def get(self, audit_ctx, group_id): audit_ctx['request.group'] = group_id internal_authorize('GetGroup', format_arn('groups', group_id)) group = self._get_or_404(group_id) audit_ctx['request.group'] = group.name return jsonify(marshal(group, group_fields))
def add_user_to_group(audit_ctx, group_id): audit_ctx['request.group'] = group_id internal_authorize('AddUserToGroup', format_arn('groups', group_id)) group = Group.query.filter(Group.name == group_id).first() if not group: print("D") abort(404, message=f'group {group_id} does not exist') audit_ctx['request.group'] = group.name user_parser = reqparse.RequestParser() user_parser.add_argument('user', type=str, location='json', required=True) args = user_parser.parse_args() user = User.query.filter(User.username == args['user']).first() if not user: print("C") abort(404, message=f'user {args["user"]} does not exist') audit_ctx['request.username'] = user.username group.users.append(user) db.session.add(group) db.session.commit() return jsonify({})
def post(self, audit_ctx, group_id): audit_ctx['request.group'] = group_id internal_authorize('CreateGroupPolicy', format_arn('groups', group_id)) args = group_policy_parser.parse_args() policy_json = json.loads(args['policy']) audit_ctx['request.policy'] = args['name'] audit_ctx['request.policy-json'] = json.dumps(policy_json, indent=4, separators=(',', ': ')) group = Group.query.filter(Group.name == group_id).first() if not group: abort(404, message=f'Group {group_id} does not exist') policy = GroupPolicy( group=group, name=args['name'], policy=policy_json, ) db.session.add(policy) db.session.commit() return jsonify(marshal(policy, group_policy_fields))
def delete(self, audit_ctx, username): audit_ctx['request.username'] = username internal_authorize('DeleteUser', format_arn('users', username)) user = self._get_or_404(username) db.session.delete(user) return make_response(jsonify({}), 201, [])
def delete(self, audit_ctx, group_id): audit_ctx['request.group'] = group_id internal_authorize('DeleteGroup', format_arn('groups', group_id)) group = self._get_or_404(group_id) audit_ctx['request.group'] = group.name db.session.delete(group) return make_response(jsonify({}), 201, [])
def get(self, audit_ctx, username, policy_name): audit_ctx['request.username'] = username audit_ctx['request.policy'] = policy_name internal_authorize('GetUserPolicy', format_arn('users', username)) user = User.query.filter(User.username == username).first() if not user: abort(404, message=f'User doesn\'t exist') policy = self._get_or_404(user, policy_name) return jsonify(marshal(policy, user_policy_fields))
def get(self, audit_ctx, group_id, policy_name): audit_ctx['request.group'] = group_id audit_ctx['request.policy'] = policy_name internal_authorize('GetGroupPolicy', format_arn('groups', group_id)) group = Group.query.filter(Group.name == group_id).first() if not group: abort(404, message=f'group {group_id} does not exist') policy = self._get_or_404(group, policy_name) return jsonify(marshal(policy, group_policy_fields))
def get(self, audit_ctx, username, key_id): audit_ctx['request.username'] = username audit_ctx['request.access_key_id'] = key_id internal_authorize('GetAccessKey', format_arn('users', username)) user = User.query.filter(User.username == username).first() if not user: abort(404, message=f'User doesn\'t exist') access_key = self._get_or_404(user, key_id) return jsonify(marshal(access_key, access_key_fields))
def post(self, audit_ctx): args = group_parser.parse_args() audit_ctx['request.group'] = args['name'] internal_authorize('CreateGroup', format_arn('groups', args['name'])) group = Group( name=args['name'], ) db.session.add(group) db.session.commit() return jsonify(marshal(group, group_fields))
def delete(self, audit_ctx, username, policy_name): audit_ctx['request.username'] = username audit_ctx['request.policy'] = policy_name internal_authorize('DeleteUserPolicy', format_arn('users', username)) user = User.query.filter(User.username == username).first() if not user: abort(404, message=f'User doesn\'t exist') policy = self._get_or_404(user, policy_name) db.session.delete(policy) db.session.commit() return make_response(jsonify({}), 201, [])
def get(self, audit_ctx, group_id): audit_ctx['request.group'] = group_id internal_authorize('ListGroupPolicies', format_arn('groups', group_id)) group = Group.query.filter(Group.name == group_id).first() if not group: abort(404, message=f'Group {group_id} does not exist') return build_response_for_request( GroupPolicy, request, group_policy_fields, GroupPolicy.query.filter(GroupPolicy.group == group), )
def delete(self, audit_ctx, group_id, policy_name): audit_ctx['request.group'] = group_id audit_ctx['request.policy'] = policy_name internal_authorize('DeleteGroupPolicy', format_arn('groups', group_id)) group = Group.query.filter(Group.name == group_id).first() if not group: abort(404, message=f'group {group_id} does not exist') policy = self._get_or_404(group, policy_name) db.session.delete(policy) db.session.commit() return make_response(jsonify({}), 201, [])
