def testGetElementWithId(self):
dom = xml.dom.minidom.parseString("""
<aa>
<bb id="bb1"/>
<bb/>
<bb id="bb2">
<cc id="cc1"/>
</bb>
<bb id="bb3">
<cc id="cc2"/>
</bb>
</aa>
""").documentElement
self.assert_element_id(utils.dom_get_element_with_id(dom, "bb", "bb1"),
"bb1")
self.assert_element_id(utils.dom_get_element_with_id(dom, "bb", "bb2"),
"bb2")
self.assert_element_id(utils.dom_get_element_with_id(dom, "cc", "cc1"),
"cc1")
self.assert_element_id(
utils.dom_get_element_with_id(
utils.dom_get_element_with_id(dom, "bb", "bb2"), "cc", "cc1"),
"cc1")
self.assertEquals(None,
utils.dom_get_element_with_id(dom, "dd", "bb1"))
self.assertEquals(None,
utils.dom_get_element_with_id(dom, "bb", "bb4"))
self.assertEquals(None,
utils.dom_get_element_with_id(dom, "bb", "cc1"))
self.assertEquals(
None,
utils.dom_get_element_with_id(
utils.dom_get_element_with_id(dom, "bb", "bb2"), "cc", "cc2"))
def test_dom_get_parent_by_tag_name(self):
dom = xml.dom.minidom.parseString("""
<aa id="aa1">
<bb id="bb1"/>
<bb id="bb2">
<cc id="cc1"/>
</bb>
<bb id="bb3">
<cc id="cc2"/>
</bb>
<dd id="dd1" />
</aa>
""").documentElement
bb1 = utils.dom_get_element_with_id(dom, "bb", "bb1")
cc1 = utils.dom_get_element_with_id(dom, "cc", "cc1")
self.assert_element_id(
utils.dom_get_parent_by_tag_name(bb1, "aa"),
"aa1"
)
self.assert_element_id(
utils.dom_get_parent_by_tag_name(cc1, "aa"),
"aa1"
)
self.assert_element_id(
utils.dom_get_parent_by_tag_name(cc1, "bb"),
"bb2"
)
self.assertEquals(None, utils.dom_get_parent_by_tag_name(bb1, "cc"))
self.assertEquals(None, utils.dom_get_parent_by_tag_name(cc1, "dd"))
self.assertEquals(None, utils.dom_get_parent_by_tag_name(cc1, "ee"))
def constraint_rule(argv):
if len(argv) < 2:
usage.constraint("rule")
sys.exit(1)
found = False
command = argv.pop(0)
constraint_id = None
rule_id = None
if command == "add":
constraint_id = argv.pop(0)
cib = utils.get_cib_dom()
constraint = utils.dom_get_element_with_id(
cib.getElementsByTagName("constraints")[0],
"rsc_location",
constraint_id
)
if not constraint:
utils.err("Unable to find constraint: " + constraint_id)
options, rule_argv = rule_utils.parse_argv(argv)
rule_utils.dom_rule_add(constraint, options, rule_argv)
location_rule_check_duplicates(cib, constraint)
utils.replace_cib_configuration(cib)
elif command in ["remove","delete"]:
cib = utils.get_cib_etree()
temp_id = argv.pop(0)
constraints = cib.find('.//constraints')
loc_cons = cib.findall(str('.//rsc_location'))
rules = cib.findall(str('.//rule'))
for loc_con in loc_cons:
for rule in loc_con:
if rule.get("id") == temp_id:
if len(loc_con) > 1:
print("Removing Rule: {0}".format(rule.get("id")))
loc_con.remove(rule)
found = True
break
else:
print(
"Removing Constraint: {0}".format(loc_con.get("id"))
)
constraints.remove(loc_con)
found = True
break
if found == True:
break
if found:
utils.replace_cib_configuration(cib)
else:
utils.err("unable to find rule with id: %s" % temp_id)
else:
usage.constraint("rule")
sys.exit(1)
def constraint_rule(argv):
if len(argv) < 2:
usage.constraint("rule")
sys.exit(1)
found = False
command = argv.pop(0)
constraint_id = None
rule_id = None
if command == "add":
constraint_id = argv.pop(0)
cib = utils.get_cib_dom()
constraint = utils.dom_get_element_with_id(
cib.getElementsByTagName("constraints")[0], "rsc_location",
constraint_id)
if not constraint:
utils.err("Unable to find constraint: " + constraint_id)
options, rule_argv = rule_utils.parse_argv(argv)
rule_utils.dom_rule_add(constraint, options, rule_argv)
location_rule_check_duplicates(cib, constraint)
utils.replace_cib_configuration(cib)
elif command in ["remove", "delete"]:
cib = utils.get_cib_etree()
temp_id = argv.pop(0)
constraints = cib.find('.//constraints')
loc_cons = cib.findall('.//rsc_location')
rules = cib.findall('.//rule')
for loc_con in loc_cons:
for rule in loc_con:
if rule.get("id") == temp_id:
if len(loc_con) > 1:
print("Removing Rule:", rule.get("id"))
loc_con.remove(rule)
found = True
break
else:
print("Removing Constraint:", loc_con.get("id"))
constraints.remove(loc_con)
found = True
break
if found == True:
break
if found:
utils.replace_cib_configuration(cib)
else:
utils.err("unable to find rule with id: %s" % temp_id)
else:
usage.constraint("rule")
sys.exit(1)
def testGetElementWithId(self):
dom = xml.dom.minidom.parseString("""
<aa>
<bb id="bb1"/>
<bb/>
<bb id="bb2">
<cc id="cc1"/>
</bb>
<bb id="bb3">
<cc id="cc2"/>
</bb>
</aa>
""").documentElement
self.assert_element_id(
utils.dom_get_element_with_id(dom, "bb", "bb1"), "bb1"
)
self.assert_element_id(
utils.dom_get_element_with_id(dom, "bb", "bb2"), "bb2"
)
self.assert_element_id(
utils.dom_get_element_with_id(dom, "cc", "cc1"), "cc1"
)
self.assert_element_id(
utils.dom_get_element_with_id(
utils.dom_get_element_with_id(dom, "bb", "bb2"),
"cc",
"cc1"
),
"cc1"
)
self.assertEquals(None, utils.dom_get_element_with_id(dom, "dd", "bb1"))
self.assertEquals(None, utils.dom_get_element_with_id(dom, "bb", "bb4"))
self.assertEquals(None, utils.dom_get_element_with_id(dom, "bb", "cc1"))
self.assertEquals(
None,
utils.dom_get_element_with_id(
utils.dom_get_element_with_id(dom, "bb", "bb2"),
"cc",
"cc2"
)
)
def acl_role(argv):
if len(argv) < 2:
usage.acl(["role"])
sys.exit(1)
dom = utils.get_cib_dom()
dom, acls = get_acls(dom)
command = argv.pop(0)
if command == "create":
role_name = argv.pop(0)
if argv and argv[0].startswith('description=') and len(argv[0]) > 12:
description = argv.pop(0)[12:]
else:
description = ""
id_valid, id_error = utils.validate_xml_id(role_name, 'ACL role')
if not id_valid:
utils.err(id_error)
if utils.dom_get_element_with_id(dom, "acl_role", role_name):
utils.err("role %s already exists" % role_name)
if utils.does_id_exist(dom,role_name):
utils.err(role_name + " already exists")
element = dom.createElement("acl_role")
element.setAttribute("id",role_name)
if description != "":
element.setAttribute("description", description)
acls.appendChild(element)
if not add_permissions_to_role(element, argv):
usage.acl(["role create"])
sys.exit(1)
utils.replace_cib_configuration(dom)
elif command == "delete":
if len(argv) < 1:
usage.acl(["role delete"])
sys.exit(1)
role_id = argv.pop(0)
found = False
for elem in dom.getElementsByTagName("acl_role"):
if elem.getAttribute("id") == role_id:
found = True
elem.parentNode.removeChild(elem)
break
if not found:
utils.err("unable to find acl role: %s" % role_id)
# Remove any references to this role in acl_target or acl_group
for elem in dom.getElementsByTagName("role"):
if elem.getAttribute("id") == role_id:
user_group = elem.parentNode
user_group.removeChild(elem)
if "--autodelete" in utils.pcs_options:
if not user_group.getElementsByTagName("role"):
user_group.parentNode.removeChild(user_group)
utils.replace_cib_configuration(dom)
elif command == "assign":
if len(argv) < 2:
usage.acl(["role assign"])
sys.exit(1)
if len(argv) == 2:
role_id = argv[0]
ug_id = argv[1]
elif len(argv) > 2 and argv[1] == "to":
role_id = argv[0]
ug_id = argv[2]
else:
usage.acl(["role assign"])
sys.exit(1)
found = False
for role in dom.getElementsByTagName("acl_role"):
if role.getAttribute("id") == role_id:
found = True
break
if not found:
utils.err("cannot find role: %s" % role_id)
found = False
for ug in dom.getElementsByTagName("acl_target") + dom.getElementsByTagName("acl_group"):
if ug.getAttribute("id") == ug_id:
found = True
break
if not found:
utils.err("cannot find user or group: %s" % ug_id)
for current_role in ug.getElementsByTagName("role"):
if current_role.getAttribute("id") == role_id:
utils.err(role_id + " is already assigned to " + ug_id)
new_role = dom.createElement("role")
new_role.setAttribute("id", role_id)
ug.appendChild(new_role)
