def add_user_permission_group(self, permission_group, user_object, vm_object=None, ignore_duplicate=False): """Add a user to a permissions group on a VM object.""" assert permission_group in PERMISSION_GROUPS.keys() assert isinstance( self._convert_remote_object(user_object), self._get_registered_object('user_factory').USER_CLASS) assert isinstance( self._convert_remote_object(vm_object), self._get_registered_object( 'virtual_machine_factory').VIRTUAL_MACHINE_CLASS) ArgumentValidator.validate_boolean(ignore_duplicate) # Check if user running script is able to add users to permission group if not (self.is_superuser() or (vm_object and self.assert_permission( PERMISSIONS.MANAGE_VM_USERS, vm_object) and permission_group == 'user')): raise InsufficientPermissionsException( 'VM owners cannot add manager other owners') user_object = self._convert_remote_object(user_object) vm_object = self._convert_remote_object( vm_object) if vm_object is not None else None username = user_object.get_username() # Check if user is already in the group if (vm_object): config_object = vm_object.get_config_object() else: config_object = MCVirtConfig() if (username not in self.get_users_in_permission_group( permission_group, vm_object)): # Add user to permission configuration for VM def add_user_to_config(config): config['permissions'][permission_group].append(username) config_object.update_config( add_user_to_config, 'Added user \'%s\' to group \'%s\'' % (username, permission_group)) # @TODO FIX ME if self._is_cluster_master: cluster_object = self._get_registered_object('cluster') vm_name = vm_object.get_name() if vm_object else None cluster_object.run_remote_command( 'auth-add_user_permission_group', { 'permission_group': permission_group, 'username': username, 'vm_name': vm_name }) elif not ignore_duplicate: raise DuplicatePermissionException( 'User \'%s\' already in group \'%s\'' % (username, permission_group))
def delete_superuser(self, user_object): """Remove a superuser.""" assert isinstance(self._convert_remote_object(user_object), self._get_registered_object('user_factory').USER_CLASS) # Ensure the user is a superuser if not self.is_superuser(): raise InsufficientPermissionsException( 'User must be a superuser to manage superusers' ) user_object = self._convert_remote_object(user_object) username = user_object.get_username() # Ensure user to be removed is a superuser if (username not in self.get_superusers()): raise UserNotPresentInGroup('User \'%s\' is not a superuser' % username) mcvirt_config = MCVirtConfig() def update_config(config): config['superusers'].remove(username) mcvirt_config.update_config(update_config, 'Removed \'%s\' from superuser group' % username) if self._is_cluster_master: def remote_command(connection): remote_user_factory = connection.get_connection('user_factory') remote_user = remote_user_factory.get_user_by_username(user_object.get_username()) remote_auth = connection.get_connection('auth') remote_auth.delete_superuser(remote_user) cluster = self._get_registered_object('cluster') cluster.run_remote_command(remote_command)
def get_config(self): """Return the global Drbd configuration""" mcvirt_config = MCVirtConfig() if 'drbd' in mcvirt_config.get_config().keys(): return mcvirt_config.get_config()['drbd'] else: return self.get_default_config()
def delete_user_permission_group(self, permission_group, user_object, vm_object=None): """Remove user from a permissions group on a VM object.""" assert permission_group in PERMISSION_GROUPS.keys() assert isinstance(self._convert_remote_object(user_object), self._get_registered_object('user_factory').USER_CLASS) assert isinstance(self._convert_remote_object(vm_object), self._get_registered_object( 'virtual_machine_factory').VIRTUAL_MACHINE_CLASS) # Check if user running script is able to remove users to permission group if not (self.is_superuser() or (self.assert_permission(PERMISSIONS.MANAGE_VM_USERS, vm_object) and permission_group == 'user') and vm_object): raise InsufficientPermissionsException('Does not have required permission') user_object = self._convert_remote_object(user_object) username = user_object.get_username() # Check if user exists in the group