def test_permissions(users, http_client, base_url, session):
user = session.query(User).filter_by(username="******").scalar()
perm = Permission(name=TAG_EDIT, description="Why is this not nullable?")
perm.add(session)
session.commit()
perm = Permission(name="it.literally.does.not.matter", description="Why is this not nullable?")
perm.add(session)
session.commit()
grant_permission(session.query(Group).filter_by(groupname="all-teams").scalar(), session.query(Permission).filter_by(name=TAG_EDIT).scalar(), "*")
grant_permission(session.query(Group).filter_by(groupname="all-teams").scalar(), session.query(Permission).filter_by(name="it.literally.does.not.matter").scalar(), "*")
fe_url = url(base_url, '/tags')
resp = yield http_client.fetch(fe_url, method="POST",
body=urlencode({'tagname': "tyler_was_here", "description": "Test Tag Please Ignore"}),
headers={'X-Grouper-User': user.username})
tag = PublicKeyTag.get(session, name="tyler_was_here")
user = session.query(User).filter_by(username="******").scalar()
fe_url = url(base_url, '/permissions/grant_tag/{}'.format(tag.name))
resp = yield http_client.fetch(fe_url, method="POST",
body=urlencode({'permission': TAG_EDIT, "argument": "prod"}),
headers={'X-Grouper-User': user.username})
user = session.query(User).filter_by(username="******").scalar()
# add SSH key
fe_url = url(base_url, '/users/{}/public-key/add'.format(user.username))
resp = yield http_client.fetch(fe_url, method="POST",
body=urlencode({'public_key': key_1}),
headers={'X-Grouper-User': user.username})
key = session.query(PublicKey).filter_by(user_id=user.id).scalar()
user = session.query(User).filter_by(username="******").scalar()
fe_url = url(base_url, '/users/{}/public-key/{}/tag'.format(user.username, key.id))
resp = yield http_client.fetch(fe_url, method="POST",
body=urlencode({'tagname': "tyler_was_here"}),
headers={'X-Grouper-User': user.username})
user = session.query(User).filter_by(username="******").scalar()
key = session.query(PublicKey).filter_by(user_id=user.id).scalar()
assert len(get_public_key_permissions(session, key)) == 1, "The SSH Key should have only 1 permission"
assert get_public_key_permissions(session, key)[0].name == TAG_EDIT, "The SSH key's permission should be TAG_EDIT"
assert get_public_key_permissions(session, key)[0].argument == "prod", "The SSH key's permission argument should be restricted to the tag's argument"
assert len(user_permissions(session, user)) > 1, "The user should have more than 1 permission"
def test_tags(session, users, http_client, base_url, graph):
user = session.query(User).filter_by(username="******").scalar()
perm = Permission(name=TAG_EDIT, description="Why is this not nullable?")
perm.add(session)
session.commit()
perm2 = Permission(name="it.literally.does.not.matter", description="Why is this not nullable?")
perm2.add(session)
session.commit()
grant_permission(session.query(Group).filter_by(groupname="all-teams").scalar(), session.query(Permission).filter_by(name=TAG_EDIT).scalar(), "*")
grant_permission(session.query(Group).filter_by(groupname="all-teams").scalar(), session.query(Permission).filter_by(name="it.literally.does.not.matter").scalar(), "*")
tag = PublicKeyTag(name="tyler_was_here")
tag.add(session)
session.commit()
tag = PublicKeyTag.get(session, name="tyler_was_here")
user = session.query(User).filter_by(username="******").scalar()
grant_permission_to_tag(session, tag.id, perm.id, "prod")
user = session.query(User).filter_by(username="******").scalar()
add_public_key(session, user, key1)
key = session.query(PublicKey).filter_by(user_id=user.id).scalar()
user = session.query(User).filter_by(username="******").scalar()
add_tag_to_public_key(session, key, tag)
user = session.query(User).filter_by(username="******").scalar()
key = session.query(PublicKey).filter_by(user_id=user.id).scalar()
assert len(get_public_key_permissions(session, key)) == 1, "The SSH Key should have only 1 permission"
assert get_public_key_permissions(session, key)[0].name == TAG_EDIT, "The SSH key's permission should be TAG_EDIT"
assert get_public_key_permissions(session, key)[0].argument == "prod", "The SSH key's permission argument should be restricted to the tag's argument"
assert len(user_permissions(session, user)) > 1, "The user should have more than 1 permission"
graph.update_from_db(session)
fe_url = url(base_url, '/users/{}'.format(user.username))
resp = yield http_client.fetch(fe_url)
assert resp.code == 200
body = json.loads(resp.body)
pub_key = body['data']['user']['public_keys'][0]
assert len(pub_key['tags']) == 1, "The public key should only have 1 tag"
assert pub_key['tags'][0] == 'tyler_was_here', "The public key should have the tag we gave it"
def test_tags(session, http_client, base_url, graph):
perm = Permission(name=TAG_EDIT, description="Why is this not nullable?")
