def remove_user_from_role(role_name, user_name): """ Remove a user from a role. This has the side-effect of revoking all the permissions granted to the role from the user, unless the permissions are also granted by another role. @type role_name: str @param role_name: name of role @type user_name: str @param suer_name: name of user @rtype: bool @return: True on success """ role = _get_role(role_name) user = _get_user(user_name) if role_name == super_user_role and is_last_super_user(user): raise PulpAuthorizationError(_('%s cannot be empty, and %s is the last member') % (super_user_role, user_name)) if role_name not in user['roles']: return False user['roles'].remove(role_name) factory.user_manager().update_user(user['login'], Delta(user, 'roles')) for resource, operations in role['permissions'].items(): other_roles = _get_other_roles(role, user['roles']) user_ops = _operations_not_granted_by_roles(resource, operations, other_roles) _permission_api.revoke(resource, user, user_ops) return True
def delete_role(role_name): """ Delete a role. This has the side-effect of revoking any permissions granted to the role from the users in the role, unless those permissions are also granted through another role the user is a memeber of. @type role_name: name of the role to delete @param role_name: role name @rtype: bool @return: True on success """ check_builtin_roles(role_name) role = _get_role(role_name) users = _get_users_belonging_to_role(role) for resource, operations in role['permissions'].items(): for user in users: other_roles = _get_other_roles(role, user['roles']) user_ops = _operations_not_granted_by_roles(resource, operations, other_roles) _permission_api.revoke(resource, user, user_ops) for user in users: user['roles'].remove(role_name) factory.user_manager().update_user(user['login'], Delta(user, 'roles')) _role_api.delete(role) return True
def _initialize_pulp(): # XXX ORDERING COUNTS # This initialization order is very sensitive, and each touches a number of # sub-systems in pulp. If you get this wrong, you will have pulp tripping # over itself on start up. If you do not know where to add something, ASK! global _IS_INITIALIZED, STACK_TRACER if _IS_INITIALIZED: return _IS_INITIALIZED = True # check our db version and other support migration_models.check_package_versions() # pulp generic content initialization manager_factory.initialize() plugin_api.initialize() # new async dispatch initialization dispatch_factory.initialize() dispatch_history.start_reaper_thread() # ensure necessary infrastructure role_manager = manager_factory.role_manager() role_manager.ensure_super_user_role() user_manager = manager_factory.user_manager() user_manager.ensure_admin() # agent services AgentServices.start() # setup debugging, if configured if config.config.getboolean('server', 'debugging_mode'): STACK_TRACER = StacktraceDumper() STACK_TRACER.start()
def POST(self): # Pull all the user data user_data = self.params() login = user_data.get('login', None) password = user_data.get('password', None) name = user_data.get('name', None) # Creation manager = managers.user_manager() args = [login] kwargs = {'password': password, 'name': name} weight = pulp_config.config.getint('tasks', 'create_weight') tags = [ resource_tag(dispatch_constants.RESOURCE_USER_TYPE, login), action_tag('create') ] call_request = CallRequest(manager.create_user, args, kwargs, weight=weight, tags=tags, kwarg_blacklist=['password']) call_request.creates_resource(dispatch_constants.RESOURCE_USER_TYPE, login) user = execution.execute_sync(call_request) user_link = serialization.link.child_link_obj(login) user.update(user_link) # Grant permissions permission_manager = managers.permission_manager() permission_manager.grant_automatic_permissions_for_resource( user_link['_href']) return self.created(login, user)
def setUp(self): ServerTests.setUp(self) roles = [] User.get_collection().remove() manager = managers.user_manager() roles.append(managers.role_manager().super_user_role) manager.create_user(login=self.USER[0], password=self.USER[1], roles=roles)
