2017-06-29 11:56:45 +02:00

280 lines
12 KiB
Python

# -*- coding: utf-8 -*-
#
# Copyright (c) 2014 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
# * Neither the name of Virtual Cable S.L. nor the names of its contributors
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
from __future__ import unicode_literals
from httplib2 import Http
import json
import sys
rest_url = 'http://172.27.0.1:8000/rest/'
headers = {}
# Hace login con el root, puede usarse cualquier autenticador y cualquier usuario, pero en la 1.5 solo está implementado poder hacer
# este tipo de login con el usuario "root"
def login():
global headers
h = Http()
# parameters = '{ "auth": "admin", "username": "root", "password": "temporal" }'
parameters = '{ "auth": "interna", "username": "admin", "password": "temporal" }'
resp, content = h.request(rest_url + 'auth/login', method='POST', body=parameters)
if resp['status'] != '200': # Authentication error due to incorrect parameters, bad request, etc...
print "Authentication error"
return -1
# resp contiene las cabeceras, content el contenido de la respuesta (que es json), pero aún está en formato texto
res = json.loads(content)
print "Authentication response: {}".format(res)
if res['result'] != 'ok': # Authentication error
print "Authentication error"
sys.exit(1)
headers['X-Auth-Token'] = res['token']
headers['content-type'] = 'application/json'
return 0
def logout():
global headers
h = Http()
resp, content = h.request(rest_url + 'auth/logout', headers=headers)
if resp['status'] != '200': # Logout error due to incorrect parameters, bad request, etc...
print "Error requesting logout"
return -1
# Return value of logout method is nonsense (returns always done right now, but it's not important)
return 0
def list_supported_auths_and_fields():
h = Http()
resp, content = h.request(rest_url + 'authenticators/types', headers=headers)
if resp['status'] != '200':
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
sys.exit(1)
r = json.loads(content)
for auth in r: # r is an array
print '* {}'.format(auth['name'])
for fld in auth: # every auth is converted to a dictionary in python by json.load
# Skip icon
if fld != 'icon':
print " > {}: {}".format(fld, auth[fld])
resp, content = h.request(rest_url + 'authenticators/gui/{}'.format(auth['type']), headers=headers)
if resp['status'] != '200':
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
sys.exit(1)
print " > GUI"
rr = json.loads(content)
for field in rr:
print " - Name: {}".format(field['name'])
print " - Value: {}".format(field['value'])
print " - GUI: "
for gui in field['gui']:
print " + {}: {}".format(gui, field['gui'][gui])
print " > Simplified fields:"
for field in rr:
print " - Name: {}, Type: {}, is Required?: {}".format(field['name'], field['gui']['type'], field['gui']['required'])
def create_simpleldap_auth():
h = Http()
# Keep in mind that parameters are related to kind of authenticator.
# To ensure what parameters you need, yo can invoke first its gui
# Take a look at list_supported_auths_and_fields method
data = {"tags":["Tag1","Tag2","Tag3"],"name":"name_Field","comments":"comments__Field","priority":"1","small_name":"label_Field","host":"host_Field","port":"389","ssl":False,"timeout":"10","username":"username__Field","password":"password_Field","ldapBase":"base_Field","userClass":"userClass_Field","userIdAttr":"userIdAttr_Field","userNameAttr":"userName_Field","groupClass":"groupClass_Field","groupIdAttr":"groupId_Field","memberAttr":"groupMembership_Field","data_type":"SimpleLdapAuthenticator"}
resp, content = h.request(rest_url + 'authenticators','PUT', headers=headers, body=json.dumps(data))
if resp['status'] != '200':
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
sys.exit(1)
# Expected content is something like this:
# {
# "numeric_id": 18,
# "groupIdAttr": "groupId_Field",
# "port": "389",
# "memberAttr": "groupMembership_Field",
# "id": "790b9d85-67ec-51dc-847f-dee1daa96a7c",
# "userClass": "userClass_Field",
# "permission": 96,
# "comments": "comments__Field",
# "users_count": 0,
# "priority": "1",
# "type": "SimpleLdapAuthenticator",
# "username": "username__Field",
# "ldapBase": "base_Field", "userNameAttr":
# "userName_Field",
# "tags": ["Tag1", "Tag2", "Tag3"],
# "groupClass": "groupClass_Field",
# "ssl": false,
# "host": "host_Field",
# "userIdAttr": "userIdAttr_Field",
# "password": "password_Field",
# "small_name": "label_Field",
# "name": "name_Field",
# "timeout": "10"
# }
r = json.loads(content)
print "Correctly created {} with id {}".format(r['name'], r['id'])
