def put(self, controller, data, oid, *args, **kwargs): data = get_value(data, u'role', None, exception=True) new_name = get_value(data, u'name', None) new_description = get_value(data, u'desc', None) role_perm = get_value(data, u'perms', None) role = self.controller.get_role(oid) resp = {u'update': None, u'perm.append': None, u'perm.remove': None} # append, remove role if role_perm is not None: # append role if u'append' in role_perm: perms = [] for perm in role_perm.get(u'append'): perms.append(perm) res = role.append_permissions(perms) resp[u'perm.append'] = res # remove role if u'remove' in role_perm: perms = [] for perm in role_perm.get(u'remove'): perms.append(perm) res = role.remove_permissions(perms) resp[u'perm.remove'] = res # update role res = role.update(name=new_name, description=new_description) resp[u'update'] = res return resp
def post(self, controller, data, *args, **kwargs): data = get_value(data, u'group', None, exception=True) groupname = get_value(data, u'name', None, exception=True) description = get_value(data, u'desc', u'Group %s' % groupname) resp = controller.add_group(groupname, description) return (resp, 201)
def put(self, controller, data, oid, *args, **kwargs): catalog = self.get_catalog(controller, oid) data = get_value(data, u'catalog', None, exception=True) name = get_value(data, u'name', None) desc = get_value(data, u'desc', None) zone = get_value(data, u'zone', None) resp = catalog.update(name=name, desc=desc, zone=zone) return resp
def post(self, controller, data, *args, **kwargs): data = get_value(data, u'catalog', None, exception=True) name = get_value(data, u'name', None, exception=True) desc = get_value(data, u'desc', None, exception=True) zone = get_value(data, u'zone', None, exception=True) resp = controller.add_catalog(name, desc, zone) return (resp, 201)
def decorated_view(*args, **kwargs): task = args[0] # setup correct user try: user = get_value(kwargs, u'user', u'task_manager') server = get_value(kwargs, u'server', u'127.0.0.1') identity = get_value(kwargs, u'identity', u'') except: logger.warn(u'Can not get request user', exc_info=1) user = u'task_manager' server = u'127.0.0.1' identity = u'' operation.perms = [] operation.user = (user, server, identity) operation.session = None if module != None: mod = task.app.api_manager.modules[module] task_local.controller = mod.get_controller() task_local.entity_class = entity_class task_local.objid = args[1] task_local.op = job_name task_local.opid = task.request.id #task_local.start = time() task_local.delta = delta task_local.user = operation.user if task_local.op is None: if op is None: task_local.op = u'%s.%s' % (entity_class.objdef, act) else: task_local.op = u'%s.%s.%s' % (entity_class.objdef, op, act) # record PENDING task and set start-time start_time = time() status = u'STARTED' params = {u'start-time': start_time, u'job-status': status} task.set_shared_data(params) task.update_job(params, status, start_time, start_time=start_time) # send event task.send_job_event(status, 0, ex=None, msg=None) #TaskResult.store(task.request.id, status=status, retval=None, # start_time=start_time, traceback=None, # inner_type=u'JOB') #logger.debug(u'Job %s - master task %s' % (task_local.op, # task_local.opid)) #res = fn(*args, **kwargs) res = fn(*args) #task.update(u'STARTED') return res
def post(self, controller, data, *args, **kwargs): data = get_value(data, u'user', None, exception=True) username = get_value(data, u'name', None, exception=True) password = get_value(data, u'password', None) description = get_value(data, u'desc', u'User %s' % username) active = get_value(data, u'active', True) active = str2bool(active) expiry_date = get_value(data, u'expiry-date', None) if u'generic' in data and data.get(u'generic') is True: storetype = get_value(data, u'storetype', None, exception=True) resp = controller.add_generic_user(username, storetype, password=password, description=description, expiry_date=expiry_date) elif u'system' in data and data[u'system'] == True: resp = controller.add_system_user(username, password=password, description=description) else: storetype = get_value(data, u'storetype', None, exception=True) systype = get_value(data, u'systype', None, exception=True) resp = controller.add_user(username, storetype, systype, active=active, password=password, description=description, expiry_date=expiry_date) return (resp, 201)
