def constraint_rule(argv): if len(argv) < 2: usage.constraint("rule") sys.exit(1) found = False command = argv.pop(0) constraint_id = None if command == "add": constraint_id = argv.pop(0) cib = utils.get_cib_dom() constraint = utils.dom_get_element_with_id( cib.getElementsByTagName("constraints")[0], "rsc_location", constraint_id ) if not constraint: utils.err("Unable to find constraint: " + constraint_id) options, rule_argv = rule_utils.parse_argv(argv) rule_utils.dom_rule_add(constraint, options, rule_argv) location_rule_check_duplicates(cib, constraint) utils.replace_cib_configuration(cib) elif command in ["remove","delete"]: cib = utils.get_cib_etree() temp_id = argv.pop(0) constraints = cib.find('.//constraints') loc_cons = cib.findall(str('.//rsc_location')) for loc_con in loc_cons: for rule in loc_con: if rule.get("id") == temp_id: if len(loc_con) > 1: print("Removing Rule: {0}".format(rule.get("id"))) loc_con.remove(rule) found = True break else: print( "Removing Constraint: {0}".format(loc_con.get("id")) ) constraints.remove(loc_con) found = True break if found == True: break if found: utils.replace_cib_configuration(cib) else: utils.err("unable to find rule with id: %s" % temp_id) else: usage.constraint("rule") sys.exit(1)
def constraint_rule(lib, argv, modifiers): """ Options: * -f - CIB file * --force - allow duplicate constraints, only for add command NOTE: modifiers check is in subcommand """ del lib if len(argv) < 2: raise CmdLineInputError() found = False command = argv.pop(0) constraint_id = None if command == "add": modifiers.ensure_only_supported("-f", "--force") constraint_id = argv.pop(0) cib = utils.get_cib_dom() constraint = utils.dom_get_element_with_id( cib.getElementsByTagName("constraints")[0], "rsc_location", constraint_id) if not constraint: utils.err("Unable to find constraint: " + constraint_id) options, rule_argv = rule_utils.parse_argv(argv) rule_utils.dom_rule_add(constraint, options, rule_argv) location_rule_check_duplicates(cib, constraint, modifiers.get("--force")) utils.replace_cib_configuration(cib) elif command in ["remove", "delete"]: modifiers.ensure_only_supported("-f") cib = utils.get_cib_etree() temp_id = argv.pop(0) constraints = cib.find('.//constraints') loc_cons = cib.findall(str('.//rsc_location')) for loc_con in loc_cons: for rule in loc_con: if rule.get("id") == temp_id: if len(loc_con) > 1: print("Removing Rule: {0}".format(rule.get("id"))) loc_con.remove(rule) found = True break else: print("Removing Constraint: {0}".format( loc_con.get("id"))) constraints.remove(loc_con) found = True break if found: break if found: utils.replace_cib_configuration(cib) else: utils.err("unable to find rule with id: %s" % temp_id) else: raise CmdLineInputError()
def acl_target(argv,group=False): if len(argv) < 2: if group: usage.acl(["group"]) sys.exit(1) else: usage.acl(["user"]) sys.exit(1) dom = utils.get_cib_dom() acls = utils.get_acls(dom) command = argv.pop(0) tug_id = argv.pop(0) if command == "create": # pcsd parses the error message in order to determine whether the id is # assigned to user/group or some other cib element if group and utils.dom_get_element_with_id(dom, "acl_group", tug_id): utils.err("group %s already exists" % tug_id) if not group and utils.dom_get_element_with_id(dom, "acl_target", tug_id): utils.err("user %s already exists" % tug_id) if utils.does_id_exist(dom,tug_id): utils.err(tug_id + " already exists") if group: element = dom.createElement("acl_group") else: element = dom.createElement("acl_target") element.setAttribute("id", tug_id) acls.appendChild(element) for role in argv: if not utils.dom_get_element_with_id(acls, "acl_role", role): utils.err("cannot find acl role: %s" % role) r = dom.createElement("role") r.setAttribute("id", role) element.appendChild(r) utils.replace_cib_configuration(dom) elif command == "delete": found = False if group: elist = dom.getElementsByTagName("acl_group") else: elist = dom.getElementsByTagName("acl_target") for elem in elist: if elem.getAttribute("id") == tug_id: found = True elem.parentNode.removeChild(elem) break if not found: if group: utils.err("unable to find acl group: %s" % tug_id) else: utils.err("unable to find acl target/user: %s" % tug_id) utils.replace_cib_configuration(dom) else: if group: usage.acl(["group"]) else: usage.acl(["user"]) sys.exit(1)