def _create_roles(authorization_file_path):
with open(authorization_file_path) as f:
roles = load(f)['roles']
for role in roles:
user_datastore.find_or_create_role(name=role['name'])
# return the first role, which is the strongest
return user_datastore.find_role(roles[0]['name'])
def authorize(self, user, request, tenant_name=None):
logger = current_app.logger
logger.debug('Tenant authorization for {0}'.format(user))
admin_role = user_datastore.find_role(ADMIN_ROLE)
if tenant_name is None:
tenant_name = request.headers.get(CLOUDIFY_TENANT_HEADER)
if not tenant_name:
raise raise_unauthorized_user_error(
'a Tenant name was not provided')
try:
tenant = get_storage_manager().get(
Tenant,
tenant_name,
filters={'name': tenant_name}
)
except NotFoundError:
raise_unauthorized_user_error(
'Provided tenant name unknown: {0}'.format(tenant_name)
)
logger.debug('User attempting to connect with {0}'.format(tenant))
if tenant not in user.all_tenants and admin_role not in user.roles:
raise_unauthorized_user_error(
'{0} is not associated with {1}'.format(user, tenant)
)
current_app.config[CURRENT_TENANT_CONFIG] = tenant
def create_default_user_tenant_and_roles(admin_username, admin_password,
amqp_manager,
authorization_file_path):
"""
Create the bootstrap admin, the default tenant and the security roles,
as well as a RabbitMQ vhost and user corresponding to the default tenant
:return: The default tenant
"""
admin_role = _create_roles(authorization_file_path)
default_tenant = _create_default_tenant()
amqp_manager.create_tenant_vhost_and_user(tenant=default_tenant)
admin_user = user_datastore.create_user(
id=constants.BOOTSTRAP_ADMIN_ID,
username=admin_username,
password=encrypt_password(admin_password),
roles=[admin_role])
# User role assigned to admin user as a member of default tenant
# This is the default role when adding a user is added to a tenant.
# Anyway, `sys_admin` will be the effective role since is the system role.
user_role = user_datastore.find_role(constants.DEFAULT_TENANT_ROLE)
user_tenant_association = UserTenantAssoc(
user=admin_user,
tenant=default_tenant,
role=user_role,
)
admin_user.tenant_associations.append(user_tenant_association)
user_datastore.commit()
return default_tenant
def _create_roles(authorization_file_path):
with open(authorization_file_path) as f:
roles = load(f)['roles']
for role in roles:
user_datastore.find_or_create_role(name=role['name'])
# return the first role, which is the strongest
return user_datastore.find_role(roles[0]['name'])
def create_default_user_tenant_and_roles(admin_username,
admin_password,
amqp_manager,
authorization_file_path):
"""
Create the bootstrap admin, the default tenant and the security roles,
as well as a RabbitMQ vhost and user corresponding to the default tenant
:return: The default tenant
"""
admin_role = _create_roles(authorization_file_path)
default_tenant = _create_default_tenant()
amqp_manager.create_tenant_vhost_and_user(tenant=default_tenant)
admin_user = user_datastore.create_user(
id=constants.BOOTSTRAP_ADMIN_ID,
username=admin_username,
password=hash_password(admin_password),
roles=[admin_role]
)
# User role assigned to admin user as a member of default tenant
# This is the default role when adding a user is added to a tenant.
# Anyway, `sys_admin` will be the effective role since is the system role.
user_role = user_datastore.find_role(constants.DEFAULT_TENANT_ROLE)
user_tenant_association = UserTenantAssoc(
user=admin_user,
tenant=default_tenant,
role=user_role,
)
admin_user.tenant_associations.append(user_tenant_association)
user_datastore.commit()
return default_tenant
def add_users_to_db(user_list):
default_tenant = Tenant.query.get(DEFAULT_TENANT_ID)
for user in user_list:
role = user_datastore.find_role(user['role'])
user_obj = user_datastore.create_user(username=user['username'],
password=hash_password(
user['password']),
roles=[role])
default_tenant_role = user_datastore.find_role(DEFAULT_TENANT_ROLE)
user_obj.active = user.get('active', True)
user_tenant_association = UserTenantAssoc(
user=user_obj,
tenant=default_tenant,
role=default_tenant_role,
)
user_obj.tenant_associations.append(user_tenant_association)
user_datastore.commit()
def add_users_to_db(user_list):
default_tenant = Tenant.query.get(DEFAULT_TENANT_ID)
for user in user_list:
role = user_datastore.find_role(user['role'])
user_obj = user_datastore.create_user(username=user['username'],
password=encrypt_password(
user['password']),
roles=[role])
user_obj.active = user.get('active', True)
user_obj.tenants.append(default_tenant)
user_datastore.commit()
def create_status_reporter_user_and_assign_role(username, password, role,
user_id):
"""Creates a user and assigns its given role.
"""
user = user_datastore.create_user(username=username,
password=hash_password(password),
roles=[role],
id=user_id)
default_tenant = Tenant.query.filter_by(
id=constants.DEFAULT_TENANT_ID).first()
reporter_role = user_datastore.find_role(role)
if not reporter_role:
raise NotFoundError("The username \"{0}\" cannot have the role \"{1}\""
" as the role doesn't exist"
"".format(username, role))
user_tenant_association = UserTenantAssoc(
user=user,
tenant=default_tenant,
role=reporter_role,
)
user.tenant_associations.append(user_tenant_association)
user_datastore.commit()
return user
def _create_roles():
for role in constants.ALL_ROLES:
user_datastore.find_or_create_role(name=role)
return user_datastore.find_role(constants.ADMIN_ROLE)
