2017-06-29 12:56:45 +03:00
# -*- coding: utf-8 -*-
#
# Copyright (c) 2014 Virtual Cable S.L.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
2023-06-22 17:04:11 +03:00
# * Neither the name of Virtual Cable S.L.U. nor the names of its contributors
2017-06-29 12:56:45 +03:00
# may be used to endorse or promote products derived from this software
# without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
'''
2024-05-25 18:28:44 +03:00
Author : Adolfo Gómez , dkmaster at dkmon dot com
2017-06-29 12:56:45 +03:00
'''
from __future__ import unicode_literals
from httplib2 import Http
import json
import sys
rest_url = ' http://172.27.0.1:8000/rest/ '
headers = { }
# Hace login con el root, puede usarse cualquier autenticador y cualquier usuario, pero en la 1.5 solo está implementado poder hacer
# este tipo de login con el usuario "root"
def login ( ) :
global headers
h = Http ( )
# parameters = '{ "auth": "admin", "username": "root", "password": "temporal" }'
parameters = ' { " auth " : " interna " , " username " : " admin " , " password " : " temporal " } '
resp , content = h . request ( rest_url + ' auth/login ' , method = ' POST ' , body = parameters )
if resp [ ' status ' ] != ' 200 ' : # Authentication error due to incorrect parameters, bad request, etc...
print " Authentication error "
return - 1
# resp contiene las cabeceras, content el contenido de la respuesta (que es json), pero aún está en formato texto
res = json . loads ( content )
print " Authentication response: {} " . format ( res )
if res [ ' result ' ] != ' ok ' : # Authentication error
print " Authentication error "
sys . exit ( 1 )
headers [ ' X-Auth-Token ' ] = res [ ' token ' ]
headers [ ' content-type ' ] = ' application/json '
return 0
def logout ( ) :
global headers
h = Http ( )
resp , content = h . request ( rest_url + ' auth/logout ' , headers = headers )
if resp [ ' status ' ] != ' 200 ' : # Logout error due to incorrect parameters, bad request, etc...
print " Error requesting logout "
return - 1
# Return value of logout method is nonsense (returns always done right now, but it's not important)
return 0
def list_supported_auths_and_fields ( ) :
h = Http ( )
resp , content = h . request ( rest_url + ' authenticators/types ' , headers = headers )
if resp [ ' status ' ] != ' 200 ' :
print " Error in request: \n ------------------- \n {} \n {} \n ---------------- " . format ( resp , content )
sys . exit ( 1 )
r = json . loads ( content )
for auth in r : # r is an array
print ' * {} ' . format ( auth [ ' name ' ] )
for fld in auth : # every auth is converted to a dictionary in python by json.load
# Skip icon
if fld != ' icon ' :
print " > {} : {} " . format ( fld , auth [ fld ] )
resp , content = h . request ( rest_url + ' authenticators/gui/ {} ' . format ( auth [ ' type ' ] ) , headers = headers )
if resp [ ' status ' ] != ' 200 ' :
print " Error in request: \n ------------------- \n {} \n {} \n ---------------- " . format ( resp , content )
sys . exit ( 1 )
print " > GUI "
rr = json . loads ( content )
for field in rr :
print " - Name: {} " . format ( field [ ' name ' ] )
print " - Value: {} " . format ( field [ ' value ' ] )
print " - GUI: "
for gui in field [ ' gui ' ] :
print " + {} : {} " . format ( gui , field [ ' gui ' ] [ gui ] )
print " > Simplified fields: "
for field in rr :
print " - Name: {} , Type: {} , is Required?: {} " . format ( field [ ' name ' ] , field [ ' gui ' ] [ ' type ' ] , field [ ' gui ' ] [ ' required ' ] )
def create_simpleldap_auth ( ) :
h = Http ( )