def test_syntactic_sugar_methods(self): """ Tests the syntactic sugar methods for retrieving specific managers. """ # Setup factory.initialize() # Test self.assertTrue(isinstance(factory.authentication_manager(), AuthenticationManager)) self.assertTrue(isinstance(factory.cert_generation_manager(), CertGenerationManager)) self.assertTrue(isinstance(factory.certificate_manager(), CertificateManager)) self.assertTrue(isinstance(factory.password_manager(), PasswordManager)) self.assertTrue(isinstance(factory.permission_manager(), PermissionManager)) self.assertTrue(isinstance(factory.permission_query_manager(), PermissionQueryManager)) self.assertTrue(isinstance(factory.role_manager(), RoleManager)) self.assertTrue(isinstance(factory.role_query_manager(), RoleQueryManager)) self.assertTrue(isinstance(factory.user_manager(), UserManager)) self.assertTrue(isinstance(factory.user_query_manager(), UserQueryManager)) self.assertTrue(isinstance(factory.repo_manager(), RepoManager)) self.assertTrue(isinstance(factory.repo_unit_association_manager(), RepoUnitAssociationManager)) self.assertTrue(isinstance(factory.repo_publish_manager(), RepoPublishManager)) self.assertTrue(isinstance(factory.repo_query_manager(), RepoQueryManager)) self.assertTrue(isinstance(factory.repo_sync_manager(), RepoSyncManager)) self.assertTrue(isinstance(factory.content_manager(), ContentManager)) self.assertTrue(isinstance(factory.content_query_manager(), ContentQueryManager)) self.assertTrue(isinstance(factory.content_upload_manager(), ContentUploadManager)) self.assertTrue(isinstance(factory.consumer_manager(), ConsumerManager)) self.assertTrue(isinstance(factory.topic_publish_manager(), TopicPublishManager))
def POST(self): # Pull all the user data user_data = self.params() login = user_data.get('login', None) password = user_data.get('password', None) name = user_data.get('name', None) # Creation manager = managers.user_manager() args = [login] kwargs = {'password': password, 'name': name} user = manager.create_user(*args, **kwargs) # Add the link to the user user_link = serialization.link.child_link_obj(login) user.update(user_link) # Grant permissions user_link = serialization.link.child_link_obj(login) permission_manager = managers.permission_manager() permission_manager.grant_automatic_permissions_for_resource(user_link['_href']) return self.created(login, user)
def populate(self): role_manager = manager_factory.role_manager() role_manager.create_role(self.ROLE_ID) for login in self.USER_LOGINS: user_manager = manager_factory.user_manager() user_manager.create_user(login=login, password=login, roles=[self.ROLE_ID])
def POST(self): # Pull all the user data user_data = self.params() login = user_data.get('login', None) password = user_data.get('password', None) name = user_data.get('name', None) # Creation manager = managers.user_manager() args = [login] kwargs = {'password': password, 'name': name} user = manager.create_user(*args, **kwargs) # Add the link to the user user_link = serialization.link.child_link_obj(login) user.update(user_link) # Grant permissions user_link = serialization.link.child_link_obj(login) permission_manager = managers.permission_manager() permission_manager.grant_automatic_permissions_for_resource( user_link['_href']) return self.created(login, user)
def POST(self): # Pull all the user data user_data = self.params() login = user_data.get('login', None) password = user_data.get('password', None) name = user_data.get('name', None) # Creation manager = managers.user_manager() resources = {dispatch_constants.RESOURCE_USER_TYPE: {login: dispatch_constants.RESOURCE_CREATE_OPERATION}} args = [login] kwargs = {'password': password, 'name': name} weight = pulp_config.config.getint('tasks', 'create_weight') tags = [resource_tag(dispatch_constants.RESOURCE_USER_TYPE, login), action_tag('create')] call_request = CallRequest(manager.create_user, args, kwargs, resources=resources, weight=weight, tags=tags, kwarg_blacklist=['password']) user = execution.execute_sync(call_request) user_link = serialization.link.child_link_obj(login) user.update(user_link) # Grant permissions permission_manager = managers.permission_manager() permission_manager.grant_automatic_permissions_for_resource(user_link['_href']) return self.created(login, user)
def _initialize_pulp(): # This initialization order is very sensitive, and each touches a number of # sub-systems in pulp. If you get this wrong, you will have pulp tripping # over itself on start up. global _IS_INITIALIZED, STACK_TRACER if _IS_INITIALIZED: return # Verify the database has been migrated to the correct version. This is # very likely a reason the server will fail to start. try: migration_models.check_package_versions() except Exception: msg = 'The database has not been migrated to the current version. ' msg += 'Run pulp-manage-db and restart the application.' raise InitializationException(msg), None, sys.exc_info()[2] # Load plugins and resolve against types. This is also a likely candidate # for causing the server to fail to start. try: plugin_api.initialize() except Exception: msg = 'One or more plugins failed to initialize. If a new type has ' msg += 'been added, run pulp-manage-db to load the type into the ' msg += 'database and restart the application.' raise InitializationException(msg), None, sys.exc_info()[2] # There's a significantly smaller chance the following calls will fail. # The previous two are likely user errors, but the remainder represent # something gone horribly wrong. As such, I'm not going to account for each # and instead simply let the exception itself bubble up. # Load the mappings of manager type to managers manager_factory.initialize() # Initialize the tasking subsystem dispatch_factory.initialize() # Ensure the minimal auth configuration role_manager = manager_factory.role_manager() role_manager.ensure_super_user_role() user_manager = manager_factory.user_manager() user_manager.ensure_admin() # database document reaper reaper.initialize() # agent services AgentServices.start() # Setup debugging, if configured if config.config.getboolean('server', 'debugging_mode'): STACK_TRACER = StacktraceDumper() STACK_TRACER.start() # If we got this far, it was successful, so flip the flag _IS_INITIALIZED = True
def delete_role(role_id): """ Deletes the given role. This has the side-effect of revoking any permissions granted to the role from the users in the role, unless those permissions are also granted through another role the user is a memeber of. :param role_id: identifies the role being deleted :type role_id: str :raise InvalidValue: if any of the fields are unacceptable :raise MissingResource: if the given role does not exist :raise PulpDataException: if role is a superuser role """ # Raise exception if role id is invalid if role_id is None or not isinstance(role_id, basestring): raise InvalidValue(['role_id']) # Check whether role exists role = Role.get_collection().find_one({'id': role_id}) if role is None: raise MissingResource(role_id) # Make sure role is not a superuser role if role_id == SUPER_USER_ROLE: raise PulpDataException(_('Role %s cannot be changed') % role_id) # Remove respective roles from users users = factory.user_query_manager().find_users_belonging_to_role( role_id) for item in role['permissions']: for user in users: other_roles = factory.role_query_manager().get_other_roles( role, user['roles']) user_ops = _operations_not_granted_by_roles( item['resource'], item['permission'], other_roles) factory.permission_manager().revoke(item['resource'], user['login'], user_ops) for user in users: user['roles'].remove(role_id) factory.user_manager().update_user(user['login'], Delta(user, 'roles')) Role.get_collection().remove({'id': role_id}, safe=True)
def __init__(self, admin=None, password=None, server='ldap://localhost:389', tls=False): self.ldapserver = server self.ldapadmin = admin self.ldappassword = password self.ldaptls = tls self.lconn = None self.user_manager = factory.user_manager() self.role_manager = factory.role_manager()
def add_user_to_role(role_name, user_name): """ Add a user to a role. This has the side-effect of granting all the permissions granted to the role to the user. @type role_name: str @param role_name: name of role @type user_name: str @param user_name: name of user @rtype: bool @return: True on success """ role = _get_role(role_name) user = _get_user(user_name) if role_name in user['roles']: return False user['roles'].append(role_name) factory.user_manager().update_user(user['login'], Delta(user, 'roles')) for resource, operations in role['permissions'].items(): _permission_api.grant(resource, user, operations) return True
def setUp(self): super(UserManagerTests, self).setUp() # Hardcoded to /var/lib/pulp, so change here to avoid permissions issues self.default_sn_path = SerialNumber.PATH SerialNumber.PATH = '/tmp/sn.dat' sn = SerialNumber() sn.reset() self.user_manager = manager_factory.user_manager() self.user_query_manager = manager_factory.user_query_manager() self.cert_generation_manager = manager_factory.cert_generation_manager()
def setUp(self): super(AuthControllersTests, self).setUp() self.user_manager = manager_factory.user_manager() self.user_query_manager = manager_factory.user_query_manager() self.role_manager = manager_factory.role_manager() self.role_query_manager = manager_factory.role_query_manager() self.permission_manager = manager_factory.permission_manager() self.permission_query_manager = manager_factory.permission_query_manager() self.password_manager = manager_factory.password_manager() self.role_manager.ensure_super_user_role() self.user_manager.ensure_admin()
