def from_csv(cls, user, data, log):
"""
Import data from CSV file into user.groups
"""
if 'group' in data and data['group']:
try:
group = Group.by_name(data['group'])
except InvalidRequestError:
group = Group(group_name=data['group'],
display_name=data['group'])
session.add(group)
deleted = False
if 'deleted' in data:
deleted = smart_bool(data['deleted'])
if deleted:
if group in user.groups:
group.remove_member(user,
service=u'CSV',
agent=identity.current.user)
else:
if group not in user.groups:
group.add_member(user,
service=u'CSV',
agent=identity.current.user)
else:
log.append("%s: group can't be empty!" % user)
return False
return True
def from_csv(cls,user,data,log):
"""
Import data from CSV file into user.groups
"""
if 'group' in data and data['group']:
try:
group = Group.by_name(data['group'])
except InvalidRequestError:
group = Group(group_name=data['group'],
display_name=data['group'])
session.add(group)
deleted = False
if 'deleted' in data:
deleted = smart_bool(data['deleted'])
if deleted:
if group in user.groups:
group.record_activity(user=identity.current.user, service=u'CSV',
field=u'User', action=u'Removed', old=user)
user.groups.remove(group)
else:
if group not in user.groups:
group.record_activity(user=identity.current.user, service=u'CSV',
field=u'User', action=u'Added', new=user)
user.groups.append(group)
else:
log.append("%s: group can't be empty!" % user)
return False
return True
def create(self, kw):
"""
Creates a new group.
The *kw* argument must be an XML-RPC structure (dict)
specifying the following keys:
'group_name'
Group name (maximum 16 characters)
'display_name'
Group display name
'description'
Group description
'ldap'
Populate users from LDAP (True/False)
Returns a message whether the group was successfully created or
raises an exception on failure.
"""
display_name = kw.get('display_name')
group_name = kw.get('group_name')
description = kw.get('description')
ldap = kw.get('ldap')
password = kw.get('root_password')
if ldap and not identity.current.user.is_admin():
raise BX(_(u'Only admins can create LDAP groups'))
if ldap and not config.get("identity.ldap.enabled", False):
raise BX(_(u'LDAP is not enabled'))
try:
group = Group.by_name(group_name)
except NoResultFound:
group = Group()
session.add(group)
group.record_activity(user=identity.current.user,
service=u'XMLRPC',
field=u'Group',
action=u'Created')
group.display_name = display_name
group.group_name = group_name
group.description = description
group.root_password = password
if ldap:
group.membership_type = GroupMembershipType.ldap
group.refresh_ldap_members()
else:
group.add_member(identity.current.user,
is_owner=True,
service=u'XMLRPC',
agent=identity.current.user)
return 'Group created: %s.' % group_name
else:
raise BX(_(u'Group already exists: %s.' % group_name))
def test_refresh_ldap_group_membership(self):
with session.begin():
group = Group(group_name=u'alp',
display_name=u'Australian Labor Party',
membership_type=GroupMembershipType.ldap)
old_member = data_setup.create_user(user_name=u'krudd')
group.add_member(old_member)
run_command('refresh_ldap.py', 'beaker-refresh-ldap')
with session.begin():
session.expire_all()
self.assertEquals(group.users, [User.by_user_name(u'jgillard')])
# second time is a no-op
run_command('refresh_ldap.py', 'beaker-refresh-ldap')
with session.begin():
session.expire_all()
self.assertEquals(group.users, [User.by_user_name(u'jgillard')])
def test_refresh_ldap_group_membership(self):
with session.begin():
group = Group(group_name=u'alp',
display_name=u'Australian Labor Party',
membership_type=GroupMembershipType.ldap)
old_member = data_setup.create_user(user_name=u'krudd')
group.add_member(old_member)
from bkr.server.tools.refresh_ldap import refresh_ldap
refresh_ldap()
with session.begin():
session.expire_all()
self.assertEquals(group.users, [User.by_user_name(u'jgillard')])
# second time is a no-op
refresh_ldap()
with session.begin():
session.expire_all()
self.assertEquals(group.users, [User.by_user_name(u'jgillard')])
def _new_group(self, group_id, display_name, group_name, ldap,
root_password):
user = identity.current.user
if ldap and not user.is_admin():
flash(_(u'Only admins can create LDAP groups'))
redirect('.')
