slapos_erp5: add constraint to check CertificateAuthorityTool and SlapOS Pluggable Auth Service

40bbe00f · Alain Takoudjou · ae1beab9 · 40bbe00f · 40bbe00f · 40bbe00f
Commit 40bbe00f authored May 06, 2016 by Alain Takoudjou
10 changed files
--- a/master/bt5/slapos_erp5/PortalTypePropertySheetTemplateItem/property_sheet_list.xml
+++ b/master/bt5/slapos_erp5/PortalTypePropertySheetTemplateItem/property_sheet_list.xml
@@ -2,6 +2,9 @@
 <portal_type id="Business Configuration Module">
  <item>SlapOSModuleIdGeneratorConstraint</item>
 </portal_type>
+ <portal_type id="Certificate Authority Tool">
+  <item>CertificateAuthorityToolConsistencyConstraint</item>
+ </portal_type>
 <portal_type id="Delivery Node Module">
  <item>SlapOSModuleIdGeneratorConstraint</item>
 </portal_type>

--- a/master/bt5/slapos_erp5/PropertySheetTemplateItem/portal_property_sheets/CertificateAuthorityToolConsistencyConstraint.xml
+++ b/master/bt5/slapos_erp5/PropertySheetTemplateItem/portal_property_sheets/CertificateAuthorityToolConsistencyConstraint.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Property Sheet" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_count</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>_mt_index</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>_tree</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>CertificateAuthorityToolConsistencyConstraint</string> </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Property Sheet</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="Length" module="BTrees.Length"/>
+    </pickle>
+    <pickle> <int>0</int> </pickle>
+  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
+    <pickle>
+      <global name="OOBTree" module="BTrees.OOBTree"/>
+    </pickle>
+    <pickle>
+      <none/>
+    </pickle>
+  </record>
+  <record id="4" aka="AAAAAAAAAAQ=">
+    <pickle>
+      <global name="OOBTree" module="BTrees.OOBTree"/>
+    </pickle>
+    <pickle>
+      <none/>
+    </pickle>
+  </record>
+</ZopeData>
--- a/master/bt5/slapos_erp5/PropertySheetTemplateItem/portal_property_sheets/CertificateAuthorityToolConsistencyConstraint/acl_users_check_slapos_pas_constraint.xml
+++ b/master/bt5/slapos_erp5/PropertySheetTemplateItem/portal_property_sheets/CertificateAuthorityToolConsistencyConstraint/acl_users_check_slapos_pas_constraint.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Script Constraint" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_identity_criterion</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>_range_criterion</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>categories</string> </key>
+            <value>
+              <tuple>
+                <string>constraint_type/post_upgrade</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>acl_users_check_slapos_pas_constraint</string> </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Script Constraint</string> </value>
+        </item>
+        <item>
+            <key> <string>script_id</string> </key>
+            <value> <string>CertificateAuthorityTool_checkSlapOSPASConsistency</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>data</string> </key>
+            <value>
+              <dictionary/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
+    <pickle>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>data</string> </key>
+            <value>
+              <dictionary/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/master/bt5/slapos_erp5/PropertySheetTemplateItem/portal_property_sheets/CertificateAuthorityToolConsistencyConstraint/certificate_authority_consistency_constraint_constraint.xml
+++ b/master/bt5/slapos_erp5/PropertySheetTemplateItem/portal_property_sheets/CertificateAuthorityToolConsistencyConstraint/certificate_authority_consistency_constraint_constraint.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Script Constraint" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_identity_criterion</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>_range_criterion</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>categories</string> </key>
+            <value>
+              <tuple>
+                <string>constraint_type/post_upgrade</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>certificate_authority_consistency_constraint_constraint</string> </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Script Constraint</string> </value>
+        </item>
+        <item>
+            <key> <string>script_id</string> </key>
+            <value> <string>CertificateAuthorityTool_checkCertificateAuthorityConsistency</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>data</string> </key>
+            <value>
+              <dictionary/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
+    <pickle>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>data</string> </key>
+            <value>
+              <dictionary/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_erp5/CertificateAuthorityTool_checkCertificateAuthorityConsistency.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_erp5/CertificateAuthorityTool_checkCertificateAuthorityConsistency.py
