forked from shaba/openuds
280 lines
12 KiB
Python
280 lines
12 KiB
Python
# -*- coding: utf-8 -*-
|
|
|
|
#
|
|
# Copyright (c) 2014 Virtual Cable S.L.
|
|
# All rights reserved.
|
|
#
|
|
# Redistribution and use in source and binary forms, with or without modification,
|
|
# are permitted provided that the following conditions are met:
|
|
#
|
|
# * Redistributions of source code must retain the above copyright notice,
|
|
# this list of conditions and the following disclaimer.
|
|
# * Redistributions in binary form must reproduce the above copyright notice,
|
|
# this list of conditions and the following disclaimer in the documentation
|
|
# and/or other materials provided with the distribution.
|
|
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
|
|
# may be used to endorse or promote products derived from this software
|
|
# without specific prior written permission.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
|
|
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
|
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
|
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
'''
|
|
@author: Adolfo Gómez, dkmaster at dkmon dot com
|
|
'''
|
|
|
|
from __future__ import unicode_literals
|
|
|
|
from httplib2 import Http
|
|
import json
|
|
import sys
|
|
|
|
rest_url = 'http://172.27.0.1:8000/rest/'
|
|
|
|
|
|
|
|
headers = {}
|
|
|
|
# Hace login con el root, puede usarse cualquier autenticador y cualquier usuario, pero en la 1.5 solo está implementado poder hacer
|
|
# este tipo de login con el usuario "root"
|
|
def login():
|
|
global headers
|
|
h = Http()
|
|
|
|
# parameters = '{ "auth": "admin", "username": "root", "password": "temporal" }'
|
|
parameters = '{ "auth": "interna", "username": "admin", "password": "temporal" }'
|
|
|
|
resp, content = h.request(rest_url + 'auth/login', method='POST', body=parameters)
|
|
|
|
if resp['status'] != '200': # Authentication error due to incorrect parameters, bad request, etc...
|
|
print "Authentication error"
|
|
return -1
|
|
|
|
# resp contiene las cabeceras, content el contenido de la respuesta (que es json), pero aún está en formato texto
|
|
res = json.loads(content)
|
|
print "Authentication response: {}".format(res)
|
|
if res['result'] != 'ok': # Authentication error
|
|
print "Authentication error"
|
|
sys.exit(1)
|
|
|
|
headers['X-Auth-Token'] = res['token']
|
|
headers['content-type'] = 'application/json'
|
|
|
|
return 0
|
|
|
|
def logout():
|
|
global headers
|
|
h = Http()
|
|
|
|
resp, content = h.request(rest_url + 'auth/logout', headers=headers)
|
|
|
|
if resp['status'] != '200': # Logout error due to incorrect parameters, bad request, etc...
|
|
print "Error requesting logout"
|
|
return -1
|
|
|
|
# Return value of logout method is nonsense (returns always done right now, but it's not important)
|
|
|
|
return 0
|
|
|
|
def list_supported_auths_and_fields():
|
|
h = Http()
|
|
|
|
resp, content = h.request(rest_url + 'authenticators/types', headers=headers)
|
|
if resp['status'] != '200':
|
|
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
|
|
sys.exit(1)
|
|
|
|
r = json.loads(content)
|
|
|
|
for auth in r: # r is an array
|
|
print '* {}'.format(auth['name'])
|
|
for fld in auth: # every auth is converted to a dictionary in python by json.load
|
|
# Skip icon
|
|
if fld != 'icon':
|
|
print " > {}: {}".format(fld, auth[fld])
|
|
resp, content = h.request(rest_url + 'authenticators/gui/{}'.format(auth['type']), headers=headers)
|
|
if resp['status'] != '200':
|
|
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
|
|
sys.exit(1)
|
|
|
|
print " > GUI"
|
|
rr = json.loads(content)
|
|
for field in rr:
|
|
print " - Name: {}".format(field['name'])
|
|
print " - Value: {}".format(field['value'])
|
|
print " - GUI: "
|
|
for gui in field['gui']:
|
|
print " + {}: {}".format(gui, field['gui'][gui])
|
|
print " > Simplified fields:"
|
|
for field in rr:
|
|
print " - Name: {}, Type: {}, is Required?: {}".format(field['name'], field['gui']['type'], field['gui']['required'])
|
|
|
|
def create_simpleldap_auth():
|
|
h = Http()
