def testGetElementWithId(self): dom = xml.dom.minidom.parseString(""" <aa> <bb id="bb1"/> <bb/> <bb id="bb2"> <cc id="cc1"/> </bb> <bb id="bb3"> <cc id="cc2"/> </bb> </aa> """).documentElement self.assert_element_id(utils.dom_get_element_with_id(dom, "bb", "bb1"), "bb1") self.assert_element_id(utils.dom_get_element_with_id(dom, "bb", "bb2"), "bb2") self.assert_element_id(utils.dom_get_element_with_id(dom, "cc", "cc1"), "cc1") self.assert_element_id( utils.dom_get_element_with_id( utils.dom_get_element_with_id(dom, "bb", "bb2"), "cc", "cc1"), "cc1") self.assertEquals(None, utils.dom_get_element_with_id(dom, "dd", "bb1")) self.assertEquals(None, utils.dom_get_element_with_id(dom, "bb", "bb4")) self.assertEquals(None, utils.dom_get_element_with_id(dom, "bb", "cc1")) self.assertEquals( None, utils.dom_get_element_with_id( utils.dom_get_element_with_id(dom, "bb", "bb2"), "cc", "cc2"))
def test_dom_get_parent_by_tag_name(self): dom = xml.dom.minidom.parseString(""" <aa id="aa1"> <bb id="bb1"/> <bb id="bb2"> <cc id="cc1"/> </bb> <bb id="bb3"> <cc id="cc2"/> </bb> <dd id="dd1" /> </aa> """).documentElement bb1 = utils.dom_get_element_with_id(dom, "bb", "bb1") cc1 = utils.dom_get_element_with_id(dom, "cc", "cc1") self.assert_element_id( utils.dom_get_parent_by_tag_name(bb1, "aa"), "aa1" ) self.assert_element_id( utils.dom_get_parent_by_tag_name(cc1, "aa"), "aa1" ) self.assert_element_id( utils.dom_get_parent_by_tag_name(cc1, "bb"), "bb2" ) self.assertEquals(None, utils.dom_get_parent_by_tag_name(bb1, "cc")) self.assertEquals(None, utils.dom_get_parent_by_tag_name(cc1, "dd")) self.assertEquals(None, utils.dom_get_parent_by_tag_name(cc1, "ee"))
def constraint_rule(argv): if len(argv) < 2: usage.constraint("rule") sys.exit(1) found = False command = argv.pop(0) constraint_id = None rule_id = None if command == "add": constraint_id = argv.pop(0) cib = utils.get_cib_dom() constraint = utils.dom_get_element_with_id( cib.getElementsByTagName("constraints")[0], "rsc_location", constraint_id ) if not constraint: utils.err("Unable to find constraint: " + constraint_id) options, rule_argv = rule_utils.parse_argv(argv) rule_utils.dom_rule_add(constraint, options, rule_argv) location_rule_check_duplicates(cib, constraint) utils.replace_cib_configuration(cib) elif command in ["remove","delete"]: cib = utils.get_cib_etree() temp_id = argv.pop(0) constraints = cib.find('.//constraints') loc_cons = cib.findall(str('.//rsc_location')) rules = cib.findall(str('.//rule')) for loc_con in loc_cons: for rule in loc_con: if rule.get("id") == temp_id: if len(loc_con) > 1: print("Removing Rule: {0}".format(rule.get("id"))) loc_con.remove(rule) found = True break else: print( "Removing Constraint: {0}".format(loc_con.get("id")) ) constraints.remove(loc_con) found = True break if found == True: break if found: utils.replace_cib_configuration(cib) else: utils.err("unable to find rule with id: %s" % temp_id) else: usage.constraint("rule") sys.exit(1)
def constraint_rule(argv): if len(argv) < 2: usage.constraint("rule") sys.exit(1) found = False command = argv.pop(0) constraint_id = None rule_id = None if command == "add": constraint_id = argv.pop(0) cib = utils.get_cib_dom() constraint = utils.dom_get_element_with_id( cib.getElementsByTagName("constraints")[0], "rsc_location", constraint_id) if not constraint: utils.err("Unable to find constraint: " + constraint_id) options, rule_argv = rule_utils.parse_argv(argv) rule_utils.dom_rule_add(constraint, options, rule_argv) location_rule_check_duplicates(cib, constraint) utils.replace_cib_configuration(cib) elif command in ["remove", "delete"]: cib = utils.get_cib_etree() temp_id = argv.pop(0) constraints = cib.find('.//constraints') loc_cons = cib.findall('.//rsc_location') rules = cib.findall('.//rule') for loc_con in loc_cons: for rule in loc_con: if rule.get("id") == temp_id: if len(loc_con) > 1: print("Removing Rule:", rule.get("id")) loc_con.remove(rule) found = True break else: print("Removing Constraint:", loc_con.get("id")) constraints.remove(loc_con) found = True break if found == True: break if found: utils.replace_cib_configuration(cib) else: utils.err("unable to find rule with id: %s" % temp_id) else: usage.constraint("rule") sys.exit(1)
