def update_user(self, user, user_details: dict, role, requesting_user="******"):
if user != requesting_user:
if not UserRole.check_role_meets_minimum_rank(role, "admin"):
return json.dumps({"error": "Method doesn't exist or user has insufficient privileges"}), 401
if user not in self.users.keys():
return json.dumps({"error": "User does not exist"}), 404
if "role" not in user_details and "password" not in user_details:
return json.dumps({"error": "Submitted user details are invalid"}), 400
user_role = self.users[user]["role"]
if UserRole.check_role_meets_minimum_rank(role, "admin"):
user_role = user_details.get("role", self.users[user]["role"])
if not UserRole.check_role_is_valid(user_role):
return json.dumps({"error": "Submitted user details are invalid"}), 400
if "password" in user_details:
if user_details["password"] == b"":
return json.dumps({"error": "Submitted user details are invalid"}), 400
user_password = base64.b64decode(user_details["password"]).decode()
else:
user_password = self.users[user]["password"]
self.users[user] = {"password": user_password, "role": user_role}
self.authentication_backend.update_user_file(self.users)
return "", 200
def _get_versioning_information(cls, role):
if not UserRole.check_role_meets_minimum_rank(role, "readOnly"):
return Response(
json.dumps({
"error":
"Method doesn't exist or user has insufficient privileges"
}), 401)
with open(cls.versioning_filepath, 'r') as versioning_file:
version_number = versioning_file.read()
status = {
"Diode": {
"Firmware": {
"F1": "0.0.0_rc0",
"F2": "0.0.0_rc0",
"F3": "0.0.0_rc0"
}
},
"Management": {
"Kernel":
"0.00.00-cl-som-imx7-0.0 #1 SMP PREEMPT Mon Jan 01 00:00:00 UTC 1970",
"RestAPI": f"{version_number}-a0000a0a",
"RootFS": {
"Build": "000",
"Hash": "0a0a0000",
"MountPoint": "/dev/mmcblk2p0"
},
"DiskImage": {
"Build": "000",
"Hash": "0a0a0000"
}
}
}
return Response(json.dumps(status), 200)
def do_power_on(cls, role):
cls.error_message = None
if not UserRole.check_role_meets_minimum_rank(role, "support"):
return Response(
json.dumps({
"error":
"Method doesn't exist or user has insufficient privileges"
}), 401)
if cls.state == DataplanePowerState.READY:
return Response(
json.dumps({
"error":
"Dataplane is already powered-on. Not initiating power-on"
}), 409)
if not cls.file_exists(cls.config_filepath):
return Response(
json.dumps({
"error":
"Config file could not be found to power on diode"
}), 404)
cls.power_on_diode()
cls.state = DataplanePowerState.READY
return Response("", 200)
def delete_user(self, user, role):
if not UserRole.check_role_meets_minimum_rank(role, "admin"):
return json.dumps({"error": "Method doesn't exist or user has insufficient privileges"}), 401
if user not in self.users.keys():
return json.dumps({"error": "User does not exist"}), 404
del self.users[user]
self.authentication_backend.update_user_file(self.users)
return "", 200
def _list_users(cls, role):
if not UserRole.check_role_meets_minimum_rank(role, "support"):
return Response(
json.dumps({
"error":
"Method doesn't exist or user has insufficient privileges"
}), 401)
users = cls.authentication.list_users()
return Response(json.dumps(users[0]), users[1])
def _get_config_schema(cls, role):
if not UserRole.check_role_meets_minimum_rank(role, "readOnly"):
return Response(
json.dumps({
"error":
"Method doesn't exist or user has insufficient privileges"
}), 401)
return Response(json.dumps(cls._get_file_content(cls.schema_filepath)),
200)
def _update_firmware(cls, role):
if not UserRole.check_role_meets_minimum_rank(role, "admin"):
return Response(
json.dumps({
"error":
"Method doesn't exist or user has insufficient privileges"
}), 401)
if not len(connexion.request.get_data()):
return Response(
json.dumps({"error": "Exception processing API command"}), 500)
return Response("", 200)
def add_user(self, user, user_details, role):
if not UserRole.check_role_meets_minimum_rank(role, "admin"):
return json.dumps({"error": "Method doesn't exist or user has insufficient privileges"}), 401
if user in self.users.keys():
return json.dumps({"error": "User already exists"}), 400
if "role" in user_details.keys():
new_user_role = user_details["role"]
else:
return json.dumps({"error": "Submitted user details are invalid"}), 400
if "password" not in user_details.keys() or user_details["password"] == "":
return json.dumps({"error": "Submitted user details are invalid"}), 400
if not UserRole.check_role_is_valid(new_user_role):
