def create_service():
data = request.get_json() or {}
if 'name' not in data or 'color' not in data:
return bad_request('must include name and color fields')
check_service = Service.query.filter_by(name=data['name']).first()
if check_service is not None:
return bad_request('Service already exist with id: %s' %
check_service.id)
service = Service()
service.from_dict(data, new_service=True)
db.session.add(service)
db.session.commit()
audit = Audit()
audit.auditlog_new_post('service',
original_data=service.to_dict(),
record_name=service.name)
response = jsonify(service.to_dict())
response.status_code = 201
response.headers['Location'] = url_for('api.get_service', id=service.id)
return response
def service_add():
if 'cancel' in request.form:
return redirect(request.referrer)
form = ServiceForm()
if form.validate_on_submit():
service = Service(name=form.name.data, color=form.color.data)
for u in form.users.data:
user = User.query.filter_by(id=u).first()
print("Adding: User: %s to: %s" % (user.username, service.name))
service.users.append(user)
service.manager = User.query.filter_by(id=form.manager.data).first()
db.session.add(service)
db.session.commit()
Audit().auditlog_new_post('service',
original_data=service.to_dict(),
record_name=service.name)
flash(_('Service have been saved.'))
return redirect(url_for('main.service_list'))
else:
return render_template('service.html', form=form)
def location_edit():
if 'cancel' in request.form:
return redirect(request.referrer)
locationid = request.args.get('location')
location = Location.query.filter_by(id=locationid).first()
original_data = location.to_dict()
if location is None:
render_template('location.html', title=_('Location is not defined'))
form = LocationForm(formdata=request.form, obj=location)
if request.method == 'POST' and form.validate_on_submit():
location.place = form.place.data
location.area = form.area.data
location.facillity = form.facillity.data
location.position = form.position.data
location.type = form.type.data
db.session.commit()
Audit().auditlog_update_post('location',
original_data=original_data,
updated_data=location.to_dict(),
record_name=location.longName())
flash(_('Your changes have been saved.'))
return redirect(url_for('main.location_list'))
else:
return render_template('location.html',
title=_('Edit Location'),
form=form)
def create_access():
data = request.get_json() or {}
for field in ['name', 'status']:
if field not in data:
return bad_request('must include %s fields' % field)
check_access = Access.query.filter_by(name=data['name']).first()
if check_access is not None:
return bad_request('Access already exist with id: %s' %
check_access.id)
access = Access()
access.from_dict(data)
db.session.add(access)
db.session.commit()
Audit().auditlog_new_post('access',
original_data=access.to_dict(),
record_name=access.name)
response = jsonify(access.to_dict())
response.status_code = 201
response.headers['Location'] = url_for('api.get_access', id=access.id)
return response
def create_location():
data = request.get_json() or {}
for field in ['place', 'facillity', 'area', 'position', 'type']:
if field not in data:
return bad_request('must include field: %s' % field)
check_loc = Location.query.filter_by(place=data['place'],
facillity=data['facillity'],
area=data['area'],
position=data['position'],
type=data['type']).first()
if check_loc is not None:
return bad_request('Location already exist with id: %s' % check_loc.id)
location = Location()
location.from_dict(data)
db.session.add(location)
db.session.commit()
Audit().auditlog_new_post('location',
original_data=location.to_dict(),
record_name=location.longName())
response = jsonify(location.to_dict())
response.status_code = 201
response.headers['Location'] = url_for('api.get_location', id=location.id)
return response
def create_resource():
data = request.get_json() or {}
if 'serial' not in data:
return bad_request('must include field: serial')
hsm_pci_card = Resource.query.filter_by(serial=data['serial']).first()
if hsm_pci_card is not None:
msg = 'Card already exist: %s' % hsm_pci_card.id
return bad_request(msg)
resource = Resource()
status = resource.from_dict(data)
if status['success'] is False:
return bad_request(status['msg'])
db.session.add(resource)
db.session.commit()
Audit().auditlog_new_post('hsm_pci_card',
original_data=resource.to_dict(),
record_name=resource.name)
response = jsonify(resource.to_dict())
response.status_code = 201
response.headers['Resource'] = url_for('api.get_resource', id=resource.id)
return response
def update_role(id):
role = Role.query.get_or_404(id)
original_data = role.to_dict()
data = request.get_json() or {}
role.from_dict(data, new_role=False)
db.session.commit()
Audit().auditlog_update_post('hsm_domain', original_data=original_data, updated_data=data)
return jsonify(role.to_dict())
def resource_edit():
resourceid = request.args.get('resource')
if 'cancel' in request.form:
return redirect(request.referrer)
if 'delete' in request.form:
return redirect(url_for('main.resource_delete', resource=resourceid))
if 'copy' in request.form:
return redirect(
url_for('main.resource_copy', copy_from_resource=resourceid))
if 'logs' in request.form:
return redirect(
url_for('main.logs_list', module='resource', module_id=resourceid))
if 'ports' in request.form:
return redirect(url_for('main.resource_port_list',
resource=resourceid))
resource = Resource.query.get(resourceid)
original_data = resource.to_dict()
if resource is None:
render_template('service.html', title=_('Resource is not defined'))
form = ResourceForm(formdata=request.form, obj=resource)
if request.method == 'POST' and form.validate_on_submit():
service = Service.query.get(form.service.data)
if service is None:
flash('Service is required')
return redirect(request.referrer)
resource.name = form.name.data
resource.comment = form.comment.data
resource.environment = form.environment.data
resource.external_id = form.external_id.data
resource.service = service
db.session.commit()
Audit().auditlog_update_post('resource',
original_data=original_data,
updated_data=resource.to_dict(),
record_name=resource.name)
flash(_('Your changes have been saved.'))
