Merge devel into main (#1063)

Signed-off-by: Alex <[email protected]>
Co-authored-by: Bill Wei <[email protected]>
Co-authored-by: Joe Shimkus <[email protected]>
Co-authored-by: Elijah DeLee <[email protected]>

Author: 4 people

src/aap_eda/conf/__init__.py

@@ -0,0 +1,21 @@
+#  Copyright 2024 Red Hat, Inc.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+from aap_eda.conf.registry import settings_registry
+from aap_eda.conf.settings import application_settings
+
+__all__ = [
+    "settings_registry",
+    "application_settings",
+]

src/aap_eda/conf/registry.py

@@ -0,0 +1,193 @@
+#  Copyright 2024 Red Hat, Inc.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+from collections import OrderedDict
+from dataclasses import dataclass
+from typing import Any
+
+import yaml
+from django.conf import settings
+from django.core.exceptions import ImproperlyConfigured
+from django.db import transaction
+
+from aap_eda.core.models import Setting
+from aap_eda.core.utils.crypto.base import SecretValue
+
+ENCRYPTED_STRING = "$encrypted$"
+
+
+class InvalidKeyError(Exception):
+    ...
+
+
+class InvalidValueError(Exception):
+    ...
+
+
+@dataclass
+class RegistryData(object):
+    name: str
+    default: Any
+    type: type = str
+    read_only: bool = False
+    is_secret: bool = False
+
+
+_APPLICATION_SETTING_REGISTRIES = [
+    RegistryData(
+        name="INSIGHTS_TRACKING_STATE",
+        type=bool,
+        default=False,
+    ),
+    RegistryData(
+        name="AUTOMATION_ANALYTICS_URL",
+        read_only=True,
+        default=settings.AUTOMATION_ANALYTICS_URL,
+    ),
+    RegistryData(
+        name="REDHAT_USERNAME",
+        default="",
+    ),
+    RegistryData(
+        name="REDHAT_PASSWORD",
+        is_secret=True,
+        default="",
+    ),
+    RegistryData(
+        name="SUBSCRIPTIONS_USERNAME",
+        default="",
+    ),
+    RegistryData(
+        name="SUBSCRIPTIONS_PASSWORD",
+        is_secret=True,
+        default="",
+    ),
+    RegistryData(
+        name="INSIGHTS_CERT_PATH",
+        read_only=True,
+        default=settings.INSIGHTS_CERT_PATH,
+    ),
+    RegistryData(
+        name="AUTOMATION_ANALYTICS_LAST_GATHER",
+        default="",
+    ),
+    RegistryData(
+        name="AUTOMATION_ANALYTICS_LAST_ENTRIES",
+        type=dict,
+        default={},
+    ),
+    RegistryData(
+        name="AUTOMATION_ANALYTICS_GATHER_INTERVAL",
+        type=int,
+        default=14400,
+    ),
+]
+
+
+class SettingsRegistry(object):
+    def __init__(self):
+        self._registry = OrderedDict()
+        for registry_data in _APPLICATION_SETTING_REGISTRIES:
+            self.register(registry_data)
+
+    def register(self, registry_data: RegistryData) -> None:
+        if registry_data.name in self._registry:
+            raise ImproperlyConfigured(
+                f"Setting {registry_data.name} is already registered."
+            )
+        self._registry[registry_data.name] = registry_data
+
+    def persist_registry_data(self):
+        for key, data in self._registry.items():
+            if data.read_only:
+                update_method = Setting.objects.update_or_create
+            else:
+                update_method = Setting.objects.get_or_create
+            update_method(key=key, defaults={"value": data.default})
+
+    def get_registered_settings(
+        self, skip_read_only: bool = False
+    ) -> list[str]:
+        setting_names = []
+
+        for setting, data in self._registry.items():
+            if data.read_only and skip_read_only:
+                continue
+            setting_names.append(setting)
+        return setting_names
+
+    def is_setting_secret(self, key: str) -> bool:
+        return self._registry[key].is_secret
+
+    def is_setting_read_only(self, key: str) -> bool:
+        return self._registry[key].read_only
+
+    def get_setting_type(self, key: str) -> type:
+        return self._registry[key].type
+
+    def db_update_setting(self, key: str, value: Any) -> None:
+        self._validate_key(key, writable=True)
+        Setting.objects.filter(key=key).update(
+            value=self._setting_value(key, value)
+        )
+
+    def db_update_settings(self, settings: dict[str, Any]) -> None:
+        with transaction.atomic():
+            for key, value in settings.items():
+                self._validate_key(key, writable=True)
+                Setting.objects.filter(key=key).update(
+                    value=self._setting_value(key, value)
+                )
+
+    def db_get_settings_for_display(self) -> dict[str, Any]:
+        keys = self.get_registered_settings()
+        settings = Setting.objects.filter(key__in=keys)
+        return {
+            obj.key: self._value_for_display(obj.key, obj.value)
+            for obj in settings
+        }
+
+    def db_get_setting(self, key: str) -> Any:
+        self._validate_key(key)
+        setting = Setting.objects.filter(key=key).first()
+        return self._decrypt_value(key, setting.value)
+
+    def _validate_key(self, key: str, writable: bool = False) -> None:
+        if key not in self._registry:
+            raise InvalidKeyError(f"{key} is not a preset key")
+        if writable and self.is_setting_read_only(key):
+            raise InvalidKeyError(f"{key} is readonly")
+
+    def _decrypt_value(self, key: str, db_value: SecretValue) -> Any:
+        val = db_value.get_secret_value()
+        if val != "":
+            val = yaml.safe_load(val)
+        return self._setting_value(key, val)
+
+    def _setting_value(self, key: str, value: Any) -> Any:
+        try:
+            return self.get_setting_type(key)(value)
+        except (ValueError, TypeError):
+            raise InvalidValueError(
+                f"Attempt to set an invalid value to key {key}"
+            )
+
+    def _value_for_display(self, key: str, db_value: SecretValue) -> Any:
+        value = self._decrypt_value(key, db_value)
+        if self.is_setting_secret(key) and value:
+            return ENCRYPTED_STRING
+        return value
+
+
+settings_registry = SettingsRegistry()

