From 0f04e704f82cf60045fa69a73fbb5fdf3785e790 Mon Sep 17 00:00:00 2001 From: seolmin Date: Mon, 18 Dec 2023 01:58:47 +0900 Subject: [PATCH] refactor: change all for SpaceONE 2.0 --- Dockerfile | 5 +- deploy/helm/config/config.yaml | 22 +--- src/setup.py | 3 +- src/spaceone/config/conf/global_conf.py | 19 ++- .../config/manager/domain_config_manager.py | 28 ++--- .../config/manager/user_config_manager.py | 30 ++--- .../config/service/domain_config_service.py | 49 ++++---- .../config/service/user_config_service.py | 108 ++++++------------ 8 files changed, 118 insertions(+), 146 deletions(-) diff --git a/Dockerfile b/Dockerfile index ed142cc..59dfaad 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,8 @@ ENV PACKAGE_VERSION=$PACKAGE_VERSION COPY pkg/pip_requirements.txt pip_requirements.txt -RUN pip install --upgrade -r pip_requirements.txt +RUN pip install --upgrade pip && \ + pip install --upgrade -r pip_requirements.txt COPY src ${SRC_DIR} WORKDIR ${SRC_DIR} @@ -21,4 +22,4 @@ RUN pip install --upgrade spaceone-api EXPOSE ${SPACEONE_PORT} ENTRYPOINT ["spaceone"] -CMD ["run","grpc-server", "spaceone.config", "-m", "/opt"] +CMD ["run", "grpc-server", "spaceone.config", "-m", "/opt"] diff --git a/deploy/helm/config/config.yaml b/deploy/helm/config/config.yaml index fac5ccb..e3621d0 100644 --- a/deploy/helm/config/config.yaml +++ b/deploy/helm/config/config.yaml @@ -1,7 +1,7 @@ REMOTE_URL: -- file:///opt/spaceone/config/config/database.yaml -- file:///opt/spaceone/config/config/shared.yaml -- file:///opt/spaceone/config/config/application.yaml + - file:///opt/spaceone/config/config/database.yaml + - file:///opt/spaceone/config/config/shared.yaml + - file:///opt/spaceone/config/config/application.yaml GLOBAL: MAX_WORKERS: 1000 DATABASES: @@ -17,7 +17,6 @@ GLOBAL: backend: spaceone.core.cache.redis_cache.RedisCache host: redis port: 6379 - db: 1 encoding: utf-8 socket_timeout: 10 socket_connect_timeout: 10 @@ -30,17 +29,4 @@ GLOBAL: handlers: file: type: file - filename: /var/log/spaceone/config.log - CONNECTORS: - IdentityConnector: - endpoint: - v1: grpc://identity:50051 - SecretConnector: - endpoint: - v1: grpc://secret:50051 - PluginConnector: - endpoint: - v1: grpc://plugin:50051 - RepositoryConnector: - endpoint: - v1: grpc://repository:50051 + filename: /var/log/spaceone/config.log \ No newline at end of file diff --git a/src/setup.py b/src/setup.py index 1e849cb..528519f 100644 --- a/src/setup.py +++ b/src/setup.py @@ -14,6 +14,7 @@ # limitations under the License. import os + from setuptools import setup, find_packages setup( @@ -26,6 +27,6 @@ author_email="admin@spaceone.dev", license="Apache License 2.0", packages=find_packages(), - install_requires=["spaceone-core", "spaceone-api", "mongoengine"], + install_requires=["spaceone-core", "spaceone-api", "mongoengine", "mongomock"], zip_safe=False, ) diff --git a/src/spaceone/config/conf/global_conf.py b/src/spaceone/config/conf/global_conf.py index 1845fb2..2915b7e 100644 --- a/src/spaceone/config/conf/global_conf.py +++ b/src/spaceone/config/conf/global_conf.py @@ -1,3 +1,4 @@ +# Database Settings DATABASE_AUTO_CREATE_INDEX = True DATABASES = { "default": { @@ -9,6 +10,7 @@ } } +# Cache Settings CACHES = { "default": {}, "local": { @@ -18,4 +20,19 @@ }, } -HANDLERS = {} +# Handler Settings +HANDLERS = { + # "authentication": [{ + # "backend": "spaceone.core.handler.authentication_handler:SpaceONEAuthenticationHandler" + # }], + # "authorization": [{ + # "backend": "spaceone.core.handler.authorization_handler:SpaceONEAuthorizationHandler" + # }], + # "mutation": [{ + # "backend": "spaceone.core.handler.mutation_handler:SpaceONEMutationHandler" + # }], + # "event": [] +} + +# Connector Settings +CONNECTORS = {} diff --git a/src/spaceone/config/manager/domain_config_manager.py b/src/spaceone/config/manager/domain_config_manager.py index 1311c18..b4b46c1 100644 --- a/src/spaceone/config/manager/domain_config_manager.py +++ b/src/spaceone/config/manager/domain_config_manager.py @@ -1,6 +1,7 @@ import logging from spaceone.core.manager import BaseManager + from spaceone.config.model.domain_config_model import