def render(self, session, principal, role, createuser, createrealm,
comments, **arguments):
dbrole = Role.get_unique(session, role, compel=True)
dbuser = get_or_create_user_principal(session, principal, createuser,
createrealm, comments=comments)
dbuser.role = dbrole
session.flush()
return
def render(self, session, principal, role, createuser, createrealm,
comments, **arguments):
dbrole = Role.get_unique(session, role, compel=True)
dbuser = get_or_create_user_principal(session,
principal,
createuser,
createrealm,
comments=comments)
dbuser.role = dbrole
session.add(dbuser)
return
def render(self, session, role, realm, fullinfo, style, **arguments):
q = session.query(UserPrincipal)
if role:
dbrole = Role.get_unique(session, role, compel=True)
q = q.filter_by(role=dbrole)
if realm:
dbrealm = Realm.get_unique(session, realm, compel=True)
q = q.filter_by(realm=dbrealm)
if fullinfo or style != "raw":
q = q.options(undefer("comments"),
subqueryload("role"))
return q.all()
else:
return StringList(q.all())
def main(*args, **kw):
opts = parse_cli(args, kw)
if opts.debug:
log.setLevel(logging.DEBUG)
(principal, realm) = parse_klist()
db = DbFactory(verbose=opts.verbose)
Base.metadata.bind = db.engine
if opts.verbose:
db.meta.bind.echo = True
session = db.Session()
aqd_admin = Role.get_unique(session, "aqd_admin", compel=True)
dbrealm = Realm.get_unique(session, realm)
if not dbrealm:
dbrealm = Realm(name=realm)
session.add(dbrealm)
dbuser = UserPrincipal.get_unique(session, name=principal, realm=dbrealm)
if dbuser:
if dbuser.role == aqd_admin:
log.info("%s@%s is already an aqd_admin, nothing to do", principal,
realm)
else:
log.info("Updating %s %s to aqd_admin", dbuser.name,
dbuser.role.name)
dbuser.role = aqd_admin
else:
log.info("Creating %s@%s as aqd_admin", principal, realm)
dbuser = UserPrincipal(name=principal,
realm=dbrealm,
role=aqd_admin,
comments='User with write access to database')
session.add(dbuser)
if opts.commit:
session.commit()
elif session.new or session.dirty:
log.debug("dry-run mode enabled, not running commit()")
def main(*args, **kw):
opts = parse_cli(args, kw)
if opts.debug:
log.setLevel(logging.DEBUG)
(principal, realm) = parse_klist()
db = DbFactory(verbose=opts.verbose)
Base.metadata.bind = db.engine
if opts.verbose:
db.meta.bind.echo = True
session = db.Session()
aqd_admin = Role.get_unique(session, "aqd_admin", compel=True)
dbrealm = Realm.get_unique(session, realm)
if not dbrealm:
dbrealm = Realm(name=realm)
session.add(dbrealm)
dbuser = UserPrincipal.get_unique(session, name=principal, realm=dbrealm)
if dbuser:
if dbuser.role == aqd_admin:
log.info("%s@%s is already an aqd_admin, nothing to do",
principal, realm)
else:
log.info("Updating %s %s to aqd_admin",
dbuser.name, dbuser.role.name)
dbuser.role = aqd_admin
else:
log.info("Creating %s@%s as aqd_admin", principal, realm)
dbuser = UserPrincipal(name=principal, realm=dbrealm, role=aqd_admin,
comments='User with write access to database')
session.add(dbuser)
if opts.commit:
session.commit()
elif session.new or session.dirty:
log.debug("dry-run mode enabled, not running commit()")
def get_or_create_user_principal(session, principal, createuser=True,
createrealm=True, commitoncreate=False,
comments=None, query_options=None):
if principal is None:
return None
m = principal_re.match(principal)
if not m:
raise ArgumentError("User principal '%s' is not valid." % principal)
realm = m.group(2)
user = m.group(1)
m = host_re.match(user)
if m:
user = '******'
# Verify that the host exists in AQDB
hostname_to_host(session, m.group(1))
# Short circuit the common case, and optimize it to eager load in
# a single query since this happens on every command:
q = session.query(UserPrincipal)
q = q.filter_by(name=user)
q = q.join(Realm)
q = q.filter_by(name=realm)
q = q.reset_joinpoint()
q = q.options(contains_eager('realm'),
joinedload('role'))
if query_options:
q = q.options(*query_options)
dbuser = q.first()
if dbuser:
return dbuser
# If here, need more complicated behavior...
dbnobody = Role.get_unique(session, 'nobody', compel=True)
try:
dbrealm = Realm.get_unique(session, realm, compel=True)
except NotFoundException:
if not createrealm:
raise ArgumentError("Could not find realm %s to create principal "
"%s, use --createrealm to create a new record "
"for the realm." % (realm, principal))
LOGGER.info("Realm %s did not exist, creating...", realm)
dbrealm = Realm(name=realm)
session.add(dbrealm)
LOGGER.info("Creating user %s@%s...", user, realm)
dbuser = UserPrincipal(name=user, realm=dbrealm, role=dbnobody,
comments=comments)
session.add(dbuser)
if commitoncreate:
session.commit()
return dbuser
q = session.query(UserPrincipal).filter_by(name=user, realm=dbrealm)
dbuser = q.first()
if not dbuser:
if not createuser:
raise ArgumentError("Could not find principal %s to permission, "
"use --createuser to create a new record for "
"the principal." % principal)
LOGGER.info("User %s did not exist in realm %s, creating...",
user, realm)
dbuser = UserPrincipal(name=user, realm=dbrealm, role=dbnobody,
comments=comments)
session.add(dbuser)
if commitoncreate:
session.commit()
return dbuser
def get_or_create_user_principal(session,
principal,
createuser=True,
createrealm=True,
commitoncreate=False,
comments=None,
query_options=None):
if principal is None:
return None
m = principal_re.match(principal)
if not m:
raise ArgumentError("User principal '%s' is not valid." % principal)
realm = m.group(2)
user = m.group(1)
m = host_re.match(user)
if m:
user = '******'
# Verify that the host exists in AQDB
hostname_to_host(session, m.group(1))
# Short circuit the common case, and optimize it to eager load in
# a single query since this happens on every command:
q = session.query(UserPrincipal)
q = q.filter_by(name=user)
q = q.join(Realm)
q = q.filter_by(name=realm)
q = q.reset_joinpoint()
q = q.options(contains_eager('realm'), joinedload('role'))
if query_options:
q = q.options(*query_options)
dbuser = q.first()
if dbuser:
return dbuser
# If here, need more complicated behavior...
dbnobody = Role.get_unique(session, 'nobody', compel=True)
try:
dbrealm = Realm.get_unique(session, realm, compel=True)
except NotFoundException:
if not createrealm:
raise ArgumentError("Could not find realm %s to create principal "
"%s, use --createrealm to create a new record "
"for the realm." % (realm, principal))
LOGGER.info("Realm %s did not exist, creating..." % realm)
dbrealm = Realm(name=realm)
session.add(dbrealm)
LOGGER.info("Creating user %s@%s..." % (user, realm))
dbuser = UserPrincipal(name=user,
realm=dbrealm,
role=dbnobody,
comments=comments)
session.add(dbuser)
if commitoncreate:
session.commit()
return dbuser
q = session.query(UserPrincipal).filter_by(name=user, realm=dbrealm)
dbuser = q.first()
if not dbuser:
if not createuser:
raise ArgumentError("Could not find principal %s to permission, "
"use --createuser to create a new record for "
"the principal." % principal)
LOGGER.info("User %s did not exist in realm %s, creating..." %
(user, realm))
dbuser = UserPrincipal(name=user,
realm=dbrealm,
role=dbnobody,
comments=comments)
session.add(dbuser)
if commitoncreate:
session.commit()
return dbuser