Beispiel #1
0
def create_group(permissions=None, group_name=None, display_name=None,
        owner=None, ldap=False,
    root_password=None):
    # tg_group.group_name column is VARCHAR(16)
    if group_name is None:
        group_name = unique_name(u'group%s')
    assert len(group_name) <= 16
    group = Group.lazy_create(group_name=group_name)
    group.root_password = root_password
    if display_name is None:
        group.display_name = u'Group %s' % group_name
    else:
        group.display_name = display_name
    group.ldap = ldap
    if ldap:
        assert owner is None, 'LDAP groups cannot have owners'
    if owner:
        add_owner_to_group(owner, group)
    else:
        group_owner = create_user(user_name=unique_name(u'group_owner_%s'))
        add_owner_to_group(group_owner, group)

    if permissions:
        group.permissions.extend(Permission.by_name(name) for name in permissions)
    return group
Beispiel #2
0
    def save_group_permissions(self, **kw):
        try:
            permission_name = kw['permissions']['text']
        except KeyError:
            log.exception('Permission not submitted correctly')
            response.status = 403
            return ['Permission not submitted correctly']
        try:
            permission = Permission.by_name(permission_name)
        except NoResultFound:
            log.exception('Invalid permission: %s' % permission_name)
            response.status = 403
            return ['Invalid permission value']
        try:
            group_id = kw['group_id']
        except KeyError:
            log.exception('Group id not submitted')
            response.status = 403
            return ['No group id given']
        try:
            group = Group.by_id(group_id)
        except NoResultFound:
            log.exception('Group id %s is not a valid group id' % group_id)
            response.status = 403
            return ['Invalid Group Id']

        group = Group.by_id(group_id)
        if permission not in group.permissions:
            group.permissions.append(permission)
        else:
            response.status = 403
            return ['%s already exists in group %s' %
                (permission.permission_name, group.group_name)]

        return {'name':permission_name, 'id':permission.permission_id}
Beispiel #3
0
def create_group(permissions=None,
                 group_name=None,
                 display_name=None,
                 owner=None,
                 membership_type=GroupMembershipType.normal,
                 root_password=None):
    if group_name is None:
        group_name = unique_name(u'group%s')
    group = Group.lazy_create(group_name=group_name)
    group.root_password = root_password
    if display_name is None:
        group.display_name = u'Group %s display name' % group_name
    else:
        group.display_name = display_name

    group.membership_type = membership_type
    if group.membership_type == GroupMembershipType.ldap:
        assert owner is None, 'LDAP groups cannot have owners'
    if not owner:
        owner = create_user(user_name=unique_name(u'group_owner_%s'))
    group.add_member(owner, is_owner=True, service=u'testdata')

    if permissions:
        group.permissions.extend(
            Permission.by_name(name) for name in permissions)
    return group
Beispiel #4
0
def create_group(permissions=None,
                 group_name=None,
                 display_name=None,
                 owner=None,
                 ldap=False,
                 root_password=None):
    # tg_group.group_name column is VARCHAR(16)
    if group_name is None:
        group_name = unique_name(u'group%s')
    assert len(group_name) <= 16
    group = Group.lazy_create(group_name=group_name)
    group.root_password = root_password
    if display_name is None:
        group.display_name = u'Group %s' % group_name
    else:
        group.display_name = display_name
    group.ldap = ldap
    if ldap:
        assert owner is None, 'LDAP groups cannot have owners'
    if owner:
        add_owner_to_group(owner, group)
    else:
        group_owner = create_user(user_name=unique_name(u'group_owner_%s'))
        add_owner_to_group(group_owner, group)

