def modify(self, args, config, connection):
name = args['name']
kind = args['kind']
privilege = Privilege(name, kind, connection=connection)
if not privilege.exists():
print("Error: Privilege does not exist: {0}".format(name))
sys.exit(1)
privilege.read()
if args['json'] is not None:
privilege = self._read(None,
kind,
None,
args['json'],
connection=connection)
privilege.name = name
self.roles = []
self._properties(privilege, args)
if len(self.roles) > 0:
privilege.set_role_names(self.roles)
print("Modify privilege {0}...".format(name))
privilege.update(connection=connection)
def get(self, args, config, connection):
privilege = Privilege(args['name'], args['kind'], connection=connection)
if not privilege.exists():
print("Error: Privilege does not exist: {0}".format(args['name']))
sys.exit(1)
privilege.read()
self.jprint(privilege)
def get(self, args, config, connection):
privilege = Privilege(args['name'],
args['kind'],
connection=connection)
if not privilege.exists():
print("Error: Privilege does not exist: {0}".format(args['name']))
sys.exit(1)
privilege.read()
self.jprint(privilege)
def readPrivileges(self):
names = Privilege.list(self.connection)
max_read = { "execute": 5, "uri": 5 }
counts = { "execute": 0, "uri": 0 }
for name in names:
parts = name.split("|")
kind = parts[0]
pname = parts[1]
counts[kind] = counts[kind] + 1
if max_read[kind] > 0:
rsrc = Privilege.lookup(self.connection, pname, kind)
max_read[kind] = max_read[kind] - 1
print("Execute privileges: {}".format(counts["execute"]))
print("URI privileges: {}".format(counts["uri"]))
def readPrivileges(self):
names = Privilege.list(self.connection)
max_read = {"execute": 5, "uri": 5}
counts = {"execute": 0, "uri": 0}
for name in names:
parts = name.split("|")
kind = parts[0]
pname = parts[1]
counts[kind] = counts[kind] + 1
if max_read[kind] > 0:
rsrc = Privilege.lookup(self.connection, pname, kind)
max_read[kind] = max_read[kind] - 1
print("Execute privileges: {}".format(counts["execute"]))
print("URI privileges: {}".format(counts["uri"]))
def create(self, args, config, connection):
name = args['name']
kind = args['kind']
action = args['action']
if args['json'] is not None:
privilege = self._read(name,
kind,
action,
args['json'],
connection=connection)
name = privilege.privilege_name()
kind = privilege.kind()
action = privilege.action()
else:
privilege = Privilege(name,
kind,
action=action,
connection=connection)
if privilege.exists():
print("Error: Privilege already exists: {0}".format(name))
sys.exit(1)
self.roles = []
self._properties(privilege, args)
if len(self.roles) > 0:
privilege.set_role_names(self.roles)
print("Create privilege {0}...".format(name))
privilege.create(connection)
def delete(self, args, config, connection):
privilege = Privilege.lookup(connection,
name=args['name'],
kind=args['kind'])
if privilege is None:
return
print("Delete privilege {0}...".format(args['name']))
privilege.delete(connection)
def delete(self, args, config, connection):
privilege = Privilege.lookup(connection,
name=args['name'],
kind=args['kind'])
if privilege is None:
return
print("Delete privilege {0}...".format(args['name']))
privilege.delete(connection)
def create(self, args, config, connection):
name = args['name']
kind = args['kind']
action = args['action']
if args['json'] is not None:
privilege = self._read(name, kind, action, args['json'],
connection=connection)
name = privilege.privilege_name()
kind = privilege.kind()
action = privilege.action()
else:
privilege = Privilege(name, kind, action=action,
connection=connection)
if privilege.exists():
print("Error: Privilege already exists: {0}".format(name))
sys.exit(1)
self.roles = []
self._properties(privilege, args)
if len(self.roles) > 0:
privilege.set_role_names(self.roles)
print("Create privilege {0}...".format(name))
privilege.create(connection)
def _read(self, name, kind, action, jsonfile,
connection=None, save_connection=True):
jf = open(jsonfile).read()
data = json.loads(jf)
if name is not None:
data['privilege-name'] = name
if kind is not None:
data['kind'] = kind
if action is not None:
data['action'] = action
privilege = Privilege.unmarshal(data,
connection=connection,
save_connection=save_connection)
return privilege
def modify(self, args, config, connection):
name = args['name']
kind = args['kind']
privilege = Privilege(name, kind, connection=connection)
if not privilege.exists():
print("Error: Privilege does not exist: {0}".format(name))
sys.exit(1)
privilege.read()
if args['json'] is not None:
privilege = self._read(None, kind, None, args['json'],
connection=connection)
privilege.name = name