perm.add(session)
session.commit()
perm2 = Permission(name="it.literally.does.not.matter", description="Why is this not nullable?")
perm2.add(session)
session.commit()
grant_permission(session.query(Group).filter_by(groupname="all-teams").scalar(), session.query(Permission).filter_by(name=TAG_EDIT).scalar(), "*")
grant_permission(session.query(Group).filter_by(groupname="all-teams").scalar(), session.query(Permission).filter_by(name="it.literally.does.not.matter").scalar(), "*")
tag = PublicKeyTag(name="tyler_was_here")
tag.add(session)
session.commit()
tag = PublicKeyTag.get(session, name="tyler_was_here")
grant_permission_to_tag(session, tag.id, perm.id, "prod")
with pytest.raises(AssertionError):
grant_permission_to_tag(session, tag.id, perm.id, "question?")
user = session.query(User).filter_by(username="******").scalar()
add_public_key(session, user, SSH_KEY_1)
key = session.query(PublicKey).filter_by(user_id=user.id).scalar()
add_tag_to_public_key(session, key, tag)
user = session.query(User).filter_by(username="******").scalar()
key = session.query(PublicKey).filter_by(user_id=user.id).scalar()
assert len(get_public_key_permissions(session, key)) == 1, "The SSH Key should have only 1 permission"
assert get_public_key_permissions(session, key)[0].name == TAG_EDIT, "The SSH key's permission should be TAG_EDIT"
assert get_public_key_permissions(session, key)[0].argument == "prod", "The SSH key's permission argument should be restricted to the tag's argument"
assert len(user_permissions(session, user)) > 1, "The user should have more than 1 permission"
graph.update_from_db(session)
fe_url = url(base_url, '/users/{}'.format(user.username))
resp = yield http_client.fetch(fe_url)
assert resp.code == 200
body = json.loads(resp.body)
pub_key = body['data']['user']['public_keys'][0]
assert len(pub_key['tags']) == 1, "The public key should only have 1 tag"
assert pub_key['fingerprint'] == 'e9:ae:c5:8f:39:9b:3a:9c:6a:b8:33:6b:cb:6f:ba:35'
assert pub_key['fingerprint_sha256'] == 'MP9uWaujW96EWxbjDtPdPWheoMDu6BZ8FZj0+CBkVWU'
assert pub_key['tags'][0] == 'tyler_was_here', "The public key should have the tag we gave it"
def get(self, name=None):
cutoff = int(self.get_argument("cutoff", 100))
include_role_users = self.get_argument("include_role_users",
"no") == "yes"
with self.graph.lock:
if not name:
return self.success({
"users":
sorted([
k for k, v in self.graph.user_metadata.iteritems()
if include_role_users or (not v["role_user"])
]),
})
if name in self.graph.user_metadata:
md = self.graph.user_metadata[name]
details = self.graph.get_user_details(name, cutoff)
else:
return self.notfound("User (%s) not found." % name)
for key in md["public_keys"]:
db_key = PublicKey.get(self.session, id=key["id"])
perms = get_public_key_permissions(self.session, db_key)
# Convert to set to remove duplicates, then back to list for json-serializability
key["permissions"] = list(
set([(perm.name, perm.argument) for perm in perms]))
out = {"user": {"name": name}}
try_update(out["user"], md)
try_update(out, details)
return self.success(out)
def get(self, name=None):
cutoff = int(self.get_argument("cutoff", 100))
include_role_users = self.get_argument("include_role_users", "no") == "yes"
with self.graph.lock:
if not name:
return self.success({
"users": sorted([k
for k, v in self.graph.user_metadata.iteritems()
if include_role_users or (not v["role_user"])]),
})
if name in self.graph.user_metadata:
md = self.graph.user_metadata[name]
details = self.graph.get_user_details(name, cutoff)
else:
return self.notfound("User (%s) not found." % name)
for key in md["public_keys"]:
db_key = PublicKey.get(self.session, id=key["id"])
perms = get_public_key_permissions(self.session, db_key)
# Convert to set to remove duplicates, then back to list for json-serializability
key["permissions"] = list(set([(perm.name, perm.argument) for perm in perms]))
out = {"user": {"name": name}}
try_update(out["user"], md)
try_update(out, details)
return self.success(out)
def get_user_view_template_vars(session, actor, user, graph):
# TODO(cbguder): get around circular dependencies
from grouper.fe.handlers.user_disable import UserDisable
