async def authenticate(api_key, auth):
error = errors.unauthorized()
if api_key == settings.API_KEY:
if auth is None:
abort(error[0], error[1])
token = JuJu_Token(auth)
if not user_exists(token.username):
abort(error[0], error[1])
try:
controllers = get_all_controllers()
ready_cons = []
for con in controllers:
if datastore.get_controller(con)['state'] == 'ready':
ready_cons.append(con)
user_state = datastore.get_user_state(token.username)
if user_state == 'ready':
if len(ready_cons) > 0:
controller = Controller_Connection(token, controllers[randint(0, len(controllers) - 1)])
async with controller.connect(token): #pylint: disable=E1701
pass
return token
else:
if token.username == settings.JUJU_ADMIN_USER and token.password == settings.JUJU_ADMIN_PASSWORD:
return token
else:
abort(error[0], error[1])
elif user_state == 'pending':
abort(403, "The user is not ready yet to perform this action. Please wait untill the user is created!")
else:
abort(403, "The user is being removed and not able to perform this action anymore!")
except JujuAPIError:
abort(error[0], error[1])
else:
abort(error[0], error[1])
def get_ssh_keys(user):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
if token.is_admin or token.username == user:
code, response = 200, execute_task(juju.get_ssh_keys_user, user)
else:
code, response = errors.unauthorized()
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def get_credentials(user):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
usr = juju.check_input(user)
if token.is_admin or token.username == usr:
code, response = 200, juju.execute_task(juju.get_credentials, token, usr)
else:
code, response = errors.unauthorized()
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def remove_credential(user):
data = request.json
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
usr = juju.check_input(user)
if token.is_admin or token.username == usr:
execute_task(juju.remove_credential, usr, data['name'])
code, response = 202, 'Process being handeled'
else:
code, response = errors.unauthorized()
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def index():
try:
if request.headers['api-key'] == settings.API_KEY:
code, response = 200, {
'version': "1.0.0", # see http://semver.org/
'used_apis': get_apis(),
'controllers': get_controllers()
}
else:
error = unauthorized()
abort(error[0], error[1])
except KeyError:
code, response = invalid_data()
return create_response(code, response)
def get_user_info(user):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
user = juju.check_input(user)
if execute_task(juju.user_exists, user):
if user == token.username or token.is_admin:
code, response = 200, execute_task(juju.get_user_info, user)
else:
code, response = errors.unauthorized()
else:
code, response = errors.does_not_exist('user')
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def reactivate_user():
data = request.json
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
user = juju.check_input(data['username'])
if token.is_admin:
if execute_task(juju.user_exists, user):
execute_task(juju.enable_user, token, user)
code, response = 200, 'User {} succesfully activated'.format(user)
else:
code, response = errors.unauthorized()
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def change_user_password(user):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
usr = juju.check_input(user)
if execute_task(juju.user_exists, usr):
if usr == token.username or token.is_admin:
execute_task(juju.change_user_password, token, usr, request.json['password'])
code, response = 200, 'succesfully changed password for user {}'.format(usr)
else:
code, response = errors.unauthorized()
else:
code, response = errors.does_not_exist('user')
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def get_ucontroller_access(user, controller):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
con = execute_task(juju.authorize, token, juju.check_input(controller))
usr = juju.check_input(user)
if execute_task(juju.user_exists, usr):
if token.is_admin or token.username == usr:
code, response = 200, execute_task(juju.get_ucontroller_access, con, usr)
else:
code, response = errors.unauthorized()
else:
code, response = errors.does_not_exist('user')
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def grant_to_model(user, controller, model):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
con, mod = execute_task(juju.authorize, token, juju.check_input(controller), juju.check_input(model))
usr = juju.check_input(user)
if (token.is_admin or mod.m_access == 'admin' or con.c_access == 'superuser') and user != 'admin':
access = juju.check_access(request.json['access'])
if execute_task(juju.user_exists, user):
execute_task(juju.add_user_to_model, token, con, mod, usr, access)
code, response = 202, 'Process being handeled'
else:
code, response = errors.does_not_exist('user')
else:
code, response = errors.unauthorized()
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def revoke_from_controller(user, controller):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
con = execute_task(juju.authorize, token, juju.check_input(controller))
usr = juju.check_input(user)
if (token.is_admin or con.c_access == 'superuser' or token.username == usr) and usr != 'admin':
if execute_task(juju.user_exists, usr):
execute_task(con.connect, token)
execute_task(juju.remove_user_from_controller, token, con, usr)
code, response = 200, execute_task(juju.remove_user_from_controller, con, usr)
execute_task(con.disconnect)
else:
code, response = errors.does_not_exist('user')
else:
code, response = errors.unauthorized()
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def delete_user(user):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
usr = juju.check_input(user)
if token.is_admin:
if execute_task(juju.user_exists, usr):
if usr != 'admin':
execute_task(juju.delete_user, token, usr)
code, response = 200, 'User {} succesfully removed'.format(usr)
else:
code, response = 403, 'This would remove the admin from the system!'
else:
code, response = errors.does_not_exist('user')
else:
code, response = errors.unauthorized()
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)
def authorize(token, controller, model=None):
if not controller_exists(controller):
error = errors.does_not_exist('controller')
abort(error[0], error[1])
else:
con = Controller_Connection(token, controller)
if not c_access_exists(con.c_access):
error = errors.does_not_exist('controller')
abort(error[0], error[1])
if model and not model_exists(con, model):
error = errors.does_not_exist('model')
abort(error[0], error[1])
elif model:
mod = Model_Connection(token, controller, model)
if not m_access_exists(mod.m_access):
error = errors.unauthorized()
abort(error[0], error[1])
return con, mod
return con
def revoke_from_model(user, controller, model):
try:
token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization)
con, mod = execute_task(juju.authorize, token, juju.check_input(controller), juju.check_input(model))
usr = juju.check_input(user)
if execute_task(juju.user_exists, usr):
if (mod.m_access == 'admin' or mod.c_access == 'superuser') and user != 'admin':
execute_task(con.connect, token)
execute_task(mod.connect, token)
execute_task(juju.remove_user_from_model, con, mod, usr)
code, response = 200, 'Revoked access for user {} on model {}'.format(usr, model)
execute_task(con.disconnect)
execute_task(mod.disconnect)
else:
code, response = errors.unauthorized()
else:
code, response = errors.does_not_exist('user')
except KeyError:
code, response = errors.invalid_data()
return juju.create_response(code, response)