src/aap_eda/api/serializers/auth.py b/src/aap_eda/api/serializers/auth.py
@@ -103,25 +103,25 @@ class RoleDetailSerializer(serializers.Serializer):
 
     name = serializers.CharField(
         required=True,
-        help_text="Name of the rulebook",
+        help_text="Name of the role",
     )
 
     description = serializers.CharField(
         default="",
-        help_text="Description of the rulebook",
+        help_text="Description of the role",
         allow_null=True,
     )
 
     permissions = PermissionRefSerializer(read_only=True, many=True)
 
     created_at = serializers.DateTimeField(
         required=True,
-        help_text="The created_at timestamp of the ruleset",
+        help_text="The created_at timestamp of the role",
     )
 
     modified_at = serializers.DateTimeField(
         required=True,
-        help_text="The modified_at timestamp of the ruleset",
+        help_text="The modified_at timestamp of the role",
     )
 
 

diff --git a/src/aap_eda/api/serializers/rulebook.py b/src/aap_eda/api/serializers/rulebook.py
@@ -49,129 +49,6 @@ class Meta:
         read_only_fields = ["id"]
 
 
-class RulesetSerializer(serializers.ModelSerializer):
-    name = serializers.CharField(
-        required=True,
-        help_text="Name of the ruleset",
-    )
-
-    sources = serializers.JSONField(
-        required=True,
-        help_text="The contained sources in the ruleset",
-    )
-
-    class Meta:
-        model = models.Ruleset
-        fields = "__all__"
-        read_only_fields = ["id", "created_at", "modified_at"]
-
-
-class RulesetOutSerializer(serializers.Serializer):
-    id = serializers.IntegerField(
-        required=True,
-        help_text="ID of the ruleset",
-    )
-
-    name = serializers.CharField(
-        required=True,
-        help_text="Name of the ruleset",
-    )
-
-    rule_count = serializers.IntegerField(
-        required=True,
-        help_text="Number of rules the ruleset contains",
-    )
-
-    source_types = serializers.ListField(
-        child=serializers.CharField(),
-        required=True,
-        help_text="List of source types",
-    )
-
-    fired_stats = serializers.ListField(
-        child=serializers.JSONField(),
-        required=True,
-        help_text="List of stats",
-    )
-
-    created_at = serializers.DateTimeField(
-        required=True,
-        help_text="The created_at timestamp of the ruleset",
-    )
-
-    modified_at = serializers.DateTimeField(
-        required=True,
-        help_text="The modified_at timestamp of the ruleset",
-    )
-
-
-class RuleSerializer(serializers.ModelSerializer):
-    name = serializers.CharField(
-        required=True,
-        help_text="Name of the rule",
-    )
-
-    action = serializers.JSONField(
-        required=True,
-        help_text="The action in the rule",
-    )
-
-    class Meta:
-        model = models.Rule
-        fields = [
-            "id",
-            "name",
-            "action",
-            "ruleset_id",
-        ]
-        read_only_fields = ["id", "created_at", "modified_at"]
-
-
-class RuleOutSerializer(serializers.Serializer):
-    id = serializers.IntegerField(
-        required=True,
-        help_text="ID of the ruleset",
-    )
-
-    name = serializers.CharField(
-        required=True,
-        help_text="Name of the rule",
-    )
-
-    action = serializers.JSONField(
-        default=dict,
-        help_text="The action in the rule",
-        allow_null=True,
-    )
-
-    fired_stats = serializers.ListField(
-        child=serializers.JSONField(),
-        required=True,
-        help_text="List of stats",
-    )
-
-    rulebook_id = serializers.PrimaryKeyRelatedField(
-        required=False,
-        allow_null=True,
-        queryset=models.Rulebook.objects.all(),
-        help_text="ID of the rulebook",
-    )
-
-    ruleset_id = serializers.PrimaryKeyRelatedField(
-        required=False,
-        allow_null=True,
-        queryset=models.Ruleset.objects.all(),
-        help_text="ID of the ruleset",
-    )
-
-    project_id = serializers.PrimaryKeyRelatedField(
-        required=False,
-        allow_null=True,
-        queryset=models.Project.objects.all(),
-        help_text="ID of the project",
-    )
-
-
 class AuditRuleSerializer(serializers.ModelSerializer):
     id = serializers.IntegerField(
         required=True,

