def put(self, controller, data, oid, *args, **kwargs):
data = get_value(data, u'role', None, exception=True)
new_name = get_value(data, u'name', None)
new_description = get_value(data, u'desc', None)
role_perm = get_value(data, u'perms', None)
role = self.controller.get_role(oid)
resp = {u'update': None, u'perm.append': None, u'perm.remove': None}
# append, remove role
if role_perm is not None:
# append role
if u'append' in role_perm:
perms = []
for perm in role_perm.get(u'append'):
perms.append(perm)
res = role.append_permissions(perms)
resp[u'perm.append'] = res
# remove role
if u'remove' in role_perm:
perms = []
for perm in role_perm.get(u'remove'):
perms.append(perm)
res = role.remove_permissions(perms)
resp[u'perm.remove'] = res
# update role
res = role.update(name=new_name, description=new_description)
resp[u'update'] = res
return resp
def post(self, controller, data, *args, **kwargs):
data = get_value(data, u'group', None, exception=True)
groupname = get_value(data, u'name', None, exception=True)
description = get_value(data, u'desc', u'Group %s' % groupname)
resp = controller.add_group(groupname, description)
return (resp, 201)
def put(self, controller, data, oid, *args, **kwargs):
catalog = self.get_catalog(controller, oid)
data = get_value(data, u'catalog', None, exception=True)
name = get_value(data, u'name', None)
desc = get_value(data, u'desc', None)
zone = get_value(data, u'zone', None)
resp = catalog.update(name=name, desc=desc, zone=zone)
return resp
def post(self, controller, data, *args, **kwargs):
data = get_value(data, u'catalog', None, exception=True)
name = get_value(data, u'name', None, exception=True)
desc = get_value(data, u'desc', None, exception=True)
zone = get_value(data, u'zone', None, exception=True)
resp = controller.add_catalog(name, desc, zone)
return (resp, 201)
def decorated_view(*args, **kwargs):
task = args[0]
# setup correct user
try:
user = get_value(kwargs, u'user', u'task_manager')
server = get_value(kwargs, u'server', u'127.0.0.1')
identity = get_value(kwargs, u'identity', u'')
except:
logger.warn(u'Can not get request user', exc_info=1)
user = u'task_manager'
server = u'127.0.0.1'
identity = u''
operation.perms = []
operation.user = (user, server, identity)
operation.session = None
if module != None:
mod = task.app.api_manager.modules[module]
task_local.controller = mod.get_controller()
task_local.entity_class = entity_class
task_local.objid = args[1]
task_local.op = job_name
task_local.opid = task.request.id
#task_local.start = time()
task_local.delta = delta
task_local.user = operation.user
if task_local.op is None:
if op is None:
task_local.op = u'%s.%s' % (entity_class.objdef, act)
else:
task_local.op = u'%s.%s.%s' % (entity_class.objdef, op,
act)
# record PENDING task and set start-time
start_time = time()
status = u'STARTED'
params = {u'start-time': start_time, u'job-status': status}
task.set_shared_data(params)
task.update_job(params, status, start_time, start_time=start_time)
# send event
task.send_job_event(status, 0, ex=None, msg=None)
#TaskResult.store(task.request.id, status=status, retval=None,
# start_time=start_time, traceback=None,
# inner_type=u'JOB')
#logger.debug(u'Job %s - master task %s' % (task_local.op,
# task_local.opid))
#res = fn(*args, **kwargs)
res = fn(*args)
#task.update(u'STARTED')
return res
def post(self, controller, data, *args, **kwargs):
data = get_value(data, u'user', None, exception=True)
username = get_value(data, u'name', None, exception=True)
password = get_value(data, u'password', None)
description = get_value(data, u'desc', u'User %s' % username)
active = get_value(data, u'active', True)
active = str2bool(active)
expiry_date = get_value(data, u'expiry-date', None)
if u'generic' in data and data.get(u'generic') is True:
storetype = get_value(data, u'storetype', None, exception=True)
resp = controller.add_generic_user(username,
storetype,
password=password,
description=description,
expiry_date=expiry_date)
elif u'system' in data and data[u'system'] == True:
resp = controller.add_system_user(username,