def DELETE(self, login): manager = managers.user_manager() resources = {dispatch_constants.RESOURCE_USER_TYPE: {login: dispatch_constants.RESOURCE_DELETE_OPERATION}} tags = [resource_tag(dispatch_constants.RESOURCE_USER_TYPE, login), action_tag('delete')] call_request = CallRequest(manager.delete_user, [login], resources=resources, tags=tags) return execution.execute_ok(self, call_request)
def DELETE(self, login): manager = managers.user_manager() resources = {dispatch_constants.RESOURCE_USER_TYPE: {login: dispatch_constants.RESOURCE_DELETE_OPERATION}} tags = [resource_tag(dispatch_constants.RESOURCE_USER_TYPE, login), action_tag("delete")] call_request = CallRequest(manager.delete_user, [login], resources=resources, tags=tags) # Remove permissions user_link = serialization.link.current_link_obj() permission_manager = managers.permission_manager() permission_manager.delete_permission(user_link["_href"]) return execution.execute_ok(self, call_request)
def PUT(self, login): # Pull all the user update data user_data = self.params() delta = user_data.get("delta", None) # Perform update manager = managers.user_manager() resources = {dispatch_constants.RESOURCE_USER_TYPE: {login: dispatch_constants.RESOURCE_UPDATE_OPERATION}} tags = [resource_tag(dispatch_constants.RESOURCE_USER_TYPE, login), action_tag("update")] call_request = CallRequest(manager.update_user, [login, delta], resources=resources, tags=tags) return execution.execute_ok(self, call_request)
def delete_role(role_id): """ Deletes the given role. This has the side-effect of revoking any permissions granted to the role from the users in the role, unless those permissions are also granted through another role the user is a memeber of. :param role_id: identifies the role being deleted :type role_id: str :raise InvalidValue: if any of the fields are unacceptable :raise MissingResource: if the given role does not exist :raise PulpDataException: if role is a superuser role """ # Raise exception if role id is invalid if role_id is None or not isinstance(role_id, basestring): raise InvalidValue(['role_id']) # Check whether role exists role = Role.get_collection().find_one({'id': role_id}) if role is None: raise MissingResource(role_id) # Make sure role is not a superuser role if role_id == SUPER_USER_ROLE: raise PulpDataException(_('Role %s cannot be changed') % role_id) # Remove respective roles from users users = factory.user_query_manager().find_users_belonging_to_role(role_id) for item in role['permissions']: for user in users: other_roles = factory.role_query_manager().get_other_roles(role, user['roles']) user_ops = _operations_not_granted_by_roles(item['resource'], item['permission'], other_roles) factory.permission_manager().revoke(item['resource'], user['login'], user_ops) for user in users: user['roles'].remove(role_id) factory.user_manager().update_user(user['login'], Delta(user, 'roles')) Role.get_collection().remove({'id': role_id}, safe=True)
def _initialize_pulp(): # This initialization order is very sensitive, and each touches a number of # sub-systems in pulp. If you get this wrong, you will have pulp tripping # over itself on start up. global _IS_INITIALIZED, STACK_TRACER if _IS_INITIALIZED: return # Even though this import does not get used anywhere, we must import it for the Celery # application to be initialized. Also, this import cannot happen in the usual PEP-8 location, # as it calls initialization code at the module level. Calling that code at the module level # is necessary for the Celery application to initialize. from pulp.server.async import app # configure agent services AgentServices.init() # Verify the database has been migrated to the correct version. This is # very likely a reason the server will fail to start. try: migration_models.check_package_versions() except Exception: msg = 'The database has not been migrated to the current version. ' msg += 'Run pulp-manage-db and restart the application.' raise initialization.InitializationException(msg), None, sys.exc_info()[2] # There's a significantly smaller chance the following calls will fail. # The previous two are likely user errors, but the remainder represent # something gone horribly wrong. As such, I'm not going to account for each # and instead simply let the exception itself bubble up. # Initialize the tasking subsystem dispatch_factory.initialize() # Ensure the minimal auth configuration role_manager = manager_factory.role_manager() role_manager.ensure_super_user_role() user_manager = manager_factory.user_manager() user_manager.ensure_admin() # start agent services AgentServices.start() # Setup debugging, if configured if config.config.getboolean('server', 'debugging_mode'): STACK_TRACER = StacktraceDumper() STACK_TRACER.start() # If we got this far, it was successful, so flip the flag _IS_INITIALIZED = True