if username not in self.get_users_in_permission_group(permission_group, vm_object): raise UserNotPresentInGroup('User \'%s\' not in group \'%s\'' % (username, permission_group)) if vm_object: vm_object = self._convert_remote_object(vm_object) config_object = vm_object.get_config_object() else: config_object = MCVirtConfig() # Remove user from permission configuration for VM def remove_user_from_group(config): config['permissions'][permission_group].remove(username) config_object.update_config(remove_user_from_group, 'Removed user \'%s\' from group \'%s\'' % (username, permission_group)) if self._is_cluster_master: def add_remote_user_to_group(connection): remote_user_factory = connection.get_connection('user_factory') remote_user = remote_user_factory.get_user_by_username( user_object.get_username() ) connection.annotate_object(remote_user) remote_auth = connection.get_connection('auth') if vm_object: remote_vm_factory = connection.get_connection('virtual_machine_factory') remote_vm = remote_vm_factory.getVirtualMachineByName( vm_object.get_name() ) else: remote_vm = None remote_auth.delete_user_permission_group(permission_group, remote_user, remote_vm) cluster_object = self._get_registered_object('cluster') cluster_object.run_remote_command(add_remote_user_to_group)
def delete_user_permission_group(self, permission_group, user_object, vm_object=None): """Remove user from a permissions group on a VM object.""" assert permission_group in PERMISSION_GROUPS.keys() assert isinstance( self._convert_remote_object(user_object), self._get_registered_object('user_factory').USER_CLASS) assert isinstance( self._convert_remote_object(vm_object), self._get_registered_object( 'virtual_machine_factory').VIRTUAL_MACHINE_CLASS) # Check if user running script is able to remove users to permission group if not (self.is_superuser() or (self.assert_permission(PERMISSIONS.MANAGE_VM_USERS, vm_object) and permission_group == 'user') and vm_object): raise InsufficientPermissionsException( 'Does not have required permission') user_object = self._convert_remote_object(user_object) vm_object = self._convert_remote_object( vm_object) if vm_object is not None else None username = user_object.get_username() # Check if user exists in the group if username not in self.get_users_in_permission_group( permission_group, vm_object): raise UserNotPresentInGroup('User \'%s\' not in group \'%s\'' % (username, permission_group)) if vm_object: config_object = vm_object.get_config_object() vm_name = vm_object.get_name() else: config_object = MCVirtConfig() vm_name = None # Remove user from permission configuration for VM def remove_user_from_group(config): config['permissions'][permission_group].remove(username) config_object.update_config( remove_user_from_group, 'Removed user \'%s\' from group \'%s\'' % (username, permission_group)) # @TODO FIX ME if self._is_cluster_master: cluster_object = self._get_registered_object('cluster') cluster_object.run_remote_command( 'auth-delete_user_permission_group', { 'permission_group': permission_group, 'username': username, 'vm_name': vm_name })
def set_cluster_ip_address(self, ip_address): """Update the cluster IP address for the node.""" self._get_registered_object('auth').assert_permission(PERMISSIONS.MANAGE_NODE) ArgumentValidator.validate_ip_address(ip_address) # Update global MCVirt configuration def update_config(config): config['cluster']['cluster_ip'] = ip_address mcvirt_config = MCVirtConfig() mcvirt_config.update_config(update_config, 'Set node cluster IP address to %s' % ip_address)
def set_storage_volume_group(self, volume_group): """Update the MCVirt configuration to set the volume group for VM storage.""" self._get_registered_object('auth').assert_permission(PERMISSIONS.MANAGE_NODE) ArgumentValidator.validate_vg_name(volume_group) # Update global MCVirt configuration def update_config(config): config['vm_storage_vg'] = volume_group mcvirt_config = MCVirtConfig() mcvirt_config.update_config(update_config, 'Set virtual machine storage volume group to %s' % volume_group)