def post(self, controller, data, oid, *args, **kwargs): data = get_value(data, u'user-attribute', None, exception=True) name = get_value(data, u'name', None, exception=True) new_name = get_value(data, u'new_name', None) value = get_value(data, u'value', None, exception=True) desc = get_value(data, u'desc', None, exception=True) user = self.controller.get_user(oid) attr = user.set_attribute(name, value=value, desc=desc, new_name=new_name) resp = (attr.name, attr.value, attr.desc) return (resp, 201)
def post(self, controller, data, *args, **kwargs): """ Create schedule Create scheduler schedule """ scheduler = controller.get_scheduler() data = get_value(data, 'schedule', None, exception=True) name = get_value(data, 'name', None, exception=True) task = get_value(data, 'task', None, exception=True) args = get_value(data, 'args', None) kwargs = get_value(data, 'kwargs', None) options = get_value(data, 'options', {}) relative = get_value(data, 'relative', None) # get schedule schedule = get_value(data, 'schedule', None, exception=True) resp = scheduler.create_update_entry(name, task, schedule, args=args, kwargs=kwargs, options=options, relative=relative) return {'name': name}, 202
def post(self, controller, data, *args, **kwargs): data = get_value(data, u'role', None, exception=True) rolename = get_value(data, u'name', None, exception=True) description = get_value(data, u'desc', u'Role %s' % rolename) rtype = get_value(data, u'type', None) # create role with default permissions if rtype is not None: # app system role if rtype == u'app': resp = controller.add_app_role(rolename) # create role without default permissions else: resp = controller.add_role(rolename, description) return (resp, 201)
def post(self, controller, data, *args, **kwargs): data = get_value(data, u'endpoint', None, exception=True) catalog = get_value(data, u'catalog', None, exception=True) name = get_value(data, u'name', None, exception=True) desc = get_value(data, u'desc', None, exception=True) service = get_value(data, u'service', None, exception=True) uri = get_value(data, u'uri', None, exception=True) active = get_value(data, u'active', True) catalog_obj = self.get_catalog(controller, catalog) resp = catalog_obj.add_endpoint(name, desc, service, uri, active) return (resp, 201)
def post(self, controller, data, *args, **kwargs): user = get_value(data, 'user', None, exception=True) password = get_value(data, 'password', None, exception=True) login_ip = get_value(data, 'login-ip', None, exception=True) try: name_domain = user.split('@') name = name_domain[0] try: domain = name_domain[1] except: domain = 'local' except: ApiManagerError('User must be <user>@<domain>') innerperms = [ (1, 1, 'auth', 'objects', 'ObjectContainer', '*', 1, '*'), (1, 1, 'auth', 'role', 'RoleContainer', '*', 1, '*'), (1, 1, 'auth', 'user', 'UserContainer', '*', 1, '*')] operation.perms = innerperms resp = controller.simple_http_login(name, domain, password, login_ip) return resp
def dispatch(self, controller, data, *args, **kwargs): user = get_value(data, u'user', None, exception=True) password = get_value(data, u'password', None, exception=True) login_ip = get_value(data, u'login-ip', get_remote_ip(request)) try: name_domain = user.split(u'@') name = name_domain[0] try: domain = name_domain[1] except: domain = u'local' except: ApiManagerError(u'User must be <user>@<domain>') innerperms = [ (1, 1, u'auth', u'objects', u'ObjectContainer', u'*', 1, u'*'), (1, 1, u'auth', u'role', u'RoleContainer', u'*', 1, u'*'), (1, 1, u'auth', u'user', u'UserContainer', u'*', 1, u'*')] operation.perms = innerperms res = controller.login(name, domain, password, login_ip) resp = res return resp
