app.models

This module implements the models used in the app.

copyright

2017 European Spallation Source ERIC

license

BSD 2-Clause, see LICENSE for more details.

class app.models.Action(**kwargs)[source]

description

favorite_users

id

name

class app.models.AnsibleGroup(**kwargs)[source]

property children

created_at

property hosts

id

property is_dynamic

name

property parents

to_dict(recursive=False)[source]

type

updated_at

user

user_id

validate_children(key, child)[source]: Ensure the child is not in the group parents to avoid circular references

validate_name(key, string)[source]: Ensure the name matches the required format

vars

versions

class app.models.AnsibleGroupType(value)[source]

An enumeration.

DEVICE_TYPE = 'DEVICE_TYPE'

HOSTNAME = 'HOSTNAME'

IOC = 'IOC'

NETWORK = 'NETWORK'

NETWORK_SCOPE = 'NETWORK_SCOPE'

STATIC = 'STATIC'

classmethod choices()[source]

classmethod coerce(value)[source]

class app.models.Cname(**kwargs)[source]

created_at

property domain: Return the cname domain name

property fqdn: Return the cname fully qualified domain name

id

interface

interface_id

name

to_dict(recursive=False)[source]

updated_at

user

user_id

validate_name(key, string)[source]: Ensure the name matches the required format

class app.models.CreatedMixin(**kwargs)[source]

created_at = Column(None, DateTime(), table=None, default=ColumnDefault(<app.models.utcnow at 0x7f6419fea460; utcnow object>))

id = Column(None, Integer(), table=None, primary_key=True, nullable=False)

to_dict()[source]

updated_at = Column(None, DateTime(), table=None, onupdate=ColumnDefault(<app.models.utcnow at 0x7f6419feacd0; utcnow object>), default=ColumnDefault(<app.models.utcnow at 0x7f6419feaca0; utcnow object>))

user = <RelationshipProperty at 0x7f6418feaa40; no key>

user_id = Column(None, Integer(), ForeignKey('user_account.id'), table=None, nullable=False, default=ColumnDefault(<function fetch_current_user_id>))

class app.models.DeviceType(**kwargs)[source]

hosts

id

name

to_dict(recursive=False)[source]

validate_name(key, string)[source]: Ensure the name field matches the required format

class app.models.Domain(**kwargs)[source]

created_at

id

name

networks

scopes

to_dict(recursive=False)[source]

updated_at

user

user_id

class app.models.Host(**kwargs)[source]

ansible_groups

ansible_vars

created_at

description

device_type

device_type_id

property fqdn

Return the host fully qualified domain name

The domain is based on the main interface

free_stack_members()[source]: Return the list of free stack member numbers

id

interfaces

is_ioc

items

property main_interface

Return the host main interface

The main interface is the one that has the same name as the host or the first one found

property main_network: Return the host main interface network

property model: Return the model of the first linked item

name

property scope: Return the host main interface network scope

property sensitive: Return True if the host is on a sensitive network

stack_members()[source]: Return all items part of the stack sorted by stack member number

stack_members_numbers()[source]: Return the list of stack member numbers

to_dict(recursive=False)[source]

updated_at

user

user_id

validate_name(key, string)[source]: Ensure the name matches the required format

versions

class app.models.Interface(**kwargs)[source]

property address

cnames

created_at

description

host

host_id

id

ip

property is_ioc

property is_main

mac

name

network

network_id

to_dict(recursive=False)[source]

updated_at

user

user_id

validate_cnames(key, cname)[source]: Ensure the cname is unique by domain

validate_mac(key, string)[source]: Ensure the mac is a valid MAC address

validate_name(key, string)[source]: Ensure the name matches the required format

class app.models.Item(**kwargs)[source]

children

comments

created_at

history()[source]

host

host_id

ics_id

id

location

location_id

macs

manufacturer

manufacturer_id

model

model_id

parent

parent_id

quantity

serial_number

stack_member

status

status_id

to_dict(recursive=False)[source]

to_row_dict()[source]

Convert to a dict that can easily be exported to an excel row

All values should be a string

updated_at

user

user_id

validate_ics_id(key, string)[source]: Ensure the ICS id field matches the required format

versions

class app.models.ItemComment(**kwargs)[source]

body

created_at

id

item

item_id

to_dict(recursive=False)[source]

updated_at

user

user_id

class app.models.JobStatus(value)[source]

An enumeration.

