def create_role_user(session, actor, name, description, canjoin): # type (Session, User, str, str, str) -> None """DEPRECATED: Do not use in production code Creates a service account with the given name, description, and canjoin status Args: session: the database session actor: the user creating the service account name: the name of the service account description: description of the service account canjoin: the canjoin status for management of the service account Throws: IntegrityError: if a user or group with the given name already exists """ user = User(username=name, role_user=True) group = Group(groupname=name, description=description, canjoin=canjoin) user.add(session) group.add(session) group.add_member(actor, actor, "Group Creator", "actioned", None, "np-owner") group.add_member(actor, user, "Service Account", "actioned", None, "member") session.commit() AuditLog.log( session, actor.id, "create_role_user", "Created new service account.", on_group_id=group.id, on_user_id=user.id, )
def create_service_account(session, actor, name, description, machine_set, owner): # type: (Session, User, str, str, str, Group) -> ServiceAccount """Creates a service account and its underlying user. Also adds the service account to the list of accounts managed by the owning group. Throws: BadMachineSet: if some plugin rejected the machine set DuplicateServiceAccount: if a user with the given name already exists """ user = User(username=name, is_service_account=True) service_account = ServiceAccount(user=user, description=description, machine_set=machine_set) if machine_set is not None: _check_machine_set(service_account, machine_set) try: user.add(session) service_account.add(session) session.flush() except IntegrityError: session.rollback() raise DuplicateServiceAccount("User {} already exists".format(name)) # Counter is updated here and the session is committed, so we don't need an additional update # or commit for the account creation. add_service_account(session, owner, service_account) AuditLog.log(session, actor.id, "create_service_account", "Created new service account.", on_group_id=owner.id, on_user_id=service_account.user_id) return service_account
def create_service_account(self, name, owner, machine_set, description, initial_metadata=None): # type: (str, str, str, str, Optional[Dict[str,str]]) -> None group = Group.get(self.session, name=owner) if not group: raise GroupNotFoundException(owner) # Create the service account in the database. user = SQLUser(username=name, is_service_account=True) service = SQLServiceAccount(user=user, machine_set=machine_set, description=description) user.add(self.session) service.add(self.session) # Flush the account to allocate an ID. self.session.flush() # Set initial user metadata fields if present. if initial_metadata is not None: for key, value in initial_metadata.items(): # TODO: move this to use the hexagonal architecture model. set_user_metadata(self.session, user.id, key, value) # Create the linkage to the owner. GroupServiceAccount(group_id=group.id, service_account=service).add(self.session)
def create_user(self, name): # type: (str) -> None """Create a user, does nothing if it already exists.""" if User.get(self.session, name=name): return user = User(username=name) user.add(self.session)
def service_accounts(session, users, groups): user = User(username="******", is_service_account=True) service_account = ServiceAccount(user=user, description="some service account", machine_set="some machines") user.add(session) service_account.add(session) session.flush() add_service_account(session, groups["team-sre"], service_account) return {"*****@*****.**": service_account}
def create_role_user(self, role_user, description="", join_policy=GroupJoinPolicy.CAN_ASK): # type: (str, str, GroupJoinPolicy) -> None """Create an old-style role user. This concept is obsolete and all code related to it will be deleted once all remaining legacy role users have been converted to service accounts. This method should be used only for tests to maintain backward compatibility until that happens. """ user = User(username=role_user, role_user=True) user.add(self.session) self.create_group(role_user, description, join_policy) self.add_user_to_group(role_user, role_user)
def create_service_account(self, name, owner, machine_set, description): # type: (str, str, str, str) -> None group = Group.get(self.session, name=owner) if not group: raise GroupNotFoundException(group) # Create the service account in the database. user = SQLUser(username=name, is_service_account=True) service = SQLServiceAccount(user=user, machine_set=machine_set, description=description) user.add(self.session) service.add(self.session) # Flush the account to allocate an ID, and then create the linkage to the owner. self.session.flush() GroupServiceAccount(group_id=group.id, service_account=service).add(self.session)
def create_service_account(self, service_account, owner, description="", machine_set=""): # type: (str, str, str, str) -> None self.create_group(owner) group_obj = Group.get(self.session, name=owner) assert group_obj if User.get(self.session, name=service_account): return user = User(username=service_account) user.add(self.session) service_account_obj = ServiceAccount( user_id=user.id, description=description, machine_set=machine_set ) service_account_obj.add(self.session) user.is_service_account = True self.session.flush() owner_map = GroupServiceAccount( group_id=group_obj.id, service_account_id=service_account_obj.id ) owner_map.add(self.session)
def create_service_account(self, service_account, owner, description="", machine_set=""): # type: (str, str, str, str) -> None self.create_group(owner) group_obj = Group.get(self.session, name=owner) assert group_obj if User.get(self.session, name=service_account): return user = User(username=service_account) user.add(self.session) service_account_obj = ServiceAccount(user_id=user.id, description=description, machine_set=machine_set) service_account_obj.add(self.session) user.is_service_account = True self.session.flush() owner_map = GroupServiceAccount( group_id=group_obj.id, service_account_id=service_account_obj.id) owner_map.add(self.session)