def update(self, controller, data, oid, *args, **kwargs): data = get_value(data, u'endpoint', None, exception=True) catalog = get_value(data, u'catalog', None) name = get_value(data, u'name', None) desc = get_value(data, u'desc', None) service = get_value(data, u'service', None) uri = get_value(data, u'uri', None) active = get_value(data, u'active', None) endpoint = self.get_endpoint(controller, oid) resp = endpoint.update(name=name, desc=desc, service=service, uri=uri, active=active, catalog=catalog) return resp
def put(self, controller, data, oid, *args, **kwargs): data = get_value(data, u'group', None, exception=True) new_name = get_value(data, u'name', None) new_description = get_value(data, u'desc', None) new_active = get_value(data, u'active', None) group_role = get_value(data, u'roles', None) group_user = get_value(data, u'users', None) group = self.controller.get_group(oid) resp = { u'update': None, u'role.append': [], u'role.remove': [], u'user.append': [], u'user.remove': [] } # append, remove role if group_role is not None: # append role if u'append' in group_role: for role in group_role.get(u'append'): res = group.append_role(role) resp[u'role.append'].append(res) # remove role if u'remove' in group_role: for role in group_role.get(u'remove'): res = group.remove_role(role) resp[u'role.remove'].append(res) # append, remove user if group_user is not None: # append user if u'append' in group_user: for user in group_user.get(u'append'): res = group.append_user(user) resp[u'user.append'].append(res) # remove user if u'remove' in group_user: for user in group_user.get(u'remove'): res = group.remove_user(user) resp[u'user.remove'].append(res) # update group res = group.update(name=new_name, description=new_description, active=new_active) resp[u'update'] = res return resp
def post(self, controller, data, *args, **kwargs): scheduler = controller.get_scheduler() data = get_value(data, u'schedule', None, exception=True) name = get_value(data, u'name', None, exception=True) task = get_value(data, u'task', None, exception=True) args = get_value(data, u'args', None) kwargs = get_value(data, u'kwargs', None) options = get_value(data, u'options', None) relative = get_value(data, u'relative', None) # get schedule schedule = get_value(data, u'schedule', None, exception=True) resp = scheduler.create_update_entry(name, task, schedule, args=args, kwargs=kwargs, options=options, relative=relative) return (resp, 202)
def put(self, controller, data, oid, *args, **kwargs): data = get_value(data, u'user', None, exception=True) new_name = get_value(data, u'name', None) new_description = get_value(data, u'desc', None) new_active = get_value(data, u'active', None) new_password = get_value(data, u'password', None) role = get_value(data, u'roles', None) new_expiry_date = get_value(data, u'expiry-date', None) if new_active is not None: new_active = str2bool(new_active) if new_expiry_date is not None: g, m, y = new_expiry_date.split(u'-') new_expiry_date = datetime(int(y), int(m), int(g)) user = self.controller.get_user(oid) resp = {u'update': None, u'role.append': [], u'role.remove': []} # append, remove role if role is not None: # append role if u'append' in role: for role, expiry in role.get(u'append'): res = user.append_role(role, expiry_date=expiry) resp[u'role.append'].append(res) # remove role if u'remove' in role: for role in role.get(u'remove'): res = user.remove_role(role) resp[u'role.remove'].append(res) # update user res = user.update(name=new_name, description=new_description, active=new_active, password=new_password, expiry_date=new_expiry_date) resp[u'update'] = res return resp
def delete(self, controller, data, *args, **kwargs): scheduler = controller.get_scheduler() name = get_value(data, u'name', None, exception=True) resp = scheduler.remove_entry(name) return (resp, 202)
def dispatch(self, controller, data, *args, **kwargs): data = get_value(data, u'object-types', None, exception=True) resp = controller.objects.add_types(data) return (resp, 201)