from grouper.fe.handlers.user_enable import UserEnable
ret = {}
if user.is_service_account:
ret["can_control"] = (
can_manage_service_account(session, user.service_account, actor) or
user_is_user_admin(session, actor)
)
ret["can_disable"] = ret["can_control"]
ret["can_enable"] = user_is_user_admin(session, actor)
ret["account"] = user.service_account
else:
ret["can_control"] = (user.name == actor.name or user_is_user_admin(session, actor))
ret["can_disable"] = UserDisable.check_access(session, actor, user)
ret["can_enable"] = UserEnable.check_access(session, actor, user)
if user.id == actor.id:
ret["num_pending_group_requests"] = user_requests_aggregate(session, actor).count()
_, ret["num_pending_perm_requests"] = get_requests_by_owner(session, actor,
status='pending', limit=1, offset=0)
else:
ret["num_pending_group_requests"] = None
ret["num_pending_perm_requests"] = None
try:
user_md = graph.get_user_details(user.name)
except NoSuchUser:
# Either user is probably very new, so they have no metadata yet, or
# they're disabled, so we've excluded them from the in-memory graph.
user_md = {}
shell = (get_user_metadata_by_key(session, user.id, USER_METADATA_SHELL_KEY).data_value
if get_user_metadata_by_key(session, user.id, USER_METADATA_SHELL_KEY)
else "No shell configured")
ret["shell"] = shell
ret["open_audits"] = user_open_audits(session, user)
group_edge_list = get_groups_by_user(session, user) if user.enabled else []
ret["groups"] = [{'name': g.name, 'type': 'Group', 'role': ge._role}
for g, ge in group_edge_list]
ret["passwords"] = user_passwords(session, user)
ret["public_keys"] = get_public_keys_of_user(session, user.id)
for key in ret["public_keys"]:
key.tags = get_public_key_tags(session, key)
key.pretty_permissions = ["{} ({})".format(perm.name,
perm.argument if perm.argument else "unargumented")
for perm in get_public_key_permissions(session, key)]
ret["log_entries"] = get_log_entries_by_user(session, user)
ret["user_tokens"] = user.tokens
if user.is_service_account:
service_account = user.service_account
ret["permissions"] = service_account_permissions(session, service_account)
else:
ret["permissions"] = user_md.get('permissions', [])
return ret
def get_user_view_template_vars(session, actor, user, graph):
ret = {}
ret["can_control"] = (user.name == actor.name
or user_is_user_admin(session, actor))
ret["can_disable"] = UserDisable.check_access(session, actor, user)
ret["can_enable"] = UserEnable.check_access(session, actor, user)
if user.id == actor.id:
ret["num_pending_group_requests"] = user_requests_aggregate(
session, actor).count()
_, ret["num_pending_perm_requests"] = get_requests_by_owner(
session, actor, status='pending', limit=1, offset=0)
else:
ret["num_pending_group_requests"] = None
ret["num_pending_perm_requests"] = None
try:
user_md = graph.get_user_details(user.name)
except NoSuchUser:
# Either user is probably very new, so they have no metadata yet, or
# they're disabled, so we've excluded them from the in-memory graph.
user_md = {}
shell = (get_user_metadata_by_key(session, user.id,
USER_METADATA_SHELL_KEY).data_value
if get_user_metadata_by_key(session, user.id,
USER_METADATA_SHELL_KEY) else
"No shell configured")
ret["shell"] = shell
ret["open_audits"] = user_open_audits(session, user)
group_edge_list = get_groups_by_user(session, user) if user.enabled else []
ret["groups"] = [{
'name': g.name,
'type': 'Group',
'role': ge._role
} for g, ge in group_edge_list]
ret["passwords"] = user_passwords(session, user)
ret["public_keys"] = get_public_keys_of_user(session, user.id)
for key in ret["public_keys"]:
key.tags = get_public_key_tags(session, key)
key.pretty_permissions = [
"{} ({})".format(
perm.name, perm.argument if perm.argument else "unargumented")
for perm in get_public_key_permissions(session, key)
]
ret["permissions"] = user_md.get('permissions', [])
ret["log_entries"] = get_log_entries_by_user(session, user)
ret["user_tokens"] = user.tokens
return ret
def test_tags(session, http_client, base_url, graph):
perm = Permission(name=TAG_EDIT, description="Why is this not nullable?")
