def post(self, *args: Any, **kwargs: Any) -> None: name = self.get_path_argument("name") user = User.get(self.session, name=name) if not user: return self.notfound() if not self.check_access(self.session, self.current_user, user): return self.forbidden() form = UserShellForm(self.request.arguments) form.shell.choices = settings().shell if not form.validate(): return self.render("user-shell.html", form=form, user=user, alerts=self.get_form_alerts(form.errors)) set_user_metadata(self.session, user.id, USER_METADATA_SHELL_KEY, form.data["shell"]) AuditLog.log( self.session, self.current_user.id, "changed_shell", "Changed shell: {}".format(form.data["shell"]), on_user_id=user.id, ) return self.redirect("/users/{}?refresh=yes".format(user.name))
def test_basic_metadata(standard_graph, session, users, groups, permissions): # noqa: F811 """ Test basic metadata functionality. """ user_id = users["*****@*****.**"].id assert len(get_user_metadata(session, users["*****@*****.**"].id)) == 0, "No metadata yet" # Test setting "foo" to 1 works, and we get "1" back (metadata is defined as strings) set_user_metadata(session, user_id, "foo", 1) md = get_user_metadata(session, user_id) assert len(md) == 1, "One metadata item" assert [d.data_value for d in md if d.data_key == "foo"] == ["1"], "foo is 1" set_user_metadata(session, user_id, "bar", "test string") md = get_user_metadata(session, user_id) assert len(md) == 2, "Two metadata items" assert [d.data_value for d in md if d.data_key == "bar"] == [ "test string" ], "bar is test string" set_user_metadata(session, user_id, "foo", "test2") md = get_user_metadata(session, user_id) assert len(md) == 2, "Two metadata items" assert [d.data_value for d in md if d.data_key == "foo"] == ["test2"], "foo is test2" set_user_metadata(session, user_id, "foo", None) md = get_user_metadata(session, user_id) assert len(md) == 1, "One metadata item" assert [d.data_value for d in md if d.data_key == "foo"] == [], "foo is not found" set_user_metadata(session, user_id, "baz", None) md = get_user_metadata(session, user_id) assert len(md) == 1, "One metadata item"
def test_github_user_admin(session, users, http_client, base_url): # noqa: F811 user = users["*****@*****.**"] set_user_metadata(session, user.id, USER_METADATA_GITHUB_USERNAME_KEY, "zorkian") data = get_user_metadata_by_key(session, user.id, USER_METADATA_GITHUB_USERNAME_KEY) assert data assert data.data_value == "zorkian" # Another random user should not be able to clear the GitHub identity. fe_url = url(base_url, f"/users/{user.username}/github/clear") with pytest.raises(HTTPError) as excinfo: resp = yield http_client.fetch( fe_url, method="POST", headers={"X-Grouper-User": "******"}, body=b"") assert excinfo.value.code == 403 data = get_user_metadata_by_key(session, user.id, USER_METADATA_GITHUB_USERNAME_KEY) assert data assert data.data_value == "zorkian" # A user admin should be able to clear the GitHub identity. resp = yield http_client.fetch(fe_url, method="POST", headers={"X-Grouper-User": "******"}, body=b"") assert resp.code == 200 assert get_user_metadata_by_key(session, user.id, USER_METADATA_GITHUB_USERNAME_KEY) is None
def post(self, *args, **kwargs): # type: (*Any, **Any) -> None user_id = kwargs.get("user_id") # type: Optional[int] name = kwargs.get("name") # type: Optional[str] user = User.get(self.session, user_id, name) if not user: return self.notfound() if not self.check_access(self.session, self.current_user, user): return self.forbidden() form = UserGitHubForm(self.request.arguments) if not form.validate(): return self.render( "user-github.html", form=form, user=user, alerts=self.get_form_alerts(form.errors) ) new_username = form.data["username"] if new_username == "": new_username = None set_user_metadata(self.session, user.id, USER_METADATA_GITHUB_USERNAME_KEY, new_username) AuditLog.log( self.session, self.current_user.id, "changed_github_username", "Changed GitHub username: {}".format(form.data["username"]), on_user_id=user.id, ) return self.redirect("/users/{}?refresh=yes".format(user.name))
