Source code for roster_core.core

#!/usr/bin/python

# Copyright (c) 2009, Purdue University
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
#
# Redistributions in binary form must reproduce the above copyright notice, this
# list of conditions and the following disclaimer in the documentation and/or
# other materials provided with the distribution.
#
# Neither the name of the Purdue University nor the names of its contributors
# may be used to endorse or promote products derived from this software without
# specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

"""Toplevel core API."""

__copyright__ = 'Copyright (C) 2009, Purdue University'
__license__ = 'BSD'
__version__ = '#TRUNK#'


import datetime
import uuid

import IPy
import iscpy

import audit_log
import constants
import errors
import helpers_lib
import user

[docs]class Core(object): """Backend Roster interface. This class is meant to be the only interface to the database for top level programming for a web or xml-rpc interface, or anything else that would need to talk to the database. All errors raised will be a subclass of CoreError. """ def __init__(self, user_name, config_instance, unittest_timestamp=None): """Sets self.db_instance and self.user_instance for usage in the class. Inputs: user_name: string of user name config_instance: instantiated Config class object unittest_timestamp: datetime object timestamp for unit testing """ self.unittest_timestamp = unittest_timestamp self.db_instance = config_instance.GetDb() self.log_instance = audit_log.AuditLog(log_to_syslog=True, log_to_db=True, db_instance=self.db_instance) self.user_instance = user.User(user_name, self.db_instance, self.log_instance)
[docs] def MakeUser(self, user_name, access_level): """Create a user. Inputs: user_name: string of user name access_level: int from 0-255 as defined in user.py """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) user_dict = {'user_name': user_name, 'access_level': access_level} success = False try: self.db_instance.StartTransaction() try: self.db_instance.MakeRow('users', user_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def ListUsers(self, user_name=None, access_level=None): """Lists one or many users, if all args are None then list them all. Inputs: user_name: string of user name access_level: int from 0-255 as defined in user.py Output: dictionary: keyed by the user name with value of access_level. example: {'sharrell': 128, 'shuey': 64} """ self.user_instance.Authorize('ListUsers') user_dict = {'user_name': user_name, 'access_level': access_level} self.db_instance.StartTransaction() try: users = self.db_instance.ListRow('users', user_dict) finally: self.db_instance.EndTransaction() user_access_level_dict = {} for user_dict in users: user_access_level_dict[user_dict['user_name']] = user_dict['access_level'] return user_access_level_dict
[docs] def RemoveUser(self, user_name): """Removes a user. Inputs: user_name: string of user name Outputs: int: number of rows modified """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) search_user_dict = self.db_instance.GetEmptyRowDict('users') search_user_dict['user_name'] = user_name row_count = 0 success = False try: self.db_instance.StartTransaction() try: found_user = self.db_instance.ListRow('users', search_user_dict, lock_rows=True) if( found_user ): # user_name in users is a unique field so we know there is only one. row_count += self.db_instance.RemoveRow('users', found_user[0]) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success) return row_count
[docs] def UpdateUser(self, search_user_name, update_user_name=None, update_access_level=None): """Updates a user. Inputs: search_user_name: string of user name update_user_name: string of user name update_access_level: int from 0-255 as defined in user.py Outputs: int: number of rows modified """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) search_user_dict = self.db_instance.GetEmptyRowDict('users') search_user_dict['user_name'] = search_user_name update_user_dict = self.db_instance.GetEmptyRowDict('users') update_user_dict['user_name'] = update_user_name update_user_dict['access_level'] = update_access_level success = False try: self.db_instance.StartTransaction() try: row_count = self.db_instance.UpdateRow('users', search_user_dict, update_user_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success) return row_count
[docs] def ListGroups(self): """List all groups. Outputs: list of groups example ['cs', 'bio'] """ self.user_instance.Authorize('ListGroups') group_dict = self.db_instance.GetEmptyRowDict('groups') self.db_instance.StartTransaction() try: groups = self.db_instance.ListRow('groups', group_dict) finally: self.db_instance.EndTransaction() group_list = [] for group in groups: group_list.append(group['group_name']) return group_list
[docs] def MakeGroup(self, group_name): """Make group. Inputs: group_name: string of group name """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) group_dict = self.db_instance.GetEmptyRowDict('groups') group_dict['group_name'] = group_name success = False try: self.db_instance.StartTransaction() try: self.db_instance.MakeRow('groups', group_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def RemoveGroup(self, group_name): """Remove group. Inputs: group_name: string of group name Outputs: int: number of rows modified """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) group_dict = self.db_instance.GetEmptyRowDict('groups') group_dict['group_name'] = group_name success = False try: self.db_instance.StartTransaction() try: row_count = self.db_instance.RemoveRow('groups', group_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success) return row_count
[docs] def UpdateGroup(self, search_group_name, update_group_name): """Update group. Inputs: search_group_name: string of group name update_group_name: string of group name Outputs: int: number of rows modified """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) search_group_dict = self.db_instance.GetEmptyRowDict('groups') search_group_dict['group_name'] = search_group_name update_group_dict = self.db_instance.GetEmptyRowDict('groups') update_group_dict['group_name'] = update_group_name success = False try: self.db_instance.StartTransaction() try: row_count = self.db_instance.UpdateRow('groups', search_group_dict, update_group_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success) return row_count
[docs] def ListUserGroupAssignments(self, user_name=None, group_name=None, key_by_group=False): """List user-group assignments. Assignments can be given as a dictionary of users with lists of groups or as a dictionary of groups as a list of users. Outputs: dictionarie keyed by group or user with values of lists of groups or users depending on key_by_group bool example keyed by user: {'sharrell': ['cs', 'bio'], 'shuey': ['cs']} example keyed by group: {'cs': ['shuey', 'sharrell'] 'bio': ['sharrell'] """ self.user_instance.Authorize('ListUserGroupAssignments') assignment_dict = self.db_instance.GetEmptyRowDict('user_group_assignments') assignment_dict['user_group_assignments_group_name'] = group_name assignment_dict['user_group_assignments_user_name'] = user_name self.db_instance.StartTransaction() try: assignments = self.db_instance.ListRow('user_group_assignments', assignment_dict) finally: self.db_instance.EndTransaction() assignments_dict = {} for assignment in assignments: if( key_by_group ): if( not assignment['user_group_assignments_group_name'] in assignments_dict ): assignments_dict[ assignment['user_group_assignments_group_name']] = [] assignments_dict[ assignment['user_group_assignments_group_name']].append( assignment['user_group_assignments_user_name']) else: if( not assignment['user_group_assignments_user_name'] in assignments_dict ): assignments_dict[ assignment['user_group_assignments_user_name']] = [] assignments_dict[ assignment['user_group_assignments_user_name']].append( assignment['user_group_assignments_group_name']) return assignments_dict
[docs] def MakeUserGroupAssignment(self, user_name, group_name): """Make user-group assignment. Inputs: group_name: string of group name user_name: string of user name """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) assignment_dict = self.db_instance.GetEmptyRowDict('user_group_assignments') assignment_dict['user_group_assignments_group_name'] = group_name assignment_dict['user_group_assignments_user_name'] = user_name success = False try: self.db_instance.StartTransaction() try: self.db_instance.MakeRow('user_group_assignments', assignment_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def RemoveUserGroupAssignment(self, user_name, group_name): """Remove user-group. Inputs: group_name: string of group name user_name: string of user name Outputs: int: number of rows modified """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) assignment_dict = self.db_instance.GetEmptyRowDict('user_group_assignments') assignment_dict['user_group_assignments_group_name'] = group_name assignment_dict['user_group_assignments_user_name'] = user_name success = False try: self.db_instance.StartTransaction() try: row_count = self.db_instance.RemoveRow('user_group_assignments', assignment_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() return row_count finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def ListACLs(self, acl_name=None, cidr_block=None): """List one or many acls, if all args are none it will them all, or just search on one more terms. Inputs: acl_name: string of acl name cidr_block: string of valid CIDR block or IP address Outputs: dictionary: keyed by the acl name whos value is a list dictionaries with the cidr block and range allowed values. example: {'rfc_1918_networks': [{'cidr_block': '192.168/16'}, {'cidr_block': '10/8'}], 'university_networks': [{'cidr_block': '1.2.3/24'}, {'cidr_block': '1.1.1/24'}]} """ self.user_instance.Authorize('ListACLs') acl_dict = self.db_instance.GetEmptyRowDict('acl_ranges') acl_dict['acl_ranges_acl_name'] = acl_name acl_dict['acl_range_cidr_block'] = cidr_block self.db_instance.StartTransaction() try: acls = self.db_instance.ListRow('acl_ranges', acl_dict) finally: self.db_instance.EndTransaction() acl_cidr_range_dict = {} for acl in acls: if( not acl_cidr_range_dict.has_key(acl['acl_ranges_acl_name']) ): acl_cidr_range_dict[acl['acl_ranges_acl_name']] = [] acl_cidr_range_dict[acl['acl_ranges_acl_name']].append( {'cidr_block': acl['acl_range_cidr_block']}) return acl_cidr_range_dict
[docs] def MakeACL(self, acl_name, cidr_block): """Makes an acl from args. Inputs: acl_name: string of acl name cidr_block: string of valid CIDR block or IP address """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) acls_dict = {'acl_name': acl_name} acl_ranges_dict = {'acl_ranges_acl_name': acl_name, 'acl_range_cidr_block': cidr_block} success = False try: self.db_instance.StartTransaction() try: if( not self.db_instance.ListRow('acls', acls_dict) ): self.db_instance.MakeRow('acls', acls_dict) self.db_instance.MakeRow('acl_ranges', acl_ranges_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def RemoveACL(self, acl_name): """Removes an acl from args. Will also remove relevant acl-view assignments. Inputs: acl_name: string of acl name Outputs: int: number of rows modified """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) acls_dict = {'acl_name': acl_name} row_count = 0 success = False try: self.db_instance.StartTransaction() try: row_count += self.db_instance.RemoveRow('acls', acls_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success) return row_count
[docs] def RemoveCIDRBlockFromACL(self, acl_name, cidr_block): """Makes CIDR Block from ACL Inputs: acl_name: string of acl name cidr_block: string of valid CIDR block or IP address range_allowed: Int bool of if range should be allowed or denied Outputs: int: number of rows modified """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) acl_ranges_dict = {'acl_ranges_acl_name': acl_name, 'acl_range_cidr_block': cidr_block} row_count = 0 success = False try: self.db_instance.StartTransaction() try: # Will only be one ACL because acl_name/cidr_block are unique acls = self.db_instance.ListRow('acl_ranges', acl_ranges_dict) if( acls ): row_count += self.db_instance.RemoveRow('acl_ranges', acls[0]) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success) return row_count