try:
Group.by_name(group_name)
except NoResultFound:
pass
else:
flash(_(u"Group %s already exists." % group_name))
redirect(".")
group = Group()
session.add(group)
group.record_activity(user=user,
service=u'WEBUI',
field=u'Group',
action=u'Created')
group.display_name = display_name
group.group_name = group_name
group.ldap = ldap
if group.ldap:
group.refresh_ldap_members()
group.root_password = root_password
if not ldap: # LDAP groups don't have owners
group.user_group_assocs.append(UserGroup(user=user, is_owner=True))
group.activity.append(
GroupActivity(user,
service=u'WEBUI',
action=u'Added',
field_name=u'User',
old_value=None,
new_value=user.user_name))
group.activity.append(
GroupActivity(user,
service=u'WEBUI',
action=u'Added',
field_name=u'Owner',
old_value=None,
new_value=user.user_name))
return group
def populate_db(user_name=None, password=None, user_display_name=None,
user_email_address=None):
logger.info('Populating tables with pre-defined values if necessary')
session.begin()
try:
admin = Group.by_name(u'admin')
except InvalidRequestError:
admin = Group(group_name=u'admin', display_name=u'Admin')
session.add(admin)
try:
lab_controller = Group.by_name(u'lab_controller')
except InvalidRequestError:
lab_controller = Group(group_name=u'lab_controller',
display_name=u'Lab Controller')
session.add(lab_controller)
# Setup User account
if user_name:
user = User.lazy_create(user_name=user_name.decode('utf8'))
if password:
user.password = password.decode('utf8')
if user_display_name:
user.display_name = user_display_name.decode('utf8')
if user_email_address:
user.email_address = user_email_address.decode('utf8')
# Ensure the user is in the 'admin' group as an owner.
# Flush for lazy_create.
session.flush()
user_group_assoc = UserGroup.lazy_create(
user_id=user.user_id, group_id=admin.group_id)
user_group_assoc.is_owner = True
# Create distro_expire perm if not present
try:
_ = Permission.by_name(u'distro_expire')
except NoResultFound:
distro_expire_perm = Permission(u'distro_expire')
session.add(distro_expire_perm)
# Create proxy_auth perm if not present
try:
_ = Permission.by_name(u'proxy_auth')
except NoResultFound:
proxy_auth_perm = Permission(u'proxy_auth')
session.add(proxy_auth_perm)
# Create tag_distro perm if not present
try:
_ = Permission.by_name(u'tag_distro')
except NoResultFound:
tag_distro_perm = Permission(u'tag_distro')
admin.permissions.append(tag_distro_perm)
# Create stop_task perm if not present
try:
_ = Permission.by_name(u'stop_task')
except NoResultFound:
stop_task_perm = Permission(u'stop_task')
lab_controller.permissions.append(stop_task_perm)
admin.permissions.append(stop_task_perm)
# Create secret_visible perm if not present
try:
_ = Permission.by_name(u'secret_visible')
except NoResultFound:
secret_visible_perm = Permission(u'secret_visible')
lab_controller.permissions.append(secret_visible_perm)
admin.permissions.append(secret_visible_perm)
# Create change_prio perm if not present
try:
_ = Permission.by_name(u'change_prio')
except NoResultFound:
change_prio_perm = Permission(u'change_prio')
session.add(change_prio_perm)
# Setup Hypervisors Table
if Hypervisor.query.count() == 0:
for h in [u'KVM', u'Xen', u'HyperV', u'VMWare']:
session.add(Hypervisor(hypervisor=h))
# Setup kernel_type Table
if KernelType.query.count() == 0:
for type in [u'default', u'highbank', u'imx', u'omap', u'tegra']:
session.add(KernelType(kernel_type=type, uboot=False))
for type in [u'mvebu']:
session.add(KernelType(kernel_type=type, uboot=True))
# Setup base Architectures
if Arch.query.count() == 0:
for arch in [u'i386', u'x86_64', u'ia64', u'ppc', u'ppc64', u'ppc64le',
u's390', u's390x', u'armhfp', u'aarch64', u'arm']:
session.add(Arch(arch))
# Setup base power types
if PowerType.query.count() == 0:
for power_type in [u'apc_snmp', u'apc_snmp_then_etherwake',
u'bladecenter', u'bladepap', u'drac', u'ether_wake', u'hyper-v',
