def set_realm(realm, resolvers=None, priority=None):
"""
It takes a list of resolvers and adds these to the realm.
If the realm does not exist, it is created.
If the realm exists, the old resolvers are removed and the new ones
are added.
:param realm: an existing or a new realm
:param resolvers: names of resolvers
:type resolvers: list
:param priority: The priority of the resolvers in the realm
:type priority: dict, with resolver names as keys
:return: tuple of lists of added resolvers and resolvers, that could
not be added
"""
if resolvers is None:
resolvers = []
added = []
failed = []
priority = priority or {}
realm_created = False
realm = realm.lower().strip()
realm = realm.replace(" ", "-")
nameExp = "^[A-Za-z0-9_\-\.]*$"
sanity_name_check(realm, nameExp)
# create new realm if it does not exist
R = Realm.query.filter_by(name=realm).first()
if not R:
R = Realm(realm)
R.save()
realm_created = True
if not realm_created:
# delete old resolvers
oldResos = ResolverRealm.query.filter_by(realm_id=R.id)
for oldReso in oldResos:
oldReso.delete()
# assign the resolvers
for reso_name in resolvers:
reso_name = reso_name.strip()
Reso = Resolver.query.filter_by(name=reso_name).first()
if Reso:
ResolverRealm(Reso.id, R.id,
priority=priority.get(reso_name)).save()
added.append(reso_name)
else:
failed.append(reso_name)
# if this is the first realm, make it the default
if Realm.query.count() == 1:
r = Realm.query.filter_by(name=realm).first()
r.default = True
save_config_timestamp()
db.session.commit()
return (added, failed)
def set_realm(realm, resolvers=None, priority=None):
"""
It takes a list of resolvers and adds these to the realm.
If the realm does not exist, it is created.
If the realm exists, the old resolvers are removed and the new ones
are added.
:param realm: an existing or a new realm
:param resolvers: names of resolvers
:type resolvers: list
:param priority: The priority of the resolvers in the realm
:type priority: dict, with resolver names as keys
:return: tuple of lists of added resolvers and resolvers, that could
not be added
"""
if resolvers is None:
resolvers = []
added = []
failed = []
priority = priority or {}
realm_created = False
realm = realm.lower().strip()
realm = realm.replace(" ", "-")
nameExp = "^[A-Za-z0-9_\-\.]*$"
sanity_name_check(realm, nameExp)
# create new realm if it does not exist
R = Realm.query.filter_by(name=realm).first()
if not R:
R = Realm(realm)
R.save()
realm_created = True
if not realm_created:
# delete old resolvers
oldResos = ResolverRealm.query.filter_by(realm_id=R.id)
for oldReso in oldResos:
oldReso.delete()
# assign the resolvers
for reso_name in resolvers:
reso_name = reso_name.strip()
Reso = Resolver.query.filter_by(name=reso_name).first()
if Reso:
ResolverRealm(Reso.id, R.id,
priority=priority.get(reso_name)).save()
added.append(reso_name)
else:
failed.append(reso_name)
# if this is the first realm, make it the default
if Realm.query.count() == 1:
r = Realm.query.filter_by(name=realm).first()
r.default = True
save_config_timestamp()
db.session.commit()
return (added, failed)
def test_24_sanity_name_check(self):
self.assertTrue(sanity_name_check('Hello_World'))
with self.assertRaisesRegexp(Exception, "non conformant characters in the name"):
sanity_name_check('Hello World!')
self.assertTrue(sanity_name_check('Hello World', name_exp='^[A-Za-z\\ ]+$'))
with self.assertRaisesRegexp(Exception, "non conformant characters in the name"):
sanity_name_check('Hello_World', name_exp='^[A-Za-z]+$')
def test_24_sanity_name_check(self):
self.assertTrue(sanity_name_check('Hello_World'))
with self.assertRaisesRegexp(Exception, "non conformant characters in the name"):
sanity_name_check('Hello World!')
self.assertTrue(sanity_name_check('Hello World', name_exp='^[A-Za-z\\ ]+$'))
with self.assertRaisesRegexp(Exception, "non conformant characters in the name"):
sanity_name_check('Hello_World', name_exp='^[A-Za-z]+$')
def save_resolver(params):
"""
create a new resolver from request parameters
and save the resolver in the database.
