def launch(self):
"""
Worker method for creating a new ACL object definition.
"""
# Make sure the type definition is not already used
if DBGatewayACLObjects.objects.filter(type=self.attr['type']).count():
return invalid('Failed to create ACL object type [%s], already defined' % self.attr['type'])
# Check the ACL and object module/class definitions
for key,status in {
'acl': mod_has_class(self.attr['acl_mod'], self.attr['acl_cls'], no_launch=True),
'obj': mod_has_class(self.attr['obj_mod'], self.attr['obj_cls'], no_launch=True)
}.iteritems():
if not status['valid']:
return status
# Set a unique ID for the ACL object
self.attr['uuid'] = str(uuid4())
# If a default ACL UUID is supplied
if ('def_acl' in self.api.data):
if not DBGatewayACLKeys.objects.filter(uuid=self.attr['def_acl']).count():
return invalid('Failed to create ACL object type [%s], default ACL [%s] not found' % (self.attr['type'], self.attr['def_acl']))
# Get the default ACL object
self.attr['def_acl'] = DBGatewayACLKeys.objects.get(uuid=self.api.data['def_acl'])
# Make sure the ACL has object type authentication enabled
if not self.attr['def_acl'].type_object:
return invalid('Failed to create ACL object type [%s], default ACL [%s] must have object authentication enabled' % (self.attr['type'], self.attr['def_acl']['uuid']))
# Create the ACL object definition
try:
DBGatewayACLObjects(**self.attr).save()
# Critical error when saving ACL object definition
except Exception as e:
return invalid(self.api.log.exception('Failed to create ACL object type [%s]: %s' % (self.attr['type'], str(e))))
# Return the response
return valid('Successfully created ACL object definition', {
'type': self.attr['type'],
'uuid': self.attr['uuid'],
'name': self.attr['name']
})
def launch(self):
"""
Worker method for creating a new utility.
"""
# Creation parameters
params = {
'uuid': str(uuid4()),
'path': self.api.data['path'],
'desc': self.api.data['desc'],
'method': self.api.data['method'],
'mod': self.api.data['mod'],
'cls': self.api.data['cls'],
'utils': json.dumps(self.api.data.get('utils', [])),
'protected': self.api.data['protected'],
'enabled': self.api.data['enabled'],
'object': self.api.data.get('object'),
'object_key': self.api.data.get('object_key'),
'locked': False,
'locked_by': None,
'rmap': json.dumps({
'_type': 'dict',
'_required': [],
'_optional': []
})
}
# Try to import the module and make sure it contains the class definition
mod_status = mod_has_class(params['mod'], params['cls'])
if not mod_status['valid']:
return mod_status
# Save the utility
try:
DBGatewayUtilities(**params).save()
# Return the response
return valid('Successfully created utility', {
'uuid': params['uuid'],
'path': params['path'],
'method': params['method'],
'desc': params['desc'],
'enabled': params['enabled'],
'protected': params['protected']
})
# Failed to save utility
except Exception as e:
return invalid('Failed to create utility: %s' % str(e))
def launch(self):
"""
Worker method for creating a new endpoint.
"""
# Concatenate the path and action to the name
ep_name = '%s/%s' % (self.api.data['path'], self.api.data['action'])
ep_desc = self.api.data['desc']
ep_path = self.api.data['path']
ep_action = self.api.data['action']
ep_method = self.api.data['method']
ep_class = self.api.data['cls']
ep_mod = self.api.data['mod']
ep_utils = '[]' if not ('utils' in self.api.data) else self.api.data['utils']
ep_uuid = str(uuid4())
ep_protected = self.api.data['protected']
ep_enabled = self.api.data['enabled']
ep_object = None if not ('object' in self.api.data) else self.api.data['object']
ep_obj_key = None if not ('object_key' in self.api.data) else self.api.data['object_key']
ep_rmap = json.dumps({
'_type': 'dict',
'_required': [],
'_optional': ['_data']
})
# Make sure the name isn't taken already
if DBAuthEndpoints.objects.filter(name=ep_name).count():
return invalid('The endpoint <%s> already exists, please use a different <path>/<action> combination' % ep_name)
# Try to import the module and make sure it contains the class definition
mod_status = mod_has_class(ep_mod, ep_class)
if not mod_status['valid']:
return mod_status
# Save the endpoint
try:
endpoint = DBAuthEndpoints(
uuid = ep_uuid,
name = ep_name,
desc = ep_desc,
path = ep_path,
action = ep_action,
method = ep_method,
mod = ep_mod,
cls = ep_class,
utils = ep_utils,
rmap = ep_rmap,
protected = ep_protected,
enabled = ep_enabled,
object = ep_object,
object_key = ep_obj_key,
locked = False,
locked_by = None
)
endpoint.save()
# Construct and return web data
web_data = {
'uuid': ep_uuid,
'name': ep_name,
'path': ep_path,
'action': ep_action,
'method': ep_method,
'desc': ep_desc,
'enabled': ep_enabled,
'protected': ep_protected
}
return valid('Successfully created endpoint', web_data)
# Failed to save endpoint
except Exception as e:
return invalid('Failed to create endpoint: %s' % str(e))
def launch(self):
"""
Worker method for updating an ACL object.
