-
Notifications
You must be signed in to change notification settings - Fork 2
/
keyserver.py
47 lines (38 loc) · 1.62 KB
/
keyserver.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
import cgi
import uuid
import credentials
import permissions
from policy import PolicyResponseCode
from boto.iam import IAMConnection
from boto.exception import BotoServerError
from google.appengine.ext import webapp
from google.appengine.ext.webapp.util import run_wsgi_app
class CreateUser(webapp.RequestHandler):
def get(self):
group = self.request.get('group')
if not group:
self.response.out.write("ERROR: Must specify a group")
elif group not in permissions.policy:
self.response.out.write("ERROR: Not an allowed group")
else:
if (permissions.policy[group]):
action = permissions.policy[group].handle(self.request, self.response)
if action is PolicyResponseCode.DENY or action is PolicyResponseCode.CHALLENGE:
return
user_name = uuid.uuid4().hex
try:
conn.create_user(user_name)
conn.add_user_to_group(group, user_name)
create_access_key_res = conn.create_access_key(user_name)
self.response.out.write("%s:%s" % (
create_access_key_res.access_key_id,
create_access_key_res.secret_access_key))
except BotoServerError, e:
self.response.out.write("ERROR: %s" % e.reason)
conn = IAMConnection(credentials.aws_access_key_id, credentials.aws_secret_access_key)
application = webapp.WSGIApplication([('/create_user', CreateUser)],
debug=True)
def main():
run_wsgi_app(application)
if __name__ == "__main__":
main()