def setUp(self): super(UserManagerTests, self).setUp() # Hardcoded to /var/lib/pulp, so change here to avoid permissions issues self.default_sn_path = SerialNumber.PATH SerialNumber.PATH = '/tmp/sn.dat' sn = SerialNumber() sn.reset() self.user_manager = manager_factory.user_manager() self.user_query_manager = manager_factory.user_query_manager() self.role_manager = manager_factory.role_manager() self.cert_generation_manager = manager_factory.cert_generation_manager()
def setUp(self): super(PulpWebserviceTests, self).setUp() self.success_failure = None self.result = None self.exception = None self.traceback = None # The built in PulpTest clean will automatically delete users between # test runs, so we can't just create the user in the class level setup. user_manager = manager_factory.user_manager() roles = [] roles.append(SUPER_USER_ROLE) user_manager.create_user(login='******', password='******', roles=roles)
def _get_users_belonging_to_role(role): """ Get a list of users belonging to the given role @type role: L{pulp.server.db.model.Role} instance @param role: role to get members of @rtype: list of L{pulp.server.db.model.User} instances @return: list of users that are members of the given role """ users = [] for user in factory.user_manager().find_all(): if role['name'] in user['roles']: users.append(user) return users
def setUp(self): super(AuthControllersTests, self).setUp() self.user_manager = manager_factory.user_manager() self.user_query_manager = manager_factory.user_query_manager() self.role_manager = manager_factory.role_manager() self.role_query_manager = manager_factory.role_query_manager() self.permission_manager = manager_factory.permission_manager() self.permission_query_manager = manager_factory.permission_query_manager( ) self.password_manager = manager_factory.password_manager() self.role_manager.ensure_super_user_role() self.user_manager.ensure_admin()
def _get_user(user_name): """ Get a user from the database that corresponds to the user name Raise an exception if the user isn't found @type user_name: str @param user_name: user's login @rtype: L{pulp.server.db.model.User} instance @return: user instance @raise L{PulpAuthorizationError}: if no user with name exists """ user = factory.user_manager().find_by_login(login=user_name) if user is None: raise PulpAuthorizationError(_('no such user: %s') % user_name) return user
def setUp(self): super(PermissionManagerTests, self).setUp() self.alpha_num = string.letters + string.digits self.user_manager = manager_factory.user_manager() self.user_query_manager = manager_factory.user_query_manager() self.role_manager = manager_factory.role_manager() self.role_query_manager = manager_factory.role_query_manager() self.permission_manager = manager_factory.permission_manager() self.permission_query_manager = manager_factory.permission_query_manager() self.role_manager.ensure_super_user_role() manager_factory.principal_manager().clear_principal()
def setUp(self): super(RoleManagerTests, self).setUp() self.alpha_num = string.letters + string.digits self.user_manager = manager_factory.user_manager() self.user_query_manager = manager_factory.user_query_manager() self.role_manager = manager_factory.role_manager() self.role_query_manager = manager_factory.role_query_manager() self.permission_manager = manager_factory.permission_manager() self.permission_query_manager = manager_factory.permission_query_manager() self.role_manager.ensure_super_user_role() manager_factory.principal_manager().clear_principal()
def DELETE(self, login): """ Delete a given user object :param login: the login id of the user to delete :type login: str """ manager = managers.user_manager() result = manager.delete_user(login) # Delete any existing user permissions given to the creator of the user user_link = serialization.link.current_link_obj()['_href'] if Permission.get_collection().find_one({'resource': user_link}): Permission.get_collection().remove({'resource': user_link}, safe=True) return self.ok(result)
def PUT(self, login): # Pull all the user update data user_data = self.params() delta = user_data.get('delta', None) # Perform update manager = managers.user_manager() tags = [resource_tag(dispatch_constants.RESOURCE_USER_TYPE, login), action_tag('update')] call_request = CallRequest(manager.update_user, [login, delta], tags=tags) call_request.updates_resource(dispatch_constants.RESOURCE_USER_TYPE, login) result = execution.execute(call_request) result.update(serialization.link.current_link_obj()) return self.ok(result)