"""
# Make sure the object definition exists
if not DBAuthACLObjects.objects.filter(type=self.type).count():
return invalid('Failed to update ACL object, type definition <%s> not found' % self.type)
# Get the existing ACL object definition
acl_obj = DBAuthACLObjects.objects.filter(type=self.type).values()[0]
# ACL module / class
acl_mod = acl_obj['acl_mod'] if not ('acl_mod' in self.api.data) else self.api.data['acl_mod']
acl_cls = acl_obj['acl_cls'] if not ('acl_cls' in self.api.data) else self.api.data['acl_cls']
# Make sure the module/class combination is valid
acl_mod_status = mod_has_class(acl_mod, acl_cls, no_launch=True)
if not acl_mod_status['valid']:
return acl_mod_status
# Object module / class
obj_mod = acl_obj['obj_mod'] if not ('obj_mod' in self.api.data) else self.api.data['obj_mod']
obj_cls = acl_obj['obj_cls'] if not ('obj_cls' in self.api.data) else self.api.data['obj_cls']
# Make sure the module/class combination is valid
obj_mod_status = mod_has_class(obj_mod, obj_cls, no_launch=True)
if not obj_mod_status['valid']:
return obj_mod_status
# If updating the default ACL definition
def_acl = None
if 'def_acl' in self.api.data:
# Make sure the default ACL exists
if not DBAuthACLKeys.objects.filter(uuid=self.api.data['def_acl']).count():
return invalid('Failed to update ACL object type <%s>, default ACL <%s> not found' % (self.type, self.api.data['def_acl']))
# Get the default ACL object
def_acl = DBAuthACLKeys.objects.get(uuid=self.api.data['def_acl'])
# Make sure the ACL has object type authentication enabled
if not def_acl.type_object:
return invalid('Failed to update ACL object type <%s>, default ACL <%s> must have object authentication enabled' % (self.type, def_acl.uuid))
# Clear the UUID string from the API data
del self.api.data['def_acl']
# Update the object definition
try:
# Update string values
DBAuthACLObjects.objects.filter(type=self.type).update(**self.api.data)
# If changing the default ACL
if def_acl:
acl_obj = DBAuthACLObjects.objects.get(type=self.type)
acl_obj.def_acl = def_acl
acl_obj.save()
# Critical error when updating ACL object definition
except Exception as e:
return invalid('Failed to update ACL object: %s' % str(e))
# Successfully updated object
return valid('Successfully updated ACL object')
def _validate(self):
"""
Validate the endpoint attributes.
"""
# Get all endpoints
endpoint_all = DBAuthEndpoints.objects.all().values()
# ACL objects
acl_objects = list(DBAuthACLObjects.objects.all().values())
# Construct available endpoint utilities
endpoint_utils = []
for ep in endpoint_all:
endpoint_utils.append('%s.%s' % (ep['mod'], ep['cls']))
# Get the endpoint details
endpoint_row = DBAuthEndpoints.objects.filter(uuid=self.endpoint).values()[0]
# Default values
path = endpoint_row['path'] if not ('path' in self.api.data) else self.api.data['path']
action = endpoint_row['action'] if not ('action' in self.api.data) else self.api.data['action']
method = endpoint_row['method'] if not ('method' in self.api.data) else self.api.data['method']
enabled = endpoint_row['enabled'] if not ('enabled' in self.api.data) else self.api.data['enabled']
protected = endpoint_row['protected'] if not ('protected' in self.api.data) else self.api.data['protected']
mod = endpoint_row['mod'] if not ('mod' in self.api.data) else self.api.data['mod']
cls = endpoint_row['cls'] if not ('cls' in self.api.data) else self.api.data['cls']
utils = endpoint_row['utils'] if not ('utils' in self.api.data) else self.api.data['utils']
rmap = endpoint_row['rmap'] if not ('rmap' in self.api.data) else self.api.data['rmap']
object = endpoint_row['object'] if not ('object' in self.api.data) else self.api.data['object']
object_key = endpoint_row['object_key'] if not ('object_key' in self.api.data) else self.api.data['object_key']
# Make sure the path and action strings are valid
if not re.match(r'^[a-z][a-z\/]*[a-z]$', path):
return invalid('Failed to validate endpoint <%s>, invalid <path> value: %s' % (self.endpoint, path))