perm.add(session)
session.commit()
perm2 = Permission(name="it.literally.does.not.matter",
description="Why is this not nullable?")
perm2.add(session)
session.commit()
grant_permission(
session.query(Group).filter_by(groupname="all-teams").scalar(),
session.query(Permission).filter_by(name=TAG_EDIT).scalar(), "*")
grant_permission(
session.query(Group).filter_by(groupname="all-teams").scalar(),
session.query(Permission).filter_by(
name="it.literally.does.not.matter").scalar(), "*")
tag = PublicKeyTag(name="tyler_was_here")
tag.add(session)
session.commit()
tag = PublicKeyTag.get(session, name="tyler_was_here")
grant_permission_to_tag(session, tag.id, perm.id, "prod")
with pytest.raises(AssertionError):
grant_permission_to_tag(session, tag.id, perm.id, "question?")
user = session.query(User).filter_by(username="******").scalar()
add_public_key(session, user, SSH_KEY_1)
key = session.query(PublicKey).filter_by(user_id=user.id).scalar()
add_tag_to_public_key(session, key, tag)
user = session.query(User).filter_by(username="******").scalar()
key = session.query(PublicKey).filter_by(user_id=user.id).scalar()
assert len(get_public_key_permissions(
session, key)) == 1, "The SSH Key should have only 1 permission"
assert get_public_key_permissions(
session,
key)[0].name == TAG_EDIT, "The SSH key's permission should be TAG_EDIT"
assert get_public_key_permissions(
session, key
)[0].argument == "prod", "The SSH key's permission argument should be restricted to the tag's argument"
assert len(user_permissions(
session, user)) > 1, "The user should have more than 1 permission"
graph.update_from_db(session)
fe_url = url(base_url, '/users/{}'.format(user.username))
resp = yield http_client.fetch(fe_url)
assert resp.code == 200
body = json.loads(resp.body)
pub_key = body['data']['user']['public_keys'][0]
assert len(pub_key['tags']) == 1, "The public key should only have 1 tag"
assert pub_key[
'fingerprint'] == 'e9:ae:c5:8f:39:9b:3a:9c:6a:b8:33:6b:cb:6f:ba:35'
assert pub_key[
'fingerprint_sha256'] == 'MP9uWaujW96EWxbjDtPdPWheoMDu6BZ8FZj0+CBkVWU'
assert pub_key['tags'][
0] == 'tyler_was_here', "The public key should have the tag we gave it"
def test_permissions(users, http_client, base_url, session): # noqa: F811
user = session.query(User).filter_by(username="******").scalar()
create_permission(session, TAG_EDIT)
session.commit()
create_permission(session, "it.literally.does.not.matter")
session.commit()
grant_permission(
session.query(Group).filter_by(groupname="all-teams").scalar(),
get_permission(session, TAG_EDIT),
"*",
)
grant_permission(
session.query(Group).filter_by(groupname="all-teams").scalar(),
get_permission(session, "it.literally.does.not.matter"),
"*",
)
fe_url = url(base_url, "/tags")
yield http_client.fetch(
fe_url,
method="POST",
body=urlencode({"tagname": "tyler_was_here", "description": "Test Tag Please Ignore"}),
headers={"X-Grouper-User": user.username},
)
tag = PublicKeyTag.get(session, name="tyler_was_here")
user = session.query(User).filter_by(username="******").scalar()
fe_url = url(base_url, "/permissions/grant_tag/{}".format(tag.name))
yield http_client.fetch(
fe_url,
method="POST",
body=urlencode({"permission": TAG_EDIT, "argument": "prod"}),
headers={"X-Grouper-User": user.username},
)
user = session.query(User).filter_by(username="******").scalar()
# add SSH key
fe_url = url(base_url, "/users/{}/public-key/add".format(user.username))
yield http_client.fetch(
fe_url,
method="POST",
body=urlencode({"public_key": SSH_KEY_1}),
headers={"X-Grouper-User": user.username},
)
key = session.query(PublicKey).filter_by(user_id=user.id).scalar()
user = session.query(User).filter_by(username="******").scalar()
fe_url = url(base_url, "/users/{}/public-key/{}/tag".format(user.username, key.id))
yield http_client.fetch(
fe_url,
method="POST",
body=urlencode({"tagname": "tyler_was_here"}),
headers={"X-Grouper-User": user.username},
)
user = session.query(User).filter_by(username="******").scalar()
key = session.query(PublicKey).filter_by(user_id=user.id).scalar()
assert (
len(get_public_key_permissions(session, key)) == 1
), "The SSH Key should have only 1 permission"
assert (
get_public_key_permissions(session, key)[0].name == TAG_EDIT
), "The SSH key's permission should be TAG_EDIT"
assert (
get_public_key_permissions(session, key)[0].argument == "prod"
), "The SSH key's permission argument should be restricted to the tag's argument"
assert len(user_permissions(session, user)) > 1, "The user should have more than 1 permission"
def test_permissions(users, http_client, base_url, session):
user = session.query(User).filter_by(username="******").scalar()
perm = Permission(name=TAG_EDIT, description="Why is this not nullable?")
