def change_passwords(self, users): for user in users: # Use the model to check validity. username = user['name'] self._check_username(username) hostname = user['host'] password = user['password'] if (username, hostname) not in self.users: raise rd_exception.UserNotFound( "User %s@%s cannot be found on the instance." % (username, hostname)) self.users[(username, hostname)]['password'] = password
def revoke_access(self, username, hostname, database): """Remove a database from a users's grant list.""" if (username, hostname) not in self.users: raise rd_exception.UserNotFound( "User %s cannot be found on the instance." % username) if database not in self.grants.get((username, hostname), set()): raise rd_exception.DatabaseNotFound( "Database %s cannot be found on the instance." % database) current_grants = self.grants.get((username, hostname), set()) if database in current_grants: current_grants.remove(database) self.grants[(username, hostname)] = current_grants
def update(self, req, body, tenant_id, instance_id, user_id): """Grant access for a user to one or more databases.""" LOG.info(_("Granting user access for instance '%s'") % instance_id) LOG.info(_("req : '%s'\n\n") % req) context = req.environ[wsgi.CONTEXT_KEY] user = self._get_user(context, instance_id, user_id) if not user: LOG.error(_("No such user: %(user)s " % {'user': user})) raise exception.UserNotFound(uuid=user) username, hostname = unquote_user_host(user_id) databases = [db['name'] for db in body['databases']] models.User.grant(context, instance_id, username, hostname, databases) return wsgi.Result(None, 202)
def _find_user(self, context, username): """Lookup a user with a given username. Return a new Postgres user instance or raise if no match is found. """ results = pgutil.query( pgutil.UserQuery.get(name=username), timeout=30, ) if results: return self._build_user(context, username) raise exception.UserNotFound()
def index(self, req, tenant_id, instance_id, user_id): """Show permissions for the given user.""" LOG.info(_("Showing user access for instance '%s'") % instance_id) LOG.info(_("req : '%s'\n\n") % req) context = req.environ[wsgi.CONTEXT_KEY] # Make sure this user exists. user = self._get_user(context, instance_id, user_id) if not user: LOG.error(_("No such user: %(user)s " % {'user': user})) raise exception.UserNotFound(uuid=user) username, hostname = unquote_user_host(user_id) access = models.User.access(context, instance_id, username, hostname) view = views.UserAccessView(access.databases) return wsgi.Result(view.data(), 200)
def show(self, req, tenant_id, instance_id, id): """Return a single user.""" LOG.info(_("Showing a user for instance '%s'") % instance_id) LOG.info(_("req : '%s'\n\n") % req) context = req.environ[wsgi.CONTEXT_KEY] username, host = unquote_user_host(id) user = None try: user = models.User.load(context, instance_id, username, host) except (ValueError, AttributeError) as e: raise exception.BadRequest(msg=str(e)) if not user: raise exception.UserNotFound(uuid=id) view = views.UserView(user) return wsgi.Result(view.data(), 200)
def root_delete(self, req, tenant_id, instance_id, is_cluster): if is_cluster: raise exception.ClusterOperationNotSupported( operation='disable_root') LOG.info(_LI("Disabling root for instance '%s'.") % instance_id) LOG.info(_LI("req : '%s'\n\n") % req) context = req.environ[wsgi.CONTEXT_KEY] try: found_user = self._find_root_user(context, instance_id) except (ValueError, AttributeError) as e: raise exception.BadRequest(msg=str(e)) if not found_user: raise exception.UserNotFound(uuid="root") models.Root.delete(context, instance_id) return wsgi.Result(None, 200)
def delete(self, req, tenant_id, instance_id, user_id, id): """Revoke access for a user.""" LOG.info(_("Revoking user access for instance '%s'") % instance_id) LOG.info(_("req : '%s'\n\n") % req) context = req.environ[wsgi.CONTEXT_KEY] user = self._get_user(context, instance_id, user_id) if not user: LOG.error(_("No such user: %(user)s " % {'user': user})) raise exception.UserNotFound(uuid=user) username, hostname = unquote_user_host(user_id) access = models.User.access(context, instance_id, username, hostname) databases = [db.name for db in access.databases] if id not in databases: raise exception.DatabaseNotFound(uuid=id) models.User.revoke(context, instance_id, username, hostname, id) return wsgi.Result(None, 202)
def update(self, req, body, tenant_id, instance_id, id): """Change attributes for one user.""" LOG.info(_("Updating user attributes for instance '%s'") % instance_id) LOG.info(_("req : '%s'\n\n") % req) context = req.environ[wsgi.CONTEXT_KEY] username, hostname = unquote_user_host(id) user = None user_attrs = body['user'] try: user = models.User.load(context, instance_id, username, hostname) except (ValueError, AttributeError) as e: raise exception.BadRequest(msg=str(e)) if not user: raise exception.UserNotFound(uuid=id) models.User.update_attributes(context, instance_id, username, hostname, user_attrs) return wsgi.Result(None, 202)
