예제 #1
0
def get_credentials(user):
    try:
        LOGGER.info('/USERS/%s/credentials [GET] => receiving call', user)
        token = execute_task(juju.authenticate, request.headers['api-key'],
                             request.authorization)
        LOGGER.info('/USERS/%s/credentials [GET] => Authenticated!', user)
        if token.is_admin or token.username == user:
            if juju.user_exists(user):
                code, response = 200, juju.get_credentials(user)
                LOGGER.info(
                    '/USERS/%s/credentials [GET] => Succesfully retrieved credentials!',
                    user)
            else:
                code, response = errors.does_not_exist('user')
                LOGGER.error(
                    '/USERS/%s/credentials [GET] => User %s does not exist!',
                    user, user)
        else:
            code, response = errors.no_permission()
            LOGGER.error(
                '/USERS/%s/credentials [GET] => No Permission to perform this action!',
                user)
    except KeyError:
        code, response = errors.invalid_data()
        error_log()
    except HTTPException:
        ers = error_log()
        raise
    except Exception:
        ers = error_log()
        code, response = errors.cmd_error(ers)
    return juju.create_response(code, response)
예제 #2
0
def grant_to_model(user, controller):
    try:
        LOGGER.info('/USERS/%s/controllers/%s/models [PUT] => receiving call',
                    user, controller)
        data = request.json
        token = execute_task(juju.authenticate, request.headers['api-key'],
                             request.authorization)
        LOGGER.info('/USERS/%s/controllers/%s/models [PUT] => Authenticated!',
                    user, controller)
        con = juju.authorize(token, controller)
        LOGGER.info('/USERS/%s/controllers/%s/models [PUT] => Authorized!',
                    user, controller)
        if (token.is_admin or con.c_access == 'superuser') and 'admin' != user:
            if juju.user_exists(user):
                juju.set_models_access(token, con, user, data)
                LOGGER.info(
                    '/USERS/%s/controllers/%s/models [PUT] => Setting model access, check set_model_access.log for more information!',
                    user, controller)
                code, response = 202, 'The model access is being changed'
            else:
                code, response = errors.does_not_exist('user')
                LOGGER.error(
                    '/USERS/%s/controllers/%s/models [PUT] => User %s does not exist!',
                    user, controller, user)
        else:
            user_access = juju.get_models_access(con, user)
            if juju.user_exists(user):
                for mod in data:
                    if not mod['name'] in user_access:
                        LOGGER.error(
                            '/USERS/%s/controllers/%s/models [PUT] => No Permission to perform this action!',
                            user, controller)
                        code, response = errors.no_permission()
                        return juju.create_response(code, response)
                juju.set_models_access(token, con, user, data)
                LOGGER.info(
                    '/USERS/%s/controllers/%s/models [PUT] => Setting model access, check set_model_access.log for more information!',
                    user, controller)
                code, response = 202, 'The model access is being changed'
            else:
                code, response = errors.does_not_exist('user')
                LOGGER.error(
                    '/USERS/%s/controllers/%s/models [PUT] => User %s does not exist!',
                    user, controller, user)
    except KeyError:
        code, response = errors.invalid_data()
        error_log()
    except HTTPException:
        ers = error_log()
        raise
    except Exception:
        ers = error_log()
        code, response = errors.cmd_error(ers)
    return juju.create_response(code, response)
예제 #3
0
def grant_to_controller(user, controller):
    try:
        LOGGER.info('/USERS/%s/controllers/%s [PUT] => receiving call', user,
                    controller)
        token = execute_task(juju.authenticate, request.headers['api-key'],
                             request.authorization)
        LOGGER.info('/USERS/%s/controllers/%s [PUT] => Authenticated!', user,
                    controller)
        con = juju.authorize(token, controller)
        LOGGER.info('/USERS/%s/controllers/%s [PUT] => Authorized!', user,
                    controller)
        if (token.is_admin or con.c_access == 'superuser') and 'admin' != user:
            if juju.user_exists(user):
                if request.json['access'] and juju.c_access_exists(
                        request.json['access'].lower()):
                    juju.grant_user_to_controller(
                        token, con, user, request.json['access'].lower())