def test_github_username(session, users, http_client, base_url, graph): # noqa: F811 user = users["*****@*****.**"] assert get_user_metadata_by_key(session, user.id, USER_METADATA_GITHUB_USERNAME_KEY) is None set_user_metadata(session, user.id, USER_METADATA_GITHUB_USERNAME_KEY, "zorkian-on-gh") graph.update_from_db(session) fe_url = url(base_url, "/users/{}".format(user.username)) resp = yield http_client.fetch(fe_url) assert resp.code == 200 body = json.loads(resp.body) [metadata] = body["data"]["user"]["metadata"] assert metadata["data_key"] == "github_username" assert metadata["data_value"] == "zorkian-on-gh" set_user_metadata(session, user.id, USER_METADATA_GITHUB_USERNAME_KEY, None) graph.update_from_db(session) fe_url = url(base_url, "/users/{}".format(user.username)) resp = yield http_client.fetch(fe_url) assert resp.code == 200 body = json.loads(resp.body) assert body["data"]["user"]["metadata"] == []
def post(self, *args, **kwargs): # type: (*Any, **Any) -> None user_id = kwargs.get("user_id") # type: Optional[int] name = kwargs.get("name") # type: Optional[str] user = User.get(self.session, user_id, name) if not user: return self.notfound() if not self.check_access(self.session, self.current_user, user): return self.forbidden() form = UserShellForm(self.request.arguments) form.shell.choices = settings().shell if not form.validate(): return self.render( "user-shell.html", form=form, user=user, alerts=self.get_form_alerts(form.errors) ) set_user_metadata(self.session, user.id, USER_METADATA_SHELL_KEY, form.data["shell"]) AuditLog.log( self.session, self.current_user.id, "changed_shell", "Changed shell: {}".format(form.data["shell"]), on_user_id=user.id, ) return self.redirect("/users/{}?refresh=yes".format(user.name))
def test_shell(session, users, http_client, base_url, graph): user = users['*****@*****.**'] assert not get_user_metadata_by_key(session, user.id, USER_METADATA_SHELL_KEY) set_user_metadata(session, user.id, USER_METADATA_SHELL_KEY, "/bin/bash") graph.update_from_db(session) fe_url = url(base_url, '/users/{}'.format(user.username)) resp = yield http_client.fetch(fe_url) assert resp.code == 200 body = json.loads(resp.body) assert body["data"]["user"]["metadata"] != [], "There should be metadata" assert len(body["data"]["user"]["metadata"]) == 1, "There should only be 1 metadata!" assert body["data"]["user"]["metadata"][0]["data_key"] == "shell", "There should only be 1 metadata!" assert body["data"]["user"]["metadata"][0]["data_value"] == "/bin/bash", "The shell should be set to the correct value" set_user_metadata(session, user.id, USER_METADATA_SHELL_KEY, "/bin/zsh") graph.update_from_db(session) fe_url = url(base_url, '/users/{}'.format(user.username)) resp = yield http_client.fetch(fe_url) assert resp.code == 200 body = json.loads(resp.body) assert body["data"]["user"]["metadata"] != [], "There should be metadata" assert body["data"]["user"]["metadata"][0]["data_key"] == "shell", "There should only be 1 metadata!" assert body["data"]["user"]["metadata"][0]["data_value"] == "/bin/zsh", "The shell should be set to the correct value" assert len(body["data"]["user"]["metadata"]) == 1, "There should only be 1 metadata!"
