def __init__(self):
"""Initializes the manager by reading the config file."""
self.routers = []
self.auth_manager = auth_manager.AuthorizationManager()
self.default_router = self._CreateRouter(
config.CONFIG["API.DefaultRouter"])
if config.CONFIG["API.RouterACLConfigFile"]:
logging.info("Using API router ACL config file: %s",
config.CONFIG["API.RouterACLConfigFile"])
with open(config.CONFIG["API.RouterACLConfigFile"],
mode="rb") as fh:
acl_list = APIAuthorization.ParseYAMLAuthorizationsList(
fh.read())
if not acl_list:
raise InvalidAPIAuthorization("No entries added from "
"RouterACLConfigFile.")
for index, acl in enumerate(acl_list):
router = self._CreateRouter(acl.router,
params=acl.router_params)
self.routers.append(router)
router_id = str(index)
self.auth_manager.DenyAll(router_id)
for group in acl.groups:
self.auth_manager.AuthorizeGroup(group, router_id)
for user in acl.users:
self.auth_manager.AuthorizeUser(user, router_id)
def Initialize(self):
"""Initializes the manager by reading the config file."""
self.acled_routers = []
self.auth_manager = auth_manager.AuthorizationManager()
if config_lib.CONFIG["API.RouterACLConfigFile"]:
logging.info("Using API router ACL config file: %s",
config_lib.CONFIG["API.RouterACLConfigFile"])
reader = auth_manager.AuthorizationReader()
with open(config_lib.CONFIG["API.RouterACLConfigFile"],
mode="rb") as fh:
reader.CreateAuthorizations(fh.read(), APIAuthorization)
if not reader.GetAllAuthorizationObjects():
raise InvalidAPIAuthorization("No entries added from "
"RouterACLConfigFile.")
for acl in reader.GetAllAuthorizationObjects():
# Allow empty acls to act as DenyAll
self.auth_manager.DenyAll(acl.router)
for group in acl.groups:
self.auth_manager.AuthorizeGroup(group, acl.router)
for user in acl.users:
self.auth_manager.AuthorizeUser(user, acl.router)
self.acled_routers.append(acl.router)
logging.info("Applied API ACL: %s, %s, to router: %s",
acl.users, acl.groups, acl.router)
return self
def RunOnce(self):
"""Run this once on init."""
# Renderer-aware metrics
stats.STATS.RegisterEventMetric("ui_renderer_latency",
fields=[("renderer", str)])
stats.STATS.RegisterEventMetric("ui_renderer_response_size",
fields=[("renderer", str)],
units=stats.MetricUnits.BYTES)
stats.STATS.RegisterCounterMetric("ui_renderer_failure",
fields=[("renderer", str)])
# General metrics
stats.STATS.RegisterCounterMetric("ui_unknown_renderer")
stats.STATS.RegisterCounterMetric("http_access_denied")
stats.STATS.RegisterCounterMetric("http_server_error")
global LEGACY_RENDERERS_AUTH_MANAGER
legacy_renderers_groups = config_lib.CONFIG[
"AdminUI.legacy_renderers_allowed_groups"]
if legacy_renderers_groups:
LEGACY_RENDERERS_AUTH_MANAGER = auth_manager.AuthorizationManager()
for group in legacy_renderers_groups:
LEGACY_RENDERERS_AUTH_MANAGER.AuthorizeGroup(
group, "legacy_renderers")
def setUp(self):
super(AuthorizationManagerTest, self).setUp()
self.group_access_manager = groups.NoGroupAccess()
self.auth_manager = auth_manager.AuthorizationManager(
group_access_manager=self.group_access_manager)