added function to create new principal

jmaruland · Dec 12, 2023 · ba9774f · ba9774f
1 parent 24a1436
commit ba9774f
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 0 deletions.
diff --git a/tiled/authn_database/core.py b/tiled/authn_database/core.py
@@ -49,6 +49,7 @@ async def create_default_roles(db):
                     "write:data",
                     "admin:apikeys",
                     "read:principals",
+                    "write:principals",
                     "metrics",
                 ],
             ),

diff --git a/tiled/scopes.py b/tiled/scopes.py
@@ -14,4 +14,7 @@
     "read:principals": {
         "description": "Read list of all users and services and their attributes."
     },
+    "write:principals": {
+        "description": "Edit list of all users and services and their attributes."
+    },
 }
diff --git a/tiled/server/authentication.py b/tiled/server/authentication.py
@@ -44,6 +44,7 @@
 from ..authn_database.connection_pool import get_database_session
 from ..authn_database.core import (
     create_user,
+    create_service,
     latest_principal_activity,
     lookup_valid_api_key,
     lookup_valid_pending_session_by_device_code,
@@ -823,6 +824,40 @@ async def principal_list(
     return json_or_msgpack(request, principals)
 
 
+@base_authentication_router.post(
+    "/principal",
+    response_model=schemas.Principal,
+)
+async def create_service_principal(
+    request: Request,
+    principal=Security(get_current_principal, scopes=["read:principals"]),
+    db=Depends(get_database_session),
+    role: str=Query(...),
+):
+    "Create a principal for a service account."
+
+    principal_orm = await create_service(db, role)
+
+    # Relaod to select Principal and Identiies.
+    fully_loaded_principal_orm = (
+        await db.execute(
+            select(orm.Principal)
+            .options(
+                    selectinload(orm.Principal.identities),
+                    selectinload(orm.Principal.roles),
+                    selectinload(orm.Principal.api_keys),
+                    selectinload(orm.Principal.sessions),
+            )
+            .filter(orm.Principal.id == principal_orm.id)
+        )
+    ).scalar()
+
+    principal = schemas.Principal.from_orm(fully_loaded_principal_orm).dict()
+    request.state.endpoint = "auth"
+
+    return json_or_msgpack(request, principal)
+
+
 @base_authentication_router.get(
     "/principal/{uuid}",
     response_model=schemas.Principal,