def remove_user_from_role(role_name, user_name):
"""
Remove a user from a role. This has the side-effect of revoking all the
permissions granted to the role from the user, unless the permissions are
also granted by another role.
@type role_name: str
@param role_name: name of role
@type user_name: str
@param suer_name: name of user
@rtype: bool
@return: True on success
"""
role = _get_role(role_name)
user = _get_user(user_name)
if role_name == super_user_role and is_last_super_user(user):
raise PulpAuthorizationError(_('%s cannot be empty, and %s is the last member') %
(super_user_role, user_name))
if role_name not in user['roles']:
return False
user['roles'].remove(role_name)
factory.user_manager().update_user(user['login'], Delta(user, 'roles'))
for resource, operations in role['permissions'].items():
other_roles = _get_other_roles(role, user['roles'])
user_ops = _operations_not_granted_by_roles(resource,
operations,
other_roles)
_permission_api.revoke(resource, user, user_ops)
return True
def delete_role(role_name):
"""
Delete a role. This has the side-effect of revoking any permissions granted
to the role from the users in the role, unless those permissions are also
granted through another role the user is a memeber of.
@type role_name: name of the role to delete
@param role_name: role name
@rtype: bool
@return: True on success
"""
check_builtin_roles(role_name)
role = _get_role(role_name)
users = _get_users_belonging_to_role(role)
for resource, operations in role['permissions'].items():
for user in users:
other_roles = _get_other_roles(role, user['roles'])
user_ops = _operations_not_granted_by_roles(resource,
operations,
other_roles)
_permission_api.revoke(resource, user, user_ops)
for user in users:
user['roles'].remove(role_name)
factory.user_manager().update_user(user['login'], Delta(user, 'roles'))
_role_api.delete(role)
return True
def _initialize_pulp():
# XXX ORDERING COUNTS
# This initialization order is very sensitive, and each touches a number of
# sub-systems in pulp. If you get this wrong, you will have pulp tripping
# over itself on start up. If you do not know where to add something, ASK!
global _IS_INITIALIZED, STACK_TRACER
if _IS_INITIALIZED:
return
_IS_INITIALIZED = True
# check our db version and other support
migration_models.check_package_versions()
# pulp generic content initialization
manager_factory.initialize()
plugin_api.initialize()
# new async dispatch initialization
dispatch_factory.initialize()
dispatch_history.start_reaper_thread()
# ensure necessary infrastructure
role_manager = manager_factory.role_manager()
role_manager.ensure_super_user_role()
user_manager = manager_factory.user_manager()
user_manager.ensure_admin()
# agent services
AgentServices.start()
# setup debugging, if configured
if config.config.getboolean('server', 'debugging_mode'):
STACK_TRACER = StacktraceDumper()
STACK_TRACER.start()
def POST(self):
# Pull all the user data
user_data = self.params()
login = user_data.get('login', None)
password = user_data.get('password', None)
name = user_data.get('name', None)
# Creation
manager = managers.user_manager()
args = [login]
kwargs = {'password': password, 'name': name}
weight = pulp_config.config.getint('tasks', 'create_weight')
tags = [
resource_tag(dispatch_constants.RESOURCE_USER_TYPE, login),
action_tag('create')
]
call_request = CallRequest(manager.create_user,
args,
kwargs,
weight=weight,
tags=tags,
kwarg_blacklist=['password'])
call_request.creates_resource(dispatch_constants.RESOURCE_USER_TYPE,
login)
user = execution.execute_sync(call_request)
user_link = serialization.link.child_link_obj(login)
user.update(user_link)
# Grant permissions
permission_manager = managers.permission_manager()
permission_manager.grant_automatic_permissions_for_resource(
user_link['_href'])
return self.created(login, user)
def setUp(self):
ServerTests.setUp(self)
roles = []
User.get_collection().remove()
manager = managers.user_manager()
roles.append(managers.role_manager().super_user_role)
manager.create_user(login=self.USER[0], password=self.USER[1], roles=roles)
def test_syntactic_sugar_methods(self):
"""
Tests the syntactic sugar methods for retrieving specific managers.
