def grant_to_model(user, controller):
try:
LOGGER.info('/USERS/%s/controllers/%s/models [PUT] => receiving call',
user, controller)
data = request.json
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS/%s/controllers/%s/models [PUT] => Authenticated!',
user, controller)
con = juju.authorize(token, controller)
LOGGER.info('/USERS/%s/controllers/%s/models [PUT] => Authorized!',
user, controller)
if (token.is_admin or con.c_access == 'superuser') and 'admin' != user:
if juju.user_exists(user):
juju.set_models_access(token, con, user, data)
LOGGER.info(
'/USERS/%s/controllers/%s/models [PUT] => Setting model access, check set_model_access.log for more information!',
user, controller)
code, response = 202, 'The model access is being changed'
else:
code, response = errors.does_not_exist('user')
LOGGER.error(
'/USERS/%s/controllers/%s/models [PUT] => User %s does not exist!',
user, controller, user)
else:
user_access = juju.get_models_access(con, user)
if juju.user_exists(user):
for mod in data:
if not mod['name'] in user_access:
LOGGER.error(
'/USERS/%s/controllers/%s/models [PUT] => No Permission to perform this action!',
user, controller)
code, response = errors.no_permission()
return juju.create_response(code, response)
juju.set_models_access(token, con, user, data)
LOGGER.info(
'/USERS/%s/controllers/%s/models [PUT] => Setting model access, check set_model_access.log for more information!',
user, controller)
code, response = 202, 'The model access is being changed'
else:
code, response = errors.does_not_exist('user')
LOGGER.error(
'/USERS/%s/controllers/%s/models [PUT] => User %s does not exist!',
user, controller, user)
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def get_users_info():
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
code, response = 200, execute_task(juju.get_users_info, token)
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def get_credentials(user):
try:
LOGGER.info('/USERS/%s/credentials [GET] => receiving call', user)
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS/%s/credentials [GET] => Authenticated!', user)
if token.is_admin or token.username == user:
if juju.user_exists(user):
code, response = 200, juju.get_credentials(user)
LOGGER.info(
'/USERS/%s/credentials [GET] => Succesfully retrieved credentials!',
user)
else:
code, response = errors.does_not_exist('user')
LOGGER.error(
'/USERS/%s/credentials [GET] => User %s does not exist!',
user, user)
else:
code, response = errors.no_permission()
LOGGER.error(
'/USERS/%s/credentials [GET] => No Permission to perform this action!',
user)
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def update_ssh_keys(user):
try:
LOGGER.info('/USERS/%s/ssh-keys [PUT] => receiving call', user)
data = request.json
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS/%s/ssh-keys [PUT] => Authenticated!', user)
if token.is_admin or token.username == user:
if juju.user_exists(user):
for key in data['ssh-keys']:
try:
fp_key = base64.b64decode(
key.strip().split()[1].encode('ascii'))
fp_plain = hashlib.md5(fp_key).hexdigest()
output = ':'.join(
a + b
for a, b in zip(fp_plain[::2], fp_plain[1::2]))
except Exception:
code, response = errors.invalid_ssh_key(key)
return juju.create_response(code, response)
juju.update_ssh_keys_user(user, data['ssh-keys'])
LOGGER.info(
'/USERS/%s/ssh-keys [PUT] => SSH-keys are being updated, check update_ssh_keys.log for more information!',
user)
code, response = 202, 'SSH-keys are being updated'
else:
code, response = errors.does_not_exist('user')
LOGGER.error(
'/USERS/%s/ssh-keys [PUT] => User %s does not exist!',
user, user)
else:
code, response = errors.no_permission()
LOGGER.error(
'/USERS/%s/ssh-keys [PUT] => No Permission to perform this action!',
user)
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def get_ssh_keys(user):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
if token.is_admin or token.username == user:
code, response = 200, execute_task(juju.get_ssh_keys_user, user)
else:
code, response = errors.unauthorized()
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def get_credentials(user):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
usr = juju.check_input(user)
if token.is_admin or token.username == usr:
code, response = 200, juju.execute_task(juju.get_credentials, token, usr)
else:
code, response = errors.unauthorized()
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def get_bundle(bundle):
res = requests.get('https://api.github.com/repos/{}/{}'.format(REPO, bundle))
if res.status_code == 200:
data = {
'name': res.json()['name'],
'description': res.json()['description'],
'json': get_json(res.json()['name']),
'logo': None
}
return create_response(200, data)
else:
abort(404, 'The bundle {}:{} could not be found'.format(REPO, bundle))
def remove_credential(user):
data = request.json
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
usr = juju.check_input(user)
if token.is_admin or token.username == usr:
execute_task(juju.remove_credential, usr, data['name'])
code, response = 202, 'Process being handeled'
else:
code, response = errors.unauthorized()
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def reactivate_user():
data = request.json
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