                    LOGGER.info(
                        '/USERS/%s/controllers/%s [PUT] => Changing user access, check set_controller_access.log for more information!',
                        user, controller)
                    code, response = 202, 'The user\'s access is being changed'
                else:
                    LOGGER.error(
                        '/USERS/%s/controllers/%s [PUT] => Invalid access data provided : %s',
                        user, controller, request.json['access'])
                    code, response = errors.invalid_access('access')
            else:
                LOGGER.error(
                    '/USERS/%s/controllers/%s [PUT] => User %s does not exist',
                    user, controller, user)
                code, response = errors.does_not_exist('user')
        else:
            LOGGER.error(
                '/USERS/%s/controllers/%s [PUT] => No Permission to perform this action',
                user, controller)
            code, response = errors.no_permission()
    except KeyError:
        code, response = errors.invalid_data()
        error_log()
    except HTTPException:
        ers = error_log()
        raise
    except Exception:
        ers = error_log()
        code, response = errors.cmd_error(ers)
    return juju.create_response(code, response)
예제 #4
0
def login():
    try:
        LOGGER.info('/USERS/login [POST] => receiving call')
        execute_task(juju.authenticate, request.headers['api-key'],
                     request.authorization)
        code, response = 200, 'Success'
        LOGGER.info('/USERS/login [POST] => Succesfully logged in!')
    except KeyError:
        code, response = errors.invalid_data()
        error_log()
    except HTTPException:
        ers = error_log()
        raise
    except Exception:
        ers = error_log()
        code, response = errors.cmd_error(ers)
    return juju.create_response(code, response)
예제 #5
0
def update_ssh_keys(user):
    try:
        LOGGER.info('/USERS/%s/ssh-keys [PUT] => receiving call', user)
        data = request.json
        token = execute_task(juju.authenticate, request.headers['api-key'],
                             request.authorization)
        LOGGER.info('/USERS/%s/ssh-keys [PUT] => Authenticated!', user)
        if token.is_admin or token.username == user:
            if juju.user_exists(user):
                for key in data['ssh-keys']:
                    try:
                        fp_key = base64.b64decode(
                            key.strip().split()[1].encode('ascii'))
                        fp_plain = hashlib.md5(fp_key).hexdigest()
                        output = ':'.join(
                            a + b
                            for a, b in zip(fp_plain[::2], fp_plain[1::2]))
                    except Exception:
                        code, response = errors.invalid_ssh_key(key)
                        return juju.create_response(code, response)
                juju.update_ssh_keys_user(user, data['ssh-keys'])
                LOGGER.info(
                    '/USERS/%s/ssh-keys [PUT] => SSH-keys are being updated, check update_ssh_keys.log for more information!',
                    user)
                code, response = 202, 'SSH-keys are being updated'
            else:
                code, response = errors.does_not_exist('user')
                LOGGER.error(
                    '/USERS/%s/ssh-keys [PUT] => User %s does not exist!',
                    user, user)
        else:
            code, response = errors.no_permission()
            LOGGER.error(
                '/USERS/%s/ssh-keys [PUT] => No Permission to perform this action!',
                user)
    except KeyError:
        code, response = errors.invalid_data()
        error_log()
    except HTTPException:
        ers = error_log()
        raise
    except Exception:
        ers = error_log()
        code, response = errors.cmd_error(ers)
    return juju.create_response(code, response)
예제 #6
0
def get_users_info():
    try:
        LOGGER.info('/USERS [GET] => receiving call')
        token = execute_task(juju.authenticate, request.headers['api-key'],
                             request.authorization)
        LOGGER.info('/USERS [GET] => Authenticated!')
        code, response = 200, juju.get_users_info(token)
        LOGGER.info('/USERS [GET] => Succesfully retieved all users!')
    except KeyError:
        code, response = errors.invalid_data()
        error_log()
    except HTTPException:
        ers = error_log()
        raise
    except Exception:
        ers = error_log()
        code, response = errors.cmd_error(ers)
    return juju.create_response(code, response)
예제 #7
0
def create_user():
    try:
        LOGGER.info('/USERS [POST] => receiving call')
        data = request.json
        token = execute_task(juju.authenticate, request.headers['api-key'],
                             request.authorization)
        LOGGER.info('/USERS [POST] => Authenticated!')
