def create_group(keycloak: KeycloakClient, body, user):
try:
group_id = keycloak.group_create(body)
logger.info(f'Created group {group_id}')
group_data = keycloak.group_get(group_id)
return group_data | {'_href': _group_href(group_data)}
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error', str(e))
def create_policy(keycloak: KeycloakClient, user, body):
"""
API endpoint to create a policy (JSON formatted)
"""
policy = model.Policy.from_dict(body)
try:
db.session.add(policy)
db.session.flush()
group_id = keycloak.group_create(
{'name': f'policy-{policy.id}-owners'})
keycloak.group_user_add(user, group_id)
keycloak.group_role_add('policy-owner', group_id)
db.session.commit()
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error',
f'Failed to delete owner group in Keycloak, {e}')
return policy.to_dict()
def create_region(keycloak: KeycloakClient, vault: Vault, body, user):
try:
if body.get('users_group'):
keycloak.group_get(body['users_group'])
except KeycloakGetError as e:
logger.exception(e)
return problem(
400, 'Users group does not exist',
f'Users group {body["users_group"]} does not exist in Keycloak, '
'you have to create group first or use existing group.')
tower = tower_model.Server.query.get(body['tower_id'])
if not tower:
return problem(
404, 'Not Found',
f'Tower instance with ID {body["tower_id"]} does not exist')
query = model.Region.query.filter(model.Region.name == body['name'])
if query.count() > 0:
return problem(
400,
'Bad Request',
f'Region with name {body["name"]!r} already exists',
)
try:
owners_id = keycloak.group_create({
'name': f'{body["name"]}-owners',
})
logger.info(f'Created owners group {owners_id}')
body['owner_group'] = owners_id
keycloak.group_user_add(user, owners_id)
logger.info(f'Added {user} to owners group {owners_id}')
except KeycloakGetError as e:
logger.exception(e)
return problem_from_keycloak_error(e)
except Exception as e:
logger.exception(e)
return problem(500, 'Unknown Error',
f'Failed to create owner group in Keycloak, {e}')
openstack_credentials = dpath.get(body, 'openstack/credentials')
if not isinstance(openstack_credentials, str):
openstack_credentials_path = f'{VAULT_PATH_PREFIX}/{body["name"]}/openstack'
vault.write(openstack_credentials_path, openstack_credentials)
dpath.set(body, 'openstack/credentials', openstack_credentials_path)
satellite_credentials = dpath.get(body, 'satellite/credentials')
if not isinstance(satellite_credentials, str):
satellite_credentials_path = f'{VAULT_PATH_PREFIX}/{body["name"]}/satellite'
vault.write(satellite_credentials_path, satellite_credentials)
dpath.set(body, 'satellite/credentials', satellite_credentials_path)
dns_server_key = dpath.get(body, 'dns_server/key')
if not isinstance(dns_server_key, str):
dns_server_key_path = f'{VAULT_PATH_PREFIX}/{body["name"]}/dns_server'
vault.write(dns_server_key_path, dns_server_key)
dpath.set(body, 'dns_server/key', dns_server_key_path)
region = model.Region.from_dict(body)
try:
db.session.add(region)
db.session.commit()
logger.info(
f'Region {region.name} (id {region.id}) created by user {user}')
except sqlalchemy.exc.SQLAlchemyError:
# If database transaction failed remove group in Keycloak.
keycloak.group_delete(owners_id)
raise
return region.to_dict() | {'_href': _region_href(region)}
