Produits Entr'ouvert » Hobo

from django.contrib import admin

from .models import OzwilloInstance

class OzwilloInstanceAdmin(admin.ModelAdmin):

    list_display = ['id', 'domain_slug', 'external_ozwillo_id', 'state', 'created', 'modified']

    list_filter = ['state', 'created', 'modified']

admin.site.register(OzwilloInstance, OzwilloInstanceAdmin)

# Ozwillo plugin to deploy Publik

# Copyright (C) 2017  Entr'ouvert

#

# This program is free software: you can redistribute it and/or modify it

# under the terms of the GNU Affero General Public License as published

# by the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU Affero General Public License for more details.

#

# You should have received a copy of the GNU Affero General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

from hobo.contrib.ozwillo.models import OzwilloInstance

from django.db.transaction import atomic

from django.core.management.base import BaseCommand

class Command(BaseCommand):

    def add_arguments(self, parser):

        parser.add_argument('args', nargs='*')

    @atomic

    def handle(self, *args, **options):

        qs = OzwilloInstance.objects.select_for_update()

        # deployment

        if args:

            # allow deploying manually failed instances

            to_deploy = qs.fiter(

                domain_slug__in=args,

                state__in=[OzwilloInstance.STATE_TO_DEPLOY, OzwilloInstance.STATE_DEPLOY_ERROR])

        else:

            # deploy everything to be deployed

            to_deploy = qs.filter(

                state=OzwilloInstance.STATE_TO_DEPLOY)

        for instance in to_deploy:

            try:

                with atomic():

                    instance.deploy()

            except Exception:

                logger.exception(u'ozwillo: deploying %s from CRON failed', instance)

                instance.deploy_error()

        # destruction

        if args:

            # allow deploying manually failed instances

            to_destroy = qs.filter(

                domain_slug__in=args,

                state__in=[OzwilloInstance.STATE_TO_DESTROY, OzwilloInstance.STATE_DESTROY_ERROR])

        else:

            # destroy everything to be destroyed

            to_destroy = qs.filter(state=OzwilloInstance.STATE_TO_DESTROY)

        for instance in to_destroy:

            try:

                with atomic():

                    instance.destroy()

            except Exception:

                logger.exception(u'ozwillo: destroying %s from CRON failed', instance)

                instance.destroy_error()

logger = logging.getLogger(__name__)

# -*- coding: utf-8 -*-

# Generated by Django 1.11.13 on 2018-05-17 10:47

from __future__ import unicode_literals

from django.db import migrations, models

import django.utils.timezone

class Migration(migrations.Migration):

    dependencies = [

        ('ozwillo', '0001_initial'),

    ]

    operations = [

        migrations.AddField(

            model_name='ozwilloinstance',

            name='created',

            field=models.DateTimeField(auto_now_add=True, default=django.utils.timezone.now),

            preserve_default=False,

        ),

        migrations.AddField(

            model_name='ozwilloinstance',

            name='deploy_data',

            field=models.TextField(null=True),

        ),

        migrations.AddField(

            model_name='ozwilloinstance',

            name='modified',

            field=models.DateTimeField(auto_now=True, default=django.utils.timezone.now),

        ),

        migrations.AddField(

            model_name='ozwilloinstance',

            name='state',

            field=models.CharField(choices=[(b'new', b'new'), (b'to_deploy', b'to_deploy'), (b'deployed', b'deployed'), (b'deploy_error', b'deploy_error'), (b'to_destroy', b'to_destroy'), (b'destroy_error', b'destroy_error'), (b'destroyed', b'destroyed')], default=b'deployed', max_length=16),

        ),

        migrations.AlterField(

            model_name='ozwilloinstance',

            name='external_ozwillo_id',

            field=models.CharField(max_length=450, unique=True),

        ),

        migrations.AlterField(

            model_name='ozwilloinstance',

            name='modified',

            field=models.DateTimeField(auto_now=True),

        ),

        migrations.AlterField(

            model_name='ozwilloinstance',

            name='state',

            field=models.CharField(choices=[(b'new', b'new'), (b'to_deploy', b'to_deploy'), (b'deployed', b'deployed'), (b'deploy_error', b'deploy_error'), (b'to_destroy', b'to_destroy'), (b'destroy_error', b'destroy_error'), (b'destroyed', b'destroyed')], default=b'new', max_length=16),

        ),

    ]

import logging

import os

import subprocess

import tempfile

import json

import requests

from django.conf import settings

from django.db.transaction import atomic

from django.utils.text import slugify

from django.core.management import call_command

    STATE_NEW = 'new'

    STATE_TO_DEPLOY = 'to_deploy'

    STATE_DEPLOY_ERROR = 'deploy_error'

    STATE_DEPLOYED = 'deployed'

    STATE_TO_DESTROY = 'to_destroy'

    STATE_DESTROY_ERROR = 'destroy_error'

    STATE_DESTROYED = 'destroyed'

