def get_ucontroller_access(user, controller):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
con = execute_task(juju.authorize, token, juju.check_input(controller))
usr = juju.check_input(user)
if execute_task(juju.user_exists, usr):
if token.is_admin or token.username == usr:
code, response = 200, execute_task(juju.get_ucontroller_access, con, usr)
else:
code, response = errors.unauthorized()
else:
code, response = errors.does_not_exist('user')
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def grant_to_model(user, controller, model):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
con, mod = execute_task(juju.authorize, token, juju.check_input(controller), juju.check_input(model))
usr = juju.check_input(user)
if (token.is_admin or mod.m_access == 'admin' or con.c_access == 'superuser') and user != 'admin':
access = juju.check_access(request.json['access'])
if execute_task(juju.user_exists, user):
execute_task(juju.add_user_to_model, token, con, mod, usr, access)
code, response = 202, 'Process being handeled'
else:
code, response = errors.does_not_exist('user')
else:
code, response = errors.unauthorized()
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def revoke_from_controller(user, controller):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
con = execute_task(juju.authorize, token, juju.check_input(controller))
usr = juju.check_input(user)
if (token.is_admin or con.c_access == 'superuser' or token.username == usr) and usr != 'admin':
if execute_task(juju.user_exists, usr):
execute_task(con.connect, token)
execute_task(juju.remove_user_from_controller, token, con, usr)
code, response = 200, execute_task(juju.remove_user_from_controller, con, usr)
execute_task(con.disconnect)
else:
code, response = errors.does_not_exist('user')
else:
code, response = errors.unauthorized()
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def revoke_from_model(user, controller, model):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
con, mod = execute_task(juju.authorize, token, juju.check_input(controller), juju.check_input(model))
usr = juju.check_input(user)
if execute_task(juju.user_exists, usr):
if (mod.m_access == 'admin' or mod.c_access == 'superuser') and user != 'admin':
execute_task(con.connect, token)
execute_task(mod.connect, token)
execute_task(juju.remove_user_from_model, con, mod, usr)
code, response = 200, 'Revoked access for user {} on model {}'.format(usr, model)
execute_task(con.disconnect)
execute_task(mod.disconnect)
else:
code, response = errors.unauthorized()
else:
code, response = errors.does_not_exist('user')
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def get_credentials(user):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
usr = juju.check_input(user)
if token.is_admin or token.username == usr:
code, response = 200, juju.execute_task(juju.get_credentials, token, usr)
else:
code, response = errors.unauthorized()
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def remove_credential(user):
data = request.json
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
usr = juju.check_input(user)
if token.is_admin or token.username == usr:
execute_task(juju.remove_credential, usr, data['name'])
code, response = 202, 'Process being handeled'
else:
code, response = errors.unauthorized()
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def get_user_info(user):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
user = juju.check_input(user)
if execute_task(juju.user_exists, user):
if user == token.username or token.is_admin:
code, response = 200, execute_task(juju.get_user_info, user)
else:
code, response = errors.unauthorized()
else:
code, response = errors.does_not_exist('user')
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def reactivate_user():
data = request.json
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
user = juju.check_input(data['username'])
if token.is_admin:
if execute_task(juju.user_exists, user):
execute_task(juju.enable_user, token, user)
code, response = 200, 'User {} succesfully activated'.format(user)
else:
code, response = errors.unauthorized()
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def change_user_password(user):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
usr = juju.check_input(user)
if execute_task(juju.user_exists, usr):
if usr == token.username or token.is_admin:
execute_task(juju.change_user_password, token, usr, request.json['password'])
code, response = 200, 'succesfully changed password for user {}'.format(usr)
else:
code, response = errors.unauthorized()
else:
code, response = errors.does_not_exist('user')
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def delete_user(user):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
usr = juju.check_input(user)
if token.is_admin:
if execute_task(juju.user_exists, usr):
if usr != 'admin':
execute_task(juju.delete_user, token, usr)
code, response = 200, 'User {} succesfully removed'.format(usr)
else:
code, response = 403, 'This would remove the admin from the system!'
else:
code, response = errors.does_not_exist('user')
else:
code, response = errors.unauthorized()
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def create_user():
try:
LOGGER.info('/USERS [POST] => receiving call')
data = request.json
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS [POST] => Authenticated!')
valid, user = juju.check_input(data['username'], "username")
if token.is_admin:
if valid:
if juju.user_exists(user):
code, response = errors.already_exists('user')
LOGGER.error(
'/USERS [POST] => Username %s already exists!', user)
elif data['password']:
LOGGER.info(
'/USERS [POST] => Creating user %s, check add_user.log for more information!',
user)
juju.create_user(user, data['password'])
code, response = 202, 'User {} is being created'.format(
user)
else:
code, response = errors.empty()
LOGGER.error('/USERS [POST] => Password cannot be empty!')
else:
code, response = 400, user
LOGGER.error(
'/USERS [POST] => Username does not have the correct format!'
)
else:
code, response = errors.no_permission()
LOGGER.error(
'/USERS [POST] => No Permission to perform this action!')
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