If the resolver already exist, it is updated.
If you update a resolver, you do not need to provide all parameters.
Parameters you do not provide are left untouched.
When updating a resolver you must not change the type!
You do not need to specify the type, but if you specify a wrong type,
it will produce an error.
:param params: request parameters like "name" and "type" and the
configuration parameters of the resolver config.
:type params: dict
:return: the database ID of the resolver
:rtype: int
"""
# before we create the resolver in the database, we need to check
# for the name and type thing...
resolvername = getParam(params, 'resolver', required)
resolvertype = getParam(params, 'type', required)
update_resolver = False
# check the name
sanity_name_check(resolvername)
# check the type
resolvertypes = get_resolver_types()
if resolvertype not in resolvertypes:
raise Exception("resolver type : {0!s} not in {1!s}".format(
resolvertype, unicode(resolvertypes)))
# check the name
resolvers = get_resolver_list(filter_resolver_name=resolvername)
for r_name, resolver in resolvers.items():
if resolver.get("type") == resolvertype:
# We found the resolver with the same name and the same type,
# So we will update this resolver
update_resolver = True
else:
raise Exception(
"resolver with similar name and other type already "
"exists: %s" % r_name)
# create a dictionary for the ResolverConfig
resolver_config = get_resolver_config_description(resolvertype)
config_description = resolver_config.get(resolvertype).get('config', {})
types = {}
desc = {}
data = {}
for k in params:
if k not in ['resolver', 'type']:
if k.startswith('type.') is True:
key = k[len('type.'):]
types[key] = params.get(k)
elif k.startswith('desc.') is True:
key = k[len('desc.'):]
desc[key] = params.get(k)
else:
data[k] = params.get(k)
if k in config_description:
types[k] = config_description.get(k)
else:
log.warn("the passed key %r is not a "
"parameter for the resolver %r" %
(k, resolvertype))
# Check that there is no type or desc without the data itself.
# i.e. if there is a type.BindPW=password, then there must be a
# BindPW=....
_missing = False
for t in types:
if t not in data:
_missing = True
for t in desc:
if t not in data:
_missing = True
if _missing:
raise Exception(
"type or description without necessary data! {0!s}".format(
unicode(params)))
# Everything passed. So lets actually create the resolver in the DB
if update_resolver:
resolver_id = Resolver.query.filter(
func.lower(Resolver.name) == resolvername.lower()).first().id
else:
resolver = Resolver(params.get("resolver"), params.get("type"))
resolver_id = resolver.save()
# create the config
for key, value in data.items():
if types.get(key) == "password":
value = encryptPassword(value)
ResolverConfig(resolver_id=resolver_id,
Key=key,
Value=value,
Type=types.get(key, ""),
Description=desc.get(key, "")).save()
return resolver_id
def save_resolver(params):
"""
create a new resolver from request parameters
and save the resolver in the database.
If the resolver already exist, it is updated.
If you update a resolver, you do not need to provide all parameters.
Parameters you do not provide are left untouched.
When updating a resolver you must not change the type!
You do not need to specify the type, but if you specify a wrong type,
it will produce an error.
:param params: request parameters like "name" and "type" and the
configuration parameters of the resolver config.
:type params: dict
:return: the database ID of the resolver
:rtype: int
"""