    STATES = [

        (STATE_NEW, 'new'),

        (STATE_TO_DEPLOY, 'to_deploy'),

        (STATE_DEPLOYED, 'deployed'),

        (STATE_DEPLOY_ERROR, 'deploy_error'),

        (STATE_TO_DESTROY, 'to_destroy'),

        (STATE_DESTROY_ERROR, 'destroy_error'),

        (STATE_DESTROYED, 'destroyed'),

    ]

    state = models.CharField(max_length=16, default=STATE_NEW, choices=STATES)

    created = models.DateTimeField(auto_now_add=True)

    modified = models.DateTimeField(auto_now=True)

    external_ozwillo_id = models.CharField(max_length=450, unique=True)

    deploy_data = models.TextField(null=True)

        return self.domain_slug

    def __repr__(self):

        return '<OzwilloInstance external_ozwillo_id: %r domain_slug: %r state: %r>' % (

            self.external_ozwillo_id, self.domain_slug, self.state)

    @property

    def data(self):

        return json.loads(self.deploy_data) if self.deploy_data else None

    def to_deploy(self):

        assert self.state == self.STATE_NEW

        try:

            with atomic():

                # lock the new instance to prevent collision with the CRON job

                OzwilloInstance.objects.select_for_update().filter(id=self.id)

                # instance starts with the NEW state, to prevent the CRON from

                # deploying instance juste created

                # only instance in the state STATE_TO_DEPLOY are deployed.

                self.state = self.STATE_TO_DEPLOY

                self.save()

                self.deploy()

        except Exception:

            # something failed, still make the instance to be deployed

            # an reraise exception

            self.state = self.STATE_TO_DEPLOY

            self.save()

            raise

    def to_destroy(self):

        assert self.state == self.STATE_DEPLOYED

        self.state = self.STATE_TO_DESTROY

        self.save()

    def deploy_error(self):

        assert self.state in [self.STATE_DEPLOY_ERROR, self.STATE_TO_DEPLOY]

        if self.state == self.STATE_TO_DEPLOY:

            self.state = self.STATE_DEPLOY_ERROR

            self.save()

    def deploy(self):

        logger.info(u'ozwillo: deploy start for %s', self)

        data = self.data

        if not data:

            logger.warning(u'ozwillo: unable to deploy, no data')

            return

        # Request parsing

        client_id = data['client_id']

        client_secret = data['client_secret']

        instance_id = data['instance_id']

        instance_name = data['organization_name']

        instance_name = slugify(instance_name)

        registration_uri = data['instance_registration_uri']

        user = data['user']

        # Cook new platform

        template_recipe = json.load(open('/etc/hobo/ozwillo/template_recipe.json', 'rb'))

        var = template_recipe['variables']

        for key, value in var.items():

            var[key] = value.replace('instance_name', instance_name)

        template_recipe['variables'] = var

        domain = var['combo']

        domain_agent = var['combo_agent']

        domain_passerelle = var['passerelle']

        logger.info(u'ozwillo: cooking %s', template_recipe)

        with tempfile.NamedTemporaryFile() as recipe_file:

            json.dump(template_recipe, recipe_file)

            recipe_file.flush()

            call_command('cook', recipe_file.name, timeout=1000, verbosity=0)

        # Load user portal template

        logger.info(u'ozwillo: loading combo template')

        run_command([

            'sudo', '-u', 'combo',

            'combo-manage', 'tenant_command', 'import_site',

            '/etc/hobo/ozwillo/import-site-template.json',

            '-d', domain

        ])

        # Load agent portal template

        logger.info(u'ozwillo: loading combo agent template')

        run_command([

            'sudo', '-u', 'combo',

            'combo-manage', 'tenant_command', 'import_site',

            '/etc/hobo/ozwillo/import-site-agents.json',

            '-d', domain_agent

        ])

        # Configure OIDC Ozwillo authentication

        logger.info(u'ozwillo: configuring OIDC ozwillo authentication')

        domain_name = 'connexion-%s.%s' % (instance_name, settings.OZWILLO_ENV_DOMAIN)

        if run_command([

                'sudo', '-u', 'authentic-multitenant',

                'authentic2-multitenant-manage', 'tenant_command', 'oidc-register-issuer',

                '-d', domain_name,

                '--scope', 'profile',

                '--scope', 'email',

                '--issuer', settings.OZWILLO_PLATEFORM,

                '--client-id', client_id,

                '--client-secret', client_secret,

                '--claim-mapping', 'given_name first_name always_verified',

                '--claim-mapping', 'family_name last_name always_verified',

                '--ou-slug', 'default',

                '--claim-mapping', 'email email required',

                'Ozwillo'

        ]):

            # creation of the admin user depends upon the creation of provider

            logger.info(u'ozwillo: creating admin user')

            create_user_script = os.path.dirname(__file__) + '/scripts/create_user_ozwillo.py'

            run_command([

                'sudo', '-u', 'authentic-multitenant',

                'authentic2-multitenant-manage', 'tenant_command', 'runscript', '-d', domain_name,

                create_user_script, user['email_address'], user['id'], user['name']

            ])

        # Load passerelle template

        logger.info(u'ozwillo: loading passerelle template')

        run_command([

            'sudo', '-u', 'passerelle',

            'passerelle-manage', 'tenant_command', 'import_site',

            '/etc/hobo/ozwillo/import-site-passerelle.json',

            '--import-user', '-d', domain_passerelle

        ])

