def _admin_user(self): if not type(self).admin_user: creds = CouchDBCredentials() creds.read(system.COUCHDB_ADMIN_CREDS_FILE) user = models.CouchDBUser(creds.username, creds.password) type(self).admin_user = user return type(self).admin_user
def _get_user(self, username, hostname): user = models.CouchDBUser(username) db_names = self.list_database_names() for db in db_names: try: out, err = utils.execute_with_timeout( system.DB_ACCESS_COMMAND % {'admin_name': self._admin_user().name, 'admin_password': self._admin_user().password, 'dbname': db}, shell=True) except exception.ProcessExecutionError: LOG.debug( "Error while trying to get the users for database: %s.", db) continue evalout = ast.literal_eval(out) if evalout: members = evalout['members'] names = members['names'] for i in range(0, len(names)): if user.name == names[i]: user.databases = db return user
def list_users(self, limit=None, marker=None, include_marker=False): '''List all users and the databases they have access to.''' users = [] db_names = self.list_database_names() try: out, err = utils.execute_with_timeout( system.ALL_USERS_COMMAND % { 'admin_name': self._admin_user().name, 'admin_password': self._admin_user().password }, shell=True) except exception.ProcessExecutionError: LOG.debug("Error while trying to get list of all couchdb users") evalout = ast.literal_eval(out) rows = evalout['rows'] userlist = [] for i in range(0, len(rows)): row = rows[i] uname = row['key'] if not self._is_modifiable_user(uname): break elif uname[17:]: userlist.append(uname[17:]) for i in range(len(userlist)): user = models.CouchDBUser(userlist[i]) for db in db_names: try: out2, err = utils.execute_with_timeout( system.DB_ACCESS_COMMAND % { 'admin_name': self._admin_user().name, 'admin_password': self._admin_user().password, 'dbname': db }, shell=True) except exception.ProcessExecutionError: LOG.debug( "Error while trying to get users for database: %s.", db) continue evalout2 = ast.literal_eval(out2) if evalout2: members = evalout2['members'] names = members['names'] for i in range(0, len(names)): if user.name == names[i]: user.databases = db users.append(user.serialize()) next_marker = None return users, next_marker
def grant_access(self, username, databases): if self._get_user(username, None).name != username: raise exception.BadRequest(_( 'Cannot grant access for non-existant user: '******'%(user)s') % {'user': username}) else: user = models.CouchDBUser(username) if not self._is_modifiable_user(user.name): LOG.warning(_('Cannot grant access for reserved user ' '%(user)s'), {'user': username}) if not user: raise exception.BadRequest(_( 'Cannot grant access for reserved or non-existant user ' '%(user)s') % {'user': username}) for db_name in databases: out, err = utils.execute_with_timeout( system.GRANT_ACCESS_COMMAND % {'admin_name': self._admin_user().name, 'admin_password': self._admin_user().password, 'dbname': db_name, 'username': username}, shell=True)