DEFERRED = 'deferred'

FAILED = 'failed'

FINISHED = 'finished'

QUEUED = 'queued'

STARTED = 'started'

class app.models.Location(**kwargs)[source]

description

favorite_users

id

items

name

class app.models.Mac(**kwargs)[source]

address

id

item

item_id

to_dict(recursive=False)[source]

validate_address(key, string)[source]: Ensure the address is a valid MAC address

class app.models.Manufacturer(**kwargs)[source]

description

favorite_users

id

items

name

class app.models.Model(**kwargs)[source]

description

favorite_users

id

items

name

class app.models.Network(**kwargs)[source]

address

admin_only

available_ips()[source]: Return the list of IP addresses available

property broadcast

created_at

description

domain

domain_id

property first

first_ip

gateway

id

interfaces

ip_range()[source]

Return the list of IP addresses that can be assigned for this network

The range is defined by the first and last IP

property last

last_ip

property netmask

property network_ip

scope

scope_id

sensitive

to_dict(recursive=False)[source]

updated_at

used_ips()[source]

Return the list of IP addresses in use

The list is sorted

user

user_id

validate_first_ip(key, ip)[source]: Ensure the first IP is in the network

validate_interfaces(key, interface)[source]: Ensure the interface IP is in the network range

validate_last_ip(key, ip)[source]: Ensure the last IP is in the network and greater than first_ip

validate_vlan_id(key, value)[source]: Ensure the vlan_id is in the scope range

validate_vlan_name(key, string)[source]: Ensure the name matches the required format

vlan_id

vlan_name

class app.models.NetworkScope(**kwargs)[source]

available_subnets(prefix)[source]

Return the list of available subnets with the given prefix

Overlapping subnets with existing networks are filtered

available_vlans()[source]: Return the list of vlan ids available

created_at

description

domain

domain_id

first_vlan

id

last_vlan

name

networks

prefix_range()[source]: Return the list of subnet prefix that can be used for this network scope

supernet

property supernet_ip

to_dict(recursive=False)[source]

updated_at

used_subnets()[source]

Return the list of subnets in use

The list is sorted

used_vlans()[source]

Return the list of vlan ids in use

The list is sorted

user

user_id

validate_first_vlan(key, value)[source]: Ensure the first vlan is lower than any network vlan id

validate_last_vlan(key, value)[source]: Ensure the last vlan is greater than any network vlan id

validate_networks(key, network)[source]: Ensure the network is included in the supernet and doesn’t overlap existing networks

validate_supernet(key, supernet)[source]

Ensure the supernet doesn’t overlap existing supernets

Also ensure it’s a supernet of all existing networks (when editing)

vlan_range()[source]

Return the list of vlan ids that can be assigned for this network scope

The range is defined by the first and last vlan

class app.models.QRCodeMixin[source]

base64_image()[source]: Return the QRCode image as base64 string

description = Column(None, Text(), table=None)

id = Column(None, Integer(), table=None, primary_key=True, nullable=False)

image()[source]

Return a QRCode image to identify a record

The QRCode includes:

CSE prefix
the table name
the name of the record

is_user_favorite()[source]: Return True if the attribute is part of the current user favorites

name = Column(None, CIText(), table=None, nullable=False)

to_dict(recursive=False)[source]

class app.models.SearchableMixin[source]

Add search capability to a class

classmethod after_commit(session)[source]: Update the elasticsearch index

classmethod after_flush_postexec(session, flush_context)[source]: Retrieve the new and updated objects representation

classmethod before_flush(session, flush_context, instances)[source]: Save the new/modified/deleted objects

classmethod create_index(**kwargs)[source]: Create the index of the class

classmethod delete_index(**kwargs)[source]: Delete the index of the class

classmethod reindex(delete=True)[source]: Force to reindex all instances of the class

classmethod search(query, page=1, per_page=20, sort=None, filter_sensitive=False)[source]

class app.models.Status(**kwargs)[source]

description

favorite_users

id

items

name

class app.models.Task(**kwargs)[source]

awx_job_id

property awx_job_url

awx_resource

command

created_at

depends_on

depends_on_id

ended_at

exception

id

name

reverse_dependencies

status

to_dict(recursive=False)[source]

update_reverse_dependencies()[source]

Recursively set all reverse dependencies to FAILED

When a RQ job is set to FAILED, its reverse dependencies will stay to DEFERRED. This method allows to easily update the corresponding tasks status.

