def launch(self): """ Worker method for creating a new ACL object definition. """ # Make sure the type definition is not already used if DBGatewayACLObjects.objects.filter(type=self.attr['type']).count(): return invalid('Failed to create ACL object type [%s], already defined' % self.attr['type']) # Check the ACL and object module/class definitions for key,status in { 'acl': mod_has_class(self.attr['acl_mod'], self.attr['acl_cls'], no_launch=True), 'obj': mod_has_class(self.attr['obj_mod'], self.attr['obj_cls'], no_launch=True) }.iteritems(): if not status['valid']: return status # Set a unique ID for the ACL object self.attr['uuid'] = str(uuid4()) # If a default ACL UUID is supplied if ('def_acl' in self.api.data): if not DBGatewayACLKeys.objects.filter(uuid=self.attr['def_acl']).count(): return invalid('Failed to create ACL object type [%s], default ACL [%s] not found' % (self.attr['type'], self.attr['def_acl'])) # Get the default ACL object self.attr['def_acl'] = DBGatewayACLKeys.objects.get(uuid=self.api.data['def_acl']) # Make sure the ACL has object type authentication enabled if not self.attr['def_acl'].type_object: return invalid('Failed to create ACL object type [%s], default ACL [%s] must have object authentication enabled' % (self.attr['type'], self.attr['def_acl']['uuid'])) # Create the ACL object definition try: DBGatewayACLObjects(**self.attr).save() # Critical error when saving ACL object definition except Exception as e: return invalid(self.api.log.exception('Failed to create ACL object type [%s]: %s' % (self.attr['type'], str(e)))) # Return the response return valid('Successfully created ACL object definition', { 'type': self.attr['type'], 'uuid': self.attr['uuid'], 'name': self.attr['name'] })
def launch(self): """ Worker method for creating a new utility. """ # Creation parameters params = { 'uuid': str(uuid4()), 'path': self.api.data['path'], 'desc': self.api.data['desc'], 'method': self.api.data['method'], 'mod': self.api.data['mod'], 'cls': self.api.data['cls'], 'utils': json.dumps(self.api.data.get('utils', [])), 'protected': self.api.data['protected'], 'enabled': self.api.data['enabled'], 'object': self.api.data.get('object'), 'object_key': self.api.data.get('object_key'), 'locked': False, 'locked_by': None, 'rmap': json.dumps({ '_type': 'dict', '_required': [], '_optional': [] }) } # Try to import the module and make sure it contains the class definition mod_status = mod_has_class(params['mod'], params['cls']) if not mod_status['valid']: return mod_status # Save the utility try: DBGatewayUtilities(**params).save() # Return the response return valid('Successfully created utility', { 'uuid': params['uuid'], 'path': params['path'], 'method': params['method'], 'desc': params['desc'], 'enabled': params['enabled'], 'protected': params['protected'] }) # Failed to save utility except Exception as e: return invalid('Failed to create utility: %s' % str(e))
def launch(self): """ Worker method for creating a new endpoint. """ # Concatenate the path and action to the name ep_name = '%s/%s' % (self.api.data['path'], self.api.data['action']) ep_desc = self.api.data['desc'] ep_path = self.api.data['path'] ep_action = self.api.data['action'] ep_method = self.api.data['method'] ep_class = self.api.data['cls'] ep_mod = self.api.data['mod'] ep_utils = '[]' if not ('utils' in self.api.data) else self.api.data['utils'] ep_uuid = str(uuid4()) ep_protected = self.api.data['protected'] ep_enabled = self.api.data['enabled'] ep_object = None if not ('object' in self.api.data) else self.api.data['object'] ep_obj_key = None if not ('object_key' in self.api.data) else self.api.data['object_key'] ep_rmap = json.dumps({ '_type': 'dict', '_required': [], '_optional': ['_data'] }) # Make sure the name isn't taken already if DBAuthEndpoints.objects.filter(name=ep_name).count(): return invalid('The endpoint <%s> already exists, please use a different <path>/<action> combination' % ep_name) # Try to import the module and make sure it contains the class definition mod_status = mod_has_class(ep_mod, ep_class) if not mod_status['valid']: return mod_status # Save the endpoint try: endpoint = DBAuthEndpoints( uuid = ep_uuid, name = ep_name, desc = ep_desc, path = ep_path, action = ep_action, method = ep_method, mod = ep_mod, cls = ep_class, utils = ep_utils, rmap = ep_rmap, protected = ep_protected, enabled = ep_enabled, object = ep_object, object_key = ep_obj_key, locked = False, locked_by = None ) endpoint.save() # Construct and return web data web_data = { 'uuid': ep_uuid, 'name': ep_name, 'path': ep_path, 'action': ep_action, 'method': ep_method, 'desc': ep_desc, 'enabled': ep_enabled, 'protected': ep_protected } return valid('Successfully created endpoint', web_data) # Failed to save endpoint except Exception as e: return invalid('Failed to create endpoint: %s' % str(e))
