def get(self, audit_ctx, group_id):
audit_ctx['request.group'] = group_id
internal_authorize('GetGroup', format_arn('groups', group_id))
group = self._get_or_404(group_id)
audit_ctx['request.group'] = group.name
return jsonify(marshal(group, group_fields))
def add_user_to_group(audit_ctx, group_id):
audit_ctx['request.group'] = group_id
internal_authorize('AddUserToGroup', format_arn('groups', group_id))
group = Group.query.filter(Group.name == group_id).first()
if not group:
print("D")
abort(404, message=f'group {group_id} does not exist')
audit_ctx['request.group'] = group.name
user_parser = reqparse.RequestParser()
user_parser.add_argument('user', type=str, location='json', required=True)
args = user_parser.parse_args()
user = User.query.filter(User.username == args['user']).first()
if not user:
print("C")
abort(404, message=f'user {args["user"]} does not exist')
audit_ctx['request.username'] = user.username
group.users.append(user)
db.session.add(group)
db.session.commit()
return jsonify({})
def post(self, audit_ctx, group_id):
audit_ctx['request.group'] = group_id
internal_authorize('CreateGroupPolicy', format_arn('groups', group_id))
args = group_policy_parser.parse_args()
policy_json = json.loads(args['policy'])
audit_ctx['request.policy'] = args['name']
audit_ctx['request.policy-json'] = json.dumps(policy_json,
indent=4,
separators=(',', ': '))
group = Group.query.filter(Group.name == group_id).first()
if not group:
abort(404, message=f'Group {group_id} does not exist')
policy = GroupPolicy(
group=group,
name=args['name'],
policy=policy_json,
)
db.session.add(policy)
db.session.commit()
return jsonify(marshal(policy, group_policy_fields))
def delete(self, audit_ctx, username):
audit_ctx['request.username'] = username
internal_authorize('DeleteUser', format_arn('users', username))
user = self._get_or_404(username)
db.session.delete(user)
return make_response(jsonify({}), 201, [])
def delete(self, audit_ctx, group_id):
audit_ctx['request.group'] = group_id
internal_authorize('DeleteGroup', format_arn('groups', group_id))
group = self._get_or_404(group_id)
audit_ctx['request.group'] = group.name
db.session.delete(group)
return make_response(jsonify({}), 201, [])
def get(self, audit_ctx, username, policy_name):
audit_ctx['request.username'] = username
audit_ctx['request.policy'] = policy_name
internal_authorize('GetUserPolicy', format_arn('users', username))
user = User.query.filter(User.username == username).first()
if not user:
abort(404, message=f'User doesn\'t exist')
policy = self._get_or_404(user, policy_name)
return jsonify(marshal(policy, user_policy_fields))
def get(self, audit_ctx, group_id, policy_name):
audit_ctx['request.group'] = group_id
audit_ctx['request.policy'] = policy_name
internal_authorize('GetGroupPolicy', format_arn('groups', group_id))
group = Group.query.filter(Group.name == group_id).first()
if not group:
abort(404, message=f'group {group_id} does not exist')
policy = self._get_or_404(group, policy_name)
return jsonify(marshal(policy, group_policy_fields))
def get(self, audit_ctx, username, key_id):
audit_ctx['request.username'] = username
audit_ctx['request.access_key_id'] = key_id
internal_authorize('GetAccessKey', format_arn('users', username))
user = User.query.filter(User.username == username).first()
if not user:
abort(404, message=f'User doesn\'t exist')
access_key = self._get_or_404(user, key_id)
return jsonify(marshal(access_key, access_key_fields))
def post(self, audit_ctx):
args = group_parser.parse_args()
audit_ctx['request.group'] = args['name']
internal_authorize('CreateGroup', format_arn('groups', args['name']))
group = Group(
name=args['name'],
)
db.session.add(group)
db.session.commit()
return jsonify(marshal(group, group_fields))
def delete(self, audit_ctx, username, policy_name):
audit_ctx['request.username'] = username
audit_ctx['request.policy'] = policy_name
internal_authorize('DeleteUserPolicy', format_arn('users', username))
user = User.query.filter(User.username == username).first()
if not user:
abort(404, message=f'User doesn\'t exist')
policy = self._get_or_404(user, policy_name)
db.session.delete(policy)
db.session.commit()
return make_response(jsonify({}), 201, [])
def get(self, audit_ctx, group_id):
audit_ctx['request.group'] = group_id
internal_authorize('ListGroupPolicies', format_arn('groups', group_id))
group = Group.query.filter(Group.name == group_id).first()
if not group:
abort(404, message=f'Group {group_id} does not exist')
return build_response_for_request(
GroupPolicy,
request,
group_policy_fields,
GroupPolicy.query.filter(GroupPolicy.group == group),
)
def delete(self, audit_ctx, group_id, policy_name):
audit_ctx['request.group'] = group_id
audit_ctx['request.policy'] = policy_name
internal_authorize('DeleteGroupPolicy', format_arn('groups', group_id))
group = Group.query.filter(Group.name == group_id).first()
if not group:
abort(404, message=f'group {group_id} does not exist')
policy = self._get_or_404(group, policy_name)
db.session.delete(policy)
db.session.commit()
return make_response(jsonify({}), 201, [])