    if permissions:
        group.permissions.extend(
            Permission.by_name(name) for name in permissions)
    return group
Beispiel #5
0
 def setUp(self):
     self.lc = data_setup.create_labcontroller()
     self.distro = data_setup.create_distro()
     self.distro_tree = data_setup.create_distro_tree(distro=self.distro,
         arch='x86_64', lab_controllers=[self.lc])
     self.server = self.get_server()
     user = User.by_user_name(data_setup.ADMIN_USER)
     user.groups[0].permissions[:] = user.groups[0].permissions + [ Permission.by_name('distro_expire')]
Beispiel #6
0
def permissions_typeahead():
    if 'q' in request.args:
        permissions = Permission.by_name(request.args['q'], anywhere=True)
    else:
        permissions = Permission.query.all()
    data = [{'permission_name': permission.permission_name,
             'tokens': [permission.permission_name]}
            for permission in permissions]
    return jsonify(data=data)
Beispiel #7
0
def permissions_typeahead():
    if 'q' in request.args:
        permissions = Permission.by_name(request.args['q'], anywhere=True)
    else:
        permissions = Permission.query.all()
    data = [{'permission_name': permission.permission_name,
             'tokens': [permission.permission_name]}
            for permission in permissions]
    return jsonify(data=data)
Beispiel #8
0
 def setUp(self):
     self.lc = data_setup.create_labcontroller()
     self.distro = data_setup.create_distro()
     self.distro_tree = data_setup.create_distro_tree(
         distro=self.distro, arch='x86_64', lab_controllers=[self.lc])
     self.server = self.get_server()
     user = User.by_user_name(data_setup.ADMIN_USER)
     user.groups[0].permissions[:] = user.groups[0].permissions + [
         Permission.by_name('distro_expire')
     ]
Beispiel #9
0
 def setUp(self):
     self.group = data_setup.create_group()
     # grant the group distro_expire permission
     self.group.permissions.append(Permission.by_name('distro_expire'))
     self.user = data_setup.create_user(password=u'password')
     self.group.add_member(self.user)
     self.lc = data_setup.create_labcontroller(user=self.user)
     self.distro = data_setup.create_distro()
     self.distro_tree = data_setup.create_distro_tree(
         distro=self.distro, arch='x86_64', lab_controllers=[self.lc])
     self.server = self.get_server()
Beispiel #10
0
 def setUp(self):
     self.group = data_setup.create_group()
     # grant the group distro_expire permission
     self.group.permissions.append(Permission.by_name('distro_expire'))
     self.user = data_setup.create_user(password=u'password')
     self.group.add_member(self.user)
     self.lc = data_setup.create_labcontroller(user=self.user)
     self.distro = data_setup.create_distro()
     self.distro_tree = data_setup.create_distro_tree(distro=self.distro,
         arch='x86_64', lab_controllers=[self.lc])
     self.server = self.get_server()
Beispiel #11
0
 def test_whoami_proxy_user(self):
     with session.begin():
         group = data_setup.create_group()
         proxy_perm = Permission.by_name(u'proxy_auth')
         group.permissions.append(proxy_perm)
         proxied_user = data_setup.create_user()
         proxying_user = data_setup.create_user(password='******')
         group.add_member(proxying_user)
     out = run_client(
         ['bkr', 'whoami', '--proxy-user', proxied_user.user_name],
         config=create_client_config(username=proxying_user.user_name,
                                     password='******'))
     self.assertIn('"username": "******"' % proxied_user.user_name, out)
     self.assertIn('"proxied_by_username": "******"' % proxying_user.user_name,
                   out)
Beispiel #12
0
 def test_whoami_proxy_user(self):
     with session.begin():
         group = data_setup.create_group()
         proxy_perm = Permission.by_name(u'proxy_auth')
         group.permissions.append(proxy_perm)
         proxied_user = data_setup.create_user()
         proxying_user = data_setup.create_user(password='******')
         group.add_member(proxying_user)
     out = run_client(['bkr', 'whoami',
                       '--proxy-user', proxied_user.user_name],
                      config=\
                      create_client_config(
                          username=proxying_user.user_name,
                          password='******'))
     self.assertIn('"username": "******"' % proxied_user.user_name, out)
     self.assertIn('"proxied_by_username": "******"' % proxying_user.user_name, out)
Beispiel #13
0
    def remove_group_permission(self, group_id, permission_id):
        try:
            group = Group.by_id(group_id)
        except DatabaseLookupError:
            log.exception('Group id %s is not a valid Group to remove' % group_id)
            return ['0']

        if not group.can_edit(identity.current.user):
            log.exception('User %d does not have edit permissions for Group id %s'
                          % (identity.current.user.user_id, group_id))
            response.status = 403
            return ['You are not an owner of group %s' % group]

