def save_protected_str(self, realm, key, value_str): self.logger.debug( 'save_protected_str(obj, "%s", "%s", "%s")' % (realm, key, None if value_str is None else 'secret len=%s' % len(value_str))) reload(entity) e = self._try_find_entity(realm, key) if e is not None: e[self.ENTITY_FIELD_VALUE] = None e[self.ENTITY_FIELD_VALUE_ENCRYPTED] = None e[self.ENTITY_FIELD_KEY] = None # BUG # если не почистить realm, то будет ошибка 'Argument "realm" is not supported by this handler.' e[self.ENTITY_FIELD_REALM] = None self._entity_encrypt_new_password_value(e, value_str) # BUG # если тут добавить сессионный ключ, то спланк иногда не может сохранить записи try: entity.setEntity(e) except: entity.setEntity(e, sessionKey=self.session_key) else: e = entity.Entity(self.STORAGE_PATH, key) e.namespace = self.app_name e[self.ENTITY_FIELD_REALM] = realm self._entity_encrypt_new_password_value(e, value_str) entity.setEntity(e, sessionKey=self.session_key)
def commit(viewstate): ''' Persists a viewstate object. ''' if not isinstance(viewstate, Viewstate): raise ValueError, 'Cannot commit viewstate; Only viewstate objects supported' # check required properties for k in ['namespace', 'owner', 'view']: getattr(viewstate, k) # assert that the viewstate_id is not a hash if viewstate.id.find(':') > -1: raise ValueError, 'Cannot commit viewstate: viewstate_id contains a colon: %s' % viewstate.id entityWrapper = en.Entity(VIEWSTATE_ENTITY_CLASS, buildStanzaName(viewstate.view, viewstate.id), namespace=viewstate.namespace, owner=viewstate.owner) for module_name in sorted(viewstate.modules): for param_name in sorted(viewstate.modules[module_name]): entityWrapper[buildParamName( module_name, param_name)] = viewstate.modules[module_name][param_name] en.setEntity(entityWrapper) return True
def setSharing(viewstate, shareMode): ''' Sets the sharing mode: 'global', 'app', 'user' ''' if not isinstance(viewstate, Viewstate): raise ValueError, 'Cannot update viewstate; Only viewstate objects supported' # first fetch all the ACL data vsACL = en.getEntity(VIEWSTATE_ENTITY_CLASS + '/' + buildStanzaName(viewstate.view, viewstate.id), 'acl', namespace=viewstate.namespace, owner=viewstate.owner) # create new object and update mininum set of properties to support sharing aclWrapper = en.Entity(VIEWSTATE_ENTITY_CLASS + '/' + buildStanzaName(viewstate.view, viewstate.id), 'acl', namespace=viewstate.namespace, owner=viewstate.owner) aclWrapper['owner'] = viewstate.owner aclWrapper['sharing'] = shareMode # commit en.setEntity(aclWrapper) return True
def _apply(self, migration, force=False): """ invokes validate() and teardown() of an available migration plugin instance """ try: migration.validate() migration.teardown() except Exception as e: self.rollback() raise e else: # migration.dst is the resulting entity after the migration is applied dst_entity = migration.dst entity_path = self.migration_conf.dest_conf update = False uri = en.buildEndpoint(entity_path, entityName=dst_entity.name, namespace=NAMESPACE, owner=OWNER) if self._check_resource_exists(uri, sessionKey=self.session_key): if force: update = True else: raise ResourceExistsException if update: entity = en.Entity(entity_path, dst_entity.name, namespace=NAMESPACE, contents=dst_entity.content, owner=OWNER) else: entity = en.Entity(entity_path, '_new', namespace=NAMESPACE, contents=dst_entity.content, owner=OWNER) entity['name'] = dst_entity.name # to bypass a funny check in splunk.entity.getFullPath() entity['eai:acl'] = {} en.setEntity(entity, sessionKey=self.session_key) self.migration_conf.update_state(self.resource_url, migration.migration_level)
