def parse(cls, json: JSON) -> 'Permission':
if not isinstance(json.get('scopes', []), list):
raise ValueError('scopes must be a list')
return Permission(
match=json.get('match', None),
scopes=[Scope(s) for s in json.get('scopes', list())])
def update_perm(perm_id):
if not request.json:
raise ApiError('nothing to change', 400)
for s in request.json.get('scopes', []):
if s not in Scope.find_all():
raise ApiError("'{}' is not a valid Scope".format(s), 400)
perm = Permission.find_by_id(perm_id)
if not perm:
raise ApiError('not found', 404)
admin_audit_trail.send(current_app._get_current_object(),
event='permission-updated',
message='',
user=g.login,
customers=g.customers,
scopes=g.scopes,
resource_id=perm.id,
type='permission',
request=request)
updated = perm.update(**request.json)
if updated:
return jsonify(status='ok', permission=updated.serialize)
else:
raise ApiError('failed to update permission', 500)
def test_custom_scopes(self):
headers = {
'Authorization': f"Key {self.api_keys_scopes['admin']}",
'Content-type': 'application/json'
}
# list scopes
response = self.client.get('/scopes',
content_type='application/json',
headers=headers)
self.assertEqual(response.status_code, 200)
data = json.loads(response.data.decode('utf-8'))
self.assertIn('admin:foo', data['scopes'])
self.assertIn('write:foo.bar', data['scopes'])
self.assertIn('read:foo.baz', data['scopes'])
self.assertIn('delete:foo.quux', data['scopes'])
scope = Scope.from_str(action='write',
resource='resource',
type='type')
self.assertEqual(scope.action, 'write')
self.assertEqual(scope.resource, 'resource')
self.assertEqual(scope.type, 'type')
def init_app(self, app: Flask) -> None:
self.secret_key = app.config['SECRET_KEY']
self.admin_users = app.config['ADMIN_USERS']
self.user_default_scopes = [
Scope(s) for s in app.config['USER_DEFAULT_SCOPES']
]
self.api_key_expire_days = app.config['API_KEY_EXPIRE_DAYS']
def key(username, want_key, scopes, duration, text, customer, all, force):
"""
Create an admin API key.
"""
if username and username not in current_app.config['ADMIN_USERS']:
raise click.UsageError('User {} not an admin'.format(username))
if all and want_key:
raise click.UsageError('Can only set API key with "--username".')
scopes = [Scope(s) for s in scopes] or [Scope.admin, Scope.write, Scope.read]
expires = datetime.utcnow() + timedelta(seconds=duration) if duration else None
text = text or 'Created by alertad script'
def create_key(admin, key=None):
key = ApiKey(
user=admin,
key=key,
scopes=scopes,
expire_time=expires,
text=text,
customer=customer
)
try:
key = key.create()
except Exception as e:
click.echo('ERROR: {}'.format(e))
else:
return key
if all:
for admin in current_app.config['ADMIN_USERS']:
keys = [k for k in ApiKey.find_by_user(admin) if k.scopes == scopes]
if keys and not force:
key = keys[0]
else:
key = create_key(admin)
click.echo('{:40} {}'.format(key.key, key.user))
elif username:
keys = [k for k in ApiKey.find_by_user(username) if k.scopes == scopes]
if want_key:
found_key = [k for k in keys if k.key == want_key]
if found_key:
key = found_key[0]
else:
key = create_key(username, key=want_key)
else:
if keys and not force:
key = keys[0]
else:
key = create_key(username)
if key:
click.echo(key.key)
else:
sys.exit(1)
else:
raise click.UsageError("Must set '--username' or use '--all'")
def create_app(config_override: Dict[str, Any] = None, environment: str = None) -> Flask:
app = Flask(__name__)
app.config['ENVIRONMENT'] = environment
config.init_app(app)
app.config.update(config_override or {})
tracing.setup_tracing(app)
logger.setup_logging(app)
if app.config['USE_PROXYFIX']:
app.wsgi_app = ProxyFix(app.wsgi_app) # type: ignore
hooks.init_app(app)
audit.init_app(app)
alarm_model.init_app(app)
Scope.init_app(app)
cors.init_app(app)
compress.init_app(app)
handlers.register(app)
key_helper.init_app(app)
db.init_db(app)
qb.init_app(app)
mailer.register(app)
plugins.register(app)
custom_webhooks.register(app)
from alerta.utils.format import CustomJSONEncoder
app.json_encoder = CustomJSONEncoder
from alerta.views import api
app.register_blueprint(api)
from alerta.webhooks import webhooks
app.register_blueprint(webhooks)
from alerta.auth import auth as auth_blueprint
app.register_blueprint(auth_blueprint)
from alerta.management import mgmt
app.register_blueprint(mgmt)
return app
def from_record(cls, rec) -> 'ApiKey':
return ApiKey(
id=rec.id,
key=rec.key,
user=rec.user,
scopes=[Scope(s) for s in rec.scopes], # legacy type => scopes conversion only required for mongo documents
text=rec.text,
expire_time=rec.expire_time,
count=rec.count,
last_used_time=rec.last_used_time,
customer=rec.customer
)
def from_document(cls, doc: Dict[str, Any]) -> 'ApiKey':
return ApiKey(id=doc.get('id', None) or doc.get('_id'),
key=doc.get('key', None) or doc.get('_id'),
user=doc.get('user', None),
scopes=[Scope(s) for s in doc.get('scopes', list())]
or key_helper.type_to_scopes(doc.get(
'user', None), doc.get('type', None)) or list(),
text=doc.get('text', None),
expire_time=doc.get('expireTime', None),
count=doc.get('count', None),
last_used_time=doc.get('lastUsedTime', None),
customer=doc.get('customer', None))
def parse(cls, json: JSON) -> 'ApiKey':
if not isinstance(json.get('scopes', []), list):
raise ValueError('scopes must be a list')
api_key = ApiKey(
user=json.get('user', None),
scopes=[Scope(s) for s in json.get('scopes', [])],
text=json.get('text', None),
expire_time=DateTime.parse(json['expireTime']) if 'expireTime' in json else None,
customer=json.get('customer', None)
)
if 'type' in json:
api_key.scopes = key_helper.type_to_scopes(api_key.user, json['type'])
return api_key
def lookup(cls, login: str, roles: List[str]) -> List[Scope]:
return [Scope(s) for s in db.get_scopes_by_match(login, matches=roles)]
def from_record(cls, rec) -> 'Permission':
return Permission(id=rec.id,
match=rec.match,
scopes=[Scope(s) for s in rec.scopes])
def from_document(cls, doc: Dict[str, Any]) -> 'Permission':
return Permission(id=doc.get('id', None) or doc.get('_id'),
match=doc.get('match', None),
scopes=[Scope(s) for s in doc.get('scopes', list())])
def list_scopes():
scopes = Scope.find_all()
return jsonify(status='ok', scopes=scopes, total=len(scopes))
