Exemplo n.º 1
0
    def add_branch(self, branch, branch_admin_password):
        if not self.config.branches.enabled:
            yield error_log('Branches are not enabled on this LDAP')
        if self.config.readonly:
            yield error_log('This LDAP is configured as read-only')

        self.connect(auth=False)
        self.authenticate(
            username=self.config.admin_dn,
            password=self.config.admin_password
        )
        self.add_ou_by_dn("ou={branch},{branches.base_dn}".format(branch=branch, **self.config))

        self.set_branch(branch)

        branch_restricted_user_dn = "cn={branches.restricted_cn},ou={branch},{branches.base_dn}".format(branch=branch, **self.config)
        branch_admin_user_dn = "cn={branches.admin_cn},ou={branch},{branches.base_dn}".format(branch=branch, **self.config)

        self.set_branch(branch)
        self.add_ldap_user_by_dn(branch_admin_user_dn, 'LDAP Access User', self.config.branches.admin_password)
        self.add_ldap_user_by_dn(branch_restricted_user_dn, 'Restricted User', branch_admin_password)

        self.add_group_by_dn('cn=Managers,ou={branch},{branches.base_dn}'.format(branch=branch, **self.config), user_dns=[branch_admin_user_dn])
        self.add_ou_by_dn('ou=groups,ou={branch},{branches.base_dn}'.format(branch=branch, **self.config))
        self.add_ou_by_dn('ou=users,ou={branch},{branches.base_dn}'.format(branch=branch, **self.config))

        # Add plain users
        for user in self.config.branches.base_users:
            self.add_ldap_user(user.username, user.username, user.password)

        self.disconnect()
        yield success_log("Branch {} successfully created".format(branch))
Exemplo n.º 2
0
    def add_users(self, branch, usersfile):
        if self.config.readonly:
            yield error_log('This LDAP is configured as read-only')

        self.set_branch(branch)
        self.connect(auth=False)
        self.authenticate(
            username=self.effective_admin_dn,
            password=self.effective_admin_password)

        try:
            users = read_users_file(usersfile, required_fields=['username', 'fullname', 'password'])
        except Exception as exc:
            error_message = 'Error parsing users file {}: {{}}'.format(usersfile)
            yield raising_error_log(error_message.format(exc.message))

        try:
            self.check_users(users)
        except Exception as exc:
            yield raising_error_log(exc.message)

        yield step_log('Creating {} users '.format(len(users)))
        for count, user in enumerate(users, start=1):
            if not user:
                yield error_log('Error parsing user at line #{}'.format(count))
                continue
            try:
                self.add_ldap_user(**user)
                yield success_log('User {} created'.format(user['username']))
            except ldap.ALREADY_EXISTS:
                yield error_log('User {} already exists'.format(user['username']))
            except Exception as exc:
                yield error_log('Error creating user {}: {}'.format(user['username']), exc.__repr__())

        self.disconnect()
Exemplo n.º 3
0
    def setup_max(self, max_name, oauth_name, ldap_branch):
        """
        """
        username = "******"
        password = "******".format(ldap_branch)
        oauth_server = "https://oauth.upcnet.es/{}".format(oauth_name)
        user_token = self.get_token(oauth_server, username, password)
        if user_token is None:
            return error_log('Error on getting token for user "{}" on {}'.format(username, oauth_server))

        params = {
            "form.widgets.oauth_server": oauth_server,
            "form.widgets.oauth_grant_type": "password",
            "form.widgets.max_server": "https://max.upcnet.es/{}".format(max_name),
            "form.widgets.max_server_alias": "https://ulearn.upcnet.es/{}".format(self.plonesite),
            "form.widgets.max_app_username": "******",
            "form.widgets.max_app_token": "",
            "form.widgets.max_restricted_username": username,
            "form.widgets.max_restricted_token": user_token,
            "form.buttons.save": "Save",
        }
        req = requests.post("{}/@@maxui-settings".format(self.site_url), data=params, auth=self.auth)

        if req.status_code not in [302, 200, 204, 201]:
            return error_log("Error on configuring max settings".format(self.site_url))
        else:
            return success_log("Successfully configured max settings".format(self.site_url))
Exemplo n.º 4
0
    def test(self, instance_name, username, password):
        instance = self.get_instance(instance_name)
        try:
            yield step_log('Testing oauth server @ {}'.format(instance['server']['dns']))

            yield message_log('Checking server health')

            try:
                status = requests.get(instance['server']['dns'], verify=True).status_code
            except requests.exceptions.SSLError:
                yield error_log('SSL certificate verification failed')
                yield message_log('Continuing test without certificate check')