user = juju.check_input(data['username'])
if token.is_admin:
if execute_task(juju.user_exists, user):
execute_task(juju.enable_user, token, user)
code, response = 200, 'User {} succesfully activated'.format(user)
else:
code, response = errors.unauthorized()
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def get_user_info(user):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
user = juju.check_input(user)
if execute_task(juju.user_exists, user):
if user == token.username or token.is_admin:
code, response = 200, execute_task(juju.get_user_info, user)
else:
code, response = errors.unauthorized()
else:
code, response = errors.does_not_exist('user')
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def index():
try:
if request.headers['api-key'] == settings.API_KEY:
code, response = 200, {
'version': "1.0.0", # see http://semver.org/
'used_apis': get_apis(),
'controllers': get_controllers()
}
else:
error = unauthorized()
abort(error[0], error[1])
except KeyError:
code, response = invalid_data()
return create_response(code, response)
def get_ucontroller_access(user, controller):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
con = execute_task(juju.authorize, token, juju.check_input(controller))
usr = juju.check_input(user)
if execute_task(juju.user_exists, usr):
if token.is_admin or token.username == usr:
code, response = 200, execute_task(juju.get_ucontroller_access, con, usr)
else:
code, response = errors.unauthorized()
else:
code, response = errors.does_not_exist('user')
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def change_user_password(user):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
usr = juju.check_input(user)
if execute_task(juju.user_exists, usr):
if usr == token.username or token.is_admin:
execute_task(juju.change_user_password, token, usr, request.json['password'])
code, response = 200, 'succesfully changed password for user {}'.format(usr)
else:
code, response = errors.unauthorized()
else:
code, response = errors.does_not_exist('user')
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def get_bundles():
i = 1
res = requests.get('https://api.github.com/orgs/{}/repos'.format(REPO))
data = []
while res.json() != [] and res.status_code == 200:
for b in res.json():
if 'bundle' in b['name']:
data.append({
'name': b['name'],
'description': b['description'],
'json': get_json(b['name']),
'logo': None
})
i += 1
res = requests.get('https://api.github.com/orgs/{}/repos?page={}'.format(REPO, i))
return create_response(200, data)
def login():
try:
LOGGER.info('/USERS/login [POST] => receiving call')
execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
code, response = 200, 'Success'
LOGGER.info('/USERS/login [POST] => Succesfully logged in!')
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def grant_to_model(user, controller, model):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
con, mod = execute_task(juju.authorize, token, juju.check_input(controller), juju.check_input(model))
usr = juju.check_input(user)
if (token.is_admin or mod.m_access == 'admin' or con.c_access == 'superuser') and user != 'admin':
access = juju.check_access(request.json['access'])
if execute_task(juju.user_exists, user):
execute_task(juju.add_user_to_model, token, con, mod, usr, access)
code, response = 202, 'Process being handeled'
else:
code, response = errors.does_not_exist('user')
else:
code, response = errors.unauthorized()
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def grant_to_controller(user, controller):
try:
LOGGER.info('/USERS/%s/controllers/%s [PUT] => receiving call', user,
controller)
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS/%s/controllers/%s [PUT] => Authenticated!', user,
controller)
con = juju.authorize(token, controller)
LOGGER.info('/USERS/%s/controllers/%s [PUT] => Authorized!', user,
controller)
if (token.is_admin or con.c_access == 'superuser') and 'admin' != user:
if juju.user_exists(user):
if request.json['access'] and juju.c_access_exists(
request.json['access'].lower()):
juju.grant_user_to_controller(
token, con, user, request.json['access'].lower())
LOGGER.info(
'/USERS/%s/controllers/%s [PUT] => Changing user access, check set_controller_access.log for more information!',
user, controller)
code, response = 202, 'The user\'s access is being changed'
else:
LOGGER.error(
'/USERS/%s/controllers/%s [PUT] => Invalid access data provided : %s',
user, controller, request.json['access'])
code, response = errors.invalid_access('access')
else:
LOGGER.error(
'/USERS/%s/controllers/%s [PUT] => User %s does not exist',
user, controller, user)
code, response = errors.does_not_exist('user')
else:
LOGGER.error(
'/USERS/%s/controllers/%s [PUT] => No Permission to perform this action',
user, controller)
code, response = errors.no_permission()
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def delete_user(user):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
usr = juju.check_input(user)
if token.is_admin:
if execute_task(juju.user_exists, usr):
if usr != 'admin':
execute_task(juju.delete_user, token, usr)
code, response = 200, 'User {} succesfully removed'.format(usr)
else:
code, response = 403, 'This would remove the admin from the system!'
