import authz models

alembic/versions/4ede1e3e50d1_add_authz_models.py

@@ -0,0 +1,62 @@
+"""add_authz_models
+
+Revision ID: 4ede1e3e50d1
+Revises: b5b17d465166
+Create Date: 2018-07-30 11:34:12.016857
+
+"""
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import postgresql
+
+# revision identifiers, used by Alembic.
+revision = '4ede1e3e50d1'
+down_revision = 'b5b17d465166'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('roles',
+    sa.Column('id', postgresql.UUID(as_uuid=True), server_default=sa.text('uuid_generate_v4()'), nullable=False),
+    sa.Column('name', sa.String(), nullable=True),
+    sa.Column('description', sa.String(), nullable=True),
+    sa.Column('permissions', postgresql.ARRAY(sa.String()), server_default='{}', nullable=True),
+    sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_roles_name'), 'roles', ['name'], unique=True)
+    op.create_index(op.f('ix_roles_permissions'), 'roles', ['permissions'], unique=False)
+    op.create_table('users',
+    sa.Column('id', postgresql.UUID(as_uuid=True), server_default=sa.text('uuid_generate_v4()'), nullable=False),
+    sa.Column('username', sa.String(), nullable=True),
+    sa.Column('atat_role_id', postgresql.UUID(as_uuid=True), nullable=True),
+    sa.ForeignKeyConstraint(['atat_role_id'], ['roles.id'], ),
+    sa.PrimaryKeyConstraint('id')
+    )
+    op.create_table('workspace_role',
+    sa.Column('id', postgresql.UUID(as_uuid=True), server_default=sa.text('uuid_generate_v4()'), nullable=False),
+    sa.Column('workspace_id', postgresql.UUID(as_uuid=True), nullable=True),
+    sa.Column('role_id', postgresql.UUID(as_uuid=True), nullable=True),
+    sa.Column('user_id', postgresql.UUID(as_uuid=True), nullable=True),
+    sa.ForeignKeyConstraint(['role_id'], ['roles.id'], ),
+    sa.ForeignKeyConstraint(['user_id'], ['users.id'], ),
+    sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_workspace_role_user_id'), 'workspace_role', ['user_id'], unique=False)
+    op.create_index(op.f('ix_workspace_role_workspace_id'), 'workspace_role', ['workspace_id'], unique=False)
+    op.create_index('workspace_role_user_workspace', 'workspace_role', ['user_id', 'workspace_id'], unique=True)
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_index('workspace_role_user_workspace', table_name='workspace_role')
+    op.drop_index(op.f('ix_workspace_role_workspace_id'), table_name='workspace_role')
+    op.drop_index(op.f('ix_workspace_role_user_id'), table_name='workspace_role')
+    op.drop_table('workspace_role')
+    op.drop_table('users')
+    op.drop_index(op.f('ix_roles_permissions'), table_name='roles')
+    op.drop_index(op.f('ix_roles_name'), table_name='roles')
+    op.drop_table('roles')
+    # ### end Alembic commands ###

atst/models/__init__.py

@@ -4,3 +4,7 @@ Base = declarative_base()
 
 from .request import Request
 from .request_status_event import RequestStatusEvent
+from .permissions import Permissions
+from .role import Role
+from .user import User
+from .workspace_role import WorkspaceRole