            try:
                status = requests.get(instance['server']['dns'], verify=False).status_code
            except requests.ConnectionError:
                yield raising_error_log('Connection error, check nginx is running, and dns resolves as expected.')
            except:
                yield raising_error_log('Unknown error trying to access oauth server. Check params and try again')
            else:
                if status == 500:
                    yield raising_error_log('Error on oauth server, Possible causes:\n  - ldap configuration error (bad server url?)\n  - Mongodb configuration error (bad replicaset name or hosts list?)\nCheck osiris log for more information.')
                elif status == 502:
                    yield raising_error_log('Server not respoding at {}. Check that:\n  - osiris process is running\n  - nginx upstream definition is pointing to the right host:port.'.format(instance['server']['dns']))
                elif status == 504:
                    yield raising_error_log('Gateway timeout. Probably oauth server is giving timeout trying to contact ldap server')
                elif status == 404:
                    yield raising_error_log('There\'s no oauth server at {}. Chech there\'s an nginx entry for this server.'.format(instance['server']['dns']))
                elif status != 200:
                    yield raising_error_log('Server {} responded with {} code. Check osiris logs.'.format(instance['server']['dns'], status))

            yield message_log('Retrieving token for "{}"'.format(username))
            token = self.get_token(instance['server']['dns'], username, password)
            succeeded_retrieve_token = token is not None

            if not succeeded_retrieve_token:
                yield raising_error_log('Error retreiving token. Check username/password and try again')

            yield message_log('Checking retreived token')
            succeeded_check_token = self.check_token(instance['server']['dns'], username, token)

            if not succeeded_check_token:
                yield raising_error_log('Error retreiving token')

            if succeeded_check_token and succeeded_retrieve_token:
                yield success_log('Oauth server check passed')
            else:
                yield raising_error_log('Oauth server check failed')

        except StepError as error:
            yield error_log(error.message)
Exemplo n.º 5
0
 def rebuild_catalog(self):
     recatalog_url = "{}/portal_catalog?manage_catalogRebuild:method=+Clear+and+Rebuild+".format(self.site_url)
     resp = requests.get(recatalog_url, auth=self.auth)
     if resp.status_code not in [302, 200, 204, 201] or "Catalog Rebuilt" not in resp.content:
         return error_log("Error on rebuilding catalog".format(self.site_url))
     else:
         return success_log("Successfully rebuild site catalog".format(self.site_url))
Exemplo n.º 6
0
 def setup_homepage(self):
     setup_view_url = "{}/setuphomepage".format(self.site_url)
     req = requests.get(setup_view_url, auth=self.auth)
     if req.status_code not in [302, 200, 204, 201]:
         return error_log("Error on hompepage setup".format(self.site_url))
     else:
         return success_log("Successfully configured homepage".format(self.site_url))
Exemplo n.º 7
0
 def reload_instance(self):
     self.restart(self.instance.name)
     sleep(1)
     status = self.get_status(self.instance.name)
     if status['status'] == 'running':
         return success_log("Succesfully restarted max {}".format(self.instance.name))
     else:
         return error_log('Max instance {} is not running'.format(self.instance.name))
Exemplo n.º 8
0
 def delete_user(self, branch, username):
     if self.config.readonly:
         yield error_log('This LDAP is configured as read-only')
     self.set_branch(branch)
     self.connect()
     self.del_user(username)
     self.disconnect()
     yield success_log("User {} deleted from branch".format(username))
Exemplo n.º 9
0
 def list_branches(self):
     if not self.config.branches.enabled:
         yield error_log('Branches are not enabled on this LDAP')
     self.connect(auth=False)
     self.authenticate(
         username=self.config.admin_dn,
         password=self.config.admin_password
     )
     branches = self.get_branches()
     self.disconnect()
     yield return_value(branches)
Exemplo n.º 10
0
    def set_mongodb_indexes(self):
        new_instance_folder = '{}/{}'.format(
            self.config.instances_root,
            self.instance.name
        )
        code, stdout = self.remote.execute('cd {0} && ./bin/max.mongoindexes'.format(new_instance_folder))
        added = 'Creating' in stdout or 'already exists' in stdout

        if added:
            return success_log("Succesfully added indexes")
        else:
            return error_log("Error on adding indexes")
Exemplo n.º 11
0
    def add_user(self, branch, username, password):
        if self.config.readonly:
            yield error_log('This LDAP is configured as read-only')
        self.set_branch(branch)
        self.connect(auth=False)
        self.authenticate(
            username=self.effective_admin_dn,
            password=self.effective_admin_password,
        )
        self.add_ldap_user(username, username, password)
        self.disconnect()

        yield success_log("User {} successfully added".format(username))
Exemplo n.º 12
0
    def create(self, packages=[]):
        if self.exists():
            return error_log("There is already a ulearn on {}".format(self.site_url))

        params = {
            "site_id": self.plonesite,
            "title": self.title,
            "default_language": self.language,
            "setup_content:boolean": True,
            "extension_ids:list": ["plonetheme.classic:default", "plonetheme.sunburst:default"] + packages,
            "form.submitted:boolean": True,
            "submit": "Crear lloc Plone",
        }
        create_plone_url = "{}/@@plone-addsite".format(self.mountpoint_url)

