def get_ucontroller_access(user, controller): try: token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization) con = execute_task(juju.authorize, token, juju.check_input(controller)) usr = juju.check_input(user) if execute_task(juju.user_exists, usr): if token.is_admin or token.username == usr: code, response = 200, execute_task(juju.get_ucontroller_access, con, usr) else: code, response = errors.unauthorized() else: code, response = errors.does_not_exist('user') except KeyError: code, response = errors.invalid_data() return juju.create_response(code, response)
def grant_to_model(user, controller, model): try: token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization) con, mod = execute_task(juju.authorize, token, juju.check_input(controller), juju.check_input(model)) usr = juju.check_input(user) if (token.is_admin or mod.m_access == 'admin' or con.c_access == 'superuser') and user != 'admin': access = juju.check_access(request.json['access']) if execute_task(juju.user_exists, user): execute_task(juju.add_user_to_model, token, con, mod, usr, access) code, response = 202, 'Process being handeled' else: code, response = errors.does_not_exist('user') else: code, response = errors.unauthorized() except KeyError: code, response = errors.invalid_data() return juju.create_response(code, response)
def revoke_from_controller(user, controller): try: token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization) con = execute_task(juju.authorize, token, juju.check_input(controller)) usr = juju.check_input(user) if (token.is_admin or con.c_access == 'superuser' or token.username == usr) and usr != 'admin': if execute_task(juju.user_exists, usr): execute_task(con.connect, token) execute_task(juju.remove_user_from_controller, token, con, usr) code, response = 200, execute_task(juju.remove_user_from_controller, con, usr) execute_task(con.disconnect) else: code, response = errors.does_not_exist('user') else: code, response = errors.unauthorized() except KeyError: code, response = errors.invalid_data() return juju.create_response(code, response)
def revoke_from_model(user, controller, model): try: token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization) con, mod = execute_task(juju.authorize, token, juju.check_input(controller), juju.check_input(model)) usr = juju.check_input(user) if execute_task(juju.user_exists, usr): if (mod.m_access == 'admin' or mod.c_access == 'superuser') and user != 'admin': execute_task(con.connect, token) execute_task(mod.connect, token) execute_task(juju.remove_user_from_model, con, mod, usr) code, response = 200, 'Revoked access for user {} on model {}'.format(usr, model) execute_task(con.disconnect) execute_task(mod.disconnect) else: code, response = errors.unauthorized() else: code, response = errors.does_not_exist('user') except KeyError: code, response = errors.invalid_data() return juju.create_response(code, response)
def get_credentials(user): try: token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization) usr = juju.check_input(user) if token.is_admin or token.username == usr: code, response = 200, juju.execute_task(juju.get_credentials, token, usr) else: code, response = errors.unauthorized() except KeyError: code, response = errors.invalid_data() return juju.create_response(code, response)
def remove_credential(user): data = request.json try: token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization) usr = juju.check_input(user) if token.is_admin or token.username == usr: execute_task(juju.remove_credential, usr, data['name']) code, response = 202, 'Process being handeled' else: code, response = errors.unauthorized() except KeyError: code, response = errors.invalid_data() return juju.create_response(code, response)
def get_user_info(user): try: token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization) user = juju.check_input(user) if execute_task(juju.user_exists, user): if user == token.username or token.is_admin: code, response = 200, execute_task(juju.get_user_info, user) else: code, response = errors.unauthorized() else: code, response = errors.does_not_exist('user') except KeyError: code, response = errors.invalid_data() return juju.create_response(code, response)
def reactivate_user(): data = request.json try: token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization) user = juju.check_input(data['username']) if token.is_admin: if execute_task(juju.user_exists, user): execute_task(juju.enable_user, token, user) code, response = 200, 'User {} succesfully activated'.format(user) else: code, response = errors.unauthorized() except KeyError: code, response = errors.invalid_data() return juju.create_response(code, response)
def change_user_password(user): try: token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization) usr = juju.check_input(user) if execute_task(juju.user_exists, usr): if usr == token.username or token.is_admin: execute_task(juju.change_user_password, token, usr, request.json['password']) code, response = 200, 'succesfully changed password for user {}'.format(usr) else: code, response = errors.unauthorized() else: code, response = errors.does_not_exist('user') except KeyError: code, response = errors.invalid_data() return juju.create_response(code, response)
def delete_user(user): try: token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization) usr = juju.check_input(user) if token.is_admin: if execute_task(juju.user_exists, usr): if usr != 'admin': execute_task(juju.delete_user, token, usr) code, response = 200, 'User {} succesfully removed'.format(usr) else: code, response = 403, 'This would remove the admin from the system!' else: code, response = errors.does_not_exist('user') else: code, response = errors.unauthorized() except KeyError: code, response = errors.invalid_data() return juju.create_response(code, response)
def create_user(): try: LOGGER.info('/USERS [POST] => receiving call') data = request.json token = execute_task(juju.authenticate, request.headers['api-key'], request.authorization) LOGGER.info('/USERS [POST] => Authenticated!') valid, user = juju.check_input(data['username'], "username") if token.is_admin: if valid: if juju.user_exists(user): code, response = errors.already_exists('user') LOGGER.error( '/USERS [POST] => Username %s already exists!', user) elif data['password']: LOGGER.info( '/USERS [POST] => Creating user %s, check add_user.log for more information!', user) juju.create_user(user, data['password']) code, response = 202, 'User {} is being created'.format( user) else: code, response = errors.empty() LOGGER.error('/USERS [POST] => Password cannot be empty!') else: code, response = 400, user LOGGER.error( '/USERS [POST] => Username does not have the correct format!' ) else: code, response = errors.no_permission() LOGGER.error( '/USERS [POST] => No Permission to perform this action!') except KeyError: code, response = errors.invalid_data() error_log() except HTTPException: ers = error_log() raise except Exception: ers = error_log() code, response = errors.cmd_error(ers) return juju.create_response(code, response)