[docs] def ListDnsServers(self, dns_server_name=None): """List dns servers. Outputs: int: number of rows modified """ self.user_instance.Authorize('ListDnsServers') dns_server_dict = self.db_instance.GetEmptyRowDict('dns_servers') dns_server_dict['dns_server_name'] = dns_server_name self.db_instance.StartTransaction() try: dns_servers = self.db_instance.ListRow('dns_servers', dns_server_dict) finally: self.db_instance.EndTransaction() dns_server_list = [] for dns_server in dns_servers: dns_server_list.append(dns_server['dns_server_name']) return dns_server_list
[docs] def MakeDnsServer(self, dns_server_name): """Makes one dns server Inputs: dns_server_name: string of the dns server name """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) dns_server_dict = self.db_instance.GetEmptyRowDict('dns_servers') dns_server_dict['dns_server_name'] = dns_server_name success = False try: self.db_instance.StartTransaction() try: self.db_instance.MakeRow('dns_servers', dns_server_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def RemoveDnsServer(self, dns_server_name): """Removes dns server. Inputs: dns_server_name: string of dns server name Outputs: int: number of rows modified """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) dns_server_dict = self.db_instance.GetEmptyRowDict('dns_servers') dns_server_dict['dns_server_name'] = dns_server_name success = False try: self.db_instance.StartTransaction() try: row_count = self.db_instance.RemoveRow('dns_servers', dns_server_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success) return row_count
[docs] def UpdateDnsServer(self, search_dns_server_name, update_dns_server_name): """Updates dns server Inputs: search_dns_server_name: string of dns server name update_dns_server_name: new string of dns server name Outputs: int: number of rows modified """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) search_dns_server_dict = self.db_instance.GetEmptyRowDict('dns_servers') search_dns_server_dict['dns_server_name'] = search_dns_server_name update_dns_server_dict = self.db_instance.GetEmptyRowDict('dns_servers') update_dns_server_dict['dns_server_name'] = update_dns_server_name success = False try: self.db_instance.StartTransaction() try: row_count = self.db_instance.UpdateRow('dns_servers', search_dns_server_dict, update_dns_server_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success) return row_count
[docs] def ListDnsServerSets(self, dns_server_set_name=None): """List all dns server sets Inputs: dns_server_set_name: string of dns server set name Outputs: list of dns server sets """ self.user_instance.Authorize('ListDnsServerSets') dns_server_set_dict = self.db_instance.GetEmptyRowDict('dns_server_sets') dns_server_set_dict['dns_server_set_name'] = dns_server_set_name self.db_instance.StartTransaction() try: dns_server_sets = self.db_instance.ListRow('dns_server_sets', dns_server_set_dict) finally: self.db_instance.EndTransaction() dns_server_set_list = [] for dns_server_set in dns_server_sets: dns_server_set_list.append(dns_server_set['dns_server_set_name']) return dns_server_set_list
[docs] def MakeDnsServerSet(self, dns_server_set_name): """Make dns server set. Inputs: dns_server_set_name: string of dns server set name """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) dns_server_set_dict = self.db_instance.GetEmptyRowDict('dns_server_sets') dns_server_set_dict['dns_server_set_name'] = dns_server_set_name success = False try: self.db_instance.StartTransaction() try: self.db_instance.MakeRow('dns_server_sets', dns_server_set_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def RemoveDnsServerSet(self, dns_server_set_name): """Remove dns server set. Inputs: dns_server_set_name: string of dns server set name Outputs: int: number of rows modified """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) dns_server_set_dict = self.db_instance.GetEmptyRowDict('dns_server_sets') dns_server_set_dict['dns_server_set_name'] = dns_server_set_name success = False try: self.db_instance.StartTransaction() try: row_count = self.db_instance.RemoveRow('dns_server_sets', dns_server_set_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success) return row_count
[docs] def UpdateDnsServerSet(self, search_dns_server_set_name, update_dns_server_set_name): """Update dns_server_set. Inputs: search_dns_server_set_name: string of dns_server_set name update_dns_server_set_name: string of dns_server_set name Outputs: int: number of rows modified """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) search_dns_server_set_dict = self.db_instance.GetEmptyRowDict( 'dns_server_sets') search_dns_server_set_dict[ 'dns_server_set_name'] = search_dns_server_set_name update_dns_server_set_dict = self.db_instance.GetEmptyRowDict( 'dns_server_sets') update_dns_server_set_dict[ 'dns_server_set_name'] = update_dns_server_set_name success = False try: self.db_instance.StartTransaction() try: row_count = self.db_instance.UpdateRow('dns_server_sets', search_dns_server_set_dict, update_dns_server_set_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success) return row_count
[docs] def ListDnsServerSetAssignments(self, dns_server_name=None, dns_server_set_name=None): """List dns server set assignments. Inputs: dns_server_name: string of dns server name dns_server_set_name: string of dns server set name Outputs: dictionary keyed by server sets. """ self.user_instance.Authorize('ListDnsServerSetAssignments') assignment_dict = self.db_instance.GetEmptyRowDict( 'dns_server_set_assignments') assignment_dict['dns_server_set_assignments_dns_server_name'] = ( dns_server_name) assignment_dict['dns_server_set_assignments_dns_server_set_name'] = ( dns_server_set_name) self.db_instance.StartTransaction() try: assignments = self.db_instance.ListRow('dns_server_set_assignments', assignment_dict) finally: self.db_instance.EndTransaction() assignments_dict = {} for assignment in assignments: if( not assignment['dns_server_set_assignments_dns_server_set_name'] in assignments_dict ): assignments_dict[assignment[ 'dns_server_set_assignments_dns_server_set_name']] = [] assignments_dict[assignment[ 'dns_server_set_assignments_dns_server_set_name']].append( assignment['dns_server_set_assignments_dns_server_name']) return assignments_dict
[docs] def MakeDnsServerSetAssignments(self, dns_server_name, dns_server_set_name): """Make dns server set assignment. Inputs: dns_server_name: string of dns server name dns_server_set_name: string of dns server set name """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) assignment_dict = self.db_instance.GetEmptyRowDict( 'dns_server_set_assignments') assignment_dict['dns_server_set_assignments_dns_server_name'] = ( dns_server_name) assignment_dict['dns_server_set_assignments_dns_server_set_name'] = ( dns_server_set_name) success = False try: self.db_instance.StartTransaction() try: self.db_instance.MakeRow('dns_server_set_assignments', assignment_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def RemoveDnsServerSetAssignments(self, dns_server_name, dns_server_set_name): """Remove a dns server set assignment Inputs: dns_server_name: string of dns server name dns_server_set_name: string of dns server set name """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) assignment_dict = self.db_instance.GetEmptyRowDict( 'dns_server_set_assignments') assignment_dict['dns_server_set_assignments_dns_server_name'] = ( dns_server_name) assignment_dict['dns_server_set_assignments_dns_server_set_name'] = ( dns_server_set_name) success = False try: self.db_instance.StartTransaction() try: row_count = self.db_instance.RemoveRow('dns_server_set_assignments', assignment_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() return row_count finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def ListDnsServerSetViewAssignments(self, view_name=None, dns_server_set_name=None, key_by_view=False): """List dns server set view assignments Assignments can be given as a dictionary of dns server names with lists of view names or as a dictionary of view names with lists of dns server names. Outputs: Dictionary keyed by view name or dns server set name with values of lists of view names or dns server sets depending on key_by_view bool example keyed by view_name: {'view1': ['set1', 'set2'], 'view2': ['set2']} example keyed by dns_server_set_name: {'set1': ['view1'] 'set2': ['view1', 'view2']} """ self.user_instance.Authorize('ListDnsServerSetViewAssignments') assignment_dict = self.db_instance.GetEmptyRowDict( 'dns_server_set_view_assignments') assignment_dict['dns_server_set_view_assignments_view_name'] = ( view_name) assignment_dict['dns_server_set_view_assignments_dns_server_set_name'] = ( dns_server_set_name) self.db_instance.StartTransaction() try: assignments = self.db_instance.ListRow('dns_server_set_view_assignments', assignment_dict) finally: self.db_instance.EndTransaction() assignments_dict = {} for assignment in assignments: if( key_by_view ): if( not assignment['dns_server_set_view_assignments_view_name'] in assignments_dict ): assignments_dict[ assignment['dns_server_set_view_assignments_view_name']] = [] assignments_dict[ assignment['dns_server_set_view_assignments_view_name']].append( assignment[ 'dns_server_set_view_assignments_dns_server_set_name']) else: if( not assignment[ 'dns_server_set_view_assignments_dns_server_set_name'] in assignments_dict ): assignments_dict[ assignment[ 'dns_server_set_view_assignments_dns_server_set_name']] = [] assignments_dict[assignment[ 'dns_server_set_view_assignments_dns_server_set_name']].append( assignment['dns_server_set_view_assignments_view_name']) return assignments_dict
[docs] def MakeDnsServerSetViewAssignments(self, view_name, dns_server_set_name): """Make dns server set view assignment Inputs: view_name: string of the view name dns_server_set_name: string of the dns server set name """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) assignment_dict = self.db_instance.GetEmptyRowDict( 'dns_server_set_view_assignments') assignment_dict['dns_server_set_view_assignments_view_name'] = view_name assignment_dict['dns_server_set_view_assignments_dns_server_set_name'] = ( dns_server_set_name) success = False try: self.db_instance.StartTransaction() try: self.db_instance.MakeRow('dns_server_set_view_assignments', assignment_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def RemoveDnsServerSetViewAssignments(self, view_name, dns_server_set_name): """Remove dns server set view assignment Inputs: view_name: string of view name dns_server_set_name: string of dns server set name Outputs: int: number of rows modified """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) assignment_dict = self.db_instance.GetEmptyRowDict( 'dns_server_set_view_assignments') assignment_dict['dns_server_set_view_assignments_view_name'] = view_name assignment_dict['dns_server_set_view_assignments_dns_server_set_name'] = ( dns_server_set_name) success = False try: self.db_instance.StartTransaction() try: row_count = self.db_instance.RemoveRow( 'dns_server_set_view_assignments', assignment_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() return row_count finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def ListViews(self, view_name=None): """Lists all views. Outputs: dictionary: dict keyed by view name with a value of the view args. example: {'view_1': 'also-notify {192.168.0.1;}\\nallow-transfer ' '{university_networks};;', 'view_2': 'other-arg { thing };'} """ self.user_instance.Authorize('ListViews') view_dict = self.db_instance.GetEmptyRowDict('views') view_dict['view_name'] = view_name self.db_instance.StartTransaction() try: views = self.db_instance.ListRow('views', view_dict) finally: self.db_instance.EndTransaction() view_options_dict = {} for view in views: view_options_dict[view['view_name']] = iscpy.Deserialize(view['view_options']) return view_options_dict