"""
# Setup
factory.initialize()
# Test
self.assertTrue(isinstance(factory.authentication_manager(), AuthenticationManager))
self.assertTrue(isinstance(factory.cert_generation_manager(), CertGenerationManager))
self.assertTrue(isinstance(factory.certificate_manager(), CertificateManager))
self.assertTrue(isinstance(factory.password_manager(), PasswordManager))
self.assertTrue(isinstance(factory.permission_manager(), PermissionManager))
self.assertTrue(isinstance(factory.permission_query_manager(), PermissionQueryManager))
self.assertTrue(isinstance(factory.role_manager(), RoleManager))
self.assertTrue(isinstance(factory.role_query_manager(), RoleQueryManager))
self.assertTrue(isinstance(factory.user_manager(), UserManager))
self.assertTrue(isinstance(factory.user_query_manager(), UserQueryManager))
self.assertTrue(isinstance(factory.repo_manager(), RepoManager))
self.assertTrue(isinstance(factory.repo_unit_association_manager(), RepoUnitAssociationManager))
self.assertTrue(isinstance(factory.repo_publish_manager(), RepoPublishManager))
self.assertTrue(isinstance(factory.repo_query_manager(), RepoQueryManager))
self.assertTrue(isinstance(factory.repo_sync_manager(), RepoSyncManager))
self.assertTrue(isinstance(factory.content_manager(), ContentManager))
self.assertTrue(isinstance(factory.content_query_manager(), ContentQueryManager))
self.assertTrue(isinstance(factory.content_upload_manager(), ContentUploadManager))
self.assertTrue(isinstance(factory.consumer_manager(), ConsumerManager))
self.assertTrue(isinstance(factory.topic_publish_manager(), TopicPublishManager))
def POST(self):
# Pull all the user data
user_data = self.params()
login = user_data.get('login', None)
password = user_data.get('password', None)
name = user_data.get('name', None)
# Creation
manager = managers.user_manager()
args = [login]
kwargs = {'password': password,
'name': name}
user = manager.create_user(*args, **kwargs)
# Add the link to the user
user_link = serialization.link.child_link_obj(login)
user.update(user_link)
# Grant permissions
user_link = serialization.link.child_link_obj(login)
permission_manager = managers.permission_manager()
permission_manager.grant_automatic_permissions_for_resource(user_link['_href'])
return self.created(login, user)
def populate(self):
role_manager = manager_factory.role_manager()
role_manager.create_role(self.ROLE_ID)
for login in self.USER_LOGINS:
user_manager = manager_factory.user_manager()
user_manager.create_user(login=login, password=login, roles=[self.ROLE_ID])
def setUp(self):
ServerTests.setUp(self)
roles = []
User.get_collection().remove()
manager = managers.user_manager()
roles.append(managers.role_manager().super_user_role)
manager.create_user(login=self.USER[0], password=self.USER[1], roles=roles)
def test_syntactic_sugar_methods(self):
"""
Tests the syntactic sugar methods for retrieving specific managers.
"""
# Setup
factory.initialize()
# Test
self.assertTrue(isinstance(factory.authentication_manager(), AuthenticationManager))
self.assertTrue(isinstance(factory.cert_generation_manager(), CertGenerationManager))
self.assertTrue(isinstance(factory.certificate_manager(), CertificateManager))
self.assertTrue(isinstance(factory.password_manager(), PasswordManager))
self.assertTrue(isinstance(factory.permission_manager(), PermissionManager))
self.assertTrue(isinstance(factory.permission_query_manager(), PermissionQueryManager))
self.assertTrue(isinstance(factory.role_manager(), RoleManager))
self.assertTrue(isinstance(factory.role_query_manager(), RoleQueryManager))
self.assertTrue(isinstance(factory.user_manager(), UserManager))
self.assertTrue(isinstance(factory.user_query_manager(), UserQueryManager))
self.assertTrue(isinstance(factory.repo_manager(), RepoManager))
self.assertTrue(isinstance(factory.repo_unit_association_manager(),
RepoUnitAssociationManager))
self.assertTrue(isinstance(factory.repo_publish_manager(), RepoPublishManager))
self.assertTrue(isinstance(factory.repo_query_manager(), RepoQueryManager))
self.assertTrue(isinstance(factory.repo_sync_manager(), RepoSyncManager))
self.assertTrue(isinstance(factory.content_manager(), ContentManager))
self.assertTrue(isinstance(factory.content_query_manager(), ContentQueryManager))
self.assertTrue(isinstance(factory.content_upload_manager(), ContentUploadManager))
