def render_GET(self, request):
subject = resourceutil.getSubject(request)
# authz check
ctx = [ (rights.CTX_VIEWGROUP, 'wlcg') ]
if not self.authorizer.isAllowed(subject, rights.ACTION_VIEW, ctx):
return self.renderAuthzErrorPage(request, 'WLCG oversight view', subject)
# access allowed
start_date, end_date = dateform.parseStartEndDates(request)
# set dates if not specified (defaults are current month, which is not what we want)
year, quart = dateform.currentYearQuart()
if not 'startdate' in request.args or request.args['startdate'] == ['']:
start_date, _ = dateform.quarterStartEndDates(year, quart)
if not 'enddate' in request.args or request.args['enddate'] == ['']:
_, end_date = dateform.quarterStartEndDates(year, quart)
if 'unit' in request.args and request.args['unit'][0] not in WLCG_UNIT_MAPPING:
return self.renderErrorPage('Invalid units parameters')
unit = request.args.get('unit', ['ksi2k-ne'])[0]
t_query_start = time.time()
d = self.retrieveWLCGData(start_date, end_date)
d.addCallback(self.renderWLCGViewPage, request, start_date, end_date, unit, t_query_start)
d.addErrback(self.renderErrorPage, request)
return server.NOT_DONE_YET
def render_GET(self, request):
subject = resourceutil.getSubject(request)
# authz check
ctx = [ (rights.CTX_VIEWGROUP, 'wlcg') ]
if not self.authorizer.isAllowed(subject, rights.ACTION_VIEW, ctx):
return self.renderAuthzErrorPage(request, 'WLCG oversight view', subject)
# access allowed
start_date, end_date = dateform.parseStartEndDates(request)
# set dates if not specified (defaults are current month, which is not what we want)
year, quart = dateform.currentYearQuart()
if not 'startdate' in request.args or request.args['startdate'] == ['']:
start_date, _ = dateform.quarterStartEndDates(year, quart)
if not 'enddate' in request.args or request.args['enddate'] == ['']:
_, end_date = dateform.quarterStartEndDates(year, quart)
if 'unit' in request.args and request.args['unit'][0] not in WLCG_UNIT_MAPPING:
return self.renderErrorPage('Invalid units parameters')
unit = request.args.get('unit', ['ksi2k-ne'])[0]
t_query_start = time.time()
d = self.retrieveWLCGData(start_date, end_date)
d.addCallback(self.renderWLCGViewPage, request, start_date, end_date, unit, t_query_start)
d.addErrback(self.renderErrorPage, request)
return server.NOT_DONE_YET
def render_GET(self, request):
subject = resourceutil.getSubject(request)
# authz check
if self.authorizer.hasRelevantRight(subject, rights.ACTION_VIEW):
d = self.retrieveMachineList()
d.addCallbacks(self.renderMachineList, self.renderErrorPage, callbackArgs=(request,), errbackArgs=(request,))
return server.NOT_DONE_YET
else:
return self.renderAuthzErrorPage(request, 'machine list', subject)
def render_GET(self, request):
subject = resourceutil.getSubject(request)
# authz check
ctx = [ (rights.CTX_VIEWGROUP, 'admin') ]
if self.authorizer.isAllowed(subject, rights.ACTION_VIEW, ctx):
d = self.retrieveDatabaseStats()
d.addCallbacks(self.renderAdminManifestPage, self.renderErrorPage, callbackArgs=(request,), errbackArgs=(request,))
return server.NOT_DONE_YET
else:
return self.renderAuthzErrorPage(request, 'administrators manifest', subject)
def render_GET(self, request):
subject = resourceutil.getSubject(request)
# authZ check
ctx = [ (rights.CTX_VIEW, self.view.view_name) ] + [ (rights.CTX_VIEWGROUP, vg) for vg in self.view.view_groups ]
if self.authorizer.isAllowed(subject, rights.ACTION_VIEW, context=ctx):
return self.renderView(request)
# access not allowed
request.write('<html><body>Access to view %s not allowed for %s</body></html>' % (self.view.view_name, subject))
request.finish()
return server.NOT_DONE_YET
def render_GET(self, request):
subject = resourceutil.getSubject(request)