        valid, user = juju.check_input(data['username'], "username")
        if token.is_admin:
            if valid:
                if juju.user_exists(user):
                    code, response = errors.already_exists('user')
                    LOGGER.error(
                        '/USERS [POST] => Username %s already exists!', user)
                elif data['password']:
                    LOGGER.info(
                        '/USERS [POST] => Creating user %s, check add_user.log for more information!',
                        user)
                    juju.create_user(user, data['password'])
                    code, response = 202, 'User {} is being created'.format(
                        user)
                else:
                    code, response = errors.empty()
                    LOGGER.error('/USERS [POST] => Password cannot be empty!')
            else:
                code, response = 400, user
                LOGGER.error(
                    '/USERS [POST] => Username does not have the correct format!'
                )
        else:
            code, response = errors.no_permission()
            LOGGER.error(
                '/USERS [POST] => No Permission to perform this action!')
    except KeyError:
        code, response = errors.invalid_data()
        error_log()
    except HTTPException:
        ers = error_log()
        raise
    except Exception:
        ers = error_log()
        code, response = errors.cmd_error(ers)
    return juju.create_response(code, response)
예제 #8
0
def get_model_access(user, controller, model):
    try:
        LOGGER.info(
            '/USERS/%s/controllers/%s/models/%s [GET] => receiving call!',
            user, controller, model)
        token = execute_task(juju.authenticate, request.headers['api-key'],
                             request.authorization)
        LOGGER.info(
            '/USERS/%s/controllers/%s/models/%s [GET] => Authenticated!', user,
            controller, model)
        con, mod = juju.authorize(token, controller, model)
        LOGGER.info('/USERS/%s/controllers/%s/models/%s [GET] => Authorized!',
                    user, controller, model)
        if token.is_admin or token.username == user or mod.access == 'admin' or con.access == 'superuser':
            if juju.user_exists(user):
                access = juju.get_model_access(mod.m_name, con.c_name, user)
                code, response = 200, {'access': access}
                LOGGER.info(
                    '/USERS/%s/controllers/%s/models/%s [GET] => Succesfully retrieved model access!',
                    user, controller, model)
            else:
                code, response = errors.does_not_exist('user')
                LOGGER.error(
                    '/USERS/%s/controllers/%s/models/%s [GET] => User %s does not exist!',
                    user, controller, model, user)
        else:
            code, response = errors.no_permission()
            LOGGER.error(
                '/USERS/%s/controllers/%s/models/%s [GET] => No Permission to perform this action!',
                user, controller, model)

    except KeyError:
        code, response = errors.invalid_data()
        error_log()
    except HTTPException:
        ers = error_log()
        raise
    except Exception:
        ers = error_log()
        code, response = errors.cmd_error(ers)
    return juju.create_response(code, response)
예제 #9
0
def add_credential(user):
    try:
        LOGGER.info('/USERS/%s/credentials [POST] => receiving call', user)
        data = request.json
        token = execute_task(juju.authenticate, request.headers['api-key'],
                             request.authorization)
        LOGGER.info('/USERS/%s/credentials [POST] => Authenticated!', user)
        if token.is_admin or token.username == user:
            if juju.user_exists(user):
                if not juju.credential_exists(user, data['name']):
                    juju.add_credential(user, data)
                    LOGGER.info(
                        '/USERS/%s/credentials [POST] => Adding credentials, check add_credential.log for more information!',
                        user)
                    code, response = 202, 'Credentials are being added'
                else:
                    code, response = errors.already_exists('credential')
                    LOGGER.error(
                        '/USERS/%s/credentials [POST] => Credential for User %s already exists!',
                        user, user)
            else:
                code, response = errors.does_not_exist('user')
                LOGGER.error(
                    '/USERS/%s/credentials [POST] => User %s does not exist!',
                    user, user)
        else:
            code, response = errors.no_permission()
            LOGGER.error(
                '/USERS/%s/credentials [POST] => No Permission to perform this action!',
                user)
    except KeyError:
        code, response = errors.invalid_data()
        error_log()
    except HTTPException:
        ers = error_log()
        raise
    except Exception:
        ers = error_log()
        code, response = errors.cmd_error(ers)
