synapse 2.165.0__py311-none-any.whl → 2.167.0__py311-none-any.whl

synapse/tools/modrole.py

@@ -11,15 +11,34 @@ descr = '''
 Add or modify a role in a Synapse service.
 '''
 
+def printrole(role, outp):
+
+    outp.printf(f'Role: {role.get("name")} ({role.get("iden")})')
+    outp.printf('')
+    outp.printf('  Rules:')
+    for indx, rule in enumerate(role.get('rules')):
+        outp.printf(f'    [{str(indx).ljust(3)}] - {s_common.reprauthrule(rule)}')
+
+    outp.printf('')
+    outp.printf('  Gates:')
+    for gateiden, gateinfo in role.get('authgates', {}).items():
+        outp.printf(f'    {gateiden}')
+        outp.printf(f'      Admin: {gateinfo.get("admin") == True}')
+        for indx, rule in enumerate(gateinfo.get('rules', ())):
+            outp.printf(f'      [{str(indx).ljust(3)}] - {s_common.reprauthrule(rule)}')
+
 async def main(argv, outp=s_output.stdout):
 
     pars = argparse.ArgumentParser(prog='modrole', description=descr)
     pars.add_argument('--svcurl', default='cell:///vertex/storage', help='The telepath URL of the Synapse service.')
     pars.add_argument('--add', default=False, action='store_true', help='Add the role if they do not already exist.')
     pars.add_argument('--del', dest='delete', default=False, action='store_true', help='Delete the role if it exists.')
+    pars.add_argument('--list', default=False, action='store_true',
+                      help='List existing roles, or rules of a specific role.')
     pars.add_argument('--allow', default=[], action='append', help='A permission string to allow for the role.')
     pars.add_argument('--deny', default=[], action='append', help='A permission string to deny for the role.')
-    pars.add_argument('rolename', help='The rolename to add/edit.')
+    pars.add_argument('--gate', default=None, help='The iden of an auth gate to add/del rules on.')
+    pars.add_argument('rolename', nargs='?', help='The rolename to add/edit.')
 
     opts = pars.parse_args(argv)
 
@@ -31,6 +50,31 @@ async def main(argv, outp=s_output.stdout):
 
         async with await s_telepath.openurl(opts.svcurl) as cell:
 
+            if opts.list:
+                if opts.rolename:
+                    role = await cell.getRoleDefByName(opts.rolename)
+                    if role is None:
+                        outp.printf(f'ERROR: Role not found: {opts.rolename}')
+                        return 1
+
+                    printrole(role, outp)
+
+                else:
+                    outp.printf('Roles:')
+                    for role in await cell.getRoleDefs():
+                        outp.printf(f'  {role.get("iden")} - {role.get("name")}')
+
+                return 0
+            elif opts.rolename is None:
+                outp.printf(f'ERROR: A rolename argument is required when --list is not specified.')
+                return 1
+
+            if opts.gate:
+                gate = await cell.getAuthGate(opts.gate)
+                if gate is None:
+                    outp.printf(f'ERROR: No auth gate found with iden: {opts.gate}')
+                    return 1
+
             role = await cell.getRoleDefByName(opts.rolename)
             if role is not None:
                 outp.printf(f'Modifying role: {opts.rolename}')
@@ -52,15 +96,23 @@ async def main(argv, outp=s_output.stdout):
 
             for allow in opts.allow:
                 perm = allow.lower().split('.')
-                outp.printf(f'...adding allow rule: {allow}')
-                if not await cell.isRoleAllowed(roleiden, perm):
-                    await cell.addRoleRule(roleiden, (True, perm), indx=0)
+                mesg = f'...adding allow rule: {allow}'
+                if opts.gate:
+                    mesg += f' on gate {opts.gate}'
+
+                outp.printf(mesg)
+                if not await cell.isRoleAllowed(roleiden, perm, gateiden=opts.gate):
+                    await cell.addRoleRule(roleiden, (True, perm), indx=0, gateiden=opts.gate)
 
