def __init__(self, obj, opt): super(LDAPUser, self).__init__(obj, opt) self.path = sanitize_mount("auth/%s/users/%s" % (obj.get('mount', 'ldap'), obj['user'])) self._obj = {} map_val(self._obj, obj, 'groups', []) map_val(self._obj, obj, 'policies', [])
def __init__(self, obj, opt): super(UserPassUser, self).__init__('userpass', obj, opt) self.username = obj['username'] self.mount = 'userpass' self.path = sanitize_mount("auth/userpass/users/%s" % self.username) self.secret = obj['password_file'] self._obj = {'policies': obj['policies']} map_val(self._obj, obj, 'ttl') map_val(self._obj, obj, 'max_ttl') self.filename = self.secret
def __init__(self, obj, opt): super(UserPassUser, self).__init__('userpass', obj, opt) self.username = obj['username'] self.mount = 'userpass' self.path = sanitize_mount("auth/userpass/users/%s" % self.username) self.secret = obj['password_file'] self._obj = { 'policies': obj['policies'] } map_val(self._obj, obj, 'ttl') map_val(self._obj, obj, 'max_ttl') self.filename = self.secret
def tunable(self, obj): """A tunable resource maps against a backend...""" self.tune = dict() if 'tune' in obj: for tunable in MOUNT_TUNABLES: tunable_key = tunable[0] map_val(self.tune, obj['tune'], tunable_key) if tunable_key in self.tune and \ is_vault_time(self.tune[tunable_key]): vault_time_s = vault_time_to_s(self.tune[tunable_key]) self.tune[tunable_key] = vault_time_s if 'description'in obj: self.tune['description'] = obj['description']
def tunable(self, obj): """A tunable resource maps against a backend...""" self.tune = dict() if 'tune' in obj: for tunable in MOUNT_TUNABLES: tunable_key = tunable[0] map_val(self.tune, obj['tune'], tunable_key) if tunable_key in self.tune and \ is_vault_time(self.tune[tunable_key]): vault_time_s = vault_time_to_s(self.tune[tunable_key]) self.tune[tunable_key] = vault_time_s if 'description' in obj: self.tune['description'] = obj['description']
def __init__(self, obj, opt): super(TokenRole, self).__init__('tokenrole', obj, opt) self.role_name = obj['name'] self.path = "auth/token/roles/%s" % obj['name'] self.mount = 'token' self.backend = 'token' self.secret_ids = [] role_obj = {} for policy_type in ['allowed_policies', 'disallowed_policies']: if policy_type in obj: policies = obj[policy_type] role_obj[policy_type] = ','.join(sorted(policies)) map_val(role_obj, obj, 'orphan', True) map_val(role_obj, obj, 'period', 0) map_val(role_obj, obj, 'renewable', True) map_val(role_obj, obj, 'explicit_max_ttl', 0) map_val(role_obj, obj, 'path_suffix', '') self._obj = role_obj
def __init__(self, resource, opt, managed=True): self.path = sanitize_mount(resource.mount) self.backend = resource.backend self.existing = dict() self.present = resource.present self.config = dict() self.managed = managed if hasattr(resource, 'tune') and isinstance(resource.tune, dict): for tunable in MOUNT_TUNABLES: tunable_key = tunable[0] tunable_type = tunable[1] if tunable_key in resource.tune and \ not isinstance(resource.tune[tunable_key], tunable_type): e_msg = "Mount tunable %s on %s must be of type %s" % \ (tunable_key, self.path, tunable_type) raise aomi_excep.AomiData(e_msg) map_val(self.config, resource.tune, tunable_key) if 'description' in resource.tune: self.config['description'] = resource.tune['description'] self.opt = opt
def __init__(self, obj, opt): super(LDAP, self).__init__('ldap', obj, opt) auth_obj = {'url': obj['url']} self.mount = 'ldap' self.path = sanitize_mount("auth/ldap/config") self.secret = obj.get('secrets') map_val(auth_obj, obj, 'starttls', False) map_val(auth_obj, obj, 'insecure_tls', False) map_val(auth_obj, obj, 'discoverdn') map_val(auth_obj, obj, 'userdn') map_val(auth_obj, obj, 'userattr') map_val(auth_obj, obj, 'deny_null_bind', True) map_val(auth_obj, obj, 'upndomain') map_val(auth_obj, obj, 'groupfilter') map_val(auth_obj, obj, 'groupdn') map_val(auth_obj, obj, 'groupattr') map_val(auth_obj, obj, 'binddn') self._obj = auth_obj
def __init__(self, obj, opt): super(AppRole, self).__init__('approle', obj, opt) self.app_name = obj['name'] self.path = "auth/approle/role/%s" % obj['name'] self.mount = self.backend self.secret_ids = [] policies = obj['policies'] # HCV seems to always add this in anyway. Having this implicit # at our end makes the diff'ing easier. if 'default' not in policies: policies.insert(0, 'default') role_obj = {'policies': ','.join(sorted(policies))} map_val(role_obj, obj, 'bound_cidr_list', '', 'cidr_list') map_val(role_obj, obj, 'secret_id_num_uses', 0, 'secret_uses') map_val(role_obj, obj, 'secret_id_ttl', 0, 'secret_ttl') map_val(role_obj, obj, 'period', 0) map_val(role_obj, obj, 'token_max_ttl', 0) map_val(role_obj, obj, 'token_ttl', 0) map_val(role_obj, obj, 'bind_secret_id', True) map_val(role_obj, obj, 'token_num_uses', 0) self._obj = role_obj if 'preset' in obj: self.presets(obj['preset'], opt)
def __init__(self, obj, opt): super(LDAP, self).__init__('ldap', obj, opt) auth_obj = { 'url': obj['url'] } self.mount = obj.get('mount', 'ldap') self.path = sanitize_mount("auth/%s/config" % self.mount) self.secret = obj.get('secrets') map_val(auth_obj, obj, 'starttls', False) map_val(auth_obj, obj, 'insecure_tls', False) map_val(auth_obj, obj, 'discoverdn') map_val(auth_obj, obj, 'userdn') map_val(auth_obj, obj, 'userattr') map_val(auth_obj, obj, 'deny_null_bind', True) map_val(auth_obj, obj, 'upndomain') map_val(auth_obj, obj, 'groupfilter') map_val(auth_obj, obj, 'groupdn') map_val(auth_obj, obj, 'groupattr') map_val(auth_obj, obj, 'binddn') map_val(auth_obj, obj, 'tls_max_version') map_val(auth_obj, obj, 'tls_min_version') self._obj = auth_obj self.tunable(obj)
def __init__(self, obj, opt): super(AppRole, self).__init__('approle', obj, opt) self.app_name = obj['name'] self.mount = 'approle' self.path = "%s/role/%s" % (self.mount, self.app_name) self.secret_ids = [] self.tunable(obj) policies = obj['policies'] # HCV seems to always add this in anyway. Having this implicit # at our end makes the diff'ing easier. if 'default' not in policies: policies.insert(0, 'default') role_obj = { 'policies': ','.join(sorted(policies)) } map_val(role_obj, obj, 'bound_cidr_list', '', 'cidr_list') map_val(role_obj, obj, 'secret_id_num_uses', 0, 'secret_uses') map_val(role_obj, obj, 'secret_id_ttl', 0, 'secret_ttl') map_val(role_obj, obj, 'period', 0) map_val(role_obj, obj, 'token_max_ttl', 0) map_val(role_obj, obj, 'token_ttl', 0) map_val(role_obj, obj, 'bind_secret_id', True) map_val(role_obj, obj, 'token_num_uses', 0) self._obj = role_obj if 'preset' in obj: self.presets(obj['preset'], opt)