def _admin_user(self):
if not type(self).admin_user:
creds = CouchDBCredentials()
creds.read(system.COUCHDB_ADMIN_CREDS_FILE)
user = models.CouchDBUser(creds.username, creds.password)
type(self).admin_user = user
return type(self).admin_user
def _get_user(self, username, hostname):
user = models.CouchDBUser(username)
db_names = self.list_database_names()
for db in db_names:
try:
out, err = utils.execute_with_timeout(
system.DB_ACCESS_COMMAND %
{'admin_name': self._admin_user().name,
'admin_password': self._admin_user().password,
'dbname': db},
shell=True)
except exception.ProcessExecutionError:
LOG.debug(
"Error while trying to get the users for database: %s.",
db)
continue
evalout = ast.literal_eval(out)
if evalout:
members = evalout['members']
names = members['names']
for i in range(0, len(names)):
if user.name == names[i]:
user.databases = db
return user
def list_users(self, limit=None, marker=None, include_marker=False):
'''List all users and the databases they have access to.'''
users = []
db_names = self.list_database_names()
try:
out, err = utils.execute_with_timeout(
system.ALL_USERS_COMMAND % {
'admin_name': self._admin_user().name,
'admin_password': self._admin_user().password
},
shell=True)
except exception.ProcessExecutionError:
LOG.debug("Error while trying to get list of all couchdb users")
evalout = ast.literal_eval(out)
rows = evalout['rows']
userlist = []
for i in range(0, len(rows)):
row = rows[i]
uname = row['key']
if not self._is_modifiable_user(uname):
break
elif uname[17:]:
userlist.append(uname[17:])
for i in range(len(userlist)):
user = models.CouchDBUser(userlist[i])
for db in db_names:
try:
out2, err = utils.execute_with_timeout(
system.DB_ACCESS_COMMAND % {
'admin_name': self._admin_user().name,
'admin_password': self._admin_user().password,
'dbname': db
},
shell=True)
except exception.ProcessExecutionError:
LOG.debug(
"Error while trying to get users for database: %s.",
db)
continue
evalout2 = ast.literal_eval(out2)
if evalout2:
members = evalout2['members']
names = members['names']
for i in range(0, len(names)):
if user.name == names[i]:
user.databases = db
users.append(user.serialize())
next_marker = None
return users, next_marker
def grant_access(self, username, databases):
if self._get_user(username, None).name != username:
raise exception.BadRequest(_(
'Cannot grant access for non-existant user: '******'%(user)s') % {'user': username})
else:
user = models.CouchDBUser(username)
if not self._is_modifiable_user(user.name):
LOG.warning(_('Cannot grant access for reserved user '
'%(user)s'), {'user': username})
if not user:
raise exception.BadRequest(_(
'Cannot grant access for reserved or non-existant user '
'%(user)s') % {'user': username})
for db_name in databases:
out, err = utils.execute_with_timeout(
system.GRANT_ACCESS_COMMAND %
{'admin_name': self._admin_user().name,
'admin_password': self._admin_user().password,
'dbname': db_name,
'username': username},
shell=True)
