def instance_hook(self, input, instance, attrs):
# Parsing returns a generator which we exhaust be converting it into a list.
# An exception is raised on any parsing error.
list(parse_tls_channel_security_definition(self.request.input.value))
# So that username, an artificial and inherited field, is not an empty string.
instance.username = input.username = input.name
def instance_hook(self, input, instance, attrs):
# Parsing returns a generator which we exhaust be converting it into a list.
# An exception is raised on any parsing error.
list(parse_tls_channel_security_definition(self.request.input.value))
# So that username, an artificial and inherited field, is not an empty string.
instance.username = input.username = input.name
def get_url_security(self, cluster_id, connection=None):
""" Returns the security configuration of HTTP URLs.
"""
with closing(self.session()) as session:
# What DB class to fetch depending on the string value of the security type.
sec_type_db_class = {
SEC_DEF_TYPE.APIKEY: APIKeySecurity,
SEC_DEF_TYPE.BASIC_AUTH: HTTPBasicAuth,
SEC_DEF_TYPE.OAUTH: OAuth,
SEC_DEF_TYPE.TECH_ACCOUNT: TechnicalAccount,
SEC_DEF_TYPE.WSS: WSSDefinition,
SEC_DEF_TYPE.TLS_CHANNEL_SEC: TLSChannelSecurity,
SEC_DEF_TYPE.XPATH_SEC: XPathSecurity,
}
result = {}
q = query.http_soap_security_list(session, cluster_id, connection)
columns = Bunch()
# So ConfigDict has its data in the format it expects
for c in q.statement.columns:
columns[c.name] = None
for item in q.all():
target = '{}{}{}'.format(item.soap_action, MISC.SEPARATOR,
item.url_path)
result[target] = Bunch()
result[target].is_active = item.is_active
result[target].transport = item.transport
result[target].data_format = item.data_format
if item.security_id:
result[target].sec_def = Bunch()
# Will raise KeyError if the DB gets somehow misconfigured.
db_class = sec_type_db_class[item.sec_type]
sec_def = session.query(db_class).\
filter(db_class.id==item.security_id).\
one()
# Common things first
result[target].sec_def.id = sec_def.id
result[target].sec_def.name = sec_def.name
result[target].sec_def.password = sec_def.password
result[target].sec_def.sec_type = item.sec_type
if item.sec_type == SEC_DEF_TYPE.TECH_ACCOUNT:
result[target].sec_def.salt = sec_def.salt
elif item.sec_type == SEC_DEF_TYPE.BASIC_AUTH:
result[target].sec_def.username = sec_def.username
result[target].sec_def.password = sec_def.password
result[target].sec_def.realm = sec_def.realm
elif item.sec_type == SEC_DEF_TYPE.APIKEY:
result[target].sec_def.username = '******'.format(
sec_def.username.upper().replace('-', '_'))
result[target].sec_def.password = sec_def.password
elif item.sec_type == SEC_DEF_TYPE.WSS:
result[target].sec_def.username = sec_def.username
result[target].sec_def.password = sec_def.password
result[
target].sec_def.password_type = sec_def.password_type
result[
target].sec_def.reject_empty_nonce_creat = sec_def.reject_empty_nonce_creat
result[
target].sec_def.reject_stale_tokens = sec_def.reject_stale_tokens
result[
target].sec_def.reject_expiry_limit = sec_def.reject_expiry_limit
result[
target].sec_def.nonce_freshness_time = sec_def.nonce_freshness_time
elif item.sec_type == SEC_DEF_TYPE.TLS_CHANNEL_SEC:
result[target].sec_def.value = dict(
parse_tls_channel_security_definition(
sec_def.value))
elif item.sec_type == SEC_DEF_TYPE.XPATH_SEC:
result[target].sec_def.username = sec_def.username
result[target].sec_def.password = sec_def.password
result[
target].sec_def.username_expr = sec_def.username_expr
result[
target].sec_def.password_expr = sec_def.password_expr
else:
result[target].sec_def = ZATO_NONE
return result, columns
def get_url_security(self, cluster_id, connection=None):
""" Returns the security configuration of HTTP URLs.
"""
with closing(self.session()) as session:
# What DB class to fetch depending on the string value of the security type.
sec_type_db_class = {
SEC_DEF_TYPE.APIKEY: APIKeySecurity,
SEC_DEF_TYPE.BASIC_AUTH: HTTPBasicAuth,
SEC_DEF_TYPE.OAUTH: OAuth,
SEC_DEF_TYPE.TECH_ACCOUNT: TechnicalAccount,
SEC_DEF_TYPE.WSS: WSSDefinition,
SEC_DEF_TYPE.TLS_CHANNEL_SEC: TLSChannelSecurity,
SEC_DEF_TYPE.XPATH_SEC: XPathSecurity,
}
result = {}
q = query.http_soap_security_list(session, cluster_id, connection)
columns = Bunch()
# So ConfigDict has its data in the format it expects
for c in q.statement.columns:
columns[c.name] = None
for item in q.all():
target = '{}{}{}'.format(item.soap_action, MISC.SEPARATOR, item.url_path)
result[target] = Bunch()
result[target].is_active = item.is_active
result[target].transport = item.transport
result[target].data_format = item.data_format
if item.security_id:
result[target].sec_def = Bunch()
# Will raise KeyError if the DB gets somehow misconfigured.
db_class = sec_type_db_class[item.sec_type]
sec_def = session.query(db_class).\
filter(db_class.id==item.security_id).\
one()
# Common things first
result[target].sec_def.id = sec_def.id
result[target].sec_def.name = sec_def.name
result[target].sec_def.password = sec_def.password
result[target].sec_def.sec_type = item.sec_type
if item.sec_type == SEC_DEF_TYPE.TECH_ACCOUNT:
result[target].sec_def.salt = sec_def.salt
elif item.sec_type == SEC_DEF_TYPE.BASIC_AUTH:
result[target].sec_def.username = sec_def.username
result[target].sec_def.password = sec_def.password
result[target].sec_def.realm = sec_def.realm
elif item.sec_type == SEC_DEF_TYPE.APIKEY:
result[target].sec_def.username = '******'.format(sec_def.username.upper().replace('-', '_'))
result[target].sec_def.password = sec_def.password
elif item.sec_type == SEC_DEF_TYPE.WSS:
result[target].sec_def.username = sec_def.username
result[target].sec_def.password = sec_def.password
result[target].sec_def.password_type = sec_def.password_type
result[target].sec_def.reject_empty_nonce_creat = sec_def.reject_empty_nonce_creat
result[target].sec_def.reject_stale_tokens = sec_def.reject_stale_tokens
result[target].sec_def.reject_expiry_limit = sec_def.reject_expiry_limit
result[target].sec_def.nonce_freshness_time = sec_def.nonce_freshness_time
elif item.sec_type == SEC_DEF_TYPE.TLS_CHANNEL_SEC:
result[target].sec_def.value = dict(parse_tls_channel_security_definition(sec_def.value))
elif item.sec_type == SEC_DEF_TYPE.XPATH_SEC:
result[target].sec_def.username = sec_def.username
result[target].sec_def.password = sec_def.password
result[target].sec_def.username_expr = sec_def.username_expr
result[target].sec_def.password_expr = sec_def.password_expr
else:
result[target].sec_def = ZATO_NONE
return result, columns
def instance_hook(self, input, instance, attrs):
# Parsing returns a generator which we exhaust be converting it into a list.
# An exception is raised on any parsing error.
list(parse_tls_channel_security_definition(self.request.input.value))