DomainConfig _LOGGER = logging.getLogger(__name__) @@ -11,27 +12,28 @@ def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) self.domain_config_model: DomainConfig = self.locator.get_model("DomainConfig") - def create_domain_config(self, params): - def _rollback(domain_config_vo): + def create_domain_config(self, params: dict) -> DomainConfig: + def _rollback(vo: DomainConfig) -> None: _LOGGER.info( - f"[create_domain_config._rollback] " - f"Delete domain config : {domain_config_vo.name}" + f"[create_domain_config._rollback] " f"Delete domain config : {vo.name}" ) - domain_config_vo.delete() + vo.delete() domain_config_vo: DomainConfig = self.domain_config_model.create(params) self.transaction.add_rollback(_rollback, domain_config_vo) return domain_config_vo - def update_domain_config(self, params): + def update_domain_config(self, params: dict) -> DomainConfig: domain_config_vo: DomainConfig = self.get_domain_config( params["name"], params["domain_id"] ) return self.update_domain_config_by_vo(params, domain_config_vo) - def update_domain_config_by_vo(self, params, domain_config_vo): - def _rollback(old_data): + def update_domain_config_by_vo( + self, params: dict, domain_config_vo: DomainConfig + ) -> DomainConfig: + def _rollback(old_data: dict): _LOGGER.info( f'[update_domain_config_by_vo._rollback] Revert Data : {old_data["name"]}' ) @@ -41,17 +43,17 @@ def _rollback(old_data): return domain_config_vo.update(params) - def delete_domain_config(self, name, domain_id): + def delete_domain_config(self, name: str, domain_id: str) -> None: domain_config_vo: DomainConfig = self.get_domain_config(name, domain_id) domain_config_vo.delete() - def get_domain_config(self, name, domain_id, only=None): - return self.domain_config_model.get(name=name, domain_id=domain_id, only=only) + def get_domain_config(self, name: str, domain_id: str) -> DomainConfig: + return self.domain_config_model.get(name=name, domain_id=domain_id) - def filter_domain_configs(self, **conditions): + def filter_domain_configs(self, **conditions: dict): return self.domain_config_model.filter(**conditions) - def list_domain_configs(self, query={}): + def list_domain_configs(self, query: dict) -> dict: return self.domain_config_model.query(**query) def state_domain_configs(self, query): diff --git a/src/spaceone/config/manager/user_config_manager.py b/src/spaceone/config/manager/user_config_manager.py index a8703fd..a8ad3a0 100644 --- a/src/spaceone/config/manager/user_config_manager.py +++ b/src/spaceone/config/manager/user_config_manager.py @@ -1,6 +1,7 @@ import logging from spaceone.core.manager import BaseManager + from spaceone.config.model.user_config_model import UserConfig _LOGGER = logging.getLogger(__name__) @@ -11,27 +12,28 @@ def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) self.user_config_model: UserConfig = self.locator.get_model("UserConfig") - def create_user_config(self, params): - def _rollback(user_config_vo): + def create_user_config(self, params: dict) -> UserConfig: + def _rollback(vo: UserConfig): _LOGGER.info( - f"[create_user_config._rollback] " - f"Delete config map : {user_config_vo.name}" + f"[create_user_config._rollback] " f"Delete config map : {vo.name}" ) - user_config_vo.delete() + vo.delete() user_config_vo: UserConfig = self.user_config_model.create(params) self.transaction.add_rollback(_rollback, user_config_vo) return user_config_vo - def update_user_config(self, params): + def update_user_config(self, params: dict) -> UserConfig: user_config_vo: UserConfig = self.get_user_config( params["name"], params["user_id"], params["domain_id"] ) return self.update_user_config_by_vo(params, user_config_vo) - def update_user_config_by_vo(self, params, user_config_vo): - def _rollback(old_data): + def update_user_config_by_vo( + self, params: dict, user_config_vo: UserConfig + ) -> UserConfig: + def _rollback(old_data: dict): _LOGGER.info( f'[update_user_config_by_vo._rollback] Revert Data : {old_data["name"]}' ) @@ -41,20 +43,20 @@ def _rollback(old_data): return user_config_vo.update(params) - def delete_user_config(self, name, user_id, domain_id): + def