mirror of
https://github.com/xcat2/confluent.git
synced 2024-11-26 03:19:48 +00:00
updated with custom yaml file for auth
Added 2 new function to check if the custom yaml file exists - /etc/confluent/authorize.yaml - and one to update the _allowbyrole and _deniedbyrole vars accordingly.
This commit is contained in:
parent
77ba0acee6
commit
8940247164
@ -115,6 +115,47 @@ class PromptsNeeded(Exception):
|
||||
def __init__(self, prompts):
|
||||
self.prompts = prompts
|
||||
|
||||
#add function to change _allowedbyrole and _deniedbyrole vars.
|
||||
def add_roles(dictionary):
|
||||
#function to parse the roles and the files. If there are modifications to be done to the roles, items will be added to dictionaries.
|
||||
#If there are no moodifications done to one of the roles, it continues to the next
|
||||
#Opening YAML file and reading the custom roles
|
||||
with open("/etc/confluent/authorization.yaml","r") as stream:
|
||||
loaded_file = yaml.safe_load(stream)
|
||||
for outside_key,outside_value in loaded_file.items():
|
||||
for inside_key,inside_value in outside_value.items():
|
||||
try:
|
||||
#Trying to append the new list of permissions to existing lists (i.e. Operator : {"retrieve" : ['*' , 'new_added_file_permission']})
|
||||
dictionary[outside_key][inside_key] = (list(set(dictionary[outside_key][inside_key]+inside_value)))
|
||||
except KeyError:
|
||||
#If there is no previous action, we create a new one (i.e. Operator : { "new_action" : ['new_added_file_permission'] })
|
||||
try:
|
||||
dictionary[outside_key][inside_key] = inside_value
|
||||
except KeyError:
|
||||
#If there is a new role to be added, we add it along with the rest of the info (i.e. NewRole : {"new_action" : ['new_added_file_permission]})
|
||||
dictionary[outside_key] = outside_value
|
||||
|
||||
|
||||
def check_for_yaml():
|
||||
#impot yaml and op.path to check if the file exists and to safe_load the yaml file.
|
||||
try:
|
||||
import yaml
|
||||
except:
|
||||
return "Yaml not installed"
|
||||
try:
|
||||
from os.path import exists
|
||||
except:
|
||||
return "could not import os.path"
|
||||
#checking if the file exists
|
||||
if exists("/etc/confluent/authorization.yaml"):
|
||||
add_roles(_allowedbyrole)
|
||||
add_roles(_deniedbyrole)
|
||||
return "Custom auth. file detected in /etc/confluent, updated roles accordingly"
|
||||
else:
|
||||
return "No custom auth. file. Continuing as normal"
|
||||
|
||||
|
||||
|
||||
def _get_usertenant(name, tenant=False):
|
||||
"""_get_usertenant
|
||||
|
||||
@ -165,6 +206,7 @@ def authorize(name, element, tenant=False, operation='create',
|
||||
# skipuserobj is a leftover from the now abandoned plan to use pam session
|
||||
# to do authorization and authentication. Now confluent always does authorization
|
||||
# even if pam does authentication.
|
||||
check_for_yaml()
|
||||
if operation not in ('create', 'start', 'update', 'retrieve', 'delete', None):
|
||||
return False
|
||||
user, tenant = _get_usertenant(name, tenant)
|
||||
|
Loading…
Reference in New Issue
Block a user