self.assertTrue(isinstance(factory.consumer_manager(), ConsumerManager))
self.assertTrue(isinstance(factory.topic_publish_manager(), TopicPublishManager))
def POST(self):
# Pull all the user data
user_data = self.params()
login = user_data.get('login', None)
password = user_data.get('password', None)
name = user_data.get('name', None)
# Creation
manager = managers.user_manager()
args = [login]
kwargs = {'password': password, 'name': name}
user = manager.create_user(*args, **kwargs)
# Add the link to the user
user_link = serialization.link.child_link_obj(login)
user.update(user_link)
# Grant permissions
user_link = serialization.link.child_link_obj(login)
permission_manager = managers.permission_manager()
permission_manager.grant_automatic_permissions_for_resource(
user_link['_href'])
return self.created(login, user)
def POST(self):
# Pull all the user data
user_data = self.params()
login = user_data.get('login', None)
password = user_data.get('password', None)
name = user_data.get('name', None)
# Creation
manager = managers.user_manager()
resources = {dispatch_constants.RESOURCE_USER_TYPE: {login: dispatch_constants.RESOURCE_CREATE_OPERATION}}
args = [login]
kwargs = {'password': password,
'name': name}
weight = pulp_config.config.getint('tasks', 'create_weight')
tags = [resource_tag(dispatch_constants.RESOURCE_USER_TYPE, login),
action_tag('create')]
call_request = CallRequest(manager.create_user,
args,
kwargs,
resources=resources,
weight=weight,
tags=tags,
kwarg_blacklist=['password'])
user = execution.execute_sync(call_request)
user_link = serialization.link.child_link_obj(login)
user.update(user_link)
# Grant permissions
permission_manager = managers.permission_manager()
permission_manager.grant_automatic_permissions_for_resource(user_link['_href'])
return self.created(login, user)
def _initialize_pulp():
# This initialization order is very sensitive, and each touches a number of
# sub-systems in pulp. If you get this wrong, you will have pulp tripping
# over itself on start up.
global _IS_INITIALIZED, STACK_TRACER
if _IS_INITIALIZED:
return
# Verify the database has been migrated to the correct version. This is
# very likely a reason the server will fail to start.
try:
migration_models.check_package_versions()
except Exception:
msg = 'The database has not been migrated to the current version. '
msg += 'Run pulp-manage-db and restart the application.'
raise InitializationException(msg), None, sys.exc_info()[2]
# Load plugins and resolve against types. This is also a likely candidate
# for causing the server to fail to start.
try:
plugin_api.initialize()
except Exception:
msg = 'One or more plugins failed to initialize. If a new type has '
msg += 'been added, run pulp-manage-db to load the type into the '
msg += 'database and restart the application.'
raise InitializationException(msg), None, sys.exc_info()[2]
# There's a significantly smaller chance the following calls will fail.
# The previous two are likely user errors, but the remainder represent
# something gone horribly wrong. As such, I'm not going to account for each
# and instead simply let the exception itself bubble up.
# Load the mappings of manager type to managers
manager_factory.initialize()
# Initialize the tasking subsystem
dispatch_factory.initialize()
# Ensure the minimal auth configuration
role_manager = manager_factory.role_manager()
role_manager.ensure_super_user_role()
user_manager = manager_factory.user_manager()
user_manager.ensure_admin()
# database document reaper
reaper.initialize()
# agent services
AgentServices.start()
# Setup debugging, if configured
if config.config.getboolean('server', 'debugging_mode'):
STACK_TRACER = StacktraceDumper()
STACK_TRACER.start()
# If we got this far, it was successful, so flip the flag
_IS_INITIALIZED = True
def populate(self):
role_manager = manager_factory.role_manager()
role_manager.create_role(self.ROLE_ID)
for login in self.USER_LOGINS:
user_manager = manager_factory.user_manager()
user_manager.create_user(login=login,
password=login,
roles=[self.ROLE_ID])
def delete_role(role_id):
"""
Deletes the given role. This has the side-effect of revoking any permissions granted
to the role from the users in the role, unless those permissions are also granted
through another role the user is a memeber of.
