def _create_roles(authorization_file_path): with open(authorization_file_path) as f: roles = load(f)['roles'] for role in roles: user_datastore.find_or_create_role(name=role['name']) # return the first role, which is the strongest return user_datastore.find_role(roles[0]['name'])
def authorize(self, user, request, tenant_name=None): logger = current_app.logger logger.debug('Tenant authorization for {0}'.format(user)) admin_role = user_datastore.find_role(ADMIN_ROLE) if tenant_name is None: tenant_name = request.headers.get(CLOUDIFY_TENANT_HEADER) if not tenant_name: raise raise_unauthorized_user_error( 'a Tenant name was not provided') try: tenant = get_storage_manager().get( Tenant, tenant_name, filters={'name': tenant_name} ) except NotFoundError: raise_unauthorized_user_error( 'Provided tenant name unknown: {0}'.format(tenant_name) ) logger.debug('User attempting to connect with {0}'.format(tenant)) if tenant not in user.all_tenants and admin_role not in user.roles: raise_unauthorized_user_error( '{0} is not associated with {1}'.format(user, tenant) ) current_app.config[CURRENT_TENANT_CONFIG] = tenant
def create_default_user_tenant_and_roles(admin_username, admin_password, amqp_manager, authorization_file_path): """ Create the bootstrap admin, the default tenant and the security roles, as well as a RabbitMQ vhost and user corresponding to the default tenant :return: The default tenant """ admin_role = _create_roles(authorization_file_path) default_tenant = _create_default_tenant() amqp_manager.create_tenant_vhost_and_user(tenant=default_tenant) admin_user = user_datastore.create_user( id=constants.BOOTSTRAP_ADMIN_ID, username=admin_username, password=encrypt_password(admin_password), roles=[admin_role]) # User role assigned to admin user as a member of default tenant # This is the default role when adding a user is added to a tenant. # Anyway, `sys_admin` will be the effective role since is the system role. user_role = user_datastore.find_role(constants.DEFAULT_TENANT_ROLE) user_tenant_association = UserTenantAssoc( user=admin_user, tenant=default_tenant, role=user_role, ) admin_user.tenant_associations.append(user_tenant_association) user_datastore.commit() return default_tenant
def create_default_user_tenant_and_roles(admin_username, admin_password, amqp_manager, authorization_file_path): """ Create the bootstrap admin, the default tenant and the security roles, as well as a RabbitMQ vhost and user corresponding to the default tenant :return: The default tenant """ admin_role = _create_roles(authorization_file_path) default_tenant = _create_default_tenant() amqp_manager.create_tenant_vhost_and_user(tenant=default_tenant) admin_user = user_datastore.create_user( id=constants.BOOTSTRAP_ADMIN_ID, username=admin_username, password=hash_password(admin_password), roles=[admin_role] ) # User role assigned to admin user as a member of default tenant # This is the default role when adding a user is added to a tenant. # Anyway, `sys_admin` will be the effective role since is the system role. user_role = user_datastore.find_role(constants.DEFAULT_TENANT_ROLE) user_tenant_association = UserTenantAssoc( user=admin_user, tenant=default_tenant, role=user_role, ) admin_user.tenant_associations.append(user_tenant_association) user_datastore.commit() return default_tenant
def add_users_to_db(user_list): default_tenant = Tenant.query.get(DEFAULT_TENANT_ID) for user in user_list: role = user_datastore.find_role(user['role']) user_obj = user_datastore.create_user(username=user['username'], password=hash_password( user['password']), roles=[role]) default_tenant_role = user_datastore.find_role(DEFAULT_TENANT_ROLE) user_obj.active = user.get('active', True) user_tenant_association = UserTenantAssoc( user=user_obj, tenant=default_tenant, role=default_tenant_role, ) user_obj.tenant_associations.append(user_tenant_association) user_datastore.commit()
def add_users_to_db(user_list): default_tenant = Tenant.query.get(DEFAULT_TENANT_ID) for user in user_list: role = user_datastore.find_role(user['role']) user_obj = user_datastore.create_user(username=user['username'], password=encrypt_password( user['password']), roles=[role]) user_obj.active = user.get('active', True) user_obj.tenants.append(default_tenant) user_datastore.commit()
def create_status_reporter_user_and_assign_role(username, password, role, user_id): """Creates a user and assigns its given role. """ user = user_datastore.create_user(username=username, password=hash_password(password), roles=[role], id=user_id) default_tenant = Tenant.query.filter_by( id=constants.DEFAULT_TENANT_ID).first() reporter_role = user_datastore.find_role(role) if not reporter_role: raise NotFoundError("The username \"{0}\" cannot have the role \"{1}\"" " as the role doesn't exist" "".format(username, role)) user_tenant_association = UserTenantAssoc( user=user, tenant=default_tenant, role=reporter_role, ) user.tenant_associations.append(user_tenant_association) user_datastore.commit() return user
def _create_roles(): for role in constants.ALL_ROLES: user_datastore.find_or_create_role(name=role) return user_datastore.find_role(constants.ADMIN_ROLE)