             for deny in opts.deny:
                 perm = deny.lower().split('.')
-                outp.printf(f'...adding deny rule: {deny}')
-                if await cell.isRoleAllowed(roleiden, perm):
-                    await cell.addRoleRule(roleiden, (False, perm), indx=0)
+                mesg = f'...adding deny rule: {deny}'
+                if opts.gate:
+                    mesg += f' on gate {opts.gate}'
+
+                outp.printf(mesg)
+                if await cell.isRoleAllowed(roleiden, perm, gateiden=opts.gate):
+                    await cell.addRoleRule(roleiden, (False, perm), indx=0, gateiden=opts.gate)
     return 0
 
 if __name__ == '__main__':  # pragma: no cover

synapse/tools/moduser.py

@@ -9,15 +9,44 @@ import synapse.telepath as s_telepath
 import synapse.lib.output as s_output
 
 descr = '''
-Add or modify a user of a Synapse service.
+Add, modify, or list users of a Synapse service.
 '''
 
+def printuser(user, outp):
+
+    admin = user.get('admin')
+    authtype = user.get('type')
+
+    outp.printf(f'User: {user.get("name")} ({user.get("iden")})')
+    outp.printf('')
+    outp.printf(f'  Locked: {user.get("locked")}')
+    outp.printf(f'  Admin: {user.get("admin")}')
+    outp.printf(f'  Email: {user.get("email")}')
+    outp.printf('  Rules:')
+    for indx, rule in enumerate(user.get('rules')):
+        outp.printf(f'    [{str(indx).ljust(3)}] - {s_common.reprauthrule(rule)}')
+
+    outp.printf('')
+    outp.printf('  Roles:')
+    for role in user.get('roles'):
+        outp.printf(f'    {role.get("iden")} - {role.get("name")}')
+
+    outp.printf('')
+    outp.printf('  Gates:')
+    for gateiden, gateinfo in user.get('authgates', {}).items():
+        outp.printf(f'    {gateiden}')
+        outp.printf(f'      Admin: {gateinfo.get("admin") == True}')
+        for indx, rule in enumerate(gateinfo.get('rules', ())):
+            outp.printf(f'      [{str(indx).ljust(3)}] - {s_common.reprauthrule(rule)}')
+
 async def main(argv, outp=s_output.stdout):
 
     pars = argparse.ArgumentParser(prog='moduser', description=descr)
     pars.add_argument('--svcurl', default='cell:///vertex/storage', help='The telepath URL of the Synapse service.')
     pars.add_argument('--add', default=False, action='store_true', help='Add the user if they do not already exist.')
     pars.add_argument('--del', dest='delete', default=False, action='store_true', help='Delete the user if they exist.')
+    pars.add_argument('--list', default=False, action='store_true',
+                      help='List existing users of the service, or details of a specific user.')
     pars.add_argument('--admin', choices=('true', 'false'), default=None, help='Set the user admin status.')
     pars.add_argument('--passwd', action='store', type=str, help='A password to set for the user.')
     pars.add_argument('--email', action='store', type=str, help='An email to set for the user.')
@@ -26,7 +55,8 @@ async def main(argv, outp=s_output.stdout):
     pars.add_argument('--revoke', default=[], action='append', help='A role to revoke from the user.')
     pars.add_argument('--allow', default=[], action='append', help='A permission string to allow for the user.')
     pars.add_argument('--deny', default=[], action='append', help='A permission string to deny for the user.')
-    pars.add_argument('username', help='The username to add/edit.')
+    pars.add_argument('--gate', default=None, help='The iden of an auth gate to add/del rules or set admin status on.')
+    pars.add_argument('username', nargs='?', help='The username to add/edit or show details.')
 
     opts = pars.parse_args(argv)
 
@@ -38,6 +68,32 @@ async def main(argv, outp=s_output.stdout):
 
         async with await s_telepath.openurl(opts.svcurl) as cell:
 