:param role_id: identifies the role being deleted
:type role_id: str
:raise InvalidValue: if any of the fields are unacceptable
:raise MissingResource: if the given role does not exist
:raise PulpDataException: if role is a superuser role
"""
# Raise exception if role id is invalid
if role_id is None or not isinstance(role_id, basestring):
raise InvalidValue(['role_id'])
# Check whether role exists
role = Role.get_collection().find_one({'id': role_id})
if role is None:
raise MissingResource(role_id)
# Make sure role is not a superuser role
if role_id == SUPER_USER_ROLE:
raise PulpDataException(_('Role %s cannot be changed') % role_id)
# Remove respective roles from users
users = factory.user_query_manager().find_users_belonging_to_role(
role_id)
for item in role['permissions']:
for user in users:
other_roles = factory.role_query_manager().get_other_roles(
role, user['roles'])
user_ops = _operations_not_granted_by_roles(
item['resource'], item['permission'], other_roles)
factory.permission_manager().revoke(item['resource'],
user['login'], user_ops)
for user in users:
user['roles'].remove(role_id)
factory.user_manager().update_user(user['login'],
Delta(user, 'roles'))
Role.get_collection().remove({'id': role_id}, safe=True)
def __init__(self, admin=None, password=None,
server='ldap://localhost:389',
tls=False):
self.ldapserver = server
self.ldapadmin = admin
self.ldappassword = password
self.ldaptls = tls
self.lconn = None
self.user_manager = factory.user_manager()
self.role_manager = factory.role_manager()
def __init__(self, admin=None, password=None,
server='ldap://localhost:389',
tls=False):
self.ldapserver = server
self.ldapadmin = admin
self.ldappassword = password
self.ldaptls = tls
self.lconn = None
self.user_manager = factory.user_manager()
self.role_manager = factory.role_manager()
def add_user_to_role(role_name, user_name):
"""
Add a user to a role. This has the side-effect of granting all the
permissions granted to the role to the user.
@type role_name: str
@param role_name: name of role
@type user_name: str
@param user_name: name of user
@rtype: bool
@return: True on success
"""
role = _get_role(role_name)
user = _get_user(user_name)
if role_name in user['roles']:
return False
user['roles'].append(role_name)
factory.user_manager().update_user(user['login'], Delta(user, 'roles'))
for resource, operations in role['permissions'].items():
_permission_api.grant(resource, user, operations)
return True
def setUp(self):
super(UserManagerTests, self).setUp()
# Hardcoded to /var/lib/pulp, so change here to avoid permissions issues
self.default_sn_path = SerialNumber.PATH
SerialNumber.PATH = '/tmp/sn.dat'
sn = SerialNumber()
sn.reset()
self.user_manager = manager_factory.user_manager()
self.user_query_manager = manager_factory.user_query_manager()
self.cert_generation_manager = manager_factory.cert_generation_manager()
def setUp(self):
super(AuthControllersTests, self).setUp()
self.user_manager = manager_factory.user_manager()
self.user_query_manager = manager_factory.user_query_manager()
self.role_manager = manager_factory.role_manager()
self.role_query_manager = manager_factory.role_query_manager()
self.permission_manager = manager_factory.permission_manager()
self.permission_query_manager = manager_factory.permission_query_manager()
self.password_manager = manager_factory.password_manager()
self.role_manager.ensure_super_user_role()
self.user_manager.ensure_admin()
def DELETE(self, login):
manager = managers.user_manager()
resources = {dispatch_constants.RESOURCE_USER_TYPE: {login: dispatch_constants.RESOURCE_DELETE_OPERATION}}
tags = [resource_tag(dispatch_constants.RESOURCE_USER_TYPE, login),
action_tag('delete')]
call_request = CallRequest(manager.delete_user,
[login],
resources=resources,
tags=tags)
return execution.execute_ok(self, call_request)
def DELETE(self, login):
manager = managers.user_manager()
resources = {dispatch_constants.RESOURCE_USER_TYPE: {login: dispatch_constants.RESOURCE_DELETE_OPERATION}}
tags = [resource_tag(dispatch_constants.RESOURCE_USER_TYPE, login), action_tag("delete")]
call_request = CallRequest(manager.delete_user, [login], resources=resources, tags=tags)
# Remove permissions
user_link = serialization.link.current_link_obj()
permission_manager = managers.permission_manager()
permission_manager.delete_permission(user_link["_href"])
return execution.execute_ok(self, call_request)
def PUT(self, login):
# Pull all the user update data
user_data = self.params()
delta = user_data.get("delta", None)
# Perform update
manager = managers.user_manager()
resources = {dispatch_constants.RESOURCE_USER_TYPE: {login: dispatch_constants.RESOURCE_UPDATE_OPERATION}}
tags = [resource_tag(dispatch_constants.RESOURCE_USER_TYPE, login), action_tag("update")]
call_request = CallRequest(manager.update_user, [login, delta], resources=resources, tags=tags)
return execution.execute_ok(self, call_request)
def delete_role(role_id):
"""
Deletes the given role. This has the side-effect of revoking any permissions granted
to the role from the users in the role, unless those permissions are also granted
through another role the user is a memeber of.