def add_user_permission_group(self, permission_group, user_object, vm_object=None, ignore_duplicate=False): """Add a user to a permissions group on a VM object.""" assert permission_group in PERMISSION_GROUPS.keys() assert isinstance(self._convert_remote_object(user_object), self._get_registered_object('user_factory').USER_CLASS) assert isinstance(self._convert_remote_object(vm_object), self._get_registered_object( 'virtual_machine_factory').VIRTUAL_MACHINE_CLASS) ArgumentValidator.validate_boolean(ignore_duplicate) # Check if user running script is able to add users to permission group if not (self.is_superuser() or (vm_object and self.assert_permission(PERMISSIONS.MANAGE_VM_USERS, vm_object) and permission_group == 'user')): raise InsufficientPermissionsException('VM owners cannot add manager other owners') user_object = self._convert_remote_object(user_object) vm_object = self._convert_remote_object(vm_object) if vm_object is not None else None username = user_object.get_username() # Check if user is already in the group if (vm_object): config_object = vm_object.get_config_object() else: config_object = MCVirtConfig() if (username not in self.get_users_in_permission_group(permission_group, vm_object)): # Add user to permission configuration for VM def add_user_to_config(config): config['permissions'][permission_group].append(username) config_object.update_config(add_user_to_config, 'Added user \'%s\' to group \'%s\'' % (username, permission_group)) # @TODO FIX ME if self._is_cluster_master: cluster_object = self._get_registered_object('cluster') vm_name = vm_object.get_name() if vm_object else None cluster_object.run_remote_command('auth-add_user_permission_group', {'permission_group': permission_group, 'username': username, 'vm_name': vm_name}) elif not ignore_duplicate: raise DuplicatePermissionException( 'User \'%s\' already in group \'%s\'' % (username, permission_group) )
def check_permission(self, permission_enum, vm_object=None, user_object=None): """Check that the user has a given permission, either globally through MCVirt or for a given VM. """ if 'STARTUP_PERIOD' in dir(Pyro4.current_context ) and Pyro4.current_context.STARTUP_PERIOD: return True if ('INTERNAL_REQUEST' in dir(Pyro4.current_context) and Pyro4.current_context.INTERNAL_REQUEST): return True # If the user is a superuser, all permissions are attached to the user if self.is_superuser(): return True if user_object is None: user_object = self._get_registered_object( 'mcvirt_session').get_current_user_object() # Determine if the type of user has the permissions if permission_enum in user_object.PERMISSIONS: return True # Check the global permissions configuration to determine # if the user has been granted the permission mcvirt_config = MCVirtConfig() mcvirt_permissions = mcvirt_config.getPermissionConfig() if self.check_permission_in_config(mcvirt_permissions, user_object.get_username(), permission_enum): return True # If a vm_object has been passed, check the VM # configuration file for the required permissions if vm_object: vm_config_object = vm_object.get_config_object() vm_config = vm_config_object.getPermissionConfig() # Determine if the user has been granted the required permissions # in the VM configuration file if (self.check_permission_in_config(vm_config, user_object.get_username(), permission_enum)): return True return False
def get_free_vg_space(self): """Returns the free space in megabytes.""" _, out, err = System.runCommand(['vgs', MCVirtConfig().get_config()['vm_storage_vg'], '-o', 'free', '--noheadings', '--nosuffix', '--units', 'm'], False, DirectoryLocation.BASE_STORAGE_DIR) return float(out)
def remove_node_configuration(self, node_name): """Remove an MCVirt node from the configuration and regenerates authorized_keys file """ def remove_node_config(mcvirt_config): del(mcvirt_config['cluster']['nodes'][node_name]) MCVirtConfig().update_config(remove_node_config)
def get_connection(self, bind_dn=None, password=None): """Return an LDAP object""" if not LdapFactory.is_enabled(): raise LdapNotEnabledException('Ldap has not been configured on this node') ca_cert_exists = os.path.exists(self.ldap_ca_cert_path) ldap_config = MCVirtConfig().get_config()['ldap'] ldap.set_option( ldap.OPT_X_TLS_CACERTFILE, self.ldap_ca_cert_path if ca_cert_exists else '' ) if bind_dn is None and password is None: bind_dn = ldap_config['bind_dn'] password = ldap_config['bind_pass'] try: ldap_connection = ldap.initialize(uri=ldap_config['server_uri']) ldap_connection.bind_s(bind_dn, password) except: raise LdapConnectionFailedException( 'Connection attempts to the LDAP server failed.' ) return ldap_connection
