def get_audited_groups(session): # type: (Session) -> List[Group] """Returns all audited enabled groups. At present, this is not cached at all and returns the full list of groups from the database each time it's called. Args: session (Session): Session to load data on. Returns: a list of all enabled and audited Group objects in the database """ audited_groups = [] graph = Graph() for group in get_all_groups(session): try: group_md = graph.get_group_details(group.name) except NoSuchGroup: # Very new group with no metadata yet, or it has been disabled and # excluded from in-memory cache. continue if group_md.get('audited', False): audited_groups.append(group) return audited_groups
def get_all_groups_by_user(session, user): # type: (Session, User) -> List[Tuple[Group, int]] """Return groups a given user is a member of along with the user's role. This includes groups inherited from other groups, unlike get_groups_by_user. """ from grouper.graph import Graph grps = Graph().get_user_details(username=user.name)["groups"] groups = session.query(Group).filter(Group.name.in_(grps.keys())).all() return [(group, grps[group.name]["role"]) for group in groups]
def start_server(args, sentry_client): # type: (argparse.Namespace, SentryProxy) -> None log_level = logging.getLevelName(logging.getLogger().level) logging.info("begin. log_level={}".format(log_level)) assert not (settings.debug and settings.num_processes > 1), \ "debug mode does not support multiple processes" try: initialize_plugins(settings.plugin_dirs, settings.plugin_module_paths, "grouper_api") except PluginsDirectoryDoesNotExist as e: logging.fatal("Plugin directory does not exist: {}".format(e)) sys.exit(1) # setup database logging.debug("configure database session") database_url = args.database_url or get_database_url(settings) Session.configure(bind=get_db_engine(database_url)) settings.start_config_thread(args.config, "api") with closing(Session()) as session: graph = Graph() graph.update_from_db(session) refresher = DbRefreshThread(settings, graph, settings.refresh_interval, sentry_client) refresher.daemon = True refresher.start() application = get_application(graph, settings, sentry_client) address = args.address or settings.address port = args.port or settings.port logging.info("Starting application server on port %d", port) server = tornado.httpserver.HTTPServer(application) server.bind(port, address=address) server.start(settings.num_processes) stats.set_defaults() try: tornado.ioloop.IOLoop.instance().start() except KeyboardInterrupt: tornado.ioloop.IOLoop.instance().stop() finally: print "Bye"
def user_is_auditor(username): """Check if a user is an auditor This is defined as the user having the audit permission. Args: username (str): The account name to check. Returns: bool: True/False. """ graph = Graph() user_md = graph.get_user_details(username) for perm in user_md["permissions"]: if perm["permission"] == PERMISSION_AUDITOR: return True return False
def assert_can_join(group, user_or_group, role="member"): # type: (Group, Union[Group, User], str) -> bool """Enforce audit rules on joining a group This applies the auditing rules to determine whether or not a given user can join the given group with the given role. Args: group (models.Group): The group to test against. user (models.User): The user attempting to join. role (str): The role being tested. Raises: UserNotAuditor: If a user is found that violates the audit training policy, then this exception is raised. Returns: bool: True if the user should be allowed per policy, else it will raise as above. """ # By definition, any user can join as a member to any group. if user_or_group.type == "User" and role == "member": return True # Else, we have to check if the group is audited. If not, anybody can join. graph = Graph() group_md = graph.get_group_details(group.name) if not group_md["audited"]: return True # Audited group. Easy case, let's see if we're checking a user. If so, the user must be # considered an auditor. if user_or_group.type == "User": if user_is_auditor(user_or_group.name): return True raise UserNotAuditor( "User {} lacks the auditing permission ('{}') so may only have the " "'member' role in this audited group.".format(user_or_group.name, PERMISSION_AUDITOR) ) # No, this is a group-joining-group case. In this situation we must walk the entire group # subtree and ensure that all owners/np-owners/managers are considered auditors. This data # is contained in the group metadetails, which contains all eventual members. # # We have to fetch each group's details individually though to figure out what someone's role # is in that particular group. return assert_controllers_are_auditors(user_or_group)
def assert_controllers_are_auditors(group): # type: (Group) -> bool """Return whether not all owners/np-owners/managers in a group (and below) are auditors This is used to ensure that all of the people who can control a group (owners, np-owners, managers) and all subgroups (all the way down the tree) have audit permissions. Raises: UserNotAuditor: If a user is found that violates the audit training policy, then this exception is raised. Returns: bool: True if the tree is completely controlled by auditors, else it will raise as above. """ graph = Graph() checked = set() # type: Set[str] queue = [group.name] while queue: cur_group = queue.pop() if cur_group in checked: continue details = graph.get_group_details(cur_group) for chk_user, info in iteritems(details["users"]): if chk_user in checked: continue # Only examine direct members of this group, because then the role is accurate. if info["distance"] == 1: if info["rolename"] == "member": continue if user_is_auditor(chk_user): checked.add(chk_user) else: raise UserNotAuditor( "User {} has role '{}' in the group {} but lacks the auditing " "permission ('{}').".format( chk_user, info["rolename"], cur_group, PERMISSION_AUDITOR ) ) # Now put subgroups into the queue to examine. for chk_group, info in iteritems(details["subgroups"]): if info["distance"] == 1: queue.append(chk_group) # If we didn't raise, we're valid. return True