|
|
|
|
# Keep in mind that parameters are related to kind of authenticator.
|
|
# To ensure what parameters you need, yo can invoke first its gui
|
|
# Take a look at list_supported_auths_and_fields method
|
|
data = {"tags":["Tag1","Tag2","Tag3"],"name":"name_Field","comments":"comments__Field","priority":"1","small_name":"label_Field","host":"host_Field","port":"389","ssl":False,"timeout":"10","username":"username__Field","password":"password_Field","ldapBase":"base_Field","userClass":"userClass_Field","userIdAttr":"userIdAttr_Field","userNameAttr":"userName_Field","groupClass":"groupClass_Field","groupIdAttr":"groupId_Field","memberAttr":"groupMembership_Field","data_type":"SimpleLdapAuthenticator"}
|
|
resp, content = h.request(rest_url + 'authenticators','PUT', headers=headers, body=json.dumps(data))
|
|
if resp['status'] != '200':
|
|
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
|
|
sys.exit(1)
|
|
|
|
# Expected content is something like this:
|
|
# {
|
|
# "numeric_id": 18,
|
|
# "groupIdAttr": "groupId_Field",
|
|
# "port": "389",
|
|
# "memberAttr": "groupMembership_Field",
|
|
# "id": "790b9d85-67ec-51dc-847f-dee1daa96a7c",
|
|
# "userClass": "userClass_Field",
|
|
# "permission": 96,
|
|
# "comments": "comments__Field",
|
|
# "users_count": 0,
|
|
# "priority": "1",
|
|
# "type": "SimpleLdapAuthenticator",
|
|
# "username": "username__Field",
|
|
# "ldapBase": "base_Field", "userNameAttr":
|
|
# "userName_Field",
|
|
# "tags": ["Tag1", "Tag2", "Tag3"],
|
|
# "groupClass": "groupClass_Field",
|
|
# "ssl": false,
|
|
# "host": "host_Field",
|
|
# "userIdAttr": "userIdAttr_Field",
|
|
# "password": "password_Field",
|
|
# "small_name": "label_Field",
|
|
# "name": "name_Field",
|
|
# "timeout": "10"
|
|
# }
|
|
r = json.loads(content)
|
|
print "Correctly created {} with id {}".format(r['name'], r['id'])
|
|
print "The record created was: {}".format(r)
|
|
return r
|
|
|
|
def delete_auth(auth_id):
|
|
h = Http()
|
|
|
|
# Sample delete URL for an auth
|
|
# http://172.27.0.1:8000/rest/authenticators/790b9d85-67ec-51dc-847f-dee1daa96a7c
|
|
# Method MUST be DELETE
|
|
resp, content = h.request(rest_url + 'authenticators/{}'.format(auth_id), 'DELETE', headers=headers)
|
|
if resp['status'] != '200':
|
|
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
|
|
sys.exit(1)
|
|
|
|
print "Correctly deleted {}".format(auth_id)
|
|
|
|
def create_internal_auth():
|
|
h = Http()
|
|
|
|
data = {"tags":[""],"name":"name_Field","comments":"comments_Field","priority":"1","small_name":"label_Field","differentForEachHost":False,"reverseDns":False,"acceptProxy":False,"data_type":"InternalDBAuth"}
|
|
resp, content = h.request(rest_url + 'authenticators','PUT', headers=headers, body=json.dumps(data))
|
|
if resp['status'] != '200':
|
|
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
|
|
sys.exit(1)
|
|
|
|
r = json.loads(content)
|
|
print "Correctly created {} with id {}".format(r['name'], r['id'])
|
|
print "The record created was: {}".format(r)
|
|
return r
|
|
|
|
def create_internal_group(auth_id):
|
|
h = Http()
|
|
|
|
# Type can also be a metagroup, composed of groups, but for this sample a group is enoutgh
|
|
data = {"type":"group","name":"groupname_Field","comments":"comments_Field","state":"A"}
|
|
resp, content = h.request(rest_url + 'authenticators/{}/groups'.format(auth_id),'PUT', headers=headers, body=json.dumps(data))
|
|