diff --git a/src/aap_eda/api/urls.py b/src/aap_eda/api/urls.py
@@ -31,8 +31,6 @@
 router.register("extra-vars", views.ExtraVarViewSet)
 router.register("projects", views.ProjectViewSet)
 router.register("rulebooks", views.RulebookViewSet)
-router.register("rulesets", views.RulesetViewSet)
-router.register("rules", views.RuleViewSet)
 router.register("roles", views.RoleViewSet)
 router.register("activations", views.ActivationViewSet)
 router.register("activation-instances", views.ActivationInstanceViewSet)

diff --git a/src/aap_eda/api/vault.py b/src/aap_eda/api/vault.py
@@ -0,0 +1,74 @@
+#  Copyright 2024 Red Hat, Inc.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+import os
+import shutil
+import tempfile
+
+import pexpect
+
+
+class AnsibleVaultNotFound(Exception):
+    pass
+
+
+class AnsibleVaultEncryptionFailed(Exception):
+    pass
+
+
+class AnsibleVaultDecryptionFailed(Exception):
+    pass
+
+
+VAULT_COMMAND = shutil.which("ansible-vault")
+if VAULT_COMMAND is None:
+    raise AnsibleVaultNotFound("Cannot find ansible-vault executable")
+
+
+def encrypt_string(password: str, plaintext: str, vault_id: str) -> str:
+    tmp = tempfile.NamedTemporaryFile("w+t")
+    os.chmod(tmp.name, 0o600)
+    tmp.write(password)
+    tmp.flush()
+    label = f"{vault_id}@{tmp.name}"
+
+    child = pexpect.spawn(f"ansible-vault encrypt_string --vault-id {label}")
+    child.expect("Reading plaintext input from stdin*")
+    child.sendline(plaintext)
+    child.sendcontrol("D")
+    i = child.expect(["Encryption successful", "ERROR"])
+    if i == 0:
+        child.readline()
+        return "".join(
+            line.decode().lstrip()
+            for line in child
+            if not line.decode().startswith("!vault")
+        )
+    else:
+        error_msg = child.readline()
+        raise AnsibleVaultEncryptionFailed(error_msg)
+
+
+def decrypt(password: str, vault_string: str) -> str:
+    child = pexpect.spawn("ansible-vault decrypt")
+    child.expect("Vault password: ")
+    child.sendline(password)
+    child.expect("Reading ciphertext input from stdin")
+    child.sendline(vault_string)
+    child.sendcontrol("D")
+    i = child.expect(["Decryption successful", "ERROR"])
+    if i == 0:
+        return "".join(line.decode() for line in child).strip()
+    else:
+        error_msg = child.readline()
+        raise AnsibleVaultDecryptionFailed(error_msg.decode())
diff --git a/src/aap_eda/api/views/__init__.py b/src/aap_eda/api/views/__init__.py
@@ -18,12 +18,7 @@
 from .decision_environment import DecisionEnvironmentViewSet
 from .event_stream import EventStreamViewSet
 from .project import ExtraVarViewSet, ProjectViewSet
-from .rulebook import (
-    AuditRuleViewSet,
-    RulebookViewSet,
-    RulesetViewSet,
-    RuleViewSet,
-)
+from .rulebook import AuditRuleViewSet, RulebookViewSet
 from .user import CurrentUserAwxTokenViewSet, CurrentUserView, UserViewSet
 
 __all__ = (
@@ -36,8 +31,6 @@
     "ProjectViewSet",
     "AuditRuleViewSet",
     "RulebookViewSet",
-    "RulesetViewSet",
-    "RuleViewSet",
     # activations
     "ActivationViewSet",
     "ActivationInstanceViewSet",