[docs] def MakeView(self, view_name, view_options=None): """Makes a view and all of the other things that go with a view. For more information about views please see docstring for MakeViewAssignments. Inputs: view_name: string of view name view_options: string of view options, defaults to empty string. for information on valid view options read: http://www.bind9.net/manual/bind/9.3.2/Bv9ARM.ch06.html#view_statement_grammar """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) if( view_options is None ): view_options = iscpy.Serialize(u'') views_dict = {'view_name': view_name, 'view_options': iscpy.Serialize(view_options)} view_dep_name = '%s_dep' % view_name view_dependencies_dict = {'view_dependency': view_dep_name} view_dependency_assignments_dict = { 'view_dependency_assignments_view_name': view_name, 'view_dependency_assignments_view_dependency': view_dep_name} success = False try: self.db_instance.StartTransaction() try: self.db_instance.MakeRow('views', views_dict) self.db_instance.MakeRow('view_dependencies', view_dependencies_dict) self.db_instance.MakeRow('view_dependency_assignments', view_dependency_assignments_dict) view_dependency_assignments_dict[ 'view_dependency_assignments_view_dependency'] = u'any' self.db_instance.MakeRow('view_dependency_assignments', view_dependency_assignments_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def RemoveView(self, view_name): """Removes a view. Also removes anything attatched to that view. Including any information about a specific zone in the view and any records in that view. Please point gun away from foot. Inputs: view_name: string of view name Raises: InvalidInputError: Cannot remove view any Outputs: int: number of rows modified """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) if( view_name == u'any' ): raise errors.InvalidInputError('Cannot remove view any') search_view_dict = self.db_instance.GetEmptyRowDict('views') search_view_dict['view_name'] = view_name view_dep_dict = {'view_dependency': '%s_dep' % view_name} row_count = 0 success = False try: self.db_instance.StartTransaction() try: view_dict = self.db_instance.ListRow('views', search_view_dict, lock_rows=True) if( view_dict ): # view_name is unique in this table so no need to see if there are # multiple rows row_count += self.db_instance.RemoveRow('views', view_dict[0]) row_count += self.db_instance.RemoveRow('view_dependencies', view_dep_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success) return row_count
[docs] def UpdateView(self, search_view_name, update_view_name=None, update_view_options=None): """Updates a view. Also updates anything attatched to that view. Including any information about a specific zone in the view and any records in that view. Inputs: search_view_name: string of view name to be updated update_view_name: string of view name to update with update_view_options: string of view options, defaults to empty string. for information on valid view options read: http://www.bind9.net/manual/bind/9.3.2/Bv9ARM.ch06.html#view_statement_grammar Raises: InvalidInputError: Cannot update view any. """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) if( search_view_name == u'any' ): raise errors.InvalidInputError('Cannot update view any') search_view_dict = self.db_instance.GetEmptyRowDict('views') search_view_dict['view_name'] = search_view_name search_view_dep_dict = {'view_dependency': '%s_dep' % search_view_name} update_view_dict = {'view_name': update_view_name, 'view_options': iscpy.Serialize(update_view_options)} update_view_dep_dict = {'view_dependency': '%s_dep' % update_view_name} success = False try: self.db_instance.StartTransaction() try: row_count = self.db_instance.UpdateRow('views', search_view_dict, update_view_dict) row_count += self.db_instance.UpdateRow('view_dependencies', search_view_dep_dict, update_view_dep_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success) return row_count
[docs] def ListViewAssignments(self, view_superset=None, view_subset=None): """Lists view assignments. For more informaton about view assignments please read the MakeViewAssignment docstring. Inputs: view_superset: string of view name view_subset: string of view name Outputs: dictionary keyed by view supersets with values lists of view subsets """ self.user_instance.Authorize('ListViewAssignments') view_dependency_assignments_dict = self.db_instance.GetEmptyRowDict( 'view_dependency_assignments') view_dependency_assignments_dict[ 'view_dependency_assignments_view_dependency'] = view_subset if( view_subset is not None and view_subset != 'any'): view_dependency_assignments_dict[ 'view_dependency_assignments_view_dependency'] = ('%s_dep' % view_subset) view_dependency_assignments_dict[ 'view_dependency_assignments_view_name'] = view_superset self.db_instance.StartTransaction() try: view_assignments = self.db_instance.ListRow( 'view_dependency_assignments', view_dependency_assignments_dict) finally: self.db_instance.EndTransaction() view_assignments_dict = {} for view_assignment in view_assignments: if( not view_assignment['view_dependency_assignments_view_name'] in view_assignments_dict ): view_assignments_dict[view_assignment[ 'view_dependency_assignments_view_name']] = [] if( view_assignment[ 'view_dependency_assignments_view_dependency'].endswith('_dep') ): view_assignment[ 'view_dependency_assignments_view_dependency'] = view_assignment[ 'view_dependency_assignments_view_dependency'][:-4:] view_assignments_dict[view_assignment[ 'view_dependency_assignments_view_name']].append(view_assignment[ 'view_dependency_assignments_view_dependency']) return view_assignments_dict
[docs] def MakeViewAssignment(self, view_superset, view_subset): """Assigns a view to view. A view contains zones in that view. However zones can be assigned to another view that is a superset of views. For example an assignment can be made for view_a(view_superset) to also include all of view_b's(view_subset) zones(and by proxy, records). This prevents having to have duplicate records in each view. Most of the time this will not be needed as there is a special subset included in all views(unless explicitly deleted) called the 'any' view. Records in the 'any' view will be in all views that have not been explicity changed to remove the 'any' view. The 'any' view subset is automatically tied to a view when a view is created. Also this is the default view for records and zones(again it can be explicitly changed if needed). Inputs: view_superset: string of view name view_subset: string of view name """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) view_dependency_assignments_dict = { 'view_dependency_assignments_view_name': view_superset, 'view_dependency_assignments_view_dependency': '%s_dep' % view_subset} success = False try: self.db_instance.StartTransaction() try: self.db_instance.MakeRow('view_dependency_assignments', view_dependency_assignments_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def RemoveViewAssignment(self, view_superset, view_subset): """Removes a view assignment. For more informaton about view assignments please read the MakeViewAssignment docstring. Inputs: view_superset: string of view name view_subset: string of view name """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) view_dependency_assignments_dict = { 'view_dependency_assignments_view_name': view_superset, 'view_dependency_assignments_view_dependency': '%s_dep' % view_subset} success = False try: self.db_instance.StartTransaction() try: row_count = self.db_instance.RemoveRow('view_dependency_assignments', view_dependency_assignments_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success) return row_count
[docs] def ListViewToACLAssignments(self, view_name=None, acl_name=None, acl_range_allowed=None): """Lists some or all view to acl assignments corresponding to the given args. Inputs: view_name: string of view name acl_name: string of acl name Outputs: list: list contains dictionaries of assignments example: [{'view_name': 'main_view', 'acl_name': 'internal', 'acl_range_allowed': 'true'}, {'view_name': 'other_view', 'acl_name': 'external', 'acl_range_allowed': 'false'}] """ self.user_instance.Authorize('ListViewToACLAssignments') view_acl_assign_dict = { 'view_acl_assignments_acl_name': acl_name, 'view_acl_assignments_view_name': view_name, 'view_acl_assignments_range_allowed': acl_range_allowed} self.db_instance.StartTransaction() try: view_acl_assignments = self.db_instance.ListRow('view_acl_assignments', view_acl_assign_dict) finally: self.db_instance.EndTransaction() assignments_dicts = [] for view_acl_assignment in view_acl_assignments: assignments_dict = {} assignments_dict['view_name'] = view_acl_assignment[ 'view_acl_assignments_view_name'] assignments_dict['acl_name'] = view_acl_assignment[ 'view_acl_assignments_acl_name'] assignments_dict['acl_range_allowed'] = view_acl_assignment[ 'view_acl_assignments_range_allowed'] assignments_dicts.append(assignments_dict) return assignments_dicts
[docs] def MakeViewToACLAssignments(self, view_name, acl_name, acl_range_allowed): """Makes view to acl assignment Inputs: view_name: string of view name acl_name: string of acl name acl_range_allowed: boolean to allow/disallow given acl range """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) view_acl_assign_dict = { 'view_acl_assignments_acl_name': acl_name, 'view_acl_assignments_view_name': view_name, 'view_acl_assignments_range_allowed': acl_range_allowed} success = False try: self.db_instance.StartTransaction() try: self.db_instance.MakeRow('view_acl_assignments', view_acl_assign_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def RemoveViewToACLAssignments(self, view_name, acl_name, acl_range_allowed): """Removes view to acl assignment Inputs: view_name: string of view name acl_name: string of acl name Outputs: int: number of rows modified """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) view_acl_assign_dict = { 'view_acl_assignments_acl_name': acl_name, 'view_acl_assignments_view_name': view_name, 'view_acl_assignments_range_allowed': acl_range_allowed} success = False try: self.db_instance.StartTransaction() try: row_count = self.db_instance.RemoveRow('view_acl_assignments', view_acl_assign_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success) return row_count
[docs] def ListZones(self, zone_name=None, zone_type=None, zone_origin=None, view_name=None): """Lists zones. Inputs: zone_name: string of zone name zone_type: string of zone type zone_origin: string of zone origin. ex dept.univiersity.edu. view_name: string of view name Outputs: Dictionary of dictionaries. The parent dictionary is keyed by zone name, the secondary dictionary is keyed by view name and the third is keyed by type of data. example: {'zone.university.edu': {'internal': {'zone_type': 'master', 'zone_options': 'misc opts', 'zone_origin': 'university.edu.'}, 'any': {'zone_type': 'master' 'zone_options': 'other options', 'zone_origin': 'university.edu.'}}, 'otherzone.university.edu': {'any': {'zone_type': 'slave', 'zone_options': 'options'}}} """ self.user_instance.Authorize('ListZones') zone_view_assignments_dict = self.db_instance.GetEmptyRowDict( 'zone_view_assignments') if( view_name is not None and view_name != u'any' ): view_name = '%s_dep' % view_name zone_view_assignments_dict['zone_view_assignments_zone_name'] = zone_name zone_view_assignments_dict['zone_view_assignments_zone_type'] = zone_type zone_view_assignments_dict['zone_origin'] = zone_origin zone_view_assignments_dict[ 'zone_view_assignments_view_dependency'] = view_name self.db_instance.StartTransaction() try: zone_view_assignment_rows = self.db_instance.ListRow( 'zone_view_assignments', zone_view_assignments_dict) finally: self.db_instance.EndTransaction() zone_view_assignments = {} for row in zone_view_assignment_rows: if( not row['zone_view_assignments_zone_name'] in zone_view_assignments ): zone_view_assignments[row['zone_view_assignments_zone_name']] = {} if( not row['zone_view_assignments_view_dependency'].replace('_dep', '') in zone_view_assignments[row['zone_view_assignments_zone_name']] ): zone_view_assignments[row['zone_view_assignments_zone_name']][ row['zone_view_assignments_view_dependency'].replace( '_dep', '')] = {} zone_options = iscpy.Deserialize(row['zone_options']) zone_view_assignments[row['zone_view_assignments_zone_name']][ row['zone_view_assignments_view_dependency'].replace('_dep', '')] = ( {'zone_type': row['zone_view_assignments_zone_type'], 'zone_options': zone_options, 'zone_origin': row['zone_origin']}) return zone_view_assignments
