def save_protected_str(self, realm, key, value_str):
self.logger.debug(
'save_protected_str(obj, "%s", "%s", "%s")' %
(realm, key,
None if value_str is None else 'secret len=%s' % len(value_str)))
reload(entity)
e = self._try_find_entity(realm, key)
if e is not None:
e[self.ENTITY_FIELD_VALUE] = None
e[self.ENTITY_FIELD_VALUE_ENCRYPTED] = None
e[self.ENTITY_FIELD_KEY] = None
# BUG
# если не почистить realm, то будет ошибка 'Argument "realm" is not supported by this handler.'
e[self.ENTITY_FIELD_REALM] = None
self._entity_encrypt_new_password_value(e, value_str)
# BUG
# если тут добавить сессионный ключ, то спланк иногда не может сохранить записи
try:
entity.setEntity(e)
except:
entity.setEntity(e, sessionKey=self.session_key)
else:
e = entity.Entity(self.STORAGE_PATH, key)
e.namespace = self.app_name
e[self.ENTITY_FIELD_REALM] = realm
self._entity_encrypt_new_password_value(e, value_str)
entity.setEntity(e, sessionKey=self.session_key)
def commit(viewstate):
'''
Persists a viewstate object.
'''
if not isinstance(viewstate, Viewstate):
raise ValueError, 'Cannot commit viewstate; Only viewstate objects supported'
# check required properties
for k in ['namespace', 'owner', 'view']:
getattr(viewstate, k)
# assert that the viewstate_id is not a hash
if viewstate.id.find(':') > -1:
raise ValueError, 'Cannot commit viewstate: viewstate_id contains a colon: %s' % viewstate.id
entityWrapper = en.Entity(VIEWSTATE_ENTITY_CLASS,
buildStanzaName(viewstate.view, viewstate.id),
namespace=viewstate.namespace,
owner=viewstate.owner)
for module_name in sorted(viewstate.modules):
for param_name in sorted(viewstate.modules[module_name]):
entityWrapper[buildParamName(
module_name,
param_name)] = viewstate.modules[module_name][param_name]
en.setEntity(entityWrapper)
return True
def setSharing(viewstate, shareMode):
'''
Sets the sharing mode: 'global', 'app', 'user'
'''
if not isinstance(viewstate, Viewstate):
raise ValueError, 'Cannot update viewstate; Only viewstate objects supported'
# first fetch all the ACL data
vsACL = en.getEntity(VIEWSTATE_ENTITY_CLASS + '/' +
buildStanzaName(viewstate.view, viewstate.id),
'acl',
namespace=viewstate.namespace,
owner=viewstate.owner)
# create new object and update mininum set of properties to support sharing
aclWrapper = en.Entity(VIEWSTATE_ENTITY_CLASS + '/' +
buildStanzaName(viewstate.view, viewstate.id),
'acl',
namespace=viewstate.namespace,
owner=viewstate.owner)
aclWrapper['owner'] = viewstate.owner
aclWrapper['sharing'] = shareMode
# commit
en.setEntity(aclWrapper)
return True
def _apply(self, migration, force=False):
"""
invokes validate() and teardown() of an available migration plugin instance
"""
try:
migration.validate()
migration.teardown()
except Exception as e:
self.rollback()
raise e
else:
# migration.dst is the resulting entity after the migration is applied
dst_entity = migration.dst
entity_path = self.migration_conf.dest_conf
update = False
uri = en.buildEndpoint(entity_path, entityName=dst_entity.name, namespace=NAMESPACE, owner=OWNER)
if self._check_resource_exists(uri, sessionKey=self.session_key):
if force:
update = True
else:
raise ResourceExistsException
if update:
entity = en.Entity(entity_path, dst_entity.name,
namespace=NAMESPACE,
contents=dst_entity.content,
owner=OWNER)
else:
entity = en.Entity(entity_path, '_new',
namespace=NAMESPACE,
contents=dst_entity.content,
owner=OWNER)
entity['name'] = dst_entity.name
# to bypass a funny check in splunk.entity.getFullPath()
entity['eai:acl'] = {}
en.setEntity(entity, sessionKey=self.session_key)
self.migration_conf.update_state(self.resource_url, migration.migration_level)
def create(self, name, **params):
user, app = self.user_app()
new = entity.Entity(self.endpoint, "_new", namespace=app, owner=user)
try:
new["name"] = name
for arg, val in list(params.items()):
new[arg] = val
entity.setEntity(new, sessionKey=self.getSessionKey())
except Exception as exc:
RH_Err.ctl(-1, exc, logLevel=logging.INFO)
def set_firewall_apikey(self, apikey):
"""Given a splunk self.session_key sets the firewall API key in the Splunk password store"""
try:
# The password cannot be modified, so it must be deleted before it can be added back.
self.delete_firewall_apikey()
apikey = {'name': 'firewall_api_key', 'password': apikey}
apikey_entity = entity.Entity(['admin', 'passwords'], "firewall_api_key", namespace=self.APPNAME, owner='nobody', contents=apikey)
entity.setEntity(apikey_entity, sessionKey=self.session_key, strictCreate=False)
except Exception as e:
stack = traceback.format_exc()
self.logger.warn(stack)
self.logger.warn("entity exception")
self.exit_with_error("Could not set %s firewall apikey from splunk. Error: %s" % (self.APPNAME, str(e)))
def updateStatus(self):
if self.name != None and self.namespace != None and self.owner != None:
try:
# get entity first, so we get the canonical context
base = entity.getEntity('admin/conf-export',
self.name,
namespace=self.namespace,
owner=self.owner,
sessionKey=self.sessionKey)
en = entity.Entity('admin/conf-export', self.name,
self.content, self.namespace, self.owner)
entity.setEntity(en, self.sessionKey, uri=base.id)
except:
logger.exception('Failed to update status')
def create(self, **params):
new = en.Entity(self._endpoint,
self.callerArgs.id,
namespace=self.appName,
owner='nobody')
for arg in self._required_args:
new[arg] = params[arg]
for arg in self._optional_args:
try:
new[arg] = params[arg]
except:
pass
en.setEntity(new, sessionKey=self.getSessionKey())
def update_state(self, entity, state):
"""
updates the state but this actually writes the entire content of the entity
"""
self._state[entity] = state
contents = {
'STATE': json.dumps(self._state)
}
entity_path = ["configs", "conf-app-migration"]
entity = en.Entity(entity_path, self.migration_id, contents=contents,
namespace=NAMESPACE,
owner=OWNER)
# to bypass a funny check in getFullPath
entity['eai:acl'] = {}
en.setEntity(entity, sessionKey=self.session_key)
def create(self, **params):
app, user = self._namespace_and_owner()
new = en.Entity(self._endpoint,
self.callerArgs.id,
namespace=app,
owner=user)
for arg in self._required_args:
new[arg] = params[arg]
for arg in self._optional_args:
try:
new[arg] = params[arg]
except:
pass
en.setEntity(new, sessionKey=self.getSessionKey(), strictCreate=True)
def handleCreate(self, confInfo):
name = self.callerArgs.id
new = en.Entity(ENDPOINT,
name,
namespace=self.appName,
owner=self.userName)
for arg in required_args:
new[arg] = self.callerArgs[arg]
for arg in optional_args:
try:
new[arg] = self.callerArgs[arg]
except:
pass
en.setEntity(new, sessionKey=self.getSessionKey())
def update(self, **params):
app, user = self._namespace_and_owner()
try:
ent = entity.getEntity('/properties/' + self.confObjectName,
self.callerArgs.id,
namespace=app,
owner=user,
sessionKey=self.getSessionKey())
except:
ent = entity.Entity('/properties/' + self.confObjectName,
self.callerArgs.id,
namespace=app,
owner=user)
for arg in params.keys():
ent[arg] = params[arg]
logger.error("O3: /properties/" + self.confObjectName + '/' + self.callerArgs.id)
logger.error("O3: " + str(arg) + "," + str(ent[arg]))
entity.setEntity(ent, sessionKey=self.getSessionKey())
def handleCreate(self, confInfo):
name = self.callerArgs.id
logger.info('DEBUG %s' % name)
new = en.Entity(ENDPOINT,
name,
namespace=self.appName,
owner=self.userName)
for arg in required_args:
new[arg] = self.callerArgs[arg]
for arg in optional_args:
if arg in ['disabled']:
next
try:
new[arg] = self.callerArgs[arg]
except:
pass
en.setEntity(new, sessionKey=self.getSessionKey())
