Merge pull request #163 from DSD-DBS/staging

Staging

.github/dependabot.yml

@@ -15,4 +15,3 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
-

.github/workflows/codeql-analysis.yml

@@ -48,11 +48,11 @@ jobs:
         # If you wish to specify custom queries, you can do so here or in a config file.
         # By default, queries listed here will override any specified in a config file.
         # Prefix the list here with "+" to use these queries and those in the config file.
-        
+
         # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
         # queries: security-extended,security-and-quality
 
-        
+
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
@@ -61,7 +61,7 @@ jobs:
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
 
-    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
+    #   If the Autobuild fails above, remove it and uncomment the following three lines.
     #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
 
     # - run: |

.pre-commit-config.yaml

@@ -2,6 +2,27 @@
 # SPDX-License-Identifier: Apache-2.0
 
 repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.2.0
+    hooks:
+      - id: check-added-large-files
+      - id: check-builtin-literals
+      - id: check-case-conflict
+      - id: check-executables-have-shebangs
+      - id: check-json
+      - id: check-merge-conflict
+      - id: check-shebang-scripts-are-executable
+      - id: check-symlinks
+      - id: check-toml
+      - id: check-vcs-permalinks
+      - id: check-xml
+      - id: check-yaml
+        exclude: "helm/"
+      - id: debug-statements
+      - id: destroyed-symlinks
+      - id: end-of-file-fixer
+      - id: fix-byte-order-marker
+      - id: trailing-whitespace
   - repo: https://github.com/psf/black
     rev: 22.6.0
     hooks:
@@ -13,7 +34,7 @@ repos:
       - id: isort
         types: [python]
   - repo: https://github.com/pre-commit/mirrors-prettier
-    rev: "v2.7.1" 
+    rev: "v2.7.1"
     hooks:
       - id: prettier
         types_or: [ts, css, html]
@@ -51,4 +72,4 @@ repos:
           - --license-filepath
           - license_header.txt
           - --comment-style
-          - '/*| *| */'
+          - '/*| *| */'

CONTRIBUTING.md

@@ -245,14 +245,14 @@ Run the following steps:
 1. Optional: If you like to use your custom favicon, please copy it to `src/favicon.ico`
 1. Optional: If you like to use your custom theme, replace the file `src/custom-theme.scss`.
    You can generate custom themes [here](http://mcg.mbitson.com/)
-1. Copy the file `src/environment.ts` to `src/environment.dev.ts` and adjust the values.
+1. Copy the file `src/environments/environment.ts` to `src/environments/environment.dev.ts` and adjust the values.
 1. Run the frontend with:
 
    ```sh
    make dev
    ```
 
-1. You should see the frontend running von port 4200.
+1. You should see the frontend running on port 4200.
 
 We additionally recommend that you set up your editor / IDE as follows.
 

Makefile

@@ -27,7 +27,7 @@ frontend:
 capella: capella-download
 	docker build -t base capella-dockerimages/base
 	docker build -t capella/base capella-dockerimages/capella
-	
+
 capella/remote: capella
 	docker build -t capella/remote -t $(LOCAL_REGISTRY_NAME):$(REGISTRY_PORT)/t4c/client/remote capella-dockerimages/remote
 	docker push $(LOCAL_REGISTRY_NAME):$(REGISTRY_PORT)/t4c/client/remote
@@ -83,10 +83,8 @@ helm-deploy:
 		--set general.port=8080 \
 		--set t4cServer.apis.usageStats="http://$(RELEASE)-licence-server-mock:80/mock" \
 		--set t4cServer.apis.restAPI="http://$(RELEASE)-t4c-server-mock:80/mock/api/v1.0" \
-		--wait --timeout 10m \
-		--debug \
 		$(RELEASE) ./helm
-	$(MAKE) .provision-guacamole .provision-backend
+	$(MAKE) .provision-guacamole wait
 