[docs] def MakeZone(self, zone_name, zone_type, zone_origin, view_name=None, zone_options=None, make_any=True): """Makes a zone. Inputs: zone_name: string of zone name zone_type: string of zone type zone_origin: string of zone origin. ex dept.univiersity.edu. zone_options: string of zone_options(defaults to empty string) valid zone options can be found here: http://www.bind9.net/manual/bind/9.3.2/Bv9ARM.ch06.html#zone_statement_grammar view_name: string of view name(defaults to 'any') see docstring of MakeViewAssignments as to why 'any' is default make_any: regardless of view name, make any as well(default to True) Raises: UnexpectedDataError: Invalid zone type. """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) if( zone_options is None ): zone_options = iscpy.Serialize(u'') if( view_name is None ): view_name = u'any' else: view_name = '%s_dep' % view_name zone_dict = {'zone_name': zone_name} zone_view_assignments_dict = { 'zone_view_assignments_zone_name': zone_name, 'zone_view_assignments_view_dependency': view_name, 'zone_view_assignments_zone_type': zone_type, 'zone_origin': zone_origin, 'zone_options': iscpy.Serialize(zone_options)} search_any_dict = self.db_instance.GetEmptyRowDict('zone_view_assignments') search_any_dict['zone_view_assignments_view_dependency'] = u'any' search_any_dict['zone_view_assignments_zone_name'] = zone_name zone_type_dict = {'zone_type': zone_type} success = False try: self.db_instance.StartTransaction() try: if( not self.db_instance.ListRow('zone_types', zone_type_dict) ): raise errors.UnexpectedDataError('Invalid zone type.') if( not self.db_instance.ListRow('zones', zone_dict) ): self.db_instance.MakeRow('zones', zone_dict) self.db_instance.MakeRow('zone_view_assignments', zone_view_assignments_dict) if( view_name != u'any' and make_any ): if( not self.db_instance.ListRow('zone_view_assignments', search_any_dict) ): zone_view_assignments_dict[ 'zone_view_assignments_view_dependency'] = u'any' self.db_instance.MakeRow('zone_view_assignments', zone_view_assignments_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def RemoveZone(self, zone_name, view_name=None): """Removes a zone. Inputs: zone_name: string of zone name view_name: string of view name Outputs: int: number of rows affected """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) zone_dict = {'zone_name': zone_name} zone_view_assignments_dict = self.db_instance.GetEmptyRowDict( 'zone_view_assignments') zone_view_assignments_dict['zone_view_assignments_zone_name'] = zone_name row_count = 0 success = False try: self.db_instance.StartTransaction() try: zone_assignments_by_name = self.db_instance.ListRow( 'zone_view_assignments', zone_view_assignments_dict) if( view_name is None or len(zone_assignments_by_name) <= 1 ): # Because of cascading deletes this should remove anything in the # zone_view_assignments table as well row_count += self.db_instance.RemoveRow('zones', zone_dict) else: if( view_name == 'any' ): zone_view_assignments_dict[ 'zone_view_assignments_view_dependency'] = view_name else: zone_view_assignments_dict[ 'zone_view_assignments_view_dependency'] = '%s_dep' % view_name # Because zone_name/zone_view together are uniquely constrained in # this table no need to check if there are more than one. found_zone_assignment = self.db_instance.ListRow( 'zone_view_assignments', zone_view_assignments_dict, lock_rows=True) if( found_zone_assignment ): row_count += self.db_instance.RemoveRow('zone_view_assignments', found_zone_assignment[0]) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success) return row_count
[docs] def UpdateZone(self, search_zone_name, search_view_name=None, update_zone_name=None, update_zone_options=None, update_zone_type=None): """Updates zone options or zone type of zone Inputs: search_zone_name: string of zone name search_view_name: string of view name update_zone_name: string of zone name update_zone_type: string of zone type update_zone_options: string of zone options valid zone options can be found here: http://www.bind9.net/manual/bind/9.3.2/Bv9ARM.ch06.html#zone_statement_grammar Outputs: int: number of rows affected """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) if( search_view_name is not None and search_view_name != u'any' ): search_view_name = '%s_dep' % search_view_name search_zone_dict = {'zone_name': search_zone_name} update_zone_dict = {'zone_name': update_zone_name} search_zone_view_assignments_dict = self.db_instance.GetEmptyRowDict( 'zone_view_assignments') search_zone_view_assignments_dict['zone_view_assignments_zone_name'] = ( search_zone_name) search_zone_view_assignments_dict[ 'zone_view_assignments_view_dependency'] = search_view_name update_zone_view_assignments_dict = self.db_instance.GetEmptyRowDict( 'zone_view_assignments') update_zone_view_assignments_dict['zone_view_assignments_zone_name'] = ( update_zone_name) update_zone_view_assignments_dict['zone_view_assignments_zone_type'] = ( update_zone_type) update_zone_view_assignments_dict['zone_options'] = iscpy.Serialize(update_zone_options) success = False try: self.db_instance.StartTransaction() row_count = 0 try: if( update_zone_name is not None and search_view_name is None ): row_count += self.db_instance.UpdateRow('zones', search_zone_dict, update_zone_dict) row_count += self.db_instance.UpdateRow( 'zone_view_assignments',search_zone_view_assignments_dict, update_zone_view_assignments_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success) return row_count
[docs] def ListReverseRangeZoneAssignments(self, zone_name=None, cidr_block=None): """Lists reverse range to zone assignments. Inputs: zone_name: string of zone name cidr_block: string of cidr block Outputs: dictionary: keyed by zone_name with values of cidr blocks example: {'10.in-addr.arpa': '10/8', '9.168.192.in-addr.arpa': '192.168.9/24'} """ self.user_instance.Authorize('ListReverseRangeZoneAssignments') assignment_dict = {'reverse_range_zone_assignments_zone_name': zone_name, 'reverse_range_zone_assignments_cidr_block': cidr_block} self.db_instance.StartTransaction() try: assignment_rows = self.db_instance.ListRow( 'reverse_range_zone_assignments', assignment_dict) finally: self.db_instance.EndTransaction() reverse_range_dict = {} for row in assignment_rows: reverse_range_dict[row['reverse_range_zone_assignments_zone_name']] = ( row['reverse_range_zone_assignments_cidr_block']) return reverse_range_dict
[docs] def MakeReverseRangeZoneAssignment(self, zone_name, cidr_block): """Makes a reverse range to zone assignment. Inputs: zone_name: string of zone name cidr_block: string of cidr block """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) assignment_dict = {'reverse_range_zone_assignments_zone_name': zone_name, 'reverse_range_zone_assignments_cidr_block': cidr_block} success = False try: self.db_instance.StartTransaction() try: self.db_instance.MakeRow('reverse_range_zone_assignments', assignment_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def RemoveReverseRangeZoneAssignment(self, zone_name, cidr_block): """Remove reverse range to zone assignment. Inputs: zone_name: string of zone name cidr_block: string of cidr block Outputs: int: number of rows affected """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) assignment_dict = {'reverse_range_zone_assignments_zone_name': zone_name, 'reverse_range_zone_assignments_cidr_block': cidr_block} success = False try: self.db_instance.StartTransaction() try: row_count = self.db_instance.RemoveRow('reverse_range_zone_assignments', assignment_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success) return row_count
[docs] def ListForwardZonePermissions(self, zone_name=None, group_name=None, group_permission=None): """List forward zone permissions. Inputs: zone_name: string of zone name group_name: string of group name group_permission: list group permissions, i.e., ['a', 'aaaa', 'cname'] Outputs: dictionary keyed by group name with values of lists of dictionaries containing zone names and group permissions example: {'dept': [{'zone_name': 'sub.univeristy.edu', 'group_permission': ['a', 'aaaa', 'cname']}, {'zone_name': 'othersub.university.edu', 'group_permission': ['a', 'aaaa', 'cname', 'soa']}], 'otherdept': [{'zone_name': 'sub.university.edu', 'group_permission': ['a', 'aaaa']}]} """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) forward_zone_permissions_dict = self.db_instance.GetEmptyRowDict( 'forward_zone_permissions') forward_zone_permissions_dict['forward_zone_permissions_group_name'] = ( group_name) forward_zone_permissions_dict['forward_zone_permissions_zone_name'] = ( zone_name) group_forward_permissions_dicts = [] forward_zone_permissions_rows = [] group_forward_permissions_rows_dict = {} group_forward_permissions = {} success = False try: self.db_instance.StartTransaction() try: forward_zone_permissions_rows = self.db_instance.ListRow( 'forward_zone_permissions', forward_zone_permissions_dict) for row in forward_zone_permissions_rows: group_forward_permissions_dict = self.db_instance.GetEmptyRowDict( 'group_forward_permissions') group_forward_permissions_dict[ 'group_forward_permissions_forward_zone_permissions_id'] = row[ 'forward_zone_permissions_id'] group_permissions_row_permission_list = [] for group_permissions_row in self.db_instance.ListRow( 'group_forward_permissions', group_forward_permissions_dict): group_permissions_row_permission_list.append(group_permissions_row[ 'group_forward_permissions_group_permission']) if( group_permission is None or group_permission == ( group_permissions_row_permission_list) ): group_forward_permissions_rows_dict.update({ str(row['forward_zone_permissions_id']): ( group_permissions_row_permission_list)}) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success) ## Construct dict to return forward_zone_perms_dict = {} for row in forward_zone_permissions_rows: if( str(row['forward_zone_permissions_id']) in ( group_forward_permissions_rows_dict) ): if( row['forward_zone_permissions_group_name'] not in forward_zone_perms_dict ): forward_zone_perms_dict[ row['forward_zone_permissions_group_name']] = [] forward_zone_perms_dict[ row['forward_zone_permissions_group_name']].append( {'zone_name': row['forward_zone_permissions_zone_name'], 'group_permission': group_forward_permissions_rows_dict[ str(row['forward_zone_permissions_id'])]}) return forward_zone_perms_dict
[docs] def MakeForwardZonePermission(self, zone_name, group_name, group_permission=None): """Make forward zone permission. Inputs: zone_name: string of zone name group_name: string of group name group_permission: list group permissions, i.e., ['a', 'aaaa', 'cname'] """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) forward_zone_permissions_dict = self.db_instance.GetEmptyRowDict( 'forward_zone_permissions') forward_zone_permissions_dict['forward_zone_permissions_group_name'] = ( group_name) forward_zone_permissions_dict['forward_zone_permissions_zone_name'] = ( zone_name) success = False try: self.db_instance.StartTransaction() try: forward_zone_perm_id = self.db_instance.MakeRow( 'forward_zone_permissions', forward_zone_permissions_dict) ## Add associated group_forward_permissions for group_perm in group_permission: group_forward_permissions_dict = self.db_instance.GetEmptyRowDict( 'group_forward_permissions') group_forward_permissions_dict[ 'group_forward_permissions_forward_zone_permissions_id'] = ( forward_zone_perm_id) group_forward_permissions_dict[ 'group_forward_permissions_group_permission'] = ( group_perm) self.db_instance.MakeRow('group_forward_permissions', group_forward_permissions_dict) except: self.db_instance.EndTransaction(rollback=True) raise success = True self.db_instance.EndTransaction() finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def UpdateGroupForwardPermission(self, zone_name, group_name, new_permissions): """Updates forward zone group permissions Inputs: zone_name: string of zone name group_name: string of group name new_permissions: list of permissions. (ex [u'a', u'aaaa', u'cname']) Raises: AuthorizationError: Group does not have access to supplied zone """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) forward_zone_permissions = self.ListForwardZonePermissions(zone_name, group_name) if( group_name not in forward_zone_permissions ): raise errors.AuthorizationError('Trying to update permissions on zone ' '%s not assigned to group %s.' % ( zone_name, group_name)) else: current_permissions = forward_zone_permissions[group_name] for permission in current_permissions: if( permission['zone_name'] == zone_name ): current_permissions = permission['group_permission'] break else: raise errors.AuthorizationError('Trying to update permissions on zone ' '%s not assigned to group %s.' % ( zone_name, group_name)) add_permissions = list(set(new_permissions).difference(set( current_permissions))) remove_permissions = list(set(current_permissions).difference(set( new_permissions))) forward_zone_permissions_dict = self.db_instance.GetEmptyRowDict( 'forward_zone_permissions') group_forward_permissions_dict = self.db_instance.GetEmptyRowDict( 'group_forward_permissions') forward_zone_permissions_dict[ 'forward_zone_permissions_group_name'] = group_name forward_zone_permissions_dict[ 'forward_zone_permissions_zone_name'] = zone_name success = False try: self.db_instance.StartTransaction() try: forward_zone_permissions_row = self.db_instance.ListRow( 'forward_zone_permissions', forward_zone_permissions_dict) id = forward_zone_permissions_row[0]['forward_zone_permissions_id'] group_forward_permissions_dict[ 'group_forward_permissions_forward_zone_permissions_id'] = id for permission in remove_permissions: group_forward_permissions_dict[ 'group_forward_permissions_group_permission'] = permission self.db_instance.RemoveRow('group_forward_permissions', group_forward_permissions_dict) for permission in add_permissions: group_forward_permissions_dict[ 'group_forward_permissions_group_permission'] = permission self.db_instance.MakeRow('group_forward_permissions', group_forward_permissions_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def RemoveForwardZonePermission(self, zone_name, group_name, group_permission): """Remove forward zone permissions. Inputs: zone_name: string of zone name group_name: string of group name group_permission: list of group permissions, i.e., ['a', 'aaaa', 'cname'] Outputs: int: number of rows affected """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) forward_zone_permissions_dict = self.db_instance.GetEmptyRowDict( 'forward_zone_permissions') forward_zone_permissions_dict['forward_zone_permissions_group_name'] = ( group_name) forward_zone_permissions_dict['forward_zone_permissions_zone_name'] = ( zone_name) row_count = 0 success = False try: self.db_instance.StartTransaction() try: group_forward_permissions_rows = [] forward_zone_permissions_rows = self.db_instance.ListRow( 'forward_zone_permissions', forward_zone_permissions_dict) if( len(forward_zone_permissions_rows) == 0 ): for permission in group_permission: group_forward_permissions_dict = self.db_instance.GetEmptyRowDict( 'group_forward_permissions') group_forward_permissions_dict[ 'group_forward_permissions_group_permission'] = permission group_forward_permissions_rows.append(self.db_instance.ListRow( 'group_forward_permissions', group_forward_permissions_dict)) for row in forward_zone_permissions_rows: forward_zone_permissions_dict['forward_zone_permissions_id'] = row[ 'forward_zone_permissions_id'] group_forward_permissions_list = [] if( group_permission is not None ): for permission in group_permission: group_forward_permissions_dict = { 'group_forward_permissions_forward_zone_permissions_id': ( row['forward_zone_permissions_id']), 'group_forward_permissions_group_permission': permission} group_forward_permissions_rows = self.db_instance.ListRow( 'group_forward_permissions', group_forward_permissions_dict) for group_forward_permissions_row in ( group_forward_permissions_rows): group_forward_permissions_list.append( group_forward_permissions_row[ 'group_forward_permissions_group_permission']) if( group_permission == group_forward_permissions_list ): row_count = row_count + self.db_instance.RemoveRow( 'forward_zone_permissions', forward_zone_permissions_dict) else: row_count = row_count + self.db_instance.RemoveRow( 'forward_zone_permissions', forward_zone_permissions_dict) ## Associated group_forward_permissions deleted by CASCADE in DB except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success) return row_count
[docs] def ListReverseRangePermissions(self, cidr_block=None, group_name=None, group_permission=None): """List reverse range permissions. Inputs: cidr_block: string of cidr block group_name: string of group name group_permission: list group permissions, i.e., ['a', 'aaaa', 'cname'] Outputs: dictionary keyed by group name with values of lists of dictionaries containing reverse ranges and group permissions example: {'dept': [{'cidr_block': '192.168.0/24', 'group_permission': [u'cname', u'ptr']}, {'cidr_block': '192.168.1/24', 'group_permission': [u'ptr']}], 'otherdept': [{'cidr_block': '192.168.1/24', 'group_permission': [u'cname', u'ns', u'ptr', u'soa']}]} """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) reverse_range_permissions_dict = self.db_instance.GetEmptyRowDict( 'reverse_range_permissions') reverse_range_permissions_dict['reverse_range_permissions_group_name'] = ( group_name) reverse_range_permissions_dict['reverse_range_permissions_cidr_block'] = ( cidr_block) group_reverse_permissions_dicts = [] reverse_range_permissions_rows = [] group_reverse_permissions_rows_dict = {} group_reverse_permissions = {} success = False try: self.db_instance.StartTransaction() try: reverse_range_permissions_rows = self.db_instance.ListRow( 'reverse_range_permissions', reverse_range_permissions_dict) for row in reverse_range_permissions_rows: group_reverse_permissions_dict = self.db_instance.GetEmptyRowDict( 'group_reverse_permissions') group_reverse_permissions_dict[ 'group_reverse_permissions_reverse_range_permissions_id'] = row[ 'reverse_range_permissions_id'] group_permissions_row_permission_list = [] for group_permissions_row in self.db_instance.ListRow( 'group_reverse_permissions', group_reverse_permissions_dict): group_permissions_row_permission_list.append(group_permissions_row[ 'group_reverse_permissions_group_permission']) if( group_permission is None or group_permission == ( group_permissions_row_permission_list) ): group_reverse_permissions_rows_dict.update({ str(row['reverse_range_permissions_id']): ( group_permissions_row_permission_list)}) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success) ## Construct dict to return reverse_range_perms_dict = {} for row in reverse_range_permissions_rows: if( str(row['reverse_range_permissions_id']) in ( group_reverse_permissions_rows_dict) ): if( row['reverse_range_permissions_group_name'] not in reverse_range_perms_dict ): reverse_range_perms_dict[ row['reverse_range_permissions_group_name']] = [] reverse_range_perms_dict[ row['reverse_range_permissions_group_name']].append( {'cidr_block': row['reverse_range_permissions_cidr_block'], 'group_permission': group_reverse_permissions_rows_dict[ str(row['reverse_range_permissions_id'])]}) return reverse_range_perms_dict
[docs] def MakeReverseRangePermission(self, cidr_block, group_name, group_permission=None): """Make reverse range permission. Inputs: cidr_block: string of cidr block group_name: string of group name group_permission: list of group permissions, i.e., ['cname', 'ptr'] """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) reverse_range_permissions_dict = self.db_instance.GetEmptyRowDict( 'reverse_range_permissions') reverse_range_permissions_dict['reverse_range_permissions_group_name'] = ( group_name) reverse_range_permissions_dict['reverse_range_permissions_cidr_block'] = ( cidr_block) success = False try: self.db_instance.StartTransaction() try: reverse_range_perm_id = self.db_instance.MakeRow( 'reverse_range_permissions', reverse_range_permissions_dict) ## Add associated group_forward_permissions for group_perm in group_permission: group_reverse_permissions_dict = self.db_instance.GetEmptyRowDict( 'group_reverse_permissions') group_reverse_permissions_dict[ 'group_reverse_permissions_reverse_range_permissions_id'] = ( reverse_range_perm_id) group_reverse_permissions_dict[ 'group_reverse_permissions_group_permission'] = ( group_perm) self.db_instance.MakeRow('group_reverse_permissions', group_reverse_permissions_dict) except: self.db_instance.EndTransaction(rollback=True) raise success = True self.db_instance.EndTransaction() finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def UpdateGroupReversePermission(self, cidr_block, group_name, new_permissions): """Updates forward zone group permissions Inputs: cidr_block: string of cidr_block group_name: string of group name new_permissions: list of permissions. (ex [u'a', u'aaaa', u'cname']) Raises: AuthorizationError: Group does not have access to supplied cidr block """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) reverse_range_permissions = self.ListReverseRangePermissions(cidr_block, group_name) if( group_name not in reverse_range_permissions ): raise errors.AuthorizationError('Trying to update permissions on cidr ' '%s not assigned to group %s.' % ( cidr_block, group_name)) else: current_permissions = reverse_range_permissions[group_name] for permission in current_permissions: if( permission['cidr_block'] == cidr_block ): current_permissions = permission['group_permission'] break else: raise errors.AuthorizationError('Trying to update permissions on cidr ' '%s not assigned to group %s.' % ( cidr_block, group_name)) add_permissions = list(set(new_permissions).difference(set( current_permissions))) remove_permissions = list(set(current_permissions).difference(set( new_permissions))) reverse_range_permissions_dict = self.db_instance.GetEmptyRowDict( 'reverse_range_permissions') group_reverse_permissions_dict = self.db_instance.GetEmptyRowDict( 'group_reverse_permissions') reverse_range_permissions_dict[ 'reverse_range_permissions_group_name'] = group_name reverse_range_permissions_dict[ 'reverse_range_permissions_cidr_block'] = cidr_block success = False try: self.db_instance.StartTransaction() try: reverse_range_permissions_row = self.db_instance.ListRow( 'reverse_range_permissions', reverse_range_permissions_dict) id = reverse_range_permissions_row[0]['reverse_range_permissions_id'] group_reverse_permissions_dict[ 'group_reverse_permissions_reverse_range_permissions_id'] = id for permission in remove_permissions: group_reverse_permissions_dict[ 'group_reverse_permissions_group_permission'] = permission self.db_instance.RemoveRow('group_reverse_permissions', group_reverse_permissions_dict) for permission in add_permissions: group_reverse_permissions_dict[ 'group_reverse_permissions_group_permission'] = permission self.db_instance.MakeRow('group_reverse_permissions', group_reverse_permissions_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def RemoveReverseRangePermission(self, cidr_block, group_name, group_permission): """Remove reverse range permissions. Inputs: cidr_block: string of cidr block group_name: string of group name group_permission: list of group permissions, i.e., ['a', 'aaaa', 'cname'] Outputs: int: number of rows affected """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) reverse_range_permissions_dict = self.db_instance.GetEmptyRowDict( 'reverse_range_permissions') reverse_range_permissions_dict['reverse_range_permissions_group_name'] = ( group_name) reverse_range_permissions_dict['reverse_range_permissions_cidr_block'] = ( cidr_block) row_count = 0 success = False try: self.db_instance.StartTransaction() try: group_reverse_permissions_rows = [] reverse_range_permissions_rows = self.db_instance.ListRow( 'reverse_range_permissions', reverse_range_permissions_dict) if( len(reverse_range_permissions_rows) == 0 ): for permission in group_permission: group_reverse_permissions_dict = self.db_instance.GetEmptyRowDict( 'group_reverse_permissions') group_reverse_permissions_dict[ 'group_reverse_permissions_group_permission'] = permission group_reverse_permissions_rows.append(self.db_instance.ListRow( 'group_reverse_permissions', group_reverse_permissions_dict)) for row in reverse_range_permissions_rows: reverse_range_permissions_dict['reverse_range_permissions_id'] = row[ 'reverse_range_permissions_id'] group_reverse_permissions_list = [] if( group_permission is not None ): for permission in group_permission: group_reverse_permissions_dict = { 'group_reverse_permissions_reverse_range_permissions_id': ( row['reverse_range_permissions_id']), 'group_reverse_permissions_group_permission': permission} group_reverse_permissions_rows = self.db_instance.ListRow( 'group_reverse_permissions', group_reverse_permissions_dict) for group_reverse_permissions_row in ( group_reverse_permissions_rows): group_reverse_permissions_list.append( group_reverse_permissions_row[ 'group_reverse_permissions_group_permission']) if( group_permission == group_reverse_permissions_list ): row_count = row_count + self.db_instance.RemoveRow( 'reverse_range_permissions', reverse_range_permissions_dict) else: row_count = row_count + self.db_instance.RemoveRow( 'reverse_range_permissions', reverse_range_permissions_dict) ## Associated group_reverse_permissions deleted by CASCADE in DB except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success) return row_count
[docs] def GetEmptyRecordArgsDict(self, record_type): """Gets record args dict for the record_type. Inputs: record_type: string of record type (example: u'mx') Outputs: dictionary: which is different for each record type. (example: {u'priority': 10, u'mail_server': 'mail.sub.university.edu.'}) """ return self.db_instance.GetEmptyRecordArgsDict(record_type)