+portal = context.getPortalObject()
+
+error_list = []
+portal_certificate_authority = getattr(portal, 'portal_certificate_authority', None)
+promise_ca_path = portal.getPromiseParameter('portal_certificate_authority', 'certificate_authority_path')
+
+def installCertificateAuthority():
+  portal_certificate_authority = getattr(portal, 'portal_certificate_authority', None)
+  if portal_certificate_authority is None:
+    portal.manage_addProduct['ERP5'].manage_addTool('ERP5 Certificate Authority Tool', None)
+    portal_certificate_authority = getattr(portal, 'portal_certificate_authority')
+  
+  portal_certificate_authority.manage_editCertificateAuthorityTool(
+     certificate_authority_path=promise_ca_path)
+
+
+if promise_ca_path is not None:
+  if portal_certificate_authority is None:
+    error_list.append("Certificate Authority Tool is not present")
+
+  elif portal_certificate_authority.certificate_authority_path != promise_ca_path:
+    error_list.append(
+      "Certificate Authority Tool (OpenSSL)is not configured as Expected: %s" %
+        "Expect %s\nGot %s" % (portal_certificate_authority.certificate_authority_path, promise_ca_path))
+
+if len(error_list) > 0 and fixit:
+  installCertificateAuthority()
+  return []
+return error_list
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_erp5/CertificateAuthorityTool_checkCertificateAuthorityConsistency.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_erp5/CertificateAuthorityTool_checkCertificateAuthorityConsistency.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string>fixit=False, activate_kw={}, **kw</string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>CertificateAuthorityTool_checkCertificateAuthorityConsistency</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_erp5/CertificateAuthorityTool_checkSlapOSPASConsistency.py
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_erp5/CertificateAuthorityTool_checkSlapOSPASConsistency.py
+portal = context.getPortalObject()
+slapos_plugin_dict = {
+  'IExtractionPlugin': [
+    'SlapOS Machine Authentication Plugin',
+    'ERP5 Access Token Extraction Plugin',
+  ],
+  'IAuthenticationPlugin': [
+    'SlapOS Machine Authentication Plugin',
+    'SlapOS Shadow Authentication Plugin',
+  ],
+  'IGroupsPlugin': [
+    'SlapOS Machine Authentication Plugin',
+    'SlapOS Shadow Authentication Plugin',
+  ],
+  'IUserEnumerationPlugin': [
+    'SlapOS Machine Authentication Plugin',
+    'SlapOS Shadow Authentication Plugin',
+  ]
+}
+
+def mergePASDictDifference(portal, d, fixit):
+  plugins = portal.acl_users.plugins
+  plugin_type_info = plugins.listPluginTypeInfo()
+  error_list = []
+  for plugin, active_list in d.iteritems():
+    plugin_info = [q for q in plugin_type_info if q['id'] == plugin][0]
+    found_list = plugins.listPlugins(plugin_info['interface'])
+    meta_type_list = [q[1].meta_type for q in found_list]
+    for expected in active_list:
+      if expected not in meta_type_list:
+        error = 'Plugin %s missing %s.' % (plugin, expected)
+        if fixit:
+          existing = [q for q in portal.acl_users.objectValues() if q.meta_type == expected]
+          if len(existing) == 0:
+            error_list.append('%s not found' % expected)
+          else:
+            plugins.activatePlugin(plugin_info['interface'], existing[0].getId())
+            error += ' Fixed.'
+        error_list.append(error)
+
+  return error_list
+
+pas_difference = mergePASDictDifference(portal, slapos_plugin_dict, fixit)
+if len(pas_difference) != 0:
+
+  message = "PAS not configured as expected"
+  if fixit:
+    message += ' (fixed). '
+  else:
+    message += ". "
+  message += "Difference:\n%s" % ('\n'.join(pas_difference), )
+  return [message]
+
+return []
--- a/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_erp5/CertificateAuthorityTool_checkSlapOSPASConsistency.xml
+++ b/master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_erp5/CertificateAuthorityTool_checkSlapOSPASConsistency.xml
+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string>fixit=False, activate_kw={}, **kw</string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>CertificateAuthorityTool_checkSlapOSPASConsistency</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>
--- a/master/bt5/slapos_erp5/bt/template_portal_type_property_sheet_list
+++ b/master/bt5/slapos_erp5/bt/template_portal_type_property_sheet_list
 Business Configuration Module | SlapOSModuleIdGeneratorConstraint
+Certificate Authority Tool | CertificateAuthorityToolConsistencyConstraint
 Delivery Node Module | SlapOSModuleIdGeneratorConstraint
 Workflow Module | SlapOSModuleIdGeneratorConstraint
\ No newline at end of file
--- a/master/bt5/slapos_erp5/bt/template_property_sheet_id_list
+++ b/master/bt5/slapos_erp5/bt/template_property_sheet_id_list
 PreferenceToolSlapOSConstraintPreference
+CertificateAuthorityToolConsistencyConstraint
 SlapOSModuleIdGeneratorConstraint
\ No newline at end of file