diff options
author | Simo Sorce <simo@redhat.com> | 2015-05-06 11:47:46 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2015-05-06 15:18:31 -0400 |
commit | e6a3656ab71faea8669af50ceeaf4d9a91fe0142 (patch) | |
tree | 125cce6b618940e1d1032e99fe66a54ce7af79f3 | |
parent | 158c4cdefc0bd5b8dabe38685c1bebccc24d656b (diff) | |
download | ipsilon-e6a3656ab71faea8669af50ceeaf4d9a91fe0142.tar.gz ipsilon-e6a3656ab71faea8669af50ceeaf4d9a91fe0142.tar.xz ipsilon-e6a3656ab71faea8669af50ceeaf4d9a91fe0142.zip |
SSSD info plugin is immutable if not preconfigured
The SSSD info plugin configures SSSD and modules in
Apache as root during installation. This cannot be
done in the UI so we must not allow users to modify
the state if it was not "preconfigured" during
install.
If it has been configured then users are allowed
to enable/disable the plugin.
This is controlled by a value stored in the
info_config table, preconfigured.
The plugin configuration is hidden from the UI by
overridding the get_config_object() method.
https://fedorahosted.org/ipsilon/ticket/111
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
-rw-r--r-- | ipsilon/admin/common.py | 10 | ||||
-rw-r--r-- | ipsilon/info/common.py | 8 | ||||
-rw-r--r-- | ipsilon/info/infosssd.py | 23 |
3 files changed, 37 insertions, 4 deletions
diff --git a/ipsilon/admin/common.py b/ipsilon/admin/common.py index 743c71c..a85a15d 100644 --- a/ipsilon/admin/common.py +++ b/ipsilon/admin/common.py @@ -282,7 +282,10 @@ class AdminPlugins(AdminPage): except AdminError, e: return self.root_with_msg(str(e), ADMIN_STATUS_WARN) if not obj.is_enabled: - obj.enable() + try: + obj.enable() + except Exception as e: # pylint: disable=broad-except + return self.root_with_msg(str(e), ADMIN_STATUS_WARN) obj.save_enabled_state() msg = "Plugin %s enabled" % obj.name return self.root_with_msg(msg, ADMIN_STATUS_OK, @@ -297,7 +300,10 @@ class AdminPlugins(AdminPage): except AdminError, e: return self.root_with_msg(str(e), ADMIN_STATUS_WARN) if obj.is_enabled: - obj.disable() + try: + obj.disable() + except Exception as e: # pylint: disable=broad-except + return self.root_with_msg(str(e), ADMIN_STATUS_WARN) obj.save_enabled_state() msg = "Plugin %s disabled" % obj.name return self.root_with_msg(msg, ADMIN_STATUS_OK, diff --git a/ipsilon/info/common.py b/ipsilon/info/common.py index a97d648..6907c72 100644 --- a/ipsilon/info/common.py +++ b/ipsilon/info/common.py @@ -65,7 +65,13 @@ class Info(Log): if item not in plugins.available: self.debug('Info Plugin %s not found' % item) continue - plugins.available[item].enable() + try: + plugins.available[item].enable() + except Exception as e: # pylint: disable=broad-except + while item in plugins.enabled: + plugins.enabled.remove(item) + self.debug("Info Plugin %s couldn't be enabled: %s" % ( + item, str(e))) def get_user_attrs(self, user, requested=None): plugins = self._site[FACILITY].available diff --git a/ipsilon/info/infosssd.py b/ipsilon/info/infosssd.py index 0dd78cc..559469a 100644 --- a/ipsilon/info/infosssd.py +++ b/ipsilon/info/infosssd.py @@ -9,6 +9,7 @@ from ipsilon.info.common import InfoProviderBase from ipsilon.info.common import InfoProviderInstaller from ipsilon.util.plugin import PluginObject from ipsilon.util.policy import Policy +from ipsilon.util import config as pconfig from string import Template import cherrypy import time @@ -46,7 +47,13 @@ class InfoProvider(InfoProviderBase): super(InfoProvider, self).__init__(*pargs) self.mapper = Policy(sssd_mapping) self.name = 'sssd' - self.new_config(self.name) + self.new_config( + self.name, + pconfig.Condition( + 'preconfigured', + 'SSSD can only be used when pre-configured', + False), + ) def _get_user_data(self, user): reply = dict() @@ -80,6 +87,18 @@ class InfoProvider(InfoProviderBase): return reply + def save_plugin_config(self, *args, **kwargs): + raise ValueError('Configuration cannot be modified live for SSSD') + + def get_config_obj(self): + return None + + def enable(self): + self.refresh_plugin_config() + if not self.get_config_value('preconfigured'): + raise Exception("SSSD Can be enabled only if pre-configured") + super(InfoProvider, self).enable() + CONF_TEMPLATE = """ LoadModule lookup_identity_module modules/mod_lookup_identity.so @@ -192,6 +211,8 @@ class Installer(InfoProviderInstaller): po.name = 'sssd' po.wipe_data() po.wipe_config_values() + config = {'preconfigured': True} + po.save_plugin_config(config) # Update global config to add info plugin po.is_enabled = True |