if resp['status'] != '200':
|
|
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
|
|
sys.exit(1)
|
|
|
|
r = json.loads(content)
|
|
print "Correctly created {} with id {}".format(r['name'], r['id'])
|
|
print "The record created was: {}".format(r)
|
|
return r
|
|
|
|
def delete_group(auth_id, group_id):
|
|
h = Http()
|
|
|
|
# Method MUST be DELETE
|
|
resp, content = h.request(rest_url + 'authenticators/{}/groups/{}'.format(auth_id, group_id), 'DELETE', headers=headers)
|
|
if resp['status'] != '200':
|
|
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
|
|
sys.exit(1)
|
|
|
|
print "Correctly deleted {}".format(auth_id)
|
|
|
|
|
|
def create_internal_user(auth_id, group_id):
|
|
# Note: internal users NEEDS to store password on UDS, description of auth describes if password field is needed (in this case, we need it)
|
|
# Also, if authenticator is marked as "external" on its description, the groups field will be ignored.
|
|
# On internal auths, we can incluide de ID of the groups we want this user to belong to, or it will not belong to any group
|
|
h = Http()
|
|
|
|
data = {"id":"","name":"username_Field","real_name":"name_Field","comments":"comments_Field","state":"A","staff_member":False, "is_admin":False,"password":"password_Field","groups":[group_id]}
|
|
|
|
resp, content = h.request(rest_url + 'authenticators/{}/users'.format(auth_id),'PUT', headers=headers, body=json.dumps(data))
|
|
if resp['status'] != '200':
|
|
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
|
|
sys.exit(1)
|
|
|
|
r = json.loads(content)
|
|
print "Correctly created {} with id {}".format(r['name'], r['id'])
|
|
print "The record created was: {}".format(r)
|
|
return r
|
|
|
|
def delete_user(auth_id, user_id):
|
|
# Deleting user will result in deleting in cascade all asigned resources (machines, apps, etc...)
|
|
|
|
h = Http()
|
|
|
|
# Method MUST be DELETE
|
|
resp, content = h.request(rest_url + 'authenticators/{}/users/{}'.format(auth_id, user_id), 'DELETE', headers=headers)
|
|
if resp['status'] != '200':
|
|
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
|
|
sys.exit(1)
|
|
|
|
print "Correctly deleted {}".format(auth_id)
|
|
|
|
def list_currents_auths():
|
|
pass
|
|
|
|
if __name__ == '__main__':
|
|
if login() == 0: # If we can log in, will get the pools correctly
|
|
print "Listing supported auths and related info"
|
|
list_supported_auths_and_fields()
|
|
print "*******************************"
|
|
print "Creating a simple ldap authenticator"
|
|
auth = create_simpleldap_auth()
|
|
print "*******************************"
|
|
print "Deleting the created simple ldap authenticator"
|
|
delete_auth(auth['id'])
|
|
print "*******************************"
|
|
print "Creating internal auth"
|
|
auth = create_internal_auth()
|
|
print "*******************************"
|
|
print "Creating internal group"
|
|
print "*******************************"
|
|
group = create_internal_group(auth['id'])
|
|
print "Creating internal user"
|
|
print "*******************************"
|
|
user = create_internal_user(auth['id'], group['id'])
|
|
print "*******************************"
|
|
print "Deleting user"
|
|
delete_user(auth['id'], user['id'])
|
|
print "*******************************"
|
|
print "Deleting Group"
|
|
delete_group(auth['id'], group['id'])
|
|
print "*******************************"
|
|
print "Deleting the created internal auth"
|
|
delete_auth(auth['id'])
|