Commit 40bbe00f authored by Alain Takoudjou's avatar Alain Takoudjou

slapos_erp5: add constraint to check CertificateAuthorityTool and SlapOS Pluggable Auth Service

parent ae1beab9
......@@ -2,6 +2,9 @@
<portal_type id="Business Configuration Module">
<item>SlapOSModuleIdGeneratorConstraint</item>
</portal_type>
<portal_type id="Certificate Authority Tool">
<item>CertificateAuthorityToolConsistencyConstraint</item>
</portal_type>
<portal_type id="Delivery Node Module">
<item>SlapOSModuleIdGeneratorConstraint</item>
</portal_type>
......
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="Property Sheet" module="erp5.portal_type"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>_count</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
</value>
</item>
<item>
<key> <string>_mt_index</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
</value>
</item>
<item>
<key> <string>_tree</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
</value>
</item>
<item>
<key> <string>description</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>CertificateAuthorityToolConsistencyConstraint</string> </value>
</item>
<item>
<key> <string>portal_type</string> </key>
<value> <string>Property Sheet</string> </value>
</item>
</dictionary>
</pickle>
</record>
<record id="2" aka="AAAAAAAAAAI=">
<pickle>
<global name="Length" module="BTrees.Length"/>
</pickle>
<pickle> <int>0</int> </pickle>
</record>
<record id="3" aka="AAAAAAAAAAM=">
<pickle>
<global name="OOBTree" module="BTrees.OOBTree"/>
</pickle>
<pickle>
<none/>
</pickle>
</record>
<record id="4" aka="AAAAAAAAAAQ=">
<pickle>
<global name="OOBTree" module="BTrees.OOBTree"/>
</pickle>
<pickle>
<none/>
</pickle>
</record>
</ZopeData>
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="Script Constraint" module="erp5.portal_type"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>_identity_criterion</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
</value>
</item>
<item>
<key> <string>_range_criterion</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
</value>
</item>
<item>
<key> <string>categories</string> </key>
<value>
<tuple>
<string>constraint_type/post_upgrade</string>
</tuple>
</value>
</item>
<item>
<key> <string>description</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>acl_users_check_slapos_pas_constraint</string> </value>
</item>
<item>
<key> <string>portal_type</string> </key>
<value> <string>Script Constraint</string> </value>
</item>
<item>
<key> <string>script_id</string> </key>
<value> <string>CertificateAuthorityTool_checkSlapOSPASConsistency</string> </value>
</item>
</dictionary>
</pickle>
</record>
<record id="2" aka="AAAAAAAAAAI=">
<pickle>
<global name="PersistentMapping" module="Persistence.mapping"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<dictionary/>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="3" aka="AAAAAAAAAAM=">
<pickle>
<global name="PersistentMapping" module="Persistence.mapping"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<dictionary/>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="Script Constraint" module="erp5.portal_type"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>_identity_criterion</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
</value>
</item>
<item>
<key> <string>_range_criterion</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
</value>
</item>
<item>
<key> <string>categories</string> </key>
<value>
<tuple>
<string>constraint_type/post_upgrade</string>
</tuple>
</value>
</item>
<item>
<key> <string>description</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>certificate_authority_consistency_constraint_constraint</string> </value>
</item>
<item>
<key> <string>portal_type</string> </key>
<value> <string>Script Constraint</string> </value>
</item>
<item>
<key> <string>script_id</string> </key>
<value> <string>CertificateAuthorityTool_checkCertificateAuthorityConsistency</string> </value>
</item>
</dictionary>
</pickle>
</record>
<record id="2" aka="AAAAAAAAAAI=">
<pickle>
<global name="PersistentMapping" module="Persistence.mapping"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<dictionary/>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="3" aka="AAAAAAAAAAM=">
<pickle>
<global name="PersistentMapping" module="Persistence.mapping"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<dictionary/>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
portal = context.getPortalObject()
error_list = []
portal_certificate_authority = getattr(portal, 'portal_certificate_authority', None)
promise_ca_path = portal.getPromiseParameter('portal_certificate_authority', 'certificate_authority_path')
def installCertificateAuthority():
portal_certificate_authority = getattr(portal, 'portal_certificate_authority', None)
if portal_certificate_authority is None:
portal.manage_addProduct['ERP5'].manage_addTool('ERP5 Certificate Authority Tool', None)
portal_certificate_authority = getattr(portal, 'portal_certificate_authority')
portal_certificate_authority.manage_editCertificateAuthorityTool(
certificate_authority_path=promise_ca_path)
if promise_ca_path is not None:
if portal_certificate_authority is None:
error_list.append("Certificate Authority Tool is not present")
elif portal_certificate_authority.certificate_authority_path != promise_ca_path:
error_list.append(
"Certificate Authority Tool (OpenSSL)is not configured as Expected: %s" %
"Expect %s\nGot %s" % (portal_certificate_authority.certificate_authority_path, promise_ca_path))
if len(error_list) > 0 and fixit:
installCertificateAuthority()
return []
return error_list
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>fixit=False, activate_kw={}, **kw</string> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>CertificateAuthorityTool_checkCertificateAuthorityConsistency</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
portal = context.getPortalObject()
slapos_plugin_dict = {
'IExtractionPlugin': [
'SlapOS Machine Authentication Plugin',
'ERP5 Access Token Extraction Plugin',
],
'IAuthenticationPlugin': [
'SlapOS Machine Authentication Plugin',
'SlapOS Shadow Authentication Plugin',
],
'IGroupsPlugin': [
'SlapOS Machine Authentication Plugin',
'SlapOS Shadow Authentication Plugin',
],
'IUserEnumerationPlugin': [
'SlapOS Machine Authentication Plugin',
'SlapOS Shadow Authentication Plugin',
]
}
def mergePASDictDifference(portal, d, fixit):
plugins = portal.acl_users.plugins
plugin_type_info = plugins.listPluginTypeInfo()
error_list = []
for plugin, active_list in d.iteritems():
plugin_info = [q for q in plugin_type_info if q['id'] == plugin][0]
found_list = plugins.listPlugins(plugin_info['interface'])
meta_type_list = [q[1].meta_type for q in found_list]
for expected in active_list:
if expected not in meta_type_list:
error = 'Plugin %s missing %s.' % (plugin, expected)
if fixit:
existing = [q for q in portal.acl_users.objectValues() if q.meta_type == expected]
if len(existing) == 0:
error_list.append('%s not found' % expected)
else:
plugins.activatePlugin(plugin_info['interface'], existing[0].getId())
error += ' Fixed.'
error_list.append(error)
return error_list
pas_difference = mergePASDictDifference(portal, slapos_plugin_dict, fixit)
if len(pas_difference) != 0:
message = "PAS not configured as expected"
if fixit:
message += ' (fixed). '
else:
message += ". "
message += "Difference:\n%s" % ('\n'.join(pas_difference), )
return [message]
return []
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>fixit=False, activate_kw={}, **kw</string> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>CertificateAuthorityTool_checkSlapOSPASConsistency</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
Business Configuration Module | SlapOSModuleIdGeneratorConstraint
Certificate Authority Tool | CertificateAuthorityToolConsistencyConstraint
Delivery Node Module | SlapOSModuleIdGeneratorConstraint
Workflow Module | SlapOSModuleIdGeneratorConstraint
\ No newline at end of file
PreferenceToolSlapOSConstraintPreference
CertificateAuthorityToolConsistencyConstraint
SlapOSModuleIdGeneratorConstraint
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment