def render_GET(self, request): subject = resourceutil.getSubject(request) # authz check ctx = [ (rights.CTX_VIEWGROUP, 'wlcg') ] if not self.authorizer.isAllowed(subject, rights.ACTION_VIEW, ctx): return self.renderAuthzErrorPage(request, 'WLCG oversight view', subject) # access allowed start_date, end_date = dateform.parseStartEndDates(request) # set dates if not specified (defaults are current month, which is not what we want) year, quart = dateform.currentYearQuart() if not 'startdate' in request.args or request.args['startdate'] == ['']: start_date, _ = dateform.quarterStartEndDates(year, quart) if not 'enddate' in request.args or request.args['enddate'] == ['']: _, end_date = dateform.quarterStartEndDates(year, quart) if 'unit' in request.args and request.args['unit'][0] not in WLCG_UNIT_MAPPING: return self.renderErrorPage('Invalid units parameters') unit = request.args.get('unit', ['ksi2k-ne'])[0] t_query_start = time.time() d = self.retrieveWLCGData(start_date, end_date) d.addCallback(self.renderWLCGViewPage, request, start_date, end_date, unit, t_query_start) d.addErrback(self.renderErrorPage, request) return server.NOT_DONE_YET
def render_GET(self, request): subject = resourceutil.getSubject(request) # authz check if self.authorizer.hasRelevantRight(subject, rights.ACTION_VIEW): d = self.retrieveMachineList() d.addCallbacks(self.renderMachineList, self.renderErrorPage, callbackArgs=(request,), errbackArgs=(request,)) return server.NOT_DONE_YET else: return self.renderAuthzErrorPage(request, 'machine list', subject)
def render_GET(self, request): subject = resourceutil.getSubject(request) # authz check ctx = [ (rights.CTX_VIEWGROUP, 'admin') ] if self.authorizer.isAllowed(subject, rights.ACTION_VIEW, ctx): d = self.retrieveDatabaseStats() d.addCallbacks(self.renderAdminManifestPage, self.renderErrorPage, callbackArgs=(request,), errbackArgs=(request,)) return server.NOT_DONE_YET else: return self.renderAuthzErrorPage(request, 'administrators manifest', subject)
def render_GET(self, request): subject = resourceutil.getSubject(request) # authZ check ctx = [ (rights.CTX_VIEW, self.view.view_name) ] + [ (rights.CTX_VIEWGROUP, vg) for vg in self.view.view_groups ] if self.authorizer.isAllowed(subject, rights.ACTION_VIEW, context=ctx): return self.renderView(request) # access not allowed request.write('<html><body>Access to view %s not allowed for %s</body></html>' % (self.view.view_name, subject)) request.finish() return server.NOT_DONE_YET
def render_GET(self, request): subject = resourceutil.getSubject(request) # authz check ctx = [ ('machine', self.machine_name) ] if not self.authorizer.isAllowed(subject, rights.ACTION_VIEW, ctx): return self.renderAuthzErrorPage(request, 'machine view for %s' % self.machine_name, subject) # access allowed start_date, end_date = dateform.parseStartEndDates(request) d = self.retrieveMachineInfo(start_date, end_date) d.addCallbacks(self.renderMachineView, self.renderErrorPage, callbackArgs=(request,), errbackArgs=(request,)) return server.NOT_DONE_YET
def render_GET(self, request): subject = resourceutil.getSubject(request) # authz check if self.authorizer.hasRelevantRight(subject, rights.ACTION_VIEW): d = self.retrieveMachineList() d.addCallbacks(self.renderMachineList, self.renderErrorPage, callbackArgs=(request, ), errbackArgs=(request, )) return server.NOT_DONE_YET else: return self.renderAuthzErrorPage(request, 'machine list', subject)
def render_GET(self, request): subject = resourceutil.getSubject(request) # authZ check ctx = [(rights.CTX_VIEW, self.view.view_name) ] + [(rights.CTX_VIEWGROUP, vg) for vg in self.view.view_groups] if self.authorizer.isAllowed(subject, rights.ACTION_VIEW, context=ctx): return self.renderView(request) # access not allowed request.write( '<html><body>Access to view %s not allowed for %s</body></html>' % (self.view.view_name, subject)) request.finish() return server.NOT_DONE_YET
def render_GET(self, request): subject = resourceutil.getSubject(request) # authz check ctx = [ (rights.CTX_VIEWGROUP, 'wlcg') ] if not self.authorizer.isAllowed(subject, rights.ACTION_VIEW, ctx): return self.renderAuthzErrorPage(request, 'WLCG %s view' % self.path, subject) # access allowed start_date, end_date = dateform.parseStartEndDates(request) t_query_start = time.time() d = self.retrieveWLCGData(start_date, end_date) d.addCallback(self.renderWLCGViewPage, request, start_date, end_date, t_query_start) d.addErrback(self.renderErrorPage, request) return server.NOT_DONE_YET
def render_GET(self, request): subject = resourceutil.getSubject(request) # authz check ctx = [('machine', self.machine_name)] if not self.authorizer.isAllowed(subject, rights.ACTION_VIEW, ctx): return self.renderAuthzErrorPage( request, 'machine view for %s' % self.machine_name, subject) # access allowed start_date, end_date = dateform.parseStartEndDates(request) d = self.retrieveMachineInfo(start_date, end_date) d.addCallbacks(self.renderMachineView, self.renderErrorPage, callbackArgs=(request, ), errbackArgs=(request, )) return server.NOT_DONE_YET
def render_GET(self, request): subject = resourceutil.getSubject(request) # authz check ctx = [ (rights.CTX_VIEWGROUP, 'wlcg') ] if not self.authorizer.isAllowed(subject, rights.ACTION_VIEW, ctx): return self.renderAuthzErrorPage(request, 'WLCG Storage View', subject) # access allowed date = dateform.parseDate(request) media = request.args.get('media',['all'])[0] t_query_start = time.time() d = self.retrieveWLCGData(date) d.addCallback(self.renderWLCGViewPage, request, date, media, t_query_start) d.addErrback(self.renderErrorPage, request) return server.NOT_DONE_YET
def render_GET(self, request): subject = resourceutil.getSubject(request) # authz check ctx = [ (rights.CTX_VIEWGROUP, 'wlcg') ] if not self.authorizer.isAllowed(subject, rights.ACTION_VIEW, ctx): return self.renderAuthzErrorPage(request, 'WLCG view', subject) # access allowed request.write(html.HTML_VIEWBASE_HEADER % {'title': 'WLCG Views'}) request.write( html.createTitle('WLCG Views') ) for view_url, ( description, _ ) in self.subview.items(): request.write('<div><a href=wlcg/%s>%s</a></div>\n' % (view_url, description)) request.write( html.P ) request.write(html.HTML_VIEWBASE_FOOTER) request.finish() return server.NOT_DONE_YET
def render_POST(self, request): def insertDone(result): request.write(json.dumps(result)) request.finish() def insertError(error): #log.msg("Error during insert: %s" % error.getErrorMessage(), system='sgas.InsertResource') log.msg(self.insert_error_msg % error.getErrorMessage(), system='sgas.InsertResource') log.err(error) error_msg = error.getErrorMessage() if error.check(dberror.DatabaseUnavailableError): request.setResponseCode(503) # service unavailable error_msg = 'Database currently unavailable. Please try again later.' elif error.check(dberror.SecurityError): request.setResponseCode(406) # not acceptable else: request.setResponseCode(500) request.write(error_msg) request.finish() # FIXME check for postpath, and if any reject request subject = resourceutil.getSubject(request) if not self.authorizer.hasRelevantRight(subject, self.authz_right): reject_msg = self.insert_authz_reject_msg % subject #log.msg("Rejecting insert for %s, has no insert rights." % subject) log.msg(reject_msg) request.setResponseCode(403) # forbidden return reject_msg # request allowed, continue # hostname is used for logging / provenance in the usage records hostname = resourceutil.getHostname(request) or resourceutil.getCN(subject) request.content.seek(0) data = request.content.read() d = self.insertRecords(data, subject, hostname) d.addCallbacks(insertDone, insertError) return server.NOT_DONE_YET
def render_POST(self, request): def insertDone(result): request.write(json.dumps(result)) request.finish() def insertError(error): #log.msg("Error during insert: %s" % error.getErrorMessage(), system='sgas.InsertResource') log.msg(self.insert_error_msg % error.getErrorMessage(), system='sgas.InsertResource') log.err(error) error_msg = error.getErrorMessage() if error.check(dberror.DatabaseUnavailableError): request.setResponseCode(503) # service unavailable error_msg = 'Database currently unavailable. Please try again later.' elif error.check(dberror.SecurityError): request.setResponseCode(406) # not acceptable else: request.setResponseCode(500) request.write(error_msg) request.finish() # FIXME check for postpath, and if any reject request subject = resourceutil.getSubject(request) if not self.authorizer.hasRelevantRight(subject, self.authz_right): reject_msg = self.insert_authz_reject_msg % subject #log.msg("Rejecting insert for %s, has no insert rights." % subject) log.msg(reject_msg) request.setResponseCode(403) # forbidden return reject_msg # request allowed, continue # hostname is used for logging / provenance in the usage records hostname = resourceutil.getHostname(request) request.content.seek(0) data = request.content.read() d = self.insertRecords(data, subject, hostname) d.addCallbacks(insertDone, insertError) return server.NOT_DONE_YET
def render_GET(self, request): #print request.postpath subject = resourceutil.getSubject(request) if not self.authorizer.isAllowed(subject, ACTION_MONITOR, () ): request.setResponseCode(403) # forbidden return "Monitoring not allowed for %s" % subject # request allowed, continue if not len(request.postpath) in (1,2): return self.renderErrorPage('Invalid machine specification', request) machine_name = request.postpath[0] insert_host = None if len(request.postpath) == 2: insert_host = request.postpath[1] d = self.queryStatus(machine_name, insert_host) d.addCallback(self.renderMonitorStatus, machine_name, request) d.addErrback(self.renderErrorPage, request) return server.NOT_DONE_YET
def render_GET(self, request): #print request.postpath subject = resourceutil.getSubject(request) if not self.authorizer.isAllowed(subject, ACTION_MONITOR, ()): request.setResponseCode(403) # forbidden return "Monitoring not allowed for %s" % subject # request allowed, continue if not len(request.postpath) in (1, 2): return self.renderErrorPage('Invalid machine specification', request) machine_name = request.postpath[0] insert_host = None if len(request.postpath) == 2: insert_host = request.postpath[1] d = self.queryStatus(machine_name, insert_host) d.addCallback(self.renderMonitorStatus, machine_name, request) d.addErrback(self.renderErrorPage, request) return server.NOT_DONE_YET
def render_GET(self, request): subject = resourceutil.getSubject(request) return self.renderStartPage(request, subject)
class QueryResource(resource.Resource): PLUGIN_ID = 'query' PLUGIN_NAME = 'Query' isLeaf = True def __init__(self, cfg, db, authorizer): resource.Resource.__init__(self) self.db = db self.authorizer = authorizer authorizer.addChecker(ACTION_QUERY, ctxsetchecker.AllSetChecker) authorizer.rights.addActions(ACTION_QUERY) authorizer.rights.addOptions(ACTION_QUERY,[rights.OPTION_ALL]) authorizer.rights.addContexts(ACTION_QUERY,[CTX_MACHINE_NAME, CTX_USER_IDENTITY, CTX_VO_NAME]) def queryDatabase(self, query_args): query, query_args = querybuilder.buildQuery(query_args) d = self.db.query(query, query_args) return d def render_GET(self, request): try: query_args = queryparser.parseURLArguments(request.args) except queryparser.QueryParseError, e: request.setResponseCode(400) # bad request log.msg('Rejecting query request: %s' % str(e), system='sgas.QueryResource') return str(e) authz_params = queryparser.filterAuthzParams(query_args) subject = resourceutil.getSubject(request) if not self.authorizer.isAllowed(subject, ACTION_QUERY, context=authz_params.items()): request.setResponseCode(403) # forbidden return "Query not allowed for given context for identity %s" % subject # request allowed, continue hostname = resourceutil.getHostname(request) log.msg('Accepted query request from %s' % hostname, system='sgas.QueryResource') def gotDatabaseResult(rows): records = queryrowrp.buildDictRecords(rows, query_args) payload = json.dumps(records) request.setHeader(HTTP_HEADER_CONTENT_TYPE, JSON_MIME_TYPE) request.write(payload) request.finish() def queryError(error): log.msg('Queryengine error: %s' % str(error), system='sgas.QueryResource') log.msg('Queryengine error args' % str(query_args), system='sgas.QueryResource') request.setResponseCode(500) request.write('Queryengine error (%s)' % str(error), system='sgas.QueryResource') request.finish() def resultHandlingError(error): log.msg('Query result error: %s' % str(error), system='sgas.QueryResource') log.msg('Query result error args' % str(query_args), system='sgas.QueryResource') request.setResponseCode(500) request.write('Query result error (%s)' % str(error), system='sgas.QueryResource') request.finish() d = self.queryDatabase(query_args) d.addCallbacks(gotDatabaseResult, queryError) d.addErrback(resultHandlingError) return server.NOT_DONE_YET
class QueryResource(resource.Resource): PLUGIN_ID = 'customquery' PLUGIN_NAME = 'CustomQuery' isLeaf = True def __init__(self, cfg, db, authorizer): resource.Resource.__init__(self) self.db = db self.authorizer = authorizer self.queries = querydefinition.buildQueryList(cfg) self.authorizer.addChecker(ACTION_CUSTOMQUERY, ctxsetchecker.AllSetChecker) self.authorizer.rights.addActions(ACTION_CUSTOMQUERY) self.authorizer.rights.addOptions(ACTION_CUSTOMQUERY, [authrights.OPTION_ALL]) self.authorizer.rights.addContexts( ACTION_CUSTOMQUERY, [CTX_MACHINE_NAME, CTX_USER_IDENTITY, CTX_VO_NAME]) def queryDatabase(self, query, query_args): return self.db.dictquery(query, query_args) def render_GET(self, request): if not len(request.postpath) == 1: request.setResponseCode(400) # bad request log.msg('Missing query name', system='sgas.QueryResource') return "Missing query name" query_name = request.postpath[0] if not query_name: request.setResponseCode(400) # bad request log.msg('Missing query name', system='sgas.QueryResource') return "Missing query name" query = None for q in self.queries: if q.query_name == query_name: query = q if not query: request.setResponseCode(400) # bad request log.msg('Query "%s" does not exist' % query_name, system='sgas.QueryResource') return "Query does not exist" try: query_args = query.parseURLArguments(request.args) except querydefinition.QueryParseError, e: request.setResponseCode(400) # bad request log.msg('Rejecting custom query request: %s' % str(e), system='sgas.QueryResource') return str(e) ctx = [(rights.CTX_QUERY, query_name)] + [(rights.CTX_QUERYGROUP, vg) for vg in query.query_group] subject = resourceutil.getSubject(request) if not self.authorizer.isAllowed( subject, ACTION_CUSTOMQUERY, context=ctx): request.setResponseCode(403) # forbidden return "CustomQuery not allowed for given context for identity %s" % subject # request allowed, continue hostname = resourceutil.getHostname(request) log.msg('Accepted query request from %s' % hostname, system='sgas.QueryResource') def gotDatabaseResult(rows): payload = json.dumps(rows) request.setHeader(HTTP_HEADER_CONTENT_TYPE, JSON_MIME_TYPE) request.write(payload) request.finish() def queryError(error): log.msg('Queryengine error: %s' % str(error), system='sgas.QueryResource') log.msg('Queryengine error args' % str(query_args), system='sgas.QueryResource') request.setResponseCode(500) request.write('Queryengine error (%s)' % str(error), system='sgas.QueryResource') request.finish() def resultHandlingError(error): log.msg('Query result error: %s' % str(error), system='sgas.QueryResource') log.msg('Query result error args' % str(query_args), system='sgas.QueryResource') request.setResponseCode(500) request.write('Query result error (%s)' % str(error), system='sgas.QueryResource') request.finish() d = self.queryDatabase(query.query, query_args) d.addCallbacks(gotDatabaseResult, queryError) d.addErrback(resultHandlingError) return server.NOT_DONE_YET