コード例 #1
0
def main(*args, **kw):
    opts = parse_cli(args, kw)

    if opts.debug:
        log.setLevel(logging.DEBUG)

    (principal, realm) = parse_klist()

    db = DbFactory(verbose=opts.verbose)
    Base.metadata.bind = db.engine

    if opts.verbose:
        db.meta.bind.echo = True

    session = db.Session()

    aqd_admin = Role.get_unique(session, "aqd_admin", compel=True)
    dbrealm = Realm.get_unique(session, realm)
    if not dbrealm:
        dbrealm = Realm(name=realm)
        session.add(dbrealm)
    dbuser = UserPrincipal.get_unique(session, name=principal, realm=dbrealm)
    if dbuser:
        if dbuser.role == aqd_admin:
            log.info("%s@%s is already an aqd_admin, nothing to do", principal,
                     realm)
        else:
            log.info("Updating %s %s to aqd_admin", dbuser.name,
                     dbuser.role.name)
            dbuser.role = aqd_admin
    else:
        log.info("Creating %s@%s as aqd_admin", principal, realm)
        dbuser = UserPrincipal(name=principal,
                               realm=dbrealm,
                               role=aqd_admin,
                               comments='User with write access to database')
        session.add(dbuser)

    if opts.commit:
        session.commit()
    elif session.new or session.dirty:
        log.debug("dry-run mode enabled, not running commit()")
コード例 #2
0
ファイル: search_principal.py プロジェクト: piojo/aquilon
    def render(self, session, role, realm, fullinfo, style, **arguments):
        q = session.query(UserPrincipal)
        if role:
            dbrole = Role.get_unique(session, role, compel=True)
            q = q.filter_by(role=dbrole)
        if realm:
            dbrealm = Realm.get_unique(session, realm, compel=True)
            q = q.filter_by(realm=dbrealm)

        if fullinfo or style != "raw":
            q = q.options(undefer("comments"),
                          subqueryload("role"))
            return q.all()
        else:
            return StringList(q.all())
コード例 #3
0
ファイル: add_admin.py プロジェクト: jrha/aquilon
def main(*args, **kw):
    opts = parse_cli(args, kw)

    if opts.debug:
        log.setLevel(logging.DEBUG)

    (principal, realm) = parse_klist()

    db = DbFactory(verbose=opts.verbose)
    Base.metadata.bind = db.engine

    if opts.verbose:
        db.meta.bind.echo = True

    session = db.Session()

    aqd_admin = Role.get_unique(session, "aqd_admin", compel=True)
    dbrealm = Realm.get_unique(session, realm)
    if not dbrealm:
        dbrealm = Realm(name=realm)
        session.add(dbrealm)
    dbuser = UserPrincipal.get_unique(session, name=principal, realm=dbrealm)
    if dbuser:
        if dbuser.role == aqd_admin:
            log.info("%s@%s is already an aqd_admin, nothing to do",
                     principal, realm)
        else:
            log.info("Updating %s %s to aqd_admin",
                     dbuser.name, dbuser.role.name)
            dbuser.role = aqd_admin
    else:
        log.info("Creating %s@%s as aqd_admin", principal, realm)
        dbuser = UserPrincipal(name=principal, realm=dbrealm, role=aqd_admin,
                               comments='User with write access to database')
        session.add(dbuser)

    if opts.commit:
        session.commit()
    elif session.new or session.dirty:
        log.debug("dry-run mode enabled, not running commit()")
コード例 #4
0
ファイル: user_principal.py プロジェクト: piojo/aquilon
def get_or_create_user_principal(session, principal, createuser=True,
                                 createrealm=True, commitoncreate=False,
                                 comments=None, query_options=None):
    if principal is None:
        return None

    m = principal_re.match(principal)
    if not m:
        raise ArgumentError("User principal '%s' is not valid." % principal)
    realm = m.group(2)
    user = m.group(1)

    m = host_re.match(user)
    if m:
        user = '******'
        # Verify that the host exists in AQDB
        hostname_to_host(session, m.group(1))