delete_user_config(self, name: str, user_id: str, domain_id: str) -> None: user_config_vo: UserConfig = self.get_user_config(name, user_id, domain_id) user_config_vo.delete() - def get_user_config(self, name, user_id, domain_id, only=None): + def get_user_config(self, name: str, user_id: str, domain_id: str) -> UserConfig: return self.user_config_model.get( - name=name, user_id=user_id, domain_id=domain_id, only=only + name=name, user_id=user_id, domain_id=domain_id ) - def filter_user_configs(self, **conditions): + def filter_user_configs(self, **conditions: dict): return self.user_config_model.filter(**conditions) - def list_user_configs(self, query={}): + def list_user_configs(self, query: dict) -> dict: return self.user_config_model.query(**query) - def state_user_configs(self, query): + def state_user_configs(self, query: dict) -> dict: return self.user_config_model.stat(**query) diff --git a/src/spaceone/config/service/domain_config_service.py b/src/spaceone/config/service/domain_config_service.py index fcf8fad..4e404a7 100644 --- a/src/spaceone/config/service/domain_config_service.py +++ b/src/spaceone/config/service/domain_config_service.py @@ -3,6 +3,7 @@ from spaceone.core.service import * from spaceone.config.manager.domain_config_manager import DomainConfigManager +from spaceone.config.model import DomainConfig _LOGGER = logging.getLogger(__name__) @@ -12,19 +13,15 @@ @mutation_handler @event_handler class DomainConfigService(BaseService): - service = "config" - resource = "DomainConfig" - permission_group = "DOMAIN" - def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) self.domain_config_mgr: DomainConfigManager = self.locator.get_manager( DomainConfigManager ) - @transaction(scope="domain_admin:write") + @transaction(permission="config:DomainConfig.write", role_types=["DOMAIN_ADMIN"]) @check_required(["name", "data", "domain_id"]) - def create(self, params): + def create(self, params: dict) -> DomainConfig: """Create domain config Args: @@ -32,7 +29,7 @@ def create(self, params): 'name': 'str', # required 'data': 'dict', # required 'tags': 'dict', - 'domain_id': 'str' # required + 'domain_id': 'str' # injected from auth } Returns: @@ -41,9 +38,9 @@ def create(self, params): return self.domain_config_mgr.create_domain_config(params) - @transaction(scope="domain_admin:write") + @transaction(permission="config:DomainConfig.write", role_types=["DOMAIN_ADMIN"]) @check_required(["name", "domain_id"]) - def update(self, params): + def update(self, params: dict) -> DomainConfig: """Update domain config Args: @@ -51,7 +48,7 @@ def update(self, params): 'name': 'str', # required 'data': 'dict', 'tags': 'dict', - 'domain_id': 'str' # required + 'domain_id': 'str' # injected from auth } Returns: @@ -60,7 +57,7 @@ def update(self, params): return self.domain_config_mgr.update_domain_config(params) - @transaction(scope="domain_admin:write") + @transaction(permission="config:DomainConfig.write", role_types=["DOMAIN_ADMIN"]) @check_required(["name", "data", "domain_id"]) def set(self, params): """Set domain config (create or update) @@ -70,17 +67,15 @@ def set(self, params): 'name': 'str', # required 'data': 'dict', # required 'tags': 'dict', - 'domain_id': 'str' # required + 'domain_id': 'str' # injected from auth } Returns: domain_config_vo (object) """ - domain_id = params["domain_id"] - domain_config_vos = self.domain_config_mgr.filter_domain_configs( - domain_id=domain_id, name=params["name"] + name=params["name"], domain_id=params["domain_id"] ) if domain_config_vos.count() == 0: @@ -90,15 +85,15 @@ def set(self, params): params, domain_config_vos[0] ) - @transaction(scope="domain_admin:write") + @transaction(permission="config:DomainConfig.write", role_types=["DOMAIN_ADMIN"]) @check_required(["name", "domain_id"]) - def delete(self, params): + def delete(self, params: dict) -> None: """Delete domain config Args: params (dict): { 'name': 'str', # required - 'domain_id': 'str' # required + 'domain_id': 'str' # injected from auth } Returns: @@ -107,15 +102,15 @@ def