def generateResults(self, **kwargs):
app_name = kwargs.get('client_app', APP_NAME)
sessionKey = cherrypy.session.get('sessionKey')
user = cherrypy.session['user']['name']
# if the current app doesn't exist...
app = App.get(App.build_id(app_name, app_name, user))
try:
hadoop = HadoopOps.get(HadoopOps.build_id(user, app_name, user))
except:
hadoop = HadoopOps(app_name, user, user)
if kwargs.get('set_ignore'):
hadoop.has_ignored = True
hadoop.passive_save()
return self.render_json({'has_ignored': True,
'errors': []})
if hadoop.id and hadoop.has_ignored:
return self.render_json({'has_ignored': True, 'errors': []})
if app.is_configured:
return self.render_json({'is_configured': True, 'errors': []})
else:
if self.is_app_admin(app, user):
return self.render_json({'is_configured': False, 'is_admin': True,
'errors': []})
else:
return self.render_json({'is_configured': False, 'is_admin': False,
'errors': []})
def generateResults(self, **kwargs):
app_name = kwargs.get('client_app', APP_NAME)
sessionKey = cherrypy.session.get('sessionKey')
user = cherrypy.session['user']['name']
# if the current app doesn't exist...
app = App.get(App.build_id(app_name, app_name, user))
if kwargs.get('set_ignore'):
app.is_configured = True
app.passive_save()
return self.render_json({'has_ignored': True, 'errors': []})
if app.is_configured:
return self.render_json({'is_configured': True, 'errors': []})
else:
if self.is_app_admin(app, user):
return self.render_json({
'is_configured': False,
'is_admin': True,
'errors': []
})
else:
return self.render_json({
'is_configured': False,
'is_admin': False,
'errors': []
})
def is_configured(self, app=None, assume_true_on_error=False):
if app:
try:
app = App.get(App.build_id(app, '', 'nobody'), self._input_config.session_key)
return app.is_configured
except splunk.RESTException:
return assume_true_on_error
else:
return assume_true_on_error
def save(self, app, action, **params):
''' save the posted hadoop ops setup content '''
error_key = None
form_content = {}
user = cherrypy.session['user']['name']
host_app = cherrypy.request.path_info.split('/')[3]
this_app = App.get(App.build_id(app, app, user))
ftr = 0 if (this_app.is_configured) else 1
redirect_params = dict(ftr=ftr)
logger.error(params)
# pass 1: load all user-supplied values as models
for k, v in params.iteritems():
try:
key = k.split('.')[1]
except IndexError:
continue
if key and key in MACROS:
if isinstance(v, list):
definition = (' OR ').join(v)
else:
definition = v
try:
form_content[key] = Macro.get(
Macro.build_id(key, app, user))
except:
form_content[key] = Macro(app, user, key)
form_content[key].definition = definition
form_content[key].metadata.sharing = 'app'
# pass 2: try to save(), and if we fail we return the user-supplied values
for key in form_content.keys():
try:
if not form_content[key].passive_save():
logger.error('Error saving setup values')
return self.render_template('/%s:/templates/setup_show.html' \
% host_app,
dict(name=key, app=app,
form_content=form_content))
except splunk.AuthorizationFailed:
logger.error('User %s is unauthorized to perform setup on %s' %
(user, app))
raise cherrypy.HTTPRedirect(
self._redirect(host_app, app, 'unauthorized',
**redirect_params), 303)
except Exception, ex:
logger.debug(ex)
logger.error('Failed to save eventtype %s' % key)
raise cherrypy.HTTPRedirect(
self._redirect(host_app, app, 'failure',
**redirect_params), 303)
def is_configured(self, app=None, assume_true_on_error=False):
if app:
try:
app = App.get(App.build_id(app, '', 'nobody'),
self._input_config.session_key)
return app.is_configured
except splunk.RESTException:
return assume_true_on_error
else:
return assume_true_on_error
def generateResults(self, **kwargs):
'''
be careful to account for tricky conditions where some users can't
interact with our custom REST endpoint by falling back to bundle
'''
app_name = kwargs.get('client_app', STATIC_APP)
conf_name = 'unix'
legacy_mode = False
sessionKey = cherrypy.session.get('sessionKey')
user = cherrypy.session['user']['name']
if os.path.exists(LEGACY_SETUP):
shutil.move(LEGACY_SETUP, LEGACY_SETUP + '.bak')
logger.info('disabled legacy setup.xml for %s' % app_name)
