Exemplo n.º 1
0
 def _secure(self, context):
     # Create a new administrative user for Trove and also
     # disable the built-in superuser.
     os_admin_db = models.PostgreSQLSchema(self.ADMIN_USER)
     self._create_database(context, os_admin_db)
     self._create_admin_user(context, databases=[os_admin_db])
     pgutil.PG_ADMIN = self.ADMIN_USER
     postgres = models.PostgreSQLRootUser()
     self.alter_user(context, postgres, 'NOSUPERUSER', 'NOLOGIN')
Exemplo n.º 2
0
 def _get_databases(self):
     """Return all non-system Postgres databases on the instance."""
     results = pgutil.query(
         pgutil.DatabaseQuery.list(ignore=IGNORE_DBS_LIST),
         timeout=30,
     )
     return [
         models.PostgreSQLSchema(row[0].strip(),
                                 character_set=row[1],
                                 collate=row[2]) for row in results
     ]
Exemplo n.º 3
0
 def _get_databases_for(self, username):
     """Return all Postgres databases accessible by a given user."""
     results = pgutil.query(
         pgutil.AccessQuery.list(user=username),
         timeout=30,
     )
     return [
         models.PostgreSQLSchema(row[0].strip(),
                                 character_set=row[1],
                                 collate=row[2]) for row in results
     ]
Exemplo n.º 4
0
    def _build_user(self, context, username, acl=None):
        """Build a model representation of a Postgres user.
        Include all databases it has access to.
        """
        user = models.PostgreSQLUser(username)
        if acl:
            dbs = [
                models.PostgreSQLSchema(row[1].strip(),
                                        character_set=row[2],
                                        collate=row[3]) for row in acl
                if row[0] == username and row[1] is not None
            ]
            for d in dbs:
                user.databases.append(d.serialize())

        return user
Exemplo n.º 5
0
    def secure(self, context):
        """Create an administrative user for Trove.
        Force password encryption.
        Also disable the built-in superuser
        """
        password = utils.generate_random_password()

        os_admin_db = models.PostgreSQLSchema(self.ADMIN_USER)
        os_admin = models.PostgreSQLUser(self.ADMIN_USER, password)
        os_admin.databases.append(os_admin_db.serialize())

        postgres = models.PostgreSQLUser(self.default_superuser_name)
        admin = PgSqlAdmin(postgres)
        admin._create_database(context, os_admin_db)
        admin._create_admin_user(context, os_admin, encrypt_password=True)

        PgSqlAdmin(os_admin).alter_user(context, postgres, None, 'NOSUPERUSER',
                                        'NOLOGIN')

        self.set_current_admin_user(os_admin)