# Keep in mind that parameters are related to kind of authenticator.
# To ensure what parameters you need, yo can invoke first its gui
# Take a look at list_supported_auths_and_fields method
data = { " tags " : [ " Tag1 " , " Tag2 " , " Tag3 " ] , " name " : " name_Field " , " comments " : " comments__Field " , " priority " : " 1 " , " small_name " : " label_Field " , " host " : " host_Field " , " port " : " 389 " , " ssl " : False , " timeout " : " 10 " , " username " : " username__Field " , " password " : " password_Field " , " ldapBase " : " base_Field " , " userClass " : " userClass_Field " , " userIdAttr " : " userIdAttr_Field " , " userNameAttr " : " userName_Field " , " groupClass " : " groupClass_Field " , " groupIdAttr " : " groupId_Field " , " memberAttr " : " groupMembership_Field " , " data_type " : " SimpleLdapAuthenticator " }
resp , content = h . request ( rest_url + ' authenticators ' , ' PUT ' , headers = headers , body = json . dumps ( data ) )
if resp [ ' status ' ] != ' 200 ' :
print " Error in request: \n ------------------- \n {} \n {} \n ---------------- " . format ( resp , content )
sys . exit ( 1 )
# Expected content is something like this:
# {
# "numeric_id": 18,
# "groupIdAttr": "groupId_Field",
# "port": "389",
# "memberAttr": "groupMembership_Field",
# "id": "790b9d85-67ec-51dc-847f-dee1daa96a7c",
# "userClass": "userClass_Field",
# "permission": 96,
# "comments": "comments__Field",
# "users_count": 0,
# "priority": "1",
# "type": "SimpleLdapAuthenticator",
# "username": "username__Field",
# "ldapBase": "base_Field", "userNameAttr":
# "userName_Field",
# "tags": ["Tag1", "Tag2", "Tag3"],
# "groupClass": "groupClass_Field",
# "ssl": false,
# "host": "host_Field",
# "userIdAttr": "userIdAttr_Field",
# "password": "password_Field",
# "small_name": "label_Field",
# "name": "name_Field",
# "timeout": "10"
# }
r = json . loads ( content )
print " Correctly created {} with id {} " . format ( r [ ' name ' ] , r [ ' id ' ] )
print " The record created was: {} " . format ( r )
return r
def delete_auth ( auth_id ) :
h = Http ( )
# Sample delete URL for an auth
# http://172.27.0.1:8000/rest/authenticators/790b9d85-67ec-51dc-847f-dee1daa96a7c
# Method MUST be DELETE
resp , content = h . request ( rest_url + ' authenticators/ {} ' . format ( auth_id ) , ' DELETE ' , headers = headers )
if resp [ ' status ' ] != ' 200 ' :
print " Error in request: \n ------------------- \n {} \n {} \n ---------------- " . format ( resp , content )
sys . exit ( 1 )
print " Correctly deleted {} " . format ( auth_id )
def create_internal_auth ( ) :
h = Http ( )
data = { " tags " : [ " " ] , " name " : " name_Field " , " comments " : " comments_Field " , " priority " : " 1 " , " small_name " : " label_Field " , " differentForEachHost " : False , " reverseDns " : False , " acceptProxy " : False , " data_type " : " InternalDBAuth " }
resp , content = h . request ( rest_url + ' authenticators ' , ' PUT ' , headers = headers , body = json . dumps ( data ) )
if resp [ ' status ' ] != ' 200 ' :
print " Error in request: \n ------------------- \n {} \n {} \n ---------------- " . format ( resp , content )
sys . exit ( 1 )
r = json . loads ( content )
print " Correctly created {} with id {} " . format ( r [ ' name ' ] , r [ ' id ' ] )
print " The record created was: {} " . format ( r )
return r
def create_internal_group ( auth_id ) :
h = Http ( )
# Type can also be a metagroup, composed of groups, but for this sample a group is enoutgh
data = { " type " : " group " , " name " : " groupname_Field " , " comments " : " comments_Field " , " state " : " A " }
resp , content = h . request ( rest_url + ' authenticators/ {} /groups ' . format ( auth_id ) , ' PUT ' , headers = headers , body = json . dumps ( data ) )