if not re.match(r'^[a-z]*$', action):
return invalid('Failed to validate endpoint <%s>, invalid <action> value: %s' % (self.endpoint, action))
# Make sure the method is valid
if not method in ['GET', 'POST', 'PUT', 'DELETE']:
return invalid('Failed to validate endpoint <%s>, invalid <method> value: %s' % (self.endpoint, method))
# Make sure the object type is supported
obj_supported = False if object else True
for acl_obj in acl_objects:
if acl_obj['type'] == object:
obj_supported = True
break
if not obj_supported:
return invalid('Failed to validate endpoint, using unsupported endpoint object type <%s>' % object)
# Make sure the request map is valid JSON
try:
tmp = json.loads(rmap)
except Exception as e:
return invalid('Failed to validate request map JSON: %s' % str(e))
# Validate the module
mod_path = mod.replace('.', '/')
if not os.path.isfile('%s/python/%s.py' % (C_BASE, mod_path)):
return invalid('Failed to validate endpoint <%s>, module <%s> not found' % (self.endpoint, mod))
# Validate the class
mod_status = mod_has_class(mod, cls)
if not mod_status['valid']:
return mod_status
# Validate external utilities
for util in utils:
if not util in endpoint_utils:
return invalid('Failed to validate endpoint <%s>, could not locate external utility class <%s>' % (self.endpoint, util))
# Map object
self.epattr = {
'name': '%s/%s' % (path, action),
'path': path,
'action': action,
'method': method,
'enabled': enabled,
'protected': protected,
'mod': mod,
'cls': cls,
'utils': utils
}
# Attributes constructed
return valid()
def _validate(self):
"""
Validate the utility attributes.
"""
# Get all utilities
util_all = DBGatewayUtilities.objects.all().values()
# ACL objects
acl_objects = list(DBGatewayACLObjects.objects.all().values())
# Construct available external utilities
util_ext = []
for util in util_all:
util_ext.append('%s.%s' % (util['mod'], util['cls']))
# Get the utility details
util_row = DBGatewayUtilities.objects.filter(uuid=self.utility).values()[0]
# Default values
default = {
'path': self.api.data.get('path', util_row['path']),
'method': self.api.data.get('method', util_row['method']),
'mod': self.api.data.get('mod', util_row['mod']),
'cls': self.api.data.get('cls', util_row['cls']),
'utils': self.api.data.get('utils', util_row['utils']),
'rmap': self.api.data.get('rmap', util_row['rmap']),
'enabled': self.api.data.get('enabled', util_row['enabled']),
'protected': self.api.data.get('protected', util_row['protected']),
'object': self.api.data.get('object', util_row['object']),
'object_key': self.api.data.get('object_key', util_row['object_key'])
}
# Make sure the path string is valid
if not re.match(r'^[a-z0-9][a-z0-9\/]*[a-z0-9]$', default['path']):
return invalid('Failed to validate utility [%s], invalid [path] value: %s' % (self.utility, default['path']))
# Make sure the method is valid
if not default['method'] in ['GET', 'POST', 'PUT', 'DELETE']:
return invalid('Failed to validate utility [%s], invalid [method] value: %s' % (self.utility, default['method']))
# Make sure the object type is supported
obj_supported = False if default['object'] else True
for acl_obj in acl_objects:
if acl_obj['type'] == object:
obj_supported = True
break
if not obj_supported:
return invalid('Failed to validate utility, using unsupported utility object type [%s]' % object)
# Make sure the request map is valid JSON
try:
tmp = json.loads(rmap)
except Exception as e:
return invalid('Failed to validate request map JSON: %s' % str(e))
# Validate the module
mod_path = mod.replace('.', '/')
if not os.path.isfile('%s/python/%s.py' % (L_BASE, mod_path)):
return invalid('Failed to validate utility [%s], module [%s] not found' % (self.utility, mod))
# Validate the class
mod_status = mod_has_class(mod, cls)
if not mod_status['valid']:
return mod_status
# Validate external utilities
for util in utils:
if not util in util_ext:
return invalid('Failed to validate utility [%s], could not locate external utility class [%s]' % (self.utility, util))
# Utility validated
return valid()