else:
code, response = errors.does_not_exist('user')
else:
code, response = errors.unauthorized()
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def get_users_info():
try:
LOGGER.info('/USERS [GET] => receiving call')
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS [GET] => Authenticated!')
code, response = 200, juju.get_users_info(token)
LOGGER.info('/USERS [GET] => Succesfully retieved all users!')
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def revoke_from_controller(user, controller):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
con = execute_task(juju.authorize, token, juju.check_input(controller))
usr = juju.check_input(user)
if (token.is_admin or con.c_access == 'superuser' or token.username == usr) and usr != 'admin':
if execute_task(juju.user_exists, usr):
execute_task(con.connect, token)
execute_task(juju.remove_user_from_controller, token, con, usr)
code, response = 200, execute_task(juju.remove_user_from_controller, con, usr)
execute_task(con.disconnect)
else:
code, response = errors.does_not_exist('user')
else:
code, response = errors.unauthorized()
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def create_user():
try:
LOGGER.info('/USERS [POST] => receiving call')
data = request.json
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS [POST] => Authenticated!')
valid, user = juju.check_input(data['username'], "username")
if token.is_admin:
if valid:
if juju.user_exists(user):
code, response = errors.already_exists('user')
LOGGER.error(
'/USERS [POST] => Username %s already exists!', user)
elif data['password']:
LOGGER.info(
'/USERS [POST] => Creating user %s, check add_user.log for more information!',
user)
juju.create_user(user, data['password'])
code, response = 202, 'User {} is being created'.format(
user)
else:
code, response = errors.empty()
LOGGER.error('/USERS [POST] => Password cannot be empty!')
else:
code, response = 400, user
LOGGER.error(
'/USERS [POST] => Username does not have the correct format!'
)
else:
code, response = errors.no_permission()
LOGGER.error(
'/USERS [POST] => No Permission to perform this action!')
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def revoke_from_model(user, controller, model):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
con, mod = execute_task(juju.authorize, token, juju.check_input(controller), juju.check_input(model))
usr = juju.check_input(user)
if execute_task(juju.user_exists, usr):
if (mod.m_access == 'admin' or mod.c_access == 'superuser') and user != 'admin':
execute_task(con.connect, token)
execute_task(mod.connect, token)
execute_task(juju.remove_user_from_model, con, mod, usr)
code, response = 200, 'Revoked access for user {} on model {}'.format(usr, model)
execute_task(con.disconnect)
execute_task(mod.disconnect)
else:
code, response = errors.unauthorized()
else:
code, response = errors.does_not_exist('user')
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def get_model_access(user, controller, model):
try:
LOGGER.info(
'/USERS/%s/controllers/%s/models/%s [GET] => receiving call!',
user, controller, model)
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info(
'/USERS/%s/controllers/%s/models/%s [GET] => Authenticated!', user,
controller, model)
con, mod = juju.authorize(token, controller, model)
LOGGER.info('/USERS/%s/controllers/%s/models/%s [GET] => Authorized!',
user, controller, model)
if token.is_admin or token.username == user or mod.access == 'admin' or con.access == 'superuser':
if juju.user_exists(user):
access = juju.get_model_access(mod.m_name, con.c_name, user)
code, response = 200, {'access': access}
LOGGER.info(
'/USERS/%s/controllers/%s/models/%s [GET] => Succesfully retrieved model access!',
user, controller, model)
else:
code, response = errors.does_not_exist('user')
LOGGER.error(
'/USERS/%s/controllers/%s/models/%s [GET] => User %s does not exist!',
user, controller, model, user)
else:
code, response = errors.no_permission()
LOGGER.error(
