def main(*args, **kw): opts = parse_cli(args, kw) if opts.debug: log.setLevel(logging.DEBUG) (principal, realm) = parse_klist() db = DbFactory(verbose=opts.verbose) Base.metadata.bind = db.engine if opts.verbose: db.meta.bind.echo = True session = db.Session() aqd_admin = Role.get_unique(session, "aqd_admin", compel=True) dbrealm = Realm.get_unique(session, realm) if not dbrealm: dbrealm = Realm(name=realm) session.add(dbrealm) dbuser = UserPrincipal.get_unique(session, name=principal, realm=dbrealm) if dbuser: if dbuser.role == aqd_admin: log.info("%s@%s is already an aqd_admin, nothing to do", principal, realm) else: log.info("Updating %s %s to aqd_admin", dbuser.name, dbuser.role.name) dbuser.role = aqd_admin else: log.info("Creating %s@%s as aqd_admin", principal, realm) dbuser = UserPrincipal(name=principal, realm=dbrealm, role=aqd_admin, comments='User with write access to database') session.add(dbuser) if opts.commit: session.commit() elif session.new or session.dirty: log.debug("dry-run mode enabled, not running commit()")
def render(self, session, role, realm, fullinfo, style, **arguments): q = session.query(UserPrincipal) if role: dbrole = Role.get_unique(session, role, compel=True) q = q.filter_by(role=dbrole) if realm: dbrealm = Realm.get_unique(session, realm, compel=True) q = q.filter_by(realm=dbrealm) if fullinfo or style != "raw": q = q.options(undefer("comments"), subqueryload("role")) return q.all() else: return StringList(q.all())
def get_or_create_user_principal(session, principal, createuser=True, createrealm=True, commitoncreate=False, comments=None, query_options=None): if principal is None: return None m = principal_re.match(principal) if not m: raise ArgumentError("User principal '%s' is not valid." % principal) realm = m.group(2) user = m.group(1) m = host_re.match(user) if m: user = '******' # Verify that the host exists in AQDB hostname_to_host(session, m.group(1)) # Short circuit the common case, and optimize it to eager load in # a single query since this happens on every command: q = session.query(UserPrincipal) q = q.filter_by(name=user) q = q.join(Realm) q = q.filter_by(name=realm) q = q.reset_joinpoint() q = q.options(contains_eager('realm'), joinedload('role')) if query_options: q = q.options(*query_options) dbuser = q.first() if dbuser: return dbuser # If here, need more complicated behavior... dbnobody = Role.get_unique(session, 'nobody', compel=True) try: dbrealm = Realm.get_unique(session, realm, compel=True) except NotFoundException: if not createrealm: raise ArgumentError("Could not find realm %s to create principal " "%s, use --createrealm to create a new record " "for the realm." % (realm, principal)) LOGGER.info("Realm %s did not exist, creating...", realm) dbrealm = Realm(name=realm) session.add(dbrealm) LOGGER.info("Creating user %s@%s...", user, realm) dbuser = UserPrincipal(name=user, realm=dbrealm, role=dbnobody, comments=comments) session.add(dbuser) if commitoncreate: session.commit() return dbuser q = session.query(UserPrincipal).filter_by(name=user, realm=dbrealm) dbuser = q.first() if not dbuser: if not createuser: raise ArgumentError("Could not find principal %s to permission, " "use --createuser to create a new record for " "the principal." % principal) LOGGER.info("User %s did not exist in realm %s, creating...", user, realm) dbuser = UserPrincipal(name=user, realm=dbrealm, role=dbnobody, comments=comments) session.add(dbuser) if commitoncreate: session.commit() return dbuser
def get_or_create_user_principal(session, principal, createuser=True, createrealm=True, commitoncreate=False, comments=None, query_options=None): if principal is None: return None m = principal_re.match(principal) if not m: raise ArgumentError("User principal '%s' is not valid." % principal) realm = m.group(2) user = m.group(1) m = host_re.match(user) if m: user = '******' # Verify that the host exists in AQDB hostname_to_host(session, m.group(1)) # Short circuit the common case, and optimize it to eager load in # a single query since this happens on every command: q = session.query(UserPrincipal) q = q.filter_by(name=user) q = q.join(Realm) q = q.filter_by(name=realm) q = q.reset_joinpoint() q = q.options(contains_eager('realm'), joinedload('role')) if query_options: q = q.options(*query_options) dbuser = q.first() if dbuser: return dbuser # If here, need more complicated behavior... dbnobody = Role.get_unique(session, 'nobody', compel=True) try: dbrealm = Realm.get_unique(session, realm, compel=True) except NotFoundException: if not createrealm: raise ArgumentError("Could not find realm %s to create principal " "%s, use --createrealm to create a new record " "for the realm." % (realm, principal)) LOGGER.info("Realm %s did not exist, creating..." % realm) dbrealm = Realm(name=realm) session.add(dbrealm) LOGGER.info("Creating user %s@%s..." % (user, realm)) dbuser = UserPrincipal(name=user, realm=dbrealm, role=dbnobody, comments=comments) session.add(dbuser) if commitoncreate: session.commit() return dbuser q = session.query(UserPrincipal).filter_by(name=user, realm=dbrealm) dbuser = q.first() if not dbuser: if not createuser: raise ArgumentError("Could not find principal %s to permission, " "use --createuser to create a new record for " "the principal." % principal) LOGGER.info("User %s did not exist in realm %s, creating..." % (user, realm)) dbuser = UserPrincipal(name=user, realm=dbrealm, role=dbnobody, comments=comments) session.add(dbuser) if commitoncreate: session.commit() return dbuser