def create_service_account(self, name, owner, machine_set, description, initial_metadata=None): # type: (str, str, str, str, Optional[Dict[str,str]]) -> None group = Group.get(self.session, name=owner) if not group: raise GroupNotFoundException(owner) # Create the service account in the database. user = SQLUser(username=name, is_service_account=True) service = SQLServiceAccount(user=user, machine_set=machine_set, description=description) user.add(self.session) service.add(self.session) # Flush the account to allocate an ID. self.session.flush() # Set initial user metadata fields if present. if initial_metadata is not None: for key, value in initial_metadata.items(): # TODO: move this to use the hexagonal architecture model. set_user_metadata(self.session, user.id, key, value) # Create the linkage to the owner. GroupServiceAccount(group_id=group.id, service_account=service).add(self.session)
def set_metadata(self, key, value): from grouper.user_metadata import set_user_metadata logging.warning( "User.set_metadata is deprecated." "Please switch to using grouper.user_metadata.set_user_metadata") set_user_metadata(self.session, self.id, key, value)
def test_basic_metadata(standard_graph, session, users, groups, permissions): # noqa: F811 """ Test basic metadata functionality. """ user_id = users["*****@*****.**"].id assert len(get_user_metadata(session, users["*****@*****.**"].id)) == 0, "No metadata yet" # Test setting "foo" to 1 works, and we get "1" back (metadata is defined as strings) set_user_metadata(session, user_id, "foo", 1) md = get_user_metadata(session, user_id) assert len(md) == 1, "One metadata item" assert [d.data_value for d in md if d.data_key == "foo"] == ["1"], "foo is 1" set_user_metadata(session, user_id, "bar", "test string") md = get_user_metadata(session, user_id) assert len(md) == 2, "Two metadata items" assert [d.data_value for d in md if d.data_key == "bar"] == [ "test string" ], "bar is test string" set_user_metadata(session, user_id, "foo", "test2") md = get_user_metadata(session, user_id) assert len(md) == 2, "Two metadata items" assert [d.data_value for d in md if d.data_key == "foo"] == ["test2"], "foo is test2" set_user_metadata(session, user_id, "foo", None) md = get_user_metadata(session, user_id) assert len(md) == 1, "One metadata item" assert [d.data_value for d in md if d.data_key == "foo"] == [], "foo is not found" set_user_metadata(session, user_id, "baz", None) md = get_user_metadata(session, user_id) assert len(md) == 1, "One metadata item"
def test_shell(session, users, http_client, base_url, graph): user = users['*****@*****.**'] assert not get_user_metadata_by_key(session, user.id, USER_METADATA_SHELL_KEY) set_user_metadata(session, user.id, USER_METADATA_SHELL_KEY, "/bin/bash") graph.update_from_db(session) fe_url = url(base_url, '/users/{}'.format(user.username)) resp = yield http_client.fetch(fe_url) assert resp.code == 200 body = json.loads(resp.body) assert body["data"]["user"]["metadata"] != [], "There should be metadata" assert len(body["data"]["user"]["metadata"]) == 1, "There should only be 1 metadata!" assert body["data"]["user"]["metadata"][0]["data_key"] == "shell", "There should only be 1 metadata!" assert body["data"]["user"]["metadata"][0]["data_value"] == "/bin/bash", "The shell should be set to the correct value" set_user_metadata(session, user.id, USER_METADATA_SHELL_KEY, "/bin/zsh") graph.update_from_db(session) fe_url = url(base_url, '/users/{}'.format(user.username)) resp = yield http_client.fetch(fe_url) assert resp.code == 200 body = json.loads(resp.body) assert body["data"]["user"]["metadata"] != [], "There should be metadata" assert body["data"]["user"]["metadata"][0]["data_key"] == "shell", "There should only be 1 metadata!" assert body["data"]["user"]["metadata"][0]["data_value"] == "/bin/zsh", "The shell should be set to the correct value" assert len(body["data"]["user"]["metadata"]) == 1, "There should only be 1 metadata!"
