def enable_root(self, context, root_password=None): """Create a root user or reset the root user password. The default superuser for PgSql is postgres, but that account is used for administration. Instead, this method will create a new user called root that also has superuser privileges. If no root_password is given then a random UUID will be used for the superuser password. Return value is a dictionary in the following form: {"_name": "root", "_password": ""} """ user = { "_name": "root", "_password": root_password or str(uuid.uuid4()), } LOG.debug( "{guest_id}: Creating root user with password {password}.".format( guest_id=CONF.guest_id, password=user['_password'], )) query = pgutil.UserQuery.create( name=user['_name'], password=user['_password'], ) if self.is_root_enabled(context): query = pgutil.UserQuery.update_password( name=user['_name'], password=user['_password'], ) pgutil.psql(query, timeout=30) return user
def change_passwords(self, context, users): """Change the passwords of one or more existing users. The users parameter is a list of dictionaries in the following form: {"name": "", "password": ""} """ for user in users: LOG.debug( "{guest_id}: Changing password for {user} to {password}.". format( guest_id=CONF.guest_id, user=user['name'], password=user['password'], )) LOG.info( _("{guest_id}: Changing password for {user} to {password}."). format( guest_id=CONF.guest_id, user=user['name'], password="******", )) pgutil.psql( pgutil.UserQuery.update_password( user=user['name'], password=user['password'], ), timeout=30, )
def create_user(self, context, users): """Create users and grant privileges for the specified databases. The users parameter is a list of dictionaries in the following form: {"_name": "", "_password": "", "_databases": [{"_name": ""}, ...]} """ for user in users: LOG.debug( "{guest_id}: Creating user {name} with password {password}.". format( guest_id=CONF.guest_id, name=user['_name'], password=user['_password'], )) LOG.info( _("{guest_id}: Creating user {name} with password {password}." ).format( guest_id=CONF.guest_id, name=user['_name'], password="******", )) pgutil.psql( pgutil.UserQuery.create( name=user['_name'], password=user['_password'], ), timeout=30, ) self.grant_access( context, user['_name'], None, [d['_name'] for d in user['_databases']], )
def enable_root(self, context, root_password=None): """Create a root user or reset the root user password. The default superuser for PgSql is postgres, but that account is used for administration. Instead, this method will create a new user called root that also has superuser privileges. If no root_password is given then a random UUID will be used for the superuser password. Return value is a dictionary in the following form: {"_name": "root", "_password": ""} """ user = { "_name": "root", "_password": root_password or str(uuid.uuid4()), } LOG.debug( "{guest_id}: Creating root user with password {password}.".format( guest_id=CONF.guest_id, password=user['_password'], ) ) query = pgutil.UserQuery.create( name=user['_name'], password=user['_password'], ) if self.is_root_enabled(context): query = pgutil.UserQuery.update_password( name=user['_name'], password=user['_password'], ) pgutil.psql(query, timeout=30) return user
def create_database(self, context, databases): """Create the list of specified databases. The databases parameter is a list of dictionaries in the following form: {"_name": "", "_character_set": "", "_collate": ""} Encoding and collation values are validated in trove.guestagent.db.models. """ for database in databases: encoding = database.get('_character_set') collate = database.get('_collate') LOG.info( _("{guest_id}: Creating database {name}.").format( guest_id=CONF.guest_id, name=database['_name'], ) ) pgutil.psql( pgutil.DatabaseQuery.create( name=database['_name'], encoding=encoding, collation=collate, ), timeout=30, )
def change_passwords(self, context, users): """Change the passwords of one or more existing users. The users parameter is a list of dictionaries in the following form: {"name": "", "password": ""} """ for user in users: LOG.debug( "{guest_id}: Changing password for {user} to {password}." .format( guest_id=CONF.guest_id, user=user['name'], password=user['password'], ) ) LOG.info( _("{guest_id}: Changing password for {user} to {password}.") .format( guest_id=CONF.guest_id, user=user['name'], password="******", ) ) pgutil.psql( pgutil.UserQuery.update_password( user=user['name'], password=user['password'], ), timeout=30, )
def create_database(self, context, databases): """Create the list of specified databases. The databases parameter is a list of dictionaries in the following form: {"_name": "", "_character_set": "", "_collate": ""} Encoding and collation values are validated in trove.guestagent.db.models. """ for database in databases: encoding = database.get('_character_set') collate = database.get('_collate') LOG.info( _("{guest_id}: Creating database {name}.").format( guest_id=CONF.guest_id, name=database['_name'], )) pgutil.psql( pgutil.DatabaseQuery.create( name=database['_name'], encoding=encoding, collation=collate, ), timeout=30, )