# authz check
ctx = [ ('machine', self.machine_name) ]
if not self.authorizer.isAllowed(subject, rights.ACTION_VIEW, ctx):
return self.renderAuthzErrorPage(request, 'machine view for %s' % self.machine_name, subject)
# access allowed
start_date, end_date = dateform.parseStartEndDates(request)
d = self.retrieveMachineInfo(start_date, end_date)
d.addCallbacks(self.renderMachineView, self.renderErrorPage, callbackArgs=(request,), errbackArgs=(request,))
return server.NOT_DONE_YET
def render_GET(self, request):
subject = resourceutil.getSubject(request)
# authz check
if self.authorizer.hasRelevantRight(subject, rights.ACTION_VIEW):
d = self.retrieveMachineList()
d.addCallbacks(self.renderMachineList,
self.renderErrorPage,
callbackArgs=(request, ),
errbackArgs=(request, ))
return server.NOT_DONE_YET
else:
return self.renderAuthzErrorPage(request, 'machine list', subject)
def render_GET(self, request):
subject = resourceutil.getSubject(request)
# authZ check
ctx = [(rights.CTX_VIEW, self.view.view_name)
] + [(rights.CTX_VIEWGROUP, vg) for vg in self.view.view_groups]
if self.authorizer.isAllowed(subject, rights.ACTION_VIEW, context=ctx):
return self.renderView(request)
# access not allowed
request.write(
'<html><body>Access to view %s not allowed for %s</body></html>' %
(self.view.view_name, subject))
request.finish()
return server.NOT_DONE_YET
def render_GET(self, request):
subject = resourceutil.getSubject(request)
# authz check
ctx = [ (rights.CTX_VIEWGROUP, 'wlcg') ]
if not self.authorizer.isAllowed(subject, rights.ACTION_VIEW, ctx):
return self.renderAuthzErrorPage(request, 'WLCG %s view' % self.path, subject)
# access allowed
start_date, end_date = dateform.parseStartEndDates(request)
t_query_start = time.time()
d = self.retrieveWLCGData(start_date, end_date)
d.addCallback(self.renderWLCGViewPage, request, start_date, end_date, t_query_start)
d.addErrback(self.renderErrorPage, request)
return server.NOT_DONE_YET
def render_GET(self, request):
subject = resourceutil.getSubject(request)
# authz check
ctx = [ (rights.CTX_VIEWGROUP, 'wlcg') ]
if not self.authorizer.isAllowed(subject, rights.ACTION_VIEW, ctx):
return self.renderAuthzErrorPage(request, 'WLCG %s view' % self.path, subject)
# access allowed
start_date, end_date = dateform.parseStartEndDates(request)
t_query_start = time.time()
d = self.retrieveWLCGData(start_date, end_date)
d.addCallback(self.renderWLCGViewPage, request, start_date, end_date, t_query_start)
d.addErrback(self.renderErrorPage, request)
return server.NOT_DONE_YET
def render_GET(self, request):
subject = resourceutil.getSubject(request)
# authz check
ctx = [('machine', self.machine_name)]
if not self.authorizer.isAllowed(subject, rights.ACTION_VIEW, ctx):
return self.renderAuthzErrorPage(
request, 'machine view for %s' % self.machine_name, subject)
# access allowed
start_date, end_date = dateform.parseStartEndDates(request)
d = self.retrieveMachineInfo(start_date, end_date)
d.addCallbacks(self.renderMachineView,
self.renderErrorPage,
callbackArgs=(request, ),
errbackArgs=(request, ))
return server.NOT_DONE_YET
def render_GET(self, request):
subject = resourceutil.getSubject(request)
# authz check
ctx = [ (rights.CTX_VIEWGROUP, 'wlcg') ]
if not self.authorizer.isAllowed(subject, rights.ACTION_VIEW, ctx):
return self.renderAuthzErrorPage(request, 'WLCG Storage View', subject)
# access allowed
date = dateform.parseDate(request)
media = request.args.get('media',['all'])[0]
t_query_start = time.time()
d = self.retrieveWLCGData(date)
d.addCallback(self.renderWLCGViewPage, request, date, media, t_query_start)
d.addErrback(self.renderErrorPage, request)
return server.NOT_DONE_YET
def render_GET(self, request):
subject = resourceutil.getSubject(request)