def post(self, *args, **kwargs): # type: (*Any, **Any) -> None user_id = kwargs.get("user_id") # type: Optional[int] name = kwargs.get("name") # type: Optional[str] user = User.get(self.session, user_id, name) if not user: return self.notfound() if not self.check_access(self.session, self.current_user, user): return self.forbidden() form = UserGitHubForm(self.request.arguments) if not form.validate(): return self.render("user-github.html", form=form, user=user, alerts=self.get_form_alerts(form.errors)) new_username = form.data["username"] if new_username == "": new_username = None set_user_metadata(self.session, user.id, USER_METADATA_GITHUB_USERNAME_KEY, new_username) AuditLog.log( self.session, self.current_user.id, "changed_github_username", "Changed GitHub username: {}".format(form.data["username"]), on_user_id=user.id, ) return self.redirect("/users/{}?refresh=yes".format(user.name))
def post(self, *args: Any, **kwargs: Any) -> None: name = self.get_path_argument("name") user = User.get(self.session, name=name) if not user: return self.notfound() if not self.check_access(self.session, self.current_user, user): return self.forbidden() metadata_key = self.get_path_argument("key") if metadata_key == USER_METADATA_SHELL_KEY: return self.redirect("/users/{}/shell".format(user.name)) elif metadata_key == USER_METADATA_GITHUB_USERNAME_KEY: return self.redirect("/github/link_begin/{}".format(user.id)) known_field = metadata_key in settings().metadata_options metadata_item = get_user_metadata_by_key(self.session, user.id, metadata_key) if not metadata_item and not known_field: return self.notfound() form = UserMetadataForm(self.request.arguments) form.value.choices = settings().metadata_options.get( metadata_key, DEFAULT_METADATA_OPTIIONS) if not form.validate(): return self.render( "user-metadata.html", form=form, user=user, metadata_key=metadata_key, is_enabled=known_field, alerts=self.get_form_alerts(form.errors), ) set_user_metadata(self.session, user.id, metadata_key, form.data["value"]) AuditLog.log( self.session, self.current_user.id, "changed_user_metadata", "Changed {}: {}".format(metadata_key, form.data["value"]), on_user_id=user.id, ) return self.redirect("/users/{}?refresh=yes".format(user.name))
def test_metadata(session, users, http_client, base_url): # noqa: F811 settings().metadata_options = { "favorite_food": [["pizza", "pizza"], ["kale", "kale"]] } user = users["*****@*****.**"] assert not get_user_metadata_by_key(session, user.id, "favorite_food") user = User.get(session, name=user.username) set_user_metadata(session, user.id, "favorite_food", "default") fe_url = url(base_url, "/users/{}/metadata/favorite_food".format(user.username)) resp = yield http_client.fetch( fe_url, method="POST", body=urlencode({"value": "pizza"}), headers={"X-Grouper-User": user.username}, ) assert resp.code == 200 assert get_user_metadata_by_key(session, user.id, "favorite_food").data_value == "pizza" fe_url = url(base_url, "/users/{}/metadata/favorite_food".format(user.username)) resp = yield http_client.fetch( fe_url, method="POST", body=urlencode({"value": "kale"}), headers={"X-Grouper-User": user.username}, ) assert get_user_metadata_by_key(session, user.id, "favorite_food").data_value == "kale" fe_url = url(base_url, "/users/{}/metadata/favorite_food".format(user.username)) resp = yield http_client.fetch( fe_url, method="POST", body=urlencode({"value": "donuts"}), headers={"X-Grouper-User": user.username}, ) assert get_user_metadata_by_key(session, user.id, "favorite_food").data_value == "kale"
def get(self, *args: Any, **kwargs: Any) -> Iterator[Future]: # Check that the state parameter is correct. state = self.request.query_arguments.get("state", [b""])[-1] expected_state = self.get_cookie("github-link-state", "").encode("utf-8") self.clear_cookie("github-link-state") if not hmac.compare_digest(state, expected_state): self.badrequest() return code = self.get_query_argument("code") # Make sure we're modifying the authenticated user before doing more. user_id = kwargs["user_id"] user = User.get(self.session, user_id) if not user: self.notfound() return if self.current_user.id != user.id: self.forbidden() return github_client = GitHubClient(_get_github_http_client(), settings().http_proxy_host, settings().http_proxy_port) oauth_token = yield github_client.get_oauth_access_token( settings().github_app_client_id, get_plugin_proxy().get_github_app_client_secret(), code, state, ) gh_username = yield github_client.get_username(oauth_token) AuditLog.log( self.session, self.current_user.id, "changed_github_username", "Changed GitHub username: {}".format(gh_username), on_user_id=user.id, ) set_user_metadata(self.session, user.id, USER_METADATA_GITHUB_USERNAME_KEY, gh_username) self.redirect("/users/{}?refresh=yes".format(user.name))
def post(self, *args: Any, **kwargs: Any) -> None: name = self.get_path_argument("name") user = User.get(self.session, name=name) if not user: return self.notfound() if not self.check_access(self.session, self.current_user, user): return self.forbidden() set_user_metadata(self.session, user.id, USER_METADATA_GITHUB_USERNAME_KEY, None) AuditLog.log( self.session, self.current_user.id, "changed_github_username", "Cleared GitHub link", on_user_id=user.id, ) return self.redirect("/users/{}?refresh=yes".format(user.name))
def test_github_username(session, users, http_client, base_url, graph): # noqa: F811 user = users["*****@*****.**"] assert get_user_metadata_by_key(session, user.id, USER_METADATA_GITHUB_USERNAME_KEY) is None set_user_metadata(session, user.id, USER_METADATA_GITHUB_USERNAME_KEY, "zorkian-on-gh") graph.update_from_db(session) fe_url = url(base_url, "/users/{}".format(user.username)) resp = yield http_client.fetch(fe_url) assert resp.code == 200 body = json.loads(resp.body) [metadata] = body["data"]["user"]["metadata"] assert metadata["data_key"] == "github_username" assert metadata["data_value"] == "zorkian-on-gh" set_user_metadata(session, user.id, USER_METADATA_GITHUB_USERNAME_KEY, None) graph.update_from_db(session) fe_url = url(base_url, "/users/{}".format(user.username)) resp = yield http_client.fetch(fe_url) assert resp.code == 200 body = json.loads(resp.body) assert body["data"]["user"]["metadata"] == []
def post(self, user_id=None, name=None): user = User.get(self.session, user_id, name) if not user: return self.notfound() if not self.check_access(self.session, self.current_user, user): return self.forbidden() form = UserShellForm(self.request.arguments) form.shell.choices = settings.shell if not form.validate(): return self.render( "user-shell.html", form=form, user=user, alerts=self.get_form_alerts(form.errors), ) set_user_metadata(self.session, user.id, USER_METADATA_SHELL_KEY, form.data["shell"]) AuditLog.log(self.session, self.current_user.id, 'changed_shell', 'Changed shell: {}'.format(form.data["shell"]), on_user_id=user.id) return self.redirect("/users/{}?refresh=yes".format(user.name))
def set_metadata(self, key, value): from grouper.user_metadata import set_user_metadata logging.warning("User.set_metadata is deprecated." "Please switch to using grouper.user_metadata.set_user_metadata") set_user_metadata(self.session, self.id, key, value)
def user_command(args, settings, session_factory): # type: (Namespace, CtlSettings, SessionFactory) -> None session = session_factory.create_session() if args.subcommand == "create": for username in args.username: user = User.get(session, name=username) if not user: logging.info("{}: No such user, creating...".format(username)) user = User.get_or_create(session, username=username, role_user=args.role_user) session.commit() else: logging.info( "{}: Already exists. Doing nothing.".format(username)) return elif args.subcommand == "disable": for username in args.username: user = User.get(session, name=username) if not user: logging.info( "{}: No such user. Doing nothing.".format(username)) elif not user.enabled: logging.info( "{}: User already disabled. Doing nothing.".format( username)) else: logging.info("{}: User found, disabling...".format(username)) try: if user.role_user: disable_role_user(session, user) else: disable_user(session, user) AuditLog.log( session, user.id, "disable_user", "(Administrative) User disabled via grouper-ctl", on_user_id=user.id, ) session.commit() except PluginRejectedDisablingUser as e: logging.error("%s", e) return elif args.subcommand == "enable": for username in args.username: user = User.get(session, name=username) if not user: logging.info( "{}: No such user. Doing nothing.".format(username)) elif user.enabled: logging.info( "{}: User not disabled. Doing nothing.".format(username)) else: logging.info("{}: User found, enabling...".format(username)) if user.role_user: enable_role_user( session, user, preserve_membership=args.preserve_membership, user=user) else: enable_user(session, user, user, preserve_membership=args.preserve_membership) AuditLog.log( session, user.id, "enable_user", "(Administrative) User