def add_user_group(keycloak: KeycloakClient, user_id, body, user): try: keycloak.group_user_add(user_id, body['id']) return {}, 200 except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', str(e))
def create_policy(keycloak: KeycloakClient, user, body): """ API endpoint to create a policy (JSON formatted) """ policy = model.Policy.from_dict(body) try: db.session.add(policy) db.session.flush() group_id = keycloak.group_create( {'name': f'policy-{policy.id}-owners'}) keycloak.group_user_add(user, group_id) keycloak.group_role_add('policy-owner', group_id) db.session.commit() except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', f'Failed to delete owner group in Keycloak, {e}') return policy.to_dict()
def create_region(keycloak: KeycloakClient, vault: Vault, body, user): try: if body.get('users_group'): keycloak.group_get(body['users_group']) except KeycloakGetError as e: logger.exception(e) return problem( 400, 'Users group does not exist', f'Users group {body["users_group"]} does not exist in Keycloak, ' 'you have to create group first or use existing group.') tower = tower_model.Server.query.get(body['tower_id']) if not tower: return problem( 404, 'Not Found', f'Tower instance with ID {body["tower_id"]} does not exist') query = model.Region.query.filter(model.Region.name == body['name']) if query.count() > 0: return problem( 400, 'Bad Request', f'Region with name {body["name"]!r} already exists', ) try: owners_id = keycloak.group_create({ 'name': f'{body["name"]}-owners', }) logger.info(f'Created owners group {owners_id}') body['owner_group'] = owners_id keycloak.group_user_add(user, owners_id) logger.info(f'Added {user} to owners group {owners_id}') except KeycloakGetError as e: logger.exception(e) return problem_from_keycloak_error(e) except Exception as e: logger.exception(e) return problem(500, 'Unknown Error', f'Failed to create owner group in Keycloak, {e}') openstack_credentials = dpath.get(body, 'openstack/credentials') if not isinstance(openstack_credentials, str): openstack_credentials_path = f'{VAULT_PATH_PREFIX}/{body["name"]}/openstack' vault.write(openstack_credentials_path, openstack_credentials) dpath.set(body, 'openstack/credentials', openstack_credentials_path) satellite_credentials = dpath.get(body, 'satellite/credentials') if not isinstance(satellite_credentials, str): satellite_credentials_path = f'{VAULT_PATH_PREFIX}/{body["name"]}/satellite' vault.write(satellite_credentials_path, satellite_credentials) dpath.set(body, 'satellite/credentials', satellite_credentials_path) dns_server_key = dpath.get(body, 'dns_server/key') if not isinstance(dns_server_key, str): dns_server_key_path = f'{VAULT_PATH_PREFIX}/{body["name"]}/dns_server' vault.write(dns_server_key_path, dns_server_key) dpath.set(body, 'dns_server/key', dns_server_key_path) region = model.Region.from_dict(body) try: db.session.add(region) db.session.commit() logger.info( f'Region {region.name} (id {region.id}) created by user {user}') except sqlalchemy.exc.SQLAlchemyError: # If database transaction failed remove group in Keycloak. keycloak.group_delete(owners_id) raise return region.to_dict() | {'_href': _region_href(region)}