        try:
            permission = Permission.by_id(permission_id)
        except NoResultFound:
            log.exception('Permission id %s is not a valid Permission to remove' % permission_id)
            return ['0']
        group.permissions.remove(permission)
        return ['1']
Beispiel #14
0
def create_group(permissions=None, group_name=None, display_name=None,
        owner=None, membership_type=GroupMembershipType.normal, root_password=None):
    if group_name is None:
        group_name = unique_name(u'group%s')
    group = Group.lazy_create(group_name=group_name)
    group.root_password = root_password
    if display_name is None:
        group.display_name = u'Group %s display name' % group_name
    else:
        group.display_name = display_name

    group.membership_type = membership_type
    if group.membership_type == GroupMembershipType.ldap:
        assert owner is None, 'LDAP groups cannot have owners'
    if not owner:
        owner = create_user(user_name=unique_name(u'group_owner_%s'))
    group.add_member(owner, is_owner=True, service=u'testdata')

    if permissions:
        group.permissions.extend(Permission.by_name(name) for name in permissions)
    return group
Beispiel #15
0
    def save_group_permissions(self, **kw):
        try:
            permission_name = kw['permissions']['text']
        except KeyError:
            log.exception('Permission not submitted correctly')
            response.status = 403
            return ['Permission not submitted correctly']
        try:
            permission = Permission.by_name(permission_name)
        except NoResultFound:
            log.exception('Invalid permission: %s' % permission_name)
            response.status = 403
            return ['Invalid permission value']
        try:
            group_id = kw['group_id']
        except KeyError:
            log.exception('Group id not submitted')
            response.status = 403
            return ['No group id given']
        try:
            group = Group.by_id(group_id)
        except NoResultFound:
            log.exception('Group id %s is not a valid group id' % group_id)
            response.status = 403
            return ['Invalid Group Id']

        group = Group.by_id(group_id)
        if permission not in group.permissions:
            group.permissions.append(permission)
        else:
            response.status = 403
            return [
                '%s already exists in group %s' %
                (permission.permission_name, group.group_name)
            ]

        return {'name': permission_name, 'id': permission.permission_id}
Beispiel #16
0
    def remove_group_permission(self, group_id, permission_id):
        try:
            group = Group.by_id(group_id)
        except DatabaseLookupError:
            log.exception('Group id %s is not a valid Group to remove' %
                          group_id)
            return ['0']

        if not group.can_edit(identity.current.user):
            log.exception(
                'User %d does not have edit permissions for Group id %s' %
                (identity.current.user.user_id, group_id))
            response.status = 403
            return ['You are not an owner of group %s' % group]

        try:
            permission = Permission.by_id(permission_id)
        except NoResultFound:
            log.exception(
                'Permission id %s is not a valid Permission to remove' %
                permission_id)
            return ['0']
        group.permissions.remove(permission)
        return ['1']
Beispiel #17
0
def populate_db(user_name=None, password=None, user_display_name=None,
                user_email_address=None):
    logger.info('Populating tables with pre-defined values if necessary')
    session.begin()

    try:
        admin = Group.by_name(u'admin')
    except InvalidRequestError:
        admin = Group(group_name=u'admin', display_name=u'Admin')
        session.add(admin)

    try:
        lab_controller = Group.by_name(u'lab_controller')
    except InvalidRequestError:
        lab_controller = Group(group_name=u'lab_controller',
                               display_name=u'Lab Controller')
        session.add(lab_controller)

    # Setup User account
    if user_name:
        user = User.lazy_create(user_name=user_name.decode('utf8'))
        if password:
            user.password = password.decode('utf8')
        if user_display_name:
            user.display_name = user_display_name.decode('utf8')
        if user_email_address:
            user.email_address = user_email_address.decode('utf8')
        # Ensure the user is in the 'admin' group as an owner.
        # Flush for lazy_create.
        session.flush()
        user_group_assoc = UserGroup.lazy_create(
            user_id=user.user_id, group_id=admin.group_id)
        user_group_assoc.is_owner = True

    # Create distro_expire perm if not present
    try:
        _ = Permission.by_name(u'distro_expire')
    except NoResultFound:
        distro_expire_perm = Permission(u'distro_expire')
        session.add(distro_expire_perm)