perm.add(session)
session.commit()
perm = Permission(name="it.literally.does.not.matter",
description="Why is this not nullable?")
perm.add(session)
session.commit()
grant_permission(
session.query(Group).filter_by(groupname="all-teams").scalar(),
session.query(Permission).filter_by(name=TAG_EDIT).scalar(), "*")
grant_permission(
session.query(Group).filter_by(groupname="all-teams").scalar(),
session.query(Permission).filter_by(
name="it.literally.does.not.matter").scalar(), "*")
fe_url = url(base_url, '/tags')
resp = yield http_client.fetch(fe_url,
method="POST",
body=urlencode({
'tagname':
"tyler_was_here",
"description":
"Test Tag Please Ignore"
}),
headers={'X-Grouper-User': user.username})
tag = PublicKeyTag.get(session, name="tyler_was_here")
user = session.query(User).filter_by(username="******").scalar()
fe_url = url(base_url, '/permissions/grant_tag/{}'.format(tag.name))
resp = yield http_client.fetch(fe_url,
method="POST",
body=urlencode({
'permission': TAG_EDIT,
"argument": "prod"
}),
headers={'X-Grouper-User': user.username})
user = session.query(User).filter_by(username="******").scalar()
# add SSH key
fe_url = url(base_url, '/users/{}/public-key/add'.format(user.username))
resp = yield http_client.fetch(fe_url,
method="POST",
body=urlencode({'public_key': key_1}),
headers={'X-Grouper-User': user.username})
key = session.query(PublicKey).filter_by(user_id=user.id).scalar()
user = session.query(User).filter_by(username="******").scalar()
fe_url = url(base_url,
'/users/{}/public-key/{}/tag'.format(user.username, key.id))
resp = yield http_client.fetch(fe_url,
method="POST",
body=urlencode(
{'tagname': "tyler_was_here"}),
headers={'X-Grouper-User': user.username})
user = session.query(User).filter_by(username="******").scalar()
key = session.query(PublicKey).filter_by(user_id=user.id).scalar()
assert len(get_public_key_permissions(
session, key)) == 1, "The SSH Key should have only 1 permission"
assert get_public_key_permissions(
session,
key)[0].name == TAG_EDIT, "The SSH key's permission should be TAG_EDIT"
assert get_public_key_permissions(
session, key
)[0].argument == "prod", "The SSH key's permission argument should be restricted to the tag's argument"
assert len(user_permissions(
session, user)) > 1, "The user should have more than 1 permission"
def test_tags(session, http_client, base_url, graph): # noqa: F811
perm = create_permission(session, TAG_EDIT)
session.commit()
create_permission(session, "it.literally.does.not.matter")
session.commit()
grant_permission(
session.query(Group).filter_by(groupname="all-teams").scalar(),
get_permission(session, TAG_EDIT),
"*",
)
grant_permission(
session.query(Group).filter_by(groupname="all-teams").scalar(),
get_permission(session, "it.literally.does.not.matter"),
"*",
)
tag = PublicKeyTag(name="tyler_was_here")
tag.add(session)
session.commit()
tag = PublicKeyTag.get(session, name="tyler_was_here")
grant_permission_to_tag(session, tag.id, perm.id, "prod")
with pytest.raises(AssertionError):
grant_permission_to_tag(session, tag.id, perm.id, "question?")