delete(self, params): self.domain_config_mgr.delete_domain_config(params["name"], params["domain_id"]) - @transaction(scope="domain_admin:read") + @transaction(permission="config:DomainConfig.read", role_types=["DOMAIN_ADMIN"]) @check_required(["name", "domain_id"]) - def get(self, params): + def get(self, params: dict) -> DomainConfig: """Get domain config Args: params (dict): { 'name': 'str', # required - 'domain_id': 'str' # required + 'domain_id': 'str' # injected from auth } Returns: @@ -123,21 +118,21 @@ def get(self, params): """ return self.domain_config_mgr.get_domain_config( - params["name"], params["domain_id"], params.get("only") + params["name"], params["domain_id"] ) - @transaction(scope="domain_admin:read") + @transaction(permission="config:DomainConfig.read", role_types=["DOMAIN_ADMIN"]) @check_required(["domain_id"]) @append_query_filter(["name", "domain_id"]) @append_keyword_filter(["name"]) - def list(self, params): + def list(self, params: dict) -> dict: """List domain configs Args: params (dict): { 'query': 'dict (spaceone.api.core.v1.Query)' 'name': 'str', - 'domain_id': 'str', # required + 'domain_id': 'str', # injected from auth } Returns: @@ -148,11 +143,11 @@ def list(self, params): query = params.get("query", {}) return self.domain_config_mgr.list_domain_configs(query) - @transaction(scope="domain_admin:read") + @transaction(permission="config:DomainConfig.read", role_types=["DOMAIN_ADMIN"]) @check_required(["query", "domain_id"]) @append_query_filter(["domain_id"]) @append_keyword_filter(["name"]) - def stat(self, params): + def stat(self, params: dict) -> dict: """ Args: params (dict): { diff --git a/src/spaceone/config/service/user_config_service.py b/src/spaceone/config/service/user_config_service.py index 35383ff..8dc87ea 100644 --- a/src/spaceone/config/service/user_config_service.py +++ b/src/spaceone/config/service/user_config_service.py @@ -1,9 +1,9 @@ import logging -from spaceone.core.error import * from spaceone.core.service import * from spaceone.config.manager.user_config_manager import UserConfigManager +from spaceone.config.model import UserConfig _LOGGER = logging.getLogger(__name__) @@ -13,19 +13,15 @@ @mutation_handler @event_handler class UserConfigService(BaseService): - service = "config" - resource = "UserConfig" - permission_group = "USER" - def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) self.user_config_mgr: UserConfigManager = self.locator.get_manager( "UserConfigManager" ) - @transaction(scope="user:write") - @check_required(["name", "data", "domain_id", "user_id"]) - def create(self, params): + @transaction(permission="config:UserConfig.write", role_types=["USER"]) + @check_required(["name", "data", "user_id", "domain_id"]) + def create(self, params: dict) -> UserConfig: """Create user config Args: @@ -33,74 +29,58 @@ def create(self, params): 'name': 'str', # required 'data': 'dict', # required 'tags': 'dict', - 'domain_id': 'str'(meta), # required - 'user_id': 'str'(meta) # required + 'user_id': 'str'(meta) # injected from auth + 'domain_id': 'str'(meta), # injected from auth } Returns: user_config_vo (object) """ - self._check_permission(params["domain_id"]) - - params["user_id"] = self.transaction.get_meta("user_id") - return self.user_config_mgr.create_user_config(params) - @transaction(scope="user:write") - @check_required(["name", "domain_id", "user_id"]) - def update(self, params): + @transaction(permission="config:UserConfig.write", role_types=["USER"]) + @check_required(["name", "user_id", "domain_id"]) + def update(self, params: dict) -> UserConfig: """Update user config Args: params (dict): { - 'name': 'str', # required + 'name': 'str', # required 'data': 'dict', 'tags': 'dict', - 'domain_id': 'str'(meta) # required - 'user_id': 'str'(meta) # required + 'domain_id': 'str' # injected from auth + 'user_id': 'str' # injected from auth } Returns: user_config_vo (object) """ - self._check_permission(params["domain_id"]) - - params["user_id"] = self.transaction.get_meta("user_id") - return self.user_config_mgr.update_user_config(params) - @transaction(scope="user:write") - @check_required(["name", "data", "domain_id", "user_id"]) - def