password=password,
description=description)
else:
storetype = get_value(data, u'storetype', None, exception=True)
systype = get_value(data, u'systype', None, exception=True)
resp = controller.add_user(username,
storetype,
systype,
active=active,
password=password,
description=description,
expiry_date=expiry_date)
return (resp, 201)
def post(self, controller, data, oid, *args, **kwargs):
data = get_value(data, u'user-attribute', None, exception=True)
name = get_value(data, u'name', None, exception=True)
new_name = get_value(data, u'new_name', None)
value = get_value(data, u'value', None, exception=True)
desc = get_value(data, u'desc', None, exception=True)
user = self.controller.get_user(oid)
attr = user.set_attribute(name,
value=value,
desc=desc,
new_name=new_name)
resp = (attr.name, attr.value, attr.desc)
return (resp, 201)
def post(self, controller, data, *args, **kwargs):
"""
Create schedule
Create scheduler schedule
"""
scheduler = controller.get_scheduler()
data = get_value(data, 'schedule', None, exception=True)
name = get_value(data, 'name', None, exception=True)
task = get_value(data, 'task', None, exception=True)
args = get_value(data, 'args', None)
kwargs = get_value(data, 'kwargs', None)
options = get_value(data, 'options', {})
relative = get_value(data, 'relative', None)
# get schedule
schedule = get_value(data, 'schedule', None, exception=True)
resp = scheduler.create_update_entry(name,
task,
schedule,
args=args,
kwargs=kwargs,
options=options,
relative=relative)
return {'name': name}, 202
def post(self, controller, data, *args, **kwargs):
data = get_value(data, u'role', None, exception=True)
rolename = get_value(data, u'name', None, exception=True)
description = get_value(data, u'desc', u'Role %s' % rolename)
rtype = get_value(data, u'type', None)
# create role with default permissions
if rtype is not None:
# app system role
if rtype == u'app':
resp = controller.add_app_role(rolename)
# create role without default permissions
else:
resp = controller.add_role(rolename, description)
return (resp, 201)
def post(self, controller, data, *args, **kwargs):
data = get_value(data, u'endpoint', None, exception=True)
catalog = get_value(data, u'catalog', None, exception=True)
name = get_value(data, u'name', None, exception=True)
desc = get_value(data, u'desc', None, exception=True)
service = get_value(data, u'service', None, exception=True)
uri = get_value(data, u'uri', None, exception=True)
active = get_value(data, u'active', True)
catalog_obj = self.get_catalog(controller, catalog)
resp = catalog_obj.add_endpoint(name, desc, service, uri, active)
return (resp, 201)
def post(self, controller, data, *args, **kwargs):
user = get_value(data, 'user', None, exception=True)
password = get_value(data, 'password', None, exception=True)
login_ip = get_value(data, 'login-ip', None, exception=True)
try:
name_domain = user.split('@')
name = name_domain[0]
try:
domain = name_domain[1]
except:
domain = 'local'
except:
ApiManagerError('User must be <user>@<domain>')
innerperms = [
(1, 1, 'auth', 'objects', 'ObjectContainer', '*', 1, '*'),
(1, 1, 'auth', 'role', 'RoleContainer', '*', 1, '*'),
(1, 1, 'auth', 'user', 'UserContainer', '*', 1, '*')]
operation.perms = innerperms
resp = controller.simple_http_login(name, domain, password, login_ip)
return resp
def dispatch(self, controller, data, *args, **kwargs):
user = get_value(data, u'user', None, exception=True)
password = get_value(data, u'password', None, exception=True)
login_ip = get_value(data, u'login-ip', get_remote_ip(request))
try:
name_domain = user.split(u'@')
name = name_domain[0]
try:
domain = name_domain[1]
except:
domain = u'local'
except:
ApiManagerError(u'User must be <user>@<domain>')
innerperms = [
(1, 1, u'auth', u'objects', u'ObjectContainer', u'*', 1, u'*'),
(1, 1, u'auth', u'role', u'RoleContainer', u'*', 1, u'*'),
(1, 1, u'auth', u'user', u'UserContainer', u'*', 1, u'*')]
operation.perms = innerperms
res = controller.login(name, domain, password, login_ip)
resp = res
return resp
def update(self, controller, data, oid, *args, **kwargs):