        self.echo.start()
        req = requests.post(create_plone_url, params, auth=self.auth)
        self.echo.stop()
        if req.status_code not in [302, 200, 204, 201]:
            return error_log("Error creating Plone site at {}".format(self.site_url))
        else:
            return success_log("Successfully created Plone site at {}".format(self.site_url))
Exemplo n.º 13
0
    def batch_add_users(self, instance, usersfile):
        site = UlearnSite(self.get_environment(instance["environment"]), instance["mountpoint"], instance["plonesite"])
        try:
            users = read_users_file(usersfile, required_fields=["username", "fullname", "email", "password"])
        except Exception as exc:
            error_message = "Error parsing users file {}: {{}}".format(usersfile)
            yield raising_error_log(error_message.format(exc.message))

        try:
            self.check_users(users)
        except Exception as exc:
            yield raising_error_log(exc.message)

        yield step_log("Creating {} users ".format(len(users)))
        for count, user in enumerate(users, start=1):
            if not user:
                yield error_log("Error parsing user at line #{}".format(count))
                continue
            succeeded = site.add_user(**user)
            if not succeeded.get("error", False):
                yield success_log(succeeded["message"])
            else:
                yield error_log(succeeded["message"])
Exemplo n.º 14
0
    def configure_max_security_settings(self):
        new_instance_folder = '{}/{}'.format(
            self.config.instances_root,
            self.instance.name
        )
        self.buildout.folder = new_instance_folder

        self.remote.execute('cd {} && ./bin/max.security reset'.format(new_instance_folder))
        code, stdout = self.remote.execute('cd {} && ./bin/max.security add {}'.format(new_instance_folder, self.config.authorized_user))
        added = 'restart max process' in stdout
        # Force read the new configuration files

        if added:
            return success_log("Succesfully configured security settings")
        else:
            return error_log("Error configuring security settings")
Exemplo n.º 15
0
    def batch_subscribe_users(self, instance, subscriptionsfile):
        site = UlearnSite(self.get_environment(instance["environment"]), instance["mountpoint"], instance["plonesite"])
        try:
            communities = read_subscriptions_file(subscriptionsfile, required_fields=["owners", "readers", "editors"])
        except Exception as exc:
            error_message = "Error parsing subscriptionsfile file {}: {{}}".format(subscriptionsfile)
            yield raising_error_log(error_message.format(exc.message))

        for community in communities:
            yield step_log("Subscribing users to {}".format(community["url"]))

            succeeded = site.subscribe_users(**community)
            if not succeeded.get("error", False):
                yield success_log(succeeded["message"])
            else:
                yield error_log(succeeded["message"])
Exemplo n.º 16
0
    def setup_nginx(self, site, max_url):

        nginx_params = {"instance_name": site.plonesite, "max_server": max_url, "mountpoint_id": site.mountpoint}
        nginxentry = ULEARN_NGINX_ENTRY.format(**nginx_params)

        success = self.prefes.put_file(
            "{}/config/ulearn-instances/{}.conf".format(self.config.prefe_nginx_root, site.plonesite), nginxentry
        )

        if success:
            return success_log(
                "Succesfully created {}/config/ulearn-instances/{}.conf".format(
                    self.config.prefe_nginx_root, site.plonesite
                )
            )
        else:
            return error_log("Error when generating nginx config file for ulean")
Exemplo n.º 17
0
    def setup_ldap(self, branch, ldap_config):
        setup_view_url = "{}/setupldap".format(self.site_url)
        params = {
            "ldap_name": ldap_config.name,
            "ldap_server": re.sub(r"ldaps?:\/\/", "", ldap_config.server),
            "branch_name": branch,
            "base_dn": ldap_config.branches.base_dn,
            "branch_admin_cn": ldap_config.branches.admin_cn,
            "branch_admin_password": ldap_config.branches.admin_password,
            "allow_manage_users": True,
        }

        req = requests.post(setup_view_url, data=params, auth=self.auth)

        if req.status_code not in [302, 200, 204, 201]:
            return error_log('Error on ldap branch "{}" setup'.format(branch))
        else:
            return success_log('Successfully configured ldap branch "{}"'.format(branch))
Exemplo n.º 18
0
    def add_instance(self, **configuration):
        token = self.get_token(
            configuration['oauthserver']['server']['dns'],
            configuration['restricted_user'],
            configuration['restricted_user_password']
        )

        try:
            yield step_log('Adding entry')
            yield self.add_entry(
                language=configuration['language'],
                name=configuration['name'],
                hashtag=configuration['hashtag'],
                server=configuration['maxserver']['server']['dns'],
                restricted_user=configuration['restricted_user'],
                restricted_user_token=token
            )

        except StepError as error:
            yield error_log(error.message)
Exemplo n.º 19
0
 def reload_nginx(self):
     code, stdout = self.remote.execute('/etc/init.d/nginx reload')
     if code == 0 and 'done' in stdout:
         return success_log('Nginx reloaded succesfully')
     else:
         return error_log('Error reloading nginx')
Exemplo n.º 20
0
 def test_nginx(self):
     code, stdout = self.remote.execute('/etc/init.d/nginx configtest')
     if code == 0 and 'done' in stdout:
         return success_log('Configuration test passed')
     else:
         return error_log('Configuration test failed')