 open:
 	export URL=http://localhost:8080; \
@@ -113,7 +111,7 @@ rollout: backend frontend
 undeploy:
 	helm uninstall --kube-context k3d-$(CLUSTER_NAME) --namespace $(NAMESPACE) $(RELEASE)
 	kubectl --context k3d-$(CLUSTER_NAME) delete --all deployments -n $(SESSION_NAMESPACE)
-	rm -f .provision-guacamole .provision-backend
+	rm -f .provision-guacamole
 
 create-cluster:
 	type k3d || { echo "K3D is not installed, install k3d and run 'make create-cluster' again"; exit 1; }
@@ -125,18 +123,23 @@ create-cluster:
 
 delete-cluster:
 	k3d cluster list $(CLUSTER_NAME) 2>&- && k3d cluster delete $(CLUSTER_NAME)
-	rm -f .provision-guacamole .provision-backend
+	rm -f .provision-guacamole
+
+wait:
+	@echo "-----------------------------------------------------------"
+	@echo "--- Please wait until all services are in running state ---"
+	@echo "-----------------------------------------------------------"
+	@kubectl get -n $(NAMESPACE) --watch pods
 
 .provision-guacamole:
 	export MSYS_NO_PATHCONV=1; \
-	kubectl exec --context k3d-$(CLUSTER_NAME) --namespace $(NAMESPACE) $$(kubectl get pod --context k3d-$(CLUSTER_NAME) --namespace $(NAMESPACE) -l id=$(RELEASE)-deployment-guacamole-guacamole --no-headers | cut -f1 -d' ') -- /opt/guacamole/bin/initdb.sh --postgres | \
-	kubectl exec -ti --context k3d-$(CLUSTER_NAME) --namespace $(NAMESPACE) $$(kubectl get pod --context k3d-$(CLUSTER_NAME) --namespace $(NAMESPACE) -l id=$(RELEASE)-deployment-guacamole-postgres --no-headers | cut -f1 -d' ') -- psql -U guacamole guacamole && \
+	echo "Waiting for guacamole container, before we can initialize the database..."
+	kubectl wait --for=condition=Ready pods --timeout=5m --context k3d-$(CLUSTER_NAME) -n $(NAMESPACE) -l id=$(RELEASE)-deployment-guacamole-guacamole
+	kubectl exec --context k3d-$(CLUSTER_NAME) --namespace $(NAMESPACE) $$(kubectl get pod --namespace $(NAMESPACE) -l id=$(RELEASE)-deployment-guacamole-guacamole --no-headers | cut -f1 -d' ') -- /opt/guacamole/bin/initdb.sh --postgres | \
+	kubectl exec -ti --context k3d-$(CLUSTER_NAME) --namespace $(NAMESPACE) $$(kubectl get pod --namespace $(NAMESPACE) -l id=$(RELEASE)-deployment-guacamole-postgres --no-headers | cut -f1 -d' ') -- psql -U guacamole guacamole && \
+	echo "Guacamole database initialized sucessfully."; \
 	touch .provision-guacamole
 
-.provision-backend:
-	echo "insert into repository_user_association values ('$(MY_EMAIL)', 'default', 'WRITE', 'MANAGER');" | kubectl exec --context k3d-$(CLUSTER_NAME) --namespace $(NAMESPACE) $$(kubectl get pod --context k3d-$(CLUSTER_NAME) --namespace $(NAMESPACE) -l id=$(RELEASE)-deployment-backend-postgres --no-headers | cut -f1 -d' ') -- psql -U backend backend && \
-	touch .provision-backend
-
 # Execute with `make -j3 dev`
 dev: dev-oauth-mock dev-frontend dev-backend
 
@@ -146,7 +149,7 @@ dev-frontend:
 dev-backend:
 	$(MAKE) -C backend dev
 
-dev-oauth-mock: 
+dev-oauth-mock:
 	$(MAKE) -C mocks/oauth start
 
 dev-cleanup:
@@ -158,4 +161,4 @@ backend-logs:
 ns:
 	kubectl config set-context k3d-$(CLUSTER_NAME) --namespace=$(NAMESPACE)
 