The tasks are modified but the session is not committed.

user

user_id

class app.models.Token(**kwargs)[source]

Table to store valid tokens

description

expires

id

issued_at

jti

token_type

user

user_id

class app.models.User(**kwargs)[source]

can_create_vm(host)[source]

Return True if the user can create the VM

host.device_type shall be VirtualMachine
admin users can create anything
normal users must have access to the network to create VIOC
normal users can only create a VM if the host is in one of the allowed network scopes
LOGIN_DISABLED can be set to True to turn off authentication check when testing. In this case, this function always returns True.

can_delete_host(host)[source]

Return True if the user can delete the host

admin users can delete any host
normal users must be creator of the host
LOGIN_DISABLED can be set to True to turn off authentication check when testing. In this case, this function always returns True.

can_set_boot_profile(host)[source]

Return True if the user can set the network boot profile

host.device_type shall be in ALLOWED_SET_BOOT_PROFILE_DEVICE_TYPES
admin users can always set the profile
normal users must have access to the network
normal users can only set the boot profile if the host is in one of the allowed network scopes
LOGIN_DISABLED can be set to True to turn off authentication check when testing. In this case, this function always returns True.

can_view_host(host)[source]

Return True if the user can view the host

admin and auditor users can view all hosts
non sensitive hosts can be viewed by anyone
normal users must have access to the network scope to view sensitive hosts
LOGIN_DISABLED can be set to True to turn off authentication check when testing. In this case, this function always returns True.

can_view_network(network)[source]

Return True if the user can view the network

admin and auditor users can view all networks
non sensitive networks can be viewed by anyone
normal users must have access to the network scope to view sensitive networks
LOGIN_DISABLED can be set to True to turn off authentication check when testing. In this case, this function always returns True.

property csentry_groups

Return the list of CSEntry groups the user belong to

Groups are assigned based on the CSENTRY_LDAP_GROUPS mapping with LDAP groups

property csentry_network_scopes

Return the list of CSEntry network scopes the user has access to

Network scopes are assigned based on the CSENTRY_NETWORK_SCOPES_LDAP_GROUPS mapping with LDAP groups

display_name

email

favorite_actions

favorite_attributes()[source]: Return all user’s favorite attributes

favorite_locations

favorite_manufacturers

favorite_models

favorite_statuses

get_id()[source]

Return the user id as unicode

Required by flask-login

get_task_started(name)[source]: Return the <name> task currently running or None

get_task_waiting(name)[source]

Return the latest <name> task currently waiting or None

Waiting means:

queued
deferred

A deferred task will be set to failed if the task it depends on fails.

get_tasks(all=False)[source]

Return all tasks created by the current user

If the user is admin or auditor and all is set to True, will return all tasks

get_tasks_in_progress(name)[source]: Return all the <name> tasks not finished or failed

groups

has_access_to_network(network)[source]

Return True if the user has access to the network

admin users have access to all networks
normal users must have access to the network scope
normal users don’t have access to admin_only networks (whatever the network scope)
LOGIN_DISABLED can be set to True to turn off authentication check when testing. In this case, this function always returns True.

id

property is_admin

property is_auditor

is_member_of_one_group(groups)[source]: Return True if the user is at least member of one of the given CSEntry groups

is_task_waiting(name)[source]

Return True if a <name> task is waiting

Waiting means:

queued
deferred

A deferred task will be set to failed if the task it depends on fails.

launch_task(name, func, queue_name='normal', **kwargs)[source]

Launch a task in the background using RQ

The task is added to the session but not committed.

property sensitive_filter: Return the elasticsearch query to use to filter sensitive hosts

tasks

to_dict(recursive=False)[source]

tokens

username

app.models.before_flush(session, flush_context, instances)[source]

Before flush hook

Used to trigger core services and inventory update, as well as the Ansible groups reindex.

See http://docs.sqlalchemy.org/en/latest/orm/session_events.html#before-flush

app.models.get_temporary_ics_id()[source]: Return a temporary ICS id that is available

app.models.load_user(user_id)[source]

User loader callback for flask-login

Parameters: user_id (str) – unicode ID of a user
Returns: corresponding user object or None

app.models.pg_utcnow(element, compiler, **kw)[source]

app.models.save_user(dn, username, data, memberships)[source]

User saver for flask-ldap3-login

This method is called whenever a LDAPLoginForm() successfully validates.

app.models.temporary_ics_ids()[source]: Generator that returns the full list of temporary ICS ids

app.models.trigger_ansible_groups_reindex(session)[source]

Trigger a reindex of Ansible groups

Update on any Host or Interface modification. This is required for all dynamic groups.

Called by before flush hook

app.models.trigger_core_services_update(session)[source]

Trigger core services update on any Interface or Host modification.

Called by before flush hook

app.models.trigger_inventory_update(session)[source]

Trigger an inventory update in AWX

Update on any AnsibleGroup/Cname/Domain/Host/Interface/Network/NetworkScope modification.

Called by before flush hook

app.models.update_host_sensitive_field(target, value, oldvalue, initiator)[source]

Update the host sensitive field in elasticsearch based on the Network value

Updating the network won’t trigger any update of the hosts as sensitive is just a property (based on host.main_interface.network). We have to force the update in elasticsearch index.

app.models.used_temporary_ics_ids()[source]: Return a set with the temporary ICS ids used

class app.models.utcnow(*clauses, **kwargs)[source]

type = DateTime()