def delete_region(keycloak: KeycloakClient, region_id, user): region = model.Region.query.get(region_id) if not region: return problem(404, 'Not Found', f'Region {region_id} does not exist') if not keycloak.user_check_role(user, ADMIN_ROLE): if not keycloak.user_check_group(user, region.owner_group): raise Forbidden("You don't have write access to this region.") q = model.RegionProduct.query.filter( model.RegionProduct.region_id == region.id, ) if q.count() > 0: for relation in q.all(): db.session.delete(relation) db.session.flush() db.session.delete(region) try: owner_group = keycloak.group_get(region.owner_group) keycloak.group_delete(owner_group['id']) logger.info(f'Deleted owners group {owner_group["id"]}') except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', f'Failed to delete owner group in Keycloak, {e}') db.session.commit() logger.info( f'Region {region.name} (id {region.id}) deleted by user {user}')
def delete_group(keycloak: KeycloakClient, group_id, user): try: keycloak.group_delete(group_id) logger.info(f'Deleted group {group_id}') return {}, 200 except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def delete_policy(keycloak: KeycloakClient, user, policy_id): """ API endpoint to delete policy given policy id """ policy = model.Policy.query.get(policy_id) if not policy: return problem(404, 'Not Found', 'Record Does Not Exist') try: groups = {group['name']: group for group in keycloak.group_list()} group_name = f'policy-{policy_id}-owners' group_id = groups[group_name]['id'] keycloak.group_delete(group_id) except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', f'Failed to delete owner group in Keycloak, {e}') db.session.delete(policy) db.session.commit()
def create_region(keycloak: KeycloakClient, vault: Vault, body, user): try: if body.get('users_group'): keycloak.group_get(body['users_group']) except KeycloakGetError as e: logger.exception(e) return problem( 400, 'Users group does not exist', f'Users group {body["users_group"]} does not exist in Keycloak, ' 'you have to create group first or use existing group.') tower = tower_model.Server.query.get(body['tower_id']) if not tower: return problem( 404, 'Not Found', f'Tower instance with ID {body["tower_id"]} does not exist') query = model.Region.query.filter(model.Region.name == body['name']) if query.count() > 0: return problem( 400, 'Bad Request', f'Region with name {body["name"]!r} already exists', ) try: owners_id = keycloak.group_create({ 'name': f'{body["name"]}-owners', }) logger.info(f'Created owners group {owners_id}') body['owner_group'] = owners_id keycloak.group_user_add(user, owners_id) logger.info(f'Added {user} to owners group {owners_id}') except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', f'Failed to create owner group in Keycloak, {e}') openstack_credentials = dpath.get(body, 'openstack/credentials') if not isinstance(openstack_credentials, str): openstack_credentials_path = f'{VAULT_PATH_PREFIX}/{body["name"]}/openstack' vault.write(openstack_credentials_path, openstack_credentials) dpath.set(body, 'openstack/credentials', openstack_credentials_path) satellite_credentials = dpath.get(body, 'satellite/credentials') if not isinstance(satellite_credentials, str): satellite_credentials_path = f'{VAULT_PATH_PREFIX}/{body["name"]}/satellite' vault.write(satellite_credentials_path, satellite_credentials) dpath.set(body, 'satellite/credentials', satellite_credentials_path) dns_server_key = dpath.get(body, 'dns_server/key') if not isinstance(dns_server_key, str): dns_server_key_path = f'{VAULT_PATH_PREFIX}/{body["name"]}/dns_server' vault.write(dns_server_key_path, dns_server_key) dpath.set(body, 'dns_server/key', dns_server_key_path) region = model.Region.from_dict(body) try: db.session.add(region) db.session.commit() logger.info( f'Region {region.name} (id {region.id}) created by user {user}') except sqlalchemy.exc.SQLAlchemyError: # If database transaction failed remove group in Keycloak. keycloak.group_delete(owners_id) raise return region.to_dict() | {'_href': _region_href(region)}