diff options
Diffstat (limited to 'base/deploy/src/scriptlets/pkihelper.py')
| -rw-r--r-- | base/deploy/src/scriptlets/pkihelper.py | 84 |
1 files changed, 72 insertions, 12 deletions
diff --git a/base/deploy/src/scriptlets/pkihelper.py b/base/deploy/src/scriptlets/pkihelper.py index 09e624094..64992ea73 100644 --- a/base/deploy/src/scriptlets/pkihelper.py +++ b/base/deploy/src/scriptlets/pkihelper.py @@ -40,10 +40,8 @@ import seobject # PKI Deployment Imports -import pkiconfig as config from pkiconfig import PKIConfig from pkiconfig import pki_master_dict as master -from pkiconfig import pki_sensitive_dict as sensitive from pkiconfig import pki_slots_dict as slots from pkiconfig import pki_selinux_config_ports as ports import pkimanifest as manifest @@ -130,6 +128,9 @@ def pki_copytree(src, dst, symlinks=False, ignore=None): # PKI Deployment Identity Class class identity: + def __init__(self, config): + self.master = config.pki_master_dict + def __add_gid(self, pki_group): pki_gid = None try: @@ -262,7 +263,7 @@ class identity: def get_uid(self, critical_failure=True): try: - pki_uid = master['pki_uid'] + pki_uid = self.master['pki_uid'] except KeyError as exc: pkilogging.pki_log.error(log.PKI_KEYERROR_1, exc, extra=PKIConfig.PKI_INDENTATION_LEVEL_2) @@ -272,7 +273,7 @@ class identity: def get_gid(self, critical_failure=True): try: - pki_gid = master['pki_gid'] + pki_gid = self.master['pki_gid'] except KeyError as exc: pkilogging.pki_log.error(log.PKI_KEYERROR_1, exc, extra=PKIConfig.PKI_INDENTATION_LEVEL_2) @@ -286,7 +287,7 @@ class identity: extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # id -u <name> pki_uid = getpwnam(name)[2] - master['pki_uid']=pki_uid + self.master['pki_uid']=pki_uid pkilogging.pki_log.debug(log.PKIHELPER_UID_2, name, pki_uid, extra=PKIConfig.PKI_INDENTATION_LEVEL_3) except KeyError as exc: @@ -302,7 +303,7 @@ class identity: extra=PKIConfig.PKI_INDENTATION_LEVEL_2) # id -g <name> pki_gid = getgrnam(name)[2] - master['pki_gid']=pki_gid + self.master['pki_gid']=pki_gid pkilogging.pki_log.debug(log.PKIHELPER_GID_2, name, pki_gid, extra=PKIConfig.PKI_INDENTATION_LEVEL_3) except KeyError as exc: @@ -315,9 +316,13 @@ class identity: # PKI Deployment Namespace Class class namespace: + def __init__(self, config): + self.master = config.pki_master_dict + # Silently verify that the selected 'pki_instance_name' will # NOT produce any namespace collisions def collision_detection(self): + master = self.master # Run simple checks for pre-existing namespace collisions if os.path.exists(master['pki_instance_path']): if os.path.exists(master['pki_subsystem_path']): @@ -422,7 +427,9 @@ class namespace: # PKI Deployment Configuration File Class class configuration_file: - def log_configuration_url(self): + def log_configuration_url(self, config): + master = config.pki_master_dict + sensitive = config.pki_sensitive_dict # NOTE: This is the one and only parameter containing a sensitive # parameter that may be stored in a log file. pkilogging.pki_log.info(log.PKI_CONFIGURATION_WIZARD_URL_1, @@ -432,7 +439,9 @@ class configuration_file: master['pki_registry_initscript_command'], extra=PKIConfig.PKI_INDENTATION_LEVEL_2) - def display_configuration_url(self): + def display_configuration_url(self, config): + master = config.pki_master_dict + sensitive = config.pki_sensitive_dict # NOTE: This is the one and only parameter containing a sensitive # parameter that may be displayed to the screen. print log.PKI_CONFIGURATION_URL_1 % sensitive['pki_configuration_url'] @@ -441,7 +450,9 @@ class configuration_file: master['pki_registry_initscript_command'] print - def verify_sensitive_data(self): + def verify_sensitive_data(self, config): + master = config.pki_master_dict + sensitive = config.pki_sensitive_dict # Silently verify the existence of 'sensitive' data if master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: # Verify existence of Directory Server Password (ALWAYS) @@ -526,7 +537,8 @@ class configuration_file: sys.exit(1) return - def verify_mutually_exclusive_data(self): + def verify_mutually_exclusive_data(self, config): + master = config.pki_master_dict # Silently verify the existence of 'mutually exclusive' data if master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS: if