def s3_authorize_node(auth, node_addon, **kwargs): try: access_key = request.json['access_key'] secret_key = request.json['secret_key'] except KeyError: raise HTTPError(httplib.BAD_REQUEST) if not (access_key and secret_key): return { 'message': 'All the fields above are required.' }, httplib.BAD_REQUEST if not utils.can_list(access_key, secret_key): return { 'message': ('Unable to list buckets.\n' 'Listing buckets is required permission that can be changed via IAM') }, httplib.BAD_REQUEST user_addon = auth.user.get_or_add_addon('s3') user_addon.access_key = access_key user_addon.secret_key = secret_key user_addon.save() node_addon.authorize(user_addon, save=True) return node_addon.to_json(auth.user)
def s3_authorize_node(auth, node_addon, **kwargs): try: access_key = request.json["access_key"] secret_key = request.json["secret_key"] except KeyError: raise HTTPError(httplib.BAD_REQUEST) if not utils.can_list(access_key, secret_key): return ( { "message": ( "Unable to list buckets.\n" "Listing buckets is required permission that can be changed via IAM" ) }, httplib.BAD_REQUEST, ) user_addon = auth.user.get_or_add_addon("s3") user_addon.access_key = access_key user_addon.secret_key = secret_key user_addon.save() node_addon.authorize(user_addon, save=True) return node_addon.to_json(auth.user)
def s3_authorize_node(auth, node_addon, **kwargs): try: access_key = request.json['access_key'] secret_key = request.json['secret_key'] except KeyError: raise HTTPError(httplib.BAD_REQUEST) if not (access_key and secret_key): return { 'message': 'All the fields above are required.' }, httplib.BAD_REQUEST if not utils.can_list(access_key, secret_key): return { 'message': ('Unable to list buckets.\n' 'Listing buckets is required permission that can be changed via IAM' ) }, httplib.BAD_REQUEST user_addon = auth.user.get_or_add_addon('s3') user_addon.access_key = access_key user_addon.secret_key = secret_key user_addon.save() node_addon.authorize(user_addon, save=True) return node_addon.to_json(auth.user)
def s3_add_user_account(auth, **kwargs): """Verifies new external account credentials and adds to user's list""" try: access_key = request.json['access_key'] secret_key = request.json['secret_key'] except KeyError: raise HTTPError(httplib.BAD_REQUEST) if not (access_key and secret_key): return { 'message': 'All the fields above are required.' }, httplib.BAD_REQUEST user_info = utils.get_user_info(access_key, secret_key) if not user_info: return { 'message': ('Unable to access account.\n' 'Check to make sure that the above credentials are valid, ' 'and that they have permission to list buckets.') }, httplib.BAD_REQUEST if not utils.can_list(access_key, secret_key): return { 'message': ('Unable to list buckets.\n' 'Listing buckets is required permission that can be changed via IAM' ) }, httplib.BAD_REQUEST account = None try: account = ExternalAccount( provider=SHORT_NAME, provider_name=FULL_NAME, oauth_key=access_key, oauth_secret=secret_key, provider_id=user_info.id, display_name=user_info.display_name, ) account.save() except KeyExistsException: # ... or get the old one account = ExternalAccount.find_one( Q('oauth_key', 'eq', access_key) & Q('oauth_secret', 'eq', secret_key)) assert account is not None if account not in auth.user.external_accounts: auth.user.external_accounts.append(account) # Ensure S3 is enabled. auth.user.get_or_add_addon('s3', auth=auth) auth.user.save() return {}
def s3_add_user_account(auth, **kwargs): """Verifies new external account credentials and adds to user's list""" try: access_key = request.json['access_key'] secret_key = request.json['secret_key'] except KeyError: raise HTTPError(httplib.BAD_REQUEST) if not (access_key and secret_key): return { 'message': 'All the fields above are required.' }, httplib.BAD_REQUEST user_info = utils.get_user_info(access_key, secret_key) if not user_info: return { 'message': ('Unable to access account.\n' 'Check to make sure that the above credentials are valid, ' 'and that they have permission to list buckets.') }, httplib.BAD_REQUEST if not utils.can_list(access_key, secret_key): return { 'message': ('Unable to list buckets.\n' 'Listing buckets is required permission that can be changed via IAM') }, httplib.BAD_REQUEST account = None try: account = ExternalAccount( provider=SHORT_NAME, provider_name=FULL_NAME, oauth_key=access_key, oauth_secret=secret_key, provider_id=user_info.id, display_name=user_info.display_name, ) account.save() except KeyExistsException: # ... or get the old one account = ExternalAccount.find_one( Q('provider', 'eq', SHORT_NAME) & Q('provider_id', 'eq', user_info.id) ) assert account is not None if account not in auth.user.external_accounts: auth.user.external_accounts.append(account) # Ensure S3 is enabled. auth.user.get_or_add_addon('s3', auth=auth) auth.user.save() return {}
def s3_post_user_settings(auth, **kwargs): user_addon = auth.user.get_or_add_addon('s3') try: access_key = request.json['access_key'] secret_key = request.json['secret_key'] except KeyError: raise HTTPError(httplib.BAD_REQUEST) if not utils.can_list(access_key, secret_key): return { 'message': ('Unable to list buckets.\n' 'Listing buckets is required permission that can be changed via IAM') }, httplib.BAD_REQUEST user_addon.access_key = access_key user_addon.secret_key = secret_key user_addon.save()
def s3_post_user_settings(user_addon, **kwargs): try: access_key = request.json["access_key"] secret_key = request.json["secret_key"] except KeyError: raise HTTPError(httplib.BAD_REQUEST) if not utils.can_list(access_key, secret_key): return ( { "message": ( "Unable to list buckets.\n" "Listing buckets is required permission that can be changed via IAM" ) }, httplib.BAD_REQUEST, ) user_addon.access_key = access_key user_addon.secret_key = secret_key user_addon.save()
def is_valid(self): return utils.can_list(self.access_key, self.secret_key)
def credentials_are_valid(self, user_settings): if user_settings: for account in user_settings.external_accounts: if utils.can_list(account.oauth_key, account.oauth_secret): return True return False