def __init__(self, obj, opt):
super(LDAPUser, self).__init__(obj, opt)
self.path = sanitize_mount("auth/%s/users/%s" %
(obj.get('mount', 'ldap'), obj['user']))
self._obj = {}
map_val(self._obj, obj, 'groups', [])
map_val(self._obj, obj, 'policies', [])
def __init__(self, obj, opt):
super(LDAPUser, self).__init__(obj, opt)
self.path = sanitize_mount("auth/%s/users/%s" %
(obj.get('mount', 'ldap'), obj['user']))
self._obj = {}
map_val(self._obj, obj, 'groups', [])
map_val(self._obj, obj, 'policies', [])
def __init__(self, obj, opt):
super(UserPassUser, self).__init__('userpass', obj, opt)
self.username = obj['username']
self.mount = 'userpass'
self.path = sanitize_mount("auth/userpass/users/%s" % self.username)
self.secret = obj['password_file']
self._obj = {'policies': obj['policies']}
map_val(self._obj, obj, 'ttl')
map_val(self._obj, obj, 'max_ttl')
self.filename = self.secret
def __init__(self, obj, opt):
super(UserPassUser, self).__init__('userpass', obj, opt)
self.username = obj['username']
self.mount = 'userpass'
self.path = sanitize_mount("auth/userpass/users/%s" % self.username)
self.secret = obj['password_file']
self._obj = {
'policies': obj['policies']
}
map_val(self._obj, obj, 'ttl')
map_val(self._obj, obj, 'max_ttl')
self.filename = self.secret
def tunable(self, obj):
"""A tunable resource maps against a backend..."""
self.tune = dict()
if 'tune' in obj:
for tunable in MOUNT_TUNABLES:
tunable_key = tunable[0]
map_val(self.tune, obj['tune'], tunable_key)
if tunable_key in self.tune and \
is_vault_time(self.tune[tunable_key]):
vault_time_s = vault_time_to_s(self.tune[tunable_key])
self.tune[tunable_key] = vault_time_s
if 'description'in obj:
self.tune['description'] = obj['description']
def tunable(self, obj):
"""A tunable resource maps against a backend..."""
self.tune = dict()
if 'tune' in obj:
for tunable in MOUNT_TUNABLES:
tunable_key = tunable[0]
map_val(self.tune, obj['tune'], tunable_key)
if tunable_key in self.tune and \
is_vault_time(self.tune[tunable_key]):
vault_time_s = vault_time_to_s(self.tune[tunable_key])
self.tune[tunable_key] = vault_time_s
if 'description' in obj:
self.tune['description'] = obj['description']
def __init__(self, obj, opt):
super(TokenRole, self).__init__('tokenrole', obj, opt)
self.role_name = obj['name']
self.path = "auth/token/roles/%s" % obj['name']
self.mount = 'token'
self.backend = 'token'
self.secret_ids = []
role_obj = {}
for policy_type in ['allowed_policies', 'disallowed_policies']:
if policy_type in obj:
policies = obj[policy_type]
role_obj[policy_type] = ','.join(sorted(policies))
map_val(role_obj, obj, 'orphan', True)
map_val(role_obj, obj, 'period', 0)
map_val(role_obj, obj, 'renewable', True)
map_val(role_obj, obj, 'explicit_max_ttl', 0)
map_val(role_obj, obj, 'path_suffix', '')
self._obj = role_obj
def __init__(self, obj, opt):
super(TokenRole, self).__init__('tokenrole', obj, opt)
self.role_name = obj['name']
self.path = "auth/token/roles/%s" % obj['name']
self.mount = 'token'
self.backend = 'token'
self.secret_ids = []
role_obj = {}
for policy_type in ['allowed_policies', 'disallowed_policies']:
if policy_type in obj:
policies = obj[policy_type]
role_obj[policy_type] = ','.join(sorted(policies))
map_val(role_obj, obj, 'orphan', True)
map_val(role_obj, obj, 'period', 0)
map_val(role_obj, obj, 'renewable', True)
map_val(role_obj, obj, 'explicit_max_ttl', 0)
map_val(role_obj, obj, 'path_suffix', '')
self._obj = role_obj
def __init__(self, resource, opt, managed=True):
self.path = sanitize_mount(resource.mount)
self.backend = resource.backend
self.existing = dict()
self.present = resource.present
self.config = dict()
self.managed = managed
if hasattr(resource, 'tune') and isinstance(resource.tune, dict):
for tunable in MOUNT_TUNABLES:
tunable_key = tunable[0]
tunable_type = tunable[1]
if tunable_key in resource.tune and \
not isinstance(resource.tune[tunable_key], tunable_type):
e_msg = "Mount tunable %s on %s must be of type %s" % \
(tunable_key, self.path, tunable_type)
raise aomi_excep.AomiData(e_msg)
map_val(self.config, resource.tune, tunable_key)
if 'description' in resource.tune:
self.config['description'] = resource.tune['description']
self.opt = opt
def __init__(self, resource, opt, managed=True):
self.path = sanitize_mount(resource.mount)
self.backend = resource.backend
self.existing = dict()
self.present = resource.present
self.config = dict()
self.managed = managed
if hasattr(resource, 'tune') and isinstance(resource.tune, dict):
for tunable in MOUNT_TUNABLES:
tunable_key = tunable[0]
tunable_type = tunable[1]
if tunable_key in resource.tune and \
not isinstance(resource.tune[tunable_key], tunable_type):
e_msg = "Mount tunable %s on %s must be of type %s" % \
(tunable_key, self.path, tunable_type)
raise aomi_excep.AomiData(e_msg)
map_val(self.config, resource.tune, tunable_key)
if 'description' in resource.tune:
self.config['description'] = resource.tune['description']
self.opt = opt
def __init__(self, obj, opt):
super(LDAP, self).__init__('ldap', obj, opt)
auth_obj = {'url': obj['url']}
self.mount = 'ldap'
self.path = sanitize_mount("auth/ldap/config")
self.secret = obj.get('secrets')
map_val(auth_obj, obj, 'starttls', False)
map_val(auth_obj, obj, 'insecure_tls', False)
map_val(auth_obj, obj, 'discoverdn')
map_val(auth_obj, obj, 'userdn')
map_val(auth_obj, obj, 'userattr')
map_val(auth_obj, obj, 'deny_null_bind', True)
map_val(auth_obj, obj, 'upndomain')
map_val(auth_obj, obj, 'groupfilter')
map_val(auth_obj, obj, 'groupdn')
map_val(auth_obj, obj, 'groupattr')
map_val(auth_obj, obj, 'binddn')
self._obj = auth_obj
def __init__(self, obj, opt):
super(AppRole, self).__init__('approle', obj, opt)
self.app_name = obj['name']
self.path = "auth/approle/role/%s" % obj['name']
self.mount = self.backend
self.secret_ids = []
policies = obj['policies']
# HCV seems to always add this in anyway. Having this implicit
# at our end makes the diff'ing easier.
if 'default' not in policies:
policies.insert(0, 'default')
role_obj = {'policies': ','.join(sorted(policies))}
map_val(role_obj, obj, 'bound_cidr_list', '', 'cidr_list')
map_val(role_obj, obj, 'secret_id_num_uses', 0, 'secret_uses')
map_val(role_obj, obj, 'secret_id_ttl', 0, 'secret_ttl')
map_val(role_obj, obj, 'period', 0)
map_val(role_obj, obj, 'token_max_ttl', 0)
map_val(role_obj, obj, 'token_ttl', 0)
map_val(role_obj, obj, 'bind_secret_id', True)
map_val(role_obj, obj, 'token_num_uses', 0)
self._obj = role_obj
if 'preset' in obj:
self.presets(obj['preset'], opt)
def __init__(self, obj, opt):
super(LDAP, self).__init__('ldap', obj, opt)
auth_obj = {
'url': obj['url']
}
self.mount = obj.get('mount', 'ldap')
self.path = sanitize_mount("auth/%s/config" % self.mount)
self.secret = obj.get('secrets')
map_val(auth_obj, obj, 'starttls', False)
map_val(auth_obj, obj, 'insecure_tls', False)
map_val(auth_obj, obj, 'discoverdn')
map_val(auth_obj, obj, 'userdn')
map_val(auth_obj, obj, 'userattr')
map_val(auth_obj, obj, 'deny_null_bind', True)
map_val(auth_obj, obj, 'upndomain')
map_val(auth_obj, obj, 'groupfilter')
map_val(auth_obj, obj, 'groupdn')
map_val(auth_obj, obj, 'groupattr')
map_val(auth_obj, obj, 'binddn')
map_val(auth_obj, obj, 'tls_max_version')
map_val(auth_obj, obj, 'tls_min_version')
self._obj = auth_obj
self.tunable(obj)
def __init__(self, obj, opt):
super(AppRole, self).__init__('approle', obj, opt)
self.app_name = obj['name']
self.mount = 'approle'
self.path = "%s/role/%s" % (self.mount, self.app_name)
self.secret_ids = []
self.tunable(obj)
policies = obj['policies']
# HCV seems to always add this in anyway. Having this implicit
# at our end makes the diff'ing easier.
if 'default' not in policies:
policies.insert(0, 'default')
role_obj = {
'policies': ','.join(sorted(policies))
}
map_val(role_obj, obj, 'bound_cidr_list', '', 'cidr_list')
map_val(role_obj, obj, 'secret_id_num_uses', 0, 'secret_uses')
map_val(role_obj, obj, 'secret_id_ttl', 0, 'secret_ttl')
map_val(role_obj, obj, 'period', 0)
map_val(role_obj, obj, 'token_max_ttl', 0)
map_val(role_obj, obj, 'token_ttl', 0)
map_val(role_obj, obj, 'bind_secret_id', True)
map_val(role_obj, obj, 'token_num_uses', 0)
self._obj = role_obj
if 'preset' in obj:
self.presets(obj['preset'], opt)