master['pki_subsystem'] == "CA": @@ -561,6 +573,7 @@ class configuration_file: sys.exit(1) def verify_predefined_configuration_file_data(self): + master = config.pki_master_dict # Silently verify the existence of any required 'predefined' data # # FUTURE: As much as is possible, alter this routine to verify @@ -742,6 +755,7 @@ class configuration_file: return def populate_non_default_ports(self): + master = config.pki_master_dict if master['pki_http_port'] != \ str(PKIConfig.PKI_DEPLOYMENT_DEFAULT_TOMCAT_HTTP_PORT): ports.append(master['pki_http_port']) @@ -791,6 +805,7 @@ class configuration_file: return def verify_command_matches_configuration_file(self): + master = config.pki_master_dict # Silently verify that the command-line parameters match the values # that are present in the corresponding configuration file if master['pki_deployment_executable'] == 'pkidestroy': @@ -808,9 +823,12 @@ class configuration_file: # PKI Deployment XML File Class #class xml_file: +# def __init__(self, config): +# self.config = config # def remove_filter_section_from_web_xml(self, # web_xml_source, # web_xml_target): +# master = self.config.pki_master_dict # pkilogging.pki_log.info(log.PKIHELPER_REMOVE_FILTER_SECTION_1, # master['pki_target_subsystem_web_xml'], # extra=PKIConfig.PKI_INDENTATION_LEVEL_2) @@ -841,7 +859,10 @@ class configuration_file: # PKI Deployment Instance Class class instance: + def __init__(self, config): + self.config = config def apache_instance_subsystems(self): + master = self.config.pki_master_dict rv = 0 try: # count number of PKI subsystems present @@ -860,6 +881,7 @@ class instance: return rv def apache_instances(self): + master = self.config.pki_master_dict rv = 0 try: # Since ALL directories under the top-level PKI 'apache' registry @@ -887,6 +909,7 @@ class instance: return rv def pki_instance_subsystems(self): + master = self.config.pki_master_dict rv = 0 try: # Since ALL directories within the top-level PKI infrastructure @@ -915,6 +938,7 @@ class instance: return rv def tomcat_instance_subsystems(self): + master = self.config.pki_master_dict rv = 0 try: # count number of PKI subsystems present @@ -933,6 +957,7 @@ class instance: return rv def tomcat_instances(self): + master = self.config.pki_master_dict rv = 0 try: # Since ALL directories under the top-level PKI 'tomcat' registry @@ -960,6 +985,7 @@ class instance: return rv def verify_subsystem_exists(self): + master = self.config.pki_master_dict try: if not os.path.exists(master['pki_subsystem_path']): pkilogging.pki_log.error(log.PKI_SUBSYSTEM_DOES_NOT_EXIST_2, @@ -973,6 +999,7 @@ class instance: sys.exit(1) def verify_subsystem_does_not_exist(self): + master = self.config.pki_master_dict try: if os.path.exists(master['pki_subsystem_path']): pkilogging.pki_log.error(log.PKI_SUBSYSTEM_ALREADY_EXISTS_2, @@ -988,9 +1015,12 @@ class instance: # PKI Deployment Directory Class class directory: + def __init__(self, config): + self.config = config def create(self, name, uid=None, gid=None, perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, acls=None, critical_failure=True): + master = self.config.pki_master_dict try: if not os.path.exists(name): # mkdir -p <name> @@ -1040,6 +1070,7 @@ class directory: def modify(self, name, uid=None, gid=None, perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_DIR_PERMISSIONS, acls=None, silent=False, critical_failure=True): + master = self.config.pki_master_dict try: if os.path.exists(name): if not os.path.isdir(name): @@ -1150,6 +1181,7 @@ class directory: PKIConfig.PKI_DEPLOYMENT_DEFAULT_SYMLINK_PERMISSIONS, dir_acls=None, file_acls=None, symlink_acls=None, recursive_flag=True, critical_failure=True): + master = self.config.pki_master_dict try: if not os.path.exists(name) or not os.path.isdir(name): pkilogging.pki_log.error( @@ -1341,9 +1373,12 @@ class directory: # PKI Deployment File Class (also used for executables) class file: + def __init__(self, config): + self.config = config def create(self, name, uid=None, gid=None, perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls=None, critical_failure=True): + master = self.config.pki_master_dict try: if not os.path.exists(name): # touch <name> @@ -1393,6 +1428,7 @@ class file: def