# if the current app doesn't exist...
app = App.get(App.build_id(app_name, app_name, user))
try:
a = Unix.get(Unix.build_id(user, app_name, user))
except:
a = Unix(app_name, user, user)
if kwargs.get('set_ignore'):
try:
a.has_ignored = True
a.save()
except:
# assumption: 99% of exceptions here will be 403
# we could version check, but this seems better
to_set = {user: {'has_ignored': 1}}
self.setConf(to_set, conf_name, namespace=app_name,
sessionKey=sessionKey, owner=user)
legacy_mode = True
return self.render_json({'has_ignored': True,
'errors': ['legacy_mode=%s' % legacy_mode]})
if a.id and a.has_ignored:
return self.render_json({'has_ignored': True, 'errors': []})
else:
conf = self.getConf(conf_name, sessionKey=sessionKey,
namespace=app_name, owner=user)
if conf and conf[user] and util.normalizeBoolean(conf[user]['has_ignored']):
return self.render_json({'has_ignored': True,
'errors': ['using legacy method']})
if app.is_configured:
return self.render_json({'is_configured': True, 'errors': []})
else:
if self.is_app_admin(app, user):
return self.render_json({'is_configured': False, 'is_admin': True,
'errors': []})
return self.render_json({'is_configured': False, 'is_admin': False,
'errors': []})
def save(self, app, action, **params):
''' save the posted hadoop ops setup content '''
error_key = None
form_content = {}
user = cherrypy.session['user']['name']
host_app = cherrypy.request.path_info.split('/')[3]
this_app = App.get(App.build_id(app, app, user))
ftr = 0 if (this_app.is_configured) else 1
redirect_params = dict(ftr=ftr)
logger.error(params)
# pass 1: load all user-supplied values as models
for k, v in params.iteritems():
try:
key = k.split('.')[1]
except IndexError:
continue
if key and key in MACROS:
if isinstance(v, list):
definition = (' OR ').join(v)
else:
definition = v
try:
form_content[key] = Macro.get(Macro.build_id(key, app, user))
except:
form_content[key] = Macro(app, user, key)
form_content[key].definition = definition
form_content[key].metadata.sharing = 'app'
# pass 2: try to save(), and if we fail we return the user-supplied values
for key in form_content.keys():
try:
if not form_content[key].passive_save():
logger.error('Error saving setup values')
return self.render_template('/%s:/templates/setup_show.html' \
% host_app,
dict(name=key, app=app,
form_content=form_content))
except splunk.AuthorizationFailed:
logger.error('User %s is unauthorized to perform setup on %s' % (user, app))
raise cherrypy.HTTPRedirect(self._redirect(host_app, app, 'unauthorized', **redirect_params), 303)
except Exception, ex:
logger.debug(ex)
logger.error('Failed to save eventtype %s' % key)
raise cherrypy.HTTPRedirect(self._redirect(host_app, app, 'failure', **redirect_params), 303)
def is_app_admin(self, app_name, user):
'''
used to determine app administrator membership
necessary because splunkd auth does not advertise inherited roles
'''
sub_roles = []
app = App.get(App.build_id(app_name, app_name, user))
admin_list = app.entity['eai:acl']['perms']['write']
if '*' in admin_list:
return True
for role in auth.getUser(name=user)['roles']:
if role in admin_list:
return True
sub_roles.append(role)
for role in sub_roles:
for irole in auth.getRole(name=role)['imported_roles']:
if irole in admin_list:
return True
return False
def is_app_admin(self, app_name, user):
'''
used to determine app administrator membership
necessary because splunkd auth does not advertise inherited roles
'''
sub_roles = []
app = App.get(App.build_id(app_name, app_name, user))
admin_list = app.entity['eai:acl']['perms']['write']
if '*' in admin_list:
return True
for role in auth.getUser(name=user)['roles']:
if role in admin_list:
return True