def delete(self, req, tenant_id, instance_id, id): LOG.info(_("Deleting user for instance '%s'") % instance_id) LOG.info(_("req : '%s'\n\n") % req) context = req.environ[wsgi.CONTEXT_KEY] username, host = unquote_user_host(id) user = None try: user = guest_models.MySQLUser() user.name = username user.host = host found_user = models.User.load(context, instance_id, username, host) if not found_user: user = None except (ValueError, AttributeError) as e: raise exception.BadRequest(msg=str(e)) if not user: raise exception.UserNotFound(uuid=id) models.User.delete(context, instance_id, user.serialize()) return wsgi.Result(None, 202)
def index(self, req, tenant_id, instance_id, user_id): """Show permissions for the given user.""" LOG.info("Showing user access for instance '%(id)s'\n" "req : '%(req)s'\n\n", {"id": instance_id, "req": req}) context = req.environ[wsgi.CONTEXT_KEY] self.authorize_target_action( context, 'user_access:index', instance_id) # Make sure this user exists. user_id = correct_id_with_req(user_id, req) user = self._get_user(context, instance_id, user_id) if not user: LOG.error("No such user: %(user)s ", {'user': user}) raise exception.UserNotFound(uuid=user) username, hostname = unquote_user_host(user_id) access = models.User.access(context, instance_id, username, hostname) view = views.UserAccessView(access.databases) return wsgi.Result(view.data(), 200)
def show(self, req, tenant_id, instance_id, id): """Return a single user.""" LOG.info("Showing a user for instance '%(id)s'\n" "req : '%(req)s'\n\n", {"id": instance_id, "req": req}) context = req.environ[wsgi.CONTEXT_KEY] self.authorize_target_action(context, 'user:show', instance_id) id = correct_id_with_req(id, req) username, host = unquote_user_host(id) user = None try: user = models.User.load(context, instance_id, username, host) except (ValueError, AttributeError) as e: raise exception.BadRequest(_("User show error: %(e)s") % {'e': e}) if not user: raise exception.UserNotFound(uuid=id) view = views.UserView(user) return wsgi.Result(view.data(), 200)
def update_all(self, req, body, tenant_id, instance_id): """Change the password of one or more users.""" LOG.info( _("Updating user password for instance '%(id)s'\n" "req : '%(req)s'\n\n") % { "id": instance_id, "req": strutils.mask_password(req) }) context = req.environ[wsgi.CONTEXT_KEY] self.authorize_target_action(context, 'user:update_all', instance_id) context.notification = notification.DBaaSUserChangePassword( context, request=req) users = body['users'] model_users = [] with StartNotification(context, instance_id=instance_id, username="******".join( [user['name'] for user in users])): for user in users: try: mu = guest_models.MySQLUser(name=user['name'], host=user.get('host'), password=user['password']) found_user = models.User.load(context, instance_id, mu.name, mu.host) if not found_user: user_and_host = mu.name if mu.host: user_and_host += '@' + mu.host raise exception.UserNotFound(uuid=user_and_host) model_users.append(mu) except (ValueError, AttributeError) as e: raise exception.BadRequest( _("Error loading user: %(e)s") % {'e': e}) try: models.User.change_password(context, instance_id, model_users) except (ValueError, AttributeError) as e: raise exception.BadRequest( _("User password update error: " "%(e)s") % {'e': e}) return wsgi.Result(None, 202)
def update(self, req, body, tenant_id, instance_id, user_id): """Grant access for a user to one or more databases.""" LOG.info("Granting user access for instance '%(id)s'\n" "req : '%(req)s'\n\n", {"id": instance_id, "req": req}) context = req.environ[wsgi.CONTEXT_KEY] self.authorize_target_action( context, 'user_access:update', instance_id) context.notification = notification.DBaaSUserGrant( context, request=req) user_id = correct_id_with_req(user_id, req) user = self._get_user(context, instance_id, user_id) if not user: LOG.error("No such user: %(user)s ", {'user': user}) raise exception.UserNotFound(uuid=user) username, hostname = unquote_user_host(user_id) databases = [db['name'] for db in body['databases']] with StartNotification(context, instance_id=instance_id, username=username, database=databases): models.User.grant(context, instance_id, username, hostname, databases) return wsgi.Result(None, 202)
def delete(self, req, tenant_id, instance_id, user_id, id): """Revoke access for a user.""" LOG.info("Revoking user access for instance '%(id)s'\n" "req : '%(req)s'\n\n", {"id": instance_id, "req": req}) context = req.environ[wsgi.CONTEXT_KEY] self.authorize_target_action( context, 'user_access:delete', instance_id) context.notification = notification.DBaaSUserRevoke( context, request=req) user_id = correct_id_with_req(user_id, req) user = self._get_user(context, instance_id, user_id) if not user: LOG.error("No such user: %(user)s ", {'user': user}) raise exception.UserNotFound(uuid=user) username, hostname = unquote_user_host(user_id) access = models.User.access(context, instance_id, username, hostname) databases = [db.name for db in access.databases] with StartNotification(context, instance_id=instance_id, username=username, database=databases): if id not in databases: raise exception.DatabaseNotFound(uuid=id) models.User.revoke(context, instance_id, username, hostname, id) return wsgi.Result(None, 202)