From d8bbfbdf8b503538fff01bff80c5e6e12bfb44b3 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Tue, 12 Nov 2013 23:48:25 +0100 Subject: Add probes.allowed_groups option to restrict group assignments. --- src/lib/Bcfg2/Server/Plugins/Probes.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'src/lib/Bcfg2/Server/Plugins') diff --git a/src/lib/Bcfg2/Server/Plugins/Probes.py b/src/lib/Bcfg2/Server/Plugins/Probes.py index 84e1638d6..59a73c4aa 100644 --- a/src/lib/Bcfg2/Server/Plugins/Probes.py +++ b/src/lib/Bcfg2/Server/Plugins/Probes.py @@ -204,6 +204,7 @@ class Probes(Bcfg2.Server.Plugin.Probing, err = sys.exc_info()[1] raise Bcfg2.Server.Plugin.PluginInitError(err) + self.allowed_cgroups = core.setup['probe_allowed_groups'] self.probedata = dict() self.cgroups = dict() self.load_data() @@ -391,11 +392,18 @@ class Probes(Bcfg2.Server.Plugin.Probing, if line.split(':')[0] == 'group': newgroup = line.split(':')[1].strip() if newgroup not in cgroups: - cgroups.append(newgroup) + if self._group_allowed(newgroup): + cgroups.append(newgroup) + else: + self.logger.info("Disallowed group assignment %s from %s" + % (newgroup, client.hostname)) dlines.remove(line) dobj = ProbeData("\n".join(dlines)) cprobedata[data.get('name')] = dobj + def _group_allowed(self, group): + return any(r.match(group) for r in self.allowed_cgroups) + def get_additional_groups(self, meta): return self.cgroups.get(meta.hostname, list()) get_additional_groups.__doc__ = \ -- cgit v1.2.3-1-g7c22 From bf3adbb11ef36591d80b9b6f4d9768caf516b4e3 Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Thu, 14 Nov 2013 09:35:06 -0500 Subject: testsuite: fixed unit tests for Probes allowed_groups option --- src/lib/Bcfg2/Server/Plugins/Probes.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'src/lib/Bcfg2/Server/Plugins') diff --git a/src/lib/Bcfg2/Server/Plugins/Probes.py b/src/lib/Bcfg2/Server/Plugins/Probes.py index 59a73c4aa..0df88d522 100644 --- a/src/lib/Bcfg2/Server/Plugins/Probes.py +++ b/src/lib/Bcfg2/Server/Plugins/Probes.py @@ -395,8 +395,9 @@ class Probes(Bcfg2.Server.Plugin.Probing, if self._group_allowed(newgroup): cgroups.append(newgroup) else: - self.logger.info("Disallowed group assignment %s from %s" - % (newgroup, client.hostname)) + self.logger.info( + "Disallowed group assignment %s from %s" % + (newgroup, client.hostname)) dlines.remove(line) dobj = ProbeData("\n".join(dlines)) cprobedata[data.get('name')] = dobj -- cgit v1.2.3-1-g7c22 From 881205322035f9ca7375ab0c67ab339c430dbe01 Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Thu, 14 Nov 2013 09:51:59 -0500 Subject: Probes: added missing docstring --- src/lib/Bcfg2/Server/Plugins/Probes.py | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src/lib/Bcfg2/Server/Plugins') diff --git a/src/lib/Bcfg2/Server/Plugins/Probes.py b/src/lib/Bcfg2/Server/Plugins/Probes.py index 0df88d522..fdc047283 100644 --- a/src/lib/Bcfg2/Server/Plugins/Probes.py +++ b/src/lib/Bcfg2/Server/Plugins/Probes.py @@ -403,6 +403,9 @@ class Probes(Bcfg2.Server.Plugin.Probing, cprobedata[data.get('name')] = dobj def _group_allowed(self, group): + """ Determine if the named group can be set as a probe group + by checking the regexes listed in the [probes] groups_allowed + setting """ return any(r.match(group) for r in self.allowed_cgroups) def get_additional_groups(self, meta): -- cgit v1.2.3-1-g7c22 From 0f8d403d1a86cfbfe8222662dc445e16e8f7eff9 Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Thu, 21 Nov 2013 13:03:04 -0500 Subject: Bundler: Fix parsing XML template output with encoding declaration lxml 3.2.1 complains when you try to parse a unicode (in Python 2) or string (in Python 3) containing an XML document with an encoding declaration. Traceback: ValueError: Unicode strings with encoding declaration are not supported. Please use bytes input or XML fragments without declaration. This encodes the document as a string (in Python 2) or bytes (in Python 3) to avoid the lxml error. There may be other places this happens, too, although in most other cases we should use lxml.etree.parse() to parse a file, or we parse strings (in Python 2) instead of unicode objects. --- src/lib/Bcfg2/Server/Plugins/Bundler.