From decdbbe887b1af9f4ee4ddca5e035b1bfef25340 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Wed, 3 Aug 2022 10:43:52 +0100 Subject: [PATCH 1/4] Update the django requirements to 3.0 The tests already use django 3+ so we should align this everywhere. Signed-off-by: Peter Robinson Add a guide to setup zezere instance Signed-off-by: rdotjain Update .gitignore for conf file Signed-off-by: rdotjain Add endpoint to upload ov Signed-off-by: rdotjain Update endpoint to accept CBOR encoded vouchers Signed-off-by: rdotjain Improve error listing in UI using messages Signed-off-by: rdotjain tweak endpoint to accept multiple vouchers Signed-off-by: rdotjain bug fix: navbar active tab Signed-off-by: rdotjain Add error handling in API call Signed-off-by: rdotjain ui: change button style Signed-off-by: rdotjain update template for multiple ownership vouchers Signed-off-by: rdotjain add server base url in default conf Signed-off-by: rdotjain --- .gitignore | 3 + SETUP.md | 81 +++++++++++++++++++ requirements.txt | 2 +- zezere/default.conf | 1 + zezere/settings.py | 11 +++ zezere/templates/portal/master.html | 14 ++-- .../templates/portal/ownership_voucher.html | 26 ++++++ zezere/urls.py | 3 + zezere/views_portal.py | 66 ++++++++++++++- 9 files changed, 197 insertions(+), 10 deletions(-) create mode 100644 SETUP.md create mode 100644 zezere/templates/portal/ownership_voucher.html diff --git a/.gitignore b/.gitignore index 316a346..b49a9f3 100644 --- a/.gitignore +++ b/.gitignore @@ -106,3 +106,6 @@ venv.bak/ # mypy .mypy_cache/ + +# conf file +zezere.conf \ No newline at end of file diff --git a/SETUP.md b/SETUP.md new file mode 100644 index 0000000..82a4941 --- /dev/null +++ b/SETUP.md @@ -0,0 +1,81 @@ +# Setup a zezere instance locally + +1. To install requirements in a Python virtual environment, set it up first. + ```sh + $ virtualenv venv + $ . venv/bin/activate + ``` + +2. Before installing other Python requirements, you need to install Apache httpd first. Follow the instructions from [mod-wsgi project documentation](https://pypi.org/project/mod-wsgi/). +
+In order to satisfy the `psycopg2` dependency please follow instructions from + [psycopg2 project documentation](https://www.psycopg.org/docs/install.html). + +3. Install the requirements + ```sh + $ (venv) pip install . + ``` + +4. Before using the `zezere-manage` tool, a configuration needs to be created. + Default configuration can be used as a base: + + ``` + $ cp zezere/default.conf ./zezere.conf + ``` + +5. Authentication method and secret key needs to be set in order to satisfy the + tool. Also, make sure that the allowed_hosts is what you want. + + ``` + allowed_hosts = localhost, 127.0.0.1 + secret_key = very-secret + auth_method = local + ``` + +6. Now run the migrations, to create a database file. + ```sh + $ python manage.py migrate --noinput + ``` + +7. To collect the static files, run + ``` + $ python manage.py collectstatic + ``` + +8. Now we can create a superuser: + + ``` + $ zezere-manage createsuperuser --username admin --email user@domain.tld + ``` + +9. After a password has been set, we are ready to run Zezere: + + ``` + ./app.sh + ``` + + Use the admin credentials we created to login to localhost:8080 + +
+ +# Setup using Docker +The easiest way to run Zezere is to run the official container and authenticate + with OpenID Connect: + + ``` + $ docker run --detach --rm --name zezere \ + -e OIDC_RP_CLIENT_ID= \ + -e OIDC_RP_CLIENT_SECRET= \ + -e OIDC_OP_AUTHORIZATION_ENDPOINT= \ + -e OIDC_OP_TOKEN_ENDPOINT= \ + -e OIDC_OP_USER_ENDPOINT= \ + -e OIDC_OP_JWKS_ENDPOINT= \ + -e AUTH_METHOD=oidc \ + -e SECRET_KEY=localtest \ + -e ALLOWED_HOSTS=localhost \ + -p 8080:8080 \ + -t quay.io/fedora-iot/zezere:latest + ``` + + The default signing algorithm is `RS256` but it can also be controlled with the + environment variable `OIDC_OP_SIGN_ALGO` \ No newline at end of file diff --git a/requirements.txt b/requirements.txt index 3d2334b..7881470 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -django>=2.1 +django>=3.0 djangorestframework django-ipware psycopg2 diff --git a/zezere/default.conf