def create_group(permissions=None, group_name=None, display_name=None, owner=None, ldap=False, root_password=None): # tg_group.group_name column is VARCHAR(16) if group_name is None: group_name = unique_name(u'group%s') assert len(group_name) <= 16 group = Group.lazy_create(group_name=group_name) group.root_password = root_password if display_name is None: group.display_name = u'Group %s' % group_name else: group.display_name = display_name group.ldap = ldap if ldap: assert owner is None, 'LDAP groups cannot have owners' if owner: add_owner_to_group(owner, group) else: group_owner = create_user(user_name=unique_name(u'group_owner_%s')) add_owner_to_group(group_owner, group) if permissions: group.permissions.extend(Permission.by_name(name) for name in permissions) return group
def save_group_permissions(self, **kw): try: permission_name = kw['permissions']['text'] except KeyError: log.exception('Permission not submitted correctly') response.status = 403 return ['Permission not submitted correctly'] try: permission = Permission.by_name(permission_name) except NoResultFound: log.exception('Invalid permission: %s' % permission_name) response.status = 403 return ['Invalid permission value'] try: group_id = kw['group_id'] except KeyError: log.exception('Group id not submitted') response.status = 403 return ['No group id given'] try: group = Group.by_id(group_id) except NoResultFound: log.exception('Group id %s is not a valid group id' % group_id) response.status = 403 return ['Invalid Group Id'] group = Group.by_id(group_id) if permission not in group.permissions: group.permissions.append(permission) else: response.status = 403 return ['%s already exists in group %s' % (permission.permission_name, group.group_name)] return {'name':permission_name, 'id':permission.permission_id}
def create_group(permissions=None, group_name=None, display_name=None, owner=None, membership_type=GroupMembershipType.normal, root_password=None): if group_name is None: group_name = unique_name(u'group%s') group = Group.lazy_create(group_name=group_name) group.root_password = root_password if display_name is None: group.display_name = u'Group %s display name' % group_name else: group.display_name = display_name group.membership_type = membership_type if group.membership_type == GroupMembershipType.ldap: assert owner is None, 'LDAP groups cannot have owners' if not owner: owner = create_user(user_name=unique_name(u'group_owner_%s')) group.add_member(owner, is_owner=True, service=u'testdata') if permissions: group.permissions.extend( Permission.by_name(name) for name in permissions) return group
def create_group(permissions=None, group_name=None, display_name=None, owner=None, ldap=False, root_password=None): # tg_group.group_name column is VARCHAR(16) if group_name is None: group_name = unique_name(u'group%s') assert len(group_name) <= 16 group = Group.lazy_create(group_name=group_name) group.root_password = root_password if display_name is None: group.display_name = u'Group %s' % group_name else: group.display_name = display_name group.ldap = ldap if ldap: assert owner is None, 'LDAP groups cannot have owners' if owner: add_owner_to_group(owner, group) else: group_owner = create_user(user_name=unique_name(u'group_owner_%s')) add_owner_to_group(group_owner, group) if permissions: group.permissions.extend( Permission.by_name(name) for name in permissions) return group
def setUp(self): self.lc = data_setup.create_labcontroller() self.distro = data_setup.create_distro() self.distro_tree = data_setup.create_distro_tree(distro=self.distro, arch='x86_64', lab_controllers=[self.lc]) self.server = self.get_server() user = User.by_user_name(data_setup.ADMIN_USER) user.groups[0].permissions[:] = user.groups[0].permissions + [ Permission.by_name('distro_expire')]
def permissions_typeahead(): if 'q' in request.args: permissions = Permission.by_name(request.args['q'], anywhere=True) else: permissions = Permission.query.all() data = [{'permission_name': permission.permission_name, 'tokens': [permission.permission_name]} for permission in permissions] return jsonify(data=data)
def setUp(self): self.lc = data_setup.create_labcontroller() self.distro = data_setup.create_distro() self.distro_tree = data_setup.create_distro_tree( distro=self.distro, arch='x86_64', lab_controllers=[self.lc]) self.server = self.get_server() user = User.by_user_name(data_setup.ADMIN_USER) user.groups[0].permissions[:] = user.groups[0].permissions + [ Permission.by_name('distro_expire') ]
def setUp(self): self.group = data_setup.create_group() # grant the group distro_expire permission self.group.permissions.append(Permission.by_name('distro_expire')) self.user = data_setup.create_user(password=u'password') self.group.add_member(self.user) self.lc = data_setup.create_labcontroller(user=self.user) self.distro = data_setup.create_distro() self.distro_tree = data_setup.create_distro_tree( distro=self.distro, arch='x86_64', lab_controllers=[self.lc]) self.server = self.get_server()
def setUp(self): self.group = data_setup.create_group() # grant the group distro_expire permission self.group.permissions.append(Permission.by_name('distro_expire')) self.user = data_setup.create_user(password=u'password') self.group.add_member(self.user) self.lc = data_setup.create_labcontroller(user=self.user) self.distro = data_setup.create_distro() self.distro_tree = data_setup.create_distro_tree(distro=self.distro, arch='x86_64', lab_controllers=[self.lc]) self.server = self.get_server()
def test_whoami_proxy_user(self): with session.begin(): group = data_setup.create_group() proxy_perm = Permission.by_name(u'proxy_auth') group.permissions.append(proxy_perm) proxied_user = data_setup.create_user() proxying_user = data_setup.create_user(password='******') group.add_member(proxying_user) out = run_client( ['bkr', 'whoami', '--proxy-user', proxied_user.user_name], config=create_client_config(username=proxying_user.user_name, password='******')) self.assertIn('"username": "******"' % proxied_user.user_name, out) self.assertIn('"proxied_by_username": "******"' % proxying_user.user_name, out)
def test_whoami_proxy_user(self): with session.begin(): group = data_setup.create_group() proxy_perm = Permission.by_name(u'proxy_auth') group.permissions.append(proxy_perm) proxied_user = data_setup.create_user() proxying_user = data_setup.create_user(password='******') group.add_member(proxying_user) out = run_client(['bkr', 'whoami', '--proxy-user', proxied_user.user_name], config=\ create_client_config( username=proxying_user.user_name, password='******')) self.assertIn('"username": "******"' % proxied_user.user_name, out) self.assertIn('"proxied_by_username": "******"' % proxying_user.user_name, out)
def remove_group_permission(self, group_id, permission_id): try: group = Group.by_id(group_id) except DatabaseLookupError: log.exception('Group id %s is not a valid Group to remove' % group_id) return ['0'] if not group.can_edit(identity.current.user): log.exception('User %d does not have edit permissions for Group id %s' % (identity.current.user.user_id, group_id)) response.status = 403 return ['You are not an owner of group %s' % group] try: permission = Permission.by_id(permission_id) except NoResultFound: log.exception('Permission id %s is not a valid Permission to remove' % permission_id) return ['0'] group.permissions.remove(permission) return ['1']
def create_group(permissions=None, group_name=None, display_name=None, owner=None, membership_type=GroupMembershipType.normal, root_password=None): if group_name is None: group_name = unique_name(u'group%s') group = Group.lazy_create(group_name=group_name) group.root_password = root_password if display_name is None: group.display_name = u'Group %s display name' % group_name else: group.display_name = display_name group.membership_type = membership_type if group.membership_type == GroupMembershipType.ldap: assert owner is None, 'LDAP groups cannot have owners' if not owner: owner = create_user(user_name=unique_name(u'group_owner_%s')) group.add_member(owner, is_owner=True, service=u'testdata') if permissions: group.permissions.extend(Permission.by_name(name) for name in permissions) return group
