Challenges: Add API to create AWS federated user for docker based challenges (Cloud-CV#2099)

Author: deshraj

apps/challenges/urls.py

@@ -56,4 +56,7 @@
         views.get_broker_url_by_challenge_pk, name='get_broker_url_by_challenge_pk'),
     url(r'^get_broker_urls/$',
         views.get_broker_urls, name='get_broker_urls'),
+    url(r'^phases/(?P<phase_pk>[0-9]+)/participant_team/aws/credentials/$',
+        views.get_aws_credentials_for_participant_team,
+        name='get_aws_credentials_for_participant_team'),
 ]

apps/challenges/utils.py

@@ -2,13 +2,15 @@
 
 import boto3
 import json
+import logging
 
 from botocore.exceptions import ClientError
 
 from base.utils import get_model_object
 
 from .models import Challenge, ChallengePhase, Leaderboard, DatasetSplit, ChallengePhaseSplit
 
+logger = logging.getLogger(__name__)
 
 get_challenge_model = get_model_object(Challenge)
 
@@ -39,6 +41,23 @@ def convert_to_aws_ecr_compatible_format(string):
     return string.replace(" ", "-").lower()
 
 
+def convert_to_aws_federated_user_format(string):
+    '''Make string compatible with AWS ECR repository naming
+
+    Arguments:
+        string {string} -- Desired ECR repository name
+
+    Returns:
+        string -- Valid ECR repository name
+    '''
+    string = string.replace(" ", "-")
+    result = ""
+    for ch in string:
+        if ch.isalnum() or ch in ['=', ',', '.', '@', '-']:
+            result += ch
+    return result
+
+
 def get_or_create_ecr_repository(name, region_name='us-east-1'):
     '''Get or create AWS ECR Repository
 
@@ -77,6 +96,8 @@ def get_or_create_ecr_repository(name, region_name='us-east-1'):
             response = client.create_repository(repositoryName=name)
             repository = response['repository']
             created = True
+        else:
+            logger.exception(e)
     return (repository, created)
 
 
@@ -117,7 +138,7 @@ def create_federated_user(name, repository):
     '''
     AWS_ACCOUNT_ID = os.environ.get('AWS_ACCOUNT_ID')
     policy = {
-        "Version": "2019-02-07",
+        "Version": "2012-10-17",
         "Statement": [
             {
                 "Effect": "Allow",
@@ -135,8 +156,8 @@ def create_federated_user(name, repository):
     }
     client = boto3.client('sts')
     response = client.get_federation_token(
-        Name=name,
+        Name=convert_to_aws_federated_user_format(name),
         Policy=json.dumps(policy),
-        DurationSeconds=3600
+        DurationSeconds=43200,
     )
     return response

apps/challenges/views.py

@@ -64,7 +64,8 @@
                           ZipChallengePhaseSplitSerializer,)
 from .utils import (get_file_content,
                     get_or_create_ecr_repository,
-                    convert_to_aws_ecr_compatible_format,)
+                    convert_to_aws_ecr_compatible_format,
+                    create_federated_user,)
 
 logger = logging.getLogger(__name__)
 
@@ -1376,3 +1377,37 @@ def get_broker_url_by_challenge_pk(request, challenge_pk):
 
         response_data = [challenge.queue]
         return Response(response_data, status=status.HTTP_200_OK)
+
+
+@api_view(['GET'])
+@throttle_classes([UserRateThrottle])
+@permission_classes((permissions.IsAuthenticated, HasVerifiedEmail))
+@authentication_classes((ExpiringTokenAuthentication,))
+def get_aws_credentials_for_participant_team(request, phase_pk):
+    """
+    Returns:
+        Dictionary containing AWS credentials for the participant team for a particular challenge
+    """
+
+    challenge_phase = get_challenge_phase_model(phase_pk)
+
+    challenge = challenge_phase.challenge
+    participant_team_pk = get_participant_team_id_of_user_for_a_challenge(
+        request.user, challenge.pk)
+
+    if not challenge.is_docker_based:
+        response_data = {'error': 'Sorry, this is not a docker based challenge.'}
+        return Response(response_data, status=status.HTTP_400_BAD_REQUEST)
+
+    if participant_team_pk is None:
+        response_data = {'error': 'You have not participated in this challenge.'}
+        return Response(response_data, status=status.HTTP_400_BAD_REQUEST)
+
+    participant_team = ParticipantTeam.objects.get(id=participant_team_pk)
+    federated_user = create_federated_user(participant_team.team_name, participant_team.get_docker_repository_name())
+    data = {
+        'federated_user': federated_user,
+        'docker_repository_uri': participant_team.docker_repository_uri
+    }
+    response_data = {'success': data}
+    return Response(response_data, status=status.HTTP_200_OK)

apps/participants/models.py

@@ -48,6 +48,12 @@ def get_all_participants_email(self):
         email_ids = Participant.objects.filter(team=self).values_list('user__email', flat=True)
         return list(email_ids)
 
+    def get_docker_repository_name(self):
+        if self.docker_repository_uri != "":
+            return self.docker_repository_uri.split("/")[-1]
+        else:
+            return None
+
     class Meta:
         app_label = 'participants'
         db_table = 'participant_team'