sub_roles.append(role)
for role in sub_roles:
for irole in auth.getRole(name=role)['imported_roles']:
if irole in admin_list:
return True
return False
def save_categories(self, app, action, **params):
user = cherrypy.session['user']['name']
host_app = cherrypy.request.path_info.split('/')[3]
this_app = App.get(App.build_id(host_app, host_app, user))
for param in params:
data = json.loads(param)
csvData = []
csvOrder = [1, 2, 0]
#logger.error('before: %s' % data)
self.tree_to_csv(csvData, data, csvOrder, [0, 0, 0])
csvHeader = ["host", "unix_category", "unix_group"]
csvData.insert(0, csvHeader)
#logger.error('after: %s' % csvData)
dropdownsCsv = os.path.join(util.get_apps_dir(), 'SA-nix', 'lookups',
'dropdowns.csv')
with open(dropdownsCsv, 'wb') as csvfile:
writer = csv.writer(csvfile)
writer.writerows(csvData)
writeToCsv(sharegroupList, SHAREGROUP_OUTPUT)
writeToCsv(includeList, INCLUDE_OUTPUT)
writeToCsv(ssmargsList, SSMARGS_OUTPUT)
writeToCsv(scheduleList, SCHEDULE_OUTPUT)
writeToCsv(scheduleCalendar, SCHEDULE_CALENDAR_OUTPUT)
def execute():
scriptData = getScriptData()
args = scriptData.args.split(" ")
scriptResult = None
while True:
scriptResult = wrapper_utils.getScriptOutput([scriptData.path] + args, scriptData.maxDuration, scriptData.debug, logger)
if(scriptResult[2]):
break
logger.error('Couldn\'t execute script in time')
data = scriptResult[0][0]
# with open(INPUT_FILE) as f:
# data = f.readlines()
policies = AllPolicies(data)
policies.writePolicies()
if __name__ == '__main__':
token = sys.stdin.readlines()[0]
app = App.get(App.build_id('nbu_setup_app', 'nbu_setup_app', 'nobody'), sessionKey = token)
if (app.is_configured):
execute()
else:
logger.info('App not configured!')
m.disable()
else:
m.enable()
m.share_global()
self.update_distsearch(host_app,
normBool(params.get('optimize_dist_search')))
logger.debug('Splunk Version = %s' % self._get_version())
if self._get_version() <= LooseVersion('4.2.2'):
temp_app = bundle.getConf('app',
namespace=host_app,
owner='nobody')
temp_app['install']['is_configured'] = 'true'
else:
this_app = App.get(App.build_id(host_app, host_app, user))
this_app.is_configured = True
this_app.passive_save()
logger.info('%s - App setup successful' % host_app)
raise cherrypy.HTTPRedirect(self._redirect(host_app, app, 'success'))
def get_distsearch(self, host_app):
return bundle.getConf(
'distsearch', namespace=host_app,
owner='nobody')['replicationBlacklist']['nontsyslogmappings']
def is_app_admin(self, app_name, user):
'''
used to determine app administrator membership
class TAUnixSetup(controllers.BaseController):
'''TA Unix Setup Controller'''
@route('/:app/:action=setup')
@expose_page(must_login=True, methods=['GET'])
@host_app
def setup(self, app, action, host_app=None, **kwargs):
''' show the setup page '''
user = cherrypy.session['user']['name']
if not self.is_app_admin(host_app, user):
raise cherrypy.HTTPRedirect(
self._redirect(host_app, app, 'unauthorized'))
mon = MonitorInput.all()
mon = mon.filter_by_app(app)
scripted = ScriptedInput.all()
scripted = scripted.filter_by_app(app)
system = (not (sys.platform.startswith('win')))
return self.render_template(
'/%s:/templates/setup_show.html' % host_app,
dict(system=system, mon=mon, scripted=scripted, app=app))
@route('/:app/:action=success')
@expose_page(must_login=True, methods=['GET'])
@host_app
def success(self, app, action, host_app=None, **kwargs):
''' render the success page '''
return self.render_template('/%s:/templates/setup_success.html' \
% host_app,
dict(app=app))
@route('/:app/:action=failure')
@expose_page(must_login=True, methods=['GET'])
@host_app
def failure(self, app, action, host_app=None, **kwargs):
