def from_json(conf_path):
if os.path.exists(conf_path):
file_content = file_utils.read_file(conf_path)
else:
file_content = "{}"
config = ServerConfig()
json_object = json.loads(file_content)
address = "0.0.0.0"
port = 5000
ssl = json_object.get("ssl")
if ssl is not None:
key_path = model_helper.read_obligatory(ssl, 'key_path', ' for ssl')
cert_path = model_helper.read_obligatory(ssl, 'cert_path', ' for ssl')
config.ssl = True
config.ssl_key_path = key_path
config.ssl_cert_path = cert_path
port = 5443
if json_object.get("address"):
address = json_object.get("address")
config.address = address
if json_object.get("port"):
port = json_object.get("port")
config.port = port
if json_object.get('title'):
config.title = json_object.get('title')
auth_config = json_object.get('auth')
if auth_config:
config.authenticator = create_authenticator(auth_config)
allowed_users = auth_config.get('allowed_users')
auth_type = config.authenticator.auth_type
if auth_type == 'google_oauth' and allowed_users is None:
raise Exception('auth.allowed_users field is mandatory for ' + auth_type)
def_trusted_ips = []
def_admins = []
else:
allowed_users = '*'
def_trusted_ips = ['127.0.0.1', '::1']
def_admins = def_trusted_ips
config.trusted_ips = strip(read_list(json_object, 'trusted_ips', default=def_trusted_ips))
admin_users = _parse_admin_users(json_object, default_admins=def_admins)
config.authorizer = _create_authorizer(allowed_users, admin_users)
config.alerts_config = parse_alerts_config(json_object)
config.logging_config = parse_logging_config(json_object)
return config
def from_json(conf_path):
if os.path.exists(conf_path):
file_content = file_utils.read_file(conf_path)
else:
file_content = "{}"
config = ServerConfig()
json_object = json.loads(file_content)
address = "0.0.0.0"
port = 5000
ssl = json_object.get("ssl")
if ssl is not None:
key_path = model_helper.read_obligatory(ssl, 'key_path', ' for ssl')
cert_path = model_helper.read_obligatory(ssl, 'cert_path', ' for ssl')
config.ssl = True
config.ssl_key_path = key_path
config.ssl_cert_path = cert_path
port = 5443
if json_object.get("address"):
address = json_object.get("address")
config.address = address
if json_object.get("port"):
port = json_object.get("port")
config.port = port
if json_object.get('title'):
config.title = json_object.get('title')
if json_object.get("auth"):
auth_object = json_object.get("auth")
auth_type = auth_object.get("type")
if not auth_type:
raise Exception("Auth type should be specified")
auth_type = auth_type.strip().lower()
if auth_type == 'ldap':
from auth.auth_ldap import LdapAuthorizer
config.authorizer = LdapAuthorizer(auth_object)
elif auth_type == 'google_oauth':
from auth.auth_google_oauth import GoogleOauthAuthorizer
config.authorizer = GoogleOauthAuthorizer(auth_object)
else:
raise Exception(auth_type + " auth is not supported")
config.authorizer.auth_type = auth_type
config.alerts_config = parse_alerts_config(json_object)
return config
def __init__(self, params_dict):
super().__init__()
self.client_id = model_helper.read_obligatory(params_dict, 'client_id', ' for Google OAuth')
secret_value = model_helper.read_obligatory(params_dict, 'secret', ' for Google OAuth')
self.secret = model_helper.resolve_env_vars(secret_value, full_match=True)
self.states = {}
self._client_visible_config['client_id'] = self.client_id
self._client_visible_config['oauth_url'] = tornado.auth.GoogleOAuth2Mixin._OAUTH_AUTHORIZE_URL
self._client_visible_config['oauth_scope'] = 'email'
def __init__(self, params_dict, temp_folder):
super().__init__()
self.url = model_helper.read_obligatory(params_dict, 'url',
' for LDAP auth')
username_pattern = strip(params_dict.get('username_pattern'))
if username_pattern:
self.username_template = Template(username_pattern)
else:
self.username_template = None
base_dn = params_dict.get('base_dn')
if base_dn:
self._base_dn = base_dn.strip()
else:
resolved_base_dn = _resolve_base_dn(username_pattern)
if resolved_base_dn:
LOGGER.info('Resolved base dn: ' + resolved_base_dn)
self._base_dn = resolved_base_dn
else:
LOGGER.warning(
'Cannot resolve LDAP base dn, so using empty. Please specify it using "base_dn" attribute'
)
self._base_dn = ''
self.version = params_dict.get("version")
if not self.version:
self.version = 3
self._groups_file = os.path.join(temp_folder, 'ldap_groups.json')
self._user_groups = self._load_groups(self._groups_file)
def __init__(self, params_dict, temp_folder):
super().__init__()
self.url = model_helper.read_obligatory(params_dict, 'url', ' for LDAP auth')
username_pattern = strip(params_dict.get('username_pattern'))
if username_pattern:
self.username_template = Template(username_pattern)
else:
self.username_template = None
base_dn = params_dict.get('base_dn')
if base_dn:
self._base_dn = base_dn.strip()
else:
resolved_base_dn = _resolve_base_dn(username_pattern)
if resolved_base_dn:
LOGGER.info('Resolved base dn: ' + resolved_base_dn)
self._base_dn = resolved_base_dn
else:
LOGGER.warning(
'Cannot resolve LDAP base dn, so using empty. Please specify it using "base_dn" attribute')
self._base_dn = ''
self.version = params_dict.get("version")
if not self.version:
self.version = 3
self._groups_file = os.path.join(temp_folder, 'ldap_groups.json')
self._user_groups = self._load_groups(self._groups_file)
def __init__(self, params_dict):
super().__init__()
htpasswd_path = model_helper.read_obligatory(params_dict, 'htpasswd_path', ' for htpasswd auth')
if not os.path.exists(htpasswd_path):
raise InvalidServerConfigException('htpasswd path does not exist: ' + htpasswd_path)
self.verifier = _select_verifier(htpasswd_path)
def __init__(self, params_dict):
self.url = model_helper.read_obligatory(params_dict, 'url',
' for LDAP auth')
if params_dict.get("username_pattern"):
self.username_template = Template(
params_dict.get("username_pattern"))
self.version = params_dict.get("version")
if not self.version:
self.version = 3
def __init__(self, oauth_authorize_url, oauth_token_url, oauth_scope,
params_dict):
super().__init__()
self.oauth_token_url = oauth_token_url
self.oauth_scope = oauth_scope
self.client_id = model_helper.read_obligatory(params_dict, 'client_id',
' for OAuth')
secret_value = model_helper.read_obligatory(params_dict, 'secret',
' for OAuth')
self.secret = model_helper.resolve_env_vars(secret_value,
full_match=True)
self._client_visible_config['client_id'] = self.client_id
self._client_visible_config['oauth_url'] = oauth_authorize_url
self._client_visible_config['oauth_scope'] = oauth_scope
self.group_support = read_bool_from_config('group_support',
params_dict,
default=True)
self.auth_info_ttl = params_dict.get('auth_info_ttl')
self.session_expire = read_int_from_config(
'session_expire_minutes', params_dict, default=0) * 60
self.dump_file = params_dict.get('state_dump_file')
if self.dump_file:
self._validate_dump_file(self.dump_file)
self._users = {} # type: Dict[str, _UserState]
self._user_locks = defaultdict(lambda: threading.Lock())
self.timer = None
if self.dump_file:
self._restore_state()
self._schedule_dump_task()
def from_json(conf_path, temp_folder):
if os.path.exists(conf_path):
file_content = file_utils.read_file(conf_path)
else:
file_content = "{}"
config = ServerConfig()
json_object = json.loads(file_content)
address = "0.0.0.0"
port = 5000
ssl = json_object.get("ssl")
if ssl is not None:
key_path = model_helper.read_obligatory(ssl, 'key_path', ' for ssl')
cert_path = model_helper.read_obligatory(ssl, 'cert_path', ' for ssl')