def testGetElementWithId(self): dom = xml.dom.minidom.parseString(""" <aa> <bb id="bb1"/> <bb/> <bb id="bb2"> <cc id="cc1"/> </bb> <bb id="bb3"> <cc id="cc2"/> </bb> </aa> """).documentElement self.assert_element_id( utils.dom_get_element_with_id(dom, "bb", "bb1"), "bb1" ) self.assert_element_id( utils.dom_get_element_with_id(dom, "bb", "bb2"), "bb2" ) self.assert_element_id( utils.dom_get_element_with_id(dom, "cc", "cc1"), "cc1" ) self.assert_element_id( utils.dom_get_element_with_id( utils.dom_get_element_with_id(dom, "bb", "bb2"), "cc", "cc1" ), "cc1" ) self.assertEquals(None, utils.dom_get_element_with_id(dom, "dd", "bb1")) self.assertEquals(None, utils.dom_get_element_with_id(dom, "bb", "bb4")) self.assertEquals(None, utils.dom_get_element_with_id(dom, "bb", "cc1")) self.assertEquals( None, utils.dom_get_element_with_id( utils.dom_get_element_with_id(dom, "bb", "bb2"), "cc", "cc2" ) )
def acl_role(argv): if len(argv) < 2: usage.acl(["role"]) sys.exit(1) dom = utils.get_cib_dom() dom, acls = get_acls(dom) command = argv.pop(0) if command == "create": role_name = argv.pop(0) if argv and argv[0].startswith('description=') and len(argv[0]) > 12: description = argv.pop(0)[12:] else: description = "" id_valid, id_error = utils.validate_xml_id(role_name, 'ACL role') if not id_valid: utils.err(id_error) if utils.dom_get_element_with_id(dom, "acl_role", role_name): utils.err("role %s already exists" % role_name) if utils.does_id_exist(dom,role_name): utils.err(role_name + " already exists") element = dom.createElement("acl_role") element.setAttribute("id",role_name) if description != "": element.setAttribute("description", description) acls.appendChild(element) if not add_permissions_to_role(element, argv): usage.acl(["role create"]) sys.exit(1) utils.replace_cib_configuration(dom) elif command == "delete": if len(argv) < 1: usage.acl(["role delete"]) sys.exit(1) role_id = argv.pop(0) found = False for elem in dom.getElementsByTagName("acl_role"): if elem.getAttribute("id") == role_id: found = True elem.parentNode.removeChild(elem) break if not found: utils.err("unable to find acl role: %s" % role_id) # Remove any references to this role in acl_target or acl_group for elem in dom.getElementsByTagName("role"): if elem.getAttribute("id") == role_id: user_group = elem.parentNode user_group.removeChild(elem) if "--autodelete" in utils.pcs_options: if not user_group.getElementsByTagName("role"): user_group.parentNode.removeChild(user_group) utils.replace_cib_configuration(dom) elif command == "assign": if len(argv) < 2: usage.acl(["role assign"]) sys.exit(1) if len(argv) == 2: role_id = argv[0] ug_id = argv[1] elif len(argv) > 2 and argv[1] == "to": role_id = argv[0] ug_id = argv[2] else: usage.acl(["role assign"]) sys.exit(1) found = False for role in dom.getElementsByTagName("acl_role"): if role.getAttribute("id") == role_id: found = True break if not found: utils.err("cannot find role: %s" % role_id) found = False for ug in dom.getElementsByTagName("acl_target") + dom.getElementsByTagName("acl_group"): if ug.getAttribute("id") == ug_id: found = True break if not found: utils.err("cannot find user or group: %s" % ug_id) for current_role in ug.getElementsByTagName("role"): if current_role.getAttribute("id") == role_id: utils.err(role_id + " is already assigned to " + ug_id) new_role = dom.createElement("role") new_role.setAttribute("id", role_id) ug.appendChild(new_role) utils.replace_cib_configuration(dom) elif