def delete(self, account_id): """Delete a service account.""" admin = UserAdmin() try: admin.deleteUser(userName=account_id) except WebFault as e: raise ResourceError(msg=admin.error_msg(e)) return ('', 204)
def get(self, account_id): """List all roles occupied by a service account.""" try: return ok(result=models.account_details(account_id), msg="Roles retrieved successfully.") except WebFault as e: admin = UserAdmin() raise ResourceError(msg=admin.error_msg(e))
def get(self, role_id): """List service accounts occupying a role.""" try: return ok(result=models.role_details(role_id), msg="Service accounts retrieved successfully.") except WebFault as e: admin = UserAdmin() raise ResourceError(msg=admin.error_msg(e))
def delete(self, role_id): """Delete a role from the system.""" admin = UserAdmin() try: admin.deleteRole(roleName=models.role_in(role_id)) except WebFault as e: raise ResourceError(admin.error_msg(e)) return ('', 204)
def all_accounts(): """Get all account_id's in the system.""" admin = UserAdmin() try: return admin.listUsers(filter='', limit=100) except WebFault as e: raise ResourceError(msg='error retrieving accounts: {}'.format(admin.error_msg(e))) except Exception as e: raise ResourceError(msg='Uncaught exception: {}'.format(e))
def post(self, account_id): """Add a role to the list of roles occupied by a service account.""" args = self.validate_post() admin = UserAdmin() try: admin.updateRolesOfUser(userName=account_id, newUserList=models.role_in(args['roleId'])) except WebFault as e: raise ResourceError(msg=admin.error_msg(e)) return ok(result=models.account_details(account_id), msg="Role {} added successfully.".format(args['roleId']))
def post(self): """Create a new role.""" args = self.validate_post() role_id = args['roleId'] admin = UserAdmin() try: admin.addInternalRole(roleName=models.role_in(role_id)) except WebFault as e: raise ResourceError(admin.error_msg(e)) return ok(result=models.role_details(role_id), msg="Role {} created successfully.".format(args['roleId']))
def post(self, role_id): """Add a service account to the list of accounts occupying a role.""" args = self.validate_post() admin = UserAdmin() try: admin.addRemoveUsersOfRole(roleName=models.role_in(role_id), newUsers=args['accountId']) except WebFault as e: raise ResourceError(admin.error_msg(e)) return ok(result=models.role_details(role_id), msg="Service account {} added to role.".format( args['accountId']))
def delete(self, account_id, role_id): """Remove a role from a service account's list of occupied roles.""" if models.has_role(account_id, role_id): admin = UserAdmin() try: admin.addRemoveRolesOfUser( userName=account_id, deletedRoles=models.role_in(role_id)) except WebFault as e: raise ResourceError(msg=admin.error_msg(e)) else: raise ResourceError( msg="{} does not occupy role {}".format(account_id, role_id)) return ('', 204)
def account_summary(account_id): """Return a service account summary object fit for display.""" admin = UserAdmin() user = admin.listUsers(filter=account_id, limit=100) if len(user) == 0: raise DAOError(msg='service account does not exist.') return {'id': account_id, 'owner': 'admin', '_links': {'self': { 'href': 'https://{}/admin/service_accounts/{}'.format(os.environ.get('base_url'), account_id)}, 'roles': { 'href': 'https://{}/admin/service_accounts/{}/roles'.format(os.environ.get('base_url'), account_id)}, 'profile': { 'href': 'https://{}/profiles/v2/{}'.format(os.environ.get('base_url'), 'admin')}}}
def delete(self, role_id, account_id): """Remove service account from a role's list of service account occupying it.""" admin = UserAdmin() if models.has_role(account_id, role_id): # remove user from the role try: admin.addRemoveUsersOfRole(roleName=models.role_in(role_id), deletedUsers=account_id) except WebFault as e: raise ResourceError(admin.error_msg(e)) return ('', 204) raise ResourceError( msg="{} is not occupied by service account {}".format( role_id, account_id))
def post(self): """Create a new service account.""" args = self.validate_post() account_id = args['accountId'] if '-' in account_id: raise ResourceError( msg="Invalid account id: no '-' characters are allowed.") admin = UserAdmin() try: admin.addUser(userName=account_id, password=args['password']) except WebFault as e: raise ResourceError(msg=admin.error_msg(e)) except Exception as e: raise ResourceError(msg='Uncaught exception: {}'.format(e)) return ok(result=models.account_details(account_id), msg="Service account created successfully.")
def roles(account_id): """Get all roles occupied by `account_id`.""" admin = UserAdmin() rsp = admin.getRolesOfUser(userName=account_id, filter='*', limit=100) return [role_out(r.itemName) for r in rsp if r.selected]
def accounts(role_id): """List all service_accounts occupying a role.""" admin = UserAdmin() rsp = admin.getUsersOfRole(roleName=role_in(role_id), filter='*', limit=100000) return [r.itemName for r in rsp if r.selected and '/' not in r.itemName]
def all_clients(): """Get all client_id's in the system.""" admin = UserAdmin() rsp = admin.getAllRolesNames(filter='', limit=100000) return [role_out(r.itemName) for r in rsp if r.itemName.startswith('Internal') and r.itemName.endswith('_PRODUCTION')]