async def authenticate(api_key, auth): error = errors.unauthorized() if api_key == settings.API_KEY: if auth is None: abort(error[0], error[1]) token = JuJu_Token(auth) if not user_exists(token.username): abort(error[0], error[1]) try: controllers = get_all_controllers() ready_cons = [] for con in controllers: if datastore.get_controller(con)['state'] == 'ready': ready_cons.append(con) user_state = datastore.get_user_state(token.username) if user_state == 'ready': if len(ready_cons) > 0: controller = Controller_Connection(token, controllers[randint(0, len(controllers) - 1)]) async with controller.connect(token): #pylint: disable=E1701 pass return token else: if token.username == settings.JUJU_ADMIN_USER and token.password == settings.JUJU_ADMIN_PASSWORD: return token else: abort(error[0], error[1]) elif user_state == 'pending': abort(403, "The user is not ready yet to perform this action. Please wait untill the user is created!") else: abort(403, "The user is being removed and not able to perform this action anymore!") except JujuAPIError: abort(error[0], error[1]) else: abort(error[0], error[1])
def get_ssh_keys(user): try: token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization) if token.is_admin or token.username == user: code, response = 200, execute_task(juju.get_ssh_keys_user, user) else: code, response = errors.unauthorized() except KeyError: code, response = errors.invalid_data() return juju.create_response(code, response)
def get_credentials(user): try: token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization) usr = juju.check_input(user) if token.is_admin or token.username == usr: code, response = 200, juju.execute_task(juju.get_credentials, token, usr) else: code, response = errors.unauthorized() except KeyError: code, response = errors.invalid_data() return juju.create_response(code, response)
def remove_credential(user): data = request.json try: token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization) usr = juju.check_input(user) if token.is_admin or token.username == usr: execute_task(juju.remove_credential, usr, data['name']) code, response = 202, 'Process being handeled' else: code, response = errors.unauthorized() except KeyError: code, response = errors.invalid_data() return juju.create_response(code, response)
def index(): try: if request.headers['api-key'] == settings.API_KEY: code, response = 200, { 'version': "1.0.0", # see http://semver.org/ 'used_apis': get_apis(), 'controllers': get_controllers() } else: error = unauthorized() abort(error[0], error[1]) except KeyError: code, response = invalid_data() return create_response(code, response)
def get_user_info(user): try: token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization) user = juju.check_input(user) if execute_task(juju.user_exists, user): if user == token.username or token.is_admin: code, response = 200, execute_task(juju.get_user_info, user) else: code, response = errors.unauthorized() else: code, response = errors.does_not_exist('user') except KeyError: code, response = errors.invalid_data() return juju.create_response(code, response)
def reactivate_user(): data = request.json try: token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization) user = juju.check_input(data['username']) if token.is_admin: if execute_task(juju.user_exists, user): execute_task(juju.enable_user, token, user) code, response = 200, 'User {} succesfully activated'.format(user) else: code, response = errors.unauthorized() except KeyError: code, response = errors.invalid_data() return juju.create_response(code, response)
def change_user_password(user): try: token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization) usr = juju.check_input(user) if execute_task(juju.user_exists, usr): if usr == token.username or token.is_admin: execute_task(juju.change_user_password, token, usr, request.json['password']) code, response = 200, 'succesfully changed password for user {}'.format(usr) else: code, response = errors.unauthorized() else: code, response = errors.does_not_exist('user') except KeyError: code, response = errors.invalid_data() return juju.create_response(code, response)
def get_ucontroller_access(user, controller): try: token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization) con = execute_task(juju.authorize, token, juju.check_input(controller)) usr = juju.check_input(user) if execute_task(juju.user_exists, usr): if token.is_admin or token.username == usr: code, response = 200, execute_task(juju.get_ucontroller_access, con, usr) else: code, response = errors.unauthorized() else: code, response = errors.does_not_exist('user') except KeyError: code, response = errors.invalid_data() return juju.create_response(code, response)
def grant_to_model(user, controller, model): try: token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization) con, mod = execute_task(juju.authorize, token, juju.check_input(controller), juju.check_input(model)) usr = juju.check_input(user) if (token.is_admin or mod.m_access == 'admin' or con.c_access == 'superuser') and user != 'admin': access = juju.check_access(request.json['access']) if execute_task(juju.user_exists, user): execute_task(juju.add_user_to_model, token, con, mod, usr, access) code, response = 202, 'Process being handeled' else: code, response = errors.does_not_exist('user') else: code, response = errors.unauthorized() except KeyError: code, response = errors.invalid_data() return juju.create_response(code, response)
def revoke_from_controller(user, controller): try: token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization) con = execute_task(juju.authorize, token, juju.check_input(controller)) usr = juju.check_input(user) if (token.is_admin or con.c_access == 'superuser' or token.username == usr) and usr != 'admin': if execute_task(juju.user_exists, usr): execute_task(con.connect, token) execute_task(juju.remove_user_from_controller, token, con, usr) code, response = 200, execute_task(juju.remove_user_from_controller, con, usr) execute_task(con.disconnect) else: code, response = errors.does_not_exist('user') else: code, response = errors.unauthorized() except KeyError: code, response = errors.invalid_data() return juju.create_response(code, response)
def delete_user(user): try: token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization) usr = juju.check_input(user) if token.is_admin: if execute_task(juju.user_exists, usr): if usr != 'admin': execute_task(juju.delete_user, token, usr) code, response = 200, 'User {} succesfully removed'.format(usr) else: code, response = 403, 'This would remove the admin from the system!' else: code, response = errors.does_not_exist('user') else: code, response = errors.unauthorized() except KeyError: code, response = errors.invalid_data() return juju.create_response(code, response)
def authorize(token, controller, model=None): if not controller_exists(controller): error = errors.does_not_exist('controller') abort(error[0], error[1]) else: con = Controller_Connection(token, controller) if not c_access_exists(con.c_access): error = errors.does_not_exist('controller') abort(error[0], error[1]) if model and not model_exists(con, model): error = errors.does_not_exist('model') abort(error[0], error[1]) elif model: mod = Model_Connection(token, controller, model) if not m_access_exists(mod.m_access): error = errors.unauthorized() abort(error[0], error[1]) return con, mod return con
def revoke_from_model(user, controller, model): try: token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization) con, mod = execute_task(juju.authorize, token, juju.check_input(controller), juju.check_input(model)) usr = juju.check_input(user) if execute_task(juju.user_exists, usr): if (mod.m_access == 'admin' or mod.c_access == 'superuser') and user != 'admin': execute_task(con.connect, token) execute_task(mod.connect, token) execute_task(juju.remove_user_from_model, con, mod, usr) code, response = 200, 'Revoked access for user {} on model {}'.format(usr, model) execute_task(con.disconnect) execute_task(mod.disconnect) else: code, response = errors.unauthorized() else: code, response = errors.does_not_exist('user') except KeyError: code, response = errors.invalid_data() return juju.create_response(code, response)