def assert_can_join(group, user_or_group, role="member"): """Enforce audit rules on joining a group This applies the auditing rules to determine whether or not a given user can join the given group with the given role. Args: group (models.Group): The group to test against. user (models.User): The user attempting to join. role (str): The role being tested. Raises: UserNotAuditor: If a user is found that violates the audit training policy, then this exception is raised. Returns: bool: True if the user should be allowed per policy, else it will raise as above. """ # By definition, any user can join as a member to any group. if user_or_group.type == "User" and role == "member": return True # Else, we have to check if the group is audited. If not, anybody can join. graph = Graph() group_md = graph.get_group_details(group.name) if not group_md["audited"]: return True # Audited group. Easy case, let's see if we're checking a user. If so, the user must be # considered an auditor. if user_or_group.type == "User": if user_is_auditor(user_or_group.name): return True raise UserNotAuditor( "User {} lacks auditing permission, so may only have the member role.".format( user_or_group.name)) # No, this is a group-joining-group case. In this situation we must walk the entire group # subtree and ensure that all owners/np-owners/managers are considered auditors. This data # is contained in the group metadetails, which contains all eventual members. # # We have to fetch each group's details individually though to figure out what someone's role # is in that particular group. return assert_controllers_are_auditors(user_or_group)
def assert_controllers_are_auditors(group): """Return whether not all owners/np-owners/managers in a group (and below) are auditors This is used to ensure that all of the people who can control a group (owners, np-owners, managers) and all subgroups (all the way down the tree) have audit permissions. Raises: UserNotAuditor: If a user is found that violates the audit training policy, then this exception is raised. Returns: bool: True if the tree is completely controlled by auditors, else it will raise as above. """ graph = Graph() checked, queue = set(), [group.name] while queue: cur_group = queue.pop() if cur_group in checked: continue details = graph.get_group_details(cur_group) for chk_user, info in iteritems(details["users"]): if chk_user in checked: continue # Only examine direct members of this group, because then the role is accurate. if info["distance"] == 1: if info["rolename"] == "member": continue if user_is_auditor(chk_user): checked.add(chk_user) else: raise UserNotAuditor( "User {} has role '{}' in the group {} but lacks the auditing " "permission ('{}').".format( chk_user, info["rolename"], cur_group, PERMISSION_AUDITOR ) ) # Now put subgroups into the queue to examine. for chk_group, info in iteritems(details["subgroups"]): if info["distance"] == 1: queue.append(chk_group) # If we didn't raise, we're valid. return True
def initialize(self, *args: Any, **kwargs: Any) -> None: self.graph = Graph() self.session = self.settings["session"]() # type: Session self.template_engine = self.settings[ "template_engine"] # type: FrontendTemplateEngine self.plugins = get_plugin_proxy() session_factory = SingletonSessionFactory(self.session) self.usecase_factory = create_graph_usecase_factory( settings(), self.plugins, session_factory) if self.get_argument("_profile", False): self.perf_collector = Collector() self.perf_trace_uuid = str(uuid4()) # type: Optional[str] self.perf_collector.start() else: self.perf_collector = None self.perf_trace_uuid = None self._request_start_time = datetime.utcnow()
def expire_nonauditors(self, session): """Checks all enabled audited groups and ensures that all approvers for that group have the PERMISSION_AUDITOR permission. All approvers of audited groups that aren't auditors have their membership in the audited group set to expire settings.nonauditor_expiration_days days in the future. Args: session (Session): database session """ now = datetime.utcnow() graph = Graph() exp_days = timedelta(days=settings.nonauditor_expiration_days) # Hack to ensure the graph is loaded before we access it graph.update_from_db(session) # TODO(tyleromeara): replace with graph call for group in get_audited_groups(session): members = group.my_members() # Go through every member of the group and set them to expire if they are an approver # but not an auditor for (type_, member), edge in members.iteritems(): # Auditing is already inherited, so we don't need to handle that here if type_ == "Group": continue member = User.get(session, name=member) member_is_approver = user_role_index( member, members) in APPROVER_ROLE_INDICIES member_is_auditor = user_has_permission( session, member, PERMISSION_AUDITOR) if not member_is_approver or member_is_auditor: continue edge = GroupEdge.get(session, id=edge.edge_id) if edge.expiration and edge.expiration < now + exp_days: continue exp = now + exp_days exp = exp.date() edge.apply_changes_dict({ "expiration": "{}/{}/{}".format(exp.month, exp.day, exp.year) }) edge.add(session) notify_nonauditor_flagged(settings, session, edge) session.commit()
def initialize(self, *args, **kwargs): # type: (*Any, **Any) -> None self.graph = Graph() self.session = kwargs["session"]() # type: Session self.template_env = kwargs["template_env"] # type: Environment self.usecase_factory = kwargs[ "usecase_factory"] # type: UseCaseFactory if self.get_argument("_profile", False): self.perf_collector = Collector() self.perf_trace_uuid = str(uuid4()) # type: Optional[str] self.perf_collector.start() else: self.perf_collector = None self.perf_trace_uuid = None self._request_start_time = datetime.utcnow() stats.log_rate("requests", 1) stats.log_rate("requests_{}".format(self.__class__.__name__), 1)
def assert_can_join(group: Group, user_or_group: Union[Group, User], role: str = "member") -> None: """Enforce audit rules on joining a group This applies the auditing rules to determine whether or not a given user can join the given group with the given role. Args: group: The group to test against. user: The user attempting to join. role: The role being tested. Raises: UserNotAuditor: If a user is found that violates the audit training policy """ # By definition, any user can join as a member to any group. if user_or_group.type == "User" and role == "member": return # Else, we have to check if the group is audited. If not, anybody can join. graph = Graph() group_md = graph.get_group_details(group.name) if not group_md["audited"]: return # Audited group. Easy case, let's see if we're checking a user. If so, the user must be # considered an auditor. if user_or_group.type == "User": if user_is_auditor(user_or_group.name): return raise UserNotAuditor( "User {} lacks the auditing permission ('{}') so may only have the " "'member' role in this audited group.".format(user_or_group.name, PERMISSION_AUDITOR) ) # No, this is a group-joining-group case. In this situation we must walk the entire group # subtree and ensure that all owners/np-owners/managers are considered auditors. This data # is contained in the group metadetails, which contains all eventual members. # # We have to fetch each group's details individually though to figure out what someone's role # is in that particular group. assert_controllers_are_auditors(user_or_group)