# before we create the resolver in the database, we need to check
# for the name and type thing...
resolvername = getParam(params, 'resolver', required)
resolvertype = getParam(params, 'type', required)
update_resolver = False
# check the name
sanity_name_check(resolvername)
# check the type
resolvertypes = get_resolver_types()
if resolvertype not in resolvertypes:
raise Exception("resolver type : {0!s} not in {1!s}".format(resolvertype, unicode(resolvertypes)))
# check the name
resolvers = get_resolver_list(filter_resolver_name=resolvername)
for r_name, resolver in resolvers.items():
if resolver.get("type") == resolvertype:
# We found the resolver with the same name and the same type,
# So we will update this resolver
update_resolver = True
else:
raise Exception("resolver with similar name and other type already "
"exists: %s" % r_name)
# create a dictionary for the ResolverConfig
resolver_config = get_resolver_config_description(resolvertype)
config_description = resolver_config.get(resolvertype).get('config', {})
types = {}
desc = {}
data = {}
for k in params:
if k not in ['resolver', 'type']:
if k.startswith('type.') is True:
key = k[len('type.'):]
types[key] = params.get(k)
elif k.startswith('desc.') is True:
key = k[len('desc.'):]
desc[key] = params.get(k)
else:
data[k] = params.get(k)
if k in config_description:
types[k] = config_description.get(k)
else:
log.warn("the passed key %r is not a "
"parameter for the resolver %r" % (k,
resolvertype))
# Check that there is no type or desc without the data itself.
# i.e. if there is a type.BindPW=password, then there must be a
# BindPW=....
_missing = False
for t in types:
if t not in data:
_missing = True
for t in desc:
if t not in data:
_missing = True
if _missing:
raise Exception("type or description without necessary data! {0!s}".format(
unicode(params)))
# Everything passed. So lets actually create the resolver in the DB
if update_resolver:
resolver_id = Resolver.query.filter(func.lower(Resolver.name) ==
resolvername.lower()).first().id
else:
resolver = Resolver(params.get("resolver"),
params.get("type"))
resolver_id = resolver.save()
# create the config
for key, value in data.items():
if types.get(key) == "password":
value = encryptPassword(value)
ResolverConfig(resolver_id=resolver_id,
Key=key,
Value=value,
Type=types.get(key, ""),
Description=desc.get(key, "")).save()
# Remove corresponding entries from the user cache
delete_user_cache(resolver=resolvername)
return resolver_id
def save_caconnector(params):
"""
Create a new CA connector from the given parameters and save it to the
database.
If the CA Connector already exists, it is updated.
For updating some attributes of an existing CA connector you do not need
to pass all attributes again, but only those, which should be changed.
When updating the CA connector the type must not be changed,
since another type might require different attributes.
:param params: request parameters like "caconnector" (name) and "type"
and the specific attributes of the ca connector.
:type params: dict
:return: the database ID of the CA connector
:rtype: int
"""
# before we create the resolver in the database, we need to check
# for the name and type thing...
connector_name = getParam(params, 'caconnector', required)
connector_type = getParam(params, 'type', required)
update_connector = False
sanity_name_check(connector_name)
# check the type
if connector_type not in get_caconnector_types():
raise Exception("connector type : {0!s} not in {1!s}".format(
connector_type, unicode(get_caconnector_types())))
# check the name
connectors = get_caconnector_list(filter_caconnector_name=connector_name)
for connector in connectors:
if connector.get("type") == connector_type:
# There is a CA connector with the same name, so we will update
# the CA Connector config
update_connector = True
else: # pragma: no cover
raise Exception("CA Connector with similar name and other type "
"already exists: %s" % connector_name)
# create a dictionary for the ResolverConfig
connector_config = get_caconnector_config_description(connector_type)
config_description = connector_config.get(connector_type, {})
data, types, desc = get_data_from_params(params, ["caconnector", "type"],
config_description,
"CA connector", connector_type)
# Everything passed. So lets actually create the CA Connector in the DB
if update_connector:
connector_id = CAConnector.query.filter(
func.lower(CAConnector.name) == connector_name.lower()).first().id
else:
db_connector = CAConnector(params.get("caconnector"),
params.get("type"))
connector_id = db_connector.save()
# create the config
for key, value in data.items():
if types.get(key) == "password":
value = encryptPassword(value)
CAConnectorConfig(caconnector_id=connector_id,
Key=key,
Value=value,
Type=types.get(key, ""),
Description=desc.get(key, "")).save()
return connector_id
def save_resolver(params):
"""
create a new machine resolver from request parameters
and save the machine resolver in the database.
If the machine resolver already exist, it is updated.
If you update machine resolver, you do not need to provide all parameters.
Parameters you do not provide are left untouched.
When updating a resolver you must not change the type!
You do not need to specify the type, but if you specify a wrong type,
it will produce an error.
:param params: request parameters like "name" and "type" and the
configuration parameters of the resolver config.
