def testSwitchToRelDBAllowsSettingCustomDbNameAndCredentials(
self, getpass_mock):
with test_lib.ConfigOverrider({
"Mysql.database_username": "******",
"Mysql.database_password": "******",
"Mysql.database_name": "db",
"Blobstore.implementation": "Foo",
}):
self.input_mock.side_effect = [
"Y", # Yes, continue.
"N", # No, keep current blobstore.
"Y", # Yes, use custom db name.
"db2", # DB name.
"N", # No, use custom DB credentials.
"user", # Username.
]
getpass_mock.return_value = "pass" # DB password for GRR.
config = grr_config.CONFIG.CopyConfig()
config_updater_util.SwitchToRelDB(config)
self.assertTrue(config["Database.enabled"])
self.assertEqual(config["Database.implementation"], "MysqlDB")
self.assertEqual(config["Mysql.database"], "db2")
self.assertEqual(config["Mysql.username"], "user")
self.assertEqual(config["Mysql.password"], "pass")
def testSwitchToRelDBDoesNothingIfRelDBIsEnabled(self):
with test_lib.ConfigOverrider({"Database.enabled": True}):
config = grr_config.CONFIG.CopyConfig()
config_updater_util.SwitchToRelDB(config)
# If REL_DB is already enabled, SwitchToRelDB should immediately bail out.
self.input_mock.assert_not_called()
def testSwitchToRelDBReusesExistingDatabaseNameAndCredentials(self):
with test_lib.ConfigOverrider({
"Mysql.database_username": "******",
"Mysql.database_password": "******",
"Mysql.database_name": "db",
"Blobstore.implementation": "Foo",
}):
self.input_mock.side_effect = [
"Y", # Yes, continue.
"Y", # Yes, use DbBlobStore.
"N", # No, use the same DB name.
"Y", # Yes, reuse database credentials.
]
config = grr_config.CONFIG.CopyConfig()
config_updater_util.SwitchToRelDB(config)
self.assertTrue(config["Database.enabled"])
self.assertEqual(config["Database.implementation"], "MysqlDB")
self.assertEqual(config["Mysql.database"], "db")
self.assertEqual(config["Mysql.username"], "foo")
self.assertEqual(config["Mysql.password"], "bar")
def main(args):
"""Main."""
grr_config.CONFIG.AddContext(contexts.COMMAND_LINE_CONTEXT)
grr_config.CONFIG.AddContext(contexts.CONFIG_UPDATER_CONTEXT)
if args.subparser_name == "initialize":
config_lib.ParseConfigCommandLine()
if args.noprompt:
config_updater_util.InitializeNoPrompt(
grr_config.CONFIG,
external_hostname=args.external_hostname,
admin_password=args.admin_password,
mysql_hostname=args.mysql_hostname,
mysql_port=args.mysql_port,
mysql_username=args.mysql_username,
mysql_password=args.mysql_password,
mysql_db=args.mysql_db,
mysql_client_key_path=args.mysql_client_key_path,
mysql_client_cert_path=args.mysql_client_cert_path,
mysql_ca_cert_path=args.mysql_ca_cert_path,
redownload_templates=args.redownload_templates,
repack_templates=not args.norepack_templates)
else:
config_updater_util.Initialize(
grr_config.CONFIG,
external_hostname=args.external_hostname,
admin_password=args.admin_password,
redownload_templates=args.redownload_templates,
repack_templates=not args.norepack_templates)
return
server_startup.Init()
try:
print("Using configuration %s" % grr_config.CONFIG)
except AttributeError:
raise RuntimeError("No valid config specified.")
if args.subparser_name == "generate_keys":
try:
config_updater_keys_util.GenerateKeys(
grr_config.CONFIG, overwrite_keys=args.overwrite_keys)
except RuntimeError as e:
# GenerateKeys will raise if keys exist and overwrite_keys is not set.
print("ERROR: %s" % e)
sys.exit(1)
grr_config.CONFIG.Write()
elif args.subparser_name == "repack_clients":
upload = not args.noupload
repacking.TemplateRepacker().RepackAllTemplates(upload=upload)
elif args.subparser_name == "show_user":
if args.username:
print(config_updater_util.GetUserSummary(args.username))
else:
print(config_updater_util.GetAllUserSummaries())
elif args.subparser_name == "update_user":
config_updater_util.UpdateUser(args.username,
password=args.password,
is_admin=args.admin)
elif args.subparser_name == "delete_user":
config_updater_util.DeleteUser(args.username)
elif args.subparser_name == "add_user":
config_updater_util.CreateUser(args.username,
password=args.password,
is_admin=args.admin)
elif args.subparser_name == "upload_python":
config_updater_util.UploadSignedBinary(
args.file,
rdf_objects.SignedBinaryID.BinaryType.PYTHON_HACK,
args.platform,
upload_subdirectory=args.upload_subdirectory)
elif args.subparser_name == "upload_exe":
config_updater_util.UploadSignedBinary(
args.file,
rdf_objects.SignedBinaryID.BinaryType.EXECUTABLE,
args.platform,
upload_subdirectory=args.upload_subdirectory)
elif args.subparser_name == "set_var":
var = args.var
val = args.val
config = grr_config.CONFIG
print("Setting %s to %s" % (var, val))
if val.startswith("["): # Allow setting of basic lists.
val = val[1:-1].split(",")
config.Set(var, val)
config.Write()
elif args.subparser_name == "switch_datastore":
config_updater_util.SwitchToRelDB(grr_config.CONFIG)
grr_config.CONFIG.Write()
elif args.subparser_name == "upload_artifact":
with io.open(args.file, "r") as filedesc:
source = filedesc.read()
try:
artifact.UploadArtifactYamlFile(source,
overwrite=args.overwrite_artifact)
except rdf_artifacts.ArtifactDefinitionError as e:
print("Error %s. You may need to set --overwrite_artifact." % e)
elif args.subparser_name == "delete_artifacts":
artifact_list = args.artifact
if not artifact_list:
raise ValueError("No artifact to delete given.")
artifact_registry.DeleteArtifactsFromDatastore(artifact_list)
print("Artifacts %s deleted." % artifact_list)
elif args.subparser_name == "rotate_server_key":
print("""
You are about to rotate the server key. Note that:
- Clients might experience intermittent connection problems after
the server keys rotated.
- It's not possible to go back to an earlier key. Clients that see a
new certificate will remember the cert's serial number and refuse
to accept any certificate with a smaller serial number from that
point on.
""")
if input("Continue? [yN]: ").upper() == "Y":
if args.keylength:
keylength = int(args.keylength)
else:
keylength = grr_config.CONFIG["Server.rsa_key_length"]
maintenance_utils.RotateServerKey(cn=args.common_name,
keylength=keylength)
