Fixes for access creation and removal

Fixes include:
 - creating ssh access jobs for users with ssh keys
 - ensuring vpn access is revoked after booking ends

Creates ssh access jobs with the user's ssh keys, if they exist

Change-Id: Ia2e9f0c5a2f90b45732a5767a62b87a5a5492b94
Signed-off-by: Parker Berberian <pberberian@iol.unh.edu>

diff --git a/src/api/models.py b/src/api/models.py
index 7448ac4..9afc89a 100644 (file)
--- a/src/api/models.py
+++ b/src/api/models.py
@@ -321,10 +321,10 @@ class AccessConfig(TaskConfig):
 
     def to_dict(self):
         d = {}
-        d['access_type'] =  self.access_type
+        d['access_type'] = self.access_type
         d['user'] = self.user.id
         d['revoke'] = self.revoke
-        d['context'] = self.context
+        d['context'] = json.loads(self.context)
         return d
 
     def get_delta(self):
@@ -363,7 +363,7 @@ class AccessConfig(TaskConfig):
         self.delta = json.dumps(d)
 
     def set_context(self, context):
-        self.context = context
+        self.context = json.dumps(context)
         d = json.loads(self.delta)
         d['context'] = context
         self.delta = json.dumps(d)
@@ -608,18 +608,28 @@ class JobFactory(object):
                 hosts=hosts,
                 job=job
                 )
+        all_users = list(booking.collaborators.all())
+        all_users.append(booking.owner)
         cls.makeAccessConfig(
-                users=booking.collaborators.all(),
-                access_type="vpn",
-                revoke=False,
-                job=job
-                )
-        cls.makeAccessConfig(
-                users=[booking.owner],
+                users=all_users,
                 access_type="vpn",
                 revoke=False,
                 job=job
                 )
+        for user in all_users:
+            try:
+                cls.makeAccessConfig(
+                        users=[user],
+                        access_type="ssh",
+                        revoke=False,
+                        job=job,
+                        context={
+                            "key": user.userprofile.ssh_public_key.read(),
+                            "hosts": [host.labid for host in hosts]
+                            }
+                        )
+            except Exception:
+                continue
 
     @classmethod
     def makeHardwareConfigs(cls, hosts=[], job=Job()):
@@ -646,13 +656,15 @@ class JobFactory(object):
             hardware_config.save()
 
     @classmethod
-    def makeAccessConfig(cls, users, access_type, revoke=False, job=Job()):
+    def makeAccessConfig(cls, users, access_type, revoke=False, job=Job(), context=False):
         for user in users:
             relation = AccessRelation()
             relation.job = job
             config = AccessConfig()
             config.access_type = access_type
             config.user = user
+            if context:
+                config.set_context(context)
             config.save()
             relation.config = config
             relation.save()
@@ -709,6 +721,3 @@ class JobFactory(object):
             return software_relation
         except:
             return None
-
-    def makeAccess(cls, user, access_type, revoke):
-        pass

diff --git a/src/dashboard/tasks.py b/src/dashboard/tasks.py
index 48008b6..0f7af1c 100644 (file)
--- a/src/dashboard/tasks.py
+++ b/src/dashboard/tasks.py
@@ -73,7 +73,11 @@ def booking_poll():
 
     def cleanup_access(qs):
         for relation in qs:
-            pass # TODO
+            if "vpn" in relation.config.access_type.lower():
+                relation.config.set_revoke(True)
+                relation.config.save()
+                relation.status = JobStatus.NEW
+                relation.save()
 
     cleanup_set = Booking.objects.filter(end__lte=timezone.now()).filter(job__complete=False)