# authz check
ctx = [ (rights.CTX_VIEWGROUP, 'wlcg') ]
if not self.authorizer.isAllowed(subject, rights.ACTION_VIEW, ctx):
return self.renderAuthzErrorPage(request, 'WLCG Storage View', subject)
# access allowed
date = dateform.parseDate(request)
media = request.args.get('media',['all'])[0]
t_query_start = time.time()
d = self.retrieveWLCGData(date)
d.addCallback(self.renderWLCGViewPage, request, date, media, t_query_start)
d.addErrback(self.renderErrorPage, request)
return server.NOT_DONE_YET
def render_GET(self, request):
subject = resourceutil.getSubject(request)
# authz check
ctx = [ (rights.CTX_VIEWGROUP, 'wlcg') ]
if not self.authorizer.isAllowed(subject, rights.ACTION_VIEW, ctx):
return self.renderAuthzErrorPage(request, 'WLCG view', subject)
# access allowed
request.write(html.HTML_VIEWBASE_HEADER % {'title': 'WLCG Views'})
request.write( html.createTitle('WLCG Views') )
for view_url, ( description, _ ) in self.subview.items():
request.write('<div><a href=wlcg/%s>%s</a></div>\n' % (view_url, description))
request.write( html.P )
request.write(html.HTML_VIEWBASE_FOOTER)
request.finish()
return server.NOT_DONE_YET
def render_GET(self, request):
subject = resourceutil.getSubject(request)
# authz check
ctx = [ (rights.CTX_VIEWGROUP, 'wlcg') ]
if not self.authorizer.isAllowed(subject, rights.ACTION_VIEW, ctx):
return self.renderAuthzErrorPage(request, 'WLCG view', subject)
# access allowed
request.write(html.HTML_VIEWBASE_HEADER % {'title': 'WLCG Views'})
request.write( html.createTitle('WLCG Views') )
for view_url, ( description, _ ) in self.subview.items():
request.write('<div><a href=wlcg/%s>%s</a></div>\n' % (view_url, description))
request.write( html.P )
request.write(html.HTML_VIEWBASE_FOOTER)
request.finish()
return server.NOT_DONE_YET
def render_POST(self, request):
def insertDone(result):
request.write(json.dumps(result))
request.finish()
def insertError(error):
#log.msg("Error during insert: %s" % error.getErrorMessage(), system='sgas.InsertResource')
log.msg(self.insert_error_msg % error.getErrorMessage(), system='sgas.InsertResource')
log.err(error)
error_msg = error.getErrorMessage()
if error.check(dberror.DatabaseUnavailableError):
request.setResponseCode(503) # service unavailable
error_msg = 'Database currently unavailable. Please try again later.'
elif error.check(dberror.SecurityError):
request.setResponseCode(406) # not acceptable
else:
request.setResponseCode(500)
request.write(error_msg)
request.finish()
# FIXME check for postpath, and if any reject request
subject = resourceutil.getSubject(request)
if not self.authorizer.hasRelevantRight(subject, self.authz_right):
reject_msg = self.insert_authz_reject_msg % subject
#log.msg("Rejecting insert for %s, has no insert rights." % subject)
log.msg(reject_msg)
request.setResponseCode(403) # forbidden
return reject_msg
# request allowed, continue
# hostname is used for logging / provenance in the usage records
hostname = resourceutil.getHostname(request) or resourceutil.getCN(subject)
request.content.seek(0)
data = request.content.read()
d = self.insertRecords(data, subject, hostname)
d.addCallbacks(insertDone, insertError)
return server.NOT_DONE_YET
def render_POST(self, request):
def insertDone(result):
request.write(json.dumps(result))
request.finish()
def insertError(error):
#log.msg("Error during insert: %s" % error.getErrorMessage(), system='sgas.InsertResource')
log.msg(self.insert_error_msg % error.getErrorMessage(), system='sgas.InsertResource')
log.err(error)
error_msg = error.getErrorMessage()
if error.check(dberror.DatabaseUnavailableError):
request.setResponseCode(503) # service unavailable
error_msg = 'Database currently unavailable. Please try again later.'