    # Create proxy_auth perm if not present
    try:
        _ = Permission.by_name(u'proxy_auth')
    except NoResultFound:
        proxy_auth_perm = Permission(u'proxy_auth')
        session.add(proxy_auth_perm)

    # Create tag_distro perm if not present
    try:
        _ = Permission.by_name(u'tag_distro')
    except NoResultFound:
        tag_distro_perm = Permission(u'tag_distro')
        admin.permissions.append(tag_distro_perm)

    # Create stop_task perm if not present
    try:
        _ = Permission.by_name(u'stop_task')
    except NoResultFound:
        stop_task_perm = Permission(u'stop_task')
        lab_controller.permissions.append(stop_task_perm)
        admin.permissions.append(stop_task_perm)

    # Create secret_visible perm if not present
    try:
        _ = Permission.by_name(u'secret_visible')
    except NoResultFound:
        secret_visible_perm = Permission(u'secret_visible')
        lab_controller.permissions.append(secret_visible_perm)
        admin.permissions.append(secret_visible_perm)

    # Create change_prio perm if not present
    try:
        _ = Permission.by_name(u'change_prio')
    except NoResultFound:
        change_prio_perm = Permission(u'change_prio')
        session.add(change_prio_perm)

    # Setup Hypervisors Table
    if Hypervisor.query.count() == 0:
        for h in [u'KVM', u'Xen', u'HyperV', u'VMWare']:
            session.add(Hypervisor(hypervisor=h))

    # Setup kernel_type Table
    if KernelType.query.count() == 0:
        for type in [u'default', u'highbank', u'imx', u'omap', u'tegra']:
            session.add(KernelType(kernel_type=type, uboot=False))
        for type in [u'mvebu']:
            session.add(KernelType(kernel_type=type, uboot=True))

    # Setup base Architectures
    if Arch.query.count() == 0:
        for arch in [u'i386', u'x86_64', u'ia64', u'ppc', u'ppc64', u'ppc64le',
                     u's390', u's390x', u'armhfp', u'aarch64', u'arm']:
            session.add(Arch(arch))

    # Setup base power types
    if PowerType.query.count() == 0:
        for power_type in [u'apc_snmp', u'apc_snmp_then_etherwake',
                           u'bladecenter', u'bladepap', u'drac', u'ether_wake', u'hyper-v',
                           u'ilo', u'integrity', u'ipmilan', u'ipmitool', u'lpar', u'rsa',
                           u'virsh', u'wti']:
            session.add(PowerType(power_type))

    # Setup key types
    if Key.query.count() == 0:
        session.add(Key(u'DISKSPACE', True))
        session.add(Key(u'COMMENT'))
        session.add(Key(u'CPUFAMILY', True))
        session.add(Key(u'CPUFLAGS'))
        session.add(Key(u'CPUMODEL'))
        session.add(Key(u'CPUMODELNUMBER', True))
        session.add(Key(u'CPUSPEED', True))
        session.add(Key(u'CPUVENDOR'))
        session.add(Key(u'DISK', True))
        session.add(Key(u'FORMFACTOR'))
        session.add(Key(u'HVM'))
        session.add(Key(u'MEMORY', True))
        session.add(Key(u'MODEL'))
        session.add(Key(u'MODULE'))
        session.add(Key(u'NETWORK'))
        session.add(Key(u'NR_DISKS', True))
        session.add(Key(u'NR_ETH', True))
        session.add(Key(u'NR_IB', True))
        session.add(Key(u'PCIID'))
        session.add(Key(u'PROCESSORS', True))
        session.add(Key(u'RTCERT'))
        session.add(Key(u'SCRATCH'))
        session.add(Key(u'STORAGE'))
        session.add(Key(u'USBID'))
        session.add(Key(u'VENDOR'))
        session.add(Key(u'XENCERT'))
        session.add(Key(u'NETBOOT_METHOD'))

    if RetentionTag.query.count() == 0:
        session.add(RetentionTag(tag=u'scratch', is_default=1, expire_in_days=30))
        session.add(RetentionTag(tag=u'60days', needs_product=False, expire_in_days=60))
        session.add(RetentionTag(tag=u'120days', needs_product=False, expire_in_days=120))
        session.add(RetentionTag(tag=u'active', needs_product=True))
        session.add(RetentionTag(tag=u'audit', needs_product=True))

