distribution-karaf-0.6.0-Carbon.zip

#!/usr/bin/env python # # Copyright (c) 2016 Brocade Communications Systems and others. All rights reserved. # # This program and the accompanying materials are made available under the # terms of the Eclipse Public License v1.0 which accompanies this distribution, # and is available at http://www.eclipse.org/legal/epl-v10.html # ''' idmtool Used to manipulate ODL AAA idm on a node-per-node basis. Assumes only one domain (sdn) since current support in ODL is limited. The best way to find out how to use this script is to invoke the normal argparse help: > python idmtool -h This script attempts to determine whether HTTP or HTTPS is used through reading the org.ops4j.pax.web.cfg file, and determining whether HTTPS is enabled for the container. ''' __author__ = "Ryan Goulding" __copyright__ = "Copyright (c) 2016 Brocade Communications Systems and others" __credits__ = "Ryan Goulding" __license__ = "EPL" __version__ = "1.1" __maintainer__ = "Ryan Goulding" __email__ = "[email protected]" __status__ = "Production" import argparse, getpass, json, os, requests, sys, warnings parser = argparse.ArgumentParser('idmtool') # Constants used to peek into the pax web config. This is useful to determine whether HTTPS is enabled. PAX_WEB_CFG_FILENAME = 'org.ops4j.pax.web.cfg' HTTP_SECURE_ENABLED_KEY = 'org.osgi.service.http.secure.enabled' HTTP_PORT_SECURE_KEY = 'org.osgi.service.http.port.secure' DEFAULT_HTTP_PORT_SECURE = '8443' DEFAULT_HTTP_PORT = '8181' HTTP_PORT_KEY = 'org.osgi.service.http.port' DEFAULT_PROTOCOL = 'http' HTTPS_PROTOCOL = 'https' def setup_http(): ''' Sets the default port to try based on org.ops4j.pax.web.cfg. If HTTPS is enabled then the script attempts to determine the port from org.osgi.service.http.port.secure. If no port is specified (perfectly valid), then the script assumes the default (8443). This functionality can still be overriden through specifying the --target-host argument during idmtool invocation. ''' try: pax_web_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), PAX_WEB_CFG_FILENAME) with open(pax_web_path) as f: # build up a dictionary of the properties specified in the pax config content = f.readlines() d = dict() for line in content: if '=' in line and not line.startswith('#'): pair = line.split('=') loperand = pair[0].strip() roperand = pair[1].strip() d[loperand] = roperand # if HTTPS is enabled, return the secure port (if it is specified), or 8443 if it is not specified. http_secure_enabled = d.get(HTTP_SECURE_ENABLED_KEY) if http_secure_enabled is not None and 'true' in http_secure_enabled: return d.get(HTTP_PORT_SECURE_KEY, DEFAULT_HTTP_PORT_SECURE), HTTPS_PROTOCOL else: return DEFAULT_HTTP_PORT, DEFAULT_PROTOCOL except IOError: return DEFAULT_HTTP_PORT, DEFAULT_PROTOCOL user='' hostname='localhost' port,protocol=setup_http() target_host='{}://{}:{}/'.format(protocol, hostname, port) verifyCertificates=True # main program arguments parser.add_argument('user',help='username for ODL node', nargs=1) parser.add_argument('--target-host', help="target host url in form protocol://host:port", nargs=1) parser.add_argument('-k', '--insecure', help="disable HTTPS certificate verification", action='store_false') subparsers = parser.add_subparsers(help='sub-command help') # users table related list_users = subparsers.add_parser('list-users', help='list all users') list_users.set_defaults(func=list_users) add_user = subparsers.add_parser('add-user', help='add a user') add_user.set_defaults(func=add_user) add_user.add_argument('newUser', help='new user name', nargs=1) change_password = subparsers.add_parser('change-password', help='change a password') change_password.set_defaults(func=change_password) change_password.add_argument('userid', help='change the password for a particular userid', nargs=1) delete_user = subparsers.add_parser('delete-user', help='delete a user') delete_user.add_argument('userid', help='name@sdn', nargs=1) delete_user.set_defaults(func=delete_user) # domains table related # only read is defined; this was done on purpose since the "domain" concept # is mostly unsupported in ODL. list_domains = subparsers.add_parser('list-domains', help='list all domains') list_domains.set_defaults(func=list_domains) # roles table related list_roles = subparsers.add_parser('list-roles', help='list all roles') list_roles.set_defaults(func=list_roles) add_role = subparsers.add_parser('add-role', help='add a role') add_role.add_argument('role', help='role name', nargs=1) add_role.set_defaults(func=add_role) delete_role = subparsers.add_parser('delete-role', help='delete a role') delete_role.add_argument('roleid', help='rolename@sdn', nargs=1) delete_role.set_defaults(func=delete_role) add_grant = subparsers.add_parser('add-grant', help='add a grant') add_grant.set_defaults(func=add_grant) add_grant.add_argument('userid', help="username@sdn", nargs=1) add_grant.add_argument('roleid', help="role@sdn", nargs=1) get_grants = subparsers.add_parser('get-grants', help='get grants for userid on sdn') get_grants.set_defaults(func=get_grants) get_grants.add_argument('userid', help="username@sdn", nargs=1) delete_grant = subparsers.add_parser('delete-grant', help='delete a grant') delete_grant.add_argument('userid', help='username@sdn', nargs=1) delete_grant.add_argument('roleid', help='role@sdn', nargs=1) delete_grant.set_defaults(func=delete_grant) def process_result(r): ''' Generic method to print result of a REST call ''' print '' sc = r.status_code if sc >= 200 and sc < 300: print "command succeeded!" try: res = r.json() if res is not None: print '\njson:\n', json.dumps(res, indent=4, sort_keys=True) except(ValueError): pass elif sc == 401: print "Incorrect Credentials Provided" elif sc == 404: print "RESTconf is either not installed or not initialized yet" elif sc >= 500 and sc < 600: print "Internal Server Error Ocurred" else: print "Unknown error; HTTP status code: {}".format(sc) def handle_exception(e): exceptionType = type(e) if exceptionType is requests.exceptions.SSLError: print "requests.exception.SSLError: Is HTTPS configured correctly? To disable certificate verification, use the -k or --insecure flag" else: print "Unable to connect; are you sure the controller is up?" sys.exit(1) def get_request(user, password, url, description, outputResult=True): if outputResult: print description try: r = requests.get(url, auth=(user,password), verify=verifyCertificates) if outputResult: process_result(r) return r except requests.exceptions.ConnectionError as e: if outputResult: handle_exception(e) sys.exit(1) def post_request(user, password, url, description, payload, params): print description try: r = requests.post(url, auth=(user,password), data=payload, headers=params, verify=verifyCertificates) process_result(r) except requests.exceptions.ConnectionError as e: handle_exception(e) def put_request(user, password, url, description, payload, params): print description try: r = requests.put(url, auth=(user,password), data=payload, headers=params, verify=verifyCertificates) process_result(r) except requests.exceptions.ConnectionError as e: handle_exception(e) def delete_request(user, password, url, description, payload='', params={'Content-Type':'application/json'}): print description try: r = requests.delete(url, auth=(user,password), data=payload, headers=params, verify=ve