From 3f1d49c30b838998b8b1f987329744a0169e45e5 Mon Sep 17 00:00:00 2001 From: Juliana Motira Date: Tue, 28 Jul 2015 14:08:59 -0300 Subject: [PATCH] Update IPMI user management to enable partial update. Improvements in InputCredential fields validation. Check for all fields in InputCredential when operation = 'create'. --- confluent_server/confluent/messages.py | 21 ++++++++++----- .../plugins/hardwaremanagement/ipmi.py | 26 +++++++++++++------ 2 files changed, 33 insertions(+), 14 deletions(-) diff --git a/confluent_server/confluent/messages.py b/confluent_server/confluent/messages.py index 981a7591..48520bdc 100644 --- a/confluent_server/confluent/messages.py +++ b/confluent_server/confluent/messages.py @@ -429,18 +429,27 @@ class InputCredential(ConfluentMessage): if len(path) == 4: inputdata['uid'] = path[-1] + # if the operation is 'create' check if all fields are present + elif ('uid' not in inputdata or 'privilege_level' not in inputdata or + 'username' not in inputdata or 'password' not in inputdata): + raise exc.InvalidArgumentException('all fields are required') - if ('uid' not in inputdata or 'privilege_level' not in inputdata - or 'username' not in inputdata or 'password' not in inputdata): - raise exc.InvalidArgumentException('missing arguments') - - if not inputdata['uid'].isdigit(): + if 'uid' not in inputdata: + raise exc.InvalidArgumentException('uid is missing') + if (isinstance(inputdata['uid'], str) and + not inputdata['uid'].isdigit()): raise exc.InvalidArgumentException('uid must be a number') else: inputdata['uid'] = int(inputdata['uid']) - if inputdata['privilege_level'] not in self.valid_privilege_levels: + if ('privilege_level' in inputdata and + inputdata['privilege_level'] not in self.valid_privilege_levels): raise exc.InvalidArgumentException('privilege_level is not one of ' + ','.join(self.valid_privilege_levels)) + if 'username' in inputdata and len(inputdata['username']) > 16: + raise exc.InvalidArgumentException( + 'name must be less than or = 16 chars') + if 'password' in inputdata and len(inputdata['password']) > 20: + raise exc.InvalidArgumentException('password has limit of 20 chars') if nodes is None: raise exc.InvalidArgumentException( diff --git a/confluent_server/confluent/plugins/hardwaremanagement/ipmi.py b/confluent_server/confluent/plugins/hardwaremanagement/ipmi.py index 943d9cd5..4514d242 100644 --- a/confluent_server/confluent/plugins/hardwaremanagement/ipmi.py +++ b/confluent_server/confluent/plugins/hardwaremanagement/ipmi.py @@ -427,21 +427,23 @@ class IpmiHandler(object): raise Exception('Not implemented') def handle_users(self): + # Create user if len(self.element) == 3: if self.op == 'update': user = self.inputdata.credentials[self.node] self.ipmicmd.create_user(uid=user['uid'], name=user['username'], - password=user['password'], channel=1, + password=user['password'], callback=True,link_auth=True, ipmi_msg=True, privilege_level=user['privilege_level']) # A list of users - for user in self.ipmicmd.get_users(channel=1): + for user in self.ipmicmd.get_users(): self.output.put(msg.ChildCollection(user, candelete=True)) return + # Update user elif len(self.element) == 4: user = int(self.element[-1]) if self.op == 'read': - data = self.ipmicmd.get_user(uid=user, channel=1) + data = self.ipmicmd.get_user(uid=user) self.output.put(msg.User( uid=data['uid'], username=data['name'], @@ -450,13 +452,21 @@ class IpmiHandler(object): return elif self.op == 'update': user = self.inputdata.credentials[self.node] - self.ipmicmd.create_user(uid=user['uid'], name=user['username'], - password=user['password'], channel=1, - callback=True,link_auth=True, ipmi_msg=True, - privilege_level=user['privilege_level']) + + if 'username' in user: + self.ipmicmd.set_user_name(uid=user['uid'], + name=user['username']) + if 'privilege_level' in user: + self.ipmicmd.set_user_access(uid=user['uid'], + privilege_level=user['privilege_level']) + if 'password' in user: + self.ipmicmd.set_user_password(uid=user['uid'], + password=user['password']) + self.ipmicmd.set_user_password(uid=user['uid'], + mode='enable', password=user['password']) return elif self.op == 'delete': - self.ipmicmd.user_delete(uid=user, channel=1) + self.ipmicmd.user_delete(uid=user) return def do_eventlog(self):