roles Package

models Module

class lemur.roles.models.Role(**kwargs)

Bases: Model

authorities

authority

authority_id

certificate

certificates

description

id

name

password

pending_cert

pending_certificates

sensitive_fields = ('password',)

third_party

user

user_id

username

users

service Module

lemur.roles.service.create(name, password=None, description=None, username=None, users=None, third_party=False)

Create a new role

Parameters:

• name –

• users –

• description –

• username –

• password –

Returns:

lemur.roles.service.delete(role_id)

Remove a role

Parameters:

role_id –

Returns:

lemur.roles.service.get(role_id)

Retrieve a role by ID

Parameters:

role_id –

Returns:

lemur.roles.service.get_by_name(role_name)

Retrieve a role by its name

Parameters:

role_name –

Returns:

lemur.roles.service.get_or_create(role_name, description)

lemur.roles.service.render(args)

Helper that filters subsets of roles depending on the parameters passed to the REST Api

Parameters:

args –

Returns:

lemur.roles.service.set_third_party(role_id, third_party_status=False)

Sets a role to be a third party role. A user should pretty much never call this directly.

Parameters:

• role_id –

• third_party_status –

Returns:

lemur.roles.service.update(role_id, name, description, users)

Update a role

Parameters:

• role_id –

• name –

• description –

• users –

Returns:

lemur.roles.service.warn_user_updates(role_name, current_users, new_users)

views Module

class lemur.roles.views.AuthorityRolesList

Bases: AuthenticatedResource

Defines the ‘roles’ endpoint

endpoint = 'authorityRoles'

get(authority_id)

GET /authorities/1/roles

List of roles for a given authority

Example request:

GET /authorities/1/roles HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [
      {
        "id": 1,
        "name": "role1",
        "description": "this is role1"
      },
      {
        "id": 2,
        "name": "role2",
        "description": "this is role2"
      }
    ]
  "total": 2
}

Query Parameters:

• sortBy – field to sort on

• sortDir – asc or desc

• page – int default is 1

• filter – key value pair format is k;v

• count – count number default is 10

Request Headers:

• Authorization – OAuth token to authenticate

Status Codes:

• 200 OK – no error

mediatypes()

methods: t.ClassVar[t.Collection[str] | None] = {'GET'}

The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

class lemur.roles.views.RoleViewCredentials

Bases: AuthenticatedResource

endpoint = 'roleCredentials`'

get(role_id)

GET /roles/1/credentials

View a roles credentials

Example request:

GET /users/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
    "username": "ausername",
    "password": "apassword"
}

Request Headers:

• Authorization – OAuth token to authenticate

Status Codes:

• 200 OK – no error

• 403 Forbidden – unauthenticated

mediatypes()

methods: t.ClassVar[t.Collection[str] | None] = {'GET'}

The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

class lemur.roles.views.Roles

Bases: AuthenticatedResource

delete(role_id)

DELETE /roles/1

Delete a role

Example request:

DELETE /roles/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
   "message": "ok"
}

Request Headers:

• Authorization – OAuth token to authenticate

Status Codes:

• 200 OK – no error

• 403 Forbidden – unauthenticated

endpoint = 'role'

get(role_id)

GET /roles/1

Get a particular role

Example request:

GET /roles/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
    "id": 1,
    "name": "role1",
    "description": "this is role1"
}

Request Headers:

• Authorization – OAuth token to authenticate

Status Codes:

• 200 OK – no error

• 403 Forbidden – unauthenticated

mediatypes()

methods: t.ClassVar[t.Collection[str] | None] = {'DELETE', 'GET', 'PUT'}

The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

put(role_id, data=None)

PUT /roles/1

Update a role

Example request:

PUT /roles/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
   "name": "role1",
   "description": "This is a new description"
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
   "id": 1,
   "name": "role1",
   "description": "this is a new description"
}

Request Headers:

• Authorization – OAuth token to authenticate

Status Codes:

• 200 OK – no error

• 403 Forbidden – unauthenticated

class lemur.roles.views.RolesList

Bases: AuthenticatedResource

Defines the ‘roles’ endpoint

endpoint = 'roles'

get()

GET /roles

The current role list

Example request:

GET /roles HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [
      {
        "id": 1,
        "name": "role1",
        "description": "this is role1"
      },
      {
        "id": 2,
        "name": "role2",
        "description": "this is role2"
      }
    ]
  "total": 2
}

Query Parameters:

• sortBy – field to sort on

• sortDir – asc or desc

• page – int default is 1

• filter – key value pair format is k;v

• count – count number default is 10

Request Headers:

• Authorization – OAuth token to authenticate

Status Codes:

• 200 OK – no error

• 403 Forbidden – unauthenticated

mediatypes()

methods: t.ClassVar[t.Collection[str] | None] = {'GET', 'POST'}

The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

post(data=None)

POST /roles

Creates a new role

Example request:

POST /roles HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
Content-Type: application/json;charset=UTF-8

{
   "name": "role3",
   "description": "this is role3",
   "username": null,
   "password": null,
   "users": [
      {"id": 1}
   ]
}

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
    "id": 3,
    "description": "this is role3",
    "name": "role3"
}

Parameters:

• name – name for new role

• description – description for new role

• password – password for new role

• username – username for new role

• users – list, of users to associate with role

Request Headers:

• Authorization – OAuth token to authenticate

Status Codes:

• 200 OK – no error

• 403 Forbidden – unauthenticated

class lemur.roles.views.UserRolesList

Bases: AuthenticatedResource

Defines the ‘roles’ endpoint

endpoint = 'userRoles'

get(user_id)

GET /users/1/roles

List of roles for a given user

Example request:

GET /users/1/roles HTTP/1.1
Host: example.com
Accept: application/json, text/javascript

Example response:

HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript

{
  "items": [
      {
        "id": 1,
        "name": "role1",
        "description": "this is role1"
      },
      {
        "id": 2,
        "name": "role2",
        "description": "this is role2"
      }
    ]
  "total": 2
}

Query Parameters:

• sortBy – field to sort on

• sortDir – asc or desc

• page – int default is 1

• filter – key value pair format is k;v

• count – count number default is 10

Request Headers:

• Authorization – OAuth token to authenticate

Status Codes:

• 200 OK – no error

mediatypes()

methods: t.ClassVar[t.Collection[str] | None] = {'GET'}

The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.