    # Short circuit the common case, and optimize it to eager load in
    # a single query since this happens on every command:
    q = session.query(UserPrincipal)
    q = q.filter_by(name=user)
    q = q.join(Realm)
    q = q.filter_by(name=realm)
    q = q.reset_joinpoint()
    q = q.options(contains_eager('realm'),
                  joinedload('role'))
    if query_options:
        q = q.options(*query_options)
    dbuser = q.first()
    if dbuser:
        return dbuser
    # If here, need more complicated behavior...
    dbnobody = Role.get_unique(session, 'nobody', compel=True)
    try:
        dbrealm = Realm.get_unique(session, realm, compel=True)
    except NotFoundException:
        if not createrealm:
            raise ArgumentError("Could not find realm %s to create principal "
                                "%s, use --createrealm to create a new record "
                                "for the realm." % (realm, principal))
        LOGGER.info("Realm %s did not exist, creating...", realm)
        dbrealm = Realm(name=realm)
        session.add(dbrealm)
        LOGGER.info("Creating user %s@%s...", user, realm)
        dbuser = UserPrincipal(name=user, realm=dbrealm, role=dbnobody,
                               comments=comments)
        session.add(dbuser)
        if commitoncreate:
            session.commit()
        return dbuser
    q = session.query(UserPrincipal).filter_by(name=user, realm=dbrealm)
    dbuser = q.first()
    if not dbuser:
        if not createuser:
            raise ArgumentError("Could not find principal %s to permission, "
                                "use --createuser to create a new record for "
                                "the principal." % principal)
        LOGGER.info("User %s did not exist in realm %s, creating...",
                    user, realm)
        dbuser = UserPrincipal(name=user, realm=dbrealm, role=dbnobody,
                               comments=comments)
        session.add(dbuser)
        if commitoncreate:
            session.commit()
    return dbuser
コード例 #5
0
ファイル: user_principal.py プロジェクト: ned21/aquilon
def get_or_create_user_principal(session,
                                 principal,
                                 createuser=True,
                                 createrealm=True,
                                 commitoncreate=False,
                                 comments=None,
                                 query_options=None):
    if principal is None:
        return None

    m = principal_re.match(principal)
    if not m:
        raise ArgumentError("User principal '%s' is not valid." % principal)
    realm = m.group(2)
    user = m.group(1)

    m = host_re.match(user)
    if m:
        user = '******'
        # Verify that the host exists in AQDB
        hostname_to_host(session, m.group(1))

    # Short circuit the common case, and optimize it to eager load in
    # a single query since this happens on every command:
    q = session.query(UserPrincipal)
    q = q.filter_by(name=user)
    q = q.join(Realm)
    q = q.filter_by(name=realm)
    q = q.reset_joinpoint()
    q = q.options(contains_eager('realm'), joinedload('role'))
    if query_options:
        q = q.options(*query_options)
    dbuser = q.first()
    if dbuser:
        return dbuser
    # If here, need more complicated behavior...
    dbnobody = Role.get_unique(session, 'nobody', compel=True)
    try:
        dbrealm = Realm.get_unique(session, realm, compel=True)
    except NotFoundException:
        if not createrealm:
            raise ArgumentError("Could not find realm %s to create principal "
                                "%s, use --createrealm to create a new record "
                                "for the realm." % (realm, principal))
        LOGGER.info("Realm %s did not exist, creating..." % realm)
        dbrealm = Realm(name=realm)
        session.add(dbrealm)
        LOGGER.info("Creating user %s@%s..." % (user, realm))
        dbuser = UserPrincipal(name=user,
                               realm=dbrealm,
                               role=dbnobody,
                               comments=comments)
        session.add(dbuser)
        if commitoncreate:
            session.commit()
        return dbuser
    q = session.query(UserPrincipal).filter_by(name=user, realm=dbrealm)
    dbuser = q.first()
    if not dbuser:
        if not createuser:
            raise ArgumentError("Could not find principal %s to permission, "
                                "use --createuser to create a new record for "
                                "the principal." % principal)
        LOGGER.info("User %s did not exist in realm %s, creating..." %
                    (user, realm))
        dbuser = UserPrincipal(name=user,
                               realm=dbrealm,
                               role=dbnobody,
                               comments=comments)
        session.add(dbuser)
        if commitoncreate:
            session.commit()
    return dbuser