Esempi in Python per get_manager

Esempio n. 1

def main():
    manager = get_manager()

    manager.secret.to_file(
        "passport_rp_jks_base64",
        manager.config.get("passport_rp_client_jks_fn"),
        decode=True,
        binary_mode=True,
    )
    manager.secret.to_file(
        "passport_rs_jks_base64",
        manager.config.get("passport_rs_client_jks_fn"),
        decode=True,
        binary_mode=True,
    )
    manager.secret.to_file(
        "passport_rp_client_cert_base64",
        manager.config.get("passport_rp_client_cert_fn"),
        decode=True,
    )
    manager.secret.to_file("idp3SigningCertificateText",
                           "/etc/certs/idp-signing.crt")
    manager.secret.to_file("passport_sp_cert_base64",
                           "/etc/certs/passport-sp.crt",
                           decode=True)
    manager.secret.to_file("passport_sp_key_base64",
                           "/etc/certs/passport-sp.key",
                           decode=True)

    render_passport_config(manager)
    render_salt(manager, "/app/templates/salt.tmpl", "/etc/gluu/conf/salt")

Esempio n. 2

def main():
    persistence_type = os.environ.get("GLUU_PERSISTENCE_TYPE", "ldap")
    ldap_mapping = os.environ.get("GLUU_PERSISTENCE_LDAP_MAPPING", "default")

    if persistence_type not in PERSISTENCE_TYPES:
        logger.error("Unsupported GLUU_PERSISTENCE_TYPE value; "
                     "please choose one of {}".format(
                         ", ".join(PERSISTENCE_TYPES)))
        sys.exit(1)

    if persistence_type == "hybrid" and ldap_mapping not in PERSISTENCE_LDAP_MAPPINGS:
        logger.error("Unsupported GLUU_PERSISTENCE_LDAP_MAPPING value; "
                     "please choose one of {}".format(
                         ", ".join(PERSISTENCE_LDAP_MAPPINGS)))
        sys.exit(1)

    manager = get_manager()
    deps = ["config", "secret"]

    if persistence_type == "hybrid":
        deps += ["ldap_conn", "couchbase_conn"]
    else:
        deps.append("{}_conn".format(persistence_type))

    wait_for(manager, deps)

Esempio n. 3

def main():
    persistence_type = os.environ.get("GLUU_PERSISTENCE_TYPE", "ldap")
    validate_persistence_type(persistence_type)

    ldap_mapping = os.environ.get("GLUU_PERSISTENCE_LDAP_MAPPING", "default")
    validate_persistence_ldap_mapping(persistence_type, ldap_mapping)

    manager = get_manager()
    deps = ["config", "secret"]

    if persistence_type == "hybrid":
        deps += ["ldap", "couchbase"]
    else:
        deps.append(persistence_type)

    wait_for(manager, deps)

Esempio n. 4

File: entrypoint.py Progetto: GluuFederation/docker-persistence

def main():
    manager = get_manager()

    backend_classes = {
        "ldap": LDAPBackend,
        "couchbase": CouchbaseBackend,
        "hybrid": HybridBackend,
    }

    # initialize the backend
    backend_cls = backend_classes.get(GLUU_PERSISTENCE_TYPE)
    if not backend_cls:
        raise ValueError("unsupported backend")

    backend = backend_cls(manager)
    backend.initialize()

Esempio n. 5

File: entrypoint.py Progetto: GluuFederation/docker-radius

def main():
    manager = get_manager()
    persistence_type = os.environ.get("GLUU_PERSISTENCE_TYPE", "ldap")

    render_salt(manager, "/app/templates/salt.tmpl", "/etc/gluu/conf/salt")
    render_gluu_properties("/app/templates/gluu.properties.tmpl", "/etc/gluu/conf/gluu.properties")
    render_radius_properties(
        manager, "/app/templates/gluu-radius.properties.tmpl", "/etc/gluu/conf/radius/gluu-radius.properties")

    if persistence_type in ("ldap", "hybrid"):
        render_ldap_properties(
            manager,
            "/app/templates/gluu-ldap.properties.tmpl",
            "/etc/gluu/conf/gluu-ldap.properties",
        )
        sync_ldap_truststore(manager)

    if persistence_type in ("couchbase", "hybrid"):
        render_couchbase_properties(
            manager,
            "/app/templates/gluu-couchbase.properties.tmpl",
            "/etc/gluu/conf/gluu-couchbase.properties",
        )
        sync_couchbase_truststore(manager)

    if persistence_type == "hybrid":
        render_hybrid_properties("/etc/gluu/conf/gluu-hybrid.properties")

    if not os.path.isfile("/etc/certs/gluu_https.crt"):
        if as_boolean(os.environ.get("GLUU_SSL_CERT_FROM_SECRETS", False)):
            manager.secret.to_file("ssl_cert", "/etc/certs/gluu_https.crt")
        else:
            get_server_certificate(manager.config.get("hostname"), 443, "/etc/certs/gluu_https.crt")

    cert_to_truststore(
        "gluu_https",
        "/etc/certs/gluu_https.crt",
        "/usr/lib/jvm/default-jvm/jre/lib/security/cacerts",
        "changeit",
    )
    manager.secret.to_file("radius_jks_base64", "/etc/certs/gluu-radius.jks",
                           decode=True, binary_mode=True)

Esempio n. 6

def main():
    persistence_type = os.environ.get("GLUU_PERSISTENCE_TYPE", "ldap")
    validate_persistence_type(persistence_type)

    ldap_mapping = os.environ.get("GLUU_PERSISTENCE_LDAP_MAPPING", "default")
    validate_persistence_ldap_mapping(persistence_type, ldap_mapping)

    meta = os.environ.get("GLUU_CONTAINER_METADATA")
    if meta not in CONTAINER_META_OPTS:
        logger.error(
            "Invalid value for GLUU_CONTAINER_METADATA environment variable; "
            "please choose one of {}".format(", ".join(CONTAINER_META_OPTS)))
        sys.exit(1)

    manager = get_manager()
    deps = ["config", "secret"]

    if persistence_type == "hybrid":
        deps += ["ldap", "couchbase"]
    else:
        deps.append(persistence_type)
    wait_for(manager, deps)

Esempio n. 7

def main():
    GLUU_CONTAINER_METADATA = os.environ.get("GLUU_CONTAINER_METADATA",
                                             "docker")

    # check interval (by default per 5 mins)
    GLUU_CR_ROTATION_CHECK = os.environ.get("GLUU_CR_ROTATION_CHECK", 60 * 5)

    try:
        check_interval = int(GLUU_CR_ROTATION_CHECK)
    except ValueError:
        check_interval = 60 * 5

    manager = get_manager()

    persistence_type = os.environ.get("GLUU_PERSISTENCE_TYPE", "ldap")
    ldap_mapping = os.environ.get("GLUU_PERSISTENCE_LDAP_MAPPING", "default")

    rotator = CacheRefreshRotator(manager, persistence_type, ldap_mapping)

    if GLUU_CONTAINER_METADATA == "kubernetes":
        client = KubernetesMeta()
    else:
        client = DockerMeta()

    try:
        while True:
            oxtrust_containers = client.get_containers("APP_NAME=oxtrust")
            oxtrust_ip_pool = [
                client.get_container_ip(container)
                for container in oxtrust_containers
            ]
            signalon = False

            config = rotator.backend.get_configuration()
            current_ip_in_ldap = config.get(
                "oxTrustCacheRefreshServerIpAddress", DEFAULT_IP)
            is_cr_enabled = config["gluuVdsCacheRefreshEnabled"] in ("enabled",
                                                                     True)
            # is_cr_enabled = True

            if current_ip_in_ldap in oxtrust_ip_pool and is_cr_enabled:
                write_master_ip(current_ip_in_ldap)

            if check_master_ip(current_ip_in_ldap) and oxtrust_containers:
                signalon = True

            if current_ip_in_ldap == SIGNAL_IP:
                logger.info(
                    "Signal received. Setting new oxtrust container at this node to CacheRefresh "
                )
                signalon = True

            if not oxtrust_containers and is_cr_enabled:
                rotator.send_signal()

            # If no oxtrust was found the previous would set ip to default. If later oxtrust was found
            if current_ip_in_ldap == DEFAULT_IP and is_cr_enabled and oxtrust_containers:
                logger.info(
                    "Oxtrust containers found after resetting to defaults.")
                signalon = True

            for container in oxtrust_containers:
                ip = client.get_container_ip(container)

                # The user has disabled the CR or CR is not active
                if not is_cr_enabled:
                    logger.warning('Cache refresh is found to be disabled.')

                config = rotator.backend.get_configuration()
                current_ip_in_ldap = config.get(
                    "oxTrustCacheRefreshServerIpAddress", DEFAULT_IP)
                is_cr_enabled = config["gluuVdsCacheRefreshEnabled"] in (
                    "enabled", True)
                # is_cr_enabled = True

                # Check  the container has not been setup previously, the CR is enabled
                if ip != current_ip_in_ldap and is_cr_enabled and current_ip_in_ldap not in oxtrust_ip_pool \
                        and signalon:
                    logger.info(
                        "Current oxTrustCacheRefreshServerIpAddress: {}".
                        format(current_ip_in_ldap))

                    # Clean cache folder at oxtrust container
                    logger.info(
                        "Cleaning cache folders for {} with IP {}".format(
                            client.get_container_name(container),
                            client.get_container_ip(container)))
                    clean_snapshot(client, container)

                    logger.info(
                        "Updating oxTrustCacheRefreshServerIpAddress to IP address {}"
                        .format(ip))
                    req = rotator.backend.update_configuration(
                        config["id"], ip)
                    if req["success"]:
                        logger.info("CacheRefresh config has been updated")
                    else:
                        logger.warning(
                            "Unable to update CacheRefresh config; reason={}".
                            format(req["message"]))

            # delay
            time.sleep(check_interval)
    except KeyboardInterrupt:
        logger.warning("Canceled by user; exiting ...")

Esempio n. 8

File: entrypoint.py Progetto: GluuFederation/docker-fido2

import os
import re

from pygluu.containerlib import get_manager
from pygluu.containerlib.persistence import render_couchbase_properties
from pygluu.containerlib.persistence import render_gluu_properties
from pygluu.containerlib.persistence import render_hybrid_properties
from pygluu.containerlib.persistence import render_ldap_properties
from pygluu.containerlib.persistence import render_salt
from pygluu.containerlib.persistence import sync_couchbase_truststore
from pygluu.containerlib.persistence import sync_ldap_truststore
from pygluu.containerlib.utils import cert_to_truststore
from pygluu.containerlib.utils import get_server_certificate
from pygluu.containerlib.utils import as_boolean

manager = get_manager()


def modify_jetty_xml():
    fn = "/opt/jetty/etc/jetty.xml"
    with open(fn) as f:
        txt = f.read()

    # disable contexts
    updates = re.sub(
        r'<New id="DefaultHandler" class="org.eclipse.jetty.server.handler.DefaultHandler"/>',
        r'<New id="DefaultHandler" class="org.eclipse.jetty.server.handler.DefaultHandler">\n\t\t\t\t <Set name="showContexts">false</Set>\n\t\t\t </New>',
        txt,
        flags=re.DOTALL | re.M,
    )

Esempio n. 9

File: wait.py Progetto: EOEPCA/um-login-passport

def main():
    manager = get_manager()
    deps = ["config", "secret"]
    wait_for(manager, deps)