feat(rest): add quota management endpoints (#748)

Closes #747

Author: CameronMcClymont

docs/conf.py

@@ -230,6 +230,7 @@
     "reana_server.rest.status",
     "reana_server.rest.users",
     "reana_server.rest.workflows",
+    "reana_server.rest.quota",
 ]
 
 

docs/openapi.json

@@ -1032,6 +1032,209 @@
         "summary": "Ping the server (healthcheck)"
       }
     },
+    "/api/quota": {
+      "get": {
+        "description": "This endpoint gets resource quota limits for a given user.",
+        "operationId": "list_quota_usage",
+        "parameters": [
+          {
+            "description": "REANA access token.",
+            "in": "query",
+            "name": "access_token",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "Get the quota limit by user ID (mutually exclusive with `email` and `user_access_token`)",
+            "in": "query",
+            "name": "user_id",
+            "required": false,
+            "type": "string"
+          },
+          {
+            "description": "Get the quota limit by user email (mutually exclusive with `user_id` and `user_access_token`)",
+            "in": "query",
+            "name": "email",
+            "required": false,
+            "type": "string"
+          },
+          {
+            "description": "Get the quota limit by user access token (mutually exclusive with `user_id` and `email`)",
+            "in": "query",
+            "name": "user_access_token",
+            "required": false,
+            "type": "string"
+          },
+          {
+            "description": "The type of resource",
+            "in": "query",
+            "name": "resource_type",
+            "required": true,
+            "type": "string"
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "Request succeeded. Raw resource quota limit is returned.",
+            "examples": {
+              "application/json": {
+                "data": 1000000000,
+                "message": "",
+                "status": "200"
+              }
+            },
+            "schema": {
+              "properties": {
+                "data": {
+                  "type": "number"
+                },
+                "message": {
+                  "type": "string"
+                },
+                "status": {
+                  "type": "string"
+                }
+              },
+              "type": "object"
+            }
+          },
+          "400": {
+            "description": "Request failed. The incoming data specification seems malformed.",
+            "examples": {
+              "application/json": {
+                "message": "No user specified."
+              }
+            },
+            "schema": {
+              "properties": {
+                "message": {
+                  "type": "string"
+                }
+              },
+              "type": "object"
+            }
+          },
+          "404": {
+            "description": "Request failed. Not found.",
+            "examples": {
+              "application/json": {
+                "message": "Quota functionality is not enabled."
+              }
+            },
+            "schema": {
+              "properties": {
+                "message": {
+                  "type": "string"
+                }
+              },
+              "type": "object"
+            }
+          },
+          "500": {
+            "description": "Request failed. Internal server error.",
+            "examples": {
+              "application/json": {
+                "message": "Internal server error."
+              }
+            },
+            "schema": {
+              "properties": {
+                "message": {
+                  "type": "string"
+                }
+              },
+              "type": "object"
+            }
+          }
+        },
+        "summary": "Get resource quota limits."
+      },
+      "post": {
+        "description": "This endpoint sets resource quota limits for a given set of users.",
+        "operationId": "set_quota_limit",
+        "parameters": [
+          {
+            "description": "REANA access token.",
+            "in": "query",
+            "name": "access_token",
+            "required": true,
+            "type": "string"
+          },
+          {
+            "description": "Data required to set quota limits.",
+            "in": "body",
+            "name": "data",
+            "required": true,
+            "schema": {
+              "additionalProperties": {
+                "description": "Quota limit definition.",
+                "properties": {
+                  "emails": {
+                    "description": "Emails of the target users (mutually exclusive with `user_ids`)",
+                    "type": "string"
+                  },
+                  "limit": {
+                    "description": "Raw quota limit to set",
+                    "type": "integer"
+                  },
+                  "resource_type": {
+                    "description": "Resource type to set",
+                    "type": "string"
+                  },
+                  "user_ids": {
+                    "description": "IDs of the target users (mutually exclusive with `emails`)",
+                    "type": "string"
+                  }
+                },
+                "type": "object"
+              },
+              "type": "object"
+            }
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "Resource quotas successfully set.",
+            "examples": {
+              "application/json": {
+                "message": "Quota limit {limit} for '{resource_type} ({resource_name})' successfully set to user(s) {user_ids}."
+              }
+            },
+            "schema": {
+              "properties": {
+                "message": {
+                  "type": "string"
+                }
+              },
+              "type": "object"
+            }
+          },
+          "500": {
+            "description": "Request failed. Internal server error.",
+            "examples": {
+              "application/json": {
+                "message": "Quota could not be set: {error}"
+              }
+            },
+            "schema": {
+              "properties": {
+                "message": {
+                  "type": "string"
+                }
+              },
+              "type": "object"
+            }
+          }
+        },
+        "summary": "Set resource quota limits."
+      }
+    },
     "/api/secrets": {
       "get": {
         "description": "Get user secrets.",

modules/reana-commons

@@ -0,0 +1 @@
+Subproject commit d009e4474d94be7e0a3411801eae9cc0007acf1c

modules/reana-db

@@ -0,0 +1 @@
+Subproject commit b13bb3bae824ee2eb39aa8328bbda111c1b80f75

reana_server/config.py

@@ -99,6 +99,9 @@
 )
 """Maximum number of threads for one Dask worker."""
 
