SSSD info plugin is immutable if not preconfigured

The SSSD info plugin configures SSSD and modules in Apache as root during installation. This cannot be done in the UI so we must not allow users to modify the state if it was not "preconfigured" during install. If it has been configured then users are allowed to enable/disable the plugin. This is controlled by a value stored in the info_config table, preconfigured. The plugin configuration is hidden from the UI by overridding the get_config_object() method. https://fedorahosted.org/ipsilon/ticket/111 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com>
author: Simo Sorce <simo@redhat.com> 2015-05-06 11:47:46 -0400
committer: Rob Crittenden <rcritten@redhat.com> 2015-05-06 15:18:31 -0400
commit: e6a3656ab71faea8669af50ceeaf4d9a91fe0142 (patch)
tree: 125cce6b618940e1d1032e99fe66a54ce7af79f3
parent: 158c4cdefc0bd5b8dabe38685c1bebccc24d656b (diff)
download: ipsilon-e6a3656ab71faea8669af50ceeaf4d9a91fe0142.tar.gz
ipsilon-e6a3656ab71faea8669af50ceeaf4d9a91fe0142.tar.xz
ipsilon-e6a3656ab71faea8669af50ceeaf4d9a91fe0142.zip
3 files changed, 37 insertions, 4 deletions
diff --git a/ipsilon/admin/common.py b/ipsilon/admin/common.py
index 743c71c..a85a15d 100644
--- a/ipsilon/admin/common.py
+++ b/ipsilon/admin/common.py
@@ -282,7 +282,10 @@ class AdminPlugins(AdminPage):
         except AdminError, e:
             return self.root_with_msg(str(e), ADMIN_STATUS_WARN)
         if not obj.is_enabled:
-            obj.enable()
+            try:
+                obj.enable()
+            except Exception as e:  # pylint: disable=broad-except
+                return self.root_with_msg(str(e), ADMIN_STATUS_WARN)
             obj.save_enabled_state()
             msg = "Plugin %s enabled" % obj.name
         return self.root_with_msg(msg, ADMIN_STATUS_OK,
@@ -297,7 +300,10 @@ class AdminPlugins(AdminPage):
         except AdminError, e:
             return self.root_with_msg(str(e), ADMIN_STATUS_WARN)
         if obj.is_enabled:
-            obj.disable()
+            try:
+                obj.disable()
+            except Exception as e:  # pylint: disable=broad-except
+                return self.root_with_msg(str(e), ADMIN_STATUS_WARN)
             obj.save_enabled_state()
             msg = "Plugin %s disabled" % obj.name
         return self.root_with_msg(msg, ADMIN_STATUS_OK,
diff --git a/ipsilon/info/common.py b/ipsilon/info/common.py
index a97d648..6907c72 100644
--- a/ipsilon/info/common.py
+++ b/ipsilon/info/common.py
@@ -65,7 +65,13 @@ class Info(Log):
             if item not in plugins.available:
                 self.debug('Info Plugin %s not found' % item)
                 continue
-            plugins.available[item].enable()
+            try:
+                plugins.available[item].enable()
+            except Exception as e:  # pylint: disable=broad-except
+                while item in plugins.enabled:
+                    plugins.enabled.remove(item)
+                self.debug("Info Plugin %s couldn't be enabled: %s" % (
+                    item, str(e)))
 
     def get_user_attrs(self, user, requested=None):
         plugins = self._site[FACILITY].available
diff --git a/ipsilon/info/infosssd.py b/ipsilon/info/infosssd.py
index 0dd78cc..559469a 100644
--- a/ipsilon/info/infosssd.py
+++ b/ipsilon/info/infosssd.py
@@ -9,6 +9,7 @@ from ipsilon.info.common import InfoProviderBase
 from ipsilon.info.common import InfoProviderInstaller
 from ipsilon.util.plugin import PluginObject
 from ipsilon.util.policy import Policy
+from ipsilon.util import config as pconfig
 from string import Template
 import cherrypy
 import time
@@ -46,7 +47,13 @@ class InfoProvider(InfoProviderBase):
         super(InfoProvider, self).__init__(*pargs)
         self.mapper = Policy(sssd_mapping)
         self.name = 'sssd'
-        self.new_config(self.name)
+        self.new_config(
+            self.name,
+            pconfig.Condition(
+                'preconfigured',
+                'SSSD can only be used when pre-configured',
+                False),
+        )
 
     def _get_user_data(self, user):
         reply = dict()
@@ -80,6 +87,18 @@ class InfoProvider(InfoProviderBase):
 
         return reply
 
+    def save_plugin_config(self, *args, **kwargs):
+        raise ValueError('Configuration cannot be modified live for SSSD')
+
+    def get_config_obj(self):
+        return None
+
+    def enable(self):
+        self.refresh_plugin_config()
+        if not self.get_config_value('preconfigured'):
+            raise Exception("SSSD Can be enabled only if pre-configured")
+        super(InfoProvider, self).enable()
+
 
 CONF_TEMPLATE = """
 LoadModule lookup_identity_module modules/mod_lookup_identity.so
@@ -192,6 +211,8 @@ class Installer(InfoProviderInstaller):
         po.name = 'sssd'
         po.wipe_data()
         po.wipe_config_values()
+        config = {'preconfigured': True}
+        po.save_plugin_config(config)
 
         # Update global config to add info plugin
         po.is_enabled = True
author	Simo Sorce <simo@redhat.com>	2015-05-06 11:47:46 -0400
committer	Rob Crittenden <rcritten@redhat.com>	2015-05-06 15:18:31 -0400
commit	e6a3656ab71faea8669af50ceeaf4d9a91fe0142 (patch)
tree	125cce6b618940e1d1032e99fe66a54ce7af79f3
parent	158c4cdefc0bd5b8dabe38685c1bebccc24d656b (diff)
download	ipsilon-e6a3656ab71faea8669af50ceeaf4d9a91fe0142.tar.gz ipsilon-e6a3656ab71faea8669af50ceeaf4d9a91fe0142.tar.xz ipsilon-e6a3656ab71faea8669af50ceeaf4d9a91fe0142.zip