'/USERS/%s/controllers/%s/models/%s [GET] => No Permission to perform this action!',
user, controller, model)
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def change_user_password(user):
try:
LOGGER.info('/USERS/%s [PUT] => receiving call', user)
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS/%s [PUT] => Authenticated!', user)
if user == token.username or token.is_admin:
if juju.user_exists(user):
pwd = request.json['password']
if pwd:
execute_task(juju.change_user_password, token, user, pwd)
code, response = 200, 'Succesfully changed password for user {}'.format(
user)
LOGGER.info(
'/USERS/%s [PUT] => Succesfully changed password for user %s!',
user, user)
else:
code, response = errors.empty()
LOGGER.error(
'/USERS/%s [PUT] => User password can\'t be empty!',
user)
else:
code, response = errors.does_not_exist('user')
LOGGER.error('/USERS/%s [PUT] => User %s does not exist!',
user, user)
else:
code, response = errors.no_permission()
LOGGER.error(
'/USERS/%s [PUT] => No Permission to perform this action!',
user)
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def add_credential(user):
try:
LOGGER.info('/USERS/%s/credentials [POST] => receiving call', user)
data = request.json
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS/%s/credentials [POST] => Authenticated!', user)
if token.is_admin or token.username == user:
if juju.user_exists(user):
if not juju.credential_exists(user, data['name']):
juju.add_credential(user, data)
LOGGER.info(
'/USERS/%s/credentials [POST] => Adding credentials, check add_credential.log for more information!',
user)
code, response = 202, 'Credentials are being added'
else:
code, response = errors.already_exists('credential')
LOGGER.error(
'/USERS/%s/credentials [POST] => Credential for User %s already exists!',
user, user)
else:
code, response = errors.does_not_exist('user')
LOGGER.error(
'/USERS/%s/credentials [POST] => User %s does not exist!',
user, user)
else:
code, response = errors.no_permission()
LOGGER.error(
'/USERS/%s/credentials [POST] => No Permission to perform this action!',
user)
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def delete_user(user):
try:
LOGGER.info('/USERS/%s [DELETE] => receiving call', user)
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS/%s [DELETE] => Authenticated!', user)
if token.is_admin:
if juju.user_exists(user):
if user != 'admin':
juju.delete_user(user)
code, response = 202, 'User {} is being removed'.format(
user)
LOGGER.info(
'/USERS/%s [DELETE] => User %s is being removed!',
user, user)
else:
code, response = 403, 'This would remove the admin from the system!'
LOGGER.error(
'/USERS/%s [DELETE] => This would remove the admin from the system!',
user)
else:
code, response = errors.does_not_exist('user')
LOGGER.error('/USERS/%s [DELETE] => User %s does not exist!',
user, user)
else:
code, response = errors.no_permission()
LOGGER.error(
'/USERS/%s [DELETE] => No Permission to perform this action!',
user)
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def remove_credential(user, credential):
try:
LOGGER.info('/USERS/%s/credentials/%s [DELETE] => receiving call',
user, credential)
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS/%s/credentials/%s [DELETE] => Authenticated!',
user, credential)
if token.is_admin or token.username == user:
if juju.user_exists(user):
if juju.credential_exists(user, credential):
juju.remove_credential(user, credential)
LOGGER.info(
'/USERS/%s/credentials/%s [DELETE] => Removing credential, check remove_credential.log for more information!',
user, credential)
code, response = 202, 'Credentials are being removed'
else:
code, response = errors.does_not_exist('credential')
else:
code, response = errors.does_not_exist('user')
LOGGER.error(
'/USERS/%s/credentials/%s [DELETE] => User %s does not exist!',
user, credential, user)
else:
code, response = errors.no_permission()
LOGGER.error(
'/USERS/%s/credentials/%s [DELETE] => No Permission to perform this action!',
user, credential)
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