    return juju.create_response(code, response)
예제 #10
0
def change_user_password(user):
    try:
        LOGGER.info('/USERS/%s [PUT] => receiving call', user)
        token = execute_task(juju.authenticate, request.headers['api-key'],
                             request.authorization)
        LOGGER.info('/USERS/%s [PUT] => Authenticated!', user)
        if user == token.username or token.is_admin:
            if juju.user_exists(user):
                pwd = request.json['password']
                if pwd:
                    execute_task(juju.change_user_password, token, user, pwd)
                    code, response = 200, 'Succesfully changed password for user {}'.format(
                        user)
                    LOGGER.info(
                        '/USERS/%s [PUT] => Succesfully changed password for user %s!',
                        user, user)
                else:
                    code, response = errors.empty()
                    LOGGER.error(
                        '/USERS/%s [PUT] => User password can\'t be empty!',
                        user)
            else:
                code, response = errors.does_not_exist('user')
                LOGGER.error('/USERS/%s [PUT] => User %s does not exist!',
                             user, user)
        else:
            code, response = errors.no_permission()
            LOGGER.error(
                '/USERS/%s [PUT] => No Permission to perform this action!',
                user)
    except KeyError:
        code, response = errors.invalid_data()
        error_log()
    except HTTPException:
        ers = error_log()
        raise
    except Exception:
        ers = error_log()
        code, response = errors.cmd_error(ers)
    return juju.create_response(code, response)
예제 #11
0
def delete_user(user):
    try:
        LOGGER.info('/USERS/%s [DELETE] => receiving call', user)
        token = execute_task(juju.authenticate, request.headers['api-key'],
                             request.authorization)
        LOGGER.info('/USERS/%s [DELETE] => Authenticated!', user)
        if token.is_admin:
            if juju.user_exists(user):
                if user != 'admin':
                    juju.delete_user(user)
                    code, response = 202, 'User {} is being removed'.format(
                        user)
                    LOGGER.info(
                        '/USERS/%s [DELETE] => User %s is being removed!',
                        user, user)
                else:
                    code, response = 403, 'This would remove the admin from the system!'
                    LOGGER.error(
                        '/USERS/%s [DELETE] => This would remove the admin from the system!',
                        user)
            else:
                code, response = errors.does_not_exist('user')
                LOGGER.error('/USERS/%s [DELETE] => User %s does not exist!',
                             user, user)
        else:
            code, response = errors.no_permission()
            LOGGER.error(
                '/USERS/%s [DELETE] => No Permission to perform this action!',
                user)
    except KeyError:
        code, response = errors.invalid_data()
        error_log()
    except HTTPException:
        ers = error_log()
        raise
    except Exception:
        ers = error_log()
        code, response = errors.cmd_error(ers)
    return juju.create_response(code, response)
예제 #12
0
def remove_credential(user, credential):
    try:
        LOGGER.info('/USERS/%s/credentials/%s [DELETE] => receiving call',
                    user, credential)
        token = execute_task(juju.authenticate, request.headers['api-key'],
                             request.authorization)
        LOGGER.info('/USERS/%s/credentials/%s [DELETE] => Authenticated!',
                    user, credential)
        if token.is_admin or token.username == user:
            if juju.user_exists(user):
                if juju.credential_exists(user, credential):
                    juju.remove_credential(user, credential)
                    LOGGER.info(
                        '/USERS/%s/credentials/%s [DELETE] => Removing credential, check remove_credential.log for more information!',
                        user, credential)
                    code, response = 202, 'Credentials are being removed'
                else:
                    code, response = errors.does_not_exist('credential')
            else:
                code, response = errors.does_not_exist('user')
                LOGGER.error(
                    '/USERS/%s/credentials/%s [DELETE] => User %s does not exist!',
                    user, credential, user)
        else:
            code, response = errors.no_permission()
            LOGGER.error(
                '/USERS/%s/credentials/%s [DELETE] => No Permission to perform this action!',
                user, credential)
    except KeyError:
        code, response = errors.invalid_data()
        error_log()
    except HTTPException:
        ers = error_log()
        raise
    except Exception:
        ers = error_log()
        code, response = errors.cmd_error(ers)
    return juju.create_response(code, response)