omg I did so much stuff and didn't commit

* Remove all auth and switch to using OpenID Connect * Split out all APIs to their components; compute, iam, location * Remove model IDs and switch to names, this makes it easier to dev with k8s * Add swagger autogen support /swagger/json and /swagger/ui * Split out metadata server into it's own library * Make sure model controllers don't constantly save when nothing changed * Add updated_at field to models * Add caching via redis so we don't kill the k8s api and speed up responses * Use vm uuids when communicating with vcenter * Rename "global" to "system" and split out policies * Add IAM groups that link to openid groups * Service Accounts and IAM Groups have sandwich.local "emails" * Don't generate own user tokens, use OpenID Connect id tokens * Service Account keys expire after 10 years * Add IAM system and project policy documents (similar to GCP policy documents) * There still is no API yet to modify these documents * User/Service Account that creates a project is added as the owner
sandwichcloud · Jun 23, 2018 · b3b0527 · b3b0527
1 parent 11c36a2
commit b3b0527
Show file tree

Hide file tree

Showing 125 changed files with 3,536 additions and 3,651 deletions.
diff --git a/deli/cache/__init__.py b/deli/cache/__init__.py
@@ -0,0 +1,3 @@
+from deli.cache.client import CacheClient
+
+cache_client = CacheClient()
diff --git a/deli/cache/client.py b/deli/cache/client.py
@@ -0,0 +1,41 @@
+import json
+
+import redis
+
+
+class CacheClient(object):
+
+    def __init__(self):
+        self.redis_client: redis.StrictRedis = None
+        self.default_cache_time = 600
+
+    def connect(self, url):
+        self.redis_client = redis.StrictRedis.from_url(url)
+
+    def get(self, key):
+        data = self.redis_client.get(key)
+        if data is None:
+            return None
+        return json.loads(data)
+
+    def scan(self, match):
+        cursor = '0'
+        while cursor != 0:
+            cursor, keys = self.redis_client.scan(cursor=cursor, match=match,
+                                                  count=1000)  # Do we keep count hardcoded to 1000?
+            for key in keys:
+                item = self.get(key)
+                if item is None:
+                    continue
+                yield key, item
+
+    def pipeline(self):
+        return self.redis_client.pipeline()
+
+    def set(self, key, data, ex=None):
+        if ex is None:
+            ex = self.default_cache_time
+        return self.redis_client.set(key, json.dumps(data), ex=ex)
+
+    def delete(self, key):
+        return self.redis_client.delete(key)
diff --git a/deli/counter/auth/driver.py b/deli/counter/auth/driver.py
diff --git a/deli/counter/auth/drivers/github/driver.py b/deli/counter/auth/drivers/github/driver.py
diff --git a/deli/counter/auth/drivers/github/router.py b/deli/counter/auth/drivers/github/router.py
diff --git a/deli/counter/auth/manager.py b/deli/counter/auth/manager.py