user = session.query(User).filter_by(username="******").scalar()
add_public_key(session, user, SSH_KEY_1)
key = session.query(PublicKey).filter_by(user_id=user.id).scalar()
add_tag_to_public_key(session, key, tag)
user = session.query(User).filter_by(username="******").scalar()
key = session.query(PublicKey).filter_by(user_id=user.id).scalar()
assert (
len(get_public_key_permissions(session, key)) == 1
), "The SSH Key should have only 1 permission"
assert (
get_public_key_permissions(session, key)[0].name == TAG_EDIT
), "The SSH key's permission should be TAG_EDIT"
assert (
get_public_key_permissions(session, key)[0].argument == "prod"
), "The SSH key's permission argument should be restricted to the tag's argument"
assert len(user_permissions(session, user)) > 1, "The user should have more than 1 permission"
graph.update_from_db(session)
fe_url = url(base_url, "/users/{}".format(user.username))
resp = yield http_client.fetch(fe_url)
assert resp.code == 200
body = json.loads(resp.body)
pub_key = body["data"]["user"]["public_keys"][0]
assert len(pub_key["tags"]) == 1, "The public key should only have 1 tag"
assert pub_key["fingerprint"] == "e9:ae:c5:8f:39:9b:3a:9c:6a:b8:33:6b:cb:6f:ba:35"
assert pub_key["fingerprint_sha256"] == "MP9uWaujW96EWxbjDtPdPWheoMDu6BZ8FZj0+CBkVWU"
assert pub_key["tags"][0] == "tyler_was_here", "The public key should have the tag we gave it"
def get_user_view_template_vars(session, actor, user, graph):
# TODO(cbguder): get around circular dependencies
from grouper.fe.handlers.user_disable import UserDisable
from grouper.fe.handlers.user_enable import UserEnable
ret = {}
if user.is_service_account:
ret["can_control"] = can_manage_service_account(
session, user.service_account, actor
) or user_is_user_admin(session, actor)
ret["can_disable"] = ret["can_control"]
ret["can_enable"] = user_is_user_admin(session, actor)
ret["can_enable_preserving_membership"] = user_is_user_admin(session, actor)
ret["account"] = user.service_account
else:
ret["can_control"] = user.name == actor.name or user_is_user_admin(session, actor)
ret["can_disable"] = UserDisable.check_access(session, actor, user)
ret["can_enable_preserving_membership"] = UserEnable.check_access(session, actor, user)
ret["can_enable"] = UserEnable.check_access_without_membership(session, actor, user)
if user.id == actor.id:
ret["num_pending_group_requests"] = user_requests_aggregate(session, actor).count()
_, ret["num_pending_perm_requests"] = get_requests(
session, status="pending", limit=1, offset=0, owner=actor
)
else:
ret["num_pending_group_requests"] = None
ret["num_pending_perm_requests"] = None
try:
user_md = graph.get_user_details(user.name)
except NoSuchUser:
# Either user is probably very new, so they have no metadata yet, or
# they're disabled, so we've excluded them from the in-memory graph.
user_md = {}
shell = (
get_user_metadata_by_key(session, user.id, USER_METADATA_SHELL_KEY).data_value
if get_user_metadata_by_key(session, user.id, USER_METADATA_SHELL_KEY)
else "No shell configured"
)
ret["shell"] = shell
ret["open_audits"] = user_open_audits(session, user)
group_edge_list = get_groups_by_user(session, user) if user.enabled else []
ret["groups"] = [
{"name": g.name, "type": "Group", "role": ge._role} for g, ge in group_edge_list
]
ret["passwords"] = user_passwords(session, user)
ret["public_keys"] = get_public_keys_of_user(session, user.id)
for key in ret["public_keys"]:
key.tags = get_public_key_tags(session, key)
key.pretty_permissions = [
"{} ({})".format(perm.name, perm.argument if perm.argument else "unargumented")
for perm in get_public_key_permissions(session, key)
]
ret["log_entries"] = get_log_entries_by_user(session, user)
ret["user_tokens"] = user.tokens
if user.is_service_account:
service_account = user.service_account
ret["permissions"] = service_account_permissions(session, service_account)
else:
ret["permissions"] = user_md.get("permissions", [])
return ret