return json.dumps({"error": "Submitted user details are invalid"}), 400
self.users[user] = {"password": base64.b64decode(user_details["password"]).decode(), "role": new_user_role}
self.authentication_backend.update_user_file(self.users)
return "", 200
def _do_config_update(cls, role):
if not UserRole.check_role_meets_minimum_rank(role, "admin"):
return Response(
json.dumps({
"error":
"Method doesn't exist or user has insufficient privileges"
}), 401)
try:
cls.data_plane_config_file = cls._validate_config(
connexion.request.get_data(as_text=True))
except DataPlaneConfigError as exc:
return Response(json.dumps({"error": f"{exc}"}), 400)
cls._update_config()
return Response("", 200)
def _get_status_information(cls, role):
if not UserRole.check_role_meets_minimum_rank(role, "readOnly"):
return Response(
json.dumps({
"error":
"Method doesn't exist or user has insufficient privileges"
}), 401)
status = Status.get_status()
status["Dataplane"]["PowerState"] = PowerControl.state.name.lower()
if PowerControl.state == DataplanePowerState.ERROR and PowerControl.error_message is not None:
status["Dataplane"]["PowerStateError"] = PowerControl.error_message
return Response(json.dumps(status), 200)
def _get_config(cls, role):
if not UserRole.check_role_meets_minimum_rank(role, "readOnly"):
return Response(
json.dumps({
"error":
"Method doesn't exist or user has insufficient privileges"
}), 401)
if cls._file_exists(cls.data_plane_config_filepath):
return Response(
json.dumps(
cls._get_file_content(cls.data_plane_config_filepath)),
200)
else:
return Response(json.dumps({"error": "Config file not found"}),
404)
def do_power_off(cls, role):
cls.error_message = None
if not UserRole.check_role_meets_minimum_rank(role, "support"):
return Response(
json.dumps({
"error":
"Method doesn't exist or user has insufficient privileges"
}), 401)
if not cls.power_off_diode():
cls.error_message = "Failed to stop emulator backend"
cls.state = DataplanePowerState.ERROR
return Response(
json.dumps({"error": "Exception processing API command"}), 500)
cls.state = DataplanePowerState.OFF
return Response("", 200)
def _deploy_mgmt_config(cls, role):
if not UserRole.check_role_meets_minimum_rank(role, "admin"):
return Response(
json.dumps({
"error":
"Method doesn't exist or user has insufficient privileges"
}), 401)
if not os.path.exists(cls.pending_mgmt_config_filepath):
return Response(
json.dumps(
{"error": "No staged config could be found to deploy"}),
400)
cls._write_deployed_mgmt_config()
os.remove(cls.pending_mgmt_config_filepath)
return Response("", 200)
def _get_mgmt_config(cls, role):
if not UserRole.check_role_meets_minimum_rank(role, "support"):
return Response(
json.dumps({
"error":
"Method doesn't exist or user has insufficient privileges"
}), 401)
deployed_config = cls._get_sanitised_mgmt_config_from_file(
cls.mgmt_config_filepath)
pending_config = cls._get_sanitised_mgmt_config_from_file(
cls.pending_mgmt_config_filepath)
return Response(
json.dumps({
"deployed": deployed_config,
"pending": pending_config
}), 200)
def _stage_mgmt_config(cls, role):
if not UserRole.check_role_meets_minimum_rank(role, "admin"):
return Response(
json.dumps({
"error":
"Method doesn't exist or user has insufficient privileges"
}), 401)
pending_mgmt_config = {}
if os.path.exists(cls.pending_mgmt_config_filepath):
with open(cls.pending_mgmt_config_filepath, 'r') as pending_config:
pending_mgmt_config = json.load(pending_config)
ManagementInterface._write_config_to_file(
cls._get_updated_config(pending_mgmt_config,
connexion.request.get_json()),
cls.pending_mgmt_config_filepath)
return Response("", 200)
def test_admin_user_has_more_access_than_support(self):
self.assertTrue(
UserRole.check_role_meets_minimum_rank("admin",
minimum_role="support"))
def test_check_role_is_valid(self):
self.assertTrue(UserRole.check_role_is_valid("admin"))
self.assertTrue(UserRole.check_role_is_valid("support"))
self.assertTrue(UserRole.check_role_is_valid("readOnly"))
def test_check_role_is_valid_fails_nonexistent_role(self):
self.assertFalse(UserRole.check_role_is_valid("notarole"))
def test_read_only_user_has_access_to_read_only(self):
self.assertTrue(
UserRole.check_role_meets_minimum_rank("readOnly",
minimum_role="readOnly"))
def test_support_user_has_less_access_than_admin(self):
self.assertFalse(
UserRole.check_role_meets_minimum_rank("support",
minimum_role="admin"))