def create(self, name, **params): user, app = self.user_app() new = entity.Entity(self.endpoint, "_new", namespace=app, owner=user) try: new["name"] = name for arg, val in list(params.items()): new[arg] = val entity.setEntity(new, sessionKey=self.getSessionKey()) except Exception as exc: RH_Err.ctl(-1, exc, logLevel=logging.INFO)
def set_firewall_apikey(self, apikey): """Given a splunk self.session_key sets the firewall API key in the Splunk password store""" try: # The password cannot be modified, so it must be deleted before it can be added back. self.delete_firewall_apikey() apikey = {'name': 'firewall_api_key', 'password': apikey} apikey_entity = entity.Entity(['admin', 'passwords'], "firewall_api_key", namespace=self.APPNAME, owner='nobody', contents=apikey) entity.setEntity(apikey_entity, sessionKey=self.session_key, strictCreate=False) except Exception as e: stack = traceback.format_exc() self.logger.warn(stack) self.logger.warn("entity exception") self.exit_with_error("Could not set %s firewall apikey from splunk. Error: %s" % (self.APPNAME, str(e)))
def updateStatus(self): if self.name != None and self.namespace != None and self.owner != None: try: # get entity first, so we get the canonical context base = entity.getEntity('admin/conf-export', self.name, namespace=self.namespace, owner=self.owner, sessionKey=self.sessionKey) en = entity.Entity('admin/conf-export', self.name, self.content, self.namespace, self.owner) entity.setEntity(en, self.sessionKey, uri=base.id) except: logger.exception('Failed to update status')
def create(self, **params): new = en.Entity(self._endpoint, self.callerArgs.id, namespace=self.appName, owner='nobody') for arg in self._required_args: new[arg] = params[arg] for arg in self._optional_args: try: new[arg] = params[arg] except: pass en.setEntity(new, sessionKey=self.getSessionKey())
def update_state(self, entity, state): """ updates the state but this actually writes the entire content of the entity """ self._state[entity] = state contents = { 'STATE': json.dumps(self._state) } entity_path = ["configs", "conf-app-migration"] entity = en.Entity(entity_path, self.migration_id, contents=contents, namespace=NAMESPACE, owner=OWNER) # to bypass a funny check in getFullPath entity['eai:acl'] = {} en.setEntity(entity, sessionKey=self.session_key)
def create(self, **params): app, user = self._namespace_and_owner() new = en.Entity(self._endpoint, self.callerArgs.id, namespace=app, owner=user) for arg in self._required_args: new[arg] = params[arg] for arg in self._optional_args: try: new[arg] = params[arg] except: pass en.setEntity(new, sessionKey=self.getSessionKey(), strictCreate=True)
def handleCreate(self, confInfo): name = self.callerArgs.id new = en.Entity(ENDPOINT, name, namespace=self.appName, owner=self.userName) for arg in required_args: new[arg] = self.callerArgs[arg] for arg in optional_args: try: new[arg] = self.callerArgs[arg] except: pass en.setEntity(new, sessionKey=self.getSessionKey())
def update(self, **params): app, user = self._namespace_and_owner() try: ent = entity.getEntity('/properties/' + self.confObjectName, self.callerArgs.id, namespace=app, owner=user, sessionKey=self.getSessionKey()) except: ent = entity.Entity('/properties/' + self.confObjectName, self.callerArgs.id, namespace=app, owner=user) for arg in params.keys(): ent[arg] = params[arg] logger.error("O3: /properties/" + self.confObjectName + '/' + self.callerArgs.id) logger.error("O3: " + str(arg) + "," + str(ent[arg])) entity.setEntity(ent, sessionKey=self.getSessionKey())
def handleCreate(self, confInfo): name = self.callerArgs.id logger.info('DEBUG %s' % name) new = en.Entity(ENDPOINT, name, namespace=self.appName, owner=self.userName) for arg in required_args: new[arg] = self.callerArgs[arg] for arg in optional_args: if arg in ['disabled']: next try: new[arg] = self.callerArgs[arg] except: pass en.setEntity(new, sessionKey=self.getSessionKey())