def put(self, audit_ctx, group_id): audit_ctx['request.group'] = group_id internal_authorize('UpdateGroup', format_arn('groups', group_id)) args = group_parser.parse_args() group = self._get_or_404(group_id) audit_ctx['request.group'] = group.name group.name = args['name'] db.session.add(group) db.session.commit() return jsonify(marshal(group, group_fields))
def get(self, audit_ctx, username): audit_ctx['request.username'] = username internal_authorize('ListAccessKeys', format_arn('users')) user = User.query.filter(User.username == username).first() if not user: abort(404, message='User not found') return build_response_for_request( AccessKey, request, access_key_fields, AccessKey.query.filter(AccessKey.user == user), )
def get(self, audit_ctx, username): audit_ctx['request.username'] = username internal_authorize('ListUserPolicies', format_arn('users', username)) user = User.query.filter(User.username == username).first() if not user: abort(404, message=f'User doesn\'t exist') return build_response_for_request( UserPolicy, request, user_policy_fields, UserPolicy.query.filter(UserPolicy.user == user), )
def delete(self, audit_ctx, username, key_id): audit_ctx['request.username'] = username audit_ctx['request.access_key_id'] = key_id internal_authorize('DeleteAccessKey', format_arn('users', username)) user = User.query.filter(User.username == username).first() if not user: abort(404, message=f'User doesn\'t exist') access_key = self._get_or_404(user, key_id) audit_ctx['request.username'] = access_key.user.username db.session.delete(access_key) db.session.commit() return make_response(jsonify({}), 201, [])
def remove_user_from_group(audit_ctx, group_id, username): audit_ctx['request.group'] = group_id audit_ctx['request.username'] = username internal_authorize('RemoveUserFromGroup', format_arn('groups', group_id)) group = Group.query.filter(Group.name == group_id).first() if not group: abort(404, message=f'group {group_id} does not exist') user = User.query.join(Group.users).filter(User.username == username, Group.id == group.id).first() if not user: abort(404, message=f'user {username} does not exist') group.users.remove(user) db.session.add(group) db.session.commit() return make_response(jsonify({}), 201, [])
def post(self, audit_ctx): args = user_parser.parse_args() audit_ctx['request.username'] = args['username'] internal_authorize('CreateUser', format_arn('users', args['username'])) user = User( username=args['username'], ) if args['password']: user.set_password(args['password']) audit_ctx['request.password'] = '******' db.session.add(user) db.session.commit() return jsonify(marshal(user, user_fields))
def put(self, audit_ctx, username): audit_ctx['request.username'] = username internal_authorize('UpdateUser', format_arn('users', username)) args = user_parser.parse_args() if 'username' in args: audit_ctx['request.new-username'] = args['username'] if 'password' in args: audit_ctx['request.password'] = '******' user = self._get_or_404(username) if 'username' in args: user.username = args['username'] if 'password' in args: user.set_password(args['password']) db.session.add(user) db.session.commit() return jsonify(marshal(user, user_fields))
def put(self, audit_ctx, username, policy_name): audit_ctx['request.username'] = username audit_ctx['request.policy'] = policy_name internal_authorize('UpdateUserPolicy', format_arn('users', username)) user = User.query.filter(User.username == username).first() if not user: abort(404, message=f'User doesn\'t exist') args = user_policy_parser.parse_args() policy_json = json.loads(args['policy']) audit_ctx['request.new-policy'] = args['name'] audit_ctx['request.policy-json'] = json.dumps(policy_json, indent=4, separators=(',', ': ')) policy = self._get_or_404(user, policy_name) policy.name = args['name'] policy.policy = policy_json db.session.add(policy) db.session.commit() return jsonify(marshal(policy, user_policy_fields))
def post(self, audit_ctx, username): audit_ctx['request.username'] = username internal_authorize('CreateAccessKey', format_arn('users', username)) user = User.query.filter(User.username == username).first() if not user: abort(404, message='User not found') access_key = AccessKey( user=user, access_key_id='AK' + ''.join(random.SystemRandom().choice(ACCESS_KEY_ID_LETTERS) for _ in range(18)), secret_access_key=''.join( random.SystemRandom().choice(SECRET_ACCESS_KEY_LETTERS) for _ in range(40)), ) db.session.add(access_key) db.session.commit() audit_ctx['response.access_key_id'] = access_key.access_key_id return jsonify(marshal(access_key, access_key_fields__initial))
def get(self, audit_ctx, username): audit_ctx['request.username'] = username internal_authorize('GetUser', format_arn('users', username)) user = self._get_or_404(username) return jsonify(marshal(user, user_fields))
def get(self, audit_ctx): internal_authorize('ListGroups', format_arn('groups', '')) return build_response_for_request(Group, request, group_fields)
def get(self, audit_ctx): internal_authorize('ListUsers', format_arn('users')) return build_response_for_request(User, request, user_fields)