b/zezere/default.conf index 42bf231..78fc39f 100644 --- a/zezere/default.conf +++ b/zezere/default.conf @@ -4,6 +4,7 @@ debug = no allowed_hosts = localhost, localhost.localdomain secure_cookie = yes # auth_method = local, oidc +# ov_base_url = [oidc.rp] # client_id = diff --git a/zezere/settings.py b/zezere/settings.py index d430ba1..b42b882 100644 --- a/zezere/settings.py +++ b/zezere/settings.py @@ -2,6 +2,7 @@ import os +from django.contrib.messages import constants as messages from .settings_external import get, getboolean from .settings_auth import AUTH_INFO @@ -161,3 +162,13 @@ "django.contrib.staticfiles.finders.FileSystemFinder", "django.contrib.staticfiles.finders.AppDirectoriesFinder", ] + +MESSAGE_TAGS = { + messages.DEBUG: "alert-secondary", + messages.INFO: "alert-info", + messages.SUCCESS: "alert-success", + messages.WARNING: "alert-warning", + messages.ERROR: "alert-danger", +} + +OV_BASE_URL = get("global", "ov_base_url", "OV_BASE_URL") diff --git a/zezere/templates/portal/master.html b/zezere/templates/portal/master.html index 1f6de35..43825c4 100644 --- a/zezere/templates/portal/master.html +++ b/zezere/templates/portal/master.html @@ -44,18 +44,21 @@
    {% if user.is_authenticated %} -
  • - Home +
  • + Home
    • -
  • +
  • Claim Unowned Devices
    • -
  • +
  • SSH Key Management
    • -
  • +
  • Device Management
    • +
  • + Add Ownership Voucher +
    • {% else %}
  • Log In @@ -67,6 +70,7 @@
    {% block content %} + {% include 'main/includes/messages.html' %} Master content {% endblock %}
    diff --git a/zezere/templates/portal/ownership_voucher.html b/zezere/templates/portal/ownership_voucher.html new file mode 100644 index 0000000..907f40a --- /dev/null +++ b/zezere/templates/portal/ownership_voucher.html @@ -0,0 +1,26 @@ +{% extends "./master.html" %} + +{% load rules %} + +{% block title %}Add Voucher{% endblock %} + +{% block content %} + +{% if messages %} + {% for message in messages %} + {{ message }} + {% endfor %} +{% endif %} + +Add a new ownership voucher: +
    + {% csrf_token %} + Enter the number of vouchers:

    + Enter your voucher contents:
    +

    + OR

    + Upload a CBOR encoded voucher:

    +
    +
    + +{% endblock %} diff --git a/zezere/urls.py b/zezere/urls.py index 370eb4e..eb9b4c4 100644 --- a/zezere/urls.py +++ b/zezere/urls.py @@ -40,6 +40,9 @@ views_portal.remove_ssh_key, name="portal_sshkeys_remove", ), + path("portal/ov/", views_portal.ov, name="portal_ov"), + path("portal/ov/add/", views_portal.add_ov, name="portal_ov_add"), + # path("portal/ov/delete/", views_portal.remove_ov, name="portal_ov_remove"), # API path("api/", include(router.urls), name="apis"), path( diff --git a/zezere/views_portal.py b/zezere/views_portal.py index eaff942..693a130 100644 --- a/zezere/views_portal.py +++ b/zezere/views_portal.py @@ -1,4 +1,7 @@ +import requests + from django.core.exceptions import PermissionDenied +from django.contrib import messages from django.db import transaction from django.http import Http404, HttpResponseBadRequest from django.shortcuts import render, get_object_or_404, redirect @@ -9,11 +12,12 @@ from ipware import get_client_ip from zezere.models import Device, RunRequest, device_getter, SSHKey +from zezere.settings import OV_BASE_URL @login_required def index(request): - return render(request, "portal/index.html") + return render(request, "portal/index.html", {"nbar": "portal"}) @login_required @@ -33,14 +37,20 @@ def claim(request): else: remote_ip, _ = get_client_ip(request) unclaimed = Device.objects.filter(owner__isnull=True, last_ip_address=remote_ip) - context = {"unclaimed_devices": unclaimed, "super": request.user.is_superuser} + context = { + "unclaimed_devices": unclaimed, + "super": request.user.is_superuser, + "nbar": "claim", + } return render(request, "portal/claim.html", context) @login_required def devices(request): devices = Device.objects.filter(owner=request.user) - return render(request, "portal/devices.html", {"devices": devices}) + return render( + request, "portal/devices.html", {"devices": devices, "nbar": "devices"} + ) @permission_required(Device.get_perm("provision"), fn=device_getter) @@ -79,7 +89,9 @@ def clean_runreq(request, mac_addr): @login_required def sshkeys(request): sshkeys = SSHKey.objects.filter(owner=request.user) - return render(request, "portal/sshkeys.html", {"sshkeys": sshkeys}) + return render( + request, "portal/sshkeys.html", {"sshkeys": sshkeys, "nbar": "sshkeys"} + ) @login_required @@ -104,3 +116,49 @@ def add_ssh_key(request): key.full_clean() key.save() return redirect("portal_sshkeys") + + +@login_required +def ov(request): + return render(request, "portal/ownership_voucher.html", {"nbar": "ov"}) + + +@login_required +@require_POST +def add_ov(request): + payload = None + no_of_vouchers = request.POST["no_of_vouchers"] + + if request.POST.get("ov"): + content_type = "application/x-pem-file" + payload = request.POST["ov"].strip() + elif request.FILES.getlist("ov_file"): + content_type = "application/cbor" + files = request.FILES.getlist("ov_file") + payload = files[0].read() + for f in files[1:]: + payload += f.read() + else: + messages.error(request, "No ownership voucher provided") + return redirect("portal_ov") + + url = OV_BASE_URL + headers = { + "X-Number-Of-Vouchers": no_of_vouchers, + "Content-Type": content_type, + "Authorization": "Bearer", + } + + try: + response = requests.request("POST", url, headers=headers, data=payload) + except requests.exceptions.RequestException as e: + messages.error(request, "Error while adding ownership voucher: {}".format(e)) + return redirect("portal_ov") + + if response.status_code == 201: + messages.success(request, "Ownership voucher added") + else: + error_code = response.json().get("error_code") + messages.error(request, "Error adding ownership voucher: {}".format(error_code)) + + return redirect("portal_ov") From 4f6605bf412a42225bcfbed414335e818d980ff0 Mon Sep 17 00:00:00 2001 From: Rupanshi Jain Date: Sun, 14 Aug 2022 12:54:17 +0530 Subject: [PATCH 2/4] feat: configuration management Signed-off-by: Rupanshi Jain --- zezere/default.conf | 1 - .../0013_alter_device_mac_address.py | 20 ++++++++++ zezere/migrations/0014_config.py | 25 +++++++++++++ zezere/models.py | 11 ++++++ zezere/settings.py | 2 - zezere/templates/portal/configure.html | 25 +++++++++++++ zezere/templates/portal/master.html | 3 ++ zezere/urls.py | 1 + zezere/views_portal.py | 37 +++++++++++++++++-- 9 files changed, 119 insertions(+), 6 deletions(-) create mode 100644 zezere/migrations/0013_alter_device_mac_address.py create mode 100644 zezere/migrations/0014_config.py create mode 100644 zezere/templates/portal/configure.html diff --git a/zezere/default.conf b/zezere/default.conf index 78fc39f..42bf231 100644 --- a/zezere/default.conf +++ b/zezere/default.conf @@ -4,7 +4,6 @@ debug = no allowed_hosts = localhost, localhost.localdomain secure_cookie = yes # auth_method = local, oidc -# ov_base_url = [oidc.rp] # client_id = diff --git a/zezere/migrations/0013_alter_device_mac_address.py b/zezere/migrations/0013_alter_device_mac_address.py new file mode 100644 index 0000000..fd55ac6 --- /dev/null +++ b/zezere/migrations/0013_alter_device_mac_address.py @@ -0,0 +1,20 @@ +# Generated by Django 4.0.4 on 2022-04-20 06:28 + +import django.core.validators +from django.db import migrations, models +import zezere.models + + +class Migration(migrations.Migration): + + dependencies = [ + ('zezere', '0012_auto_20200323_1130'), + ] + + operations = [ + migrations.AlterField( + model_name='device', + name='mac_address', + field=models.CharField(max_length=20, unique=True, validators=[django.core.validators.RegexValidator('^([0-9A-F]{2}[:]){5}([0-9A-F]{2})$'), zezere.models.validator_disallow_blacklisted_mac], verbose_name='Device MAC Address'), + ), + ] diff --git a/zezere/migrations/0014_config.py b/zezere/migrations/0014_config.py new file mode 100644 index 0000000..ac2a343 --- /dev/null +++ b/zezere/migrations/0014_config.py @@ -0,0 +1,25 @@ +# Generated by Django 4.0.4 on 2022-08-14 06:22 + +from django.conf import settings +from django.db import migrations, models +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + migrations.swappable_dependency(settings.AUTH_USER_MODEL), + ('zezere', '0013_alter_device_mac_address'), + ] + + operations = [ + migrations.CreateModel( + name='Config', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('auth_token', models.CharField(default='', max_length=255)), + ('ov_base_url', models.URLField(default='', max_length=255)), + ('owner', models.ForeignKey(blank=True, default=None, null=True, on_delete=django.db.models.deletion.PROTECT, to=settings.AUTH_USER_MODEL)), + ], + ), + ] diff --git a/zezere/models.py b/zezere/models.py index 731113d..1026126 100644 --- a/zezere/models.py +++ b/zezere/models.py @@ -208,3 +208,14 @@ class UnownedDeviceSerializer(serializers.HyperlinkedModelSerializer): class Meta: model = Device fields = ["mac_address"] + + +class Config(models.Model): + owner = models.ForeignKey( + User, on_delete=models.PROTECT, default=None, blank=True, null=True + ) + auth_token = models.CharField(max_length=255, default="") + ov_base_url = models.URLField(max_length=255, default="") + + def __str__(self): + return "configuration for %s" % self.owner diff --git a/zezere/settings.py b/zezere/settings.py index b42b882..202197b 100644 --- a/zezere/settings.py +++ b/zezere/settings.py @@ -170,5 +170,3 @@ messages.WARNING: "alert-warning", messages.ERROR: "alert-danger", } - -OV_BASE_URL = get("global", "ov_base_url", "OV_BASE_URL") diff --git a/zezere/templates/portal/configure.html b/zezere/templates/portal/configure.html new file mode 100644 index 0000000..6dabc41 --- /dev/null +++ b/zezere/templates/portal/configure.html @@ -0,0 +1,25 @@ +{% extends "./master.html" %} + +{% load rules %} + +{% block title %}Add Voucher{% endblock %} + +{% block content %} + +{% if messages %} + {% for message in messages %} + {{ message }} + {% endfor %} +{% endif %} + +

    Your Configuration:

    +
    + {% csrf_token %} + Enter the Authentication token:
    +

    + Enter your OV Management Server URL:
    +

    +
    +
    + +{% endblock %} diff --git a/zezere/templates/portal/master.html b/zezere/templates/portal/master.html index 43825c4..c5dd33f 100644 --- a/zezere/templates/portal/master.html +++ b/zezere/templates/portal/master.html @@ -59,6 +59,9 @@
  • Add Ownership Voucher
    • +
  • + Configure +
    • {% else %}
  • Log In diff --git a/zezere/urls.py b/zezere/urls.py index eb9b4c4..c87bdc8 100644 --- a/zezere/urls.py +++ b/zezere/urls.py @@ -43,6 +43,7 @@ path("portal/ov/", views_portal.ov, name="portal_ov"), path("portal/ov/add/", views_portal.add_ov, name="portal_ov_add"), # path("portal/ov/delete/", views_portal.remove_ov, name="portal_ov_remove"), + path("portal/configure/", views_portal.configure, name="portal_configure"), # API path("api/", include(router.urls), name="apis"), path( diff --git a/zezere/views_portal.py b/zezere/views_portal.py index 693a130..2643368 100644 --- a/zezere/views_portal.py +++ b/zezere/views_portal.py @@ -11,8 +11,7 @@ from rules.contrib.views import permission_required from ipware import get_client_ip -from zezere.models import Device, RunRequest, device_getter, SSHKey -from zezere.settings import OV_BASE_URL +from zezere.models import Device, RunRequest, device_getter, SSHKey, Config @login_required @@ -126,6 +125,9 @@ def ov(request): @login_required @require_POST def add_ov(request): + OV_BASE_URL = Config.objects.get(owner=request.user).ov_base_url + AUTH_TOKEN = Config.objects.get(owner=request.user).auth_token + payload = None no_of_vouchers = request.POST["no_of_vouchers"] @@ -146,7 +148,7 @@ def add_ov(request): headers = { "X-Number-Of-Vouchers": no_of_vouchers, "Content-Type": content_type, - "Authorization": "Bearer", + "Authorization": f"Bearer {AUTH_TOKEN}", } try: @@ -162,3 +164,32 @@ def add_ov(request): messages.error(request, "Error adding ownership voucher: {}".format(error_code)) return redirect("portal_ov") + + +@login_required +def configure(request): + if request.method == "GET": + config = Config.objects.filter(owner=request.user).first() + auth_token = config.auth_token if config else "" + ov_base_url = config.ov_base_url if config else "" + return render( + request, + "portal/configure.html", + {"auth_token": auth_token, "ov_base_url": ov_base_url}, + ) + elif