return redirect(url_for('main.index'))
else:
form.name.data = resource.name
form.comment.data = resource.comment
form.external_id.data = resource.external_id
form.service.data = resource.service_id
return render_template('resource.html',
title=_('Edit Resource'),
form=form)
def role_edit():
roleid = request.args.get('role')
if 'cancel' in request.form:
return redirect(request.referrer)
if 'delete' in request.form:
return redirect(url_for('main.role_delete', role=roleid))
role = Role.query.get(roleid)
form = RoleForm(obj=role)
if role is None:
flash(_('Role not found'))
return redirect(request.referrer)
original_data = role.to_dict()
if request.method == 'POST' and form.validate_on_submit():
role.name = form.name.data
role.description = form.description.data
role.resources = []
for r in form.resources.data:
resource = Resource.query.get(r)
print("Adding: Resource: {} to: {}".format(resource.name, role.name))
role.resources.append(resource)
from app.main.models import Service
service = Service.query.filter_by(id=form.service.data).first_or_404()
if service is None:
flash(_('Service id not found'))
return redirect(request.referrer)
else:
role.service = service
role.comment = form.comment.data
db.session.commit()
Audit().auditlog_update_post('role', original_data=original_data,
updated_data=role.to_dict(), record_name=role.name)
flash(_('Your changes to the role have been saved.'))
return redirect(url_for('main.index'))
else:
pre_selected_resources = [(r.id) for r in role.resources]
form = RoleForm(resources=pre_selected_resources)
form.name.data = role.name
form.comment.data = role.comment
form.service.data = role.service_id
form.description.data = role.description
return render_template('role.html', title=_('Edit Role'),
form=form)
def update_service(id):
service = Service.query.get_or_404(id)
original_data = service.to_dict()
data = request.get_json() or {}
service.from_dict(data, new_service=False)
db.session.commit()
Audit().auditlog_update_post('service',
original_data=original_data,
updated_data=service.to_dict(),
record_name=service.name)
return jsonify(service.to_dict())
def update_location(id):
location = Location.query.get_or_404(id)
original_data = location.to_dict()
data = request.get_json() or {}
location.from_dict(data, new_location=False)
db.session.commit()
Audit().auditlog_update_post('location',
original_data=original_data,
updated_data=location.to_dict(),
record_name=location.longName())
return jsonify(location.to_dict())
def update_access(id):
access = Access.query.get_or_404(id)
original_data = access.to_dict()
data = request.get_json() or {}
access.from_dict(data, new_access=False)
db.session.commit()
Audit().auditlog_update_post('access',
original_data=original_data,
updated_data=access.to_dict(),
record_name=access.hostname)
return jsonify(access.to_dict())
def update_resource(id):
resource = Resource.query.get_or_404(id)
original_data = resource.to_dict()
data = request.get_json() or {}
resource.from_dict(data)
db.session.commit()
Audit().auditlog_update_post('hsm_pci_card',
original_data=original_data,
updated_data=data,
record_name=resource.name)
return jsonify(resource.to_dict())
def assignment_add():
if 'cancel' in request.form:
return redirect(request.referrer)
form = AssignmentForm(formdata=request.form)
if request.method == 'POST' and form.validate_on_submit():
user = User.query.get(form.user.data)
if user is None:
flash('User is required')
return redirect(request.referrer)
role = Role.query.get(form.role.data)
if role is None:
flash('User is required')
return redirect(request.referrer)
print(f"logged in user {current_user.username}")
requestor = User.query.filter_by(
username=current_user.username).first_or_404()
if requestor is None:
flash('logged in user is required')
return redirect(request.referrer)
assignment = Assignment(comment=form.comment.data,
start=form.start.data,
stop=form.stop.data
)
assignment.user = user
assignment.role = role
assignment.status = "requested"
assignment.request_ts = datetime.now()
print(f'requestor: {requestor.username}')
assignment.requestor = requestor.username
db.session.add(assignment)
db.session.commit()
Audit().auditlog_new_post('assignment', original_data=assignment.to_dict(),
record_name=assignment.__tablename__)
flash(_('New assignment is now requested!'))