def create_subsystem(self, subsystem_config, update=False): """Create subsystem. :param subsystem_config: subsystem configuration file :param update: if update is True don't replace database schema [default=False] """ res = [] # read subsystem config config = read_file(subsystem_config) subsystem = get_value(config, 'api_subsystem', None, exception=True) api_config = get_value(config, 'api', {}) if update is True: self.logger.info('Update %s subsystem' % subsystem) else: self.logger.info('Create new %s subsystem' % subsystem) # set operation user operation.user = (api_config.get('user', None), 'localhost', None) operation.id = str(uuid4()) self.set_permissions(classes=self.classes) # init auth subsytem if subsystem == 'auth': res.extend(self.__configure(config, update=update)) res.extend(self.__init_subsystem(config, update=update)) # setup main kombu queue # init oauth2 subsytem elif subsystem == 'oauth2': res.extend(self.__init_subsystem(config, update=update)) # init other subsystem else: # create api client instance client = BeehiveApiClient(api_config['endpoint'], 'keyauth', api_config['user'], api_config['pwd'], None, api_config['catalog']) if update is False: # create super user user = {'name': '%s_admin@local' % config['api_subsystem'], 'pwd': random_password(20), 'desc': '%s internal user' % subsystem} try: client.add_system_user(user['name'], password=user['pwd'], desc='User %s' % user['name']) except BeehiveApiClientError as ex: if ex.code == 409: client.update_user(user['name'], user['name'], user['pwd'], 'User %s' % user['name']) else: raise # append system user config config['config'].append({'group': 'api', 'name': 'user', 'value': {'name': user['name'], 'pwd': user['pwd']}}) # append catalog config config['config'].append({'group': 'api', 'name': 'catalog', 'value': api_config['catalog']}) # append auth endpoints config config['config'].append({'group': 'api', 'name': 'endpoints', 'value': json.dumps(api_config['endpoint'])}) res.extend(self.__configure(config, update=update)) res.extend(self.__init_subsystem(config, update=update)) return res
def create_subsystem(self, subsystem_config): """Create subsystem. :param subsystem_config: subsystem configuration file """ res = [] # read subsystem config config = self.read_config(subsystem_config) subsystem = get_value(config, u'api_subsystem', None, exception=True) update = get_value(config, u'update', False) api_config = get_value(config, u'api', {}) self.logger.debug(api_config) # set operation user operation.user = (api_config.get(u'user', None), u'localhost', None) self.set_permissions(classes=self.classes) # init auth subsytem if subsystem == u'auth': res.extend(self.__configure(config, update=update)) res.extend(self.__init_subsystem(config, update=update)) # setup main kombu queue # init oauth2 subsytem elif subsystem == u'oauth2': res.extend(self.__init_subsystem(config, update=update)) # init other subsystem else: # create api client instance client = BeehiveApiClient(api_config[u'endpoint'], u'keyauth', api_config[u'user'], api_config[u'pwd'], api_config[u'catalog']) # create super user user = {u'name':u'%s_admin@local' % config[u'api_subsystem'], u'pwd':random_password(20), u'desc':u'%s internal user' % subsystem} try: client.add_system_user(user[u'name'], password=user[u'pwd'], description=u'User %s' % user[u'name']) except BeehiveApiClientError as ex: if ex.code == 409: client.update_user(user[u'name'], user[u'name'], user[u'pwd'], u'User %s' % user[u'name']) else: raise if update is False: # append system user config config[u'config'].append({u'group':u'api', u'name':u'user', u'value':{u'name':user[u'name'], u'pwd':user[u'pwd']}}) # append catalog config config[u'config'].append({u'group':u'api', u'name':u'catalog', u'value':api_config[u'catalog']}) # append auth endpoints config config[u'config'].append({u'group':u'api', u'name':u'endpoints', u'value':json.dumps(api_config[u'endpoint'])}) res.extend(self.__configure(config, update=update)) res.extend(self.__init_subsystem(config, update=update)) return res