def _get_users(self, context):
"""Return all non-system Postgres users on the instance."""
results = pgutil.query(
pgutil.UserQuery.list(ignore=cfg.get_ignored_users()),
timeout=30,
)
return [self._build_user(context, row[0].strip()) for row in results]
def _get_users(self, context):
"""Return all non-system Postgres users on the instance."""
results = pgutil.query(
pgutil.UserQuery.list(ignore=cfg.get_ignored_users()),
timeout=30,
)
return [self._build_user(context, row[0].strip()) for row in results]
def list_users(
self,
context,
limit=None,
marker=None,
include_marker=False,
):
"""List all users on the instance along with their access permissions.
Return value is a list of dictionaries in the following form:
[{"_name": "", "_password": None, "_host": None,
"_databases": [{"_name": ""}, ...]}, ...]
"""
results = pgutil.query(
pgutil.UserQuery.list(ignore=cfg.get_ignored_users(
manager='postgresql')),
timeout=30,
)
# Convert results into dictionaries.
results = (
{
'_name': r[0].strip(),
'_password': None,
'_host': None,
'_databases': self.list_access(context, r[0], None),
}
for r in results
)
# Force __iter__ of generator until marker found.
if marker is not None:
try:
item = results.next()
while item['_name'] != marker:
item = results.next()
except StopIteration:
pass
remainder = None
if limit is not None:
remainder = results
results = itertools.islice(results, limit)
results = tuple(results)
next_marker = None
if remainder is not None:
try:
next_marker = remainder.next()
except StopIteration:
pass
return results, next_marker
def list_users(
self,
context,
limit=None,
marker=None,
include_marker=False,
):
"""List all users on the instance along with their access permissions.
Return value is a list of dictionaries in the following form:
[{"_name": "", "_password": None, "_host": None,
"_databases": [{"_name": ""}, ...]}, ...]
"""
results = pgutil.query(
pgutil.UserQuery.list(ignore=cfg.get_ignored_users(
manager='postgresql')),
timeout=30,
)
# Convert results into dictionaries.
results = (
{
'_name': r[0].strip(),
'_password': None,
'_host': None,
'_databases': self.list_access(context, r[0], None),
}
for r in results
)
# Force __iter__ of generator until marker found.
if marker is not None:
try:
item = next(results)
while item['_name'] != marker:
item = next(results)
except StopIteration:
pass
remainder = None
if limit is not None:
remainder = results
results = itertools.islice(results, limit)
results = tuple(results)
next_marker = None
if remainder is not None:
try:
next_marker = next(remainder)
except StopIteration:
pass
return results, next_marker
def list_users(self, limit=None, marker=None, include_marker=False):
"""Get a list of all users."""
users = []
with MongoDBClient(self._admin_user()) as admin_client:
for user_info in admin_client.admin.system.users.find():
user = models.MongoDBUser(name=user_info['_id'])
user.roles = user_info['roles']
if user.name not in cfg.get_ignored_users(manager='mongodb'):
users.append(user.serialize())
LOG.debug('users = ' + str(users))
return pagination.paginate_list(users, limit, marker,
include_marker)
def is_root_enabled(self, context):
"""Return True if there is a superuser account enabled.
This ignores the built-in superuser of postgres and the potential
system administration superuser of os_admin.
"""
results = pgutil.query(
pgutil.UserQuery.list_root(ignore=cfg.get_ignored_users()),
timeout=30,
)
# Reduce iter of iters to iter of single values.
results = (r[0] for r in results)
return len(tuple(results)) > 0
def load_with_client(cls, client, limit, marker, include_marker):
user_list, next_marker = client.list_users(
limit=limit, marker=marker, include_marker=include_marker)
model_users = []
for user in user_list:
mysql_user = guest_models.MySQLUser.deserialize(user, verify=False)
if mysql_user.name in cfg.get_ignored_users():
continue
# TODO(hub-cap): databases are not being returned in the
# reference agent
dbs = []
for db in mysql_user.databases:
dbs.append({'name': db['_name']})
model_users.append(
User(mysql_user.name, mysql_user.host, mysql_user.password,
dbs))
return model_users, next_marker
def load_with_client(cls, client, limit, marker, include_marker):
user_list, next_marker = client.list_users(
limit=limit,
marker=marker,
include_marker=include_marker)
model_users = []
for user in user_list:
mysql_user = guest_models.MySQLUser()
mysql_user.deserialize(user)
if mysql_user.name in cfg.get_ignored_users():
continue
# TODO(hub-cap): databases are not being returned in the
# reference agent
dbs = []
for db in mysql_user.databases:
dbs.append({'name': db['_name']})
model_users.append(User(mysql_user.name,
mysql_user.host,
mysql_user.password,
dbs))
return model_users, next_marker
def _is_modifiable_user(self, name):
if name in cfg.get_ignored_users():
return False
elif name == system.COUCHDB_ADMIN_NAME:
return False
return True
def ignored_users(self):
if self._is_root:
return []
return cfg.get_ignored_users()
def list_users(self, limit=None, marker=None, include_marker=False):
LOG.debug(
"List all users for all the databases in a DB2 server instance.")