config.ssl = True
config.ssl_key_path = key_path
config.ssl_cert_path = cert_path
port = 5443
if json_object.get("address"):
address = json_object.get("address")
config.address = address
if json_object.get("port"):
port = json_object.get("port")
config.port = port
if json_object.get('title'):
config.title = json_object.get('title')
access_config = json_object.get('access')
if access_config:
allowed_users = access_config.get('allowed_users')
user_groups = model_helper.read_dict(access_config, 'groups')
else:
allowed_users = None
user_groups = {}
auth_config = json_object.get('auth')
if auth_config:
config.authenticator = create_authenticator(auth_config, temp_folder)
auth_type = config.authenticator.auth_type
if auth_type == 'google_oauth' and allowed_users is None:
raise Exception('auth.allowed_users field is mandatory for ' +
auth_type)
def_trusted_ips = []
def_admins = []
else:
def_trusted_ips = ['127.0.0.1', '::1']
def_admins = def_trusted_ips
if access_config:
config.trusted_ips = strip(
read_list(access_config, 'trusted_ips', default=def_trusted_ips))
admin_users = _parse_admin_users(access_config,
default_admins=def_admins)
else:
config.trusted_ips = def_trusted_ips
admin_users = def_admins
config.allowed_users = _prepare_allowed_users(allowed_users, admin_users,
user_groups)
config.alerts_config = parse_alerts_config(json_object)
config.logging_config = parse_logging_config(json_object)
config.user_groups = user_groups
config.admin_users = admin_users
config.max_request_size_mb = read_int_from_config('max_request_size',
json_object,
default=10)
return config
def from_json(conf_path, temp_folder):
if os.path.exists(conf_path):
file_content = file_utils.read_file(conf_path)
else:
file_content = "{}"
config = ServerConfig()
json_object = json.loads(file_content)
address = "0.0.0.0"
port = 5000
ssl = json_object.get("ssl")
if ssl is not None:
key_path = model_helper.read_obligatory(ssl, 'key_path', ' for ssl')
cert_path = model_helper.read_obligatory(ssl, 'cert_path', ' for ssl')
config.ssl = True
config.ssl_key_path = key_path
config.ssl_cert_path = cert_path
port = 5443
if json_object.get("address"):
address = json_object.get("address")
config.address = address
if json_object.get("port"):
port = json_object.get("port")
config.port = port
if json_object.get('title'):
config.title = json_object.get('title')
config.enable_script_titles = read_bool_from_config('enable_script_titles',
json_object,
default=True)
access_config = json_object.get('access')
if access_config:
allowed_users = access_config.get('allowed_users')
user_groups = model_helper.read_dict(access_config, 'groups')
user_header_name = access_config.get('user_header_name')
else:
allowed_users = None
user_groups = {}
user_header_name = None
auth_config = json_object.get('auth')
if auth_config:
config.authenticator = create_authenticator(auth_config, temp_folder)
auth_type = config.authenticator.auth_type
if auth_type == 'google_oauth' and allowed_users is None:
raise Exception('access.allowed_users field is mandatory for ' +
auth_type)
def_trusted_ips = []
def_admins = []
else:
def_trusted_ips = ['127.0.0.1', '::1']
def_admins = def_trusted_ips
if access_config:
trusted_ips = strip(
read_list(access_config, 'trusted_ips', default=def_trusted_ips))
admin_users = _parse_admin_users(access_config,
default_admins=def_admins)
full_history_users = _parse_history_users(access_config)
code_editor_users = _parse_code_editor_users(access_config,
admin_users)
else:
trusted_ips = def_trusted_ips
admin_users = def_admins
full_history_users = []
code_editor_users = def_admins
security = model_helper.read_dict(json_object, 'security')
config.allowed_users = _prepare_allowed_users(allowed_users, admin_users,
