def add_branch(self, branch, branch_admin_password):
if not self.config.branches.enabled:
yield error_log('Branches are not enabled on this LDAP')
if self.config.readonly:
yield error_log('This LDAP is configured as read-only')
self.connect(auth=False)
self.authenticate(
username=self.config.admin_dn,
password=self.config.admin_password
)
self.add_ou_by_dn("ou={branch},{branches.base_dn}".format(branch=branch, **self.config))
self.set_branch(branch)
branch_restricted_user_dn = "cn={branches.restricted_cn},ou={branch},{branches.base_dn}".format(branch=branch, **self.config)
branch_admin_user_dn = "cn={branches.admin_cn},ou={branch},{branches.base_dn}".format(branch=branch, **self.config)
self.set_branch(branch)
self.add_ldap_user_by_dn(branch_admin_user_dn, 'LDAP Access User', self.config.branches.admin_password)
self.add_ldap_user_by_dn(branch_restricted_user_dn, 'Restricted User', branch_admin_password)
self.add_group_by_dn('cn=Managers,ou={branch},{branches.base_dn}'.format(branch=branch, **self.config), user_dns=[branch_admin_user_dn])
self.add_ou_by_dn('ou=groups,ou={branch},{branches.base_dn}'.format(branch=branch, **self.config))
self.add_ou_by_dn('ou=users,ou={branch},{branches.base_dn}'.format(branch=branch, **self.config))
# Add plain users
for user in self.config.branches.base_users:
self.add_ldap_user(user.username, user.username, user.password)
self.disconnect()
yield success_log("Branch {} successfully created".format(branch))
def add_users(self, branch, usersfile):
if self.config.readonly:
yield error_log('This LDAP is configured as read-only')
self.set_branch(branch)
self.connect(auth=False)
self.authenticate(
username=self.effective_admin_dn,
password=self.effective_admin_password)
try:
users = read_users_file(usersfile, required_fields=['username', 'fullname', 'password'])
except Exception as exc:
error_message = 'Error parsing users file {}: {{}}'.format(usersfile)
yield raising_error_log(error_message.format(exc.message))
try:
self.check_users(users)
except Exception as exc:
yield raising_error_log(exc.message)
yield step_log('Creating {} users '.format(len(users)))
for count, user in enumerate(users, start=1):
if not user:
yield error_log('Error parsing user at line #{}'.format(count))
continue
try:
self.add_ldap_user(**user)
yield success_log('User {} created'.format(user['username']))
except ldap.ALREADY_EXISTS:
yield error_log('User {} already exists'.format(user['username']))
except Exception as exc:
yield error_log('Error creating user {}: {}'.format(user['username']), exc.__repr__())
self.disconnect()
def setup_max(self, max_name, oauth_name, ldap_branch):
"""
"""
username = "******"
password = "******".format(ldap_branch)
oauth_server = "https://oauth.upcnet.es/{}".format(oauth_name)
user_token = self.get_token(oauth_server, username, password)
if user_token is None:
return error_log('Error on getting token for user "{}" on {}'.format(username, oauth_server))
params = {
"form.widgets.oauth_server": oauth_server,
"form.widgets.oauth_grant_type": "password",
"form.widgets.max_server": "https://max.upcnet.es/{}".format(max_name),
"form.widgets.max_server_alias": "https://ulearn.upcnet.es/{}".format(self.plonesite),
"form.widgets.max_app_username": "******",
"form.widgets.max_app_token": "",
"form.widgets.max_restricted_username": username,
"form.widgets.max_restricted_token": user_token,
"form.buttons.save": "Save",
}
req = requests.post("{}/@@maxui-settings".format(self.site_url), data=params, auth=self.auth)
if req.status_code not in [302, 200, 204, 201]:
return error_log("Error on configuring max settings".format(self.site_url))
else:
return success_log("Successfully configured max settings".format(self.site_url))
def test(self, instance_name, username, password):
instance = self.get_instance(instance_name)
try:
yield step_log('Testing oauth server @ {}'.format(instance['server']['dns']))
yield message_log('Checking server health')
try:
status = requests.get(instance['server']['dns'], verify=True).status_code
except requests.exceptions.SSLError:
yield error_log('SSL certificate verification failed')
yield message_log('Continuing test without certificate check')
try:
status = requests.get(instance['server']['dns'], verify=False).status_code
except requests.ConnectionError:
yield raising_error_log('Connection error, check nginx is running, and dns resolves as expected.')