self.roles = []
self._properties(privilege, args)
if len(self.roles) > 0:
privilege.set_role_names(self.roles)
print("Modify privilege {0}...".format(name))
privilege.update(connection=connection)
def _read(self,
name,
kind,
action,
jsonfile,
connection=None,
save_connection=True):
jf = open(jsonfile).read()
data = json.loads(jf)
if name is not None:
data['privilege-name'] = name
if kind is not None:
data['kind'] = kind
if action is not None:
data['action'] = action
privilege = Privilege.unmarshal(data,
connection=connection,
save_connection=save_connection)
return privilege
print("Need to create role: {0}".format(name))
role = Role(name)
role.create(conn)
# Update privileges
for config in data['roles']:
name = config['role-name']
role = Role.unmarshal(config)
print("Updating role: {0}".format(name))
role.update(conn)
# Update privileges
for config in data['privileges']:
name = config['privilege-name']
kind = config['kind']
priv = Privilege.lookup(conn, name, kind)
if priv is None:
verb = "Creating"
priv = Privilege.unmarshal(config)
print("{0} privilege: {1}".format(verb, name))
priv.create(conn)
else:
verb = "Updating"
priv = Privilege.unmarshal(config)
print("{0} {1} privilege: {2}".format(verb, kind, name))
priv.update(conn)
# Update users
for config in data['users']:
name = config['user-name']
user = User.lookup(conn, name)
def close(self, conn, group='Default'):
closed = False
while not closed:
closed = True
newitems = []
for key in self.servers:
item = self.servers[key]
if item is None:
closed = False
newitems.append(Server.lookup(conn, key, group))
for server in newitems:
self._close_over_server(server)
newitems = []
for key in self.databases:
item = self.databases[key]
if item is None:
closed = False
newitems.append(Database.lookup(conn, key))
for database in newitems:
self._close_over_database(database)
newitems = []
for key in self.forests:
item = self.forests[key]
if item is None:
closed = False
newitems.append(Forest.lookup(conn, key))
for forest in newitems:
self._close_over_forest(forest)
newitems = []
for key in self.users:
item = self.users[key]
if item is None:
closed = False
newitems.append(User.lookup(conn, key))
for user in newitems:
self._close_over_user(user)
newitems = []
for key in self.roles:
item = self.roles[key]
if item is None:
closed = False
newitems.append(Role.lookup(conn, key))
for role in newitems:
self._close_over_role(role)
delitems = []
newitems = []
for key in self.privileges:
item = self.privileges[key]
parts = key.split("|")
kind = parts[0]
name = parts[1]
if isinstance(item, str):
closed = False
if "//" in key:
# Assume it's an action
priv = Privilege.lookup(conn, action=name, kind=kind)
delitems.append(key)
else:
priv = Privilege.lookup(conn, name, kind)
newitems.append(priv)
for item in delitems:
del self.privileges[item]
for priv in newitems:
self._close_over_privilege(priv)
def close(self, conn, group='Default'):
closed = False
while not closed:
closed = True
newitems = []
for key in self.servers:
item = self.servers[key]
if item is None:
closed = False
newitems.append(Server.lookup(conn, key, group))
for server in newitems:
self._close_over_server(server)
newitems = []
for key in self.databases:
item = self.databases[key]
if item is None:
closed = False
newitems.append(Database.lookup(conn, key))
for database in newitems:
self._close_over_database(database)
newitems = []
for key in self.users:
item = self.users[key]
if item is None:
closed = False
newitems.append(User.lookup(conn, key))
for user in newitems:
self._close_over_user(user)
newitems = []
for key in self.roles:
item = self.roles[key]
if item is None:
closed = False
newitems.append(Role.lookup(conn, key))
for role in newitems:
self._close_over_role(role)
delitems = []
newitems = []
for key in self.privileges:
item = self.privileges[key]
parts = key.split("|")
kind = parts[0]
name = parts[1]
if isinstance(item, str):
closed = False
if self.PRIVILEGES is None:
self.PRIVILEGES = Privilege.list(conn)
for priv in self.PRIVILEGES:
parts = priv.split("|")
if parts[0] == kind and parts[2] == name:
delitems.append(key)
name = parts[1]
newitems.append(Privilege.lookup(conn, name, kind))
for item in delitems:
del self.privileges[item]
for priv in newitems:
self._close_over_privilege(priv)
def list(self, args, config, connection):
ptype = args['kind']
names = Privilege.list(connection, kind=ptype)
print(json.dumps(names, sort_keys=True, indent=2))
def list(self, args, config, connection):
ptype = args['kind']
names = Privilege.list(connection, kind=ptype)
print(json.dumps(names,sort_keys=True, indent=2))