+REANA_ADMIN_QUOTA_MANAGER = os.getenv("REANA_ADMIN_QUOTA_MANAGER", "")
+"""Secret used to authenticate the admin user when setting quota limits."""
+
 REANA_KUBERNETES_JOBS_MEMORY_LIMIT = os.getenv("REANA_KUBERNETES_JOBS_MEMORY_LIMIT")
 """Maximum memory limit for user job containers for workflow complexity estimation."""
 

reana_server/factory.py

@@ -72,6 +72,7 @@ def create_minimal_app(config_mapping=None):
         workflows,
         info,
         launch,
+        quota,
     )  # noqa
 
     app.register_blueprint(ping.blueprint, url_prefix="/api")
@@ -83,6 +84,7 @@ def create_minimal_app(config_mapping=None):
     app.register_blueprint(status.blueprint, url_prefix="/api")
     app.register_blueprint(info.blueprint, url_prefix="/api")
     app.register_blueprint(launch.blueprint, url_prefix="/api")
+    app.register_blueprint(quota.blueprint, url_prefix="/api")
 
     @app.teardown_appcontext
     def shutdown_session(response_or_exc):

reana_server/reana_admin/cli.py

@@ -37,7 +37,6 @@
     AuditLogAction,
     QuotaHealth,
     Resource,
-    ResourceType,
     User,
     UserResource,
     UserTokenStatus,
@@ -67,6 +66,7 @@
     _validate_email,
     _validate_password,
     create_user_workspace,
+    _set_quota_limit,
 )
 
 
@@ -565,76 +565,17 @@ def set_quota_limit(
     ctx, emails, resource_type, resource_name, limit, admin_access_token
 ):
     """Set quota limits to the given users per resource."""
-    try:
-        for email in emails:
-            error_msg = None
-            resource = None
-            user = _get_user_by_criteria(None, email)
-
-            if resource_name:
-                resource = Resource.query.filter_by(name=resource_name).one_or_none()
-            elif resource_type in ResourceType._member_names_:
-                resources = Resource.query.filter_by(type_=resource_type).all()
-                if resources and len(resources) > 1:
-                    click.secho(
-                        f"ERROR: There are more than one `{resource_type}` resource. "
-                        "Please provide resource name with `--resource-name` option to specify the exact resource.",
-                        fg="red",
-                        err=True,
-                    )
-                    sys.exit(1)
-                else:
-                    resource = resources[0]
-
-            if not user:
-                error_msg = f"ERROR: Provided user {email} does not exist."
-            elif not resource:
-                resources = [
-                    f"{resource.type_.name} ({resource.name})"
-                    for resource in Resource.query
-                ]
-                error_msg = (
-                    f"ERROR: Provided resource `{resource_name or resource_type}` does not exist. "
-                    if resource_name or resource_type
-                    else "ERROR: Please provide a resource. "
-                )
-                error_msg += f"Available resources are: {', '.join(resources)}."
-            if error_msg:
-                click.secho(
-                    error_msg,
-                    fg="red",
-                    err=True,
-                )
-                sys.exit(1)
+    msg, status_code, fatal = _set_quota_limit(
+        resource_type, resource_name, limit, emails=emails
+    )
+    click.secho(
+        msg,
+        fg="green" if status_code == 200 else "red",
+        err=False if status_code == 200 else True,
+    )
 
-            user_resource = UserResource.query.filter_by(
-                user=user, resource=resource
-            ).one_or_none()
-            if user_resource:
-                user_resource.quota_limit = limit
-                Session.add(user_resource)
-            else:
-                # Create user resource in case there isn't one. Useful for old users.
-                user.resources.append(
-                    UserResource(
-                        user_id=user.id_,
-                        resource_id=resource.id_,
-                        quota_limit=limit,
-                        quota_used=0,
-                    )
-                )
-        Session.commit()
-        click.secho(
-            f"Quota limit {limit} for '{resource.type_.name} ({resource.name})' successfully set to users {emails}.",
-            fg="green",
-        )
-    except Exception as e:
-        logging.debug(traceback.format_exc())
-        logging.debug(str(e))
-        click.echo(
-            click.style("Quota could not be set: \n{}".format(str(e)), fg="red"),
-            err=True,
-        )
+    if fatal:
+        sys.exit(1)
 
 
 @reana_admin.command(