Verified Commit 96a1f0e5 authored by Marek Veselý's avatar Marek Veselý
Browse files

cleanup

parent 81dce533

common_lib/schema/types.py

+0 −7
Original line number Diff line number Diff line
@@ -126,13 +126,6 @@ class FileInfoType(DjangoObjectType): 
    definition = graphene.Field(ExerciseDefinitionType, required=False)





class OpenSearchDataType(graphene.ObjectType):

    id = graphene.ID(required=True)

    exercise_id = graphene.ID(required=True)

    team_id = graphene.ID(required=True)

    data = graphene.JSONString(required=True)





class ContentType(DjangoObjectType):

    class Meta:

        model = Content

exercise/lib/exercise_manager.py

+0 −5
Original line number Diff line number Diff line
@@ -227,13 +227,8 @@ def create_exercise( 
            [team.id for team in teams]

        )



        print("=== credentials ===")

        print(opensearch_credentials)



        create_opensearch_access(teams, opensearch_credentials)



        print(f"✓ OpenSearchAccess")



    return exercise

running_exercise/lib/opensearch_client.py

+7 −61
Original line number Diff line number Diff line 
from typing import List

from opensearchpy import OpenSearch

from datetime import datetime



from common_lib.schema.types import OpenSearchDataType

from exercise.models import OpenSearchAccess



host = "localhost"

host = "172.26.5.208"

port = 9200

auth = ("admin", "v&ery6#7st*ong78288732-pass889329word-aVUfg9")
@@ -27,9 +24,7 @@ def create_opensearch_exercise(team_ids): 
    5. Map the user to the role.

    6. Save the credentials of the user and return them later.



    https://docs.opensearch.org/docs/latest/im-plugin/data-streams/

    https://docs.opensearch.org/docs/latest/security/access-control/users-roles/

    https://docs.opensearch.org/docs/latest/security/access-control/api/#create-user

    https://docs.opensearch.org/latest/security/access-control/users-roles/

    https://opensearch-project.github.io/opensearch-py/api-ref/clients/security_client.html

    """

    credentials = {}
@@ -54,7 +49,7 @@ def create_opensearch_exercise(team_ids): 
        # https://docs.opensearch.org/docs/latest/security/access-control/permissions/

        role_body = {

            "cluster_permissions": [

                "cluster:monitor/main",  # high-level monitoring of cluster state

                "cluster:monitor/main", # high-level monitoring of cluster state; necessary for Logstash

            ],

            "index_permissions": [

                {
@@ -70,32 +65,25 @@ def create_opensearch_exercise(team_ids): 
            "users": [username],

        }



        print(f"=== {team_id} ===")



        try:

            index = client.indices.create(index=index_name)

            print(f"✓ Index")

            client.indices.create(index=index_name)



            # https://docs.opensearch.org/docs/latest/security/access-control/users-roles/#defining-users

            # https://docs.opensearch.org/docs/latest/security/access-control/api/#create-user

            user = client.security.create_user(

            client.security.create_user(

                username=username, body=user_body

            )

            print(f"✓ User")



            # https://docs.opensearch.org/docs/latest/security/access-control/users-roles/#defining-roles

            # https://docs.opensearch.org/docs/latest/security/access-control/api/#create-role

            role = client.security.create_role(role=role_name, body=role_body)

            print(f"✓ Role")

            client.security.create_role(role=role_name, body=role_body)



            # https://docs.opensearch.org/docs/latest/security/access-control/users-roles/#mapping-users-to-roles

            # https://docs.opensearch.org/docs/latest/security/access-control/api/#create-role-mapping

            role_mapping = client.security.create_role_mapping(

            client.security.create_role_mapping(

                role=role_name, body=role_mapping_body

            )

            print(f"✓ Role mapping")

        except Exception as e:

            print(f"✗ Error {e}")

            # TODO: cleanup and re-raise

            return credentials
@@ -112,45 +100,3 @@ def create_opensearch_access(teams, opensearch_credentials): 
            password=credentials["password"],

        )



def get_exercise_opensearch_data(exercise_id) -> List[OpenSearchDataType]:

    access_list = OpenSearchAccess.objects.filter(team__exercise_id=exercise_id)

    indices = access_list.values_list("index_name", flat=True)



    try:

        # return the last data entries from each index using OpenSearch client

        # https://docs.opensearch.org/docs/latest/api-reference/search-apis/multi-search/



        msearch_body = []

        for index in indices:

            msearch_body.append({"index": index})

            msearch_body.append({"size": 5, "query": {"match_all": {}}})



        msearch_result = client.msearch(

            body=msearch_body,

            index=",".join(indices),

        )

        responses = msearch_result.get("responses", [])

        result = []

        for response in responses:

            if (

                "hits" in response

                and "hits" in response["hits"]

                and len(response["hits"]["hits"]) > 0

            ):

                result.append(

                    OpenSearchDataType(

                        id=response["hits"]["hits"][0]["_id"],

                        team_id=access_list.get(

                            index_name=response["hits"]["hits"][0]["_index"]

                        ).team.id,

                        exercise_id=exercise_id,

                        # TODO: process further

                        data=response["hits"]["hits"],

                    )

                )

        print(f"✓ Fetch")

        return result

    except Exception as e:

        print(f"Error {e}")

        raise e

running_exercise/schema/query.py

+0 −23
Original line number Diff line number Diff line
@@ -17,7 +17,6 @@ from common_lib.exceptions import ( 
from common_lib.schema.types import (

    MilestoneStateType,

    EmailThreadType,

    OpenSearchDataType,

    TeamLearningObjectiveType,

    EmailParticipantType,

    EmailTemplateType,
@@ -211,11 +210,6 @@ class Query(graphene.ObjectType): 
        exercise_id=graphene.ID(required=True),

        description="Retrieve all drive files for the given exercise",

    )

    opensearch_data = graphene.List(

        graphene.NonNull(OpenSearchDataType),

        exercise_id=graphene.ID(required=True),

        description="Retrieve some OpenSearch data for the given exercise",

    )



    @protected(User.AuthGroup.TRAINEE)

    def resolve_team(self, info, team_id: str) -> Team:
@@ -524,20 +518,3 @@ class Query(graphene.ObjectType): 
            is_drive=True, definition_id=exercise.definition_id

        )

    @protected(User.AuthGroup.INSTRUCTOR)

    def resolve_opensearch_data(

        self, info, exercise_id: str

    ) -> QuerySet[OpenSearchDataType]:

        access = exercise_access(info.context, int(exercise_id))

        if access.group < User.AuthGroup.INSTRUCTOR:

            # TODO: return empty set; OpenSearchDataType is graphene.ObjectType so no .objects is available

            raise PermissionDenied(

                "User does not have access to OpenSearch data for this exercise"

            )



        from running_exercise.lib.opensearch_client import (

            get_exercise_opensearch_data,

        )



        data = get_exercise_opensearch_data(int(exercise_id))

        return data