user_groups)
config.alerts_config = json_object.get('alerts')
config.callbacks_config = json_object.get('callbacks')
config.logging_config = parse_logging_config(json_object)
config.user_groups = user_groups
config.admin_users = admin_users
config.full_history_users = full_history_users
config.code_editor_users = code_editor_users
config.user_header_name = user_header_name
config.ip_validator = TrustedIpValidator(trusted_ips)
config.max_request_size_mb = read_int_from_config('max_request_size',
json_object,
default=10)
config.secret_storage_file = json_object.get(
'secret_storage_file', os.path.join(temp_folder, 'secret.dat'))
config.xsrf_protection = _parse_xsrf_protection(security)
return config
def from_json(conf_path, temp_folder):
if os.path.exists(conf_path):
file_content = file_utils.read_file(conf_path)
else:
file_content = "{}"
config = ServerConfig()
json_object = json.loads(file_content)
address = "0.0.0.0"
port = 5000
ssl = json_object.get("ssl")
if ssl is not None:
key_path = model_helper.read_obligatory(ssl, 'key_path', ' for ssl')
cert_path = model_helper.read_obligatory(ssl, 'cert_path', ' for ssl')
config.ssl = True
config.ssl_key_path = key_path
config.ssl_cert_path = cert_path
port = 5443
if json_object.get("address"):
address = json_object.get("address")
config.address = address
if json_object.get("port"):
port = json_object.get("port")
config.port = port
if json_object.get('title'):
config.title = json_object.get('title')
access_config = json_object.get('access')
if access_config:
allowed_users = access_config.get('allowed_users')
user_groups = model_helper.read_dict(access_config, 'groups')
else:
allowed_users = None
user_groups = {}
auth_config = json_object.get('auth')
if auth_config:
config.authenticator = create_authenticator(auth_config, temp_folder)
auth_type = config.authenticator.auth_type
if auth_type == 'google_oauth' and allowed_users is None:
raise Exception('auth.allowed_users field is mandatory for ' + auth_type)
def_trusted_ips = []
def_admins = []
else:
def_trusted_ips = ['127.0.0.1', '::1']
def_admins = def_trusted_ips
if access_config:
config.trusted_ips = strip(read_list(access_config, 'trusted_ips', default=def_trusted_ips))
admin_users = _parse_admin_users(access_config, default_admins=def_admins)
else:
config.trusted_ips = def_trusted_ips
admin_users = def_admins
config.allowed_users = _prepare_allowed_users(allowed_users, admin_users, user_groups)
config.alerts_config = json_object.get('alerts')
config.callbacks_config = json_object.get('callbacks')
config.logging_config = parse_logging_config(json_object)
config.user_groups = user_groups
config.admin_users = admin_users
config.max_request_size_mb = read_int_from_config('max_request_size', json_object, default=10)
return config
def __init__(self, params_dict):
self.url = read_obligatory(params_dict, 'url', ' for HTTP callback')
if not self.url.strip().lower().startswith('http'):
self.url = 'http://' + self.url.strip()
def __init__(self, params_dict):
self.client_id = model_helper.read_obligatory(params_dict, 'client_id', ' for Google OAuth')
self.secret = model_helper.read_obligatory(params_dict, 'secret', ' for Google OAuth')
self.states = {}
def __init__(self, params_dict):
command_config = read_obligatory(params_dict, 'command',
' for Script callback')
self.command = process_utils.split_command(command_config)
def __init__(self, params_dict):
self.url = read_obligatory(params_dict, 'url', ' for HTTP callback')
if not self.url.strip().lower().startswith('http'):
self.url = 'http://' + self.url.strip()
def __init__(self, params_dict):
command_config = read_obligatory(params_dict, 'command', ' for Script callback')
self.command = process_utils.split_command(command_config)
