def grant_to_model(user, controller):
try:
LOGGER.info('/USERS/%s/controllers/%s/models [PUT] => receiving call',
user, controller)
data = request.json
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS/%s/controllers/%s/models [PUT] => Authenticated!',
user, controller)
con = juju.authorize(token, controller)
LOGGER.info('/USERS/%s/controllers/%s/models [PUT] => Authorized!',
user, controller)
if (token.is_admin or con.c_access == 'superuser') and 'admin' != user:
if juju.user_exists(user):
juju.set_models_access(token, con, user, data)
LOGGER.info(
'/USERS/%s/controllers/%s/models [PUT] => Setting model access, check set_model_access.log for more information!',
user, controller)
code, response = 202, 'The model access is being changed'
else:
code, response = errors.does_not_exist('user')
LOGGER.error(
'/USERS/%s/controllers/%s/models [PUT] => User %s does not exist!',
user, controller, user)
else:
user_access = juju.get_models_access(con, user)
if juju.user_exists(user):
for mod in data:
if not mod['name'] in user_access:
LOGGER.error(
'/USERS/%s/controllers/%s/models [PUT] => No Permission to perform this action!',
user, controller)
code, response = errors.no_permission()
return juju.create_response(code, response)
juju.set_models_access(token, con, user, data)
LOGGER.info(
'/USERS/%s/controllers/%s/models [PUT] => Setting model access, check set_model_access.log for more information!',
user, controller)
code, response = 202, 'The model access is being changed'
else:
code, response = errors.does_not_exist('user')
LOGGER.error(
'/USERS/%s/controllers/%s/models [PUT] => User %s does not exist!',
user, controller, user)
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def grant_to_controller(user, controller):
try:
LOGGER.info('/USERS/%s/controllers/%s [PUT] => receiving call', user,
controller)
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS/%s/controllers/%s [PUT] => Authenticated!', user,
controller)
con = juju.authorize(token, controller)
LOGGER.info('/USERS/%s/controllers/%s [PUT] => Authorized!', user,
controller)
if (token.is_admin or con.c_access == 'superuser') and 'admin' != user:
if juju.user_exists(user):
if request.json['access'] and juju.c_access_exists(
request.json['access'].lower()):
juju.grant_user_to_controller(
token, con, user, request.json['access'].lower())
LOGGER.info(
'/USERS/%s/controllers/%s [PUT] => Changing user access, check set_controller_access.log for more information!',
user, controller)
code, response = 202, 'The user\'s access is being changed'
else:
LOGGER.error(
'/USERS/%s/controllers/%s [PUT] => Invalid access data provided : %s',
user, controller, request.json['access'])
code, response = errors.invalid_access('access')
else:
LOGGER.error(
'/USERS/%s/controllers/%s [PUT] => User %s does not exist',
user, controller, user)
code, response = errors.does_not_exist('user')
else:
LOGGER.error(
'/USERS/%s/controllers/%s [PUT] => No Permission to perform this action',
user, controller)
code, response = errors.no_permission()
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)
def get_models_access(user, controller):
try:
LOGGER.info('/USERS/%s/controllers/%s/models [GET] => receiving call',
user, controller)
token = execute_task(juju.authenticate, request.headers['api-key'],
request.authorization)
LOGGER.info('/USERS/%s/controllers/%s/models [GET] => Authenticated!',
user, controller)
con = juju.authorize(token, controller)
if token.is_admin or token.username == user or con.access == 'superuser':
if juju.user_exists(user):
LOGGER.info(
'/USERS/%s/controllers/%s/models [GET] => Authorized!',
user, controller)
code, response = 200, juju.get_models_access(con, user)
LOGGER.info(
'/USERS/%s/controllers/%s/models [GET] => Succesfully retrieved models access!',
user, controller)
else:
code, response = errors.does_not_exist('user')
LOGGER.error(
'/USERS/%s/controllers/%s/models [GET] => User %s does not exist!',
user, controller, user)
elif juju.check_models_access(token, controller, user)[0]:
code, response = 200, juju.check_models_access(
token, controller, user)[1]
LOGGER.info(
'/USERS/%s/controllers/%s/models [GET] => Succesfully retrieved models access!',
user, controller)
else:
code, response = errors.no_permission()
LOGGER.error(
'/USERS/%s/controllers/%s/models [GET] => No Permission to perform this action!',
user, controller)
except KeyError:
code, response = errors.invalid_data()
error_log()
except HTTPException:
ers = error_log()
raise
except Exception:
ers = error_log()
code, response = errors.cmd_error(ers)
return juju.create_response(code, response)