        # Sending done event to Ozwillo

        services = {

            'services': [{

                'local_id': 'publik',

                'name': 'Publik - %s' % (instance_name),

                'service_uri': 'https://connexion-%s.%s/accounts/oidc/login?iss=%s'

                               % (instance_name, settings.OZWILLO_ENV_DOMAIN,

                                  settings.OZWILLO_PLATEFORM),

                'description': 'Gestion de la relation usagers',

                'tos_uri': 'https://publik.entrouvert.com/',

                'policy_uri': 'https://publik.entrouvert.com/',

                'icon': 'https://publik.entrouvert.com/static/img/logo-publik-64x64.png',

                'payment_option': 'FREE',

                'target_audience': ['PUBLIC_BODIES',

                                    'CITIZENS',

                                    'COMPANIES'],

                'contacts': ['https://publik.entrouvert.com/'],

                'redirect_uris': ['https://connexion-%s.%s/accounts/oidc/callback/'

                                  % (instance_name, settings.OZWILLO_ENV_DOMAIN)],

            }],

            'instance_id': instance_id,

            'destruction_uri': settings.OZWILLO_DESTRUCTION_URI,

            'destruction_secret': settings.OZWILLO_DESTRUCTION_SECRET,

            'needed_scopes': []

        }

        logger.info(u'ozwillo: sending registration request, %r', services)

        headers = {'Content-type': 'application/json', 'Accept': 'application/json'}

        response = requests.post(

            registration_uri,

            data=json.dumps(services),

            auth=(client_id, client_secret),

            headers=headers)

        logger.info(u'ozwillo: registration response, status=%s content=%r',

                    response.status_code, response.content)

        self.state = self.STATE_DEPLOYED

        self.save()

        logger.info(u'ozwillo: deploy finished')

    def deploy_error(self):

        assert self.state in [self.STATE_DESTROY_ERROR, self.STATE_TO_DESTROY]

        if self.state == self.STATE_TO_DESTROY:

            self.state = self.STATE_DESTROY_ERROR

            self.save()

    def destroy(self):

        logger.info(u'ozwillo: delete start for %s', self)

        instance_slug = self.domain_slug

        services = settings.OZWILLO_SERVICES

        wcs = services['wcs-au-quotidien']

        for s, infos in services.items():

            # to get the two combo instances which have same service

            service_user = s.split('_')[0]

            tenant = '%s%s.%s' % (infos[0], instance_slug, settings.OZWILLO_ENV_DOMAIN)

            run_command([

                'sudo', '-u', service_user, infos[1],

                'delete_tenant', '--force-drop', tenant

            ])

        tenant = '%s%s.%s' % (wcs[0], instance_slug, settings.OZWILLO_ENV_DOMAIN)

        run_command([

            'sudo', '-u', 'wcs',

            wcs[1], '-f', '/etc/wcs/wcs-au-quotidien.cfg',

            'delete_tenant', '--force-drop', tenant

        ])

        self.delete()

        logger.info(u'ozwillo: destroy thread finished')

def run_command(args):

    try:

        process = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE)

    except OSError as e:

        logger.error('ozwillo: launching subprocess %s raised error %s', args, e)

        return False

    logger.info('ozwillo: launching subprocess with pid %s : %s', process.pid, args)

    stdoutdata, stderrdata = process.communicate()

    if process.returncode != 0:

        logger.error('ozwillo: subprocess %s failed returncode=%s stdout=%r stderr=%r',

                     process.pid, process.returncode, stdoutdata, stderrdata)

        return False

    logger.info('ozwillo: subprocess terminated')

    return True

logger = logging.getLogger(__name__)

from django.db import DatabaseError

from django.db.transaction import atomic

    logger.info(u'ozwillo: create publik instance request, %r', data)

    try:

        instance = OzwilloInstance.objects.create(

            external_ozwillo_id=data['instance_id'],

            state=OzwilloInstance.NEW,

            domain_slug=org_name,

            # deploy_data is a TextField containing JSON

            deploy_data=json.dumps(data, indent=4))

    except DatabaseError as e:

        logger.warning(u'ozwillo: could not create instance_id %r org_name %r: %r',

                       data['instance_id'], org_name, e)

        return HttpResponseBadRequest(u'cannot create the instance: %r', e)

    # immediate deploy in a thread

            instance.to_deploy()

            logger.exception(u'ozwillo: error occured duging initial deploy request %s', org_name)

@atomic

    logger.info(u'ozwillo: delete publik instance request (%r)', data)

        instance_id = data['instance_id']

    except Exception:

        logger.warning(u'ozwillo: no instance id in destroy request (%r)', data)

        return HttpResponseBadRequest('no instance id')

    try:

        instance = OzwilloInstance.objects.select_for_update().get(

            external_ozwillo_id=instance_id,

            # only deployed instances can be destroyed

            state=OzwilloInstance.STATE_DEPLOYED)

    instance.to_destroy()

        parser.add_argument('args', nargs='*')