def create_superuser(tenant: str, username: str = "admin", password: str = "folio"):
okapi = OkapiClient()
log.info("Disable authtoken for tenant.")
try:
mod_authtoken = okapi.get_tenant_interface("authtoken", tenant)[0]
disabled_mods = okapi.disable_module(mod_authtoken["id"], tenant)
except:
disabled_mods = None
userService = UserService(tenant)
log.info("Create user record.")
user = userService.create_user(
username, password,
permissions=["perms.all",
"users.collection.get"],
personal={"lastName": "Superuser"})
log.info("Create service points for user record.")
servicepoints = userService.get_servicePoints()
servicepointsIds = [sp["id"] for sp in servicepoints["servicepoints"]]
if servicepointsIds:
log.debug(servicepoints)
userService.set_servicePoints(username, servicepointsIds,
servicepointsIds[0])
log.info("Enable mod-authtoken.")
okapi.enable_modules([m["id"] for m in disabled_mods], tenant)
log.info("Login as superuser")
userService.login(username, password)
log.info("Generate list of permissions")
perms = Permissions(tenant).get_permissions(
query="cql.allRecords=1 not permissionName==okapi.* not permissionName==modperms.* not permissionName==SYS#*",
length="5000")
topLevelPermissions = []
for permission in perms["permissions"]:
mods_perms = 0
for s in permission["childOf"]:
if s.startswith("SYS#") or s.startswith("modperms"):
mods_perms += 1
if len(permission["childOf"]) == mods_perms:
topLevelPermissions.append(permission["permissionName"])
# topLevelPermissions.extend(
# ["codex.collection.get",
# "codex-mux.instances.collection.get"])
if StrictVersion(okapi.version()) >= StrictVersion("4.0"):
topLevelPermissions.extend(["okapi.proxy.modules.get"])
userService.set_permissions(username, topLevelPermissions)
log.info("Superuser %s created.", username)
return user
def secure_supertenant(username: str = "okapi_admin", password: str = "admin"):
tenant = "supertenant"
permissions = [
"okapi.all",
"okapi.proxy.pull.modules.post",
"perms.all",
"login.all",
"users.all"
]
module_list = ['permissions', 'users', 'login']
o = OkapiClient()
modules = [m["id"] for m in o.get_modules() if m["name"] in module_list]
res = o.enable_modules(modules, tenant)
# print(res)
userServices = UserService(tenant)
log.info("Create user record.")
user = userServices.create_user(
username, password, permissions=permissions)
authtoken = [m["id"]
for m in o.get_modules() if m["name"] == "authtoken"][0]
res = o.enable_module(authtoken, tenant)
# print(res)
login_supertenant(username, password)
print("Successfully secured Okapi.")