def set_cluster_ip_address(self, ip_address): """Update the cluster IP address for the node.""" self._get_registered_object('auth').assert_permission(PERMISSIONS.MANAGE_NODE) # Check validity of IP address (mainly to ensure that ) pattern = re.compile(r"^((([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5])[ (\[]?(\.|dot)" "[ )\]]?){3}([01]?[0-9]?[0-9]|2[0-4][0-9]|25[0-5]))$") if not pattern.match(ip_address): raise InvalidIPAddressException('%s is not a valid IP address' % ip_address) # Update global MCVirt configuration def update_config(config): config['cluster']['cluster_ip'] = ip_address mcvirt_config = MCVirtConfig() mcvirt_config.update_config(update_config, 'Set node cluster IP address to %s' % ip_address)
def get_users_in_permission_group(self, permission_group, vm_object=None): """Obtain a list of users in a given group, either in the global permissions or for a specific VM. """ if vm_object: permission_config = vm_object.get_config_object( ).getPermissionConfig() else: mcvirt_config = MCVirtConfig() permission_config = mcvirt_config.getPermissionConfig() if permission_group in permission_config.keys(): return permission_config[permission_group] else: raise InvalidPermissionGroupException( 'Permission group \'%s\' does not exist' % permission_group)
def add_node_configuration(self, node_name, ip_address, connection_user, connection_password, ca_key): """Add MCVirt node to configuration, generates a cluster user on the remote node and stores credentials against node in the MCVirt configuration. """ self._get_registered_object('auth').assert_permission( PERMISSIONS.MANAGE_CLUSTER) # Create CA file ssl_object = self._get_registered_object( 'certificate_generator_factory').get_cert_generator(node_name) ssl_object.ca_pub_file = ca_key # Connect to node and obtain cluster user remote = Connection(username=connection_user, password=connection_password, host=node_name) remote_user_factory = remote.get_connection('user_factory') connection_user = remote_user_factory.get_user_by_username( connection_user) remote.annotate_object(connection_user) username, password = connection_user.create_cluster_user( host=get_hostname()) # Add node to configuration file def add_node_config(mcvirt_config): mcvirt_config['cluster']['nodes'][node_name] = { 'ip_address': ip_address, 'username': username, 'password': password } MCVirtConfig().update_config(add_node_config)
def update_host(self, host): """Update the host associated with the user.""" def update_config(config): config['users'][self.get_username()]['host'] = host MCVirtConfig().update_config( update_config, 'Updated host for \'%s\'' % self.get_username())
def get_users_in_permission_group(self, permission_group, vm_object=None): """Obtain a list of users in a given group, either in the global permissions or for a specific VM. """ if vm_object: permission_config = vm_object.get_config_object().getPermissionConfig() else: mcvirt_config = MCVirtConfig() permission_config = mcvirt_config.getPermissionConfig() if permission_group in permission_config.keys(): return permission_config[permission_group] else: raise InvalidPermissionGroupException( 'Permission group \'%s\' does not exist' % permission_group )
def tearDown(self): """Reset any values changed to the MCVirt config""" def reset_config(config): config['cluster']['cluster_ip'] = self.original_ip_address config['vm_storage_vg'] = self.original_volume_group MCVirtConfig().update_config(reset_config, 'Reset node configurations') super(NodeTests, self).tearDown()
def add_config(self, username, user_config): """Add a user config to the local node.""" # Ensure this is being run as a Cluster User self._get_registered_object('auth').check_user_type('ClusterUser') def update_config(config): config['users'][username] = user_config MCVirtConfig().update_config(update_config, 'Adding user %s' % username)