print "The record created was: {}".format(r)
return r
def delete_auth(auth_id):
h = Http()
# Sample delete URL for an auth
# http://172.27.0.1:8000/rest/authenticators/790b9d85-67ec-51dc-847f-dee1daa96a7c
# Method MUST be DELETE
resp, content = h.request(rest_url + 'authenticators/{}'.format(auth_id), 'DELETE', headers=headers)
if resp['status'] != '200':
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
sys.exit(1)
print "Correctly deleted {}".format(auth_id)
def create_internal_auth():
h = Http()
data = {"tags":[""],"name":"name_Field","comments":"comments_Field","priority":"1","small_name":"label_Field","differentForEachHost":False,"reverseDns":False,"acceptProxy":False,"data_type":"InternalDBAuth"}
resp, content = h.request(rest_url + 'authenticators','PUT', headers=headers, body=json.dumps(data))
if resp['status'] != '200':
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
sys.exit(1)
r = json.loads(content)
print "Correctly created {} with id {}".format(r['name'], r['id'])
print "The record created was: {}".format(r)
return r
def create_internal_group(auth_id):
h = Http()
# Type can also be a metagroup, composed of groups, but for this sample a group is enoutgh
data = {"type":"group","name":"groupname_Field","comments":"comments_Field","state":"A"}
resp, content = h.request(rest_url + 'authenticators/{}/groups'.format(auth_id),'PUT', headers=headers, body=json.dumps(data))
if resp['status'] != '200':
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
sys.exit(1)
r = json.loads(content)
print "Correctly created {} with id {}".format(r['name'], r['id'])
print "The record created was: {}".format(r)
return r
def delete_group(auth_id, group_id):
h = Http()
# Method MUST be DELETE
resp, content = h.request(rest_url + 'authenticators/{}/groups/{}'.format(auth_id, group_id), 'DELETE', headers=headers)
if resp['status'] != '200':
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
sys.exit(1)
print "Correctly deleted {}".format(auth_id)
def create_internal_user(auth_id, group_id):
# Note: internal users NEEDS to store password on UDS, description of auth describes if password field is needed (in this case, we need it)
# Also, if authenticator is marked as "external" on its description, the groups field will be ignored.
# On internal auths, we can incluide de ID of the groups we want this user to belong to, or it will not belong to any group
h = Http()
data = {"id":"","name":"username_Field","real_name":"name_Field","comments":"comments_Field","state":"A","staff_member":False, "is_admin":False,"password":"password_Field","groups":[group_id]}
resp, content = h.request(rest_url + 'authenticators/{}/users'.format(auth_id),'PUT', headers=headers, body=json.dumps(data))
if resp['status'] != '200':
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
sys.exit(1)
r = json.loads(content)
print "Correctly created {} with id {}".format(r['name'], r['id'])
print "The record created was: {}".format(r)
return r
def delete_user(auth_id, user_id):
# Deleting user will result in deleting in cascade all asigned resources (machines, apps, etc...)
h = Http()
# Method MUST be DELETE
resp, content = h.request(rest_url + 'authenticators/{}/users/{}'.format(auth_id, user_id), 'DELETE', headers=headers)
if resp['status'] != '200':
print "Error in request: \n-------------------\n{}\n{}\n----------------".format(resp, content)
sys.exit(1)
print "Correctly deleted {}".format(auth_id)
def list_currents_auths():
pass
if __name__ == '__main__':
if login() == 0: # If we can log in, will get the pools correctly
print "Listing supported auths and related info"
list_supported_auths_and_fields()
print "*******************************"
print "Creating a simple ldap authenticator"
auth = create_simpleldap_auth()
print "*******************************"
print "Deleting the created simple ldap authenticator"
delete_auth(auth['id'])
print "*******************************"
print "Creating internal auth"
auth = create_internal_auth()
print "*******************************"
print "Creating internal group"
print "*******************************"
group = create_internal_group(auth['id'])
print "Creating internal user"
print "*******************************"
user = create_internal_user(auth['id'], group['id'])
print "*******************************"
print "Deleting user"
delete_user(auth['id'], user['id'])
print "*******************************"
print "Deleting Group"
delete_group(auth['id'], group['id'])
print "*******************************"
print "Deleting the created internal auth"
delete_auth(auth['id'])