users = []
user_map = {}
next_marker = None
count = 0
databases, marker = self.list_databases()
for database in databases:
db2_db = models.DatastoreSchema.deserialize(database)
out = None
try:
out, err = run_command(
system.LIST_DB_USERS % {'dbname': db2_db.name})
except exception.ProcessExecutionError:
LOG.debug(
"There was an error while listing users for database: %s."
% db2_db.name)
continue
userlist = []
for item in out.split('\n'):
LOG.debug("item = %r" % item)
user = item.split() if item != "" else None
LOG.debug("user = %r" % (user))
if (user is not None
and (user[0] not in cfg.get_ignored_users()
and user[1] == 'Y')):
userlist.append(user[0])
result = iter(userlist)
if marker is not None:
try:
item = next(result)
while item != marker:
item = next(result)
if item == marker:
marker = None
except StopIteration:
pass
try:
item = next(result)
while item:
'''
Check if the user has already been discovered. If so,
add this database to the database list for this user.
'''
if item in user_map:
db2user = user_map.get(item)
db2user.databases = db2_db.name
item = next(result)
continue
'''
If this user was not previously discovered, then add
this to the user's list.
'''
count = count + 1
if (limit and count <= limit) or limit is None:
db2_user = models.DatastoreUser(name=item,
databases=db2_db.name)
users.append(db2_user.serialize())
user_map.update({item: db2_user})
item = next(result)
else:
next_marker = None
break
except StopIteration:
next_marker = None
if count == limit:
break
return users, next_marker
def _is_modifiable_user(self, name):
if ((name in cfg.get_ignored_users())
or name == system.MONGO_ADMIN_NAME):
return False
return True
def ignore_users(self):
return cfg.get_ignored_users()
def ignore_users(self):
return cfg.get_ignored_users(manager=MANAGER)
def is_reserved_id(self, user_id):
user_id = self._to_canonical(user_id)
return user_id in cfg.get_ignored_users()
def list_users(self, limit=None, marker=None, include_marker=False):
"""List users that have access to the database."""
'''
SELECT
User,
Host,
Marker
FROM
(SELECT
User,
Host,
CONCAT(User, '@', Host) as Marker
FROM mysql.user
ORDER BY 1, 2) as innerquery
WHERE
Marker > :marker
ORDER BY
Marker
LIMIT :limit;
'''
LOG.debug("---Listing Users---")
ignored_user_names = "'%s'" % "', '".join(cfg.get_ignored_users())
LOG.debug(
"The following user names are on ignore list and will "
"be omitted from the listing: %s", ignored_user_names)
users = []
with self.local_sql_client(self.mysql_app.get_engine()) as client:
iq = sql_query.Query() # Inner query.
iq.columns = ['User', 'Host', "CONCAT(User, '@', Host) as Marker"]
iq.tables = ['mysql.user']
iq.order = ['User', 'Host']
innerquery = str(iq).rstrip(';')
oq = sql_query.Query() # Outer query.
oq.columns = ['User', 'Host', 'Marker']
oq.tables = ['(%s) as innerquery' % innerquery]
oq.where = [
"Host != 'localhost'",
"User NOT IN (" + ignored_user_names + ")"
]
oq.order = ['Marker']
if marker:
oq.where.append(
"Marker %s '%s'" %
(INCLUDE_MARKER_OPERATORS[include_marker], marker))
if limit:
oq.limit = limit + 1
t = text(str(oq))
result = client.execute(t)
next_marker = None
LOG.debug("result = %s", str(result))
for count, row in enumerate(result):
if limit is not None and count >= limit:
break
LOG.debug("user = %s", str(row))
mysql_user = models.MySQLUser(name=row['User'],
host=row['Host'])
mysql_user.check_reserved()
self._associate_dbs(mysql_user)
next_marker = row['Marker']
users.append(mysql_user.serialize())
if limit is not None and result.rowcount <= limit:
next_marker = None
LOG.debug("users = %s", str(users))
return users, next_marker
def __init__(self):
self._name = None
self._host = None
self._password = None
self._databases = []
self._ignore_users = cfg.get_ignored_users()
def ignore_users(self):
return cfg.get_ignored_users(manager=MANAGER)
def ignore_users(self):
return cfg.get_ignored_users()
def ignored_users(self):
if self._is_root:
return []
return cfg.get_ignored_users()
def list_users(self, limit=None, marker=None, include_marker=False):
LOG.debug(
"List all users for all the databases in a DB2 server instance.")