:type params: dict
:return: the database ID of the resolver
:rtype: int
"""
# before we create the resolver in the database, we need to check
# for the name and type.
resolvername = getParam(params, 'name', required)
resolvertype = getParam(params, 'type', required)
update_resolver = False
# check the name
sanity_name_check(resolvername)
# check the type
(class_dict, type_dict) = get_machine_resolver_class_dict()
if resolvertype not in type_dict.values():
raise Exception("machine resolver type : %s not in %s" %
(resolvertype, type_dict.values()))
# check the name
resolvers = get_resolver_list(filter_resolver_name=resolvername)
for r_name, resolver in resolvers.items():
if resolver.get("type") == resolvertype:
# We found the resolver with the same name and the same type,
# So we will update this resolver
update_resolver = True
else: # pragma: no cover
raise Exception("machine resolver with similar name and other type "
"already exists: %s" % r_name)
# create a dictionary for the ResolverConfig
resolver_config = get_resolver_config_description(resolvertype)
config_description = resolver_config.get(resolvertype,
{}).get('config',
{})
data, types, desc = get_data_from_params(params,
["name", "type"],
config_description,
"machine resolver",
resolvertype)
# Everything passed. So lets actually create the resolver in the DB
if update_resolver:
resolver_id = MachineResolver.query.filter(func.lower(
MachineResolver.name) == resolvername.lower()).first().id
else:
resolver = MachineResolver(params.get("name"), params.get("type"))
resolver_id = resolver.save()
# create the config
for key, value in data.items():
if types.get(key) == "password":
value = encryptPassword(value)
MachineResolverConfig(resolver_id=resolver_id,
Key=key,
Value=value,
Type=types.get(key, ""),
Description=desc.get(key, "")).save()
return resolver_id
def save_resolver(params):
"""
create a new machine resolver from request parameters
and save the machine resolver in the database.
If the machine resolver already exist, it is updated.
If you update machine resolver, you do not need to provide all parameters.
Parameters you do not provide are left untouched.
When updating a resolver you must not change the type!
You do not need to specify the type, but if you specify a wrong type,
it will produce an error.
:param params: request parameters like "name" and "type" and the
configuration parameters of the resolver config.
:type params: dict
:return: the database ID of the resolver
:rtype: int
"""
# before we create the resolver in the database, we need to check
# for the name and type.
resolvername = getParam(params, 'name', required)
resolvertype = getParam(params, 'type', required)
update_resolver = False
# check the name
sanity_name_check(resolvername)
# check the type
(class_dict, type_dict) = get_machine_resolver_class_dict()
if resolvertype not in type_dict.values():
raise Exception("machine resolver type : %s not in %s" %
(resolvertype, type_dict.values()))
# check the name
resolvers = get_resolver_list(filter_resolver_name=resolvername)
for r_name, resolver in resolvers.items():
if resolver.get("type") == resolvertype:
# We found the resolver with the same name and the same type,
# So we will update this resolver
update_resolver = True
else: # pragma: no cover
raise Exception(
"machine resolver with similar name and other type "
"already exists: %s" % r_name)
# create a dictionary for the ResolverConfig
resolver_config = get_resolver_config_description(resolvertype)
config_description = resolver_config.get(resolvertype,
{}).get('config', {})
data, types, desc = get_data_from_params(params, ["name", "type"],
config_description,
"machine resolver", resolvertype)
# Everything passed. So lets actually create the resolver in the DB
if update_resolver:
resolver_id = MachineResolver.query.filter(
func.lower(MachineResolver.name) ==
resolvername.lower()).first().id
else:
resolver = MachineResolver(params.get("name"), params.get("type"))
resolver_id = resolver.save()
# create the config
for key, value in data.items():
if types.get(key) == "password":
value = encryptPassword(value)
MachineResolverConfig(resolver_id=resolver_id,
Key=key,
Value=value,
Type=types.get(key, ""),
Description=desc.get(key, "")).save()
return resolver_id
def save_resolver(params):
"""
create a new resolver from request parameters
and save the resolver in the database.
If the resolver already exist, it is updated.