def PUT(self, login): """ Update a user :param login: the login id of the user to update :type login: str """ # Pull all the user update data user_data = self.params() delta = user_data.get('delta', None) # Perform update manager = managers.user_manager() result = manager.update_user(login, delta) self.process_dictionary_against_whitelist(result, USER_WHITELIST) return self.ok(result)
def PUT(self, login): # Pull all the user update data user_data = self.params() delta = user_data.get('delta', None) # Perform update manager = managers.user_manager() resources = {dispatch_constants.RESOURCE_USER_TYPE: {login: dispatch_constants.RESOURCE_UPDATE_OPERATION}} tags = [resource_tag(dispatch_constants.RESOURCE_USER_TYPE, login), action_tag('update')] call_request = CallRequest(manager.update_user, [login, delta], resources=resources, tags=tags) result = execution.execute(call_request) result.update(serialization.link.current_link_obj()) return self.ok(result)
def DELETE(self, login): manager = managers.user_manager() tags = [resource_tag(dispatch_constants.RESOURCE_USER_TYPE, login), action_tag('delete')] call_request = CallRequest(manager.delete_user, [login], tags=tags) call_request.deletes_resource(dispatch_constants.RESOURCE_USER_TYPE, login) result = execution.execute(call_request) # Delete any existing user permissions given to the creator of the user user_link = serialization.link.current_link_obj()['_href'] if Permission.get_collection().find_one({'resource' : user_link}): Permission.get_collection().remove({'resource' : user_link}, safe=True) return self.ok(result)
def DELETE(self, login): manager = managers.user_manager() resources = {dispatch_constants.RESOURCE_USER_TYPE: {login: dispatch_constants.RESOURCE_DELETE_OPERATION}} tags = [resource_tag(dispatch_constants.RESOURCE_USER_TYPE, login), action_tag('delete')] call_request = CallRequest(manager.delete_user, [login], resources=resources, tags=tags) result = execution.execute(call_request) # Delete any existing user permissions given to the creator of the user user_link = serialization.link.current_link_obj()['_href'] if Permission.get_collection().find_one({'resource' : user_link}): Permission.get_collection().remove({'resource' : user_link}, safe=True) return self.ok(result)
def delete(self, request, login): """ Delete a user. :param request: WSGI request object :type request: django.core.handlers.wsgi.WSGIRequest :param login: login for the requested user :type login: str :return: An empty response :rtype: django.http.HttpResponse """ manager = factory.user_manager() result = manager.delete_user(login) # Delete any existing user permissions given to the creator of the user link = {'_href': reverse('user_resource', kwargs={'login': login})} if Permission.get_collection().find_one({'resource': link['_href']}): Permission.get_collection().remove({'resource': link}) return generate_json_response(result)
def put(self, request, login): """ Update a user. :param request: WSGI request object :type request: django.core.handlers.wsgi.WSGIRequest :param login: login for the requested user :type login: str :return: Response containing the user :rtype: django.http.HttpResponse """ # Pull all the user update data user_data = request.body_as_json delta = user_data.get('delta', None) # Perform update manager = factory.user_manager() result = manager.update_user(login, delta) _process_dictionary_against_whitelist(result, USER_WHITELIST) return generate_json_response_with_pulp_encoder(result)
def delete(self, request, login): """ Delete a user. :param request: WSGI request object :type request: django.core.handlers.wsgi.WSGIRequest :param login: login for the requested user :type login: str :return: An empty response :rtype: django.http.HttpResponse """ manager = factory.user_manager() result = manager.delete_user(login) # Delete any existing user permissions given to the creator of the user link = {'_href': reverse('user_resource', kwargs={'login': login})} if Permission.get_collection().find_one({'resource': link['_href']}): Permission.get_collection().remove({'resource': link}, safe=True) return generate_json_response(result)
