From cf72cf2d8ce811439c9bea598df193e941bf738d Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Mon, 27 Jan 2020 16:12:03 -0500 Subject: [PATCH] Require role explicitly on user/group creation Rather than default to administrator, require the user to explicitly set the role to administrator. --- confluent_server/confluent/config/configmanager.py | 13 +++++++------ confluent_server/confluent/core.py | 12 ++++++++---- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/confluent_server/confluent/config/configmanager.py b/confluent_server/confluent/config/configmanager.py index a5aa26c5..efd3038f 100644 --- a/confluent_server/confluent/config/configmanager.py +++ b/confluent_server/confluent/config/configmanager.py @@ -1349,7 +1349,7 @@ class ConfigManager(object): _mark_dirtykey('usergroups', groupname, self.tenant) self._bg_sync_to_file() - def create_usergroup(self, groupname, role="Administrator"): + def create_usergroup(self, groupname, role): """Create a new user :param groupname: The name of the user group @@ -1365,7 +1365,7 @@ class ConfigManager(object): role) self._true_create_usergroup(groupname, role) - def _true_create_usergroup(self, groupname, role="Administrator"): + def _true_create_usergroup(self, groupname, role): if 'usergroups' not in self._cfgstore: self._cfgstore['usergroups'] = {} groupname = confluent.util.stringify(groupname) @@ -1440,7 +1440,7 @@ class ConfigManager(object): self._bg_sync_to_file() def create_user(self, name, - role="Administrator", uid=None, displayname=None, + role, uid=None, displayname=None, attributemap=None): """Create a new user @@ -1459,7 +1459,7 @@ class ConfigManager(object): role, uid, displayname, attributemap) self._true_create_user(name, role, uid, displayname, attributemap) - def _true_create_user(self, name, role="Administrator", uid=None, + def _true_create_user(self, name, role, uid=None, displayname=None, attributemap=None): if 'idmap' not in _cfgstore['main']: _cfgstore['main']['idmap'] = {} @@ -1478,9 +1478,10 @@ class ConfigManager(object): self._cfgstore['users'][name]['displayname'] = displayname _cfgstore['main']['idmap'][uid] = { 'tenant': self.tenant, - 'username': name + 'username': name, + 'role': role, } - if attributemap is not None: + if attributemap: self._true_set_user(name, attributemap) _mark_dirtykey('users', name, self.tenant) _mark_dirtykey('idmap', uid) diff --git a/confluent_server/confluent/core.py b/confluent_server/confluent/core.py index 5d5bcd6b..7f60086a 100644 --- a/confluent_server/confluent/core.py +++ b/confluent_server/confluent/core.py @@ -412,18 +412,22 @@ def create_user(inputdata, configmanager): try: username = inputdata['name'] del inputdata['name'] + role = inputdata['role'] + del inputdata['role'] except (KeyError, ValueError): - raise exc.InvalidArgumentException() - configmanager.create_user(username, attributemap=inputdata) + raise exc.InvalidArgumentException('Missing user name or role') + configmanager.create_user(username, role, attributemap=inputdata) def create_usergroup(inputdata, configmanager): try: groupname = inputdata['name'] + role = inputdata['role'] del inputdata['name'] + del inputdata['role'] except (KeyError, ValueError): - raise exc.InvalidArgumentException() - configmanager.create_usergroup(groupname) + raise exc.InvalidArgumentException("Missing user name or role") + configmanager.create_usergroup(groupname, role) def update_usergroup(groupname, attribmap, configmanager):