[docs] def ListRecords(self, record_type=None, target=None, zone_name=None, view_name=None, ttl=None, record_args_dict=None): """Lists records. Inputs: record_type: string of record type (example: u'mx') target: string of target (example u'machine-01.sub.univeristy.edu.') zone_name: string of zone name (example u'sub.university.edu') ttl: int of time to live per record view_name: string of view name (example u'internal') record_args_dict: dictionary, which is different for each record type. an example dictionary can be obtained with the GetEmptyRecordArgsDict function in this class (example: {u'priority': 10, u'mail_server': 'mail.sub.university.edu.'}) Raises: UnexpectedDataError: Must specify record_type with record_args_dict. Outputs: list of record dictionaries Each dictionary can have different args depending on record type. All of them will include record_type, target, zone_name, ttl, and view_name regardless of record type. Below is an example of an mx record search. example: [{'record_type': 'mx', 'target': 'university.edu.', 'zone_name': 'university.edu', ttl: 3600, 'view_name': 'external', 'priority': 10, 'mail_server': 'smtp-01.university.edu.', 'last_user': 'sharrell}, {'record_type': 'mx', 'target': 'university.edu.', 'zone_name': 'university.edu', ttl: 3600, 'view_name': 'external', 'priority': 20, 'mail_server': 'smtp-02.university.edu.'}, 'last_user': 'sharrell}] """ if not record_args_dict: record_args_dict = {} self.user_instance.Authorize('ListRecords') if( view_name is not None and view_name != u'any' and not view_name.endswith('_dep') ): view_name = '%s_dep' % view_name records_dict = self.db_instance.GetEmptyRowDict('records') record_args_assignment_dict = self.db_instance.GetEmptyRowDict( 'record_arguments_records_assignments') records_dict['record_type'] = record_type records_dict['record_target'] = target records_dict['record_ttl'] = ttl records_dict['record_zone_name'] = zone_name records_dict['record_view_dependency'] = view_name if( record_args_dict ): if( record_type is None ): raise errors.UnexpectedDataError('Must specify record_type with ' 'record_args_dict') self.db_instance.ValidateRecordArgsDict(record_type, record_args_dict, none_ok=True) else: record_args_dict = {} self.db_instance.StartTransaction() try: records = self.db_instance.ListRow('records', records_dict, 'record_arguments_records_assignments', record_args_assignment_dict) finally: self.db_instance.EndTransaction() return helpers_lib.GetRecordsFromRecordRowsAndArgumentRows( records, record_args_dict)
[docs] def MakeRecord(self, record_type, target, zone_name, record_args_dict, view_name=None, ttl=None): """Makes a record. Please check core_helpers for functions to make certain records that need help before using this directly. For instance MakePTRRecord and MakeAAAARecord. Raises: InvalidInputError: "." not allowed as terminator in non-ptr target. InvalidInputError: An SOA cannot be made in the "any" view. InvalidInputError: CNAME already exists. InvalidInputError: Record already exists. InvalidInputError: Duplicate record found. Inputs: record_type: string of record type (example: u'mx') target: string of target (example u'machine-01') zone_name: string of zone name (example u'sub.university.edu') ttl: int of time to live per record view_name: string of view name (example u'internal') record_args_dict: dictionary, which is different for each record type. an example dictionary can be obtained with the GetEmptyRecordArgsDict function in this class (example: {u'priority': 10, u'mail_server': 'mail.sub.university.edu.'}) """ if( not self.db_instance.data_validation_instance.isTarget(target) ): raise errors.InvalidInputError('Target hostname is invalid. %s' % target) if( record_type != u'ptr' ): if( target.endswith('.') ): raise errors.InvalidInputError('"." not allowed as terminator in ' 'non-ptr target.') function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.db_instance.ValidateRecordArgsDict(record_type, record_args_dict) if( view_name is None or view_name == u'any'): if( record_type == u'soa' ): raise errors.InvalidInputError( 'An SOA cannot be made in the "any" view.') view_name = u'any' else: view_name = '%s_dep' % view_name self.user_instance.Authorize(function_name, {'target': target, 'zone_name': zone_name, 'view_name': view_name, 'record_type': record_type, 'record_args_dict' : record_args_dict}) if( ttl is None ): ttl = constants.DEFAULT_TTL if( record_type in ['cname', 'a', 'aaaa'] ): search_type = None else: search_type = record_type records_dict = {'records_id': None, 'record_target': target, 'record_type': None, 'record_ttl': None, 'record_zone_name': zone_name, 'record_view_dependency': view_name, 'record_last_user': None} record_args_assignment_dict = self.db_instance.GetEmptyRowDict( 'record_arguments_records_assignments') success = False try: self.db_instance.StartTransaction() try: if( record_type == 'cname' ): all_records = self.db_instance.ListRow('records', records_dict) if( len(all_records) > 0 ): raise errors.InvalidInputError('Record already exists with ' 'target %s.' % target) records_dict['record_type'] = u'cname' cname_records = self.db_instance.ListRow( 'records', records_dict) if( len(cname_records) > 0 ): raise errors.InvalidInputError('CNAME already exists with ' 'target %s.' % target) records_dict['record_type'] = search_type raw_records = self.db_instance.ListRow( 'records', records_dict, 'record_arguments_records_assignments', record_args_assignment_dict) current_records = ( helpers_lib.GetRecordsFromRecordRowsAndArgumentRows( raw_records, record_args_dict)) records_dict['record_ttl'] = ttl records_dict['record_type'] = record_type records_dict['record_last_user'] = self.user_instance.GetUserName() for record in current_records: for arg in record_args_dict: if( arg not in record ): break if( record_args_dict[arg] != record[arg] ): break else: raise errors.InvalidInputError('Duplicate record found') records_dict['record_type'] = record_type record_id = self.db_instance.MakeRow('records', records_dict) for arg_name in record_args_dict: record_argument_assignments_dict = { 'record_arguments_records_assignments_record_id': record_id, 'record_arguments_records_assignments_type': record_type, 'record_arguments_records_assignments_argument_name': arg_name, 'argument_value': unicode(record_args_dict[arg_name])} self.db_instance.MakeRow('record_arguments_records_assignments', record_argument_assignments_dict) if( record_type in constants.RECORD_TYPES_INDEXED_BY_IP ): self._AddRecordToIpIndex(record_type, zone_name, view_name, record_id, target, record_args_dict) self._IncrementSoa(view_name, zone_name) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def UpdateRecord(self, search_record_type, search_target, search_zone_name, search_record_args_dict, search_view_name=None, search_ttl=None, update_target=None, update_zone_name=None, update_record_args_dict={}, update_view_name=None, update_ttl=None): """Update record. Inputs: search_record_type: type of record search_target: target search_zone_name: name of zone search_record_args_dict: dictionary of record arguments search_view_name: name of view search_ttl: time to live update_target: target update_zone_name: name of zone update_record_args_dict: dictionary of record arguments update_view_name: name of view update_ttl: time to live Raises: InvalidInputError: "." not allowed as terminator in non-ptr target. InvalidInputError: Record already exists. InvalidInputError: CNAME already exists. InvalidInputError: Duplicate record found. InvalidInputError: No records found. InvalidInputError: Multiple records found for used search terms. """ if( search_record_type != u'ptr' ): if( update_target is not None and update_target.endswith('.') ): raise errors.InvalidInputError('"." not allowed as terminator in ' 'non-ptr target.') function_name, current_args = helpers_lib.GetFunctionNameAndArgs() if( search_view_name is None ): search_view_name = u'any' if( not search_view_name.endswith('_dep') and search_view_name != u'any'): search_view_name = '%s_dep' % search_view_name if( update_view_name is not None and not update_view_name.endswith('_dep') and update_view_name != u'any' ): update_view_name = '%s_dep' % update_view_name self.user_instance.Authorize(function_name, {'target': search_target, 'zone_name': search_zone_name, 'view_name': search_view_name, 'record_type': search_record_type, 'record_args_dict' : search_record_args_dict}) self.user_instance.Authorize(function_name, {'target': update_target, 'zone_name': update_zone_name, 'view_name': update_view_name, 'record_type': search_record_type, 'record_args_dict': update_record_args_dict}) search_records_dict = self.db_instance.GetEmptyRowDict('records') search_records_dict['record_type'] = search_record_type search_records_dict['record_zone_name'] = search_zone_name if( search_view_name is None ): search_view_name = u'any' if( not search_view_name.endswith('_dep') and search_view_name != u'any'): search_view_name = '%s_dep' % search_view_name search_records_dict['record_view_dependency'] = search_view_name search_records_dict['record_ttl'] = search_ttl search_args_list = [] self.db_instance.ValidateRecordArgsDict(search_record_type, search_record_args_dict, none_ok=True) for search_argument in search_record_args_dict: if( search_record_args_dict[search_argument] is None ): continue search_args_list.append( {u'record_arguments_records_assignments_argument_name': search_argument, u'record_arguments_records_assignments_type': search_record_type, u'argument_value': unicode(search_record_args_dict[search_argument]), u'record_arguments_records_assignments_record_id': None}) update_records_dict = self.db_instance.GetEmptyRowDict('records') update_records_dict['record_type'] = search_record_type update_records_dict['record_target'] = update_target update_records_dict['record_zone_name'] = update_zone_name update_records_dict['record_view_dependency'] = update_view_name update_records_dict['record_ttl'] = update_ttl update_args_list = [] if( update_record_args_dict ): self.db_instance.ValidateRecordArgsDict(search_record_type, update_record_args_dict, none_ok=True) for update_argument in update_record_args_dict: if( update_record_args_dict[update_argument] is None ): continue update_args_list.append( {u'record_arguments_records_assignments_argument_name': update_argument, u'record_arguments_records_assignments_type': search_record_type, u'argument_value': unicode(update_record_args_dict[update_argument]), u'record_arguments_records_assignments_record_id': None}) record_args_assignment_dict = self.db_instance.GetEmptyRowDict( 'record_arguments_records_assignments') merged_records_dict = {} for key in search_records_dict: merged_records_dict[helpers_lib.UnicodeString(key)] = ( helpers_lib.UnicodeString(search_records_dict[key])) for key in update_records_dict: if( key not in merged_records_dict or update_records_dict[key] is not None ): merged_records_dict[helpers_lib.UnicodeString(key)] = ( helpers_lib.UnicodeString(update_records_dict[key])) merged_record_args_dict = {} for key in search_record_args_dict: merged_record_args_dict[helpers_lib.UnicodeString(key)] = ( helpers_lib.UnicodeString(search_record_args_dict[key])) for key in update_record_args_dict: if( key not in merged_record_args_dict or update_record_args_dict[key] is not None ): merged_record_args_dict[helpers_lib.UnicodeString(key)] = ( helpers_lib.UnicodeString(update_record_args_dict[key])) success = False try: self.db_instance.StartTransaction() try: update_records_dict['record_type'] = None if( search_record_type == 'cname' ): all_records = self.db_instance.ListRow('records', update_records_dict) if( len(all_records) > 0 ): raise errors.InvalidInputError( 'Record already exists with target %s.' % ( update_target)) update_records_dict['record_type'] = u'cname' cname_records = self.db_instance.ListRow('records', update_records_dict) if( len(cname_records) > 0 ): raise errors.InvalidInputError( 'CNAME already exists with target %s.' % ( update_target)) update_records_dict['record_type'] = search_record_type raw_records = self.db_instance.ListRow( 'records', merged_records_dict, 'record_arguments_records_assignments', record_args_assignment_dict) current_records = ( helpers_lib.GetRecordsFromRecordRowsAndArgumentRows( raw_records, merged_record_args_dict)) update_records_dict['record_ttl'] = update_ttl for record in current_records: for arg in update_record_args_dict: if( record[arg] is