''' render the failure page '''
return self.render_template('/%s:/templates/setup_failure.html' \
% host_app,
dict(app=app))
@route('/:app/:action=unauthorized')
@expose_page(must_login=True, methods=['GET'])
@host_app
def unauthorized(self, app, action, host_app=None, **kwargs):
''' render the unauthorized page '''
return self.render_template('/%s:/templates/setup_403.html' \
% host_app,
dict(app=app))
@route('/:app/:action=save')
@expose_page(must_login=True, methods=['POST'])
@host_app
def save(self, app, action, host_app=None, **params):
''' save the posted setup content '''
user = cherrypy.session['user']['name']
mon = MonitorInput.all()
mon = mon.filter_by_app(app)
scripted = ScriptedInput.all()
scripted = scripted.filter_by_app(app)
for m in mon:
disabled = normBool(params.get(m.name + '.disabled'))
if disabled:
m.disable()
else:
m.enable()
m.share_global()
for s in scripted:
disabled = normBool(params.get(s.name + '.disabled'))
if disabled:
s.disable()
else:
s.enable()
s.share_global()
interval = params.get(s.name + '.interval')
if interval:
s.interval = interval
try:
if not s.passive_save():
logger.error(m.errors)
return self.render_template(
'/%s:/templates/setup_show.html' \
% host_app,
dict(app=app,
errors=s,
scripted=scripted,
mon=mon)
)
except splunk.AuthorizationFailed:
raise cherrypy.HTTPRedirect(
self._redirect(host_app, app, 'unauthorized'))
except Exception, ex:
logger.info(ex)
raise cherrypy.HTTPRedirect(
self._redirect(host_app, app, 'failure'))
logger.debug('Splunk Version = %s' % self._get_version())
if self._get_version() <= LooseVersion('4.2.2'):
import splunk.bundle as bundle
temp_app = bundle.getConf('app',
namespace=host_app,
owner='nobody')
temp_app['install']['is_configured'] = 'true'
else:
this_app = App.get(App.build_id(host_app, host_app, user))
this_app.is_configured = True
this_app.passive_save()
logger.info('%s - App setup successful' % host_app)
raise cherrypy.HTTPRedirect(self._redirect(host_app, app, 'success'))
for m in mon:
disabled = normBool(params.get(m.name + '.disabled'))
if disabled:
m.disable()
else:
m.enable()
m.share_global()
self.update_distsearch(host_app, normBool(params.get('optimize_dist_search')))
logger.debug('Splunk Version = %s' % self._get_version())
if self._get_version() <= LooseVersion('4.2.2'):
temp_app = bundle.getConf('app', namespace=host_app, owner='nobody')
temp_app['install']['is_configured'] = 'true'
else:
this_app = App.get(App.build_id(host_app, host_app, user))
this_app.is_configured = True
this_app.passive_save()
logger.info('%s - App setup successful' % host_app)
raise cherrypy.HTTPRedirect(self._redirect(host_app, app, 'success'))
def get_distsearch(self, host_app):
return bundle.getConf('distsearch',
namespace=host_app,
owner='nobody')['replicationBlacklist']['nontsyslogmappings']
def is_app_admin(self, app_name, user):
'''
used to determine app administrator membership
if (cachedDataItem == None):
status = "new"
statusSet = True
elif (fieldName not in cachedDataItem) or str(
job[x] != str(cachedDataItem[fieldName])):
status = "updated"
statusSet = True
resultItem[fieldName] = job[x]
resultItem["status"] = status
print "'timestamp','id','status'"
for key in result:
item = result[key]
line = "[" + strftime("%m/%d/%Y %H:%M:%S %p %Z", localtime()) + "],"
line += str(key) + "," + resultItem["status"]
print line
if (scriptData.debug):
logger.info(line)
with open(CACHE_FILEPATH, 'w+') as outfile:
json.dump(result, outfile)
if __name__ == '__main__':
token = sys.stdin.readlines()[0]
app = App.get(App.build_id('nbu_setup_app', 'nbu_setup_app', 'nobody'),
sessionKey=token)
if (app.is_configured):
execute()
else:
logger.info('App not configured!')