    config_items = [
        # name, description, numeric
        (u'root_password', u'Plaintext root password for provisioned systems', False),
        (u'root_password_validity', u"Maximum number of days a user's root password is valid for",
         True),
        (u'guest_name_prefix', u'Prefix for names of dynamic guests in OpenStack', False),
        (u'guest_private_network', u'Network address in CIDR format for private networks'
                                   ' of dynamic guests in OpenStack.', False),
    ]
    for name, description, numeric in config_items:
        ConfigItem.lazy_create(name=name, description=description, numeric=numeric)
    if ConfigItem.by_name(u'root_password').current_value() is None:
        ConfigItem.by_name(u'root_password').set(u'beaker', user=admin.users[0])
    if ConfigItem.by_name(u'guest_private_network').current_value() is None:
        ConfigItem.by_name(u'guest_private_network').set(u'192.168.10.0/24',
                                                         user=admin.users[0])

    session.commit()
    session.close()
    logger.info('Pre-defined values populated')
Beispiel #18
0
def create_permission(name=None):
    if not name:
        name = unique_name('permission%s')
    permission = Permission(name)
    session.add(permission)
    return permission
Beispiel #19
0
 def get_permissions(self, input):
     results = Permission.by_name(input, anywhere=True)
     permission_names = [result.permission_name for result in results]
     return dict(matches=permission_names)
Beispiel #20
0
def populate_db(user_name=None, password=None, user_display_name=None,
        user_email_address=None):
    session.begin()

    try:
        admin = Group.by_name(u'admin')
    except InvalidRequestError:
        admin     = Group(group_name=u'admin',display_name=u'Admin')
        session.add(admin)

    try:
        lab_controller = Group.by_name(u'lab_controller')
    except InvalidRequestError:
        lab_controller = Group(group_name=u'lab_controller',
                               display_name=u'Lab Controller')
        session.add(lab_controller)

    #Setup User account
    if user_name:
        user = User.lazy_create(user_name=user_name.decode('utf8'))
        if password:
            user.password = password.decode('utf8')
        if user_display_name:
            user.display_name = user_display_name.decode('utf8')
        if user_email_address:
            user.email_address = user_email_address.decode('utf8')
        # Ensure the user is in the 'admin' group as an owner.
        # Flush for lazy_create.
        session.flush()
        user_group_assoc = UserGroup.lazy_create(
                user_id=user.user_id, group_id=admin.group_id)
        user_group_assoc.is_owner = True

    # Create distro_expire perm if not present
    try:
        distro_expire_perm = Permission.by_name(u'distro_expire')
    except NoResultFound:
        distro_expire_perm = Permission(u'distro_expire')
        session.add(distro_expire_perm)

    # Create proxy_auth perm if not present
    try:
        proxy_auth_perm = Permission.by_name(u'proxy_auth')
    except NoResultFound:
        proxy_auth_perm = Permission(u'proxy_auth')
        session.add(proxy_auth_perm)

    # Create tag_distro perm if not present
    try:
        tag_distro_perm = Permission.by_name(u'tag_distro')
    except NoResultFound:
        tag_distro_perm = Permission(u'tag_distro')
        admin.permissions.append(tag_distro_perm)

    # Create stop_task perm if not present
    try:
        stop_task_perm = Permission.by_name(u'stop_task')
    except NoResultFound:
        stop_task_perm = Permission(u'stop_task')
        lab_controller.permissions.append(stop_task_perm)
        admin.permissions.append(stop_task_perm)

    # Create secret_visible perm if not present
    try:
        secret_visible_perm = Permission.by_name(u'secret_visible')
    except NoResultFound:
        secret_visible_perm = Permission(u'secret_visible')
        lab_controller.permissions.append(secret_visible_perm)
        admin.permissions.append(secret_visible_perm)

    #Setup Hypervisors Table
    if Hypervisor.query.count() == 0:
        for h in [u'KVM', u'Xen', u'HyperV', u'VMWare']:
            session.add(Hypervisor(hypervisor=h))

    #Setup kernel_type Table
    if KernelType.query.count() == 0:
        for type in [u'default', u'highbank', u'imx', u'omap', u'tegra']:
            session.add(KernelType(kernel_type=type, uboot=False))
        for type in [u'mvebu']:
            session.add(KernelType(kernel_type=type, uboot=True))