def get_audited_groups(session): # type: (Session) -> List[Group] """Returns all audited enabled groups. At present, this is not cached at all and returns the full list of groups from the database each time it's called. """ audited_groups = [] graph = Graph() for group in get_all_groups(session): try: group_md = graph.get_group_details(group.name) except NoSuchGroup: # Very new group with no metadata yet, or it has been disabled and # excluded from in-memory cache. continue if group_md.get("audited", False): audited_groups.append(group) return audited_groups
def expire_nonauditors(self, session): # type: (Session) -> None """Checks all enabled audited groups and ensures that all approvers for that group have the PERMISSION_AUDITOR permission. All approvers of audited groups that aren't auditors have their membership in the audited group set to expire settings.nonauditor_expiration_days days in the future. Args: session (Session): database session """ now = datetime.utcnow() graph = Graph() exp_days = timedelta(days=self.settings.nonauditor_expiration_days) # Hack to ensure the graph is loaded before we access it graph.update_from_db(session) # TODO(tyleromeara): replace with graph call for group in get_audited_groups(session): members = group.my_members() # Go through every member of the group and set them to expire if they are an approver # but not an auditor for (type_, member), edge in members.iteritems(): # Auditing is already inherited, so we don't need to handle that here if type_ == "Group": continue member = User.get(session, name=member) member_is_approver = user_role_index(member, members) in APPROVER_ROLE_INDICES member_is_auditor = user_has_permission(session, member, PERMISSION_AUDITOR) if not member_is_approver or member_is_auditor: continue edge = GroupEdge.get(session, id=edge.edge_id) if edge.expiration and edge.expiration < now + exp_days: continue exp = (now + exp_days).date() edge.apply_changes( {"expiration": "{}/{}/{}".format(exp.month, exp.day, exp.year)} ) edge.add(session) notify_nonauditor_flagged(self.settings, session, edge) session.commit()
def assert_controllers_are_auditors(group: Group) -> None: """Return whether not all owners/np-owners/managers in a group (and below) are auditors This is used to ensure that all of the people who can control a group (owners, np-owners, managers) and all subgroups (all the way down the tree) have audit permissions. Raises: UserNotAuditor: If a user is found that violates the audit training policy """ graph = Graph() checked: Set[str] = set() queue = [group.name] while queue: cur_group = queue.pop() if cur_group in checked: continue checked.add(cur_group) details = graph.get_group_details(cur_group) for chk_user, info in details["users"].items(): if chk_user in checked: continue # Only examine direct members of this group, because then the role is accurate. if info["distance"] == 1: if info["rolename"] == "member": continue if user_is_auditor(chk_user): checked.add(chk_user) else: raise UserNotAuditor( "User {} has role '{}' in the group {} but lacks the auditing " "permission ('{}').".format( chk_user, info["rolename"], cur_group, PERMISSION_AUDITOR ) ) # Now put subgroups into the queue to examine. for chk_group, info in details["subgroups"].items(): if info["distance"] == 1: queue.append(chk_group)
def promote_nonauditors(self, session): # type: (Session) -> None """Checks all enabled audited groups and ensures that all approvers for that group have the PERMISSION_AUDITOR permission. All non-auditor approvers of audited groups will be promoted to be auditors, i.e., added to the auditors group. Args: session (Session): database session """ graph = Graph() # Hack to ensure the graph is loaded before we access it graph.update_from_db(session) # map from user object to names of audited groups in which # user is a nonauditor approver nonauditor_approver_to_groups = defaultdict( set) # type: Dict[User, Set[str]] user_is_auditor = {} # type: Dict[str, bool] for group_tuple in graph.get_groups(audited=True, directly_audited=False): group_md = graph.get_group_details(group_tuple.groupname, expose_aliases=False) for username, user_md in iteritems(group_md["users"]): if username not in user_is_auditor: user_perms = graph.get_user_details( username)["permissions"] user_is_auditor[username] = any([ p["permission"] == PERMISSION_AUDITOR for p in user_perms ]) if user_is_auditor[username]: # user is already auditor so can skip continue if user_md["role"] in APPROVER_ROLE_INDICES: # non-auditor approver. BAD! nonauditor_approver_to_groups[username].add( group_tuple.groupname) if nonauditor_approver_to_groups: auditors_group = get_auditors_group(self.settings, session) for username, group_names in iteritems( nonauditor_approver_to_groups): reason = "auto-added due to having approver role(s) in group(s): {}".format( ", ".join(group_names)) user = User.get(session, name=username) assert user auditors_group.add_member(user, user, reason, status="actioned") notify_nonauditor_promoted(self.settings, session, user, auditors_group, group_names) session.commit()
def initialize(self, *args, **kwargs): # type: (*Any, **Any) -> None self.graph = Graph() self.session = self.settings["session"]() # type: Session self.template_engine = self.settings[ "template_engine"] # type: FrontendTemplateEngine self.plugins = get_plugin_proxy() session_factory = SingletonSessionFactory(self.session) self.usecase_factory = create_graph_usecase_factory( settings(), self.plugins, session_factory) if self.get_argument("_profile", False): self.perf_collector = Collector() self.perf_trace_uuid = str(uuid4()) # type: Optional[str] self.perf_collector.start() else: self.perf_collector = None self.perf_trace_uuid = None self._request_start_time = datetime.utcnow() stats.log_rate("requests", 1) stats.log_rate("requests_{}".format(self.__class__.__name__), 1) logging.error("initialized")
def initialize(self): self.session = self.application.my_settings.get("db_session")() self.graph = Graph() if self.get_argument("_profile", False): self.perf_collector = Collector() self.perf_trace_uuid = str(uuid4()) self.perf_collector.start() else: self.perf_collector = None self.perf_trace_uuid = None self._request_start_time = datetime.utcnow() stats.incr("requests") stats.incr("requests_{}".format(self.__class__.__name__))