def ensure_admin(self): """ This function ensures that there is at least one super user for the system. If no super users are found, the default admin user (from the pulp config) is looked up or created and added to the super users role. """ user_query_manager = factory.user_query_manager() role_manager = factory.role_manager() super_users = user_query_manager.find_users_belonging_to_role(role_manager.super_user_role) if super_users: return default_login = config.config.get('server', 'default_login') admin = User.get_collection().find_one({'login' : default_login}) if admin is None: default_password = config.config.get('server', 'default_password') admin = factory.user_manager().create_user(login=default_login, password=default_password) role_manager.add_user_to_role(role_manager.super_user_role, default_login)
def post(self, request): """ Create a new user. :param request: WSGI request object :type request: django.core.handlers.wsgi.WSGIRequest :return: Response containing the user :rtype: django.http.HttpResponse :raises: MissingValue if login field is missing :raises: InvalidValue if some parameters are invalid """ # Pull all the user data user_data = request.body_as_json login = user_data.pop('login', None) if login is None: raise pulp_exceptions.MissingValue(['login']) password = user_data.pop('password', None) name = user_data.pop('name', None) if user_data: raise pulp_exceptions.InvalidValue(user_data.keys()) # Creation manager = factory.user_manager() args = [login] kwargs = {'password': password, 'name': name} user = manager.create_user(*args, **kwargs) # Add the link to the user link = _add_link(user) # Grant permissions permission_manager = factory.permission_manager() permission_manager.grant_automatic_permissions_for_resource( link['_href']) response = generate_json_response_with_pulp_encoder(user) return generate_redirect_response(response, link['_href'])
def post(self, request): """ Create a new user. :param request: WSGI request object :type request: django.core.handlers.wsgi.WSGIRequest :return: Response containing the user :rtype: django.http.HttpResponse :raises: MissingValue if login field is missing :raises: InvalidValue if some parameters are invalid """ # Pull all the user data user_data = request.body_as_json login = user_data.pop('login', None) if login is None: raise pulp_exceptions.MissingValue(['login']) password = user_data.pop('password', None) name = user_data.pop('name', None) if user_data: raise pulp_exceptions.InvalidValue(user_data.keys()) # Creation manager = factory.user_manager() args = [login] kwargs = {'password': password, 'name': name} user = manager.create_user(*args, **kwargs) # Add the link to the user link = _add_link(user) # Grant permissions permission_manager = factory.permission_manager() permission_manager.grant_automatic_permissions_for_resource(link['_href']) response = generate_json_response_with_pulp_encoder(user) return generate_redirect_response(response, link['_href'])
def ensure_admin(self): """ This function ensures that there is at least one super user for the system. If no super users are found, the default admin user (from the pulp config) is looked up or created and added to the super users role. """ user_query_manager = factory.user_query_manager() role_manager = factory.role_manager() super_users = user_query_manager.find_users_belonging_to_role( role_manager.super_user_role) if super_users: return default_login = config.config.get('server', 'default_login') admin = User.get_collection().find_one({'login': default_login}) if admin is None: default_password = config.config.get('server', 'default_password') admin = factory.user_manager().create_user( login=default_login, password=default_password) role_manager.add_user_to_role(role_manager.super_user_role, default_login)
# There's a significantly smaller chance the following calls will fail. # The previous two are likely user errors, but the remainder represent # something gone horribly wrong. As such, I'm not going to account for each # and instead simply let the exception itself bubble up. # Load the mappings of manager type to managers manager_factory.initialize() # Initialize the tasking subsystem dispatch_factory.initialize() # Ensure the minimal auth configuration role_manager = manager_factory.role_manager() role_manager.ensure_super_user_role() user_manager = manager_factory.user_manager() user_manager.ensure_admin() # database document reaper reaper.initialize() # agent services AgentServices.start() # Setup debugging, if configured if config.config.getboolean('server', 'debugging_mode'): STACK_TRACER = StacktraceDumper() STACK_TRACER.start() # If we got this far, it was successful, so flip the flag _IS_INITIALIZED = True