+            if opts.list:
+                if opts.username:
+                    user = await cell.getUserDefByName(opts.username)
+                    if user is None:
+                        outp.printf(f'ERROR: User not found: {opts.username}')
+                        return 1
+
+                    printuser(user, outp)
+
+                else:
+                    outp.printf('Users:')
+                    for user in await cell.getUserDefs():
+                        outp.printf(f'  {user.get("name")}')
+
+                return 0
+
+            elif opts.username is None:
+                outp.printf(f'ERROR: A username argument is required when --list is not specified.')
+                return 1
+
+            if opts.gate:
+                gate = await cell.getAuthGate(opts.gate)
+                if gate is None:
+                    outp.printf(f'ERROR: No auth gate found with iden: {opts.gate}')
+                    return 1
+
             grants = []
             revokes = []
 
@@ -80,8 +136,12 @@ async def main(argv, outp=s_output.stdout):
 
             if opts.admin is not None:
                 admin = s_common.yamlloads(opts.admin)
-                outp.printf(f'...setting admin: {opts.admin}')
-                await cell.setUserAdmin(useriden, admin)
+                mesg = f'...setting admin: {opts.admin}'
+                if opts.gate:
+                    mesg += f' on gate {opts.gate}'
+
+                outp.printf(mesg)
+                await cell.setUserAdmin(useriden, admin, gateiden=opts.gate)
 
             if opts.locked is not None:
                 locked = s_common.yamlloads(opts.locked)
@@ -108,15 +168,23 @@ async def main(argv, outp=s_output.stdout):
 
             for allow in opts.allow:
                 perm = allow.lower().split('.')
-                outp.printf(f'...adding allow rule: {allow}')
-                if not await cell.isUserAllowed(useriden, perm):
-                    await cell.addUserRule(useriden, (True, perm), indx=0)
+                mesg = f'...adding allow rule: {allow}'
+                if opts.gate:
+                    mesg += f' on gate {opts.gate}'
+
+                outp.printf(mesg)
+                if not await cell.isUserAllowed(useriden, perm, gateiden=opts.gate):
+                    await cell.addUserRule(useriden, (True, perm), indx=0, gateiden=opts.gate)
 
             for deny in opts.deny:
                 perm = deny.lower().split('.')
-                outp.printf(f'...adding deny rule: {deny}')
-                if await cell.isUserAllowed(useriden, perm):
-                    await cell.addUserRule(useriden, (False, perm), indx=0)
+                mesg = f'...adding deny rule: {deny}'
+                if opts.gate:
+                    mesg += f' on gate {opts.gate}'
+
+                outp.printf(mesg)
+                if await cell.isUserAllowed(useriden, perm, gateiden=opts.gate):
+                    await cell.addUserRule(useriden, (False, perm), indx=0, gateiden=opts.gate)
     return 0
 
 if __name__ == '__main__':  # pragma: no cover

{synapse-2.165.0.dist-info → synapse-2.167.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: synapse
-Version: 2.165.0
+Version: 2.167.0
 Summary: Synapse Intelligence Analysis Framework
 Author-email: The Vertex Project LLC <root@vertex.link>
 License: Apache License 2.0
@@ -36,7 +36,7 @@ Requires-Dist: lark ==1.1.9
 Requires-Dist: Pygments <2.18.0,>=2.7.4
 Requires-Dist: packaging <24.0,>=20.0
 Requires-Dist: fastjsonschema <2.20.0,>=2.18.0
-Requires-Dist: stix2-validator <4.0.0,>=3.0.0
+Requires-Dist: stix2-validator <4.0.0,>=3.2.0
 Requires-Dist: vcrpy <5.2.0,>=4.3.1
 Requires-Dist: base58 <2.2.0,>=2.1.0
 Requires-Dist: python-bitcoinlib <0.13.0,>=0.11.0
@@ -46,7 +46,7 @@ Requires-Dist: scalecodec <1.3.0,>=1.0.2
 Requires-Dist: cbor2 <5.7.0,>=5.4.1
 Requires-Dist: bech32 ==1.2.0
 Requires-Dist: oauthlib <4.0.0,>=3.2.1
-Requires-Dist: idna <3.7,>=3.6
+Requires-Dist: idna <3.8,>=3.6
 Requires-Dist: python-dateutil <3.0,>=2.8
 Requires-Dist: pytz <2024.1,>=2023.3
 Requires-Dist: beautifulsoup4[html5lib] <5.0,>=4.11.1