except:
yield raising_error_log('Unknown error trying to access oauth server. Check params and try again')
else:
if status == 500:
yield raising_error_log('Error on oauth server, Possible causes:\n - ldap configuration error (bad server url?)\n - Mongodb configuration error (bad replicaset name or hosts list?)\nCheck osiris log for more information.')
elif status == 502:
yield raising_error_log('Server not respoding at {}. Check that:\n - osiris process is running\n - nginx upstream definition is pointing to the right host:port.'.format(instance['server']['dns']))
elif status == 504:
yield raising_error_log('Gateway timeout. Probably oauth server is giving timeout trying to contact ldap server')
elif status == 404:
yield raising_error_log('There\'s no oauth server at {}. Chech there\'s an nginx entry for this server.'.format(instance['server']['dns']))
elif status != 200:
yield raising_error_log('Server {} responded with {} code. Check osiris logs.'.format(instance['server']['dns'], status))
yield message_log('Retrieving token for "{}"'.format(username))
token = self.get_token(instance['server']['dns'], username, password)
succeeded_retrieve_token = token is not None
if not succeeded_retrieve_token:
yield raising_error_log('Error retreiving token. Check username/password and try again')
yield message_log('Checking retreived token')
succeeded_check_token = self.check_token(instance['server']['dns'], username, token)
if not succeeded_check_token:
yield raising_error_log('Error retreiving token')
if succeeded_check_token and succeeded_retrieve_token:
yield success_log('Oauth server check passed')
else:
yield raising_error_log('Oauth server check failed')
except StepError as error:
yield error_log(error.message)
def rebuild_catalog(self):
recatalog_url = "{}/portal_catalog?manage_catalogRebuild:method=+Clear+and+Rebuild+".format(self.site_url)
resp = requests.get(recatalog_url, auth=self.auth)
if resp.status_code not in [302, 200, 204, 201] or "Catalog Rebuilt" not in resp.content:
return error_log("Error on rebuilding catalog".format(self.site_url))
else:
return success_log("Successfully rebuild site catalog".format(self.site_url))
def setup_homepage(self):
setup_view_url = "{}/setuphomepage".format(self.site_url)
req = requests.get(setup_view_url, auth=self.auth)
if req.status_code not in [302, 200, 204, 201]:
return error_log("Error on hompepage setup".format(self.site_url))
else:
return success_log("Successfully configured homepage".format(self.site_url))
def reload_instance(self):
self.restart(self.instance.name)
sleep(1)
status = self.get_status(self.instance.name)
if status['status'] == 'running':
return success_log("Succesfully restarted max {}".format(self.instance.name))
else:
return error_log('Max instance {} is not running'.format(self.instance.name))
def delete_user(self, branch, username):
if self.config.readonly:
yield error_log('This LDAP is configured as read-only')
self.set_branch(branch)
self.connect()
self.del_user(username)
self.disconnect()
yield success_log("User {} deleted from branch".format(username))
def list_branches(self):
if not self.config.branches.enabled:
yield error_log('Branches are not enabled on this LDAP')
self.connect(auth=False)
self.authenticate(
username=self.config.admin_dn,
password=self.config.admin_password
)
branches = self.get_branches()
self.disconnect()
yield return_value(branches)
def set_mongodb_indexes(self):
new_instance_folder = '{}/{}'.format(
self.config.instances_root,
self.instance.name
)
code, stdout = self.remote.execute('cd {0} && ./bin/max.mongoindexes'.format(new_instance_folder))
added = 'Creating' in stdout or 'already exists' in stdout
if added:
return success_log("Succesfully added indexes")
else:
return error_log("Error on adding indexes")
def add_user(self, branch, username, password):
if self.config.readonly:
yield error_log('This LDAP is configured as read-only')
self.set_branch(branch)
self.connect(auth=False)
self.authenticate(
username=self.effective_admin_dn,
password=self.effective_admin_password,
)
self.add_ldap_user(username, username, password)
self.disconnect()
yield success_log("User {} successfully added".format(username))
def create(self, packages=[]):
if self.exists():
return error_log("There is already a ulearn on {}".format(self.site_url))
params = {
"site_id": self.plonesite,
"title": self.title,
"default_language": self.language,
"setup_content:boolean": True,
"extension_ids:list": ["plonetheme.classic:default", "plonetheme.sunburst:default"] + packages,
"form.submitted:boolean": True,
"submit": "Crear lloc Plone",
}
create_plone_url = "{}/@@plone-addsite".format(self.mountpoint_url)
self.echo.start()
