def ajouter_compte(self, enveloppe: EnveloppeCleCert):
issuer = enveloppe.formatter_issuer()
idmg = issuer['organizationName']
subject = enveloppe.subject_rfc4514_string_mq()
try:
self.ajouter_exchanges(idmg)
# Charger exchanges immediatement - un certificat sans exchanges ne peut pas acceder a mongo/mq
exchanges = enveloppe.get_exchanges
responses = list()
responses.append(self._admin_api.create_user(subject))
responses.append(self._admin_api.create_user_permission(subject, idmg))
liste_inclure = {Constantes.SECURITE_PUBLIC} # PUblic toujours inclus
if Constantes.SECURITE_PROTEGE in exchanges:
# pour l'echange protege, on inclus aussi l'echange prive (et public)
liste_inclure.add(Constantes.SECURITE_PRIVE)
if Constantes.SECURITE_SECURE in exchanges:
# pour l'echange secure, on inclus aussi tous les autres echanges
liste_inclure.add(Constantes.SECURITE_PRIVE)
liste_inclure.add(Constantes.SECURITE_PROTEGE)
liste_inclure.update(exchanges)
liste_exchanges_exclure = [
Constantes.SECURITE_PUBLIC,
Constantes.SECURITE_PRIVE,
Constantes.SECURITE_PROTEGE,
Constantes.SECURITE_SECURE
]
for exchange in liste_inclure:
liste_exchanges_exclure.remove(exchange) # Retire de la liste d'exchanges a exclure
responses.append(self._admin_api.create_user_topic(subject, idmg, exchange))
# Bloquer les exchanges a exclure
for exchange in liste_exchanges_exclure:
responses.append(self._admin_api.create_user_topic(subject, idmg, exchange, write='', read=''))
if any([response.status_code not in [201, 204] for response in responses]):
raise ValueError("Erreur ajout compte", subject)
except x509.extensions.ExtensionNotFound:
self.__logger.info("Aucun access a MQ pour certificat %s", subject)
def creer_compte(self, cert: EnveloppeCleCert):
issuer = cert.formatter_issuer()
idmg = issuer['organizationName']
nom_compte = cert.subject_rfc4514_string_mq()
commande = {
'createUser': nom_compte,
'roles': [{
'role': 'readWrite',
'db': idmg,
}]
}
self.__logger.debug("Creation compte Mongo : %s", commande)
document_dao = self.__connexion.document_dao
external_db = document_dao.get_database('$external')
external_db.command(commande)
def _ajouter_compte_pem(self, cert_pem, commande):
# Charger pem
certificat = EnveloppeCleCert()
certificat.cert_from_pem_bytes(cert_pem.encode('utf-8'))
try:
gestionnaire_mongo: GestionnaireComptesMongo = self._service_monitor.gestionnaire_mongo
if gestionnaire_mongo:
gestionnaire_mongo.creer_compte(certificat)
except DuplicateKeyError:
self.__logger.info("Compte mongo deja cree : " +
certificat.subject_rfc4514_string_mq())
except KeyError as kerr:
self.__logger.debug("Certificat ignore " + str(kerr))
gestionnaire_comptes_mq: GestionnaireComptesMQ = self._service_monitor.gestionnaire_mq
gestionnaire_comptes_mq.ajouter_compte(certificat)
# Transmettre reponse d'ajout de compte, au besoin
properties = commande.get('properties')
if properties:
reply_to = properties.reply_to
correlation_id = properties.correlation_id
if reply_to and correlation_id:
self._service_monitor.generateur_transactions.transmettre_reponse(
{'resultat_ok': True}, reply_to, correlation_id)