def setUp(self): """Create test Ldap configuration""" super(LdapTests, self).setUp() # Keep a copy of the original Ldap config so it can be restored in the tear down self.original_ldap_config = MCVirtConfig().get_config()['ldap'] def update_config(config): config['ldap'] = LdapTests.TEST_LDAP_CONFIG MCVirtConfig().update_config(update_config, 'Create test Ldap configuration') # Setup mock ldap self.mockldap.start() self.ldap_factory = LdapFactory()
def get_all_usernames(cls): """Return all local users""" user_config = MCVirtConfig().get_config()['users'] users = [] for username in user_config: if user_config[username]['user_type'] == cls.__name__: users.append(username) return users
def set_storage_volume_group(self, volume_group): """Update the MCVirt configuration to set the volume group for VM storage.""" self._get_registered_object('auth').assert_permission(PERMISSIONS.MANAGE_NODE) # Ensure volume_group name is valid pattern = re.compile("^[A-Z0-9a-z_-]+$") if not pattern.match(volume_group): raise InvalidVolumeGroupNameException('%s is not a valid volume group name' % volume_group) # Update global MCVirt configuration def update_config(config): config['vm_storage_vg'] = volume_group mcvirt_config = MCVirtConfig() mcvirt_config.update_config(update_config, 'Set virtual machine storage volume group to %s' % volume_group)
def get_log_level(): """Return the log level, set either by environmental variable or configuration in MCVirt config """ from mcvirt.mcvirt_config import MCVirtConfig if 'MCVIRT_DEBUG' in os.environ: return os.environ['MCVIRT_DEBUG'].upper() else: return MCVirtConfig().get_config()['log_level'].upper()
def test_user_search(self): """Test that getting LDAP usernames takes the user_search attribute into account""" def update_config(config): config['ldap']['user_search'] = '(loginShell=/bin/bash)' MCVirtConfig().update_config(update_config, 'Set user_search') ldap_users = self.ldap_factory.get_all_usernames() self.assertTrue(LdapTests.TEST_USERS[0]['username'] in ldap_users) self.assertFalse(LdapTests.TEST_USERS[1]['username'] in ldap_users)
def tearDown(self): """Restore the correct Ldap configuration""" def reset_config(config): config['ldap'] = self.original_ldap_config MCVirtConfig().update_config(reset_config, 'Reset Ldap configuration') # Stop mock ldap self.mockldap.stop() super(LdapTests, self).tearDown()
def add_superuser(self, user_object, ignore_duplicate=False): """Add a new superuser.""" assert isinstance( self._convert_remote_object(user_object), self._get_registered_object('user_factory').USER_CLASS) ArgumentValidator.validate_boolean(ignore_duplicate) # Ensure the user is a superuser if not self.is_superuser(): raise InsufficientPermissionsException( 'User must be a superuser to manage superusers') user_object = self._convert_remote_object(user_object) username = user_object.get_username() mcvirt_config = MCVirtConfig() # Ensure user is not already a superuser if username not in self.get_superusers(): def update_config(config): config['superusers'].append(username) mcvirt_config.update_config(update_config, 'Added superuser \'%s\'' % username) elif not ignore_duplicate: raise DuplicatePermissionException( 'User \'%s\' is already a superuser' % username) if self._is_cluster_master: def remote_command(connection): remote_user_factory = connection.get_connection('user_factory') remote_user = remote_user_factory.get_user_by_username( user_object.get_username()) remote_auth = connection.get_connection('auth') remote_auth.add_superuser(remote_user, ignore_duplicate=ignore_duplicate) cluster = self._get_registered_object('cluster') cluster.run_remote_command(remote_command)
def sync_config(self, remote_connection): """Sync MCVirt configuration""" config = MCVirtConfig().get_config() remote_mcvirt_config_obj = remote_connection.get_connection('mcvirt_config') remote_config = remote_mcvirt_config_obj.get_config_remote() # Update Git and LDAP configuration to remote node remote_config['git'] = config['git'] remote_config['ldap'] = config['ldap'] remote_mcvirt_config_obj.manual_update_config(remote_config, ('Update LDAP/Git configuration after' ' joining node to cluster.'))