def promote_nonauditors(self, session): # type: (Session) -> None """Checks all enabled audited groups and ensures that all approvers for that group have the PERMISSION_AUDITOR permission. All non-auditor approvers of audited groups will be promoted to be auditors, i.e., added to the auditors group. Args: session (Session): database session """ graph = Graph() # Hack to ensure the graph is loaded before we access it graph.update_from_db(session) # map from user object to names of audited groups in which # user is a nonauditor approver nonauditor_approver_to_groups = defaultdict(set) # type: Dict[User, Set[str]] user_is_auditor = {} # type: Dict[str, bool] for group_tuple in graph.get_groups(audited=True, directly_audited=False): group_md = graph.get_group_details(group_tuple.name, expose_aliases=False) for username, user_md in iteritems(group_md["users"]): if username not in user_is_auditor: user_perms = graph.get_user_details(username)["permissions"] user_is_auditor[username] = any( [p["permission"] == PERMISSION_AUDITOR for p in user_perms] ) if user_is_auditor[username]: # user is already auditor so can skip continue if user_md["role"] in APPROVER_ROLE_INDICES: # non-auditor approver. BAD! nonauditor_approver_to_groups[username].add(group_tuple.name) if nonauditor_approver_to_groups: auditors_group = get_auditors_group(self.settings, session) for username, group_names in iteritems(nonauditor_approver_to_groups): reason = "auto-added due to having approver role(s) in group(s): {}".format( ", ".join(group_names) ) user = User.get(session, name=username) assert user auditors_group.add_member(user, user, reason, status="actioned") notify_nonauditor_promoted( self.settings, session, user, auditors_group, group_names ) session.commit()
def initialize(self, *args, **kwargs): # type: (*Any, **Any) -> None self.graph = Graph() self.session = self.settings["session"]() # type: Session self.template_engine = self.settings["template_engine"] # type: FrontendTemplateEngine self.plugins = get_plugin_proxy() session_factory = SingletonSessionFactory(self.session) self.usecase_factory = create_graph_usecase_factory( settings(), self.plugins, session_factory ) if self.get_argument("_profile", False): self.perf_collector = Collector() self.perf_trace_uuid = str(uuid4()) # type: Optional[str] self.perf_collector.start() else: self.perf_collector = None self.perf_trace_uuid = None self._request_start_time = datetime.utcnow() stats.log_rate("requests", 1) stats.log_rate("requests_{}".format(self.__class__.__name__), 1)
def start_server(args, settings, sentry_client): # type: (Namespace, FrontendSettings, SentryProxy) -> None log_level = logging.getLevelName(logging.getLogger().level) logging.info("begin. log_level={}".format(log_level)) assert not ( settings.debug and settings.num_processes > 1 ), "debug mode does not support multiple processes" try: plugins = PluginProxy.load_plugins(settings, "grouper-fe") set_global_plugin_proxy(plugins) except PluginsDirectoryDoesNotExist as e: logging.fatal("Plugin directory does not exist: {}".format(e)) sys.exit(1) # setup database logging.debug("configure database session") if args.database_url: settings.database = args.database_url Session.configure(bind=get_db_engine(settings.database)) application = create_fe_application(settings, args.deployment_name) ssl_context = plugins.get_ssl_context() if args.listen_stdin: logging.info( "Starting application server with %d processes on stdin", settings.num_processes ) server = HTTPServer(application, ssl_options=ssl_context) if PY2: s = socket.fromfd(sys.stdin.fileno(), socket.AF_INET, socket.SOCK_STREAM) s.setblocking(False) s.listen(5) else: s = socket.socket(fileno=sys.stdin.fileno()) s.setblocking(False) s.listen() server.add_sockets([s]) else: address = args.address or settings.address port = args.port or settings.port logging.info( "Starting application server with %d processes on %s:%d", settings.num_processes, address, port, ) server = HTTPServer(application, ssl_options=ssl_context) server.bind(port, address=address) # When using multiple processes, the forking happens here server.start(settings.num_processes) stats.set_defaults() # Create the Graph and start the graph update thread post fork to ensure each process gets # updated. with closing(Session()) as session: graph = Graph() graph.update_from_db(session) refresher = DbRefreshThread(settings, graph, settings.refresh_interval, sentry_client) refresher.daemon = True refresher.start() try: IOLoop.current().start() except KeyboardInterrupt: IOLoop.current().stop() finally: print("Bye")
class GrouperHandler(RequestHandler): def initialize(self): self.session = self.application.my_settings.get("db_session")() self.graph = Graph() if self.get_argument("_profile", False): self.perf_collector = Collector() self.perf_trace_uuid = str(uuid4()) self.perf_collector.start() else: self.perf_collector = None self.perf_trace_uuid = None self._request_start_time = datetime.utcnow() stats.incr("requests") stats.incr("requests_{}".format(self.__class__.__name__)) def write_error(self, status_code, **kwargs): """Override for custom error page.""" if status_code >= 500 and status_code < 600: template = self.application.my_settings["template_env"].get_template("errors/5xx.html") self.write(template.render({"is_active": self.is_active})) else: template = self.application.my_settings["template_env"].get_template("errors/generic.html") self.write( template.render( { "status_code": status_code, "message": self._reason, "is_active": self.is_active, "trace_uuid": self.perf_trace_uuid, } ) ) self.finish() def is_refresh(self): # type: () -> bool """Indicates whether the refresh argument for this handler has been set to yes. This is used to force a refresh of the cached graph so that we don't show inconsistent state to the user. Returns: a boolean indicating whether this handler should refresh the graph """ return self.get_argument("refresh", "no").lower() == "yes" # The refresh argument can be added to any page. If the handler for that # route calls this function, it will sync its graph from the database if # requested. def handle_refresh(self): if self.is_refresh(): self.graph.update_from_db(self.session) def redirect(self, url, *args, **kwargs): if self.is_refresh(): url = urlparse.urljoin(url, "?refresh=yes") return super(GrouperHandler, self).redirect(url, *args, **kwargs) def get_current_user(self): username = self.request.headers.get(settings.user_auth_header) if not username: return # Users must be fully qualified if not re.match("^{}$".format(USERNAME_VALIDATION), username): raise InvalidUser() try: user, created = User.get_or_create(self.session, username=username) if created: logging.info("Created new user %s", username) self.session.commit() # Because the graph doesn't initialize until the updates table # is populated, we need to refresh the graph here in case this # is the first update. self.graph.update_from_db(self.session) except sqlalchemy.exc.OperationalError: # Failed to connect to database or create user, try to reconfigure the db. This invokes # the fetcher to try to see if our URL string has changed. Session.configure(bind=get_db_engine(get_database_url(settings))) raise DatabaseFailure() return user def prepare(self): if not self.current_user or not self.current_user.enabled: self.forbidden() self.finish() return def on_finish(self): if self.perf_collector: self.perf_collector.stop() perf_profile.record_trace(self.session, self.perf_collector, self.perf_trace_uuid) self.session.close() # log request duration duration = datetime.utcnow() - self._request_start_time duration_ms = int(duration.total_seconds() * 1000) stats.incr("duration_ms", duration_ms) stats.incr("duration_ms_{}".format(self.