def get_members_constraint(entity):
conn = None
mList = []
search_filter = '(&(objectClass=' + ROLE_OC_NAME + ')'
search_filter += '(' + ROLE_NAME + '=' + entity.name + '))'
try:
conn = ldaphelper.open()
# TODO: use sizelimit=1
entries = conn.search_s(__CONTAINER_DN,
scope=ldap.SCOPE_SUBTREE,
filterstr=search_filter,
attrlist=[MEMBER, global_ids.CONSTRAINT])
if not entries:
raise NotFound(msg="Role not found, name=" + entity.name,
id=global_ids.ROLE_NOT_FOUND)
elif len(entries) > 1:
raise NotUnique(msg="Role not unique, name=" + entity.name,
id=global_ids.ROLE_SEARCH_FAILED)
dn, attrs = entries[0]
member_dns = ldaphelper.get_list(attrs.get(MEMBER, []))
constraint = Constraint(
ldaphelper.get_attr_val(attrs.get(global_ids.CONSTRAINT, [])))
mList = __convert_list(member_dns)
except Exception as e: # FIXME: change to LDAPError
raise RbacError(msg='Get members search error=' + str(e),
id=global_ids.ROLE_OCCUPANT_SEARCH_FAILED)
finally:
if conn:
ldaphelper.close(conn)
return [mList, constraint]
def create(entity):
try:
attrs = {}
attrs.update({'objectClass': ROLE_OCS})
attrs.update({global_ids.CN: entity.name})
attrs.update({ROLE_NAME: entity.name})
# generate random id:
entity.internal_id = str(uuid.uuid4())
attrs.update({global_ids.INTERNAL_ID: entity.internal_id})
# string:
if entity.description:
attrs.update({global_ids.DESC: entity.description})
# list of strings
if entity.props is not None and len(entity.props) > 0:
attrs.update({global_ids.PROPS: entity.props})
# list of comma delimited strings:
if entity.constraint is None:
entity.constraint = Constraint(name=entity.name)
#if entity.constraint is not None:
attrs.update({global_ids.CONSTRAINT: entity.constraint.get_raw()})
conn = ldaphelper.open()
conn.add_s(__get_dn(entity), add_to_modlist(attrs))
except ldap.ALREADY_EXISTS:
raise NotUnique(msg='Role create failed, already exists:' + entity.uid,
id=global_ids.ROLE_ADD_FAILED)
except ldap.LDAPError as e:
raise RbacError(msg='Role create failed result=' + str(e),
id=global_ids.ROLE_ADD_FAILED)
except Exception as e:
raise RbacError(msg='Role create error=' + str(e),
id=global_ids.ROLE_ADD_FAILED)
return entity
def create_obj(entity):
try:
attrs = {}
attrs.update({'objectClass': PERM_OBJ_OCS})
attrs.update({OBJ_NM: entity.obj_name})
# generate random id:
entity.internal_id = str(uuid.uuid4())
attrs.update({global_ids.INTERNAL_ID: entity.internal_id})