elif error.check(dberror.SecurityError):
request.setResponseCode(406) # not acceptable
else:
request.setResponseCode(500)
request.write(error_msg)
request.finish()
# FIXME check for postpath, and if any reject request
subject = resourceutil.getSubject(request)
if not self.authorizer.hasRelevantRight(subject, self.authz_right):
reject_msg = self.insert_authz_reject_msg % subject
#log.msg("Rejecting insert for %s, has no insert rights." % subject)
log.msg(reject_msg)
request.setResponseCode(403) # forbidden
return reject_msg
# request allowed, continue
# hostname is used for logging / provenance in the usage records
hostname = resourceutil.getHostname(request)
request.content.seek(0)
data = request.content.read()
d = self.insertRecords(data, subject, hostname)
d.addCallbacks(insertDone, insertError)
return server.NOT_DONE_YET
def render_GET(self, request):
#print request.postpath
subject = resourceutil.getSubject(request)
if not self.authorizer.isAllowed(subject, ACTION_MONITOR, () ):
request.setResponseCode(403) # forbidden
return "Monitoring not allowed for %s" % subject
# request allowed, continue
if not len(request.postpath) in (1,2):
return self.renderErrorPage('Invalid machine specification', request)
machine_name = request.postpath[0]
insert_host = None
if len(request.postpath) == 2:
insert_host = request.postpath[1]
d = self.queryStatus(machine_name, insert_host)
d.addCallback(self.renderMonitorStatus, machine_name, request)
d.addErrback(self.renderErrorPage, request)
return server.NOT_DONE_YET
def render_GET(self, request):
#print request.postpath
subject = resourceutil.getSubject(request)
if not self.authorizer.isAllowed(subject, ACTION_MONITOR, ()):
request.setResponseCode(403) # forbidden
return "Monitoring not allowed for %s" % subject
# request allowed, continue
if not len(request.postpath) in (1, 2):
return self.renderErrorPage('Invalid machine specification',
request)
machine_name = request.postpath[0]
insert_host = None
if len(request.postpath) == 2:
insert_host = request.postpath[1]
d = self.queryStatus(machine_name, insert_host)
d.addCallback(self.renderMonitorStatus, machine_name, request)
d.addErrback(self.renderErrorPage, request)
return server.NOT_DONE_YET
def render_GET(self, request):
subject = resourceutil.getSubject(request)
return self.renderStartPage(request, subject)
def render_GET(self, request):
subject = resourceutil.getSubject(request)
return self.renderStartPage(request, subject)
class QueryResource(resource.Resource):
PLUGIN_ID = 'query'
PLUGIN_NAME = 'Query'
isLeaf = True
def __init__(self, cfg, db, authorizer):
resource.Resource.__init__(self)
self.db = db
self.authorizer = authorizer
authorizer.addChecker(ACTION_QUERY, ctxsetchecker.AllSetChecker)
authorizer.rights.addActions(ACTION_QUERY)
authorizer.rights.addOptions(ACTION_QUERY,[rights.OPTION_ALL])
authorizer.rights.addContexts(ACTION_QUERY,[CTX_MACHINE_NAME, CTX_USER_IDENTITY, CTX_VO_NAME])
def queryDatabase(self, query_args):
query, query_args = querybuilder.buildQuery(query_args)
d = self.db.query(query, query_args)
return d
def render_GET(self, request):
try:
query_args = queryparser.parseURLArguments(request.args)
except queryparser.QueryParseError, e:
request.setResponseCode(400) # bad request
log.msg('Rejecting query request: %s' % str(e), system='sgas.QueryResource')
return str(e)
authz_params = queryparser.filterAuthzParams(query_args)
subject = resourceutil.getSubject(request)
if not self.authorizer.isAllowed(subject, ACTION_QUERY, context=authz_params.items()):
request.setResponseCode(403) # forbidden
return "Query not allowed for given context for identity %s" % subject
# request allowed, continue
hostname = resourceutil.getHostname(request)
log.msg('Accepted query request from %s' % hostname, system='sgas.QueryResource')
def gotDatabaseResult(rows):
records = queryrowrp.buildDictRecords(rows, query_args)