req = requests.post(create_plone_url, params, auth=self.auth)
self.echo.stop()
if req.status_code not in [302, 200, 204, 201]:
return error_log("Error creating Plone site at {}".format(self.site_url))
else:
return success_log("Successfully created Plone site at {}".format(self.site_url))
def batch_add_users(self, instance, usersfile):
site = UlearnSite(self.get_environment(instance["environment"]), instance["mountpoint"], instance["plonesite"])
try:
users = read_users_file(usersfile, required_fields=["username", "fullname", "email", "password"])
except Exception as exc:
error_message = "Error parsing users file {}: {{}}".format(usersfile)
yield raising_error_log(error_message.format(exc.message))
try:
self.check_users(users)
except Exception as exc:
yield raising_error_log(exc.message)
yield step_log("Creating {} users ".format(len(users)))
for count, user in enumerate(users, start=1):
if not user:
yield error_log("Error parsing user at line #{}".format(count))
continue
succeeded = site.add_user(**user)
if not succeeded.get("error", False):
yield success_log(succeeded["message"])
else:
yield error_log(succeeded["message"])
def configure_max_security_settings(self):
new_instance_folder = '{}/{}'.format(
self.config.instances_root,
self.instance.name
)
self.buildout.folder = new_instance_folder
self.remote.execute('cd {} && ./bin/max.security reset'.format(new_instance_folder))
code, stdout = self.remote.execute('cd {} && ./bin/max.security add {}'.format(new_instance_folder, self.config.authorized_user))
added = 'restart max process' in stdout
# Force read the new configuration files
if added:
return success_log("Succesfully configured security settings")
else:
return error_log("Error configuring security settings")
def batch_subscribe_users(self, instance, subscriptionsfile):
site = UlearnSite(self.get_environment(instance["environment"]), instance["mountpoint"], instance["plonesite"])
try:
communities = read_subscriptions_file(subscriptionsfile, required_fields=["owners", "readers", "editors"])
except Exception as exc:
error_message = "Error parsing subscriptionsfile file {}: {{}}".format(subscriptionsfile)
yield raising_error_log(error_message.format(exc.message))
for community in communities:
yield step_log("Subscribing users to {}".format(community["url"]))
succeeded = site.subscribe_users(**community)
if not succeeded.get("error", False):
yield success_log(succeeded["message"])
else:
yield error_log(succeeded["message"])
def setup_nginx(self, site, max_url):
nginx_params = {"instance_name": site.plonesite, "max_server": max_url, "mountpoint_id": site.mountpoint}
nginxentry = ULEARN_NGINX_ENTRY.format(**nginx_params)
success = self.prefes.put_file(
"{}/config/ulearn-instances/{}.conf".format(self.config.prefe_nginx_root, site.plonesite), nginxentry
)
if success:
return success_log(
"Succesfully created {}/config/ulearn-instances/{}.conf".format(
self.config.prefe_nginx_root, site.plonesite
)
)
else:
return error_log("Error when generating nginx config file for ulean")
def setup_ldap(self, branch, ldap_config):
setup_view_url = "{}/setupldap".format(self.site_url)
params = {
"ldap_name": ldap_config.name,
"ldap_server": re.sub(r"ldaps?:\/\/", "", ldap_config.server),
"branch_name": branch,
"base_dn": ldap_config.branches.base_dn,
"branch_admin_cn": ldap_config.branches.admin_cn,
"branch_admin_password": ldap_config.branches.admin_password,
"allow_manage_users": True,
}
req = requests.post(setup_view_url, data=params, auth=self.auth)
if req.status_code not in [302, 200, 204, 201]:
return error_log('Error on ldap branch "{}" setup'.format(branch))
else:
return success_log('Successfully configured ldap branch "{}"'.format(branch))
def add_instance(self, **configuration):
token = self.get_token(
configuration['oauthserver']['server']['dns'],
configuration['restricted_user'],
configuration['restricted_user_password']
)
try:
yield step_log('Adding entry')
yield self.add_entry(
language=configuration['language'],
name=configuration['name'],
hashtag=configuration['hashtag'],
server=configuration['maxserver']['server']['dns'],
restricted_user=configuration['restricted_user'],
restricted_user_token=token
)
except StepError as error:
yield error_log(error.message)
def reload_nginx(self):
code, stdout = self.remote.execute('/etc/init.d/nginx reload')
if code == 0 and 'done' in stdout:
return success_log('Nginx reloaded succesfully')
else:
return error_log('Error reloading nginx')
def test_nginx(self):
code, stdout = self.remote.execute('/etc/init.d/nginx configtest')
if code == 0 and 'done' in stdout:
return success_log('Configuration test passed')
else:
return error_log('Configuration test failed')