enabled via grouper-ctl", on_user_id=user.id, ) session.commit() return # "add_public_key" and "set_metadata" user = User.get(session, name=args.username) if not user: logging.error("{}: No such user. Doing nothing.".format(args.username)) return # User must exist at this point. if args.subcommand == "set_metadata": logging.info("Setting %s metadata: %s=%s", args.username, args.metadata_key, args.metadata_value) if args.metadata_value == "": args.metadata_value = None set_user_metadata(session, user.id, args.metadata_key, args.metadata_value) session.commit() elif args.subcommand == "add_public_key": logging.info("Adding public key for user") try: pubkey = public_key.add_public_key(session, user, args.public_key) except public_key.DuplicateKey: logging.error("Key already in use") return except public_key.PublicKeyParseError: logging.error("Public key appears to be invalid") return AuditLog.log( session, user.id, "add_public_key", "(Administrative) Added public key: {}".format( pubkey.fingerprint_sha256), on_user_id=user.id, )
def user_command(args): session = make_session() if args.subcommand == "create": for username in args.username: user = User.get(session, name=username) if not user: logging.info("{}: No such user, creating...".format(username)) user = User.get_or_create(session, username=username, role_user=args.role_user) session.commit() else: logging.info( "{}: Already exists. Doing nothing.".format(username)) return elif args.subcommand == "disable": for username in args.username: user = User.get(session, name=username) if not user: logging.info( "{}: No such user. Doing nothing.".format(username)) elif not user.enabled: logging.info( "{}: User already disabled. Doing nothing.".format( username)) else: logging.info("{}: User found, disabling...".format(username)) try: if user.role_user: disable_role_user(session, user) else: disable_user(session, user) AuditLog.log( session, user.id, 'disable_user', '(Administrative) User disabled via grouper-ctl', on_user_id=user.id) session.commit() except PluginRejectedDisablingUser as e: logging.error(e.message) return elif args.subcommand == "enable": for username in args.username: user = User.get(session, name=username) if not user: logging.info( "{}: No such user. Doing nothing.".format(username)) elif user.enabled: logging.info( "{}: User not disabled. Doing nothing.".format(username)) else: logging.info("{}: User found, enabling...".format(username)) if user.role_user: enable_role_user( session, user, preserve_membership=args.preserve_membership, user=user) else: enable_user(session, user, user, preserve_membership=args.preserve_membership) AuditLog.log(session, user.id, 'enable_user', '(Administrative) User enabled via grouper-ctl', on_user_id=user.id) session.commit() return # "add_public_key" and "set_metadata" user = User.get(session, name=args.username) if not user: logging.error("{}: No such user. Doing nothing.".format(args.username)) return # User must exist at this point. if args.subcommand == "set_metadata": print "Setting %s metadata: %s=%s" % (args.username, args.metadata_key, args.metadata_value) if args.metadata_value == "": args.metadata_value = None set_user_metadata(session, user.id, args.metadata_key, args.metadata_value) session.commit() elif args.subcommand == "add_public_key": print "Adding public key for user..." try: pubkey = public_key.add_public_key(session, user, args.public_key) except public_key.DuplicateKey: print "Key already in use." return except public_key.PublicKeyParseError: print "Public key appears to be invalid." return AuditLog.log(session, user.id, 'add_public_key', '(Administrative) Added public key: {}'.format( pubkey.fingerprint), on_user_id=user.id)
def user_command(args, settings, session_factory): # type: (Namespace, CtlSettings, SessionFactory) -> None session = session_factory.create_session() if args.subcommand == "create": for username in args.username: user = User.get(session, name=username) if not user: logging.info("{}: No such user, creating...".format(username)) user = User.get_or_create(session, username=username, role_user=args.role_user) session.commit() else: logging.info("{}: Already exists. Doing nothing.".format(username)) return elif args.subcommand == "disable": for username in args.username: user = User.get(session, name=username) if not user: logging.info("{}: No such user. Doing nothing.".format(username)) elif not