request.method == "POST": + auth_token = request.POST.get("auth_token") + ov_base_url = request.POST.get("ov_base_url") + owner = request.user + if not auth_token or not ov_base_url: + messages.error(request, "Please fill in all fields") + return redirect("portal_configure") + + config = Config.objects.filter(owner=owner).first() + if config is None: + config = Config(owner=owner) + config.auth_token = auth_token + config.ov_base_url = ov_base_url + config.save() + messages.success(request, "Configuration saved") + return redirect("portal_configure") From 06089be21301de6e627e109595a4b6e563389e12 Mon Sep 17 00:00:00 2001 From: Rupanshi Jain Date: Fri, 26 Aug 2022 16:00:19 +0530 Subject: [PATCH 3/4] remove ov_url from defaut conf Signed-off-by: Rupanshi Jain --- zezere/default.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/zezere/default.conf b/zezere/default.conf index 78fc39f..42bf231 100644 --- a/zezere/default.conf +++ b/zezere/default.conf @@ -4,7 +4,6 @@ debug = no allowed_hosts = localhost, localhost.localdomain secure_cookie = yes # auth_method = local, oidc -# ov_base_url = [oidc.rp] # client_id = From b72a752c8b9f29f9f1d11e55d96e5ad3ab7463a6 Mon Sep 17 00:00:00 2001 From: Rupanshi Jain Date: Fri, 26 Aug 2022 16:10:44 +0530 Subject: [PATCH 4/4] rename Config model to FDOConfig Signed-off-by: Rupanshi Jain --- .../0015_rename_config_fdoconfig.py | 19 +++++++++++++++++++ zezere/models.py | 2 +- zezere/views_portal.py | 12 ++++++------ 3 files changed, 26 insertions(+), 7 deletions(-) create mode 100644 zezere/migrations/0015_rename_config_fdoconfig.py diff --git a/zezere/migrations/0015_rename_config_fdoconfig.py b/zezere/migrations/0015_rename_config_fdoconfig.py new file mode 100644 index 0000000..9da625b --- /dev/null +++ b/zezere/migrations/0015_rename_config_fdoconfig.py @@ -0,0 +1,19 @@ +# Generated by Django 4.0.4 on 2022-08-26 10:38 + +from django.conf import settings +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + migrations.swappable_dependency(settings.AUTH_USER_MODEL), + ('zezere', '0014_config'), + ] + + operations = [ + migrations.RenameModel( + old_name='Config', + new_name='FDOConfig', + ), + ] diff --git a/zezere/models.py b/zezere/models.py index 1026126..123616d 100644 --- a/zezere/models.py +++ b/zezere/models.py @@ -210,7 +210,7 @@ class Meta: fields = ["mac_address"] -class Config(models.Model): +class FDOConfig(models.Model): owner = models.ForeignKey( User, on_delete=models.PROTECT, default=None, blank=True, null=True ) diff --git a/zezere/views_portal.py b/zezere/views_portal.py index 2643368..532ce15 100644 --- a/zezere/views_portal.py +++ b/zezere/views_portal.py @@ -11,7 +11,7 @@ from rules.contrib.views import permission_required from ipware import get_client_ip -from zezere.models import Device, RunRequest, device_getter, SSHKey, Config +from zezere.models import Device, RunRequest, device_getter, SSHKey, FDOConfig @login_required @@ -125,8 +125,8 @@ def ov(request): @login_required @require_POST def add_ov(request): - OV_BASE_URL = Config.objects.get(owner=request.user).ov_base_url - AUTH_TOKEN = Config.objects.get(owner=request.user).auth_token + OV_BASE_URL = FDOConfig.objects.get(owner=request.user).ov_base_url + AUTH_TOKEN = FDOConfig.objects.get(owner=request.user).auth_token payload = None no_of_vouchers = request.POST["no_of_vouchers"] @@ -169,7 +169,7 @@ def add_ov(request): @login_required def configure(request): if request.method == "GET": - config = Config.objects.filter(owner=request.user).first() + config = FDOConfig.objects.filter(owner=request.user).first() auth_token = config.auth_token if config else "" ov_base_url = config.ov_base_url if config else "" return render( @@ -185,9 +185,9 @@ def configure(request): messages.error(request, "Please fill in all fields") return redirect("portal_configure") - config = Config.objects.filter(owner=owner).first() + config =FDOConfig.objects.filter(owner=owner).first() if config is None: - config = Config(owner=owner) + config = FDOConfig(owner=owner) config.auth_token = auth_token config.ov_base_url = ov_base_url config.save()