From 08fc76a7fd58c85c50506f094bf3e8b4597a085c Mon Sep 17 00:00:00 2001 From: pieterlukasse Date: Mon, 18 Nov 2024 20:16:18 +0100 Subject: [PATCH 1/2] feat: deprecate legacy unused /admin/ endpoints --- fence/blueprints/admin.py | 145 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 145 insertions(+) diff --git a/fence/blueprints/admin.py b/fence/blueprints/admin.py index a34b385ca..41343068e 100644 --- a/fence/blueprints/admin.py +++ b/fence/blueprints/admin.py @@ -61,10 +61,15 @@ def get_user(username): @debug_log def get_all_users(): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Get the information of all users from our userdatamodel database Returns a json object. """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) return jsonify(admin.get_all_users(current_app.scoped_session())) @@ -106,10 +111,15 @@ def create_user(): @debug_log def update_user(username): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Create a user on the userdatamodel database Returns a json object """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) new_username = request.get_json().get("username", None) role = request.get_json().get("role", None) email = request.get_json().get("email", None) @@ -126,11 +136,16 @@ def update_user(username): @debug_log def delete_user(username): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Remove the user from the userdatamodel database and all associated storage solutions. Returns json object """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) response = jsonify(admin.delete_user(current_app.scoped_session(), username)) return response @@ -155,10 +170,15 @@ def soft_delete_user(username): @debug_log def get_user_groups(username): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Get the information of a user from our userdatamodel database. Returns a json object """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) return jsonify(admin.get_user_groups(current_app.scoped_session(), username)) @@ -168,10 +188,15 @@ def get_user_groups(username): @debug_log def add_user_to_groups(username): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Create a user to group relationship in the database Returns a json object """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) groups = request.get_json().get("groups", []) return jsonify( admin.add_user_to_groups(current_app.scoped_session(), username, groups=groups) @@ -184,10 +209,15 @@ def add_user_to_groups(username): @debug_log def remove_user_from_groups(username): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Create a user to group relationship in the database Returns a json object """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) groups = request.get_json().get("groups", []) return jsonify( admin.remove_user_from_groups( @@ -202,10 +232,15 @@ def remove_user_from_groups(username): @debug_log def remove_user_from_projects(username): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Create a user to group relationship in the database Returns a json object """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) projects = request.get_json().get("projects", []) return jsonify( admin.remove_user_from_projects( @@ -220,11 +255,16 @@ def remove_user_from_projects(username): @debug_log def add_user_to_projects(username): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Create a user to project relationship on the database and add the access to the the object store associated with it Returns a json object """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) projects = request.get_json().get("projects", []) return jsonify( admin.add_user_to_projects( @@ -241,10 +281,15 @@ def add_user_to_projects(username): @debug_log def get_project(projectname): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Get the information related to a project from the userdatamodel database Returns a json object """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) return jsonify(admin.get_project_info(current_app.scoped_session(), projectname)) @@ -253,10 +298,15 @@ def get_project(projectname): @debug_log def get_all_projects(): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Get the information related to a project from the userdatamodel database Returns a json object """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) return jsonify(admin.get_all_projects(current_app.scoped_session())) @@ -265,9 +315,14 @@ def get_all_projects(): @debug_log def create_project(projectname): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Create a new project on the specified storage Returns a json object """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) auth_id = request.get_json().get("auth_id") storage_accesses = request.get_json().get("storage_accesses", []) response = jsonify( @@ -283,9 +338,14 @@ def create_project(projectname): @debug_log def delete_project(projectname): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Remove project. No Buckets should be associated with it. Returns a json object. """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) response = jsonify(admin.delete_project(current_app.scoped_session(), projectname)) return response @@ -295,9 +355,14 @@ def delete_project(projectname): @debug_log def