__class__.__name__), duration_ms) # log response status code response_status = self.get_status() stats.incr("response_status_{}".format(response_status)) stats.incr("response_status_{}_{}".format(self.__class__.__name__, response_status)) def update_qs(self, **kwargs): qs = self.request.arguments.copy() qs.update(kwargs) return "?" + urllib.urlencode(qs, True) def is_active(self, test_path): path = self.request.path if path == test_path: return "active" return "" def get_template_namespace(self): namespace = super(GrouperHandler, self).get_template_namespace() namespace.update( { "update_qs": self.update_qs, "is_active": self.is_active, "perf_trace_uuid": self.perf_trace_uuid, "xsrf_form": self.xsrf_form_html, "alerts": [], } ) return namespace def render_template(self, template_name, **kwargs): template = self.application.my_settings["template_env"].get_template(template_name) content = template.render(kwargs) return content def render(self, template_name, **kwargs): context = {} context.update(self.get_template_namespace()) context.update(kwargs) self.write(self.render_template(template_name, **context)) def get_form_alerts(self, errors): alerts = [] for field, field_errors in errors.items(): for error in field_errors: alerts.append(Alert("danger", error, field)) return alerts def raise_and_log_exception(self, exc): try: raise exc except Exception: self.log_exception(*sys.exc_info()) def log_message(self, message, **kwargs): if self.captureMessage: self.captureMessage(message, **kwargs) else: logging.info("{}, kwargs={}".format(message, kwargs)) # TODO(gary): Add json error responses. def badrequest(self, format_type=None): self.set_status(400) self.raise_and_log_exception(tornado.web.HTTPError(400)) self.render("errors/badrequest.html") def forbidden(self, format_type=None): self.set_status(403) self.raise_and_log_exception(tornado.web.HTTPError(403)) self.render("errors/forbidden.html") def notfound(self, format_type=None): self.set_status(404) self.raise_and_log_exception(tornado.web.HTTPError(404)) self.render("errors/notfound.html") def get_sentry_user_info(self): user = self.get_current_user() return {"username": user.name}
def start_server(args, settings, sentry_client): # type: (Namespace, FrontendSettings, SentryProxy) -> None log_level = logging.getLevelName(logging.getLogger().level) logging.info("begin. log_level={}".format(log_level)) assert not (settings.debug and settings.num_processes > 1 ), "debug mode does not support multiple processes" try: plugins = PluginProxy.load_plugins(settings, "grouper-fe") set_global_plugin_proxy(plugins) except PluginsDirectoryDoesNotExist as e: logging.fatal("Plugin directory does not exist: {}".format(e)) sys.exit(1) # setup database logging.debug("configure database session") if args.database_url: settings.database = args.database_url Session.configure(bind=get_db_engine(settings.database)) application = create_fe_application(settings, args.deployment_name) ssl_context = plugins.get_ssl_context() if args.listen_stdin: logging.info("Starting application server with %d processes on stdin", settings.num_processes) server = HTTPServer(application, ssl_options=ssl_context) if PY2: s = socket.fromfd(sys.stdin.fileno(), socket.AF_INET, socket.SOCK_STREAM) s.setblocking(False) s.listen(5) else: s = socket.socket(fileno=sys.stdin.fileno()) s.setblocking(False) s.listen() server.add_sockets([s]) else: address = args.address or settings.address port = args.port or settings.port logging.info( "Starting application server with %d processes on %s:%d", settings.num_processes, address, port, ) server = HTTPServer(application, ssl_options=ssl_context) server.bind(port, address=address) # When using multiple processes, the forking happens here server.start(settings.num_processes) stats.set_defaults() # Create the Graph and start the graph update thread post fork to ensure each process gets # updated. with closing(Session()) as session: graph = Graph() graph.update_from_db(session) refresher = DbRefreshThread(settings, graph, settings.refresh_interval, sentry_client) refresher.daemon = True refresher.start() try: IOLoop.current().start() except KeyboardInterrupt: IOLoop.current().stop() finally: print("Bye")
def graph(self): # type: () -> GroupGraph if not self._graph: self._graph = Graph() return self._graph
def graph(session): graph = Graph() graph.update_from_db(session) return graph
class GrouperHandler(RequestHandler): def initialize(self, *args: Any, **kwargs: Any) -> None: self.graph = Graph() self.session = self.settings["session"]() # type: Session self.template_engine = self.settings[ "template_engine"] # type: FrontendTemplateEngine self.plugins = get_plugin_proxy() session_factory = SingletonSessionFactory(self.session) self.usecase_factory = create_graph_usecase_factory( settings(), self.plugins, session_factory) if self.get_argument("_profile", False): self.perf_collector = Collector() self.perf_trace_uuid = str(uuid4()) # type: Optional[str] self.perf_collector.start() else: self.perf_collector = None self.perf_trace_uuid = None self._request_start_time = datetime.utcnow() def set_default_headers(self) -> None: self.set_header("Content-Security-Policy", self.settings["template_engine"].csp_header()) self.set_header("Referrer-Policy", "same-origin") def log_exception( self, exc_type: Optional[Type[BaseException]], exc_value: Optional[BaseException], exc_tb: Optional[TracebackType], ) -> None: if isinstance(exc_value, HTTPError): status_code = exc_value.status_code else: status_code = 500 self.plugins.log_exception(self.request, status_code, exc_type, exc_value, exc_tb) super().log_exception(exc_type, exc_value, exc_tb) def write_error(self, status_code: int, **kwargs: Any) -> None: """Override for custom error page.""" message = kwargs.get("message", "Unknown error") if status_code >= 500 and status_code < 600: template = self.template_engine.get_template("errors/5xx.html") self.write( template.render({ "is_active": self.is_active, "static_url": self.static_url })) else: template = self.template_engine.get_template("errors/generic.html") self.write( template.render({ "status_code": status_code, "message": message, "is_active": self.is_active, "trace_uuid": self.perf_trace_uuid, "static_url": self.static_url, })) self.finish() def is_refresh(self) -> bool: """Indicates whether the refresh argument for this handler has been set to yes. This is used to force a refresh of the cached graph so that we don't show inconsistent state to the user. Returns: a boolean indicating whether this handler should refresh the graph """ return self.get_argument("refresh", "no").lower() == "yes" # The refresh argument can be added to any page. If the handler for that # route calls this function, it will sync its graph from the database if # requested. def handle_refresh(self) -> None: if self.is_refresh(): self.graph.update_from_db(self.session) def redirect(self, url: str, *args: Any, **kwargs: Any) -> None: if self.is_refresh(): url = urljoin(url, "?refresh=yes") alerts = kwargs.pop("alerts", []) # type: List[Alert] self.set_alerts(alerts) super().redirect(url, *args, **kwargs) def get_or_create_user(self, username: str) -> Optional[User]: """Retrieve or create the User object for the authenticated user. This is done in a separate method called by prepare instead of in the magic Tornado get_current_user method because exceptions thrown by the latter are caught by Tornado and not propagated to the caller, and we want to use exceptions to handle invalid users and then return an error page in prepare. """ if not username: return None # Users must be fully qualified if not re.match("^{}$".format(USERNAME_VALIDATION), username): raise InvalidUser("{} does not match {}".format( username, USERNAME_VALIDATION)) # User must exist in the database and be active user, created = User.get_or_create(self.session, username=username) if created: logging.info("Created new user %s", username) self.session.commit() # Because the graph doesn't initialize until the updates table is populated, we need to # refresh the graph here in case this is the first update. self.graph.update_from_db(self.session) # service accounts are, by definition, not interactive users if user.is_service_account: raise InvalidUser("{} is a service account".format(username)) return user def get_path_argument(self, name: str) -> str: """Get a URL path argument. Parallel to get_request_argument() and get_body_argument(), this uses path_kwargs to find an argument to the handler, undo any URL quoting, and return it. Use this uniformly instead of kwargs for all handler get() and post() methods to handle escaping properly. """ value: str = self.path_kwargs[name] return unquote(value) def prepare(self) -> None: username = self.request.headers.get(settings().user_auth_header) try: user = self.get_or_create_user(username) except InvalidUser as e: self.baduser(str(e)) self.finish() return if user and user.enabled: self.current_user = user else: self.baduser("{} is not an active account".format(username)) self.finish() def on_finish(self) -> None: if self.perf_collector: self.perf_collector.stop() record_trace(self.session, self.perf_collector, self.perf_trace_uuid) self.session.close() handler = self.__class__.__name__ duration_ms = int( (datetime.utcnow() - self._request_start_time).total_seconds() * 1000) response_status = self.get_status() self.plugins.log_request(handler, response_status, duration_ms) def update_qs(self, **kwargs: Any) -> str: qs = self.request.arguments.copy() qs.update(kwargs) return "?" + urlencode(sorted(qs.items()), True) def is_active(self, test_path: str) -> str: path = self.request.path if path == test_path: return "active" return "" def get_template_namespace(self) -> Dict[str, Any]: namespace = super().get_template_namespace() namespace.update({ "alerts": self.get_alerts(), "is_active": self.is_active, "static_url": self.static_url, "perf_trace_uuid": self.perf_trace_uuid, "update_qs": self.update_qs, "xsrf_form": self.xsrf_form_html, }) return namespace def render_template(self, template_name: str, **kwargs: Any) -> str: template = self.template_engine.get_template(template_name) content = template.render(kwargs) return content def render(self, template_name: str, **kwargs: Any) -> None: defaults = self.get_template_namespace() context = {} context.update(defaults) context.update(kwargs) # Merge alerts context["alerts"] = [] context["alerts"].extend(defaults.get("alerts", [])) context["alerts"].extend(kwargs.get("alerts", [])) self.write(self.render_template(template_name, **context)) def render_template_class( self, template: BaseTemplate, alerts: Optional[List[Alert]] = None) -> Future[None]: return self.finish(template.render(self, alerts)) def set_alerts(self, alerts: Sequence[Alert]) -> None: if len(alerts) > 0: self.set_cookie("_alerts", _serialize_alerts(alerts)) else: self.clear_cookie("_alerts") def get_alerts(self) -> List[Alert]: serialized_alerts = self.get_cookie("_alerts", default="[]") alerts = _deserialize_alerts(serialized_alerts) self.clear_cookie("_alerts") return alerts def get_form_alerts(self, errors: Dict[str, List[str]]) -> List[Alert]: alerts = [] for field, field_errors in errors.items(): for error in field_errors: alerts.append(Alert("danger", error, field)) return alerts def raise_and_log_exception(self, exc: Exception) -> None: try: raise exc except Exception: self.log_exception(*sys.exc_info()) def log_message(self, message: str, **kwargs: Any) -> None: logging.info("{}, kwargs={}".format(message, kwargs)) def badrequest(self) -> None: self.set_status(400) self.raise_and_log_exception(HTTPError(400)) self.render("errors/badrequest.html") def baduser(self, message) -> None: self.set_status(403) self.raise_and_log_exception(HTTPError(403)) how_to_get_help = settings().how_to_get_help self.render("errors/baduser.html", message=message, how_to_get_help=how_to_get_help) def forbidden(self) -> None: self.set_status(403) self.raise_and_log_exception(HTTPError(403)) self.render("errors/forbidden.html", how_to_get_help=settings().how_to_get_help) def notfound(self) -> None: self.set_status(404) self.raise_and_log_exception(HTTPError(404)) self.render("errors/notfound.html")