def save_group_permissions(self, **kw): try: permission_name = kw['permissions']['text'] except KeyError: log.exception('Permission not submitted correctly') response.status = 403 return ['Permission not submitted correctly'] try: permission = Permission.by_name(permission_name) except NoResultFound: log.exception('Invalid permission: %s' % permission_name) response.status = 403 return ['Invalid permission value'] try: group_id = kw['group_id'] except KeyError: log.exception('Group id not submitted') response.status = 403 return ['No group id given'] try: group = Group.by_id(group_id) except NoResultFound: log.exception('Group id %s is not a valid group id' % group_id) response.status = 403 return ['Invalid Group Id'] group = Group.by_id(group_id) if permission not in group.permissions: group.permissions.append(permission) else: response.status = 403 return [ '%s already exists in group %s' % (permission.permission_name, group.group_name) ] return {'name': permission_name, 'id': permission.permission_id}
def remove_group_permission(self, group_id, permission_id): try: group = Group.by_id(group_id) except DatabaseLookupError: log.exception('Group id %s is not a valid Group to remove' % group_id) return ['0'] if not group.can_edit(identity.current.user): log.exception( 'User %d does not have edit permissions for Group id %s' % (identity.current.user.user_id, group_id)) response.status = 403 return ['You are not an owner of group %s' % group] try: permission = Permission.by_id(permission_id) except NoResultFound: log.exception( 'Permission id %s is not a valid Permission to remove' % permission_id) return ['0'] group.permissions.remove(permission) return ['1']
def populate_db(user_name=None, password=None, user_display_name=None, user_email_address=None): logger.info('Populating tables with pre-defined values if necessary') session.begin() try: admin = Group.by_name(u'admin') except InvalidRequestError: admin = Group(group_name=u'admin', display_name=u'Admin') session.add(admin) try: lab_controller = Group.by_name(u'lab_controller') except InvalidRequestError: lab_controller = Group(group_name=u'lab_controller', display_name=u'Lab Controller') session.add(lab_controller) # Setup User account if user_name: user = User.lazy_create(user_name=user_name.decode('utf8')) if password: user.password = password.decode('utf8') if user_display_name: user.display_name = user_display_name.decode('utf8') if user_email_address: user.email_address = user_email_address.decode('utf8') # Ensure the user is in the 'admin' group as an owner. # Flush for lazy_create. session.flush() user_group_assoc = UserGroup.lazy_create( user_id=user.user_id, group_id=admin.group_id) user_group_assoc.is_owner = True # Create distro_expire perm if not present try: _ = Permission.by_name(u'distro_expire') except NoResultFound: distro_expire_perm = Permission(u'distro_expire') session.add(distro_expire_perm) # Create proxy_auth perm if not present try: _ = Permission.by_name(u'proxy_auth') except NoResultFound: proxy_auth_perm = Permission(u'proxy_auth') session.add(proxy_auth_perm) # Create tag_distro perm if not present try: _ = Permission.by_name(u'tag_distro') except NoResultFound: tag_distro_perm = Permission(u'tag_distro') admin.permissions.append(tag_distro_perm) # Create stop_task perm if not present try: _ = Permission.by_name(u'stop_task') except NoResultFound: stop_task_perm = Permission(u'stop_task') lab_controller.permissions.append(stop_task_perm) admin.permissions.append(stop_task_perm) # Create secret_visible perm if not present try: _ = Permission.by_name(u'secret_visible') except NoResultFound: secret_visible_perm = Permission(u'secret_visible') lab_controller.permissions.append(secret_visible_perm) admin.permissions.append(secret_visible_perm) # Create change_prio perm if not present try: _ = Permission.by_name(u'change_prio') except NoResultFound: change_prio_perm = Permission(u'change_prio') session.add(change_prio_perm) # Setup Hypervisors Table if Hypervisor.query.count() == 0: for h in [u'KVM', u'Xen', u'HyperV', u'VMWare']: session.add(Hypervisor(hypervisor=h)) # Setup kernel_type Table if KernelType.query.count() == 0: for type in [u'default', u'highbank', u'imx', u'omap', u'tegra']: session.add(KernelType(kernel_type=type, uboot=False)) for type in [u'mvebu']: session.add(KernelType(kernel_type=type, uboot=True)) # Setup