def check_permission(self, permission_enum, vm_object=None, user_object=None): """Check that the user has a given permission, either globally through MCVirt or for a given VM. """ if Pyro4.current_context.STARTUP_PERIOD: return True # If the user is a superuser, all permissions are attached to the user if self.is_superuser(): return True if user_object is None: user_object = self._get_registered_object('mcvirt_session').get_current_user_object() # Determine if the type of user has the permissions if permission_enum in user_object.PERMISSIONS: return True # Check the global permissions configuration to determine # if the user has been granted the permission mcvirt_config = MCVirtConfig() mcvirt_permissions = mcvirt_config.getPermissionConfig() if self.check_permission_in_config(mcvirt_permissions, user_object.get_username(), permission_enum): return True # If a vm_object has been passed, check the VM # configuration file for the required permissions if vm_object: vm_config_object = vm_object.get_config_object() vm_config = vm_config_object.getPermissionConfig() # Determine if the user has been granted the required permissions # in the VM configuration file if (self.check_permission_in_config(vm_config, user_object.get_username(), permission_enum)): return True return False
def create(self, username, password, user_type=LocalUser): """Create a user.""" self._get_registered_object('auth').assert_permission( PERMISSIONS.MANAGE_USERS ) if not user_type.CAN_CREATE: raise InvalidUserTypeException('Cannot create this type of user') if not password: raise BlankPasswordException('Password cannot be blank') # Ensure that username is not part of a reserved namespace for user_class in self.get_user_types(): if (user_class is not user_type and user_class.USER_PREFIX is not None and username.startswith(user_class.USER_PREFIX)): raise InvalidUsernameException( 'Username is within a reserved namespace' ) # Ensure that there is not a duplicate user if user_type._check_exists(username): raise UserAlreadyExistsException('There is a user with the same username \'%s\'' % username) # Ensure valid user type user_type = self.ensure_valid_user_type(user_type) # Generate password salt for user and hash password salt = user_type._generate_salt() hashed_password = user_type._hash_string(password, salt) # Create config for user and update MCVirt config user_config = user_type.get_default_config() user_config['password'] = hashed_password user_config['salt'] = salt user_config['user_type'] = user_type.__name__ def update_config(config): config['users'][username] = user_config MCVirtConfig().update_config(update_config, 'Create user \'%s\'' % username) if user_type.DISTRIBUTED and self._is_cluster_master: # Create the user on the other nodes in the cluster def remote_command(node_connection): remote_user_factory = node_connection.get_connection('user_factory') remote_user_factory.create(username, password) cluster = self._get_registered_object('cluster') cluster.run_remote_command(remote_command)
def delete_superuser(self, user_object): """Remove a superuser.""" assert isinstance( self._convert_remote_object(user_object), self._get_registered_object('user_factory').USER_CLASS) # Ensure the user is a superuser if not self.is_superuser(): raise InsufficientPermissionsException( 'User must be a superuser to manage superusers') user_object = self._convert_remote_object(user_object) username = user_object.get_username() # Ensure user to be removed is a superuser if (username not in self.get_superusers()): raise UserNotPresentInGroup('User \'%s\' is not a superuser' % username) mcvirt_config = MCVirtConfig() def update_config(config): config['superusers'].remove(username) mcvirt_config.update_config( update_config, 'Removed \'%s\' from superuser group' % username) if self._is_cluster_master: def remote_command(connection): remote_user_factory = connection.get_connection('user_factory') remote_user = remote_user_factory.get_user_by_username( user_object.get_username()) remote_auth = connection.get_connection('auth') remote_auth.delete_superuser(remote_user) cluster = self._get_registered_object('cluster') cluster.run_remote_command(remote_command)