None ): continue if( update_record_args_dict[arg] != record[arg] ): break else: raise errors.InvalidInputError('Duplicate record found') if( update_target is not None and update_target != search_target and (search_record_type == 'a' or search_record_type == 'cname') ): current_records = self.db_instance.ListRow('records', update_records_dict) args_search_list = [] record_ids = [] final_id = [] record_id_dict = {} for arg in search_args_list: args_search_list.append(self.db_instance.ListRow( 'record_arguments_records_assignments', arg)) for index, search_record_args in enumerate(args_search_list): record_ids.append([]) for search_args_dict in search_record_args: record_ids[index].append(search_args_dict[ u'record_arguments_records_assignments_record_id']) for id_list in record_ids: for search_id in id_list: if( search_id in record_id_dict ): record_id_dict[search_id] += 1 else: record_id_dict[search_id] = 1 existing_record_search_dict = search_records_dict existing_record_search_dict['record_target'] = search_target existing_records = self.db_instance.ListRow('records', existing_record_search_dict) existing_ids = [] for record in existing_records: existing_ids.append(record['records_id']) for record_id in record_id_dict: if( record_id_dict[record_id] == len(search_args_list) ): final_id.append(record_id) final_id_set = set(final_id).intersection(set(existing_ids)) if( len(final_id_set) == 0 ): raise errors.InvalidInputError('No records found.') elif( len(final_id_set) == 1 ): search_records_dict['records_id'] = final_id_set.pop() new_records = self.db_instance.ListRow('records', search_records_dict) self.db_instance.UpdateRow('records', new_records[0], update_records_dict) for update_args in update_args_list: for search_args in search_args_list: if( search_args[ 'record_arguments_records_assignments_argument_name'] == ( update_args[ 'record_arguments_records_assignments_argument_name']) ): self.db_instance.UpdateRow( 'record_arguments_records_assignments', search_args, update_args) else: raise errors.InvalidInputError( 'Multiple records found for used search ' 'terms.') if( update_view_name is None ): update_view_name = search_view_name if( update_zone_name is None ): update_zone_name = search_zone_name self._IncrementSoa(update_view_name, update_zone_name) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def RemoveRecord(self, record_type, target, zone_name, record_args_dict, view_name, ttl=None): """Remove record. Inputs: record_type: type of record target: target name zone_name: name of zone record_args_dict: dictionary of record arguments view_name: name of view ttl: time to live Raises: InvalidInputError: No records found. Multiple records found for used search terms. RecordError: Could not remove record for an unknown reason. """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() if( not view_name.endswith('_dep') and view_name != u'any'): view_name = '%s_dep' % view_name self.user_instance.Authorize(function_name, {'target': target, 'zone_name': zone_name, 'view_name': view_name, 'record_type': record_type, 'record_args_dict': record_args_dict}) records_dict = self.db_instance.GetEmptyRowDict('records') records_dict['record_type'] = record_type records_dict['record_target'] = target records_dict['record_zone_name'] = zone_name records_dict['record_view_dependency'] = view_name records_dict['record_ttl'] = ttl self.db_instance.ValidateRecordArgsDict(record_type, record_args_dict) args_list = [] for argument in record_args_dict: args_list.append( {u'record_arguments_records_assignments_argument_name': argument, u'record_arguments_records_assignments_type': record_type, u'argument_value': unicode(record_args_dict[argument]), u'record_arguments_records_assignments_record_id': None}) success = False try: self.db_instance.StartTransaction() try: new_records = self.db_instance.ListRow('records', records_dict) args_search_list = [] record_ids = [] final_id = [] record_id_dict = {} for arg in args_list: args_search_list.append(self.db_instance.ListRow( 'record_arguments_records_assignments', arg)) for index, record_args in enumerate(args_search_list): record_ids.append([]) for args_dict in record_args: record_ids[index].append(args_dict[ u'record_arguments_records_assignments_record_id']) for id_list in record_ids: for search_id in id_list: if( search_id in record_id_dict ): record_id_dict[search_id] += 1 else: record_id_dict[search_id] = 1 for record_id in record_id_dict: if( record_id_dict[record_id] == len(args_list) ): for record in new_records: if( record['records_id'] == record_id ): final_id.append(record_id) if( len(final_id) == 0 ): raise errors.InvalidInputError('No records found.') elif( len(final_id) == 1 ): records_dict['records_id'] = final_id[0] for record in new_records: if( record['records_id'] == final_id[0] ): self.db_instance.RemoveRow('records', record) break else: raise errors.RecordError('Could not remove record with ID "%s" ' 'for an unknown reason.' % final_id[0]) else: raise errors.InvalidInputError( 'Multiple records found for used search ' 'terms.') missing_ok = False if( record_type == u'soa' ): missing_ok = True self._IncrementSoa(view_name, zone_name, missing_ok=missing_ok) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def ListRecordArgumentDefinitions(self, record_type=None): """List record argument definitions. This is mainly for the exporter to programtically construct records for exporting. This function is duplicated in roster-config-manager/roster_config_manager/tree_exporter.py Inputs: record_type: string of record type Outputs: dictionary keyed by record type with values of lists of lists of record arguments sorted by argument order. example: {'mx': [{'argument_name': u'priority', 'record_arguments_type': u'mx', 'argument_data_type': u'UnsignedInt', 'argument_order': 0}, {'argument_name': u'mail_server', 'record_arguments_type': u'mx', 'argument_data_type': u'Hostname', 'argument_order': 1}]} """ self.user_instance.Authorize('ListRecordArgumentDefinitions') search_record_arguments_dict = self.db_instance.GetEmptyRowDict( 'record_arguments') search_record_arguments_dict['record_arguments_type'] = record_type self.db_instance.StartTransaction() try: record_arguments = self.db_instance.ListRow('record_arguments', search_record_arguments_dict) finally: self.db_instance.EndTransaction() sorted_record_arguments = {} for record_argument in record_arguments: current_record_type = record_argument['record_arguments_type'] del record_argument['record_arguments_type'] del record_argument['argument_data_type'] if( not current_record_type in sorted_record_arguments ): sorted_record_arguments[current_record_type] = [] sorted_record_arguments[current_record_type].append(record_argument) for record_argument in sorted_record_arguments: sorted_record_arguments[record_argument] = sorted( sorted_record_arguments[record_argument], key=lambda k: k['argument_order']) return sorted_record_arguments
[docs] def ListZoneTypes(self): """Lists zone types. Outputs: list: list of zone types, example: ['master', 'slave', 'forward'] """ self.user_instance.Authorize('ListZoneTypes') zone_types_dict = self.db_instance.GetEmptyRowDict('zone_types') self.db_instance.StartTransaction() try: zone_types = self.db_instance.ListRow('zone_types', zone_types_dict) finally: self.db_instance.EndTransaction() type_list = [] for zone_type in zone_types: type_list.append(zone_type['zone_type']) return type_list
[docs] def MakeZoneType(self, zone_type): """Makes a new zone type. Inputs: zone_type: string of zone type """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) zone_types_dict = {'zone_type': zone_type} success = False try: self.db_instance.StartTransaction() try: self.db_instance.MakeRow('zone_types', zone_types_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def RemoveZoneType(self, zone_type): """Removes a zone type. Inputs: zone_type: string of zone type Outputs: int: number of rows affected """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) search_zone_type_dict = self.db_instance.GetEmptyRowDict('zone_types') search_zone_type_dict['zone_type'] = zone_type row_count = 0 success = False try: self.db_instance.StartTransaction() try: found_zone_type = self.db_instance.ListRow('zone_types', search_zone_type_dict, lock_rows=True) if( found_zone_type ): row_count += self.db_instance.RemoveRow('zone_types', found_zone_type[0]) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success) return row_count
[docs] def ListNamedConfGlobalOptions(self, option_id=None, dns_server_set=None, timestamp=None): """Lists named conf global options Inputs: option_id: integer of named conf global option id dns_server_set: string of the dns server set name timestamp: datetime object of timestamp to search Outputs: named_conf_list: list of named conf global options """ self.user_instance.Authorize('ListNamedConfGlobalOptions') named_conf_global_options_dict = self.db_instance.GetEmptyRowDict( 'named_conf_global_options') named_conf_global_options_dict['named_conf_global_options_id'] = option_id named_conf_global_options_dict[ 'named_conf_global_options_dns_server_set_name'] = dns_server_set named_conf_global_options_dict['options_created'] = timestamp self.db_instance.StartTransaction() try: named_conf_options = self.db_instance.ListRow( 'named_conf_global_options', named_conf_global_options_dict) finally: self.db_instance.EndTransaction() named_conf_list = [] for named_conf_option in named_conf_options: global_options = iscpy.Deserialize(named_conf_option['global_options']) named_conf_list.append( {'id': named_conf_option['named_conf_global_options_id'], 'dns_server_set_name': named_conf_option[ 'named_conf_global_options_dns_server_set_name'], 'timestamp': named_conf_option['options_created'], 'options': global_options}) return named_conf_list
[docs] def MakeNamedConfGlobalOption(self, dns_server_set, options): """Makes named conf global option Inputs: dns_server_set: string of name of dns server set options: string of named conf file """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) named_conf_global_options_dict = self.db_instance.GetEmptyRowDict( 'named_conf_global_options') named_conf_global_options_dict[ 'named_conf_global_options_dns_server_set_name'] = dns_server_set named_conf_global_options_dict['global_options'] = u'%s' % iscpy.Serialize(options) timestamp = self.unittest_timestamp if( self.unittest_timestamp is None ): timestamp = datetime.datetime.now() named_conf_global_options_dict['options_created'] = timestamp success = False try: self.db_instance.StartTransaction() try: self.db_instance.MakeRow('named_conf_global_options', named_conf_global_options_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def MakeReservedWord(self, reserved_word): """Create a reserved word. Inputs: reserved_word: string of reserved word """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) reserved_word_dict = {'reserved_word': reserved_word} success = False try: self.db_instance.StartTransaction() try: self.db_instance.MakeRow('reserved_words', reserved_word_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def ListReservedWords(self): """Lists reserved words. Output: list: list of reserved words ex: ['reservedword1', 'reservedword2'] """ self.user_instance.Authorize('ListReservedWords') reserved_word_dict = self.db_instance.GetEmptyRowDict('reserved_words') self.db_instance.StartTransaction() try: reserved_words = self.db_instance.ListRow('reserved_words', reserved_word_dict) finally: self.db_instance.EndTransaction() reserved_word_list = [] for reserved_word in reserved_words: reserved_word_list.append(reserved_word['reserved_word']) return reserved_word_list
[docs] def RemoveReservedWord(self, reserved_word): """Removes a reserved word. Inputs: reserved_word: string of reserved word Outputs: int: number of rows modified """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) search_reserved_word_dict = self.db_instance.GetEmptyRowDict( 'reserved_words') search_reserved_word_dict['reserved_word'] = reserved_word row_count = 0 success = False try: self.db_instance.StartTransaction() try: found_reserved_word = self.db_instance.ListRow( 'reserved_words', search_reserved_word_dict, lock_rows=True) if( found_reserved_word ): row_count += self.db_instance.RemoveRow('reserved_words', found_reserved_word[0]) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success) return row_count