utils.replace_cib_configuration(dom)
elif command == "unassign":
if len(argv) < 2:
usage.acl(["role unassign"])
sys.exit(1)
role_id = argv.pop(0)
if len(argv) > 1 and argv[0] == "from":
ug_id = argv[1]
else:
ug_id = argv[0]
found = False
for ug in dom.getElementsByTagName("acl_target") + dom.getElementsByTagName("acl_group"):
if ug.getAttribute("id") == ug_id:
found = True
break
if not found:
utils.err("cannot find user or group: %s" % ug_id)
found = False
for current_role in ug.getElementsByTagName("role"):
if current_role.getAttribute("id") == role_id:
found = True
current_role.parentNode.removeChild(current_role)
break
if not found:
utils.err("cannot find role: %s, assigned to user/group: %s" % (role_id, ug_id))
if "--autodelete" in utils.pcs_options:
if not ug.getElementsByTagName("role"):
ug.parentNode.removeChild(ug)
utils.replace_cib_configuration(dom)
else:
utils.err("Unknown pcs acl role command: '" + command + "' (try create or delete)")
def acl_target(argv,group=False):
if len(argv) < 2:
if group:
usage.acl(["group"])
sys.exit(1)
else:
usage.acl(["user"])
sys.exit(1)
dom = utils.get_cib_dom()
dom, acls = get_acls(dom)
command = argv.pop(0)
tug_id = argv.pop(0)
if command == "create":
# pcsd parses the error message in order to determine whether the id is
# assigned to user/group or some other cib element
if group and utils.dom_get_element_with_id(dom, "acl_group", tug_id):
utils.err("group %s already exists" % tug_id)
if not group and utils.dom_get_element_with_id(dom, "acl_target", tug_id):
utils.err("user %s already exists" % tug_id)
if utils.does_id_exist(dom,tug_id):
utils.err(tug_id + " already exists")
if group:
element = dom.createElement("acl_group")
else:
element = dom.createElement("acl_target")
element.setAttribute("id", tug_id)
acls.appendChild(element)
for role in argv:
if not utils.dom_get_element_with_id(acls, "acl_role", role):
utils.err("cannot find acl role: %s" % role)
r = dom.createElement("role")
r.setAttribute("id", role)
element.appendChild(r)
utils.replace_cib_configuration(dom)
elif command == "delete":
found = False
if group:
elist = dom.getElementsByTagName("acl_group")
else:
elist = dom.getElementsByTagName("acl_target")
for elem in elist:
if elem.getAttribute("id") == tug_id:
found = True
elem.parentNode.removeChild(elem)
break
if not found:
if group:
utils.err("unable to find acl group: %s" % tug_id)
else:
utils.err("unable to find acl target/user: %s" % tug_id)
utils.replace_cib_configuration(dom)
else:
if group:
usage.acl(["group"])
else:
usage.acl(["user"])
sys.exit(1)
def acl_role(argv):
if len(argv) < 2:
usage.acl(["role"])
sys.exit(1)
dom = utils.get_cib_dom()
dom, acls = get_acls(dom)
command = argv.pop(0)
if command == "create":
role_name = argv.pop(0)
if argv and argv[0].startswith('description=') and len(argv[0]) > 12:
description = argv.pop(0)[12:]
else:
description = ""
id_valid, id_error = utils.validate_xml_id(role_name, 'ACL role')
if not id_valid:
utils.err(id_error)
if utils.dom_get_element_with_id(dom, "acl_role", role_name):
utils.err("role %s already exists" % role_name)
if utils.does_id_exist(dom, role_name):
utils.err(role_name + " already exists")
element = dom.createElement("acl_role")
element.setAttribute("id", role_name)
if description != "":
element.setAttribute("description", description)
acls.appendChild(element)
if not add_permissions_to_role(element, argv):
usage.acl(["role create"])
sys.exit(1)
utils.replace_cib_configuration(dom)
elif command == "delete":
if len(argv) < 1:
usage.acl(["role delete"])
sys.exit(1)
role_id = argv.pop(0)
found = False
for elem in dom.getElementsByTagName("acl_role"):
if elem.getAttribute("id") == role_id:
found = True
elem.parentNode.removeChild(elem)
break
if not found:
utils.err("unable to find acl role: %s" % role_id)
