def generate_port_checks(res_name, res_version):
key = {u"name":unicode(res_name), u"version":unicode(res_version)}
with NamedTempFile() as f:
layout_mgr = efl.get_engine_layout_mgr()
main_rdef_file = os.path.abspath(os.path.expanduser(layout_mgr.get_resource_def_file()))
ppr.preprocess_resource_file(main_rdef_file,
layout_mgr.get_extension_resource_files(),
f.name, logger)
with open(f.name, "rb") as rf:
g = rdef.create_resource_graph(json.load(rf))
if not g.has_resource(key):
raise Exception("Resource %s %s not found in resource definitions" %
(res_name, res_version))
r = g.get_resource(key)
if len(r.config_port.properties)>0:
checks = resource_port_to_port_check(r.config_port)
else:
checks = ""
for p in r.input_ports.values():
checks += resource_port_to_port_check(p)
for p in r.output_ports.values():
checks += resource_port_to_port_check(p)
return checks
def generate_pw_file_if_necessary(
engage_file_layout,
deployment_home,
parsed_install_solution,
library,
installer_supplied_pw_key_list=None,
master_password_file=None,
read_master_pw_from_stdin=False,
suppress_master_password_file=False,
generate_random_passwords=False,
dry_run=False,
):
"""Do the password database setup.
"""
# helper functions
def get_master_password(ask_only_once=False):
return _get_master_password(
deployment_home,
master_password_file,
read_master_pw_from_stdin,
ask_only_once=ask_only_once,
dry_run=dry_run,
)
def get_new_pw_db():
return pw_repository.PasswordRepository(get_master_password())
# Get some file locations from the engage_file_layout object
efl = engage_file_layout
preprocessed_resource_def_file = efl.get_preprocessed_resource_file()
pw_file = efl.get_password_database_file()
pw_salt = efl.get_password_salt_file()
# First, load the resource definitions and instances
with open(preprocessed_resource_def_file, "rb") as f:
g = rdef.create_resource_graph(json.load(f))
# read the existing password db if it exists
if os.path.exists(pw_file):
assert os.path.exists(pw_salt), "Password file present, but no password salt file at %s" % pw_salt
load_from_file = pw_repository.PasswordRepository.load_from_file
pw_db = load_from_file(pw_file, pw_salt, get_master_password(ask_only_once=True))
orig_pw_db = copy.copy(pw_db)
else:
pw_db = None
orig_pw_db = None
# obtain passwords referenced in the installer_config.json file, if any
if installer_supplied_pw_key_list != None and len(installer_supplied_pw_key_list) > 0:
if pw_db == None:
pw_db = get_new_pw_db()
for (pw_key, pw_desc) in installer_supplied_pw_key_list:
# we only ask if the pw is not already present
if not pw_db.has_key(pw_key):
pw_db.add_key(
pw_key,
_prompt_for_password(pw_desc, pw_key, generate_random=generate_random_passwords, dry_run=dry_run),
)
# Go through the install script. Check to see if there are any resources
# that require root access. Also, see what passwords are missing,
# and prompt for those.
requires_root_access = False
always_requires_pw_file = False
for inst_md in parsed_install_solution:
if inst_md.package != None:
continue # new-style packages cannot have this password mess
entry = library.get_entry(inst_md)
if entry == None:
raise Exception("Unable to find resource library entry for resource %s" % inst_md.key.__repr__())
# See if the resource requires root access. If the resource says it
# needs root access, we also check if it is already installed (according
# to the installed property on the resource metadta). If it is already
# installed and isn't a service, we don't need root access.
if entry.requires_root_access() and (
(not inst_md.is_installed()) or hasattr(entry.get_manager_class(), "start")
):
logger.debug("Resource %s requires root access." % inst_md.id)
requires_root_access = True
if entry.always_requires_password_file():
always_requires_pw_file = True
r = g.get_resource(inst_md.key)
pw_props = r.get_password_properties()
if len(pw_props) == 0:
continue # no passwords on this resource
if pw_db == None:
pw_db = get_new_pw_db() # we lazily create the pw db
for (prop, default_val) in pw_props.items():
if inst_md.config_port.has_key(prop):
pw_key = inst_md.config_port[prop]
elif default_val != None:
pw_key = default_val
else:
raise Exception(
"Resource instance %s (type %s) is missing a value for password property %s"
% (inst["id"], inst["key"], prop)
)
if not pw_db.has_key(pw_key):
pw_db.add_key(
pw_key,
_prompt_for_password(
"Password for %s, property %s" % (inst_md.id, prop),
pw_key,
generate_random=generate_random_passwords,
dry_run=dry_run,
),
)
# see if we need the sudo password. If so, ask for it and add to
# password database
if requires_root_access:
if procutils.is_running_as_root():
logger.debug("Root access required, but no sudo password is required as we are running as root")
elif procutils.SUDO_PASSWORD_REQUIRED == False:
logger.debug("Root access required, but no sudo password is required for this user")
else:
logger.debug("Root access required, asking for sudo password")
if pw_db == None:
pw_db = get_new_pw_db()
_add_sudo_password_to_repository(pw_db, dry_run=dry_run)
# In some cases, a resource may want to ensure that there always is a
# password file.
if always_requires_pw_file and pw_db == None:
pw_db = get_new_pw_db()
# write out the password database, if it changed
if pw_db and (orig_pw_db == None or orig_pw_db.data != pw_db.data):
logger.info("Writing password file to %s" % pw_file)
if not dry_run:
pw_db.save_to_file(pw_file, pw_salt)
if pw_db and (not suppress_master_password_file) and deployment_home:
# write out the master password to the default file if it was not already
# there.
master_pwfile = _default_master_pwfile(deployment_home)
if (not os.path.exists(master_pwfile)) or _read_pwfile(master_pwfile) != pw_db.user_key:
with open(master_pwfile, "w") as f:
f.write(pw_db.user_key)
os.chmod(master_pwfile, 0600)
if pw_db == None:
logger.info("No password database required")
return pw_db