if not statusSet:
if cachedDataItem == None:
status = "new"
statusSet = True
elif (fieldName not in cachedDataItem) or str(job[x] != str(cachedDataItem[fieldName])):
status = "updated"
statusSet = True
resultItem[fieldName] = job[x]
resultItem["status"] = status
print "'timestamp','id','status'"
for key in result:
item = result[key]
line = "[" + strftime("%m/%d/%Y %H:%M:%S %p %Z", localtime()) + "],"
line += str(key) + "," + resultItem["status"]
print line
if scriptData.debug:
logger.info(line)
with open(CACHE_FILEPATH, "w+") as outfile:
json.dump(result, outfile)
if __name__ == "__main__":
token = sys.stdin.readlines()[0]
app = App.get(App.build_id("nbu_setup_app", "nbu_setup_app", "nobody"), sessionKey=token)
if app.is_configured:
execute()
else:
logger.info("App not configured!")
def submitCluster(self, config, action, **kwargs):
'''add configuration for a single HDFS cluster'''
app = cherrypy.request.path_info.split('/')[3]
user = cherrypy.session['user']['name']
errors = []
if kwargs.get('secure', 0):
#TODO: verify service principal is provided
if kwargs.get('kerberos_principal') == 'add':
principal = Principal(
app, user, **{
'name': kwargs.get('principal_name'),
'keytab_path': kwargs.get('principal_keytab_location')
})
if principal.passive_save():
kwargs['kerberos_principal'] = kwargs.get('principal_name')
else:
errors += principal.errors
else:
if kwargs.get('kerberos_principal'):
kwargs['kerberos_principal'] = ''
if kwargs.get('kerberos_service_principal'):
kwargs['kerberos_service_principal'] = ''
id = kwargs.pop('id', None)
type = kwargs.pop('type', None)
if type == 'remote':
kwargs['uri'] = 'hdfs://%s' % kwargs.get(
'name') if 'name' in kwargs else None
elif type == 'local':
kwargs['uri'] = 'file://%s' % kwargs.pop('local_mount')
else:
raise cherrypy.HTTPError(400, 'Expected cluster type parameter')
try:
cluster = Cluster.get(id)
cluster.update(kwargs)
# Change the owner to nobody, so that REST call will be made to /servicesNS/nobody/HadoopConnect/...
# instead of /servicesNS/admin/HadoopConnect/... or /servicesNS/<owner>/HadoopConnect/...
if cluster.entity and cluster.entity.owner:
cluster.entity.owner = 'nobody'
edit = True
except:
cluster = Cluster(app, user, **kwargs)
edit = False
# save stuff iff there were no errors while saving the principal
if len(errors) == 0:
logger.info("Saving cluster with args: %s " % kwargs)
if cluster.passive_save():
this_app = App.get(App.build_id(app, app, user))
this_app.is_configured = True
this_app.passive_save()
if app_util.is_xhr():
cherrypy.response.status = 200
return ""
raise cherrypy.HTTPRedirect(
self.make_url(['app', app, 'config_clusters']), 303)
principals = Principal.all().filter_by_app(app)
principal_name = kwargs.get('principal_name', '')
principal_keytab_location = kwargs.get('principal_keytab_location', '')
cluster.errors += errors
if app_util.is_xhr():
cherrypy.response.status = 404
return self.render_template(
'/%s:/templates/add_cluster.html' % app,
dict(form_content='fomasdafe',
app=app,
cluster=cluster,
edit=edit,
principals=principals,
principal_name=principal_name,
principal_keytab_location=principal_keytab_location,
selectedTab=type))