class GrouperHandler(RequestHandler): def initialize(self): self.session = self.application.my_settings.get("db_session")() self.graph = Graph() if self.get_argument("_profile", False): self.perf_collector = Collector() self.perf_trace_uuid = str(uuid4()) self.perf_collector.start() else: self.perf_collector = None self.perf_trace_uuid = None self._request_start_time = datetime.utcnow() stats.incr("requests") stats.incr("requests_{}".format(self.__class__.__name__)) def write_error(self, status_code, **kwargs): """Override for custom error page.""" if status_code >= 500 and status_code < 600: template = self.application.my_settings[ "template_env"].get_template("errors/5xx.html") self.write(template.render({"is_active": self.is_active})) else: template = self.application.my_settings[ "template_env"].get_template("errors/generic.html") self.write( template.render({ "status_code": status_code, "message": self._reason, "is_active": self.is_active, "trace_uuid": self.perf_trace_uuid, })) self.finish() def is_refresh(self): # type: () -> bool """Indicates whether the refresh argument for this handler has been set to yes. This is used to force a refresh of the cached graph so that we don't show inconsistent state to the user. Returns: a boolean indicating whether this handler should refresh the graph """ return self.get_argument("refresh", "no").lower() == "yes" # The refresh argument can be added to any page. If the handler for that # route calls this function, it will sync its graph from the database if # requested. def handle_refresh(self): if self.is_refresh(): self.graph.update_from_db(self.session) def redirect(self, url, *args, **kwargs): if self.is_refresh(): url = urlparse.urljoin(url, "?refresh=yes") self.set_alerts(kwargs.pop("alerts", [])) return super(GrouperHandler, self).redirect(url, *args, **kwargs) def get_current_user(self): username = self.request.headers.get(settings.user_auth_header) if not username: return # Users must be fully qualified if not re.match("^{}$".format(USERNAME_VALIDATION), username): raise InvalidUser() try: user, created = User.get_or_create(self.session, username=username) if created: logging.info("Created new user %s", username) self.session.commit() # Because the graph doesn't initialize until the updates table # is populated, we need to refresh the graph here in case this # is the first update. self.graph.update_from_db(self.session) except sqlalchemy.exc.OperationalError: # Failed to connect to database or create user, try to reconfigure the db. This invokes # the fetcher to try to see if our URL string has changed. Session.configure(bind=get_db_engine(get_database_url(settings))) raise DatabaseFailure() return user def prepare(self): if not self.current_user or not self.current_user.enabled: self.forbidden() self.finish() return def on_finish(self): if self.perf_collector: self.perf_collector.stop() perf_profile.record_trace(self.session, self.perf_collector, self.perf_trace_uuid) self.session.close() # log request duration duration = datetime.utcnow() - self._request_start_time duration_ms = int(duration.total_seconds() * 1000) stats.incr("duration_ms", duration_ms) stats.incr("duration_ms_{}".format(self.__class__.__name__), duration_ms) # log response status code response_status = self.get_status() stats.incr("response_status_{}".format(response_status)) stats.incr("response_status_{}_{}".format(self.__class__.__name__, response_status)) def update_qs(self, **kwargs): qs = self.request.arguments.copy() qs.update(kwargs) return "?" + urllib.urlencode(qs, True) def is_active(self, test_path): path = self.request.path if path == test_path: return "active" return "" def get_template_namespace(self): namespace = super(GrouperHandler, self).get_template_namespace() namespace.update({ "update_qs": self.update_qs, "is_active": self.is_active, "perf_trace_uuid": self.perf_trace_uuid, "xsrf_form": self.xsrf_form_html, "alerts": self.get_alerts(), }) return namespace def render_template(self, template_name, **kwargs): template = self.application.my_settings["template_env"].get_template( template_name) content = template.render(kwargs) return content def render(self, template_name, **kwargs): defaults = self.get_template_namespace() context = {} context.update(defaults) context.update(kwargs) # Merge alerts context["alerts"] = defaults.get("alerts", []) + kwargs.get( "alerts", []) self.write(self.render_template(template_name, **context)) def set_alerts(self, alerts): # type: (List[Alert]) -> None if len(alerts) > 0: self.set_cookie("_alerts", _serialize_alerts(alerts)) else: self.clear_cookie("_alerts") def get_alerts(self): # type: () -> List[Alert] serialized_alerts = self.get_cookie("_alerts", default="[]") alerts = _deserialize_alerts(serialized_alerts) self.clear_cookie("_alerts") return alerts def get_form_alerts(self, errors): alerts = [] for field, field_errors in errors.items(): for error in field_errors: alerts.append(Alert("danger", error, field)) return alerts def raise_and_log_exception(self, exc): try: raise exc except Exception: self.log_exception(*sys.exc_info()) def log_message(self, message, **kwargs): if self.captureMessage: self.captureMessage(message, **kwargs) else: logging.info("{}, kwargs={}".format(message, kwargs)) # TODO(gary): Add json error responses. def badrequest(self, format_type=None): self.set_status(400) self.raise_and_log_exception(tornado.web.HTTPError(400)) self.render("errors/badrequest.html") def forbidden(self, format_type=None): self.set_status(403) self.raise_and_log_exception(tornado.web.HTTPError(403)) self.render("errors/forbidden.html") def notfound(self, format_type=None): self.set_status(404) self.raise_and_log_exception(tornado.web.HTTPError(404)) self.render("errors/notfound.html") def get_sentry_user_info(self): user = self.get_current_user() return { 'username': user.username, }
class GrouperHandler(SentryHandler): def initialize(self, *args, **kwargs): # type: (*Any, **Any) -> None self.graph = Graph() self.session = self.settings["session"]() # type: Session self.template_engine = self.settings["template_engine"] # type: FrontendTemplateEngine self.plugins = get_plugin_proxy() session_factory = SingletonSessionFactory(self.session) self.usecase_factory = create_graph_usecase_factory( settings(), self.plugins, session_factory ) if self.get_argument("_profile", False): self.perf_collector = Collector() self.perf_trace_uuid = str(uuid4()) # type: Optional[str] self.perf_collector.start() else: self.perf_collector = None self.perf_trace_uuid = None self._request_start_time = datetime.utcnow() stats.log_rate("requests", 1) stats.log_rate("requests_{}".format(self.__class__.