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/lib/Bcfg2/Server/Plugins') diff --git a/src/lib/Bcfg2/Server/Plugins/Bundler.py b/src/lib/Bcfg2/Server/Plugins/Bundler.py index fb327f7ef..58f8f4430 100644 --- a/src/lib/Bcfg2/Server/Plugins/Bundler.py +++ b/src/lib/Bcfg2/Server/Plugins/Bundler.py @@ -53,9 +53,9 @@ if HAS_GENSHI: stream = self.template.generate( metadata=metadata, repo=SETUP['repo']).filter(removecomment) - data = lxml.etree.XML(stream.render('xml', - strip_whitespace=False), - parser=Bcfg2.Server.XMLParser) + data = lxml.etree.XML( + stream.render('xml', strip_whitespace=False).encode(), + parser=Bcfg2.Server.XMLParser) bundlename = os.path.splitext(os.path.basename(self.name))[0] bundle = lxml.etree.Element('Bundle', name=bundlename) for item in self.Match(metadata, data): -- cgit v1.2.3-1-g7c22 From a87c59d6f23b4c4fd4e38e380994f2193ca24588 Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Mon, 25 Nov 2013 10:48:43 -0500 Subject: bcfg2-admin: Restored missing "bcfg2-admin client add ... attrib=val" functionality --- src/lib/Bcfg2/Server/Plugins/Metadata.py | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src/lib/Bcfg2/Server/Plugins') diff --git a/src/lib/Bcfg2/Server/Plugins/Metadata.py b/src/lib/Bcfg2/Server/Plugins/Metadata.py index 047dd4f4e..343e14162 100644 --- a/src/lib/Bcfg2/Server/Plugins/Metadata.py +++ b/src/lib/Bcfg2/Server/Plugins/Metadata.py @@ -658,6 +658,11 @@ class Metadata(Bcfg2.Server.Plugin.Metadata, if attribs is None: attribs = dict() if self._use_db: + if attribs: + msg = "Metadata does not support setting client attributes " +\ + "with use_database enabled" + self.logger.error(msg) + raise Bcfg2.Server.Plugin.PluginExecutionError(msg) try: client = MetadataClientModel.objects.get(hostname=client_name) except MetadataClientModel.DoesNotExist: -- cgit v1.2.3-1-g7c22 From 2695e7a9af097596527edb52a722d17ea44601cc Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Sun, 8 Dec 2013 21:21:11 -0500 Subject: Cfg: let EncryptedGenerator load setup object whenever the plugin is imported Previously, if CfgEncryptedGenerator was imported before the Cfg object was instantiated, it would finalize the Bcfg2.Server.Plugins.Cfg.SETUP object with a value of None, and would be unable to access the options dict. --- src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'src/lib/Bcfg2/Server/Plugins') diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py index 3b4703ddb..cf7eae75b 100644 --- a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py +++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgEncryptedGenerator.py @@ -1,8 +1,9 @@ """ CfgEncryptedGenerator lets you encrypt your plaintext :ref:`server-plugins-generators-cfg` files on the server. """ +import Bcfg2.Server.Plugins.Cfg from Bcfg2.Server.Plugin import PluginExecutionError -from Bcfg2.Server.Plugins.Cfg import CfgGenerator, SETUP +from Bcfg2.Server.Plugins.Cfg import CfgGenerator try: from Bcfg2.Encryption import bruteforce_decrypt, EVPError, \ get_algorithm @@ -34,8 +35,10 @@ class CfgEncryptedGenerator(CfgGenerator): return # todo: let the user specify a passphrase by name try: - self.data = bruteforce_decrypt(self.data, setup=SETUP, - algorithm=get_algorithm(SETUP)) + self.data = bruteforce_decrypt( + self.data, + setup=Bcfg2.Server.Plugins.Cfg.SETUP, + algorithm=get_algorithm(Bcfg2.Server.Plugins.Cfg.SETUP)) except EVPError: raise PluginExecutionError("Failed to decrypt %s" % self.name) handle_event.__doc__ = CfgGenerator.handle_event.__doc__ -- cgit v1.2.3-1-g7c22