:param role_id: identifies the role being deleted
:type role_id: str
:raise InvalidValue: if any of the fields are unacceptable
:raise MissingResource: if the given role does not exist
:raise PulpDataException: if role is a superuser role
"""
# Raise exception if role id is invalid
if role_id is None or not isinstance(role_id, basestring):
raise InvalidValue(['role_id'])
# Check whether role exists
role = Role.get_collection().find_one({'id': role_id})
if role is None:
raise MissingResource(role_id)
# Make sure role is not a superuser role
if role_id == SUPER_USER_ROLE:
raise PulpDataException(_('Role %s cannot be changed') % role_id)
# Remove respective roles from users
users = factory.user_query_manager().find_users_belonging_to_role(role_id)
for item in role['permissions']:
for user in users:
other_roles = factory.role_query_manager().get_other_roles(role, user['roles'])
user_ops = _operations_not_granted_by_roles(item['resource'],
item['permission'], other_roles)
factory.permission_manager().revoke(item['resource'], user['login'], user_ops)
for user in users:
user['roles'].remove(role_id)
factory.user_manager().update_user(user['login'], Delta(user, 'roles'))
Role.get_collection().remove({'id': role_id}, safe=True)
def _initialize_pulp():
# This initialization order is very sensitive, and each touches a number of
# sub-systems in pulp. If you get this wrong, you will have pulp tripping
# over itself on start up.
global _IS_INITIALIZED, STACK_TRACER
if _IS_INITIALIZED:
return
# Even though this import does not get used anywhere, we must import it for the Celery
# application to be initialized. Also, this import cannot happen in the usual PEP-8 location,
# as it calls initialization code at the module level. Calling that code at the module level
# is necessary for the Celery application to initialize.
from pulp.server.async import app
# configure agent services
AgentServices.init()
# Verify the database has been migrated to the correct version. This is
# very likely a reason the server will fail to start.
try:
migration_models.check_package_versions()
except Exception:
msg = 'The database has not been migrated to the current version. '
msg += 'Run pulp-manage-db and restart the application.'
raise initialization.InitializationException(msg), None, sys.exc_info()[2]
# There's a significantly smaller chance the following calls will fail.
# The previous two are likely user errors, but the remainder represent
# something gone horribly wrong. As such, I'm not going to account for each
# and instead simply let the exception itself bubble up.
# Initialize the tasking subsystem
dispatch_factory.initialize()
# Ensure the minimal auth configuration
role_manager = manager_factory.role_manager()
role_manager.ensure_super_user_role()
user_manager = manager_factory.user_manager()
user_manager.ensure_admin()
# start agent services
AgentServices.start()
# Setup debugging, if configured
if config.config.getboolean('server', 'debugging_mode'):
STACK_TRACER = StacktraceDumper()
STACK_TRACER.start()
# If we got this far, it was successful, so flip the flag
_IS_INITIALIZED = True
def setUp(self):
super(UserManagerTests, self).setUp()
# Hardcoded to /var/lib/pulp, so change here to avoid permissions issues
self.default_sn_path = SerialNumber.PATH
SerialNumber.PATH = '/tmp/sn.dat'
sn = SerialNumber()
sn.reset()
self.user_manager = manager_factory.user_manager()
self.user_query_manager = manager_factory.user_query_manager()
self.role_manager = manager_factory.role_manager()
self.cert_generation_manager = manager_factory.cert_generation_manager()
def setUp(self):
super(PulpWebserviceTests, self).setUp()
self.success_failure = None
self.result = None
self.exception = None
self.traceback = None
# The built in PulpTest clean will automatically delete users between
# test runs, so we can't just create the user in the class level setup.
user_manager = manager_factory.user_manager()
roles = []
roles.append(SUPER_USER_ROLE)
user_manager.create_user(login='******', password='******', roles=roles)
def _get_users_belonging_to_role(role):
"""
Get a list of users belonging to the given role
@type role: L{pulp.server.db.model.Role} instance
@param role: role to get members of
@rtype: list of L{pulp.server.db.model.User} instances
@return: list of users that are members of the given role
"""
users = []
for user in factory.user_manager().find_all():
if role['name'] in user['roles']:
users.append(user)
return users
def setUp(self):
super(AuthControllersTests, self).setUp()
self.user_manager = manager_factory.user_manager()
self.user_query_manager = manager_factory.user_query_manager()
self.role_manager = manager_factory.role_manager()
self.role_query_manager = manager_factory.role_query_manager()
self.permission_manager = manager_factory.permission_manager()
self.permission_query_manager = manager_factory.permission_query_manager(
)
self.password_manager = manager_factory.password_manager()
self.role_manager.ensure_super_user_role()
self.user_manager.ensure_admin()
def setUp(self):
super(PulpWebserviceTests, self).setUp()
self.success_failure = None
self.result = None
self.exception = None
self.traceback = None
# The built in PulpTest clean will automatically delete users between
# test runs, so we can't just create the user in the class level setup.
user_manager = manager_factory.user_manager()
roles = []
roles.append(SUPER_USER_ROLE)
user_manager.create_user(login='******', password='******', roles=roles)
def _get_user(user_name):
"""
Get a user from the database that corresponds to the user name
Raise an exception if the user isn't found
@type user_name: str
@param user_name: user's login
@rtype: L{pulp.server.db.model.User} instance
@return: user instance
@raise L{PulpAuthorizationError}: if no user with name exists
"""
user = factory.user_manager().find_by_login(login=user_name)
if user is None:
raise PulpAuthorizationError(_('no such user: %s') % user_name)
return user
def setUp(self):
super(PermissionManagerTests, self).setUp()
self.alpha_num = string.letters + string.digits
self.user_manager = manager_factory.user_manager()
self.user_query_manager = manager_factory.user_query_manager()
self.role_manager = manager_factory.role_manager()
self.role_query_manager = manager_factory.role_query_manager()
self.permission_manager = manager_factory.permission_manager()
self.permission_query_manager = manager_factory.permission_query_manager()
self.role_manager.ensure_super_user_role()
manager_factory.principal_manager().clear_principal()
def setUp(self):
super(RoleManagerTests, self).setUp()
self.alpha_num = string.letters + string.digits
self.user_manager = manager_factory.user_manager()
self.user_query_manager = manager_factory.user_query_manager()
self.role_manager = manager_factory.role_manager()
self.role_query_manager = manager_factory.role_query_manager()
self.permission_manager = manager_factory.permission_manager()
self.permission_query_manager = manager_factory.permission_query_manager()
self.role_manager.ensure_super_user_role()
manager_factory.principal_manager().clear_principal()
def DELETE(self, login):
"""
Delete a given user object
:param login: the login id of the user to delete
:type login: str
"""
manager = managers.user_manager()
result = manager.delete_user(login)
# Delete any existing user permissions given to the creator of the user
user_link = serialization.link.current_link_obj()['_href']
if Permission.get_collection().find_one({'resource': user_link}):
Permission.get_collection().remove({'resource': user_link}, safe=True)
return self.ok(result)
def PUT(self, login):
# Pull all the user update data
user_data = self.params()
delta = user_data.get('delta', None)
# Perform update
manager = managers.user_manager()
tags = [resource_tag(dispatch_constants.RESOURCE_USER_TYPE, login),
action_tag('update')]
call_request = CallRequest(manager.update_user,
[login, delta],
tags=tags)
call_request.updates_resource(dispatch_constants.RESOURCE_USER_TYPE, login)
result = execution.execute(call_request)
result.update(serialization.link.current_link_obj())
return self.ok(result)
def PUT(self, login):
"""
Update a user
:param login: the login id of the user to update
:type login: str
"""
# Pull all the user update data
user_data = self.params()
delta = user_data.get('delta', None)
# Perform update
manager = managers.user_manager()
result = manager.update_user(login, delta)
self.process_dictionary_against_whitelist(result, USER_WHITELIST)
return self.ok(result)
def DELETE(self, login):
"""
Delete a given user object
:param login: the login id of the user to delete
:type login: str
"""
manager = managers.user_manager()
result = manager.delete_user(login)