-.PHONY: *
+.PHONY: *

backend/.dockerignore

@@ -4,4 +4,4 @@ config
 build
 *.egg-info
 .mypy_cache
-.pytest_cache
+.pytest_cache

backend/Makefile

@@ -23,7 +23,7 @@ app:
 		$(VENV)/Scripts/uvicorn t4cclient.__main__:app --reload; \
 	fi
 
-install: 
+install:
 	$(VENV)/bin/pip install -e ".[dev]"
 
 dev: database app
@@ -32,14 +32,14 @@ cleanup:
 	docker stop capella-collab-postgres
 	docker rm capella-collab-postgres
 
-dump: 
+dump:
 	docker run -e PGPASSWORD=$(DB_PASSWORD) --entrypoint pg_dump --network host postgres:latest -h 'localhost' -p $(DB_PORT) -U '$(DB_USER)' $(DB_NAME) > $$(pwd)/../local/tmp.sql
 
-psql: 
+psql:
 	docker run -e PGPASSWORD=$(DB_PASSWORD) -it --network host --entrypoint="psql" postgres:latest -h 'localhost' -p $(DB_PORT) -U '$(DB_USER)' $(DB_NAME)
 
-clear: 
+clear:
 	echo "DROP DATABASE $(DB_NAME); CREATE DATABASE $(DB_NAME);" | docker run -e PGPASSWORD=$(DB_PASSWORD) -i --network host --entrypoint="psql" postgres:latest -h 'localhost' -p $(DB_PORT) -U '$(DB_USER)' postgres
 
 load: clear
-	cat $$(pwd)/../local/load.sql | docker run -i -e PGPASSWORD=$(DB_PASSWORD) --network host --entrypoint="psql" postgres:latest -h 'localhost' -p $(DB_PORT) -U '$(DB_USER)' $(DB_NAME)
+	cat $$(pwd)/../local/load.sql | docker run -i -e PGPASSWORD=$(DB_PASSWORD) --network host --entrypoint="psql" postgres:latest -h 'localhost' -p $(DB_PORT) -U '$(DB_USER)' $(DB_NAME)

backend/config/config_template.yaml

@@ -1,9 +1,9 @@
 # Copyright DB Netz AG and the capella-collab-manager contributors
 # SPDX-License-Identifier: Apache-2.0
 
-docker: 
-  images: 
-    workspaces: 
+docker:
+  images:
+    workspaces:
       persistent: k3d-myregistry.localhost:12345/t4c/client/remote
       readonly: k3d-myregistry.localhost:12345/capella/readonly
 
@@ -62,9 +62,9 @@ authentication:
     scopes:
       - openid
 
-    client: 
+    client:
       id: default
-      secret: 
+      secret:
 
     redirectURI: http://localhost:4200/oauth2/callback
 
@@ -78,9 +78,9 @@ authentication:
 
     audience: tbd
     redirectURI: http://localhost:4200/oauth2/callback
-   
-modelsources: 
-  t4c: 
+
+modelsources:
+  t4c:
 
     usageAPI: http://localhost:8080/mock
     restAPI: http://localhost:7000/mock/api/v1.0
@@ -118,7 +118,7 @@ initial:
 logging:
   level: DEBUG
 
-requests: 
+requests:
   timeout: 2
 
 prometheus:

backend/pyproject.toml

@@ -8,6 +8,7 @@ line-length = 88
 target-version = ["py310",]
 
