Author: justi9 Date: 2010-08-02 17:41:33 -0400 (Mon, 02 Aug 2010) New Revision: 4185 Removed: mgmt/newdata/mint/python/mint/Makefile mgmt/newdata/mint/python/mint/cache.py mgmt/newdata/mint/python/mint/demo.py mgmt/newdata/mint/python/mint/tools.py Modified: mgmt/newdata/cumin/bin/cumin-admin mgmt/newdata/cumin/bin/cumin-admin-test mgmt/newdata/cumin/model/cumin.xml mgmt/newdata/cumin/python/cumin/admin.py mgmt/newdata/mint/python/mint/database.py mgmt/newdata/mint/python/mint/main.py Log: * Restore missing admin functions * Drop privileges in cumin-admin * Delete some code we no longer use * Bring back schema version storage * Prefix subcommand handlers with handler_ Modified: mgmt/newdata/cumin/bin/cumin-admin =================================================================== --- mgmt/newdata/cumin/bin/cumin-admin 2010-08-02 19:47:09 UTC (rev 4184) +++ mgmt/newdata/cumin/bin/cumin-admin 2010-08-02 21:41:33 UTC (rev 4185) @@ -13,6 +13,15 @@ from cumin.util import * def main(): + uid = os.getuid() + file_uid = os.stat(sys.argv[0]).st_uid + + if uid not in (file_uid, 0): + error("You have insufficient privileges") + + if uid == 0: + os.setuid(file_uid) + config = CuminConfig() values = config.parse() @@ -28,10 +37,10 @@ name = name.replace("-", "_") - commands = globals() + handlers = globals() try: - command = commands[name] + handler = handlers["handle_%s" % name] except KeyError: print "Command '%s' is unknown" % name sys.exit(1) @@ -47,33 +56,38 @@ cursor = conn.cursor() try: - command(app, cursor, opts, args[1:]) + handler(app, cursor, opts, args[1:]) conn.commit() finally: cursor.close() def error(msg): - print msg + print "Error: %s" % msg sys.exit(1) -def print_schema(app, cursor, opts, args): +def handle_print_schema(app, cursor, opts, args): print app.admin.get_schema(), -def create_schema(app, cursor, opts, args): +def handle_create_schema(app, cursor, opts, args): app.admin.create_schema(cursor) app.admin.add_role(cursor, "user") app.admin.add_role(cursor, "admin") print "The schema is created" + +def handle_check_schema(app, cursor, opts, args): + schema_version = app.admin.check_schema(cursor) + + print "The schema is OK (schema version %s)" % schema_version -def drop_schema(app, cursor, opts, args): +def handle_drop_schema(app, cursor, opts, args): app.admin.drop_schema(cursor) print "The schema is dropped" -def list_users(app, cursor, opts, args): +def handle_list_users(app, cursor, opts, args): user_cls = app.model.com_redhat_cumin.User role_cls = app.model.com_redhat_cumin.Role mapping_cls = app.model.com_redhat_cumin.UserRoleMapping @@ -113,7 +127,7 @@ print print "(%i user%s found)" % (count, ess(count)) -def add_user(app, cursor, opts, args): +def handle_add_user(app, cursor, opts, args): try: name = args[0] except IndexError: @@ -137,7 +151,7 @@ print "User '%s' is added" % name -def remove_user(app, cursor, opts, args): +def handle_remove_user(app, cursor, opts, args): try: name = args[0] except IndexError: @@ -148,5 +162,85 @@ print "User '%s' is removed" % name +def handle_list_roles(app, cursor, opts, args): + cls = app.model.com_redhat_cumin.Role + roles = cls.get_selection(cursor) + + print " ID Name" + print "---- --------------------" + + for role in roles: + print "%4i %-20s" % (role._id, role.name) + + count = len(roles) + + print + print "(%i user%s found)" % (count, ess(count)) + +def handle_add_assignment(app, cursor, opts, args): + user, role = get_user_and_role(app, cursor, args) + + app.admin.add_assignment(cursor, user, role) + + print "User '%s' is assigned to role '%s'" % (user.name, role.name) + +def handle_remove_assignment(app, cursor, opts, args): + user, role = get_user_and_role(app, cursor, args) + + assignment = app.admin.get_assignment(cursor, user, role) + + if not assignment: + error("No such assignment found") + + assignment.delete(cursor) + + print "User '%s' is no longer assigned to role '%s'" % \ + (user.name, role.name) + +def