return redirect(url_for('main.index'))
else:
return render_template('assignment.html', title=_('Add Assignment'),
form=form)
def update_user(id):
user = User.query.get_or_404(id)
original_data = user.to_dict()
data = request.get_json() or {}
if 'username' in data and data['username'] != user.username and \
User.query.filter_by(username=data['username']).first():
return bad_request('please use a different username')
if 'email' in data and data['email'] != user.email and \
User.query.filter_by(email=data['email']).first():
return bad_request('please use a different email address')
user.from_dict(data, new_user=False)
db.session.commit()
Audit().auditlog_update_post('user', original_data=original_data, updated_data=user.to_dict(), record_name=user.username)
return jsonify(user.to_dict())
def service_edit():
if 'cancel' in request.form:
return redirect(request.referrer)
servicename = request.args.get('name')
service = Service.query.filter_by(name=servicename).first()
original_data = service.to_dict()
if service is None:
render_template('service.html', title=_('Service is not defined'))
if 'delete' in request.form:
return redirect(url_for('main.service_delete', service=service.id))
form = ServiceForm(formdata=request.form, obj=service)
if request.method == 'POST' and form.validate_on_submit():
# TODO remove not selected users ...
service.users = []
for u in form.users.data:
user = User.query.filter_by(id=u).first()
print("Adding: User: %s to: %s" % (user.username, service.name))
service.users.append(user)
service.manager = User.query.filter_by(id=form.manager.data).first()
service.name = form.name.data
service.color = form.color.data
db.session.commit()
Audit().auditlog_update_post('service',
original_data=original_data,
updated_data=service.to_dict(),
record_name=service.name)
flash(_('Your changes have been saved.'))
return redirect(url_for('main.service_list'))
else:
pre_selected_users = [(su.id) for su in service.users]
form = ServiceForm(users=pre_selected_users)
form.manager.data = service.manager_id
form.name.data = service.name
form.color.data = service.color
return render_template('service.html',
title=_('Edit Service'),
form=form)
def service_delete():
serviceid = request.args.get('service')
service = Service.query.get(serviceid)
if service is None:
flash(_('Service was not deleted, id not found!'))
return redirect(url_for('main.index'))
deleted_msg = 'Service deleted: %s\n' % (service.name)
flash(deleted_msg)
db.session.delete(service)
db.session.commit()
Audit().auditlog_delete_post('service',
data=service.to_dict(),
record_name=service.name)
return redirect(url_for('main.index'))
def role_delete():
roleid = request.args.get('role')
role = Role.query.get(roleid)
if role is None:
flash(_('Role was not deleted, id not found!'))
return redirect(url_for('main.index'))
deleted_msg = f'Role deleted: {role.name} {role.comment}'
db.session.delete(role)
db.session.commit()
Audit().auditlog_delete_post('role', data=role.to_dict(), record_name=role.name)
flash(deleted_msg)
return redirect(url_for('main.index'))
def change_password():
form = ChangePasswordForm()
if request.method == 'POST' and form.validate_on_submit():
user = User.query.filter_by(username=current_user.username).first()
original_data = user.to_dict()
user.set_password(form.password.data)
db.session.add(user)
db.session.commit()
Audit().auditlog_new_post('user',
original_data=original_data,
updated_data=user.to_dict(),
record_name=user.username)
flash(_('Password changed'))
return redirect(url_for('main.index'))
return render_template('auth/change_password.html', form=form)
def assignment_delete():
assignmentid = request.args.get('assignment')
assignment = Assignment.query.get(assignmentid)
if assignment is None:
flash(_('assignment was not deleted, id not found!'))