payload = json.dumps(records)
request.setHeader(HTTP_HEADER_CONTENT_TYPE, JSON_MIME_TYPE)
request.write(payload)
request.finish()
def queryError(error):
log.msg('Queryengine error: %s' % str(error), system='sgas.QueryResource')
log.msg('Queryengine error args' % str(query_args), system='sgas.QueryResource')
request.setResponseCode(500)
request.write('Queryengine error (%s)' % str(error), system='sgas.QueryResource')
request.finish()
def resultHandlingError(error):
log.msg('Query result error: %s' % str(error), system='sgas.QueryResource')
log.msg('Query result error args' % str(query_args), system='sgas.QueryResource')
request.setResponseCode(500)
request.write('Query result error (%s)' % str(error), system='sgas.QueryResource')
request.finish()
d = self.queryDatabase(query_args)
d.addCallbacks(gotDatabaseResult, queryError)
d.addErrback(resultHandlingError)
return server.NOT_DONE_YET
class QueryResource(resource.Resource):
PLUGIN_ID = 'customquery'
PLUGIN_NAME = 'CustomQuery'
isLeaf = True
def __init__(self, cfg, db, authorizer):
resource.Resource.__init__(self)
self.db = db
self.authorizer = authorizer
self.queries = querydefinition.buildQueryList(cfg)
self.authorizer.addChecker(ACTION_CUSTOMQUERY,
ctxsetchecker.AllSetChecker)
self.authorizer.rights.addActions(ACTION_CUSTOMQUERY)
self.authorizer.rights.addOptions(ACTION_CUSTOMQUERY,
[authrights.OPTION_ALL])
self.authorizer.rights.addContexts(
ACTION_CUSTOMQUERY,
[CTX_MACHINE_NAME, CTX_USER_IDENTITY, CTX_VO_NAME])
def queryDatabase(self, query, query_args):
return self.db.dictquery(query, query_args)
def render_GET(self, request):
if not len(request.postpath) == 1:
request.setResponseCode(400) # bad request
log.msg('Missing query name', system='sgas.QueryResource')
return "Missing query name"
query_name = request.postpath[0]
if not query_name:
request.setResponseCode(400) # bad request
log.msg('Missing query name', system='sgas.QueryResource')
return "Missing query name"
query = None
for q in self.queries:
if q.query_name == query_name:
query = q
if not query:
request.setResponseCode(400) # bad request
log.msg('Query "%s" does not exist' % query_name,
system='sgas.QueryResource')
return "Query does not exist"
try:
query_args = query.parseURLArguments(request.args)
except querydefinition.QueryParseError, e:
request.setResponseCode(400) # bad request
log.msg('Rejecting custom query request: %s' % str(e),
system='sgas.QueryResource')
return str(e)
ctx = [(rights.CTX_QUERY, query_name)] + [(rights.CTX_QUERYGROUP, vg)
for vg in query.query_group]
subject = resourceutil.getSubject(request)
if not self.authorizer.isAllowed(
subject, ACTION_CUSTOMQUERY, context=ctx):
request.setResponseCode(403) # forbidden
return "CustomQuery not allowed for given context for identity %s" % subject
# request allowed, continue
hostname = resourceutil.getHostname(request)
log.msg('Accepted query request from %s' % hostname,
system='sgas.QueryResource')
def gotDatabaseResult(rows):
payload = json.dumps(rows)
request.setHeader(HTTP_HEADER_CONTENT_TYPE, JSON_MIME_TYPE)
request.write(payload)
request.finish()
def queryError(error):
log.msg('Queryengine error: %s' % str(error),
system='sgas.QueryResource')
log.msg('Queryengine error args' % str(query_args),
system='sgas.QueryResource')
request.setResponseCode(500)
request.write('Queryengine error (%s)' % str(error),
system='sgas.QueryResource')
request.finish()
def resultHandlingError(error):
log.msg('Query result error: %s' % str(error),
system='sgas.QueryResource')
log.msg('Query result error args' % str(query_args),
system='sgas.QueryResource')
request.setResponseCode(500)
request.write('Query result error (%s)' % str(error),
system='sgas.QueryResource')
request.finish()
d = self.queryDatabase(query.query, query_args)
d.addCallbacks(gotDatabaseResult, queryError)
d.addErrback(resultHandlingError)
return server.NOT_DONE_YET