users = []
user_map = {}
next_marker = None
count = 0
databases, marker = self.list_databases()
for database in databases:
db2_db = models.MySQLDatabase()
db2_db.deserialize(database)
out = None
try:
out, err = run_command(system.LIST_DB_USERS %
{'dbname': db2_db.name})
except exception.ProcessExecutionError:
LOG.debug(
"There was an error while listing users for database: %s."
% db2_db.name)
continue
userlist = []
for item in out.split('\n'):
LOG.debug("item = %r" % item)
user = item.split() if item != "" else None
LOG.debug("user = %r" % (user))
if (user is not None and
(user[0] not in cfg.get_ignored_users(manager='db2')
and user[1] == 'Y')):
userlist.append(user[0])
result = iter(userlist)
if marker is not None:
try:
item = next(result)
while item != marker:
item = next(result)
if item == marker:
marker = None
except StopIteration:
pass
try:
item = next(result)
db2db = models.MySQLDatabase()
db2db.name = db2_db.name
while item:
'''
Check if the user has already been discovered. If so,
add this database to the database list for this user.
'''
if item in user_map:
db2user = user_map.get(item)
db2user.databases.append(db2db.serialize())
item = next(result)
continue
'''
If this user was not previously discovered, then add
this to the user's list.
'''
count = count + 1
if (limit and count <= limit) or limit is None:
db2_user = models.MySQLUser()
db2_user.name = item
db2_user.databases.append(db2db.serialize())
users.append(db2_user.serialize())
user_map.update({item: db2_user})
item = next(result)
else:
next_marker = None
break
except StopIteration:
next_marker = None
if count == limit:
break
return users, next_marker
def _is_modifiable_user(self, name):
if name in cfg.get_ignored_users(manager=MANAGER):
return False
elif name == system.COUCHDB_ADMIN_NAME:
return False
return True
def __init__(self):
self._name = None
self._host = None
self._password = None
self._databases = []
self._ignore_users = cfg.get_ignored_users()
def is_reserved_id(self, user_id):
return user_id in cfg.get_ignored_users()
def _is_modifiable_user(self, name):
if ((name in cfg.get_ignored_users()) or
name == system.MONGO_ADMIN_NAME):
return False
return True
def list_users(self, limit=None, marker=None, include_marker=False):
"""List users that have access to the database."""
'''
SELECT
User,
Host,
Marker
FROM
(SELECT
User,
Host,
CONCAT(User, '@', Host) as Marker
FROM mysql.user
ORDER BY 1, 2) as innerquery
WHERE
Marker > :marker
ORDER BY
Marker
LIMIT :limit;
'''
LOG.debug("---Listing Users---")
ignored_user_names = "'%s'" % "', '".join(cfg.get_ignored_users())
LOG.debug("The following user names are on ignore list and will "
"be omitted from the listing: %s" % ignored_user_names)
users = []
with self.local_sql_client(self.mysql_app.get_engine()) as client:
iq = sql_query.Query() # Inner query.
iq.columns = ['User', 'Host', "CONCAT(User, '@', Host) as Marker"]
iq.tables = ['mysql.user']
iq.order = ['User', 'Host']
innerquery = str(iq).rstrip(';')
oq = sql_query.Query() # Outer query.
oq.columns = ['User', 'Host', 'Marker']
oq.tables = ['(%s) as innerquery' % innerquery]
oq.where = [
"Host != 'localhost'",
"User NOT IN (" + ignored_user_names + ")"]
oq.order = ['Marker']
if marker:
oq.where.append("Marker %s '%s'" %
(INCLUDE_MARKER_OPERATORS[include_marker],
marker))
if limit:
oq.limit = limit + 1
t = text(str(oq))
result = client.execute(t)
next_marker = None
LOG.debug("result = " + str(result))
for count, row in enumerate(result):
if limit is not None and count >= limit:
break
LOG.debug("user = "******"users = " + str(users))
return users, next_marker