return redirect(url_for('main.index'))
# check if pyraadmin
deleted_msg = f'assignment deleted for: {assignment.user.username} to: {assignment.role.name}\n'
flash(deleted_msg)
db.session.delete(assignment)
db.session.commit()
Audit().auditlog_delete_post('access', data=assignment.to_dict(),
record_name=assignment.__class__.__name__.lower())
return redirect(url_for('main.index'))
def reset_password(token):
if current_user.is_authenticated:
return redirect(url_for('main.index'))
user = User.verify_reset_password_token(token)
original_data = user.to_dict()
if not user:
return redirect(url_for('main.index'))
form = ResetPasswordForm()
if form.validate_on_submit():
user.set_password(form.password.data)
db.session.commit()
Audit().auditlog_new_post('user',
original_data=original_data,
updated_data=user.to_dict(),
record_name=user.username)
flash(_('Your password has been reset.'))
return redirect(url_for('auth.login'))
return render_template('auth/reset_password.html', form=form)
def access_delete():
accessid = request.args.get('access')
access = Access.query.get(accessid)
if access is None:
flash(_('Access was not deleted, id not found!'))
return redirect(url_for('main.index'))
# check if pyraadmin
deleted_msg = f'Access deleted for: {access.user.username} to: {access.resource.name}\n'
flash(deleted_msg)
db.session.delete(access)
db.session.commit()
Audit().auditlog_delete_post('access',
data=access.to_dict(),
record_name=access.__class__.__name__.lower())
return redirect(url_for('main.index'))
def create_role():
data = request.get_json() or {}
for field in ['name', 'service_id']:
if field not in data:
return bad_request('must include field: %s' % field)
check_role = Role.query.filter_by(name=data['name']).first()
if check_role is not None:
return bad_request('HSM Domain already exist with id: %s' % check_role.id)
role = Role()
role.from_dict(data)
db.session.add(role)
db.session.commit()
Audit().auditlog_new_post('hsm_domain', original_data=role.to_dict(), record_name=role.name)
response = jsonify(role.to_dict())
response.status_code = 201
response.headers['Role'] = url_for('api.get_role', id=role.id)
return response
def register():
if current_app.config['OPEN_REGISTRATION'] is False:
if not current_user.is_authenticated:
flash(
_('Registration is not open, contact admin to get an account'))
return redirect(url_for('main.index'))
form = RegistrationForm()
if form.validate_on_submit():
user = User(username=form.username.data, email=form.email.data)
user.set_password(form.password.data)
db.session.add(user)
db.session.commit()
Audit().auditlog_new_post('user',
original_data=user.to_dict(),
record_name=user.username)
flash(_('Congratulations, you are now a registered user!'))
return redirect(url_for('auth.login'))
return render_template('auth/register.html',
title=_('Register'),
form=form)
def resource_add():
if 'cancel' in request.form:
return redirect(request.referrer)
form = ResourceForm(formdata=request.form)
ip = request.args.get('ip')
if ip:
form.ipaddress.data = ip
if request.method == 'POST' and form.validate_on_submit():
service = Service.query.get(form.service.data)
if service is None:
flash('Service is required')
return redirect(request.referrer)
resource = Resource(name=form.name.data,
comment=form.comment.data,
environment=form.environment.data,
external_id=form.external_id.data)
resource.service = service
db.session.add(resource)
db.session.commit()
Audit().auditlog_new_post('resource',
original_data=resource.to_dict(),
record_name=resource.name)
flash(_('New resource is now posted!'))
return redirect(url_for('main.index'))
else:
return render_template('resource.html',
title=_('Add Resource'),
form=form)
def role_add():
if 'cancel' in request.form:
return redirect(request.referrer)
form = RoleForm(formdata=request.form)
if request.method == 'POST' and form.validate_on_submit():
role = Role(name=form.name.data)
for r in form.resources.data:
resource = Resource.query.get(r)
print("Adding: Resource: {} to: {}".format(resource.name, role.name))
role.resources.append(resource)
from app.main.models import Service
service = Service.query.filter_by(id=form.service.data).first_or_404()
if service is None:
flash(_('Service id not found'))
return redirect(request.referrer)
else:
role.service = service
role.comment = form.comment.data
role.description = form.description.data
db.session.add(role)
db.session.commit()
Audit().auditlog_new_post('role', original_data=role.to_dict(), record_name=role.name)
flash(_('New Role is now posted!'))