user.enabled: logging.info("{}: User already disabled. Doing nothing.".format(username)) else: logging.info("{}: User found, disabling...".format(username)) try: if user.role_user: disable_role_user(session, user) else: disable_user(session, user) AuditLog.log( session, user.id, "disable_user", "(Administrative) User disabled via grouper-ctl", on_user_id=user.id, ) session.commit() except PluginRejectedDisablingUser as e: logging.error("%s", e) return elif args.subcommand == "enable": for username in args.username: user = User.get(session, name=username) if not user: logging.info("{}: No such user. Doing nothing.".format(username)) elif user.enabled: logging.info("{}: User not disabled. Doing nothing.".format(username)) else: logging.info("{}: User found, enabling...".format(username)) if user.role_user: enable_role_user( session, user, preserve_membership=args.preserve_membership, user=user ) else: enable_user(session, user, user, preserve_membership=args.preserve_membership) AuditLog.log( session, user.id, "enable_user", "(Administrative) User enabled via grouper-ctl", on_user_id=user.id, ) session.commit() return # "add_public_key" and "set_metadata" user = User.get(session, name=args.username) if not user: logging.error("{}: No such user. Doing nothing.".format(args.username)) return # User must exist at this point. if args.subcommand == "set_metadata": logging.info( "Setting %s metadata: %s=%s", args.username, args.metadata_key, args.metadata_value ) if args.metadata_value == "": args.metadata_value = None set_user_metadata(session, user.id, args.metadata_key, args.metadata_value) session.commit() elif args.subcommand == "add_public_key": logging.info("Adding public key for user") try: pubkey = public_key.add_public_key(session, user, args.public_key) except public_key.DuplicateKey: logging.error("Key already in use") return except public_key.PublicKeyParseError: logging.error("Public key appears to be invalid") return AuditLog.log( session, user.id, "add_public_key", "(Administrative) Added public key: {}".format(pubkey.fingerprint_sha256), on_user_id=user.id, )
def user_command(args): session = make_session() if args.subcommand == "create": for username in args.username: user = User.get(session, name=username) if not user: logging.info("{}: No such user, creating...".format(username)) user = User.get_or_create(session, username=username, role_user=args.role_user) session.commit() else: logging.info("{}: Already exists. Doing nothing.".format(username)) return elif args.subcommand == "disable": for username in args.username: user = User.get(session, name=username) if not user: logging.info("{}: No such user. Doing nothing.".format(username)) elif not user.enabled: logging.info("{}: User already disabled. Doing nothing.".format(username)) else: logging.info("{}: User found, disabling...".format(username)) if user.role_user: disable_service_account(session, user) else: disable_user(session, user) session.commit() return elif args.subcommand == "enable": for username in args.username: user = User.get(session, name=username) if not user: logging.info("{}: No such user. Doing nothing.".format(username)) elif user.enabled: logging.info("{}: User not disabled. Doing nothing.".format(username)) else: logging.info("{}: User found, enabling...".format(username)) if user.role_user: enable_service_account(session, user, preserve_membership=args.preserve_membership, user=user) else: enable_user(session, user, user, preserve_membership=args.preserve_membership) session.commit() return # "add_public_key" and "set_metadata" user = User.get(session, name=args.username) if not user: logging.error("{}: No such user. Doing nothing.".format(args.username)) return # User must exist at this point. if args.subcommand == "set_metadata": print "Setting %s metadata: %s=%s" % (args.username, args.metadata_key, args.metadata_value) if args.metadata_value == "": args.metadata_value = None set_user_metadata(session, user.id, args.metadata_key, args.metadata_value) session.commit() elif args.subcommand == "add_public_key": print "Adding public key for user..." try: pubkey = public_key.add_public_key(session, user, args.public_key) except public_key.DuplicateKey: print "Key already in use." return except public_key.PublicKeyParseError: print "Public key appears to be invalid." return AuditLog.log(session, user.id, 'add_public_key', '(Administrative) Added public key: {}'.format(pubkey.fingerprint), on_user_id=user.id)