set(self, params): + @transaction(permission="config:UserConfig.write", role_types=["USER"]) + @check_required(["name", "data", "user_id", "domain_id"]) + def set(self, params: dict) -> UserConfig: """Set user config (create or update) Args: params (dict): { - 'name': 'str', # required - 'data': 'dict', # required + 'name': 'str', # required + 'data': 'dict', # required 'tags': 'dict', - 'domain_id': 'str'(meta), # required - 'user_id': 'str'(meta) # required + 'user_id': 'str' # injected from auth + 'domain_id': 'str' # injected from auth } Returns: user_config_vo (object) """ - self._check_permission(params["domain_id"]) - - params["user_id"] = self.transaction.get_meta("user_id") - - user_type = self.transaction.get_meta("authorization.user_type") - if user_type == "DOMAIN_OWNER": - raise ERROR_PERMISSION_DENIED() - user_config_vos = self.user_config_mgr.filter_user_configs( - domain_id=params["domain_id"], - user_id=params["user_id"], name=params["name"], + user_id=params["user_id"], + domain_id=params["domain_id"], ) if user_config_vos.count() == 0: @@ -110,31 +90,28 @@ def set(self, params): params, user_config_vos[0] ) - @transaction(scope="user:write") - @check_required(["name", "domain_id", "user_id"]) + @transaction(permission="config:UserConfig.write", role_types=["USER"]) + @check_required(["name", "user_id", "domain_id"]) def delete(self, params): """Delete user config Args: params (dict): { - 'name': 'str', # required - 'domain_id': 'str'(meta), # required - 'user_id': 'str'(meta) # required + 'name': 'str', # required + 'user_id': 'str', # injected from auth + 'domain_id': 'str' # injected from auth } Returns: None """ - self._check_permission(params["domain_id"]) - user_id = self.transaction.get_meta("user_id") - self.user_config_mgr.delete_user_config( - params["name"], user_id, params["domain_id"] + params["name"], params["user_id"], params["domain_id"] ) - @transaction(scope="user:read") - @check_required(["name", "domain_id", "user_id"]) + @transaction(permission="config:UserConfig.read", role_types=["USER"]) + @check_required(["name", "user_id", "domain_id"]) def get(self, params): """Get user config @@ -149,25 +126,23 @@ def get(self, params): user_config_vo (object) """ - user_id = self.transaction.get_meta("user_id") - return self.user_config_mgr.get_user_config( - params["name"], user_id, params["domain_id"], params.get("only") + params["name"], params["user_id"], params["domain_id"] ) - @transaction(scope="user:read") - @check_required(["domain_id"]) + @transaction(permission="config:UserConfig.read", role_types=["USER"]) + @check_required(["user_id", "domain_id"]) @append_query_filter(["name", "user_id", "domain_id"]) @append_keyword_filter(["name"]) - def list(self, params): + def list(self, params: dict) -> dict: """List user configs Args: params (dict): { 'query': 'dict (spaceone.api.core.v1.Query)', 'name': 'str', - 'domain_id': 'str'(meta), # required - 'user_id': 'str'(meta) # required + 'user_id': 'str', # injected from auth + 'domain_id': 'str' # injected from auth } Returns: @@ -178,7 +153,7 @@ def list(self, params): query = params.get("query", {}) return self.user_config_mgr.list_user_configs(query) - @transaction(scope="user:read") + @transaction(permission="config:UserConfig.read", role_types=["USER"]) @check_required(["query", "domain_id", "user_id"]) @append_query_filter(["domain_id", "user_id"]) @append_keyword_filter(["name"]) @@ -187,8 +162,8 @@ def stat(self, params): Args: params (dict): { 'query': 'dict (spaceone.api.core.v1.StatisticsQuery)', # required - 'domain_id': 'str'(meta), # required - 'user_id': 'str'(meta) # required + 'user_id': 'str'(meta) # injected from auth + 'domain_id': 'str'(meta), # injected from auth } Returns: @@ -198,10 +173,3 @@ def stat(self, params): query = params.get("query", {}) return self.user_config_mgr.state_user_configs(query) - - def _check_permission(self, request_domain_id): - user_type = self.transaction.get_meta("authorization.user_type") - user_domain_id = self.transaction.get_meta("domain_id") - - if user_type == "DOMAIN_OWNER" or request_domain_id != user_domain_id: - raise ERROR_PERMISSION_DENIED()