# Remove any references to this role in acl_target or acl_group
for elem in dom.getElementsByTagName("role"):
if elem.getAttribute("id") == role_id:
user_group = elem.parentNode
user_group.removeChild(elem)
if "--autodelete" in utils.pcs_options:
if not user_group.getElementsByTagName("role"):
user_group.parentNode.removeChild(user_group)
utils.replace_cib_configuration(dom)
elif command == "assign":
if len(argv) < 2:
usage.acl(["role assign"])
sys.exit(1)
if len(argv) == 2:
role_id = argv[0]
ug_id = argv[1]
elif len(argv) > 2 and argv[1] == "to":
role_id = argv[0]
ug_id = argv[2]
else:
usage.acl(["role assign"])
sys.exit(1)
found = False
for role in dom.getElementsByTagName("acl_role"):
if role.getAttribute("id") == role_id:
found = True
break
if not found:
utils.err("cannot find role: %s" % role_id)
found = False
for ug in dom.getElementsByTagName(
"acl_target") + dom.getElementsByTagName("acl_group"):
if ug.getAttribute("id") == ug_id:
found = True
break
if not found:
utils.err("cannot find user or group: %s" % ug_id)
for current_role in ug.getElementsByTagName("role"):
if current_role.getAttribute("id") == role_id:
utils.err(role_id + " is already assigned to " + ug_id)
new_role = dom.createElement("role")
new_role.setAttribute("id", role_id)
ug.appendChild(new_role)
utils.replace_cib_configuration(dom)
elif command == "unassign":
if len(argv) < 2:
usage.acl(["role unassign"])
sys.exit(1)
role_id = argv.pop(0)
if len(argv) > 1 and argv[0] == "from":
ug_id = argv[1]
else:
ug_id = argv[0]
found = False
for ug in dom.getElementsByTagName(
"acl_target") + dom.getElementsByTagName("acl_group"):
if ug.getAttribute("id") == ug_id:
found = True
break
if not found:
utils.err("cannot find user or group: %s" % ug_id)
found = False
for current_role in ug.getElementsByTagName("role"):
if current_role.getAttribute("id") == role_id:
found = True
current_role.parentNode.removeChild(current_role)
break
if not found:
utils.err("cannot find role: %s, assigned to user/group: %s" %
(role_id, ug_id))
if "--autodelete" in utils.pcs_options:
if not ug.getElementsByTagName("role"):
ug.parentNode.removeChild(ug)
utils.replace_cib_configuration(dom)
else:
utils.err("Unknown pcs acl role command: '" + command +
"' (try create or delete)")
def acl_target(argv, group=False):
if len(argv) < 2:
if group:
usage.acl(["group"])
sys.exit(1)
else:
usage.acl(["user"])
sys.exit(1)
dom = utils.get_cib_dom()
dom, acls = get_acls(dom)
command = argv.pop(0)
tug_id = argv.pop(0)
if command == "create":
# pcsd parses the error message in order to determine whether the id is
# assigned to user/group or some other cib element
if group and utils.dom_get_element_with_id(dom, "acl_group", tug_id):
utils.err("group %s already exists" % tug_id)
if not group and utils.dom_get_element_with_id(dom, "acl_target",
tug_id):
utils.err("user %s already exists" % tug_id)
if utils.does_id_exist(dom, tug_id):
utils.err(tug_id + " already exists")
if group:
element = dom.createElement("acl_group")
else:
element = dom.createElement("acl_target")
element.setAttribute("id", tug_id)
acls.appendChild(element)
for role in argv:
if not utils.dom_get_element_with_id(acls, "acl_role", role):
utils.err("cannot find acl role: %s" % role)
r = dom.createElement("role")
r.setAttribute("id", role)
element.appendChild(r)
utils.replace_cib_configuration(dom)
elif command == "delete":
found = False
if group:
elist = dom.getElementsByTagName("acl_group")
else:
elist = dom.getElementsByTagName("acl_target")
for elem in elist:
if elem.getAttribute("id") == tug_id:
found = True
elem.parentNode.removeChild(elem)
break
if not found:
if group:
utils.err("unable to find acl group: %s" % tug_id)
else:
utils.err("unable to find acl target/user: %s" % tug_id)
utils.replace_cib_configuration(dom)
else:
if group:
usage.acl(["group"])
else:
usage.acl(["user"])
sys.exit(1)