get_user_and_role(app, cursor, args): + try: + user_name = args[0] + except IndexError: + error("USER is required") + + try: + role_name = args[1] + except IndexError: + error("ROLE is required") + + user = app.admin.get_user(cursor, user_name) + role = app.admin.get_role(cursor, role_name) + + return user, role + +def handle_change_password(app, cursor, opts, args): + try: + user_name = args[0] + except IndexError: + error("USER is required") + + user = app.admin.get_user(cursor, user_name) + + if not user: + error("User '%s' is not found" % user_name) + + user.password = crypt_password(prompt_password()) + user.save(cursor) + + print "Password of user '%s' is changed" % user.name + +def handle_load_demo_data(app, cursor, opts, args): + cls = app.model.com_redhat_cumin.BrokerGroup + + for name in ("Engineering", "Marketing", "Sales"): + group = cls.create_object(cursor) + group.name = name + + group.fake_qmf_values() + + group.save(cursor) + + print "Demo data is loaded" + if __name__ == "__main__": main() Modified: mgmt/newdata/cumin/bin/cumin-admin-test =================================================================== --- mgmt/newdata/cumin/bin/cumin-admin-test 2010-08-02 19:47:09 UTC (rev 4184) +++ mgmt/newdata/cumin/bin/cumin-admin-test 2010-08-02 21:41:33 UTC (rev 4185) @@ -22,12 +22,11 @@ done <<EOF cumin-admin --help cumin-admin add-user "$id" changeme +cumin-admin add-assignment "$id" admin +cumin-admin list-users +cumin-admin list-roles +cumin-admin remove-assignment "$id" admin cumin-admin remove-user "$id" EOF -#cumin-admin remove-user "$id" --force -#cumin-admin assign "$id" admin -#cumin-admin unassign "$id" admin -#cumin-admin list-users - exit "$code" Modified: mgmt/newdata/cumin/model/cumin.xml =================================================================== --- mgmt/newdata/cumin/model/cumin.xml 2010-08-02 19:47:09 UTC (rev 4184) +++ mgmt/newdata/cumin/model/cumin.xml 2010-08-02 21:41:33 UTC (rev 4185) @@ -10,6 +10,10 @@ <property name="group" type="objId" references="BrokerGroup"/> </class> + <class name="Info"> + <property name="schema_version" type="sstr"/> + </class> + <class name="User"> <property name="name" type="sstr" index="y"/> <property name="password" type="sstr"/> Modified: mgmt/newdata/cumin/python/cumin/admin.py =================================================================== --- mgmt/newdata/cumin/python/cumin/admin.py 2010-08-02 19:47:09 UTC (rev 4184) +++ mgmt/newdata/cumin/python/cumin/admin.py 2010-08-02 21:41:33 UTC (rev 4185) @@ -4,6 +4,8 @@ log = logging.getLogger("cumin.admin") +schema_version = "1.0" + class CuminAdmin(object): def __init__(self, app): self.app = app @@ -16,6 +18,27 @@ def create_schema(self, cursor): cursor.execute(self.get_schema()) + cls = self.app.model.com_redhat_cumin.Info + + obj = cls.create_object(cursor) + obj.schema_version = schema_version + obj.fake_qmf_values() + obj.save(cursor) + + def check_schema(self, cursor): + cls = self.app.model.com_redhat_cumin.Info + info = cls.get_object(cursor) + + if not info: + raise Exception("The schema isn't there") + + if info.schema_version != schema_version: + args = (schema_version, info.schema_version) + msg = "Expected schema version %s; found version %s" % args + raise Exception(msg) + + return info.schema_version + def drop_schema(self, cursor): writer = StringIO() self.app.model.sql_model.write_drop_ddl(writer) Deleted: mgmt/newdata/mint/python/mint/Makefile =================================================================== --- mgmt/newdata/mint/python/mint/Makefile 2010-08-02 19:47:09 UTC (rev 4184) +++ mgmt/newdata/mint/python/mint/Makefile 2010-08-02 21:41:33 UTC (rev 4185) @@ -1,9 +0,0 @@ -.PHONY: schema clean - -schema: schema.py - -schema.py: schemaparser.py ../../xml/*.xml - python schemaparser.py schema.py ../../sql/triggers.sql ../../xml/*.xml - -clean: - rm -f schema.py ../../sql/triggers.sql Deleted: mgmt/newdata/mint/python/mint/cache.py =================================================================== --- mgmt/newdata/mint/python/mint/cache.py 2010-08-02 19:47:09 UTC (rev 4184) +++ mgmt/newdata/mint/python/mint/cache.py 2010-08-02 21:41:33 UTC (rev 4185) @@ -1,27 +0,0 @@ -class MintCache(object): - def __init__(self): - self.