# Delete any existing user permissions given to the creator of the user
user_link = serialization.link.current_link_obj()['_href']
if Permission.get_collection().find_one({'resource': user_link}):
Permission.get_collection().remove({'resource': user_link},
safe=True)
return self.ok(result)
def PUT(self, login):
"""
Update a user
:param login: the login id of the user to update
:type login: str
"""
# Pull all the user update data
user_data = self.params()
delta = user_data.get('delta', None)
# Perform update
manager = managers.user_manager()
result = manager.update_user(login, delta)
self.process_dictionary_against_whitelist(result, USER_WHITELIST)
return self.ok(result)
def PUT(self, login):
# Pull all the user update data
user_data = self.params()
delta = user_data.get('delta', None)
# Perform update
manager = managers.user_manager()
resources = {dispatch_constants.RESOURCE_USER_TYPE: {login: dispatch_constants.RESOURCE_UPDATE_OPERATION}}
tags = [resource_tag(dispatch_constants.RESOURCE_USER_TYPE, login),
action_tag('update')]
call_request = CallRequest(manager.update_user,
[login, delta],
resources=resources,
tags=tags)
result = execution.execute(call_request)
result.update(serialization.link.current_link_obj())
return self.ok(result)
def DELETE(self, login):
manager = managers.user_manager()
tags = [resource_tag(dispatch_constants.RESOURCE_USER_TYPE, login),
action_tag('delete')]
call_request = CallRequest(manager.delete_user,
[login],
tags=tags)
call_request.deletes_resource(dispatch_constants.RESOURCE_USER_TYPE, login)
result = execution.execute(call_request)
# Delete any existing user permissions given to the creator of the user
user_link = serialization.link.current_link_obj()['_href']
if Permission.get_collection().find_one({'resource' : user_link}):
Permission.get_collection().remove({'resource' : user_link}, safe=True)
return self.ok(result)
def DELETE(self, login):
manager = managers.user_manager()
resources = {dispatch_constants.RESOURCE_USER_TYPE: {login: dispatch_constants.RESOURCE_DELETE_OPERATION}}
tags = [resource_tag(dispatch_constants.RESOURCE_USER_TYPE, login),
action_tag('delete')]
call_request = CallRequest(manager.delete_user,
[login],
resources=resources,
tags=tags)
result = execution.execute(call_request)
# Delete any existing user permissions given to the creator of the user
user_link = serialization.link.current_link_obj()['_href']
if Permission.get_collection().find_one({'resource' : user_link}):
Permission.get_collection().remove({'resource' : user_link}, safe=True)
return self.ok(result)
def delete(self, request, login):
"""
Delete a user.
:param request: WSGI request object
:type request: django.core.handlers.wsgi.WSGIRequest
:param login: login for the requested user
:type login: str
:return: An empty response
:rtype: django.http.HttpResponse
"""
manager = factory.user_manager()
result = manager.delete_user(login)
# Delete any existing user permissions given to the creator of the user
link = {'_href': reverse('user_resource', kwargs={'login': login})}
if Permission.get_collection().find_one({'resource': link['_href']}):
Permission.get_collection().remove({'resource': link})
return generate_json_response(result)
def put(self, request, login):
"""
Update a user.
:param request: WSGI request object
:type request: django.core.handlers.wsgi.WSGIRequest
:param login: login for the requested user
:type login: str
:return: Response containing the user
:rtype: django.http.HttpResponse
"""
# Pull all the user update data
user_data = request.body_as_json
delta = user_data.get('delta', None)
# Perform update
manager = factory.user_manager()
result = manager.update_user(login, delta)
_process_dictionary_against_whitelist(result, USER_WHITELIST)
return generate_json_response_with_pulp_encoder(result)
def delete(self, request, login):
"""
Delete a user.
:param request: WSGI request object
:type request: django.core.handlers.wsgi.WSGIRequest
:param login: login for the requested user
:type login: str
:return: An empty response
:rtype: django.http.HttpResponse
"""
manager = factory.user_manager()
result = manager.delete_user(login)
# Delete any existing user permissions given to the creator of the user
link = {'_href': reverse('user_resource',
kwargs={'login': login})}
if Permission.get_collection().find_one({'resource': link['_href']}):
Permission.get_collection().remove({'resource': link}, safe=True)
return generate_json_response(result)
def put(self, request, login):
"""
Update a user.
:param request: WSGI request object
:type request: django.core.handlers.wsgi.WSGIRequest
:param login: login for the requested user
:type login: str
:return: Response containing the user
:rtype: django.http.HttpResponse
"""
# Pull all the user update data
user_data = request.body_as_json
delta = user_data.get('delta', None)
# Perform update
manager = factory.user_manager()
result = manager.update_user(login, delta)
_process_dictionary_against_whitelist(result, USER_WHITELIST)
return generate_json_response_with_pulp_encoder(result)
def ensure_admin(self):
"""
This function ensures that there is at least one super user for the system.
