def main(argv=None): # IGNORE:C0111 '''Command line options.''' if argv is None: argv = sys.argv else: sys.argv.extend(argv) parser = argparse.ArgumentParser( description='Process py-fortress admin and review commands.') parser.add_argument('entity', metavar='entity', choices=[USER, ROLE, PERM, OBJECT], help='entity name') parser.add_argument('operation', metavar='operand', choices=[ ADD, UPDATE, DELETE, ASSIGN, DEASSIGN, GRANT, REVOKE, READ, SEARCH ], help='operation name') parser.add_argument('-r', '--role', dest='role', help='role name') parser.add_argument('--phones', nargs="*", default=[]) parser.add_argument('--mobiles', nargs="*", default=[]) parser.add_argument('--emails', nargs="*", default=[]) parser.add_argument('--props', nargs="*", default=[]) add_args(parser, Role()) add_args(parser, User()) add_args(parser, Perm()) add_args(parser, PermObj()) add_args(parser, Constraint()) args = parser.parse_args() process(args)
def delete_object(perm_obj): """ This method will remove permission object to perms container in directory. This method will also remove in associated permissions that are attached to this object. required parameters: perm.obj_name - maps to existing perm object. """ utils.validate_perm_obj(perm_obj) try: permdao.delete_obj(perm_obj) except RbacError as e: # if entry has children. if e.id == global_ids.PERM_OBJECT_DELETE_FAILED_NONLEAF: logger.warn('admin.delete_object non-leaf, obj_name:' + perm_obj.obj_name) # remove all of them. pList = permdao.search(Perm(obj_name=perm_obj.obj_name, op_name='*')) for perm in pList: permdao.delete(perm) logger.warn('admin.delete_object child obj_name:' + perm.obj_name + ', op_name:' + perm.op_name) # now try to remove this node once again permdao.delete_obj(perm_obj) logger.warn('admin.delete_object success after retry, obj_name:' + perm.obj_name) else: # can't handle this error so rethrow. raise RbacError(msg=e.msg, id=e.id) return
def test_search_perms(self): """ Test perm search by obj_name in file """ print_ln('test read perms by obj_name') try: perm = Perm(obj_name="test*") p = permdao.read(perm) print_entity(p, "Perm") except Exception as e: self.fail('perm search failed, exception=' + e.msg)
def test_search_perms(self): """ Test the perm search by obj_name and op_name in ldap """ print_ln('test search perms by objNm') try: prm = Perm(obj_name = "TOB*", op_name = "TOP*") pList = permdao.search(prm) for idx, entity in enumerate(pList) : print_entity (entity, "Perm[" + str(idx+1) + "]:", 1) except Exception as e: self.fail('perm search failed, exception=' + e.msg)
def process_perm(args): perm = load_entity(Perm(), args) print(args.entity + ' ' + args.operation) if args.operation == ADD: admin.add_perm(perm) elif args.operation == UPDATE: admin.update_perm(perm) elif args.operation == DELETE: admin.delete_perm(perm) elif args.operation == GRANT: role_nm = args.role print('role=' + role_nm) admin.grant(perm, Role(name=role_nm)) elif args.operation == REVOKE: role_nm = args.role print('role=' + role_nm) admin.revoke(perm, Role(name=role_nm)) elif args.operation == READ: print_entity(review.read_perm(perm), perm.obj_name + '.' + perm.op_name) pass elif args.operation == SEARCH: role_nm = args.role userid = args.uid prms = [] label = '' if userid: label = userid prms = review.user_perms(User(uid=userid)) elif role_nm: label = role_nm prms = review.role_perms(Role(name=role_nm)) else: if perm.obj_name: perm.obj_name += '*' else: perm.obj_name = '*' if perm.op_name: perm.op_name += '*' else: perm.op_name = '*' label = perm.obj_name + '.' + perm.op_name prms = review.find_perms(perm) if len(prms) > 0: for idx, prm in enumerate(prms): print_entity(prm, label + ':' + str(idx)) else: print_ln('No matching records found matching filter: ' + label) else: print('process_perm failed, invalid operation=' + args.operation) return False return True
def test_delete_perms(self): """ Test the perm delete """ print_ln('test delete perms') try: pList = permdao.search(Perm(obj_name='py-test*', op_name='*')) for perm in pList: entity = permdao.delete(perm) print_ln("Delete perm obj=" + perm.obj_name + ', op=' + perm.op_name + ', id=' + perm.obj_id) except Exception as e: self.fail('perm delete failed, exception=' + e.msg)
def test02_delete_perm(self): """ Test the perm delete object method """ print_ln('test_delete_perm') try: pList = review.find_perms(Perm(obj_name='py-obj*', op_name='*')) for perm in pList: entity = admin.delete_perm(perm) print_ln("Delete Perm obj name=" + entity.obj_name + ', op=' + entity.op_name + ', id=' + entity.obj_id) except Exception as e: self.fail('test_delete_perm failed, exception=' + e.msg)
def test01_revoke(self): """ Test the revoke method """ print_ln('test_revoke') try: pList = review.find_perms(Perm(obj_name='py-obj*', op_name='*')) rles = role_test_data.get_test_roles('py-role', 10) for perm in pList: for rle in rles: admin.revoke(perm, rle) print_ln("Revoke Perm obj name=" + perm.obj_name + ', op=' + perm.op_name + ', id=' + perm.obj_id + ', Role=' + rle.name) except Exception as e: pass
def test03_perm_roles(self): """ Test the perm roles method """ print_ln('test16_perm_roles') try: pList = review.find_perms(Perm(obj_name='py-obj*', op_name='*')) for perm in pList: print_ln("Role Perm obj name=" + perm.obj_name + ', op=' + perm.op_name + ', id=' + perm.obj_id) rList = review.perm_roles(perm) for role in rList: print_ln("Assigned role=" + role, 1) except Exception as e: self.fail('test16_perm_roles failed, exception=' + e.msg)
def test06_perm_users(self): """ Test the perm users method """ print_ln('test_perm_users') try: pList = review.find_perms(Perm(obj_name='py-obj*', op_name='*')) for perm in pList: print_ln("Perm obj name=" + perm.obj_name + ', op=' + perm.op_name + ', id=' + perm.obj_id) uList = review.perm_users(perm) for user in uList: print_ln("Assigned user=" + user.uid, 1) except Exception as e: self.fail('test_perm_users failed, exception=' + e.msg)
def main(argv=None): '''Command line options.''' if argv is None: argv = sys.argv else: sys.argv.extend(argv) program_name = 'Process py-fortress access commands.' parser = argparse.ArgumentParser(description=program_name) parser.add_argument( 'operation', metavar='operand', choices=[AUTH, CHCK, ROLES, PERMS, ADD, DELETE, SHOW, DROP], help='operation name') parser.add_argument('-r', '--role', dest='role', help='role name') add_args(parser, User()) add_args(parser, Perm()) args = parser.parse_args() process(args)
def process(args): sess = None result = False user = load_entity(User(), args) perm = load_entity(Perm(), args) print(args.operation) try: if args.operation == AUTH: sess = access.create_session(user, False) result = True elif args.operation == CHCK: sess = un_pickle() result = access.check_access(sess, perm) elif args.operation == ROLES: sess = un_pickle() roles = access.session_roles(sess) for idx, role in enumerate(roles): print_entity(role, role.name + ':' + str(idx)) result = True elif args.operation == PERMS: sess = un_pickle() perms = access.session_perms(sess) for idx, perm in enumerate(perms): print_entity( perm, perm.obj_name + '.' + perm.op_name + ':' + str(idx)) result = True elif args.operation == SHOW: sess = un_pickle() print_entity(sess, 'session') print_user(sess.user, 'user') result = True elif args.operation == ADD: sess = un_pickle() if not args.role: print("error --role required for this op") return False print('role=' + args.role) access.add_active_role(sess, args.role) result = True elif args.operation == DROP: sess = un_pickle() if not args.role: print("error --role required for this op") return False print('role=' + args.role) access.drop_active_role(sess, args.role) result = True else: print('process failed, invalid operation=' + args.operation) if result: print('success') else: print('failed') pickle_it(sess) except RbacError as e: if e.id == global_ids.ACTV_FAILED_DAY: print('failed day of week, id=' + str(e.id) + ', msg=' + e.msg) elif e.id == global_ids.ACTV_FAILED_DATE: print('failed for date, id=' + str(e.id) + ', msg=' + e.msg) elif e.id == global_ids.ACTV_FAILED_TIME: print('failed for time of day, id=' + str(e.id) + ', msg=' + e.msg) elif e.id == global_ids.ACTV_FAILED_TIMEOUT: print('failed inactivity timeout, id=' + str(e.id) + ', msg=' + e.msg) elif e.id == global_ids.ACTV_FAILED_LOCK: print('failed locked date') else: print('RbacError id=' + str(e.id) + ', ' + e.msg)
def __unload(dn, attrs): entity = Perm() entity.dn = dn attrs = CIDict(attrs) entity.internal_id = ldaphelper.get_attr_val( attrs.get(global_ids.INTERNAL_ID, [])) entity.obj_id = ldaphelper.get_attr_val(attrs.get(OBJ_ID, [])) entity.obj_name = ldaphelper.get_attr_val(attrs.get(OBJ_NM, [])) entity.op_name = ldaphelper.get_attr_val(attrs.get(OP_NM, [])) entity.abstract_name = ldaphelper.get_attr_val(attrs.get(PERM_NAME, [])) entity.type = ldaphelper.get_attr_val(attrs.get(TYPE, [])) entity.description = ldaphelper.get_one_attr_val( attrs.get(global_ids.DESC, [])) # Get the multi-occurring attrs: entity.users = ldaphelper.get_list(attrs.get(USERS, [])) entity.roles = ldaphelper.get_list(attrs.get(ROLES, [])) entity.props = ldaphelper.get_list(attrs.get(global_ids.PROPS, [])) return entity