u'ilo', u'integrity', u'ipmilan', u'ipmitool', u'lpar', u'rsa',
u'virsh', u'wti']:
session.add(PowerType(power_type))
# Setup key types
if Key.query.count() == 0:
session.add(Key(u'DISKSPACE', True))
session.add(Key(u'COMMENT'))
session.add(Key(u'CPUFAMILY', True))
session.add(Key(u'CPUFLAGS'))
session.add(Key(u'CPUMODEL'))
session.add(Key(u'CPUMODELNUMBER', True))
session.add(Key(u'CPUSPEED', True))
session.add(Key(u'CPUVENDOR'))
session.add(Key(u'DISK', True))
session.add(Key(u'FORMFACTOR'))
session.add(Key(u'HVM'))
session.add(Key(u'MEMORY', True))
session.add(Key(u'MODEL'))
session.add(Key(u'MODULE'))
session.add(Key(u'NETWORK'))
session.add(Key(u'NR_DISKS', True))
session.add(Key(u'NR_ETH', True))
session.add(Key(u'NR_IB', True))
session.add(Key(u'PCIID'))
session.add(Key(u'PROCESSORS', True))
session.add(Key(u'RTCERT'))
session.add(Key(u'SCRATCH'))
session.add(Key(u'STORAGE'))
session.add(Key(u'USBID'))
session.add(Key(u'VENDOR'))
session.add(Key(u'XENCERT'))
session.add(Key(u'NETBOOT_METHOD'))
if RetentionTag.query.count() == 0:
session.add(RetentionTag(tag=u'scratch', is_default=1, expire_in_days=30))
session.add(RetentionTag(tag=u'60days', needs_product=False, expire_in_days=60))
session.add(RetentionTag(tag=u'120days', needs_product=False, expire_in_days=120))
session.add(RetentionTag(tag=u'active', needs_product=True))
session.add(RetentionTag(tag=u'audit', needs_product=True))
config_items = [
# name, description, numeric
(u'root_password', u'Plaintext root password for provisioned systems', False),
(u'root_password_validity', u"Maximum number of days a user's root password is valid for",
True),
(u'guest_name_prefix', u'Prefix for names of dynamic guests in OpenStack', False),
(u'guest_private_network', u'Network address in CIDR format for private networks'
' of dynamic guests in OpenStack.', False),
]
for name, description, numeric in config_items:
ConfigItem.lazy_create(name=name, description=description, numeric=numeric)
if ConfigItem.by_name(u'root_password').current_value() is None:
ConfigItem.by_name(u'root_password').set(u'beaker', user=admin.users[0])
if ConfigItem.by_name(u'guest_private_network').current_value() is None:
ConfigItem.by_name(u'guest_private_network').set(u'192.168.10.0/24',
user=admin.users[0])
session.commit()
session.close()
logger.info('Pre-defined values populated')
def create(self, kw):
"""
Creates a new group.
The *kw* argument must be an XML-RPC structure (dict)
specifying the following keys:
'group_name'
Group name (maximum 16 characters)
'display_name'
Group display name
'ldap'
Populate users from LDAP (True/False)
Returns a message whether the group was successfully created or
raises an exception on failure.
"""
display_name = kw.get('display_name')
group_name = kw.get('group_name')
ldap = kw.get('ldap')
password = kw.get('root_password')
if ldap and not identity.current.user.is_admin():
raise BX(_(u'Only admins can create LDAP groups'))
try:
group = Group.by_name(group_name)
except NoResultFound:
#validate
GroupFormSchema.fields['group_name'].to_python(group_name)
GroupFormSchema.fields['display_name'].to_python(display_name)
group = Group()
session.add(group)
group.record_activity(user=identity.current.user,
service=u'XMLRPC',
field=u'Group',
action=u'Created')
group.display_name = display_name
group.group_name = group_name
group.ldap = ldap
group.root_password = password
user = identity.current.user
if not ldap:
group.user_group_assocs.append(
UserGroup(user=user, is_owner=True))
group.activity.append(
GroupActivity(user,
service=u'XMLRPC',
action=u'Added',
field_name=u'User',
old_value=None,
new_value=user.user_name))
group.activity.append(
GroupActivity(user,
service=u'XMLRPC',
action=u'Added',
field_name=u'Owner',
old_value=None,
new_value=user.user_name))
if group.ldap:
group.refresh_ldap_members()
return 'Group created: %s.' % group_name
else:
raise BX(_(u'Group already exists: %s.' % group_name))