def add_superuser(self, user_object, ignore_duplicate=False): """Add a new superuser.""" assert isinstance(self._convert_remote_object(user_object), self._get_registered_object('user_factory').USER_CLASS) ArgumentValidator.validate_boolean(ignore_duplicate) # Ensure the user is a superuser if not self.is_superuser(): raise InsufficientPermissionsException( 'User must be a superuser to manage superusers' ) user_object = self._convert_remote_object(user_object) username = user_object.get_username() mcvirt_config = MCVirtConfig() # Ensure user is not already a superuser if username not in self.get_superusers(): def update_config(config): config['superusers'].append(username) mcvirt_config.update_config(update_config, 'Added superuser \'%s\'' % username) elif not ignore_duplicate: raise DuplicatePermissionException( 'User \'%s\' is already a superuser' % username ) if self._is_cluster_master: def remote_command(connection): remote_user_factory = connection.get_connection('user_factory') remote_user = remote_user_factory.get_user_by_username(user_object.get_username()) remote_auth = connection.get_connection('auth') remote_auth.add_superuser(remote_user, ignore_duplicate=ignore_duplicate) cluster = self._get_registered_object('cluster') cluster.run_remote_command(remote_command)
def get_config(self): """Create the configuration for libvirt""" cert_gen_factory = self._get_registered_object('certificate_generator_factory') ssl_socket = cert_gen_factory.get_cert_generator('localhost') nodes = self._get_registered_object('cluster').get_nodes(return_all=True) nodes.append(get_hostname()) allowed_dns = [cert_gen_factory.get_cert_generator(node).ssl_subj for node in nodes] return { 'ip_address': MCVirtConfig().getListenAddress(), 'ssl_server_key': ssl_socket.server_key_file, 'ssl_server_cert': ssl_socket.server_pub_file, 'ssl_ca_cert': ssl_socket.ca_pub_file, 'allowed_nodes': '", "'.join(allowed_dns) }
def get_all_usernames(self): """Return all users in the searchable LDAP directory""" if not LdapFactory.is_enabled(): return [] ldap_config = MCVirtConfig().get_config()['ldap'] ldap_con = self.get_connection() try: res = ldap_con.search_s(ldap_config['base_dn'], ldap.SCOPE_SUBTREE, self.get_user_filter(), [str(ldap_config['username_attribute'])]) except: raise UnknownLdapError(('An LDAP search error occurred. Please read the MCVirt' ' logs for more information')) return [user_obj[1][ldap_config['username_attribute']][0] for user_obj in res]
def search_dn(self, username): """Determine a DN for a given username""" ldap_config = MCVirtConfig().get_config()['ldap'] ldap_con = self.get_connection() try: res = ldap_con.search_s(str(ldap_config['base_dn']), ldap.SCOPE_SUBTREE, self.get_user_filter(username), [str(ldap_config['username_attribute'])]) except: raise UnknownLdapError(('An LDAP search error occurred. Please read the MCVirt' ' logs for more information')) if len(res): return res[0][0] else: raise UserDoesNotExistException('User not returned by LDAP search')
def set_enable(self, enable): """Flag as to whether LDAP authentication is enabled or disabled. """ self._get_registered_object('auth').assert_permission(PERMISSIONS.MANAGE_USERS) def update_config(config): config['ldap']['enabled'] = enable MCVirtConfig().update_config(update_config, 'Updated LDAP status') if self._is_cluster_master: def remote_command(node_connection): remote_ldap_factory = node_connection.get_connection('ldap_factory') remote_ldap_factory.set_enable(enable) cluster = self._get_registered_object('cluster') cluster.run_remote_command(remote_command)
def _set_password(self, new_password): """Set the password for the current user""" password_hash = self._hash_password(new_password) def update_config(config): config['users'][self.get_username()]['password'] = password_hash MCVirtConfig().update_config( update_config, 'Updated password for \'%s\'' % self.get_username() ) if self.DISTRIBUTED and self._is_cluster_master: def remote_command(node_connection): remote_user_factory = node_connection.get_connection('user_factory') remote_user = remote_user_factory.get_user_by_username(self.get_username()) node_connection.annotate_object(remote_user) remote_user.set_password(new_password) cluster = self._get_registered_object('cluster') cluster.run_remote_command(remote_command)
def get_superusers(self): """Return a list of superusers""" mcvirt_config = MCVirtConfig() return mcvirt_config.get_config()['superusers']