# ou is req'd for organizationalUnit object class, if caller did not set, use obj name.
if not entity.ou:
entity.ou = entity.obj_name
attrs.update({global_ids.OU: entity.ou})
if entity.description:
attrs.update({global_ids.DESC: entity.description})
if entity.type:
attrs.update({TYPE: entity.type})
# list of comma delimited strings:
if entity.props is not None and len(entity.props) > 0:
attrs.update({global_ids.PROPS: entity.props})
conn = ldaphelper.open()
conn.add_s(__get_obj_dn(entity), add_to_modlist(attrs))
except ldap.ALREADY_EXISTS:
raise NotUnique(msg='PermObj create failed, already exists:' +
entity.uid,
id=global_ids.PERM_ADD_FAILED)
except ldap.LDAPError as e:
raise FortressError(msg='PermObj create failed result=' + str(e),
id=global_ids.PERM_ADD_FAILED)
except Exception as e:
raise FortressError(msg='PermObj create error=' + str(e),
id=global_ids.PERM_ADD_FAILED)
return entity
def read(entity):
userList = search(entity)
if userList is None or len(userList) == 0:
raise NotFound(msg="User Read not found, uid=" + entity.uid,
id=global_ids.USER_NOT_FOUND)
elif len(userList) > 1:
raise NotUnique(msg="User Read not unique, uid=" + entity.uid,
id=global_ids.USER_READ_FAILED)
else:
return userList[0]
def read(entity):
roleList = search(entity)
if roleList is None or len(roleList) == 0:
raise NotFound(msg="Role Read not found, name=" + entity.name,
id=global_ids.ROLE_NOT_FOUND)
elif len(roleList) > 1:
raise NotUnique(msg="Role Read not unique, name=" + entity.name,
id=global_ids.ROLE_READ_FAILED)
else:
return roleList[0]
def read_obj(entity):
objList = search_objs(entity)
if objList is None or len(objList) == 0:
raise NotFound(msg="PermObj Read not found, obj name=" +
entity.obj_name,
id=global_ids.PERM_OBJ_NOT_FOUND)
elif len(objList) > 1:
raise NotUnique(msg="PermObj Read not unique, obj name=" +
entity.obj_name,
id=global_ids.PERM_READ_OBJ_FAILED)
else:
return objList[0]
def read(entity):
permList = search(entity)
if permList is None or len(permList) == 0:
raise NotFound(msg="Perm Read not found, obj name=" + entity.obj_name +
', op name=' + entity.op_name,
id=global_ids.PERM_NOT_EXIST)
elif len(permList) > 1:
raise NotUnique(msg="Perm Read not unique, obj name=" +
entity.obj_name + ', op name=' + entity.op_name,
id=global_ids.PERM_READ_OP_FAILED)
else:
return permList[0]
def create_suffix(name):
dn = DC_NAME + '=' + name + ',' + DC_NAME + '=com'
try:
attrs = {}
attrs.update({'objectClass': SUFX_OCS})
attrs.update({DC_NAME: name})
attrs.update({O: name})
conn = ldaphelper.open()
conn.add_s(dn, add_to_modlist(attrs))
except Exception as e:
raise NotUnique(msg='Suffix create failed, already exists:' + dn,
id=global_ids.SUFX_ALREADY_EXISTS)
except ldap.ALREADY_EXISTS:
raise RbacError(msg='Suffix create failed, dn=' + dn + ', result=' +
str(e),
id=global_ids.SUFX_CREATE_FAILED)
except Exception as e:
raise RbacError(msg='Suffix create dn=' + dn + ', error=' + str(e),
id=global_ids.SUFX_CREATE_FAILED)
def create_ou(name, desc=None):
__validate(name)
try:
attrs = {}
attrs.update({'objectClass': OU_OCS})
attrs.update({OU_NAME: name})
if not desc:
desc = 'py-fortress Container ' + name
attrs.update({global_ids.DESC: desc})
conn = ldaphelper.open()
conn.add_s(ldaphelper.get_container_dn(name), add_to_modlist(attrs))
except Exception as e:
raise RbacError(msg='OU create error=' + str(e),
id=global_ids.CNTR_CREATE_FAILED)
except ldap.ALREADY_EXISTS:
raise NotUnique(msg='OU create failed, already exists:' + name,
id=global_ids.CNTR_ALREADY_EXISTS)
except ldap.LDAPError as e:
raise RbacError(msg='OU create failed result=' + str(e),
id=global_ids.CNTR_CREATE_FAILED)
def create(entity):
try:
attrs = {}
attrs.update({'objectClass': PERM_OCS})
attrs.update({OBJ_NM: entity.obj_name})