src/aap_eda/conf/settings.py

@@ -0,0 +1,28 @@
+#  Copyright 2024 Red Hat, Inc.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+from typing import Any
+
+from aap_eda.conf.registry import settings_registry
+
+
+class ApplicationSettings(object):
+    def __setattr__(self, name: str, value: Any) -> None:
+        settings_registry.db_update_setting(name, value)
+
+    def __getattr__(self, name: str) -> Any:
+        return settings_registry.db_get_setting(name)
+
+
+application_settings = ApplicationSettings()

src/aap_eda/core/management/commands/create_initial_data.py

@@ -23,6 +23,7 @@
 from django.db import transaction
 from django.db.models import Q
 
+from aap_eda.conf import settings_registry
 from aap_eda.core import enums, models
 from aap_eda.core.tasking import enable_redis_prefix
 from aap_eda.core.utils.credentials import inputs_to_store
@@ -1081,6 +1082,7 @@ class Command(BaseCommand):
 
     @transaction.atomic
     def handle(self, *args, **options):
+        settings_registry.persist_registry_data()
         self._preload_credential_types()
         self._copy_registry_credentials()
         self._copy_scm_credentials()

src/aap_eda/core/migrations/0050_setting.py

@@ -0,0 +1,45 @@
+# Generated by Django 4.2.7 on 2024-09-16 19:40
+
+from django.db import migrations, models
+
+import aap_eda.core.utils.crypto.fields
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("core", "0049_alter_eventstream_name"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="Setting",
+            fields=[
+                (
+                    "id",
+                    models.BigAutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("key", models.CharField(max_length=255, unique=True)),
+                (
+                    "value",
+                    aap_eda.core.utils.crypto.fields.EncryptedTextField(
+                        blank=True
+                    ),
+                ),
+                ("created_at", models.DateTimeField(auto_now_add=True)),
+                ("modified_at", models.DateTimeField(auto_now=True)),
+            ],
+            options={
+                "db_table": "core_setting",
+                "indexes": [
+                    models.Index(
+                        fields=["key"], name="core_settin_key_53fa74_idx"
+                    )
+                ],
+            },
+        ),
+    ]

src/aap_eda/core/models/__init__.py

@@ -43,6 +43,7 @@
     RulebookProcessLog,
     RulebookProcessQueue,
 )
+from .setting import Setting
 from .team import Team
 from .user import AwxToken, User
 
@@ -73,6 +74,7 @@
     "Organization",
     "Team",
     "EventStream",
+    "Setting",
 ]
 
 permission_registry.register(

src/aap_eda/core/models/setting.py

@@ -0,0 +1,30 @@
+#  Copyright 2024 Red Hat, Inc.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+from django.db import models
+
+from aap_eda.core.utils.crypto.fields import EncryptedTextField
+
+__all__ = ("Setting",)
+
+
+class Setting(models.Model):
+    class Meta:
+        db_table = "core_setting"
+        indexes = [models.Index(fields=["key"])]
+
+    key = models.CharField(max_length=255, unique=True)
+    value = EncryptedTextField(blank=True, null=False)
+    created_at = models.DateTimeField(auto_now_add=True, null=False)
+    modified_at = models.DateTimeField(auto_now=True, null=False)

src/aap_eda/core/utils/crypto/fields.py

@@ -81,20 +81,3 @@ def from_db_value(self, value, expression, connection):
         if value is None:
             return None
         return SecretValue(decrypt_string(value))
-
-
-class EncryptedJsonField(BaseEncryptedField, models.JSONField):
-    def get_db_prep_save(self, value, connection):
-        if value is None:
-            return None
-        if isinstance(value, SecretValue):
-            value = value.get_secret_value()
-        value = super().get_db_prep_save(value, connection)
-        return encrypt_string(value)
-
-    def from_db_value(self, value, expression, connection):
-        if value is None:
-            return None
-        value = decrypt_string(value)
-        value = super().from_db_value(value, expression, connection)
-        return SecretValue(value)

src/aap_eda/settings/default.py

@@ -206,6 +206,7 @@ def _get_boolean(name: str, default=False) -> bool:
     "django.middleware.csrf.CsrfViewMiddleware",
     "django.contrib.auth.middleware.AuthenticationMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
+    "ansible_base.lib.middleware.logging.log_request.LogTracebackMiddleware",
     "crum.CurrentRequestUserMiddleware",
 ]
 
@@ -789,3 +790,6 @@ def get_rulebook_process_log_level() -> RulebookProcessLogLevel:
 MAX_PG_NOTIFY_MESSAGE_SIZE = int(
     settings.get("MAX_PG_NOTIFY_MESSAGE_SIZE", 6144)
 )
+
+AUTOMATION_ANALYTICS_URL = settings.get("AUTOMATION_ANALYTICS_URL", "")
+INSIGHTS_CERT_PATH = settings.get("INSIGHTS_CERT_PATH", "")