command == "unassign": if len(argv) < 2: usage.acl(["role unassign"]) sys.exit(1) role_id = argv.pop(0) if len(argv) > 1 and argv[0] == "from": ug_id = argv[1] else: ug_id = argv[0] found = False for ug in dom.getElementsByTagName("acl_target") + dom.getElementsByTagName("acl_group"): if ug.getAttribute("id") == ug_id: found = True break if not found: utils.err("cannot find user or group: %s" % ug_id) found = False for current_role in ug.getElementsByTagName("role"): if current_role.getAttribute("id") == role_id: found = True current_role.parentNode.removeChild(current_role) break if not found: utils.err("cannot find role: %s, assigned to user/group: %s" % (role_id, ug_id)) if "--autodelete" in utils.pcs_options: if not ug.getElementsByTagName("role"): ug.parentNode.removeChild(ug) utils.replace_cib_configuration(dom) else: utils.err("Unknown pcs acl role command: '" + command + "' (try create or delete)")
def acl_target(argv,group=False): if len(argv) < 2: if group: usage.acl(["group"]) sys.exit(1) else: usage.acl(["user"]) sys.exit(1) dom = utils.get_cib_dom() dom, acls = get_acls(dom) command = argv.pop(0) tug_id = argv.pop(0) if command == "create": # pcsd parses the error message in order to determine whether the id is # assigned to user/group or some other cib element if group and utils.dom_get_element_with_id(dom, "acl_group", tug_id): utils.err("group %s already exists" % tug_id) if not group and utils.dom_get_element_with_id(dom, "acl_target", tug_id): utils.err("user %s already exists" % tug_id) if utils.does_id_exist(dom,tug_id): utils.err(tug_id + " already exists") if group: element = dom.createElement("acl_group") else: element = dom.createElement("acl_target") element.setAttribute("id", tug_id) acls.appendChild(element) for role in argv: if not utils.dom_get_element_with_id(acls, "acl_role", role): utils.err("cannot find acl role: %s" % role) r = dom.createElement("role") r.setAttribute("id", role) element.appendChild(r) utils.replace_cib_configuration(dom) elif command == "delete": found = False if group: elist = dom.getElementsByTagName("acl_group") else: elist = dom.getElementsByTagName("acl_target") for elem in elist: if elem.getAttribute("id") == tug_id: found = True elem.parentNode.removeChild(elem) break if not found: if group: utils.err("unable to find acl group: %s" % tug_id) else: utils.err("unable to find acl target/user: %s" % tug_id) utils.replace_cib_configuration(dom) else: if group: usage.acl(["group"]) else: usage.acl(["user"]) sys.exit(1)
def acl_role(argv): if len(argv) < 2: usage.acl(["role"]) sys.exit(1) dom = utils.get_cib_dom() dom, acls = get_acls(dom) command = argv.pop(0) if command == "create": role_name = argv.pop(0) if argv and argv[0].startswith('description=') and len(argv[0]) > 12: description = argv.pop(0)[12:] else: description = "" id_valid, id_error = utils.validate_xml_id(role_name, 'ACL role') if not id_valid: utils.err(id_error) if utils.dom_get_element_with_id(dom, "acl_role", role_name): utils.err("role %s already exists" % role_name) if utils.does_id_exist(dom, role_name): utils.err(role_name + " already exists") element = dom.createElement("acl_role") element.setAttribute("id", role_name) if description != "": element.setAttribute("description", description) acls.appendChild(element) if not add_permissions_to_role(element, argv): usage.acl(["role create"]) sys.exit(1) utils.replace_cib_configuration(dom) elif command == "delete": if len(argv) < 1: usage.acl(["role delete"]) sys.exit(1) role_id = argv.pop(0) found = False for elem in dom.getElementsByTagName("acl_role"): if elem.getAttribute("id") == role_id: found = True elem.parentNode.removeChild(elem) break if not found: utils.err("unable to find acl role: %s" % role_id) # Remove any references