first attempt

Author: Jeremy Nicklas

.rspec

@@ -1,2 +1,2 @@
---format documentation
 --color
+--require spec_helper

Gemfile

@@ -2,3 +2,6 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in ood_core.gemspec
 gemspec
+
+# FIXME
+gem "ood_job", git: "[email protected]:OSC/ood_job.git"

lib/ood_core.rb

@@ -1,6 +1,17 @@
 require "ood_core/version"
+require "ood_core/errors"
+require "ood_core/job_factory"
+require "ood_core/acl_factory"
+require "ood_core/cluster"
+require "ood_core/clusters"
 
 # The main namespace for ood_core
 module OodCore
-  # Your code goes here...
+  # A namespace for job adapters
+  module JobAdapters
+  end
+
+  # A namespace for acl adapters
+  module AclAdapters
+  end
 end

lib/ood_core/acl_adapters/abstract_adapter.rb

@@ -0,0 +1,18 @@
+require "ood_support"
+
+module OodCore
+  module AclAdapters
+    # A class that handles whether a resource is allowed to be used through an
+    # ACL
+    # @abstract
+    class AbstractAdapter
+      # Whether this ACL allows access for the principle
+      # @abstract Subclass is expected to implement {#allow?}
+      # @raise [NotImplementedError] if subclass did not define {#allow?}
+      # @return [Boolean] whether principle is allowed
+      def allow?
+        raise NotImplementedError, "subclass did not define #allow?"
+      end
+    end
+  end
+end

lib/ood_core/acl_adapters/group_adapter.rb

@@ -0,0 +1,52 @@
+require "ood_core/refinements/hash_extensions"
+require "ood_core/acl_adapters/abstract_adapter"
+
+module OodCore
+  class AclFactory
+    using Refinements::HashExtensions
+
+    # Build the group acl adapter from a configuration
+    # @param config [#to_h] the configuration for an acl adapter
+    # @option config [Array<#to_s>] :groups The list of groups
+    # @option config [#to_s] :type ('whitelist') The type of ACL ('whitelist' or 'blacklist')
+    def self.build_group(config)
+      c = config.to_h.symbolize_keys
+
+      groups = c.fetch(:groups) { raise ArgumentError, "No groups specified. Missing argument: groups" }.map(&:to_s)
+      acl = OodSupport::ACL.new(entries: groups.map { |g| OodSupport::ACLEntry.new principle: g })
+
+      type   = c.fetch(:type, "whitelist").to_s
+      if type == "whitelist"
+        allow = true
+      elsif type == "blacklist"
+        allow = false
+      else
+        raise ArgumentError, "Invalid type specified. Valid types: whitelist, blacklist"
+      end
+
+      OodCore::AclAdapters::GroupAdapter.new(acl: acl, allow: allow)
+    end
+  end
+
+  module AclAdapters
+    # An adapter object that describes a group permission ACL
+    class GroupAdapter < AbstractAdapter
+      using Refinements::HashExtensions
+
+      # @param opts [#to_h] the options defining this adapter
+      # @option opts [OodSupport::ACL] :acl The ACL permission
+      # @option opts [Boolean] :allow (true) Whether this ACL allows access
+      def initialize(opts)
+        o = opts.to_h.symbolize_keys
+        @acl = o.fetch(:acl) { raise ArgumentError, "No acl specified. Missing argument: acl" }
+        @allow = o.fetch(:allow, true)
+      end
+
+      # Whether this ACL allows the active user access based on their groups
+      # @return [Boolean] whether principle is allowed
+      def allow?
+        !( OodSupport::User.new.groups.map(&:to_s).any? { |g| @acl.allow?(principle: g) } ^ @allow )
+      end
+    end
+  end
+end

lib/ood_core/acl_factory.rb

@@ -0,0 +1,39 @@
+require "ood_core/refinements/hash_extensions"
+
+module OodCore
+  # A factory that builds acl adapter objects from a configuration.
+  class AclFactory
+    using Refinements::HashExtensions
+
+    class << self
+      # Build an acl adapter from a configuration
+      # @param config [#to_h] configuration describing acl adapter
+      # @option config [#to_s] :adapter The acl adapter to use
+      # @raise [AdapterNotSpecified] if no adapter is specified
+      # @raise [AdapterNotFound] if the specified adapter does not exist
+      # @return [AclAdapters::AbstractAdapter] the acl adapter object
+      def build(config)
+        c = config.to_h.symbolize_keys
+
+        adapter = c.fetch(:adapter) { raise AdapterNotSpecified, "acl configuration does not specify adapter" }.to_s
+
+        path_to_adapter = "ood_core/acl_adapters/#{adapter}_adapter"
+        begin
+          require path_to_adapter
+        rescue Gem::LoadError => e
+          raise Gem::LoadError, "Specified '#{adapter}' for acl adapter, but the gem is not loaded."
+        rescue LoadError => e
+          raise LoadError, "Could not load '#{adapter}'. Make sure that the acl adapter in the configuration file is valid."
+        end
+
+        adapter_method = "build_#{adapter}"
+
+        unless respond_to?(adapter_method)
+          raise AdapterNotFound, "acl configuration specifies nonexistent #{adapter} adapter"
+        end
+
+        send(adapter_method, c)
+      end
+    end
+  end
+end