 [tool.isort]
+profile = "black"
 force_grid_wrap = 0
 include_trailing_comma = true
 known_local_folder = ["t4cclient", "tests",]
@@ -22,7 +23,6 @@ use_parentheses = true
 [tool.pyright]
 pythonVersion = "3.10"
 typeCheckingMode = "strict"
-include = ["backend", "tests",]
 reportConstantRedefinition = "warning"
 reportGeneralTypeIssues = false  # reported by mypy
 reportUnknownArgumentType = false
@@ -31,4 +31,5 @@ reportUnknownVariableType = false  # annoying, e. g. 'for diag in model.diagrams
 reportUntypedFunctionDecorator = false
 reportUnusedImport = false  # reported by flake8 (F401)
 reportUnusedVariable = false  # reported by flake8 (F841)
-
+venvPath = "."
+venv = ".venv"

backend/setup.cfg

@@ -1,7 +1,7 @@
 [metadata]
 name = t4c-client-backend
 version = 0.0.1
-description = Backend for the T4C Client Manager to request T4C Docker Containers. 
+description = Backend for the T4C Client Manager to request T4C Docker Containers.
 author = Moritz Weber
 author_email = [email protected]
 
@@ -20,12 +20,13 @@ install_requires =
     pydantic
     python-dateutil
     python-jose
+    python-multipart
     requests_oauthlib
     sqlalchemy
     uvicorn[standard]
 
 [options.extras_require]
-dev = 
+dev =
     black
     deepdiff
     isort
@@ -43,6 +44,6 @@ capellacollab.extensions.modelsources =
 capellacollab.operators =
     k8s = t4cclient.sessions.operators.k8s:KubernetesOperator
     docker = t4cclient.sessions.operators.docker:DockerOperator
-capellacollab.authentication.providers = 
+capellacollab.authentication.providers =
     oauth = t4cclient.core.authentication.provider.oauth
     azure = t4cclient.core.authentication.provider.azure

backend/startup.sh

@@ -3,4 +3,4 @@ set -e
 
 # When running inside the cluster, the k8s service host should not use the proxy
 export no_proxy=$no_proxy,$KUBERNETES_SERVICE_HOST,$no_proxy_additional
-uvicorn t4cclient.__main__:app --host 0.0.0.0
+uvicorn t4cclient.__main__:app --host 0.0.0.0

backend/t4cclient/__main__.py

@@ -11,11 +11,12 @@
 from fastapi import FastAPI
 from fastapi.middleware.cors import CORSMiddleware
 
-logging.basicConfig(level=logging.INFO)
+from t4cclient.config import config
+
+logging.basicConfig(level=config["logging"]["level"])
 log = logging.getLogger(__name__)
 
 # This import statement is required and should not be removed! (Alembic will not work otherwise)
-from t4cclient.config import config
 from t4cclient.core.database import __main__ as database
 from t4cclient.routes import router, status
 

backend/t4cclient/alembic.ini

@@ -40,7 +40,7 @@ prepend_sys_path = .
 # output_encoding = utf-8
 
 # We set the sqlalchemy URL in alembic/env.py
-sqlalchemy.url = 
+sqlalchemy.url =
 
 
 [post_write_hooks]

backend/t4cclient/alembic/README

@@ -1 +1 @@
-Generic single-database configuration.
+Generic single-database configuration.

backend/t4cclient/alembic/versions/279ec954b302_session_add_passwords_for_rdp_and_.py

@@ -4,7 +4,7 @@
 """session: add passwords for rdp and guacamole
 
 Revision ID: 279ec954b302
-Revises: 
+Revises:
 Create Date: 2021-08-12 23:01:08.764707
 
 """

backend/t4cclient/core/authentication/database/__init__.py

@@ -10,6 +10,7 @@
 from t4cclient.core.database.users import get_user
 from t4cclient.schemas.repositories import RepositoryUserPermission, RepositoryUserRole
 from t4cclient.schemas.repositories.users import Role
+from t4cclient.sessions.database import get_session_by_id
 
 
 def verify_admin(token=Depends(JWTBearer()), db=Depends(get_db)):
@@ -104,3 +105,16 @@ def check_username_not_in_repository(
             status_code=409,
             detail="The user already exists for this repository.",
         )
+
+
+def check_session_belongs_to_user(
+    username: str,
+    id: str,
+    db: sqlalchemy.orm.session.Session,
+):
+    session = get_session_by_id(db, id)
+    if not session.owner_name == username:
+        raise HTTPException(
+            status_code=403,
+            detail="You are not allowed to upload or get files in this session.",
+        )