async def post(self):
log_data = {
"user": self.user,
"function":
f"{__name__}.{self.__class__.__name__}.{sys._getframe().f_code.co_name}",
"user-agent": self.request.headers.get("User-Agent"),
"request_id": self.request_uuid,
"ip": self.ip,
}
can_create_role = can_create_roles(self.user, self.groups)
if not can_create_role:
stats.count(
f"{log_data['function']}.unauthorized",
tags={
"user": self.user,
"authorized": can_create_role
},
)
log_data["message"] = "User is unauthorized to clone a role"
log.error(log_data)
self.write_error(403,
message="User is unauthorized to clone a role")
return
try:
clone_model = CloneRoleRequestModel.parse_raw(self.request.body)
except ValidationError as e:
log_data["message"] = "Validation Exception"
log.error(log_data, exc_info=True)
stats.count(f"{log_data['function']}.validation_exception",
tags={"user": self.user})
sentry_sdk.capture_exception()
self.write_error(400, message="Error validating input: " + str(e))
return
try:
results = await clone_iam_role(clone_model, self.user)
except Exception as e:
log_data["message"] = "Exception cloning role"
log_data["error"] = str(e)
log_data["account_id"] = clone_model.account_id
log_data["role_name"] = clone_model.role_name
log.error(log_data, exc_info=True)
stats.count(
f"{log_data['function']}.exception",
tags={
"user": self.user,
"account_id": clone_model.account_id,
"role_name": clone_model.role_name,
},
)
sentry_sdk.capture_exception()
self.write_error(500,
message="Exception occurred cloning role: " +
str(e))
return
# if here, role has been successfully cloned
self.write(results)
async def get(self):
"""
Provide information about site configuration for the frontend
:return:
"""
is_contractor = config.config_plugin().is_contractor(self.user)
site_config = {
"consoleme_logo": await get_random_security_logo(),
"google_tracking_uri": config.get("google_analytics.tracking_url"),
"documentation_url": config.get("documentation_page"),
"support_contact": config.get("support_contact"),
"support_chat_url": config.get("support_chat_url"),
"security_logo": config.get("security_logo.image"),
"security_url": config.get("security_logo.url"),
}
user_profile = {
"site_config":
site_config,
"user":
self.user,
"can_logout":
config.get("auth.set_auth_cookie"),
"is_contractor":
is_contractor,
"employee_photo_url":
config.config_plugin().get_employee_photo_url(self.user),
"employee_info_url":
config.config_plugin().get_employee_info_url(self.user),
"authorization": {
"can_edit_policies":
can_admin_policies(self.user, self.groups),
"can_create_roles": can_create_roles(self.user, self.groups),
"can_delete_roles": can_delete_roles(self.user, self.groups),
},
"pages": {
"header": {
"custom_header_message_title":
config.get("headers.custom_header_message.title", ""),
"custom_header_message_text":
config.get("headers.custom_header_message.text", ""),
},
"groups": {
"enabled": config.get("headers.group_access.enabled",
False)
},
"users": {
"enabled": config.get("headers.group_access.enabled",
False)
},
"policies": {
"enabled":
config.get("headers.policies.enabled", True)
and not is_contractor
},
"self_service": {
"enabled":
config.get("enable_self_service", True)
and not is_contractor
},
"api_health": {
"enabled":
is_in_group(
self.user,
self.groups,
config.get("groups.can_edit_health_alert", []),
)
},
"audit": {
"enabled":
is_in_group(self.user, self.groups,
config.get("groups.can_audit", []))
},
"config": {
"enabled": can_edit_dynamic_config(self.user, self.groups)
},
},
"accounts":
await get_account_id_to_name_mapping(),
}
self.set_header("Content-Type", "application/json")
self.write(user_profile)
async def get(self):
"""
Provide information about site configuration for the frontend
:return:
"""
is_contractor = config.config_plugin().is_contractor(self.user)
site_config = {
"consoleme_logo": await get_random_security_logo(),
"google_analytics": {
"tracking_id": config.get("google_analytics.tracking_id"),
"options": config.get("google_analytics.options", {}),
},
"documentation_url": config.get(
"documentation_page", "https://hawkins.gitbook.io/consoleme/"
),
"support_contact": config.get("support_contact"),
"support_chat_url": config.get(
"support_chat_url", "https://discord.com/invite/nQVpNGGkYu"
),
"security_logo": config.get("security_logo.image"),
"security_url": config.get("security_logo.url"),
# If site_config.landing_url is set, users will be redirected to the landing URL after authenticating
# on the frontend.
"landing_url": config.get("site_config.landing_url"),
"temp_policy_support": config.get("policies.temp_policy_support"),
"notifications": {
"enabled": config.get("site_config.notifications.enabled"),
"request_interval": config.get(
"site_config.notifications.request_interval", 60
),
},
"cloudtrail_denies_policy_generation": config.get(
"celery.cache_cloudtrail_denies.enabled", False
),
}
custom_page_header: Dict[str, str] = await get_custom_page_header(
self.user, self.groups
)
user_profile = {
"site_config": site_config,
"user": self.user,
"can_logout": config.get("auth.set_auth_cookie", False),
"is_contractor": is_contractor,
"employee_photo_url": config.config_plugin().get_employee_photo_url(
self.user
),
"employee_info_url": config.config_plugin().get_employee_info_url(
self.user
),
"authorization": {
"can_edit_policies": can_admin_policies(self.user, self.groups),
"can_create_roles": can_create_roles(self.user, self.groups),
"can_delete_iam_principals": can_delete_iam_principals(
self.user, self.groups
),
},
"pages": {
"header": {
"custom_header_message_title": custom_page_header.get(
"custom_header_message_title", ""
),
"custom_header_message_text": custom_page_header.get(
"custom_header_message_text", ""
),
"custom_header_message_route": custom_page_header.get(
"custom_header_message_route", ""
),
},
"groups": {
"enabled": config.get("headers.group_access.enabled", False)
},
"users": {"enabled": config.get("headers.group_access.enabled", False)},
"policies": {
"enabled": config.get("headers.policies.enabled", True)
and not is_contractor
},
"self_service": {
"enabled": config.get("enable_self_service", True)
and not is_contractor
},
"api_health": {
"enabled": is_in_group(
self.user,
self.groups,
config.get("groups.can_edit_health_alert", []),
)
},
"audit": {
"enabled": is_in_group(
self.user, self.groups, config.get("groups.can_audit", [])
)
},
"config": {"enabled": can_edit_dynamic_config(self.user, self.groups)},
},
"accounts": await get_account_id_to_name_mapping(),
}
self.set_header("Content-Type", "application/json")
self.write(user_profile)