lib/ood_core/cluster.rb

@@ -0,0 +1,143 @@
+require "ostruct"
+
+require "ood_core/refinements/hash_extensions"
+
+module OodCore
+  # An object that describes a cluster and its given features that third-party
+  # code can take advantage of.
+  class Cluster
+    using Refinements::HashExtensions
+
+    # The unique identifier for a given cluster
+    # @return [Symbol] the cluster id
+    attr_reader :id
+
+    # Metadata configuration providing descriptive information about cluster
+    # @return [Hash] the metadata configuration
+    attr_reader :metadata_config
+
+    # The login configuration used for this cluster
+    # @return [Hash] the login configuration
+    attr_reader :login_config
+
+    # The job adapter configuration used for this cluster
+    # @return [Hash] the job configuration
+    attr_reader :job_config
+
+    # The acls configuration describing the permissions for this cluster
+    # @return [Hash] the acls configuration
+    attr_reader :acls_config
+
+    # @param cluster [#to_h] the cluster object
+    # @option cluster [#to_sym] :id The cluster id
+    # @option cluster [#to_h] :metadata ({}) The cluster's metadata
+    # @option cluster [#to_h] :login ({}) The cluster's SSH host
+    # @option cluster [#to_h] :job ({}) The job adapter for this cluster
+    # @option cluster [#to_h] :custom ({}) Any custom resources for this cluster
+    # @option cluster [Array<#to_h>] :acls ([]) List of ACLs to validate against
+    def initialize(cluster)
+      c = cluster.to_h.symbolize_keys
+
+      # Required options
+      @id = c.fetch(:id) { raise ArgumentError, "No id specified. Missing argument: id" }.to_sym
+
+      # General options
+      @metadata_config = c.fetch(:metadata, {}).to_h.symbolize_keys
+      @login_config    = c.fetch(:login, {})   .to_h.symbolize_keys
+      @job_config      = c.fetch(:job, {})     .to_h.symbolize_keys
+      @custom_config   = c.fetch(:custom, {})  .to_h.symbolize_keys
+      @acls_config     = c.fetch(:acls, [])    .map(&:to_h)
+    end
+
+    # Metadata that provides extra information about this cluster
+    # @return [OpenStruct] the metadata
+    def metadata
+      OpenStruct.new metadata_config
+    end
+
+    # The login used for this cluster
+    # @return [OpenStruct] the login
+    def login
+      OpenStruct.new(login_config)
+    end
+
+    # Whether the login feature is allowed
+    # @return [Boolean] is login allowed
+    def login_allow?
+      allow? && !login.empty?
+    end
+
+    # Build a job adapter from the job configuration
+    # @return [JobAdapters::AbstractAdapter] the job adapter
+    def job_adapter
+      JobFactory.build(job_config)
+    end
+
+    # Whether the job feature is allowed based on the ACLs
+    # @return [Boolean] is the job feature allowed
+    def job_allow?
+      allow? &&
+        !job_config.empty? &&
+        build_acls(job_config.fetch(:acls, []).map(&:to_h)).all?(&:allow?)
+    end
+
+    # The configuration for any custom features or resources for this cluster
+    # @param feature [#to_sym, nil] the feature or resource
+    # @return [Hash] configuration for custom feature or resource
+    def custom_config(feature = nil)
+      feature ? @custom_config.fetch(feature.to_sym, {}).to_h.symbolize_keys : @custom_config
+    end
+
+    # Whether the custom feature is allowed based on the ACLs
+    # @return [Boolean] is this custom feature allowed
+    def custom_allow?(feature)
+      allow? &&
+        !custom_config(feature).empty? &&
+        build_acls(custom_config(feature).fetch(:acls, []).map(&:to_h)).all?(&:allow?)
+    end
+
+    # Build the ACL adapters from the ACL list configuration
+    # @return [Array<AclAdapters::AbstractAdapter>] the acl adapter list
+    def acls
+      build_acls acls_config
+    end
+
+    # Whether this cluster is allowed to be used
+    # @return [Boolean] whether cluster is allowed
+    def allow?
+      acls.all?(&:allow?)
+    end
+
+    # The comparison operator
+    # @param other [#to_sym] object to compare against
+    # @return [Boolean] whether objects are equivalent
+    def ==(other)
+      id == other.to_sym
+    end
+
+    # Convert object to symbol
+    # @return [Symbol] the symbol describing this object
+    def to_sym
+      id
+    end
+
+    # Convert object to hash
+    # @return [Hash] the hash describing this object
+    def to_h
+      {
+        id:        id,
+        metadata:  metadata_config,
+        login:     login_config,
+        job:       job_config,
+        custom:    custom_config,
+        acls:      acls_config
+      }
+    end
+
+    private
+      # Build acl adapter objects from array
+      def build_acls(ary)
+        ary.map { |a| AclFactory.build a }
+      end
+  end
+end