return redirect(url_for('main.index'))
else:
return render_template('role.html', title=_('Role'),
form=form)
def location_add():
if 'cancel' in request.form:
return redirect(request.referrer)
form = LocationForm()
if form.validate_on_submit():
location = Location()
location.place = form.place.data
location.area = form.area.data
location.facillity = form.facillity.data
location.position = form.position.data
location.type = form.type.data
db.session.add(location)
db.session.commit()
Audit().auditlog_new_post('location',
original_data=location.to_dict(),
record_name=location.longName())
flash(_('Location have been saved.'))
return redirect(url_for('main.location_list'))
else:
return render_template('location.html', form=form)
def access_edit():
accessid = request.args.get('access')
if 'cancel' in request.form:
return redirect(request.referrer)
if 'delete' in request.form:
return redirect(url_for('main.access_delete', access=accessid))
if 'logs' in request.form:
return redirect(
url_for('main.logs_list', module='access', module_id=accessid))
access = Access.query.get(accessid)
original_data = access.to_dict()
if access is None:
render_template('service.html', title=_('Access is not defined'))
print(f"logged in user {current_user.username}")
requestor = User.query.filter_by(
username=current_user.username).first_or_404()
if requestor is None:
flash('logged in user is required')
return redirect(request.referrer)
form = AccessForm(formdata=request.form, obj=access)
if request.method == 'POST' and form.validate_on_submit():
access.comment = form.comment.data
user = User.query.get(form.user.data)
if user is None:
flash('User is required')
return redirect(request.referrer)
resource = Resource.query.get(form.resource.data)
if resource is None:
flash('resource is required')
return redirect(request.referrer)
access.comment = form.comment.data
access.start = form.start.data
access.stop = form.stop.data
access.user = user
access.resource = resource
access.status = "requested"
access.request_ts = datetime.now()
print(f'requestor: {requestor.username}')
access.requestor = requestor.username
db.session.commit()
Audit().auditlog_update_post('access',
original_data=original_data,
updated_data=access.to_dict(),
record_name=access.__tablename__)
flash(_('Your changes have been saved.'))
return redirect(url_for('main.index'))
else:
form.user.data = access.user_id
form.resource.data = access.resource_id
return render_template('access.html',
title=_('Edit Access'),
form=form)
def access_implement():
accessid = request.args.get('access')
if 'cancel' in request.form:
return redirect(request.referrer)
if 'logs' in request.form:
return redirect(
url_for('main.logs_list', module='access', module_id=accessid))
access = Access.query.get(accessid)
original_data = access.to_dict()
if access is None:
flash(_('Access is not found'))
return redirect(url_for('main.index'))
if 'view_resource' in request.form:
return redirect(
url_for('main.resource_view', resource=access.resource_id))
if 'view_user' in request.form:
return redirect(url_for('main.user', username=access.user.username))
# todo add admin check
form = ImplementAccessForm(formdata=request.form, obj=access)
if request.method == 'POST' and form.validate_on_submit():
if 'deny' in request.form:
access.status = "denied-by-implementer"
access.implementer = current_user.username
db.session.commit()
flash(
f"Pending Access to resource: {access.resource.name} for: {access.user.username} was denied"
)
elif 'approve' in request.form:
access.status = "implemented"
access.approver = current_user.username
db.session.commit()
flash(
f"Pending Access to resource: {access.resource.name} for: {access.user.username} was implemented"
)
elif 'postpone' in request.form:
access.status = "postponed-by-implementer"
access.approver = current_user.username
flash(
f"Pending Access to resource: {access.resource.name} for: {access.user.username} was postponed"
)
return redirect(request.referrer)
Audit().auditlog_update_post('access',
original_data=original_data,
updated_data=access.to_dict(),
record_name=access.__tablename__)
return redirect(url_for('main.index'))
else:
form.user.data = access.user.username
form.resource.data = access.resource.name
form.approve_ts.data = access.approve_ts
return render_template(
'access.html',
title=_('Implement Approved Access to resource'),
form=form)
from flask_babel import Babel, lazy_gettext as _l
from config import Config
db = SQLAlchemy()
migrate = Migrate()
login = LoginManager()
login.login_view = 'auth.login'
login.login_message = _l('Please log in to access this page.')
mail = Mail()
bootstrap = Bootstrap()
moment = Moment()
babel = Babel()
migrate = Migrate()
from app.main.models import Audit
audit = Audit()
def create_app(config_class=Config):
app = Flask(__name__)
app.config.from_object(config_class)
db.init_app(app)
migrate.init_app(app, db)
login.init_app(app)
mail.init_app(app)
bootstrap.init_app(app)
moment.init_app(app)
babel.init_app(app)
migrate.init_app(app, db, render_as_batch=True)