If no super users are found, the default admin user (from the pulp config)
is looked up or created and added to the super users role.
"""
user_query_manager = factory.user_query_manager()
role_manager = factory.role_manager()
super_users = user_query_manager.find_users_belonging_to_role(role_manager.super_user_role)
if super_users:
return
default_login = config.config.get('server', 'default_login')
admin = User.get_collection().find_one({'login' : default_login})
if admin is None:
default_password = config.config.get('server', 'default_password')
admin = factory.user_manager().create_user(login=default_login, password=default_password)
role_manager.add_user_to_role(role_manager.super_user_role, default_login)
def post(self, request):
"""
Create a new user.
:param request: WSGI request object
:type request: django.core.handlers.wsgi.WSGIRequest
:return: Response containing the user
:rtype: django.http.HttpResponse
:raises: MissingValue if login field is missing
:raises: InvalidValue if some parameters are invalid
"""
# Pull all the user data
user_data = request.body_as_json
login = user_data.pop('login', None)
if login is None:
raise pulp_exceptions.MissingValue(['login'])
password = user_data.pop('password', None)
name = user_data.pop('name', None)
if user_data:
raise pulp_exceptions.InvalidValue(user_data.keys())
# Creation
manager = factory.user_manager()
args = [login]
kwargs = {'password': password, 'name': name}
user = manager.create_user(*args, **kwargs)
# Add the link to the user
link = _add_link(user)
# Grant permissions
permission_manager = factory.permission_manager()
permission_manager.grant_automatic_permissions_for_resource(
link['_href'])
response = generate_json_response_with_pulp_encoder(user)
return generate_redirect_response(response, link['_href'])
def post(self, request):
"""
Create a new user.
:param request: WSGI request object
:type request: django.core.handlers.wsgi.WSGIRequest
:return: Response containing the user
:rtype: django.http.HttpResponse
:raises: MissingValue if login field is missing
:raises: InvalidValue if some parameters are invalid
"""
# Pull all the user data
user_data = request.body_as_json
login = user_data.pop('login', None)
if login is None:
raise pulp_exceptions.MissingValue(['login'])
password = user_data.pop('password', None)
name = user_data.pop('name', None)
if user_data:
raise pulp_exceptions.InvalidValue(user_data.keys())
# Creation
manager = factory.user_manager()
args = [login]
kwargs = {'password': password,
'name': name}
user = manager.create_user(*args, **kwargs)
# Add the link to the user
link = _add_link(user)
# Grant permissions
permission_manager = factory.permission_manager()
permission_manager.grant_automatic_permissions_for_resource(link['_href'])
response = generate_json_response_with_pulp_encoder(user)
return generate_redirect_response(response, link['_href'])
def ensure_admin(self):
"""
This function ensures that there is at least one super user for the system.
If no super users are found, the default admin user (from the pulp config)
is looked up or created and added to the super users role.
"""
user_query_manager = factory.user_query_manager()
role_manager = factory.role_manager()
super_users = user_query_manager.find_users_belonging_to_role(
role_manager.super_user_role)
if super_users:
return
default_login = config.config.get('server', 'default_login')
admin = User.get_collection().find_one({'login': default_login})
if admin is None:
default_password = config.config.get('server', 'default_password')
admin = factory.user_manager().create_user(
login=default_login, password=default_password)
role_manager.add_user_to_role(role_manager.super_user_role,
default_login)
# There's a significantly smaller chance the following calls will fail.
# The previous two are likely user errors, but the remainder represent
# something gone horribly wrong. As such, I'm not going to account for each
# and instead simply let the exception itself bubble up.
# Load the mappings of manager type to managers
manager_factory.initialize()
# Initialize the tasking subsystem
dispatch_factory.initialize()
# Ensure the minimal auth configuration
role_manager = manager_factory.role_manager()
role_manager.ensure_super_user_role()
user_manager = manager_factory.user_manager()
user_manager.ensure_admin()
# database document reaper
reaper.initialize()
# agent services
AgentServices.start()
# Setup debugging, if configured
if config.config.getboolean('server', 'debugging_mode'):
STACK_TRACER = StacktraceDumper()
STACK_TRACER.start()
# If we got this far, it was successful, so flip the flag
_IS_INITIALIZED = True