__name__), 1) def set_default_headers(self): # type: () -> None self.set_header("Content-Security-Policy", self.settings["template_engine"].csp_header()) self.set_header("Referrer-Policy", "same-origin") def write_error(self, status_code, **kwargs): # type: (int, **Any) -> None """Override for custom error page.""" message = kwargs.get("message", "Unknown error") if status_code >= 500 and status_code < 600: template = self.template_engine.get_template("errors/5xx.html") self.write( template.render({"is_active": self.is_active, "static_url": self.static_url}) ) else: template = self.template_engine.get_template("errors/generic.html") self.write( template.render( { "status_code": status_code, "message": message, "is_active": self.is_active, "trace_uuid": self.perf_trace_uuid, "static_url": self.static_url, } ) ) self.finish() def is_refresh(self): # type: () -> bool """Indicates whether the refresh argument for this handler has been set to yes. This is used to force a refresh of the cached graph so that we don't show inconsistent state to the user. Returns: a boolean indicating whether this handler should refresh the graph """ return self.get_argument("refresh", "no").lower() == "yes" # The refresh argument can be added to any page. If the handler for that # route calls this function, it will sync its graph from the database if # requested. def handle_refresh(self): # type: () -> None if self.is_refresh(): self.graph.update_from_db(self.session) def redirect(self, url, *args, **kwargs): # type: (str, *Any, **Any) -> None if self.is_refresh(): url = urljoin(url, "?refresh=yes") alerts = kwargs.pop("alerts", []) # type: List[Alert] self.set_alerts(alerts) super(GrouperHandler, self).redirect(url, *args, **kwargs) def get_or_create_user(self, username): # type: (str) -> Optional[User] """Retrieve or create the User object for the authenticated user. This is done in a separate method called by prepare instead of in the magic Tornado get_current_user method because exceptions thrown by the latter are caught by Tornado and not propagated to the caller, and we want to use exceptions to handle invalid users and then return an error page in prepare. """ if not username: return None # Users must be fully qualified if not re.match("^{}$".format(USERNAME_VALIDATION), username): raise InvalidUser("{} does not match {}".format(username, USERNAME_VALIDATION)) # User must exist in the database and be active try: user, created = User.get_or_create(self.session, username=username) if created: logging.info("Created new user %s", username) self.session.commit() # Because the graph doesn't initialize until the updates table # is populated, we need to refresh the graph here in case this # is the first update. self.graph.update_from_db(self.session) except sqlalchemy.exc.OperationalError: # Failed to connect to database or create user, try to reconfigure the db. This invokes # the fetcher to try to see if our URL string has changed. Session.configure(bind=get_db_engine(settings().database)) raise DatabaseFailure() # service accounts are, by definition, not interactive users if user.is_service_account: raise InvalidUser("{} is a service account".format(username)) return user def prepare(self): # type: () -> None username = self.request.headers.get(settings().user_auth_header) try: user = self.get_or_create_user(username) except InvalidUser as e: self.baduser(str(e)) self.finish() return if user and user.enabled: self.current_user = user else: self.baduser("{} is not an active account".format(username)) self.finish() def on_finish(self): # type: () -> None if self.perf_collector: self.perf_collector.stop() record_trace(self.session, self.perf_collector, self.perf_trace_uuid) self.session.close() # log request duration duration = datetime.utcnow() - self._request_start_time duration_ms = int(duration.total_seconds() * 1000) stats.log_rate("duration_ms", duration_ms) stats.log_rate("duration_ms_{}".format(self.__class__.__name__), duration_ms) # log response status code response_status = self.get_status() stats.log_rate("response_status_{}".format(response_status), 1) stats.log_rate("response_status_{}_{}".format(self.__class__.__name__, response_status), 1) def update_qs(self, **kwargs): # type: (**Any) -> str qs = self.request.arguments.copy() qs.update(kwargs) return "?" + urlencode(sorted(qs.items()), True) def is_active(self, test_path): # type: (str) -> str path = self.request.path if path == test_path: return "active" return "" def get_template_namespace(self): # type: () -> Dict[str, Any] namespace = super(GrouperHandler, self).get_template_namespace() namespace.update( { "update_qs": self.update_qs, "is_active": self.is_active, "perf_trace_uuid": self.perf_trace_uuid, "xsrf_form": self.xsrf_form_html, "alerts": self.get_alerts(), "static_url": self.static_url, } ) return namespace def render_template(self, template_name, **kwargs): # type: (str, **Any) -> Text template = self.template_engine.get_template(template_name) content = template.render(kwargs) return content def render(self, template_name, **kwargs): # type: (str, **Any) -> None defaults = self.get_template_namespace() context = {} context.update(defaults) context.update(kwargs) # Merge alerts context["alerts"] = [] context["alerts"].extend(defaults.get("alerts", [])) context["alerts"].extend(kwargs.get("alerts", [])) self.write(self.render_template(template_name, **context)) def set_alerts(self, alerts): # type: (List[Alert]) -> None if len(alerts) > 0: self.set_cookie("_alerts", _serialize_alerts(alerts)) else: self.clear_cookie("_alerts") def get_alerts(self): # type: () -> List[Alert] serialized_alerts = self.get_cookie("_alerts", default="[]") alerts = _deserialize_alerts(serialized_alerts) self.clear_cookie("_alerts") return alerts def get_form_alerts(self, errors): # type: (Dict[str, List[str]]) -> List[Alert] alerts = [] for field, field_errors in iteritems(errors): for error in field_errors: alerts.append(Alert("danger", error, field)) return alerts def raise_and_log_exception(self, exc): # type: (Exception) -> None try: raise exc except Exception: self.log_exception(*sys.exc_info()) def log_message(self, message, **kwargs): # type: (str, **Any) -> None if getattr(self, "captureMessage", None): self.captureMessage(message, **kwargs) else: logging.info("{}, kwargs={}".format(message, kwargs)) def badrequest(self): # type: () -> None self.set_status(400) self.raise_and_log_exception(tornado.web.HTTPError(400)) self.render("errors/badrequest.html") def baduser(self, message): # type: (str) -> None self.set_status(403) self.raise_and_log_exception(tornado.web.HTTPError(403)) how_to_get_help = settings().how_to_get_help self.render("errors/baduser.html", message=message, how_to_get_help=how_to_get_help) def forbidden(self): # type: () -> None self.set_status(403) self.raise_and_log_exception(tornado.web.HTTPError(403)) self.render("errors/forbidden.html", how_to_get_help=settings().how_to_get_help) def notfound(self): # type: () -> None self.set_status(404) self.raise_and_log_exception(tornado.web.HTTPError(404)) self.render("errors/notfound.html") def get_sentry_user_info(self): # type: () -> Dict[str, Optional[str]] if self.current_user: return {"username": self.current_user.username} else: return {"username": None}