def put(self, audit_ctx, group_id):
audit_ctx['request.group'] = group_id
internal_authorize('UpdateGroup', format_arn('groups', group_id))
args = group_parser.parse_args()
group = self._get_or_404(group_id)
audit_ctx['request.group'] = group.name
group.name = args['name']
db.session.add(group)
db.session.commit()
return jsonify(marshal(group, group_fields))
def get(self, audit_ctx, username):
audit_ctx['request.username'] = username
internal_authorize('ListAccessKeys', format_arn('users'))
user = User.query.filter(User.username == username).first()
if not user:
abort(404, message='User not found')
return build_response_for_request(
AccessKey,
request,
access_key_fields,
AccessKey.query.filter(AccessKey.user == user),
)
def get(self, audit_ctx, username):
audit_ctx['request.username'] = username
internal_authorize('ListUserPolicies', format_arn('users', username))
user = User.query.filter(User.username == username).first()
if not user:
abort(404, message=f'User doesn\'t exist')
return build_response_for_request(
UserPolicy,
request,
user_policy_fields,
UserPolicy.query.filter(UserPolicy.user == user),
)
def delete(self, audit_ctx, username, key_id):
audit_ctx['request.username'] = username
audit_ctx['request.access_key_id'] = key_id
internal_authorize('DeleteAccessKey', format_arn('users', username))
user = User.query.filter(User.username == username).first()
if not user:
abort(404, message=f'User doesn\'t exist')
access_key = self._get_or_404(user, key_id)
audit_ctx['request.username'] = access_key.user.username
db.session.delete(access_key)
db.session.commit()
return make_response(jsonify({}), 201, [])
def remove_user_from_group(audit_ctx, group_id, username):
audit_ctx['request.group'] = group_id
audit_ctx['request.username'] = username
internal_authorize('RemoveUserFromGroup', format_arn('groups', group_id))
group = Group.query.filter(Group.name == group_id).first()
if not group:
abort(404, message=f'group {group_id} does not exist')
user = User.query.join(Group.users).filter(User.username == username, Group.id == group.id).first()
if not user:
abort(404, message=f'user {username} does not exist')
group.users.remove(user)
db.session.add(group)
db.session.commit()
return make_response(jsonify({}), 201, [])
def post(self, audit_ctx):
args = user_parser.parse_args()
audit_ctx['request.username'] = args['username']
internal_authorize('CreateUser', format_arn('users', args['username']))
user = User(
username=args['username'],
)
if args['password']:
user.set_password(args['password'])
audit_ctx['request.password'] = '******'
db.session.add(user)
db.session.commit()
return jsonify(marshal(user, user_fields))
def put(self, audit_ctx, username):
audit_ctx['request.username'] = username
internal_authorize('UpdateUser', format_arn('users', username))
args = user_parser.parse_args()
if 'username' in args:
audit_ctx['request.new-username'] = args['username']
if 'password' in args:
audit_ctx['request.password'] = '******'
user = self._get_or_404(username)
if 'username' in args:
user.username = args['username']
if 'password' in args:
user.set_password(args['password'])
db.session.add(user)
db.session.commit()
return jsonify(marshal(user, user_fields))
def put(self, audit_ctx, username, policy_name):
audit_ctx['request.username'] = username
audit_ctx['request.policy'] = policy_name
internal_authorize('UpdateUserPolicy', format_arn('users', username))
user = User.query.filter(User.username == username).first()
if not user:
abort(404, message=f'User doesn\'t exist')
args = user_policy_parser.parse_args()
policy_json = json.loads(args['policy'])
audit_ctx['request.new-policy'] = args['name']
audit_ctx['request.policy-json'] = json.dumps(policy_json, indent=4, separators=(',', ': '))
policy = self._get_or_404(user, policy_name)
policy.name = args['name']
policy.policy = policy_json
db.session.add(policy)
db.session.commit()
return jsonify(marshal(policy, user_policy_fields))
def post(self, audit_ctx, username):
audit_ctx['request.username'] = username
internal_authorize('CreateAccessKey', format_arn('users', username))
user = User.query.filter(User.username == username).first()
if not user:
abort(404, message='User not found')
access_key = AccessKey(
user=user,
access_key_id='AK' +
''.join(random.SystemRandom().choice(ACCESS_KEY_ID_LETTERS)
for _ in range(18)),
secret_access_key=''.join(
random.SystemRandom().choice(SECRET_ACCESS_KEY_LETTERS)
for _ in range(40)),
)
db.session.add(access_key)
db.session.commit()
audit_ctx['response.access_key_id'] = access_key.access_key_id
return jsonify(marshal(access_key, access_key_fields__initial))
def get(self, audit_ctx, username):
audit_ctx['request.username'] = username
internal_authorize('GetUser', format_arn('users', username))
user = self._get_or_404(username)
return jsonify(marshal(user, user_fields))
def get(self, audit_ctx):
internal_authorize('ListGroups', format_arn('groups', ''))
return build_response_for_request(Group, request, group_fields)
def get(self, audit_ctx):
internal_authorize('ListUsers', format_arn('users'))
return build_response_for_request(User, request, user_fields)
