def from_json(conf_path): if os.path.exists(conf_path): file_content = file_utils.read_file(conf_path) else: file_content = "{}" config = ServerConfig() json_object = json.loads(file_content) address = "0.0.0.0" port = 5000 ssl = json_object.get("ssl") if ssl is not None: key_path = model_helper.read_obligatory(ssl, 'key_path', ' for ssl') cert_path = model_helper.read_obligatory(ssl, 'cert_path', ' for ssl') config.ssl = True config.ssl_key_path = key_path config.ssl_cert_path = cert_path port = 5443 if json_object.get("address"): address = json_object.get("address") config.address = address if json_object.get("port"): port = json_object.get("port") config.port = port if json_object.get('title'): config.title = json_object.get('title') auth_config = json_object.get('auth') if auth_config: config.authenticator = create_authenticator(auth_config) allowed_users = auth_config.get('allowed_users') auth_type = config.authenticator.auth_type if auth_type == 'google_oauth' and allowed_users is None: raise Exception('auth.allowed_users field is mandatory for ' + auth_type) def_trusted_ips = [] def_admins = [] else: allowed_users = '*' def_trusted_ips = ['127.0.0.1', '::1'] def_admins = def_trusted_ips config.trusted_ips = strip(read_list(json_object, 'trusted_ips', default=def_trusted_ips)) admin_users = _parse_admin_users(json_object, default_admins=def_admins) config.authorizer = _create_authorizer(allowed_users, admin_users) config.alerts_config = parse_alerts_config(json_object) config.logging_config = parse_logging_config(json_object) return config
def from_json(conf_path): if os.path.exists(conf_path): file_content = file_utils.read_file(conf_path) else: file_content = "{}" config = ServerConfig() json_object = json.loads(file_content) address = "0.0.0.0" port = 5000 ssl = json_object.get("ssl") if ssl is not None: key_path = model_helper.read_obligatory(ssl, 'key_path', ' for ssl') cert_path = model_helper.read_obligatory(ssl, 'cert_path', ' for ssl') config.ssl = True config.ssl_key_path = key_path config.ssl_cert_path = cert_path port = 5443 if json_object.get("address"): address = json_object.get("address") config.address = address if json_object.get("port"): port = json_object.get("port") config.port = port if json_object.get('title'): config.title = json_object.get('title') if json_object.get("auth"): auth_object = json_object.get("auth") auth_type = auth_object.get("type") if not auth_type: raise Exception("Auth type should be specified") auth_type = auth_type.strip().lower() if auth_type == 'ldap': from auth.auth_ldap import LdapAuthorizer config.authorizer = LdapAuthorizer(auth_object) elif auth_type == 'google_oauth': from auth.auth_google_oauth import GoogleOauthAuthorizer config.authorizer = GoogleOauthAuthorizer(auth_object) else: raise Exception(auth_type + " auth is not supported") config.authorizer.auth_type = auth_type config.alerts_config = parse_alerts_config(json_object) return config
def __init__(self, params_dict): super().__init__() self.client_id = model_helper.read_obligatory(params_dict, 'client_id', ' for Google OAuth') secret_value = model_helper.read_obligatory(params_dict, 'secret', ' for Google OAuth') self.secret = model_helper.resolve_env_vars(secret_value, full_match=True) self.states = {} self._client_visible_config['client_id'] = self.client_id self._client_visible_config['oauth_url'] = tornado.auth.GoogleOAuth2Mixin._OAUTH_AUTHORIZE_URL self._client_visible_config['oauth_scope'] = 'email'
def __init__(self, params_dict, temp_folder): super().__init__() self.url = model_helper.read_obligatory(params_dict, 'url', ' for LDAP auth') username_pattern = strip(params_dict.get('username_pattern')) if username_pattern: self.username_template = Template(username_pattern) else: self.username_template = None base_dn = params_dict.get('base_dn') if base_dn: self._base_dn = base_dn.strip() else: resolved_base_dn = _resolve_base_dn(username_pattern) if resolved_base_dn: LOGGER.info('Resolved base dn: ' + resolved_base_dn) self._base_dn = resolved_base_dn else: LOGGER.warning( 'Cannot resolve LDAP base dn, so using empty. Please specify it using "base_dn" attribute' ) self._base_dn = '' self.version = params_dict.get("version") if not self.version: self.version = 3 self._groups_file = os.path.join(temp_folder, 'ldap_groups.json') self._user_groups = self._load_groups(self._groups_file)
def __init__(self, params_dict, temp_folder): super().__init__() self.url = model_helper.read_obligatory(params_dict, 'url', ' for LDAP auth') username_pattern = strip(params_dict.get('username_pattern')) if username_pattern: self.username_template = Template(username_pattern) else: self.username_template = None base_dn = params_dict.get('base_dn') if base_dn: self._base_dn = base_dn.strip() else: resolved_base_dn = _resolve_base_dn(username_pattern) if resolved_base_dn: LOGGER.info('Resolved base dn: ' + resolved_base_dn) self._base_dn = resolved_base_dn else: LOGGER.warning( 'Cannot resolve LDAP base dn, so using empty. Please specify it using "base_dn" attribute') self._base_dn = '' self.version = params_dict.get("version") if not self.version: self.version = 3 self._groups_file = os.path.join(temp_folder, 'ldap_groups.json') self._user_groups = self._load_groups(self._groups_file)