modify(self, name, uid=None, gid=None, perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls=None, silent=False, critical_failure=True): + master = self.config.pki_master_dict try: if os.path.exists(name): if not os.path.isfile(name): @@ -1478,6 +1514,7 @@ class file: def copy(self, old_name, new_name, uid=None, gid=None, perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls=None, overwrite_flag=False, critical_failure=True): + master = self.config.pki_master_dict try: if not os.path.exists(old_name) or not os.path.isfile(old_name): pkilogging.pki_log.error( @@ -1537,6 +1574,7 @@ class file: self, name, uid=None, gid=None, perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls=None, critical_failure=True): + master = self.config.pki_master_dict try: if not os.path.exists(name) or not os.path.isfile(name): pkilogging.pki_log.error( @@ -1598,6 +1636,7 @@ class file: perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls=None, overwrite_flag=False, critical_failure=True): + master = self.config.pki_master_dict try: if not os.path.exists(old_name) or not os.path.isfile(old_name): pkilogging.pki_log.error( @@ -1666,6 +1705,7 @@ class file: def generate_noise_file(self, name, bytes, uid=None, gid=None, perms=PKIConfig.PKI_DEPLOYMENT_DEFAULT_FILE_PERMISSIONS, acls=None, critical_failure=True): + master = self.config.pki_master_dict try: if not os.path.exists(name): # generating noise file called <name> and @@ -1721,8 +1761,11 @@ class file: # PKI Deployment Symbolic Link Class class symlink: + def __init__(self, config): + self.config = config def create(self, name, link, uid=None, gid=None, acls=None, allow_dangling_symlink=False, critical_failure=True): + master = self.config.pki_master_dict try: if not os.path.exists(link): if not os.path.exists(name): @@ -1777,6 +1820,7 @@ class symlink: def modify(self, link, uid=None, gid=None, acls=None, silent=False, critical_failure=True): + master = self.config.pki_master_dict try: if os.path.exists(link): if not os.path.islink(link): @@ -1909,8 +1953,11 @@ class war: # PKI Deployment Password Class class password: + def __init__(self, config): + self.config = config def create_password_conf(self, path, pin, pin_sans_token=False, overwrite_flag=False, critical_failure=True): + master = self.config.pki_master_dict try: if os.path.exists(path): if overwrite_flag: @@ -1951,8 +1998,9 @@ class password: sys.exit(1) return - def create_client_pkcs12_password_conf(self, path, overwrite_flag=False, + def create_client_pkcs12_password_conf(self, config, path, overwrite_flag=False, critical_failure=True): + sensitive = config.pki_sensitive_dict try: if os.path.exists(path): if overwrite_flag: @@ -2257,7 +2305,10 @@ class certutil: # PKI Deployment Security Domain Class class security_domain: + def __init__(self, config): + self.config = config def deregister(self, critical_failure=False): + master = self.config.pki_master_dict try: # process this PKI subsystem instance's 'CS.cfg' cs_cfg = read_simple_configuration_file(master['pki_target_cs_cfg']) @@ -2443,7 +2494,10 @@ class security_domain: # PKI Deployment 'systemd' Execution Management Class class systemd: + def __init__(self, config): + self.config = config def start(self, critical_failure=True): + master = self.config.pki_master_dict try: # Compose this "systemd" execution management command if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS: @@ -2470,6 +2524,7 @@ class systemd: return def stop(self, critical_failure=True): + master = self.config.pki_master_dict try: # Compose this "systemd" execution management command if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS: @@ -2496,6 +2551,7 @@ class systemd: return def restart(self, critical_failure=True): + master = self.config.pki_master_dict try: # Compose this "systemd" execution management command if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS: @@ -2524,7 +2580,11 @@ class systemd: # PKI Deployment 'jython' Class class jython: - def invoke(self, scriptlet, critical_failure=True): + def __init__(self, config): + self.config = config + def invoke(self, config, scriptlet, critical_failure=True): + master = self.config.pki_master_dict + sensitive = config.pki_sensitive_dict try: # From 'http://www.jython.org/archive/22/userfaq.html': # Setting this to false will allow Jython to provide access to |