remove_projects_from_group(groupname): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Create a user to group relationship in the database Returns a json object """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) projects = request.get_json().get("projects", []) return jsonify( admin.remove_projects_from_group( @@ -310,9 +375,14 @@ def remove_projects_from_group(groupname): @admin_login_required def add_project_to_groups(projectname): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Create a user to group relationship in the database Returns a json object """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) groups = request.get_json().get("groups", []) return jsonify( admin.add_project_to_groups( @@ -325,9 +395,14 @@ def add_project_to_groups(projectname): @admin_login_required def create_bucket_in_project(projectname, bucketname): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Create a bucket in the selected project. Returns a json object. """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) providername = request.get_json().get("provider") response = jsonify( admin.create_bucket_on_project( @@ -341,11 +416,16 @@ def create_bucket_in_project(projectname, bucketname): @admin_login_required def delete_bucket_from_project(projectname, bucketname): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Delete a bucket from the selected project, both in the userdatamodel database and in the storage client associated with that bucket. Returns a json object. """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) return jsonify( admin.delete_bucket_on_project( current_app.scoped_session(), projectname, bucketname @@ -357,10 +437,15 @@ def delete_bucket_from_project(projectname, bucketname): @admin_login_required def list_buckets_from_project(projectname): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Retrieve the information regarding the buckets created within a project. Returns a json object. """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) response = jsonify( admin.list_buckets_on_project_by_name(current_app.scoped_session(), projectname) ) @@ -374,10 +459,15 @@ def list_buckets_from_project(projectname): @admin_login_required def get_group_info(groupname): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Retrieve the information regarding the buckets created within a project. Returns a json object. """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) return jsonify(admin.get_group_info(current_app.scoped_session(), groupname)) @@ -385,10 +475,15 @@ def get_group_info(groupname): @admin_login_required def get_all_groups(): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Retrieve the information regarding the buckets created within a project. Returns a json object. """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) return jsonify(admin.get_all_groups(current_app.scoped_session())) @@ -396,10 +491,15 @@ def get_all_groups(): @admin_login_required def get_group_users(groupname): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Retrieve the information regarding the buckets created within a project. Returns a json object. """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) return jsonify(admin.get_group_users(current_app.scoped_session(), groupname)) @@ -407,10 +507,15 @@ def get_group_users(groupname): @admin_login_required def create_group(): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Retrieve the information regarding the buckets created within a project. Returns a json object. """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) groupname = request.get_json().get("name") description = request.get_json().get("description") grp = admin.create_group(current_app.scoped_session(), groupname, description) @@ -426,10 +531,15 @@ def create_group(): @admin_login_required def update_group(groupname): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Retrieve the information regarding the buckets created within a project. Returns a json object. """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) name = request.get_json().get("name", None) description = request.get_json().get("description", None) response = jsonify( @@ -442,10 +552,15 @@ def update_group(groupname): @admin_login_required def delete_group(groupname): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Retrieve the information regarding the buckets created within a project. Returns a json object. """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) response = jsonify(admin.delete_group(current_app.scoped_session(), groupname)) return response @@ -454,9 +569,14 @@ def delete_group(groupname): @admin_login_required def add_projects_to_group(groupname): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Create a user to group relationship in the database Returns a json object """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) projects = request.get_json().get("projects", []) response = jsonify( admin.add_projects_to_group(current_app.scoped_session(), groupname, projects) @@ -468,9 +588,14 @@ def add_projects_to_group(groupname): @admin_login_required def get_group_projects(groupname): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Create a user to group relationship in the database Returns a json object """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) values = admin.get_group_projects(current_app.scoped_session(), groupname) return jsonify({"projects": values}) @@ -483,9 +608,14 @@ def get_group_projects(groupname): @admin_login_required def get_cloud_provider(providername): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Retriev the information related to a cloud provider Returns a json object. """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) return jsonify(admin.get_provider(current_app.scoped_session(), providername)) @@ -494,9 +624,14 @@ def get_cloud_provider(providername): @admin_login_required def create_cloud_provider(providername): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Create a cloud provider. Returns a json object """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) backend_name = request.get_json().get("backend") service_name = request.get_json().get("service") response = jsonify( @@ -515,11 +650,16 @@ def create_cloud_provider(providername): @admin_login_required def delete_cloud_provider(providername): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + Deletes a cloud provider from the userdatamodel All projects associated with it should be deassociated or removed. Returns a json object. """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) response = jsonify( admin.delete_provider(current_app.scoped_session(), providername) ) @@ -530,10 +670,15 @@ def delete_cloud_provider(providername): @admin_login_required def get_registered_users(): """ + DEPRECATED: This endpoint is deprecated and will be removed in a future release. + - List registration info for every user for which there exists registration info. - Endpoint accessible to admins only. - Response json structure is provisional. """ + logger.warning( + f"Deprecated endpoint accessed: {request.path}. This endpoint is deprecated and will be removed in a future release." + ) registered_users = ( current_app.scoped_session() .query(User) From 819405b8f14107621cd93bd9a4f482779542b92a Mon Sep 17 00:00:00 2001 From: pieterlukasse Date: Tue, 19 Nov 2024 19:38:05 +0100 Subject: [PATCH 2/2] feat: remove role from POST /admin/user endpoint --- fence/blueprints/admin.py | 2 -- fence/resources/admin/admin_users.py | 4 +--- openapis/swagger.yaml | 4 ---- tests/admin/test_admin_users.py | 5 ++--- 4 files changed, 3 insertions(+), 12 deletions(-) diff --git a/fence/blueprints/admin.py b/fence/blueprints/admin.py index 41343068e..b3e898460 100644 --- a/fence/blueprints/admin.py +++ b/fence/blueprints/admin.py @@ -84,7 +84,6 @@ def create_user(): Returns a json object """ username = request.get_json().get("username", None) - role = request.get_json().get("role", None) email = request.get_json().get("email", None) display_name = request.get_json().get("display_name", None) phone_number = request.get_json().get("phone_number", None) @@ -95,7 +94,6 @@ def create_user(): admin.create_user( current_app.scoped_session(), username, - role, email, display_name, phone_number, diff --git a/fence/resources/admin/admin_users.py b/fence/resources/admin/admin_users.py index 37b586476..69aae8cb5 100644 --- a/fence/resources/admin/admin_users.py +++ b/fence/resources/admin/admin_users.py @@ -98,7 +98,6 @@ def get_user_groups(current_session, username): def create_user( current_session, username, - role, email, display_name=None, phone_number=None, @@ -136,9 +135,8 @@ def create_user( ) ) logger.debug(f"User does not yet exist for: {username}. Creating a new one...") - is_admin = role == "admin" email_add = email - usr = User(username=username, active=True, is_admin=is_admin, email=email_add) + usr = User(username=username, active=True, email=email_add) usr.display_name = display_name usr.phone_number = phone_number diff --git a/openapis/swagger.yaml b/openapis/swagger.yaml index 7416bddc6..6ab2e33eb 100644 --- a/openapis/swagger.yaml +++ b/openapis/swagger.yaml @@ -1771,15 +1771,11 @@ components: type: object required: - username - - role - email properties: username: type: string description: 'This value is deprecated in favor of name.' - role: - type: string - description: 'Set to "admin" if the user should be given admin rights. Any other value is not parsed or used, and results in user being a normal/regular user.' email: type: string description: 'The email of the end-user' diff --git a/tests/admin/test_admin_users.py b/tests/admin/test_admin_users.py index 2bc50d6d6..159f34294 100644 --- a/tests/admin/test_admin_users.py +++ b/tests/admin/test_admin_users.py @@ -25,10 +25,10 @@ def test_get_user(db_session, awg_users): def test_create_user(db_session, oauth_client): - adm.create_user(db_session, "insert_user", "admin", "insert_user@fake.com") + adm.create_user(db_session, "insert_user", "insert_user@fake.com") user = db_session.query(User).filter(User.username == "insert_user").first() assert user.username == "insert_user" - assert user.is_admin == True + assert user.is_admin == False # DEPRECATED field. assert user.email == "insert_user@fake.com" assert user.display_name is None assert user.phone_number is None @@ -46,7 +46,6 @@ def test_create_user_with_all_fields_set(db_session, oauth_client): adm.create_user( db_session, "insert_user", - None, "insert_user@fake.com", "Dummy Name", "+310000",