attrs.update({OP_NM: entity.op_name})
entity.abstract_name = entity.obj_name + '.' + entity.op_name
attrs.update({global_ids.CN: entity.abstract_name})
# generate random id:
entity.internal_id = str(uuid.uuid4())
attrs.update({global_ids.INTERNAL_ID: entity.internal_id})
if entity.obj_id:
attrs.update({OBJ_ID: entity.obj_id})
if entity.description:
attrs.update({global_ids.DESC: entity.description})
if entity.abstract_name:
attrs.update({PERM_NAME: entity.abstract_name})
if entity.type:
attrs.update({TYPE: entity.type})
# list of strings:
if entity.props is not None and len(entity.props) > 0:
attrs.update({global_ids.PROPS: entity.props})
if entity.users is not None and len(entity.users) > 0:
attrs.update({USERS: entity.users})
if entity.roles is not None and len(entity.roles) > 0:
attrs.update({ROLES: entity.roles})
conn = ldaphelper.open()
conn.add_s(__get_dn(entity), add_to_modlist(attrs))
except ldap.ALREADY_EXISTS:
raise NotUnique(msg='Perm create failed, already exists:' +
entity.obj_name,
id=global_ids.PERM_ADD_FAILED)
except ldap.LDAPError as e:
raise RbacError(msg='Perm create failed result=' + str(e),
id=global_ids.PERM_ADD_FAILED)
except Exception as e:
raise RbacError(msg='Perm create error=' + str(e),
id=global_ids.PERM_ADD_FAILED)
return entity
def create(entity):
try:
attrs = {}
attrs.update({'objectClass': USER_OCS})
attrs.update({global_ids.UID: entity.uid})
# generate random id:
entity.internal_id = str(uuid.uuid4())
attrs.update({global_ids.INTERNAL_ID: entity.internal_id})
# cn is req'd for iNetOrgPerson, if caller did not set, use uid value
if not entity.cn:
entity.cn = entity.uid
attrs.update({global_ids.CN: entity.cn})
# likewise sn is req'd for iNetOrgPerson, if caller did not set, use uid value
if not entity.sn:
entity.sn = entity.uid
attrs.update({global_ids.SN: entity.sn})
# strings:
if entity.password:
attrs.update({PW: entity.password})
if entity.description:
attrs.update({global_ids.DESC: entity.description})
if entity.ou:
attrs.update({global_ids.OU: entity.ou})
if entity.display_name:
attrs.update({DISPLAY_NAME: entity.display_name})
if entity.employee_type:
attrs.update({EMPLOYEE_TYPE: entity.employee_type})
if entity.title:
attrs.update({TITLE: entity.title})
if entity.department_number:
attrs.update({DEPT_NUM: entity.department_number})
if entity.l:
attrs.update({LOCATION: entity.l})
if entity.physical_delivery_office_name:
attrs.update(
{PHYSICAL_OFFICE_NM: entity.physical_delivery_office_name})
if entity.postal_code:
attrs.update({POSTAL_CODE: entity.postal_code})
if entity.room_number:
attrs.update({RM_NUM: entity.room_number})
if entity.pw_policy:
attrs.update({PW_POLICY: entity.pw_policy})
# boolean:
if entity.system is not None:
attrs.update({IS_SYSTEM: 'TRUE' if entity.system else 'FALSE'})
# list of strings:
if entity.phones is not None and len(entity.phones) > 0:
attrs.update({TELEPHONE_NUMBER: entity.phones})
if entity.mobiles is not None and len(entity.mobiles) > 0:
attrs.update({MOBILE: entity.mobiles})
if entity.emails is not None and len(entity.emails) > 0:
attrs.update({MAIL: entity.emails})
if entity.props is not None and len(entity.props) > 0:
attrs.update({global_ids.PROPS: entity.props})
# list of delimited strings:
if entity.constraint:
attrs.update({global_ids.CONSTRAINT: entity.constraint.get_raw()})
conn = ldaphelper.open()
conn.add_s(__get_dn(entity), add_to_modlist(attrs))
except ldap.ALREADY_EXISTS:
raise NotUnique(msg='User create failed, already exists:' + entity.uid,
id=global_ids.USER_ADD_FAILED)
except ldap.LDAPError as e:
raise RbacError(msg='User create failed result=' + str(e),
id=global_ids.USER_ADD_FAILED)
except Exception as e:
raise RbacError(msg='User create error=' + str(e),
id=global_ids.USER_ADD_FAILED)
return entity