def __init__(self, params_dict): super().__init__() htpasswd_path = model_helper.read_obligatory(params_dict, 'htpasswd_path', ' for htpasswd auth') if not os.path.exists(htpasswd_path): raise InvalidServerConfigException('htpasswd path does not exist: ' + htpasswd_path) self.verifier = _select_verifier(htpasswd_path)
def __init__(self, params_dict): self.url = model_helper.read_obligatory(params_dict, 'url', ' for LDAP auth') if params_dict.get("username_pattern"): self.username_template = Template( params_dict.get("username_pattern")) self.version = params_dict.get("version") if not self.version: self.version = 3
def __init__(self, oauth_authorize_url, oauth_token_url, oauth_scope, params_dict): super().__init__() self.oauth_token_url = oauth_token_url self.oauth_scope = oauth_scope self.client_id = model_helper.read_obligatory(params_dict, 'client_id', ' for OAuth') secret_value = model_helper.read_obligatory(params_dict, 'secret', ' for OAuth') self.secret = model_helper.resolve_env_vars(secret_value, full_match=True) self._client_visible_config['client_id'] = self.client_id self._client_visible_config['oauth_url'] = oauth_authorize_url self._client_visible_config['oauth_scope'] = oauth_scope self.group_support = read_bool_from_config('group_support', params_dict, default=True) self.auth_info_ttl = params_dict.get('auth_info_ttl') self.session_expire = read_int_from_config( 'session_expire_minutes', params_dict, default=0) * 60 self.dump_file = params_dict.get('state_dump_file') if self.dump_file: self._validate_dump_file(self.dump_file) self._users = {} # type: Dict[str, _UserState] self._user_locks = defaultdict(lambda: threading.Lock()) self.timer = None if self.dump_file: self._restore_state() self._schedule_dump_task()
def from_json(conf_path, temp_folder): if os.path.exists(conf_path): file_content = file_utils.read_file(conf_path) else: file_content = "{}" config = ServerConfig() json_object = json.loads(file_content) address = "0.0.0.0" port = 5000 ssl = json_object.get("ssl") if ssl is not None: key_path = model_helper.read_obligatory(ssl, 'key_path', ' for ssl') cert_path = model_helper.read_obligatory(ssl, 'cert_path', ' for ssl') config.ssl = True config.ssl_key_path = key_path config.ssl_cert_path = cert_path port = 5443 if json_object.get("address"): address = json_object.get("address") config.address = address if json_object.get("port"): port = json_object.get("port") config.port = port if json_object.get('title'): config.title = json_object.get('title') access_config = json_object.get('access') if access_config: allowed_users = access_config.get('allowed_users') user_groups = model_helper.read_dict(access_config, 'groups') else: allowed_users = None user_groups = {} auth_config = json_object.get('auth') if auth_config: config.authenticator = create_authenticator(auth_config, temp_folder) auth_type = config.authenticator.auth_type if auth_type == 'google_oauth' and allowed_users is None: raise Exception('auth.allowed_users field is mandatory for ' + auth_type) def_trusted_ips = [] def_admins = [] else: def_trusted_ips = ['127.0.0.1', '::1'] def_admins = def_trusted_ips if access_config: config.trusted_ips = strip( read_list(access_config, 'trusted_ips', default=def_trusted_ips)) admin_users = _parse_admin_users(access_config, default_admins=def_admins) else: config.trusted_ips = def_trusted_ips admin_users = def_admins config.allowed_users = _prepare_allowed_users(allowed_users, admin_users, user_groups) config.alerts_config = parse_alerts_config(json_object) config.logging_config = parse_logging_config(json_object) config.user_groups = user_groups config.admin_users = admin_users config.max_request_size_mb = read_int_from_config('max_request_size', json_object, default=10) return config
def from_json(conf_path, temp_folder): if os.path.exists(conf_path): file_content = file_utils.read_file(conf_path) else: file_content = "{}" config = ServerConfig() json_object = json.loads(file_content) address = "0.0.0.0" port = 5000 ssl = json_object.get("ssl") if ssl is not None: key_path = model_helper.read_obligatory(ssl, 'key_path', ' for ssl') cert_path = model_helper.read_obligatory(ssl, 'cert_path', ' for ssl') config.ssl = True config.ssl_key_path = key_path config.ssl_cert_path = cert_path port = 5443 if json_object.get("address"): address = json_object.get("address") config.address = address if json_object.get("port"): port = json_object.get("port") config.port = port if json_object.get('title'): config.title = json_object.get('title') config.enable_script_titles = read_bool_from_config('enable_script_titles', json_object, default=True) access_config = json_object.get('access') if access_config: allowed_users = access_config.get('allowed_users') user_groups = model_helper.read_dict(access_config, 'groups') user_header_name = access_config.get('user_header_name') else: allowed_users = None user_groups = {} user_header_name = None auth_config = json_object.get('auth') if auth_config: config.authenticator = create_authenticator(auth_config, temp_folder) auth_type = config.authenticator.auth_type if auth_type == 'google_oauth' and allowed_users is None: raise Exception('access.allowed_users field is mandatory for ' + auth_type) def_trusted_ips = [] def_admins = [] else: def_trusted_ips = ['127.0.0.1', '::1'] def_admins = def_trusted_ips if access_config: trusted_ips = strip( read_list(access_config, 'trusted_ips', default=def_trusted_ips)) admin_users = _parse_admin_users(access_config, default_admins=def_admins) full_history_users = _parse_history_users(access_config) code_editor_users = _parse_code_editor_users(access_config, admin_users) else: trusted_ips = def_trusted_ips admin_users = def_admins full_history_users = [] code_editor_users = def_admins security = model_helper.read_dict(json_object, 'security') config.allowed_users = _prepare_allowed_users(allowed_users, admin_users, user_groups) config.alerts_config = json_object.get('alerts') config.callbacks_config = json_object.get('callbacks') config.logging_config = parse_logging_config(json_object) config.user_groups = user_groups config.admin_users = admin_users config.full_history_users = full_history_users config.code_editor_users = code_editor_users config.user_header_name = user_header_name config.ip_validator = TrustedIpValidator(trusted_ips) config.max_request_size_mb = read_int_from_config('max_request_size', json_object, default=10) config.secret_storage_file = json_object.get( 'secret_storage_file', os.path.join(temp_folder, 'secret.dat')) config.xsrf_protection = _parse_xsrf_protection(security) return config
def from_json(conf_path, temp_folder): if os.path.exists(conf_path): file_content = file_utils.read_file(conf_path) else: file_content = "{}" config = ServerConfig() json_object = json.loads(file_content) address = "0.0.0.0" port = 5000 ssl = json_object.get("ssl") if ssl is not None: key_path = model_helper.read_obligatory(ssl, 'key_path', ' for ssl') cert_path = model_helper.read_obligatory(ssl, 'cert_path', ' for ssl') config.ssl = True config.ssl_key_path = key_path config.ssl_cert_path = cert_path port = 5443 if json_object.get("address"): address = json_object.get("address") config.address = address if json_object.get("port"): port = json_object.get("port") config.port = port if json_object.get('title'): config.title = json_object.get('title') access_config = json_object.get('access') if access_config: allowed_users = access_config.get('allowed_users') user_groups = model_helper.read_dict(access_config, 'groups') else: allowed_users = None user_groups = {} auth_config = json_object.get('auth') if auth_config: config.authenticator = create_authenticator(auth_config, temp_folder) auth_type = config.authenticator.auth_type if auth_type == 'google_oauth' and allowed_users is None: raise Exception('auth.allowed_users field is mandatory for ' + auth_type) def_trusted_ips = [] def_admins = [] else: def_trusted_ips = ['127.0.0.1', '::1'] def_admins = def_trusted_ips if access_config: config.trusted_ips = strip(read_list(access_config, 'trusted_ips', default=def_trusted_ips)) admin_users = _parse_admin_users(access_config, default_admins=def_admins) else: config.trusted_ips = def_trusted_ips admin_users = def_admins config.allowed_users = _prepare_allowed_users(allowed_users, admin_users, user_groups) config.alerts_config = json_object.get('alerts') config.callbacks_config = json_object.get('callbacks') config.logging_config = parse_logging_config(json_object) config.user_groups = user_groups config.admin_users = admin_users config.max_request_size_mb = read_int_from_config('max_request_size', json_object, default=10) return config
def __init__(self, params_dict): self.url = read_obligatory(params_dict, 'url', ' for HTTP callback') if not self.url.strip().lower().startswith('http'): self.url = 'http://' + self.url.strip()
def __init__(self, params_dict): self.client_id = model_helper.read_obligatory(params_dict, 'client_id', ' for Google OAuth') self.secret = model_helper.read_obligatory(params_dict, 'secret', ' for Google OAuth') self.states = {}
def __init__(self, params_dict): command_config = read_obligatory(params_dict, 'command', ' for Script callback') self.command = process_utils.split_command(command_config)
def __init__(self, params_dict): self.url = read_obligatory(params_dict, 'url', ' for HTTP callback') if not self.url.strip().lower().startswith('http'): self.url = 'http://' + self.url.strip()
def __init__(self, params_dict): command_config = read_obligatory(params_dict, 'command', ' for Script callback') self.command = process_utils.split_command(command_config)