__cache = dict() - self.__pending = dict() - self.__dirty = False - - def get(self, key): - try: - return self.__cache[key] - except KeyError: - return self.__pending.get(key) - - def set(self, key, value): - self.__pending[key] = value - self.__dirty = True - - def commit(self): - self.__cache.update(self.__pending) - self.__pending.clear() - self.__dirty = False - - def rollback(self): - self.__pending.clear() - self.__dirty = False - - def isDirty(self): - return self.__dirty Modified: mgmt/newdata/mint/python/mint/database.py =================================================================== --- mgmt/newdata/mint/python/mint/database.py 2010-08-02 19:47:09 UTC (rev 4184) +++ mgmt/newdata/mint/python/mint/database.py 2010-08-02 21:41:33 UTC (rev 4185) @@ -31,72 +31,5 @@ finally: conn.close() - def check_schema(self): - pass - - def drop_schema(self): - conn = self.get_connection() - - try: - cursor = conn.cursor() - - try: - cursor.execute("drop schema public cascade") - except psycopg2.ProgrammingError: - log.warn("The schema is already dropped") - - conn.commit() - finally: - conn.close() - - def __splitSQLStatements(self, text): - result = list() - unmatchedQuote = False - tmpStmt = "" - - for stmt in text.split(";"): - stmt = stmt.rstrip() - quotePos = stmt.find("'") - while quotePos > 0: - quotePos += 1 - if quotePos < len(stmt): - if stmt[quotePos] != "'": - unmatchedQuote = not unmatchedQuote - else: - # ignore 2 single quotes - quotePos += 1 - quotePos = stmt.find("'", quotePos) - - if len(stmt.lstrip()) > 0: - tmpStmt += stmt + ";" - if not unmatchedQuote: - # single quote has been matched/closed, generate statement - result.append(tmpStmt.lstrip()) - tmpStmt = "" - - if unmatchedQuote: - result.append(tmpStmt.lstrip()) - return result - - def check_schema(self): - conn = self.get_connection() - - try: - cursor = conn.cursor() - - try: - cursor.execute("select version from mint_info"); - except Exception, e: - print "No schema present" - return - - for rec in cursor: - print "OK (version %s)" % rec[0] - return; - - print "No schema present" - finally: - conn.close() - def __repr__(self): return self.__class__.__name__ Deleted: mgmt/newdata/mint/python/mint/demo.py =================================================================== --- mgmt/newdata/mint/python/mint/demo.py 2010-08-02 19:47:09 UTC (rev 4184) +++ mgmt/newdata/mint/python/mint/demo.py 2010-08-02 21:41:33 UTC (rev 4185) @@ -1,38 +0,0 @@ -from mint import * - -class DemoData(object): - def __init__(self, app): - self.app = app - - def load(self): - cls = self.app.model.com_redhat_cumin.BrokerGroup - - conn = self.app.database.get_connection() - cursor = conn.cursor() - - try: - for name in ("Engineering", "Marketing", "Sales"): - group = cls.create_object(cursor) - group.name = name - - group.fake_qmf_values() - - group.save(cursor) - finally: - cursor.close() - conn.commit() - conn.close() - -def main(): - config = MintConfig() - config.init() - - app = Mint(config) - app.check() - app.init() - - data = DemoData(app) - data.load() - -if __name__ == "__main__": - main() Modified: mgmt/newdata/mint/python/mint/main.py =================================================================== --- mgmt/newdata/mint/python/mint/main.py 2010-08-02 19:47:09 UTC (rev 4184) +++ mgmt/newdata/mint/python/mint/main.py 2010-08-02 21:41:33 UTC (rev 4185) @@ -85,9 +85,3 @@ def __repr__(self): return self.__class__.