def launch(self): """ Worker method for updating an ACL object. """ # Make sure the object definition exists if not DBAuthACLObjects.objects.filter(type=self.type).count(): return invalid('Failed to update ACL object, type definition <%s> not found' % self.type) # Get the existing ACL object definition acl_obj = DBAuthACLObjects.objects.filter(type=self.type).values()[0] # ACL module / class acl_mod = acl_obj['acl_mod'] if not ('acl_mod' in self.api.data) else self.api.data['acl_mod'] acl_cls = acl_obj['acl_cls'] if not ('acl_cls' in self.api.data) else self.api.data['acl_cls'] # Make sure the module/class combination is valid acl_mod_status = mod_has_class(acl_mod, acl_cls, no_launch=True) if not acl_mod_status['valid']: return acl_mod_status # Object module / class obj_mod = acl_obj['obj_mod'] if not ('obj_mod' in self.api.data) else self.api.data['obj_mod'] obj_cls = acl_obj['obj_cls'] if not ('obj_cls' in self.api.data) else self.api.data['obj_cls'] # Make sure the module/class combination is valid obj_mod_status = mod_has_class(obj_mod, obj_cls, no_launch=True) if not obj_mod_status['valid']: return obj_mod_status # If updating the default ACL definition def_acl = None if 'def_acl' in self.api.data: # Make sure the default ACL exists if not DBAuthACLKeys.objects.filter(uuid=self.api.data['def_acl']).count(): return invalid('Failed to update ACL object type <%s>, default ACL <%s> not found' % (self.type, self.api.data['def_acl'])) # Get the default ACL object def_acl = DBAuthACLKeys.objects.get(uuid=self.api.data['def_acl']) # Make sure the ACL has object type authentication enabled if not def_acl.type_object: return invalid('Failed to update ACL object type <%s>, default ACL <%s> must have object authentication enabled' % (self.type, def_acl.uuid)) # Clear the UUID string from the API data del self.api.data['def_acl'] # Update the object definition try: # Update string values DBAuthACLObjects.objects.filter(type=self.type).update(**self.api.data) # If changing the default ACL if def_acl: acl_obj = DBAuthACLObjects.objects.get(type=self.type) acl_obj.def_acl = def_acl acl_obj.save() # Critical error when updating ACL object definition except Exception as e: return invalid('Failed to update ACL object: %s' % str(e)) # Successfully updated object return valid('Successfully updated ACL object')
def _validate(self): """ Validate the endpoint attributes. """ # Get all endpoints endpoint_all = DBAuthEndpoints.objects.all().values() # ACL objects acl_objects = list(DBAuthACLObjects.objects.all().values()) # Construct available endpoint utilities endpoint_utils = [] for ep in endpoint_all: endpoint_utils.append('%s.%s' % (ep['mod'], ep['cls'])) # Get the endpoint details endpoint_row = DBAuthEndpoints.objects.filter(uuid=self.endpoint).values()[0] # Default values path = endpoint_row['path'] if not ('path' in self.api.data) else self.api.data['path'] action = endpoint_row['action'] if not ('action' in self.api.data) else self.api.data['action'] method = endpoint_row['method'] if not ('method' in self.api.data) else self.api.data['method'] enabled = endpoint_row['enabled'] if not ('enabled' in self.api.data) else self.api.data['enabled'] protected = endpoint_row['protected'] if not ('protected' in self.api.data) else self.api.data['protected'] mod = endpoint_row['mod'] if not ('mod' in self.api.data) else self.api.data['mod'] cls = endpoint_row['cls'] if not ('cls' in self.api.data) else self.api.data['cls'] utils = endpoint_row['utils'] if not ('utils' in self.api.data) else self.api.data['utils'] rmap = endpoint_row['rmap'] if not ('rmap' in self.api.data) else self.api.data['rmap'] object = endpoint_row['object'] if not ('object' in self.api.data) else self.api.data['object'] object_key = endpoint_row['object_key'] if not ('object_key' in self.api.data) else self.api.data['object_key'] # Make sure the path and action strings are valid if not re.match(r'^[a-z][a-z\/]*[a-z]$', path): return invalid('Failed to validate endpoint <%s>, invalid <path> value: %s' % (self.endpoint, path)) if not re.match(r'^[a-z]*$', action): return invalid('Failed to validate endpoint <%s>, invalid <action> value: %s' % (self.endpoint, action)) # Make sure the method is valid if not method in ['GET', 'POST', 'PUT', 'DELETE']: return invalid('Failed to validate endpoint <%s>, invalid <method> value: %s' % (self.endpoint, method)) # Make sure the object type is supported obj_supported = False if object else True for acl_obj in acl_objects: if acl_obj['type'] == object: obj_supported = True break if not obj_supported: return invalid('Failed to validate endpoint, using unsupported endpoint object type <%s>' % object) # Make sure the request map is valid JSON try: tmp = json.loads(rmap) except Exception as e: return invalid('Failed to validate request map JSON: %s' % str(e)) # Validate the module mod_path = mod.replace('.', '/') if not os.path.isfile('%s/python/%s.py' % (C_BASE, mod_path)): return invalid('Failed to validate endpoint <%s>, module <%s> not found' % (self.endpoint, mod)) # Validate the class mod_status = mod_has_class(mod, cls) if not mod_status['valid']: return mod_status # Validate external utilities for util in utils: if not util in endpoint_utils: return invalid('Failed to validate endpoint <%s>, could not locate external utility class <%s>' % (self.endpoint, util)) # Map object self.epattr = { 'name': '%s/%s' % (path, action), 'path': path, 'action': action, 'method': method, 'enabled': enabled, 'protected': protected, 'mod': mod, 'cls': cls, 'utils': utils } # Attributes constructed return valid()
def _validate(self): """ Validate the utility attributes. """ # Get all utilities util_all = DBGatewayUtilities.objects.all().values() # ACL objects acl_objects = list(DBGatewayACLObjects.objects.all().values()) # Construct available external utilities util_ext = [] for util in util_all: util_ext.append('%s.%s' % (util['mod'], util['cls'])) # Get the utility details util_row = DBGatewayUtilities.objects.filter(uuid=self.utility).values()[0] # Default values default = { 'path': self.api.data.get('path', util_row['path']), 'method': self.api.data.get('method', util_row['method']), 'mod': self.api.data.get('mod', util_row['mod']), 'cls': self.api.data.get('cls', util_row['cls']), 'utils': self.api.data.get('utils', util_row['utils']), 'rmap': self.api.data.get('rmap', util_row['rmap']), 'enabled': self.api.data.get('enabled', util_row['enabled']), 'protected': self.api.data.get('protected', util_row['protected']), 'object': self.api.data.get('object', util_row['object']), 'object_key': self.api.data.get('object_key', util_row['object_key']) } # Make sure the path string is valid if not re.match(r'^[a-z0-9][a-z0-9\/]*[a-z0-9]$', default['path']): return invalid('Failed to validate utility [%s], invalid [path] value: %s' % (self.utility, default['path'])) # Make sure the method is valid if not default['method'] in ['GET', 'POST', 'PUT', 'DELETE']: return invalid('Failed to validate utility [%s], invalid [method] value: %s' % (self.utility, default['method'])) # Make sure the object type is supported obj_supported = False if default['object'] else True for acl_obj in acl_objects: if acl_obj['type'] == object: obj_supported = True break if not obj_supported: return invalid('Failed to validate utility, using unsupported utility object type [%s]' % object) # Make sure the request map is valid JSON try: tmp = json.loads(rmap) except Exception as e: return invalid('Failed to validate request map JSON: %s' % str(e)) # Validate the module mod_path = mod.replace('.', '/') if not os.path.isfile('%s/python/%s.py' % (L_BASE, mod_path)): return invalid('Failed to validate utility [%s], module [%s] not found' % (self.utility, mod)) # Validate the class mod_status = mod_has_class(mod, cls) if not mod_status['valid']: return mod_status # Validate external utilities for util in utils: if not util in util_ext: return invalid('Failed to validate utility [%s], could not locate external utility class [%s]' % (self.utility, util)) # Utility validated return valid()