to this role in acl_target or acl_group for elem in dom.getElementsByTagName("role"): if elem.getAttribute("id") == role_id: user_group = elem.parentNode user_group.removeChild(elem) if "--autodelete" in utils.pcs_options: if not user_group.getElementsByTagName("role"): user_group.parentNode.removeChild(user_group) utils.replace_cib_configuration(dom) elif command == "assign": if len(argv) < 2: usage.acl(["role assign"]) sys.exit(1) if len(argv) == 2: role_id = argv[0] ug_id = argv[1] elif len(argv) > 2 and argv[1] == "to": role_id = argv[0] ug_id = argv[2] else: usage.acl(["role assign"]) sys.exit(1) found = False for role in dom.getElementsByTagName("acl_role"): if role.getAttribute("id") == role_id: found = True break if not found: utils.err("cannot find role: %s" % role_id) found = False for ug in dom.getElementsByTagName( "acl_target") + dom.getElementsByTagName("acl_group"): if ug.getAttribute("id") == ug_id: found = True break if not found: utils.err("cannot find user or group: %s" % ug_id) for current_role in ug.getElementsByTagName("role"): if current_role.getAttribute("id") == role_id: utils.err(role_id + " is already assigned to " + ug_id) new_role = dom.createElement("role") new_role.setAttribute("id", role_id) ug.appendChild(new_role) utils.replace_cib_configuration(dom) elif command == "unassign": if len(argv) < 2: usage.acl(["role unassign"]) sys.exit(1) role_id = argv.pop(0) if len(argv) > 1 and argv[0] == "from": ug_id = argv[1] else: ug_id = argv[0] found = False for ug in dom.getElementsByTagName( "acl_target") + dom.getElementsByTagName("acl_group"): if ug.getAttribute("id") == ug_id: found = True break if not found: utils.err("cannot find user or group: %s" % ug_id) found = False for current_role in ug.getElementsByTagName("role"): if current_role.getAttribute("id") == role_id: found = True current_role.parentNode.removeChild(current_role) break if not found: utils.err("cannot find role: %s, assigned to user/group: %s" % (role_id, ug_id)) if "--autodelete" in utils.pcs_options: if not ug.getElementsByTagName("role"): ug.parentNode.removeChild(ug) utils.replace_cib_configuration(dom) else: utils.err("Unknown pcs acl role command: '" + command + "' (try create or delete)")
def acl_target(argv, group=False): if len(argv) < 2: if group: usage.acl(["group"]) sys.exit(1) else: usage.acl(["user"]) sys.exit(1) dom = utils.get_cib_dom() dom, acls = get_acls(dom) command = argv.pop(0) tug_id = argv.pop(0) if command == "create": # pcsd parses the error message in order to determine whether the id is # assigned to user/group or some other cib element if group and utils.dom_get_element_with_id(dom, "acl_group", tug_id): utils.err("group %s already exists" % tug_id) if not group and utils.dom_get_element_with_id(dom, "acl_target", tug_id): utils.err("user %s already exists" % tug_id) if utils.does_id_exist(dom, tug_id): utils.err(tug_id + " already exists") if group: element = dom.createElement("acl_group") else: element = dom.createElement("acl_target") element.setAttribute("id", tug_id) acls.appendChild(element) for role in argv: if not utils.dom_get_element_with_id(acls, "acl_role", role): utils.err("cannot find acl role: %s" % role) r = dom.createElement("role") r.setAttribute("id", role) element.appendChild(r) utils.replace_cib_configuration(dom) elif command == "delete": found = False if group: elist = dom.getElementsByTagName("acl_group") else: elist = dom.getElementsByTagName("acl_target") for elem in elist: if elem.getAttribute("id") == tug_id: found = True elem.parentNode.removeChild(elem) break if not found: if group: utils.err("unable to find acl group: %s" % tug_id) else: utils.err("unable to find acl target/user: %s" % tug_id) utils.replace_cib_configuration(dom) else: if group: usage.acl(["group"]) else: usage.acl(["user"]) sys.exit(1)