If you update a resolver, you do not need to provide all parameters.
Parameters you do not provide are left untouched.
When updating a resolver you must not change the type!
You do not need to specify the type, but if you specify a wrong type,
it will produce an error.
:param params: request parameters like "name" and "type" and the
configuration parameters of the resolver config.
:type params: dict
:return: the database ID of the resolver
:rtype: int
"""
# before we create the resolver in the database, we need to check
# for the name and type thing...
resolvername = getParam(params, 'resolver', required)
resolvertype = getParam(params, 'type', required)
update_resolver = False
# check the name
sanity_name_check(resolvername)
# check the type
resolvertypes = get_resolver_types()
if resolvertype not in resolvertypes:
raise Exception("resolver type : {0!s} not in {1!s}".format(
resolvertype, str(resolvertypes)))
# check the name
resolvers = get_resolver_list(filter_resolver_name=resolvername)
for r_name, resolver in resolvers.items():
if resolver.get("type") == resolvertype:
# We found the resolver with the same name and the same type,
# So we will update this resolver
update_resolver = True
else:
raise Exception(
"resolver with similar name and other type already "
"exists: %s" % r_name)
# create a dictionary for the ResolverConfig
resolver_config = get_resolver_config_description(resolvertype)
config_description = resolver_config.get(resolvertype).get('config', {})
data, types, desc = get_data_from_params(params, ['resolver', 'type'],
config_description, resolvertype,
resolvername)
# Everything passed. So lets actually create the resolver in the DB
if update_resolver:
resolver_id = Resolver.query.filter(
func.lower(Resolver.name) == resolvername.lower()).first().id
else:
resolver = Resolver(params.get("resolver"), params.get("type"))
resolver_id = resolver.save()
# create the config
for key, value in data.items():
if types.get(key) == "password":
if value == CENSORED:
continue
else:
value = encryptPassword(value)
ResolverConfig(resolver_id=resolver_id,
Key=key,
Value=value,
Type=types.get(key, ""),
Description=desc.get(key, "")).save()
# Remove corresponding entries from the user cache
delete_user_cache(resolver=resolvername)
return resolver_id
def save_caconnector(params):
"""
Create a new CA connector from the given parameters and save it to the
database.
If the CA Connector already exists, it is updated.
For updating some attributes of an existing CA connector you do not need
to pass all attributes again, but only those, which should be changed.
When updating the CA connector the type must not be changed,
since another type might require different attributes.
:param params: request parameters like "caconnector" (name) and "type"
and the specific attributes of the ca connector.
:type params: dict
:return: the database ID of the CA connector
:rtype: int
"""
# before we create the resolver in the database, we need to check
# for the name and type thing...
connector_name = getParam(params, 'caconnector', required)
connector_type = getParam(params, 'type', required)
update_connector = False
sanity_name_check(connector_name)
# check the type
if connector_type not in get_caconnector_types():
raise Exception("connector type : %s not in %s" %
(connector_type, unicode(get_caconnector_types())))
# check the name
connectors = get_caconnector_list(filter_caconnector_name=connector_name)
for connector in connectors:
if connector.get("type") == connector_type:
# There is a CA connector with the same name, so we will update
# the CA Connector config
update_connector = True
else: # pragma: no cover
raise Exception("CA Connector with similar name and other type "
"already exists: %s" % connector_name)
# create a dictionary for the ResolverConfig
connector_config = get_caconnector_config_description(connector_type)
config_description = connector_config.get(connector_type, {})
data, types, desc = get_data_from_params(params,
["caconnector", "type"],
config_description,
"CA connector",
connector_type)
# Everything passed. So lets actually create the CA Connector in the DB
if update_connector:
connector_id = CAConnector.query.filter(func.lower(CAConnector.name)
== connector_name.lower()).first().id
else:
db_connector = CAConnector(params.get("caconnector"),
params.get("type"))
connector_id = db_connector.save()
# create the config
for key, value in data.items():
if types.get(key) == "password":
value = encryptPassword(value)
CAConnectorConfig(caconnector_id=connector_id,
Key=key,
Value=value,
Type=types.get(key, ""),
Description=desc.get(key, "")).save()
return connector_id