    #Setup base Architectures
    if Arch.query.count() == 0:
        for arch in [u'i386', u'x86_64', u'ia64', u'ppc', u'ppc64', u'ppc64le',
                     u's390', u's390x', u'armhfp', u'aarch64', u'arm']:
            session.add(Arch(arch))

    #Setup base power types
    if PowerType.query.count() == 0:
        for power_type in [u'apc_snmp', u'apc_snmp_then_etherwake',
                u'bladecenter', u'bladepap', u'drac', u'ether_wake', u'hyper-v',
                u'ilo', u'integrity', u'ipmilan', u'ipmitool', u'lpar', u'rsa',
                u'virsh', u'wti']:
            session.add(PowerType(power_type))

    #Setup key types
    if Key.query.count() == 0:
        session.add(Key(u'DISKSPACE',True))
        session.add(Key(u'COMMENT'))
        session.add(Key(u'CPUFAMILY',True))
        session.add(Key(u'CPUFLAGS'))
        session.add(Key(u'CPUMODEL'))
        session.add(Key(u'CPUMODELNUMBER', True))
        session.add(Key(u'CPUSPEED',True))
        session.add(Key(u'CPUVENDOR'))
        session.add(Key(u'DISK',True))
        session.add(Key(u'FORMFACTOR'))
        session.add(Key(u'HVM'))
        session.add(Key(u'MEMORY',True))
        session.add(Key(u'MODEL'))
        session.add(Key(u'MODULE'))
        session.add(Key(u'NETWORK'))
        session.add(Key(u'NR_DISKS',True))
        session.add(Key(u'NR_ETH',True))
        session.add(Key(u'NR_IB',True))
        session.add(Key(u'PCIID'))
        session.add(Key(u'PROCESSORS',True))
        session.add(Key(u'RTCERT'))
        session.add(Key(u'SCRATCH'))
        session.add(Key(u'STORAGE'))
        session.add(Key(u'USBID'))
        session.add(Key(u'VENDOR'))
        session.add(Key(u'XENCERT'))
        session.add(Key(u'NETBOOT_METHOD'))

    #Setup ack/nak reposnses
    if Response.query.count() == 0:
        session.add(Response(response=u'ack'))
        session.add(Response(response=u'nak'))

    if RetentionTag.query.count() == 0:
        session.add(RetentionTag(tag=u'scratch', is_default=1, expire_in_days=30))
        session.add(RetentionTag(tag=u'60days', needs_product=False, expire_in_days=60))
        session.add(RetentionTag(tag=u'120days', needs_product=False, expire_in_days=120))
        session.add(RetentionTag(tag=u'active', needs_product=True))
        session.add(RetentionTag(tag=u'audit', needs_product=True))

    config_items = [
        # name, description, numeric
        (u'root_password', u'Plaintext root password for provisioned systems', False),
        (u'root_password_validity', u"Maximum number of days a user's root password is valid for", True),
        (u'guest_name_prefix', u'Prefix for names of dynamic guests in OpenStack', False),
    ]
    for name, description, numeric in config_items:
        ConfigItem.lazy_create(name=name, description=description, numeric=numeric)
    if ConfigItem.by_name(u'root_password').current_value() is None:
        ConfigItem.by_name(u'root_password').set(u'beaker', user=admin.users[0])

    session.commit()
    session.close()
Beispiel #21
0
def _get_permission_by_name(permission_name):
    try:
        return Permission.by_name(permission_name)
    except NoResultFound:
        # Needs to return 400 as the resource exists but the given parameter is bad.
        raise BadRequest400("Permission '%s' does not exist" % permission_name)
Beispiel #22
0
def _get_permission_by_name(permission_name):
    try:
        return Permission.by_name(permission_name)
    except NoResultFound:
        # Needs to return 400 as the resource exists but the given parameter is bad.
        raise BadRequest400("Permission '%s' does not exist" % permission_name)
Beispiel #23
0
 def get_permissions(self, input):
     results = Permission.by_name(input, anywhere=True)
     permission_names = [result.permission_name for result in results]
     return dict(matches=permission_names)