if resp [ ' status ' ] != ' 200 ' :
print " Error in request: \n ------------------- \n {} \n {} \n ---------------- " . format ( resp , content )
sys . exit ( 1 )
r = json . loads ( content )
print " Correctly created {} with id {} " . format ( r [ ' name ' ] , r [ ' id ' ] )
print " The record created was: {} " . format ( r )
return r
def delete_group ( auth_id , group_id ) :
h = Http ( )
# Method MUST be DELETE
resp , content = h . request ( rest_url + ' authenticators/ {} /groups/ {} ' . format ( auth_id , group_id ) , ' DELETE ' , headers = headers )
if resp [ ' status ' ] != ' 200 ' :
print " Error in request: \n ------------------- \n {} \n {} \n ---------------- " . format ( resp , content )
sys . exit ( 1 )
print " Correctly deleted {} " . format ( auth_id )
def create_internal_user ( auth_id , group_id ) :
# Note: internal users NEEDS to store password on UDS, description of auth describes if password field is needed (in this case, we need it)
# Also, if authenticator is marked as "external" on its description, the groups field will be ignored.
# On internal auths, we can incluide de ID of the groups we want this user to belong to, or it will not belong to any group
h = Http ( )
data = { " id " : " " , " name " : " username_Field " , " real_name " : " name_Field " , " comments " : " comments_Field " , " state " : " A " , " staff_member " : False , " is_admin " : False , " password " : " password_Field " , " groups " : [ group_id ] }
resp , content = h . request ( rest_url + ' authenticators/ {} /users ' . format ( auth_id ) , ' PUT ' , headers = headers , body = json . dumps ( data ) )
if resp [ ' status ' ] != ' 200 ' :
print " Error in request: \n ------------------- \n {} \n {} \n ---------------- " . format ( resp , content )
sys . exit ( 1 )
r = json . loads ( content )
print " Correctly created {} with id {} " . format ( r [ ' name ' ] , r [ ' id ' ] )
print " The record created was: {} " . format ( r )
return r
def delete_user ( auth_id , user_id ) :
# Deleting user will result in deleting in cascade all asigned resources (machines, apps, etc...)
h = Http ( )
# Method MUST be DELETE
resp , content = h . request ( rest_url + ' authenticators/ {} /users/ {} ' . format ( auth_id , user_id ) , ' DELETE ' , headers = headers )
if resp [ ' status ' ] != ' 200 ' :
print " Error in request: \n ------------------- \n {} \n {} \n ---------------- " . format ( resp , content )
sys . exit ( 1 )
print " Correctly deleted {} " . format ( auth_id )
def list_currents_auths ( ) :
pass
if __name__ == ' __main__ ' :
if login ( ) == 0 : # If we can log in, will get the pools correctly
print " Listing supported auths and related info "
list_supported_auths_and_fields ( )
print " ******************************* "
print " Creating a simple ldap authenticator "
auth = create_simpleldap_auth ( )
print " ******************************* "
print " Deleting the created simple ldap authenticator "
delete_auth ( auth [ ' id ' ] )
print " ******************************* "
print " Creating internal auth "
auth = create_internal_auth ( )
print " ******************************* "
print " Creating internal group "
print " ******************************* "
group = create_internal_group ( auth [ ' id ' ] )
print " Creating internal user "
print " ******************************* "
user = create_internal_user ( auth [ ' id ' ] , group [ ' id ' ] )
print " ******************************* "
print " Deleting user "
delete_user ( auth [ ' id ' ] , user [ ' id ' ] )
print " ******************************* "
print " Deleting Group "
delete_group ( auth [ ' id ' ] , group [ ' id ' ] )
print " ******************************* "
print " Deleting the created internal auth "
delete_auth ( auth [ ' id ' ] )