__name__ - -def get_addr_for_vhost(vhost): - broker = vhost.broker - host = broker.system.nodeName - port = broker.port - return (host, port) Deleted: mgmt/newdata/mint/python/mint/tools.py =================================================================== --- mgmt/newdata/mint/python/mint/tools.py 2010-08-02 19:47:09 UTC (rev 4184) +++ mgmt/newdata/mint/python/mint/tools.py 2010-08-02 21:41:33 UTC (rev 4185) @@ -1,327 +0,0 @@ -import sys, os - -from time import sleep, clock -from parsley.config import * -from parsley.command import * -from parsley.loggingex import * - -from mint import * -from mint.main import * -from util import * - -class BaseMintTool(Command): - def __init__(self, name): - super(BaseMintTool, self).__init__(None, name) - - self.config = MintConfig() - - opt = CommandOption(self, "data") - opt.argument = "URI" - opt.description = "Connect to database at URI" - - opt = CommandOption(self, "qmf") - opt.argument = "URI" - opt.description = "Connect to QMF server at URI" - - opt = CommandOption(self, "log-file") - opt.argument = "PATH" - opt.description = "Log to file at PATH" - - opt = CommandOption(self, "log-level") - opt.argument = "LEVEL" - opt.description = "Log messages at or above LEVEL " + \ - "('debug', 'info', 'warn', 'error')" - - opt = CommandOption(self, "debug") - opt.description = "Enable debugging; print logging to console" - - def check(self): - if os.getuid() not in (os.stat(sys.argv[0]).st_uid, 0): - print "Error: You have insufficient privileges" - sys.exit(1) - - def init(self): - super(BaseMintTool, self).init() - - # Drop privileges - - if os.getuid() == 0: - os.setuid(os.stat(sys.argv[0]).st_uid) - - try: - import psyco - psyco.full() - except ImportError: - pass - - self.config.init() - - def run(self): - try: - opts, args = self.parse(sys.argv) - except CommandException, e: - print "Error: %s" % e - e.command.print_help() - sys.exit(1) - - if "help" in opts: - self.print_help() - sys.exit(0) - - self.config.load_dict(opts) - - if self.config.debug: - self.config.prt() - - level = getattr(self.config, "log_level", "debug") - - enable_logging("rosemary", level, sys.stderr) - enable_logging("mint", level, sys.stderr) - - self.do_run(opts, args) - - def do_run(self, opts, args): - raise Exception("Not implemented") - - def main(self): - self.check() - self.init() - self.run() - -class DatabaseSubcommand(Command): - def run(self, opts, args): - conn = self.parent.app.database.get_connection() - cursor = conn.cursor() - - try: - self.do_run(cursor, opts, args) - - conn.commit() - finally: - cursor.close() - conn.close() - - def do_run(self, cursor, opts, args): - raise Exception("Not implemented") - -class MintAdminTool(BaseMintTool): - def __init__(self, name): - super(MintAdminTool, self).__init__(name) - - self.description = "Mint administration commands" - self.database = None # Set in init - - command = self.LoadSchema(self, "load-schema") - command.description = "Load the database schema" - - command = self.DropSchema(self, "drop-schema") - command.description = "Drop the database schema; requires --force" - - opt = CommandOption(command, "force") - opt.description = "Don't complain and just do it" - - command = self.ReloadSchema(self, "reload-schema") - command.description = "Drop and reload the database schema; " + \ - "requires --force" - - opt = CommandOption(command, "force") - opt.description = "Don't complain and just do it" - - command = self.AddUser(self, "add-user") - command.arguments = ("NAME", "[PASSWORD]") - command.description = "Add a new user called NAME" - - command = self.RemoveUser(self, "remove-user") - command.arguments = ("NAME",) - command.description = "Remove user called NAME; requires --force" - - opt = CommandOption(command, "force") - opt.description = "Don't complain and just do it" - - command = self.ListUsers(self, "list-users") - command.description = "List existing users" - - command = self.ListRoles(self, "list-roles") - command.description = "List existing roles" - - command = self.Assign(self, "assign") - command.description = "Add USER to ROLE" - command.arguments = ("USER", "ROLE") - - command = self.Unassign(self, "unassign") - command.description = "Remove USER from ROLE" - command.arguments = ("USER", "ROLE") - - command = self.ChangePassword(self, "change-password") - command.description = "Change password of USER" - command.arguments = ("USER",) - - self.app = None - - def run(self): - try: - opts, remaining = self.parse_options(sys.argv[1:]) - except CommandException, e: - print "Error: %s" % e - e.command.print_help() - sys.exit(1) - - if "help" in opts: - self.print_help() - return - - self.config.load_dict(opts) - - if self.config.debug: - self.config.prt() - enable_logging("mint", "debug", sys.stderr) - - self.app = Mint(self.config) - self.app.update_enabled = False - self.app.expire_enabled = False - - self.app.check() - self.app.init() - - try: - scommand = remaining[0] - except IndexError: - self.print_help() - sys.exit(1) - - try: - command = self.commands_by_name[scommand] - except KeyError: - print "Error: Command '%s' is unrecognized" % scommand - self.print_help() - sys.exit(1) - - try: - opts, args = command.parse(remaining) - except CommandException, e: - print "Error: %s" % e - e.command.print_help() - sys.exit(1) - - if "help" in opts: - command.print_help() - return - - try: - command.run(opts, args) - except CommandException, e: - print "Error: %s" % e - e.command.print_help() - sys.exit(1) - - class LoadSchema(Command): - def run(self, opts, args): - self.parent.app.database.load_schema() - print "The schema is loaded" - - class DropSchema(Command): - def run(self, opts, args): - if "force" in opts: - self.parent.app.database.drop_schema() - print "The schema is dropped" - else: - raise CommandException \ - (self, "Command drop-schema requires --force") - - class ReloadSchema(Command): - def run(self, opts, args): - if "force" in opts: - self.parent.app.database.drop_schema() - self.parent.app.database.load_schema() - print "The schema is reloaded" - else: - raise CommandException \ - (self, "Command reload-schema requires --force") - - class CheckSchema(Command): - def run(self, opts, args): - self.parent.app.database.check_schema() - - class ListRoles(Command): - def run(self, opts, args): - roles = Role.select(orderBy='name') - - print " ID Name" - print "---- --------------------" - - for role in roles: - print "%4i %s" % (role.id, role.name) - - count = roles.count() - print "(%i role%s found)" % (count, ess(count)) - - class Assign(Command): - def run(self, opts, args): - if len(args) != 3: - raise CommandException(self, "USER and ROLE are required") - - subject = Subject.getByName(args[1]) - - if not subject: - raise CommandException \ - (self, "User '%s' is unknown" % subject.name) - - role = Role.getByName(args[2]) - - if not role: - raise CommandException \ - (self, "Role '%s' is unknown" % role.name) - - try: - subject.addRole(role) - subject.syncUpdate() - - print "User '%s' is added to role '%s'" % \ - (subject.name, role.name) - except IntegrityError: - msg = "User '%s' is already assigned to role '%s'" % \ - (subject.name, role.name) - raise CommandException(self, msg) - - class Unassign(Command): - def run(self, opts, args): - if len(args) != 3: - raise CommandException(self, "USER and ROLE are required") - - subject = Subject.getByName(args[1]) - - if not subject: - raise CommandException \ - (self, "User '%s' is unknown" % args[1]) - - role = Role.getByName(args[2]) - - if not role: - raise CommandException \ - (self, "Role '%s' is unknown" % args[2]) - - subject.removeRole(role) - subject.syncUpdate() - - print "User '%s' is removed from role '%s'" % \ - (subject.name, role.name) - - class ChangePassword(Command): - def run(self, opts, args): - try: - ssubject = args[1] - except IndexError: - raise CommandException(self, "USER is required") - - subject = Subject.getByName(ssubject) - - if not subject: - raise CommandException \ - (self, "User '%s' is unknown" % ssubject) - - crypted = crypt_password(prompt_password()) - - subject.password = crypted - subject.syncUpdate() - - print "Password of user '%s' is changed" % subject.name