base Architectures if Arch.query.count() == 0: for arch in [u'i386', u'x86_64', u'ia64', u'ppc', u'ppc64', u'ppc64le', u's390', u's390x', u'armhfp', u'aarch64', u'arm']: session.add(Arch(arch)) # Setup base power types if PowerType.query.count() == 0: for power_type in [u'apc_snmp', u'apc_snmp_then_etherwake', u'bladecenter', u'bladepap', u'drac', u'ether_wake', u'hyper-v', u'ilo', u'integrity', u'ipmilan', u'ipmitool', u'lpar', u'rsa', u'virsh', u'wti']: session.add(PowerType(power_type)) # Setup key types if Key.query.count() == 0: session.add(Key(u'DISKSPACE', True)) session.add(Key(u'COMMENT')) session.add(Key(u'CPUFAMILY', True)) session.add(Key(u'CPUFLAGS')) session.add(Key(u'CPUMODEL')) session.add(Key(u'CPUMODELNUMBER', True)) session.add(Key(u'CPUSPEED', True)) session.add(Key(u'CPUVENDOR')) session.add(Key(u'DISK', True)) session.add(Key(u'FORMFACTOR')) session.add(Key(u'HVM')) session.add(Key(u'MEMORY', True)) session.add(Key(u'MODEL')) session.add(Key(u'MODULE')) session.add(Key(u'NETWORK')) session.add(Key(u'NR_DISKS', True)) session.add(Key(u'NR_ETH', True)) session.add(Key(u'NR_IB', True)) session.add(Key(u'PCIID')) session.add(Key(u'PROCESSORS', True)) session.add(Key(u'RTCERT')) session.add(Key(u'SCRATCH')) session.add(Key(u'STORAGE')) session.add(Key(u'USBID')) session.add(Key(u'VENDOR')) session.add(Key(u'XENCERT')) session.add(Key(u'NETBOOT_METHOD')) if RetentionTag.query.count() == 0: session.add(RetentionTag(tag=u'scratch', is_default=1, expire_in_days=30)) session.add(RetentionTag(tag=u'60days', needs_product=False, expire_in_days=60)) session.add(RetentionTag(tag=u'120days', needs_product=False, expire_in_days=120)) session.add(RetentionTag(tag=u'active', needs_product=True)) session.add(RetentionTag(tag=u'audit', needs_product=True)) config_items = [ # name, description, numeric (u'root_password', u'Plaintext root password for provisioned systems', False), (u'root_password_validity', u"Maximum number of days a user's root password is valid for", True), (u'guest_name_prefix', u'Prefix for names of dynamic guests in OpenStack', False), (u'guest_private_network', u'Network address in CIDR format for private networks' ' of dynamic guests in OpenStack.', False), ] for name, description, numeric in config_items: ConfigItem.lazy_create(name=name, description=description, numeric=numeric) if ConfigItem.by_name(u'root_password').current_value() is None: ConfigItem.by_name(u'root_password').set(u'beaker', user=admin.users[0]) if ConfigItem.by_name(u'guest_private_network').current_value() is None: ConfigItem.by_name(u'guest_private_network').set(u'192.168.10.0/24', user=admin.users[0]) session.commit() session.close() logger.info('Pre-defined values populated')
def create_permission(name=None): if not name: name = unique_name('permission%s') permission = Permission(name) session.add(permission) return permission
def get_permissions(self, input): results = Permission.by_name(input, anywhere=True) permission_names = [result.permission_name for result in results] return dict(matches=permission_names)
def populate_db(user_name=None, password=None, user_display_name=None, user_email_address=None): session.begin() try: admin = Group.by_name(u'admin') except InvalidRequestError: admin = Group(group_name=u'admin',display_name=u'Admin') session.add(admin) try: lab_controller = Group.by_name(u'lab_controller') except InvalidRequestError: lab_controller = Group(group_name=u'lab_controller', display_name=u'Lab Controller') session.add(lab_controller) #Setup User account if user_name: user = User.lazy_create(user_name=user_name.decode('utf8')) if password: user.password = password.decode('utf8') if user_display_name: user.display_name = user_display_name.decode('utf8') if user_email_address: user.email_address = user_email_address.decode('utf8') # Ensure the user is in the 'admin' group as an owner. # Flush for lazy_create. session.flush() user_group_assoc = UserGroup.lazy_create( user_id=user.user_id, group_id=admin.group_id) user_group_assoc.is_owner = True # Create distro_expire perm if not present try: distro_expire_perm = Permission.by_name(u'distro_expire') except NoResultFound: distro_expire_perm = Permission(u'distro_expire') session.add(distro_expire_perm) # Create proxy_auth perm if not present try: proxy_auth_perm = Permission.by_name(u'proxy_auth') except NoResultFound: proxy_auth_perm = Permission(u'proxy_auth') session.add(proxy_auth_perm) # Create tag_distro perm if not present try: tag_distro_perm = Permission.by_name(u'tag_distro') except NoResultFound: tag_distro_perm = Permission(u'tag_distro') admin.permissions.append(tag_distro_perm) # Create stop_task perm if not present try: stop_task_perm = Permission.by_name(u'stop_task') except NoResultFound: stop_task_perm = Permission(u'stop_task') lab_controller.permissions.append(stop_task_perm) admin.permissions.append(stop_task_perm) # Create secret_visible perm if not present try: secret_visible_perm = Permission.by_name(u'secret_visible') except NoResultFound: secret_visible_perm = Permission(u'secret_visible') lab_controller.permissions.append(secret_visible_perm) admin.permissions.append(secret_visible_perm) #Setup Hypervisors Table if Hypervisor.query.count() == 0: for h in [u'KVM', u'Xen', u'HyperV', u'VMWare']: session.add(Hypervisor(hypervisor=h)) #Setup kernel_type Table if KernelType.query.count() == 0: for type in [u'default', u'highbank', u'imx', u'omap', u'tegra']: session.add(KernelType(kernel_type=type, uboot=False)) for type in [u'mvebu']: session.add(KernelType(kernel_type=type, uboot=True)) #Setup base Architectures if Arch.query.count() == 0: for arch in [u'i386', u'x86_64', u'ia64', u'ppc', u'ppc64', u'ppc64le', u's390', u's390x', u'armhfp', u'aarch64', u'arm']: session.add(Arch(arch)) #Setup base power types if PowerType.query.count() == 0: for power_type in [u'apc_snmp', u'apc_snmp_then_etherwake', u'bladecenter', u'bladepap', u'drac', u'ether_wake', u'hyper-v', u'ilo', u'integrity', u'ipmilan', u'ipmitool', u'lpar', u'rsa', u'virsh', u'wti']: session.add(PowerType(power_type)) #Setup key types if Key.query.count() == 0: session.add(Key(u'DISKSPACE',True)) session.add(Key(u'COMMENT')) session.add(Key(u'CPUFAMILY',True)) session.add(Key(u'CPUFLAGS')) session.add(Key(u'CPUMODEL')) session.add(Key(u'CPUMODELNUMBER', True)) session.add(Key(u'CPUSPEED',True)) session.add(Key(u'CPUVENDOR')) session.add(Key(u'DISK',True)) session.add(Key(u'FORMFACTOR')) session.add(Key(u'HVM')) session.add(Key(u'MEMORY',True)) session.add(Key(u'MODEL')) session.add(Key(u'MODULE')) session.add(Key(u'NETWORK')) session.add(Key(u'NR_DISKS',True)) session.add(Key(u'NR_ETH',True)) session.add(Key(u'NR_IB',True)) session.add(Key(u'PCIID')) session.add(Key(u'PROCESSORS',True)) session.add(Key(u'RTCERT')) session.add(Key(u'SCRATCH')) session.add(Key(u'STORAGE')) session.add(Key(u'USBID')) session.add(Key(u'VENDOR')) session.add(Key(u'XENCERT')) session.add(Key(u'NETBOOT_METHOD')) #Setup ack/nak reposnses if Response.query.count() == 0: session.add(Response(response=u'ack')) session.add(Response(response=u'nak')) if RetentionTag.query.count() == 0: session.add(RetentionTag(tag=u'scratch', is_default=1, expire_in_days=30)) session.add(RetentionTag(tag=u'60days', needs_product=False, expire_in_days=60)) session.add(RetentionTag(tag=u'120days', needs_product=False, expire_in_days=120)) session.add(RetentionTag(tag=u'active', needs_product=True)) session.add(RetentionTag(tag=u'audit', needs_product=True)) config_items = [ # name, description, numeric (u'root_password', u'Plaintext root password for provisioned systems', False), (u'root_password_validity', u"Maximum number of days a user's root password is valid for", True), (u'guest_name_prefix', u'Prefix for names of dynamic guests in OpenStack', False), ] for name, description, numeric in config_items: ConfigItem.lazy_create(name=name, description=description, numeric=numeric) if ConfigItem.by_name(u'root_password').current_value() is None: ConfigItem.by_name(u'root_password').set(u'beaker', user=admin.users[0]) session.commit() session.close()
def _get_permission_by_name(permission_name): try: return Permission.by_name(permission_name) except NoResultFound: # Needs to return 400 as the resource exists but the given parameter is bad. raise BadRequest400("Permission '%s' does not exist" % permission_name)