atst/models/permissions.py

@@ -0,0 +1,40 @@
+class Permissions(object):
+    REQUEST_JEDI_WORKSPACE = "request_jedi_workspace"
+    VIEW_ORIGINAL_JEDI_REQEUST = "view_original_jedi_request"
+    REVIEW_AND_APPROVE_JEDI_WORKSPACE_REQUEST = (
+        "review_and_approve_jedi_workspace_request"
+    )
+    MODIFY_ATAT_ROLE_PERMISSIONS = "modify_atat_role_permissions"
+    CREATE_CSP_ROLE = "create_csp_role"
+    DELETE_CSP_ROLE = "delete_csp_role"
+    DEACTIVE_CSP_ROLE = "deactivate_csp_role"
+    MODIFY_CSP_ROLE_PERMISSIONS = "modify_csp_role_permissions"
+
+    VIEW_USAGE_REPORT = "view_usage_report"
+    VIEW_USAGE_DOLLARS = "view_usage_dollars"
+    ADD_AND_ASSIGN_CSP_ROLES = "add_and_assign_csp_roles"
+    REMOVE_CSP_ROLES = "remove_csp_roles"
+    REQUEST_NEW_CSP_ROLE = "request_new_csp_role"
+    ASSIGN_AND_UNASSIGN_ATAT_ROLE = "assign_and_unassign_atat_role"
+
+    VIEW_ASSIGNED_ATAT_ROLE_CONFIGURATIONS = "view_assigned_atat_role_configurations"
+    VIEW_ASSIGNED_CSP_ROLE_CONFIGURATIONS = "view_assigned_csp_role_configurations"
+
+    DEACTIVATE_WORKSPACE = "deactivate_workspace"
+    VIEW_ATAT_PERMISSIONS = "view_atat_permissions"
+    TRANSFER_OWNERSHIP_OF_WORKSPACE = "transfer_ownership_of_workspace"
+
+    ADD_APPLICATION_IN_WORKSPACE = "add_application_in_workspace"
+    DELETE_APPLICATION_IN_WORKSPACE = "delete_application_in_workspace"
+    DEACTIVATE_APPLICATION_IN_WORKSPACE = "deactivate_application_in_workspace"
+    VIEW_APPLICATION_IN_WORKSPACE = "view_application_in_workspace"
+    RENAME_APPLICATION_IN_WORKSPACE = "rename_application_in_workspace"
+
+    ADD_ENVIRONMENT_IN_APPLICATION = "add_environment_in_application"
+    DELETE_ENVIRONMENT_IN_APPLICATION = "delete_environment_in_application"
+    DEACTIVATE_ENVIRONMENT_IN_APPLICATION = "deactivate_environment_in_application"
+    VIEW_ENVIRONMENT_IN_APPLICATION = "view_environment_in_application"
+    RENAME_ENVIRONMENT_IN_APPLICATION = "rename_environment_in_application"
+
+    ADD_TAG_TO_WORKSPACE = "add_tag_to_workspace"
+    REMOVE_TAG_FROM_WORKSPACE = "remove_tag_from_workspace"

atst/models/role.py

@@ -0,0 +1,14 @@
+from sqlalchemy import String, Column
+from sqlalchemy.dialects.postgresql import ARRAY
+
+from atst.models import Base
+from .types import Id
+
+
+class Role(Base):
+    __tablename__ = "roles"
+
+    id = Id()
+    name = Column(String, index=True, unique=True)
+    description = Column(String)
+    permissions = Column(ARRAY(String), index=True, server_default="{}")

atst/models/user.py

@@ -0,0 +1,21 @@
+from sqlalchemy import String, ForeignKey, Column
+from sqlalchemy.orm import relationship
+from sqlalchemy.dialects.postgresql import UUID
+
+from atst.models import Base
+from .types import Id
+
+
+class User(Base):
+    __tablename__ = "users"
+
+    id = Id()
+    username = Column(String)
+    atat_role_id = Column(UUID(as_uuid=True), ForeignKey("roles.id"))
+
+    atat_role = relationship("Role")
+    workspace_roles = relationship("WorkspaceRole", backref="user")
+
+    @property
+    def atat_permissions(self):
+        return self.atat_role.permissions

atst/models/workspace_role.py

@@ -0,0 +1,24 @@
+from sqlalchemy import Index, ForeignKey, Column
+from sqlalchemy.dialects.postgresql import UUID
+from sqlalchemy.orm import relationship
+
+from atst.models import Base
+from .types import Id
+
+
+class WorkspaceRole(Base):
+    __tablename__ = "workspace_role"
+
+    id = Id()
+    workspace_id = Column(UUID(as_uuid=True), index=True)
+    role_id = Column(UUID(as_uuid=True), ForeignKey("roles.id"))
+    user_id = Column(UUID(as_uuid=True), ForeignKey("users.id"), index=True)
+    role = relationship("Role")
+
+
+Index(
+    "workspace_role_user_workspace",
+    WorkspaceRole.user_id,
+    WorkspaceRole.workspace_id,
+    unique=True,
+)