Ejemplo n.º 1
0
    def is_app_admin(self, app, user):
        ''' 
        used to determine app administrator membership
        necessary because splunkd auth does not advertise inherited roles
        '''
        sub_roles = []
        admin_list = app.entity['eai:acl']['perms']['write'] 

        if '*' in admin_list:
            return True
        for role in auth.getUser(name=user)['roles']:
            if role in admin_list: 
                return True
            sub_roles.append(role)
        for role in sub_roles:
            for irole in auth.getRole(name=role)['imported_roles']:
                if irole in admin_list: 
                    return True
        return False 
Ejemplo n.º 2
0
    def is_app_admin(self, app, user):
        ''' 
        used to determine app administrator membership
        necessary because splunkd auth does not advertise inherited roles
        '''
        sub_roles = []
        admin_list = app.entity['eai:acl']['perms']['write']

        if '*' in admin_list:
            return True
        for role in auth.getUser(name=user)['roles']:
            if role in admin_list:
                return True
            sub_roles.append(role)
        for role in sub_roles:
            for irole in auth.getRole(name=role)['imported_roles']:
                if irole in admin_list:
                    return True
        return False
Ejemplo n.º 3
0
            #can throw this error if we try and show a non-existent config
            displayResourceError(cmd=cmd,
                                 obj=obj,
                                 uri=restArgList['name'],
                                 serverContent=None)
            return
    #show:default-index has already been done for us, reuse it
    elif '%s:%s' % (cmd, obj) == 'show:default-index':
        defIndexList = []
        try:
            #first get the role associated with this user
            roles = auth.getUser(auth.getCurrentUser()['name'],
                                 sessionKey=sessionKey)['roles']
            #get details of each role
            for role in roles:
                indexes = auth.getRole(
                    role, sessionKey=sessionKey)['srchIndexesDefault']
                for index in indexes:
                    defIndexList.append(index)
        except:
            pass
        DISPLAY_CHARS[endpoint](cmd=cmd,
                                obj=obj,
                                sessionKey=sessionKey,
                                defIndex=defIndexList)

    #handle sync/async search
    elif cmd in ['search', 'dispatch']:
        if not restArgList['terms'].strip():
            displayGenericError(cmd=cmd, terms='')
            return
        if restArgList.has_key('detach') and restArgList['detach'] == 'true':
Ejemplo n.º 4
0
 elif '%s:%s' % (cmd,obj) == 'show:config':
    try:
       return handleShowConf(restArgList['name'], sessionKey, namespace, owner)
    except splunk.ResourceNotFound:
       #can throw this error if we try and show a non-existent config
       displayResourceError(cmd=cmd, obj=obj, uri=restArgList['name'], serverContent=None)
       return 
 #show:default-index has already been done for us, reuse it
 elif '%s:%s' % (cmd,obj) == 'show:default-index':
    defIndexList = []
    try:
       #first get the role associated with this user
       roles = auth.getUser(auth.getCurrentUser()['name'], sessionKey=sessionKey)['roles']
       #get details of each role
       for role in roles:
          indexes = auth.getRole(role, sessionKey=sessionKey)['srchIndexesDefault']
          for index in indexes:
             defIndexList.append(index)
    except:
       pass  
    DISPLAY_CHARS[endpoint](cmd=cmd, obj=obj, sessionKey=sessionKey, defIndex=defIndexList)
    
 #handle sync/async search
 elif cmd in ['search', 'dispatch']:
    if not restArgList['terms'].strip():
      displayGenericError(cmd=cmd, terms='') 
      return  
    if restArgList.has_key('detach') and restArgList['detach'] == 'true':
       return handleAsyncSearch(restArgList['terms'], sessionKey, namespace, owner, restArgList, dotSplunk)
    else:
       return handleSyncSearch(restArgList['terms'], sessionKey, namespace, owner, restArgList)