def update_attributes(self, context, username, hostname, user_attrs): """Change the attributes of one existing user. The username and hostname parameters are strings. The user_attrs parameter is a dictionary in the following form: {"password": "", "name": ""} Each key/value pair in user_attrs is optional. """ if user_attrs.get('password') is not None: self.change_passwords( context, ( { "name": username, "password": user_attrs['password'], }, ), ) if user_attrs.get('name') is not None: access = self.list_access(context, username, None) LOG.info( _("{guest_id}: Changing username for {old} to {new}.").format( guest_id=CONF.guest_id, old=username, new=user_attrs['name'], ) ) pgutil.psql( pgutil.psql.UserQuery.update_name( old=username, new=user_attrs['name'], ), timeout=30, ) # Regrant all previous access after the name change. LOG.info( _("{guest_id}: Regranting permissions from {old} to {new}.") .format( guest_id=CONF.guest_id, old=username, new=user_attrs['name'], ) ) self.grant_access( context, username=user_attrs['name'], hostname=None, databases=(db['_name'] for db in access) )
def delete_database(self, context, database): """Delete the specified database. The database parameter is a dictionary in the following form: {"_name": ""} """ LOG.info( _("{guest_id}: Dropping database {name}.").format( guest_id=CONF.guest_id, name=database['_name'], )) pgutil.psql( pgutil.DatabaseQuery.drop(name=database['_name']), timeout=30, )
def delete_user(self, context, user): """Delete the specified user. The user parameter is a dictionary in the following form: {"_name": ""} """ LOG.info( _("{guest_id}: Dropping user {name}.").format( guest_id=CONF.guest_id, name=user['_name'], )) pgutil.psql( pgutil.UserQuery.drop(name=user['_name']), timeout=30, )
def delete_database(self, context, database): """Delete the specified database. The database parameter is a dictionary in the following form: {"_name": ""} """ LOG.info( _("{guest_id}: Dropping database {name}.").format( guest_id=CONF.guest_id, name=database['_name'], ) ) pgutil.psql( pgutil.DatabaseQuery.drop(name=database['_name']), timeout=30, )
def delete_user(self, context, user): """Delete the specified user. The user parameter is a dictionary in the following form: {"_name": ""} """ LOG.info( _("{guest_id}: Dropping user {name}.").format( guest_id=CONF.guest_id, name=user['_name'], ) ) pgutil.psql( pgutil.UserQuery.drop(name=user['_name']), timeout=30, )
def revoke_access(self, context, username, hostname, database): """Revoke a user's permission to use a given database. The username and hostname parameters are strings. The database parameter is a string representing the name of the database. """ LOG.info( _("{guest_id}: Revoking user ({user}) access to database" "({database}).").format( guest_id=CONF.guest_id, user=username, database=database, )) pgutil.psql( pgutil.AccessQuery.revoke( user=username, database=database, ), timeout=30, )
def grant_access(self, context, username, hostname, databases): """Give a user permission to use a given database. The username and hostname parameters are strings. The databases parameter is a list of strings representing the names of the databases to grant permission on. """ for database in databases: LOG.info( _("{guest_id}: Granting user ({user}) access to database " "({database}).").format( guest_id=CONF.guest_id, user=username, database=database, )) pgutil.psql( pgutil.AccessQuery.grant( user=username, database=database, ), timeout=30, )
def revoke_access(self, context, username, hostname, database): """Revoke a user's permission to use a given database. The username and hostname parameters are strings. The database parameter is a string representing the name of the database. """ LOG.info( _("{guest_id}: Revoking user ({user}) access to database" "({database}).").format( guest_id=CONF.guest_id, user=username, database=database, ) ) pgutil.psql( pgutil.AccessQuery.revoke( user=username, database=database, ), timeout=30, )
def grant_access(self, context, username, hostname, databases): """Give a user permission to use a given database. The username and hostname parameters are strings. The databases parameter is a list of strings representing the names of the databases to grant permission on. """ for database in databases: LOG.info( _("{guest_id}: Granting user ({user}) access to database " "({database}).").format( guest_id=CONF.guest_id, user=username, database=database, ) ) pgutil.psql( pgutil.AccessQuery.grant( user=username, database=database, ), timeout=30, )
def create_user(self, context, users): """Create users and grant privileges for the specified databases. The users parameter is a list of dictionaries in the following form: {"_name": "", "_password": "", "_databases": [{"_name": ""}, ...]} """ for user in users: LOG.debug( "{guest_id}: Creating user {name} with password {password}." .format( guest_id=CONF.guest_id, name=user['_name'], password=user['_password'], ) ) LOG.info( _("{guest_id}: Creating user {name} with password {password}.") .format( guest_id=CONF.guest_id, name=user['_name'], password="******", ) ) pgutil.psql( pgutil.UserQuery.create( name=user['_name'], password=user['_password'], ), timeout=30, ) self.grant_access( context, user['_name'], None, [d['_name'] for d in user['_databases']], )