def _IncrementSoa(self, view_name, zone_name, missing_ok=False): """Increments soa serial number. Inputs: view_name: string of view name zone_name: string of view namea missing_ok: boolean of whether or not missing SOA records are allowed Raises: InvalidInputError: Multiple SOA records found.. RecordError: No SOA record found for zone. Outputs: int: number of rows modified """ soa_dict = self.db_instance.GetEmptyRowDict('records') soa_arguments_dict = self.db_instance.GetEmptyRowDict( 'record_arguments_records_assignments') zone_view_assignments_dict = self.db_instance.GetEmptyRowDict( 'zone_view_assignments') zone_view_assignments_dict['zone_view_assignments_zone_name'] = zone_name row_count = 0 soa_dict['record_type'] = u'soa' if( view_name is None ): view_name = u'any' zone_view_assignment_rows = self.db_instance.ListRow( 'zone_view_assignments', zone_view_assignments_dict) zone_view_assignments = {} for zone_view_assignment in zone_view_assignment_rows: zv_zone_name = zone_view_assignment['zone_view_assignments_zone_name'] zv_view_name = zone_view_assignment[ 'zone_view_assignments_view_dependency'] if( zv_zone_name not in zone_view_assignments ): zone_view_assignments[zv_zone_name] = [] zone_view_assignments[zv_zone_name].append(zv_view_name) view_deps = [view_name] if( view_name != u'any' and not view_name.endswith('_dep') ): view_deps = [u'%s_dep' % view_name] elif( view_name == u'any' ): view_deps = zone_view_assignments[zone_name] for view_name in view_deps: if( view_name == u'any' ): continue soa_dict['record_view_dependency'] = view_name soa_dict['record_zone_name'] = zone_name soa_records_list = self.db_instance.ListRow('records', soa_dict) if( len(soa_records_list) > 1 ): raise errors.InvalidInputError('Multiple SOA records found: %s' % str(soa_records_list)) if( len(soa_records_list) == 0 ): if( not missing_ok ): raise errors.RecordError( 'No SOA record found for zone "%s" view "%s".' % ( zone_name, view_name)) else: soa_records_list = soa_records_list[0] soa_arguments_dict[ 'record_arguments_records_assignments_record_id'] = ( soa_records_list['records_id']) soa_record_arguments = self.db_instance.ListRow( 'record_arguments_records_assignments', soa_arguments_dict) for argument in soa_record_arguments: if( argument[ 'record_arguments_records_assignments_argument_name'] == ( u'serial_number') ): serial_number = int(argument['argument_value']) search_soa_dict = argument if( serial_number >= constants.MAX_SOA_SERIAL ): soa_arguments_dict[u'argument_value'] = u'1' else: soa_arguments_dict[u'argument_value'] = unicode(serial_number + 1) row_count += self.db_instance.UpdateRow( 'record_arguments_records_assignments', search_soa_dict, soa_arguments_dict) return row_count def _AddRecordToIpIndex(self, record_type, zone_name, view_name, record_id, target, record_args_dict): """Add record to the ipv4 or ipv6 index. Inputs: record_type: string of type of record zone_name: string of zone name view_name: string of view_name record_id: int of id for record target: string of the target of the record record_args_dict: dictionary of args for the record """ ip = '' if( record_type == 'ptr' ): origin = self.db_instance.GetZoneOrigin(zone_name, view_name) ip = helpers_lib.UnReverseIP('%s.%s' % (target, origin)) if( self.db_instance.data_validation_instance is None ): self.db_instance.InitDataValidation() if( self.db_instance.data_validation_instance.isIPv4IPAddress(ip) ): record_type = 'a' elif( self.db_instance.data_validation_instance.isIPv6IPAddress(ip) ): record_type = 'aaaa' if( record_type == 'a' ): if( not ip ): ip = record_args_dict['assignment_ip'] decimal_ip = int(IPy.IP(ip).strDec()) ipv4_index_dict = {'ipv4_dec_address': decimal_ip, 'ipv4_index_record_id': record_id} self.db_instance.MakeRow('ipv4_index', ipv4_index_dict) if( record_type == 'aaaa' ): if( not ip ): ip = record_args_dict['assignment_ip'] ip_obj = IPy.IP(ip) decimal_ip_lower = ip_obj.int() & 0x0000000000000000ffffffffffffffff decimal_ip_upper = ip_obj.int() >> 64 ipv6_index_dict = {'ipv6_dec_upper': decimal_ip_upper, 'ipv6_dec_lower': decimal_ip_lower, 'ipv6_index_record_id': record_id} self.db_instance.MakeRow('ipv6_index', ipv6_index_dict) def _MakeCredential(self, credential, user_name, last_used=None, infinite_cred=False): """Create a credential. Inputs: user_name: string of user name credential: a 36 character uuid string infinite_cred: bool of infinite time to live last_used: datetime of access """ if( last_used is None ): last_used = datetime.datetime.now() infinite_cred = int(infinite_cred) credential_dict = {'credential': credential, 'credential_user_name': user_name, 'infinite_cred': infinite_cred, 'last_used_timestamp': last_used} self.db_instance.StartTransaction() try: self.db_instance.MakeRow('credentials', credential_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() def _ListCredentials(self, credential=None, user_name=None, infinite_cred=None, key_by_user=False): """Lists one or many credentials, if all args are None then list them all. Inputs: credential: uuid string of credential user_name: string of user name infinite_cred: boolean of infinite time to live key_by_user: boolean to key by user rather than credential Output: dictionary: keyed_by_user=False, a dictionary keyed by credential string. example: {'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx': {'user_name': 'sharrell', 'last_used_timestamp': 1970-10-10 23:00:00, 'infinite_cred': True}} keyed by the user name example: {'sharrell': {'credential': 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx', 'last_used_timestamp': 1970:10-10 23:00:00, 'infinite_cred': True}} """ credential_dict = {'credential': credential, 'credential_user_name': user_name, 'last_used_timestamp': None, 'infinite_cred': infinite_cred} self.db_instance.StartTransaction() try: credentials = self.db_instance.ListRow('credentials', credential_dict) finally: self.db_instance.EndTransaction() credentials_dict = {} if( key_by_user ): for credential in credentials: credentials_dict.update({credential['credential_user_name']: {u'credential': credential['credential'], u'last_used_timestamp': credential['last_used_timestamp'], u'infinite_cred': credential['infinite_cred']}}) else: for credential in credentials: credentials_dict.update({credential['credential']: {u'user': credential['credential_user_name'], u'last_used_timestamp': credential['last_used_timestamp'], u'infinite_cred': credential['infinite_cred']}}) return credentials_dict def _RemoveCredential(self, credential=None, user_name=None): """Removes a credential. Inputs: credential: uuid strong of credential user_name: string of user name Raises: UnexpectedDataError: Must specify at least one of the two possible arguments. Outputs: int: number of rows modified """ search_credential_dict = self.db_instance.GetEmptyRowDict('credentials') if ( credential is not None ): search_credential_dict['credential'] = credential else: if( user_name is None ): raise errors.UnexpectedDataError('Must specify at least one of the two ' 'possible arguments') search_credential_dict['credential_user_name'] = user_name row_count = 0 self.db_instance.StartTransaction() try: found_credential = self.db_instance.ListRow('credentials', search_credential_dict, lock_rows=True) if( found_credential ): # credential is a unique field, we know there is only one. row_count += self.db_instance.RemoveRow('credentials', found_credential[0]) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() return row_count def _UpdateCredential(self, search_credential=None, search_user_name=None, update_credential=None): """Updates a credential. Inputs: search_credential: uuid string of credential search_user_name: string of user name update_credential: uuid string of credential Outputs: int: number of rows modified """ search_credential_dict = self.db_instance.GetEmptyRowDict('credentials') update_credential_dict = self.db_instance.GetEmptyRowDict('credentials') if( search_credential is not None ): search_credential_dict['credential'] = search_credential else: search_credential_dict['credential_user_name'] = search_user_name update_credential_dict['credential'] = update_credential self.db_instance.StartTransaction() try: row_count = self.db_instance.UpdateRow('credentials', search_credential_dict, update_credential_dict) except: self.db_instance.EndTransaction(rollback=True) raise self.db_instance.EndTransaction() return row_count
[docs] def MakeInfiniteCredential(self, user_name, credential=None): """Creates an infinite credential. Inputs: user_name: string of user to create credential for. Outputs: string: credential string created """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) if( credential is None ): while( True ): credential = unicode(uuid.uuid4()) if( not self._ListCredentials(credential) ): break # This will preserve the actual credential arg which is None in the # audit args, while letting the replay args keep the actual value current_args['replay_args'][1] = credential success = False try: self._MakeCredential(credential, user_name, infinite_cred=True) success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def ListCredentials(self, credential=None, user_name=None, infinite_cred=None): """Lists infinte credentials. This function basically just calls _ListCredentials but runs Authorize before. Inputs: credential: string of specific credential that is being searched for user_name: string of name of user that is being searched for infinite_cred: bool of search for infinite or non infinite creds """ self.user_instance.Authorize(u'ListCredentials') return self._ListCredentials(credential=credential, user_name=user_name, infinite_cred=infinite_cred, key_by_user=True)
[docs] def RemoveCredential(self, credential=None, user_name=None): """Removes a credential This function will call _RemoveCredential after Authorize and then log it. Inputs: credential: string of credential to remove user_name: string of user name who has a credential to remove """ function_name, current_args = helpers_lib.GetFunctionNameAndArgs() self.user_instance.Authorize(function_name) success = False try: self._RemoveCredential(credential=credential, user_name=user_name) success = True finally: self.log_instance.LogAction(self.user_instance.user_name, function_name, current_args, success)
[docs] def ListAuditLog(self, user_name=None, action=None, success=None, begin_timestamp=None, end_timestamp=None): """Lists audit log Inputs: user_name: string of user name action: string of function success: intbool of success begin_timestamp: datetime object of beginning timestamp end_timestamp: datetime object of ending timestamp Raises: UnexpectedDataError: Missing begin_timestamp or end_timestamp. Outputs: dict: Dictionary of audit log ex: {'action': u'Action', 'data', u'Data', 'audit_log_timestamp': datetime.datetime, 'audit_log_user_name': u'username'} """ self.user_instance.Authorize('ListAuditLog') if( (begin_timestamp or end_timestamp) and not (begin_timestamp or end_timestamp) ): raise errors.UnexpectedDataError( 'Missing begin_timestamp or end_timestamp.') audit_dict = {'audit_log_id': None, 'audit_log_user_name': user_name, 'action': action, 'data': None, 'success': success, 'audit_log_timestamp': None} self.db_instance.StartTransaction() try: if( begin_timestamp and end_timestamp ): audit_log_rows = self.db_instance.ListRow( 'audit_log', audit_dict, column='audit_log_timestamp', is_date=True, range_values=(begin_timestamp, end_timestamp)) else: audit_log_rows = self.db_instance.ListRow('audit_log', audit_dict) finally: self.db_instance.EndTransaction() return audit_log_rows
[docs] def SetMaintenanceFlag(self, value): """Sets maintenance flag Inputs: value: boolean of flag on or off """ self.user_instance.Authorize('SetMaintenanceFlag') search_dict = {'lock_name': u'maintenance', 'locked': None} update_dict = {'lock_name': None, 'locked': int(value)} self.db_instance.StartTransaction() try: self.db_instance.UpdateRow('locks', search_dict, update_dict) finally: self.db_instance.EndTransaction()
[docs] def CheckMaintenanceFlag(self): """Checks maintenance flag Outputs: bool: value of flag on or off """ self.db_instance.StartTransaction() try: return self.db_instance.CheckMaintenanceFlag() finally: self.db_instance.EndTransaction()
[docs]def CheckCoreVersionMatches(version): """Does a version check between core and calling module Inputs: version: version to check against core's version Raises: VersionDiscrepancyError: version mismatch with core version. """ if( version != __version__ ): raise errors.VersionDiscrepancyError( 'version %s mismatch with core version %s' % (version, __version__))