data = get_value(data, u'endpoint', None, exception=True)
catalog = get_value(data, u'catalog', None)
name = get_value(data, u'name', None)
desc = get_value(data, u'desc', None)
service = get_value(data, u'service', None)
uri = get_value(data, u'uri', None)
active = get_value(data, u'active', None)
endpoint = self.get_endpoint(controller, oid)
resp = endpoint.update(name=name,
desc=desc,
service=service,
uri=uri,
active=active,
catalog=catalog)
return resp
def put(self, controller, data, oid, *args, **kwargs):
data = get_value(data, u'group', None, exception=True)
new_name = get_value(data, u'name', None)
new_description = get_value(data, u'desc', None)
new_active = get_value(data, u'active', None)
group_role = get_value(data, u'roles', None)
group_user = get_value(data, u'users', None)
group = self.controller.get_group(oid)
resp = {
u'update': None,
u'role.append': [],
u'role.remove': [],
u'user.append': [],
u'user.remove': []
}
# append, remove role
if group_role is not None:
# append role
if u'append' in group_role:
for role in group_role.get(u'append'):
res = group.append_role(role)
resp[u'role.append'].append(res)
# remove role
if u'remove' in group_role:
for role in group_role.get(u'remove'):
res = group.remove_role(role)
resp[u'role.remove'].append(res)
# append, remove user
if group_user is not None:
# append user
if u'append' in group_user:
for user in group_user.get(u'append'):
res = group.append_user(user)
resp[u'user.append'].append(res)
# remove user
if u'remove' in group_user:
for user in group_user.get(u'remove'):
res = group.remove_user(user)
resp[u'user.remove'].append(res)
# update group
res = group.update(name=new_name,
description=new_description,
active=new_active)
resp[u'update'] = res
return resp
def post(self, controller, data, *args, **kwargs):
scheduler = controller.get_scheduler()
data = get_value(data, u'schedule', None, exception=True)
name = get_value(data, u'name', None, exception=True)
task = get_value(data, u'task', None, exception=True)
args = get_value(data, u'args', None)
kwargs = get_value(data, u'kwargs', None)
options = get_value(data, u'options', None)
relative = get_value(data, u'relative', None)
# get schedule
schedule = get_value(data, u'schedule', None, exception=True)
resp = scheduler.create_update_entry(name,
task,
schedule,
args=args,
kwargs=kwargs,
options=options,
relative=relative)
return (resp, 202)
def put(self, controller, data, oid, *args, **kwargs):
data = get_value(data, u'user', None, exception=True)
new_name = get_value(data, u'name', None)
new_description = get_value(data, u'desc', None)
new_active = get_value(data, u'active', None)
new_password = get_value(data, u'password', None)
role = get_value(data, u'roles', None)
new_expiry_date = get_value(data, u'expiry-date', None)
if new_active is not None:
new_active = str2bool(new_active)
if new_expiry_date is not None:
g, m, y = new_expiry_date.split(u'-')
new_expiry_date = datetime(int(y), int(m), int(g))
user = self.controller.get_user(oid)
resp = {u'update': None, u'role.append': [], u'role.remove': []}
# append, remove role
if role is not None:
# append role
if u'append' in role:
for role, expiry in role.get(u'append'):
res = user.append_role(role, expiry_date=expiry)
resp[u'role.append'].append(res)
# remove role
if u'remove' in role:
for role in role.get(u'remove'):
res = user.remove_role(role)
resp[u'role.remove'].append(res)
# update user
res = user.update(name=new_name,
description=new_description,
active=new_active,
password=new_password,
expiry_date=new_expiry_date)
resp[u'update'] = res
return resp
def delete(self, controller, data, *args, **kwargs):
scheduler = controller.get_scheduler()
name = get_value(data, u'name', None, exception=True)
resp = scheduler.remove_entry(name)
return (resp, 202)
def dispatch(self, controller, data, *args, **kwargs):
data = get_value(data, u'object-types', None, exception=True)
resp = controller.objects.add_types(data)
return (resp, 201)
def create_subsystem(self, subsystem_config, update=False):
"""Create subsystem.
:param subsystem_config: subsystem configuration file
:param update: if update is True don't replace database schema [default=False]
"""
res = []
# read subsystem config
config = read_file(subsystem_config)
subsystem = get_value(config, 'api_subsystem', None, exception=True)
api_config = get_value(config, 'api', {})
if update is True:
self.logger.info('Update %s subsystem' % subsystem)
else:
self.logger.info('Create new %s subsystem' % subsystem)
# set operation user
operation.user = (api_config.get('user', None), 'localhost', None)
operation.id = str(uuid4())
self.set_permissions(classes=self.classes)
# init auth subsytem
if subsystem == 'auth':
res.extend(self.__configure(config, update=update))
res.extend(self.__init_subsystem(config, update=update))
# setup main kombu queue
# init oauth2 subsytem
elif subsystem == 'oauth2':
res.extend(self.__init_subsystem(config, update=update))
# init other subsystem
else:
# create api client instance
client = BeehiveApiClient(api_config['endpoint'],
'keyauth',
api_config['user'],
api_config['pwd'],
None,
api_config['catalog'])
if update is False:
# create super user
user = {'name': '%s_admin@local' % config['api_subsystem'],
'pwd': random_password(20),
'desc': '%s internal user' % subsystem}
try:
client.add_system_user(user['name'], password=user['pwd'], desc='User %s' % user['name'])
except BeehiveApiClientError as ex:
if ex.code == 409:
client.update_user(user['name'], user['name'], user['pwd'], 'User %s' % user['name'])
else:
raise
# append system user config
config['config'].append({'group': 'api', 'name': 'user',
'value': {'name': user['name'], 'pwd': user['pwd']}})
# append catalog config
config['config'].append({'group': 'api', 'name': 'catalog', 'value': api_config['catalog']})
# append auth endpoints config
config['config'].append({'group': 'api', 'name': 'endpoints',
'value': json.dumps(api_config['endpoint'])})
res.extend(self.__configure(config, update=update))
res.extend(self.__init_subsystem(config, update=update))
return res
def create_subsystem(self, subsystem_config):
"""Create subsystem.
:param subsystem_config: subsystem configuration file
"""
res = []
# read subsystem config
config = self.read_config(subsystem_config)
subsystem = get_value(config, u'api_subsystem', None, exception=True)
update = get_value(config, u'update', False)
api_config = get_value(config, u'api', {})
self.logger.debug(api_config)
# set operation user
operation.user = (api_config.get(u'user', None), u'localhost', None)
self.set_permissions(classes=self.classes)
# init auth subsytem
if subsystem == u'auth':
res.extend(self.__configure(config, update=update))
res.extend(self.__init_subsystem(config, update=update))
# setup main kombu queue
# init oauth2 subsytem
elif subsystem == u'oauth2':
res.extend(self.__init_subsystem(config, update=update))
# init other subsystem
else:
# create api client instance
client = BeehiveApiClient(api_config[u'endpoint'],
u'keyauth',
api_config[u'user'],
api_config[u'pwd'],
api_config[u'catalog'])
# create super user
user = {u'name':u'%s_admin@local' % config[u'api_subsystem'],
u'pwd':random_password(20),
u'desc':u'%s internal user' % subsystem}
try:
client.add_system_user(user[u'name'],
password=user[u'pwd'],
description=u'User %s' % user[u'name'])
except BeehiveApiClientError as ex:
if ex.code == 409:
client.update_user(user[u'name'], user[u'name'], user[u'pwd'],
u'User %s' % user[u'name'])
else:
raise
if update is False:
# append system user config
config[u'config'].append({u'group':u'api',
u'name':u'user',
u'value':{u'name':user[u'name'],
u'pwd':user[u'pwd']}})
# append catalog config
config[u'config'].append({u'group':u'api',
u'name':u'catalog',
u'value':api_config[u'catalog']})
# append auth endpoints config
config[u'config'].append({u'group':u'api',
u'name':u'endpoints',
u'value':json.dumps(api_config[u'endpoint'])})
res.extend(self.__configure(config, update=update))
res.extend(self.__init_subsystem(config, update=update))
return res
