From cc2b0b7ae5bfc4cf3d24eeaf92646363f693fc2c Mon Sep 17 00:00:00 2001 From: Thiago da Silva Date: Tue, 3 Dec 2013 18:42:23 -0500 Subject: renaming swauth tools to gswauth cli tools for account and user mgmt have been renamed from swauth-* to gswauth-* Updated other configuration and test files accordingly Change-Id: Iced3bb27fbd09da45754ddb264f8fb4528ab423c Signed-off-by: Thiago da Silva Reviewed-on: http://review.gluster.org/6417 Reviewed-by: pushpesh sharma Tested-by: pushpesh sharma Reviewed-by: Shilpa MJ Tested-by: Shilpa MJ Reviewed-by: Luis Pabon Reviewed-on: http://review.gluster.org/6466 Tested-by: Luis Pabon --- .../middleware/gswauth/bin/gswauth-add-account | 77 ++++++++++ .../common/middleware/gswauth/bin/gswauth-add-user | 107 +++++++++++++ .../middleware/gswauth/bin/gswauth-cleanup-tokens | 167 +++++++++++++++++++++ .../middleware/gswauth/bin/gswauth-delete-account | 73 +++++++++ .../middleware/gswauth/bin/gswauth-delete-user | 70 +++++++++ .../common/middleware/gswauth/bin/gswauth-list | 105 +++++++++++++ .../common/middleware/gswauth/bin/gswauth-prep | 64 ++++++++ .../gswauth/bin/gswauth-set-account-service | 80 ++++++++++ .../middleware/gswauth/bin/swauth-add-account | 77 ---------- .../common/middleware/gswauth/bin/swauth-add-user | 107 ------------- .../middleware/gswauth/bin/swauth-cleanup-tokens | 167 --------------------- .../middleware/gswauth/bin/swauth-delete-account | 73 --------- .../middleware/gswauth/bin/swauth-delete-user | 70 --------- .../common/middleware/gswauth/bin/swauth-list | 105 ------------- .../common/middleware/gswauth/bin/swauth-prep | 64 -------- .../gswauth/bin/swauth-set-account-service | 80 ---------- 16 files changed, 743 insertions(+), 743 deletions(-) create mode 100755 gluster/swift/common/middleware/gswauth/bin/gswauth-add-account create mode 100755 gluster/swift/common/middleware/gswauth/bin/gswauth-add-user create mode 100755 gluster/swift/common/middleware/gswauth/bin/gswauth-cleanup-tokens create mode 100755 gluster/swift/common/middleware/gswauth/bin/gswauth-delete-account create mode 100755 gluster/swift/common/middleware/gswauth/bin/gswauth-delete-user create mode 100755 gluster/swift/common/middleware/gswauth/bin/gswauth-list create mode 100755 gluster/swift/common/middleware/gswauth/bin/gswauth-prep create mode 100755 gluster/swift/common/middleware/gswauth/bin/gswauth-set-account-service delete mode 100755 gluster/swift/common/middleware/gswauth/bin/swauth-add-account delete mode 100755 gluster/swift/common/middleware/gswauth/bin/swauth-add-user delete mode 100755 gluster/swift/common/middleware/gswauth/bin/swauth-cleanup-tokens delete mode 100755 gluster/swift/common/middleware/gswauth/bin/swauth-delete-account delete mode 100755 gluster/swift/common/middleware/gswauth/bin/swauth-delete-user delete mode 100755 gluster/swift/common/middleware/gswauth/bin/swauth-list delete mode 100755 gluster/swift/common/middleware/gswauth/bin/swauth-prep delete mode 100755 gluster/swift/common/middleware/gswauth/bin/swauth-set-account-service (limited to 'gluster/swift/common/middleware/gswauth/bin') diff --git a/gluster/swift/common/middleware/gswauth/bin/gswauth-add-account b/gluster/swift/common/middleware/gswauth/bin/gswauth-add-account new file mode 100755 index 0000000..137ffb8 --- /dev/null +++ b/gluster/swift/common/middleware/gswauth/bin/gswauth-add-account @@ -0,0 +1,77 @@ +#!/usr/bin/env python +# Copyright (c) 2010-2011 OpenStack, LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import gettext +from optparse import OptionParser +from os.path import basename +from sys import argv, exit + +from swift.common.bufferedhttp import http_connect_raw as http_connect +from swift.common.utils import urlparse + + +if __name__ == '__main__': + gettext.install('gswauth', unicode=1) + parser = OptionParser(usage='Usage: %prog [options] ') + parser.add_option('-s', '--suffix', dest='suffix', + default='', help='The suffix to use with the reseller prefix as the ' + 'storage account name (default: ) Note: If ' + 'the account already exists, this will have no effect on existing ' + 'service URLs. Those will need to be updated with ' + 'gswauth-set-account-service') + parser.add_option('-A', '--admin-url', dest='admin_url', + default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' + 'subsystem (default: http://127.0.0.1:8080/auth/)') + parser.add_option('-U', '--admin-user', dest='admin_user', + default='.super_admin', help='The user with admin rights to add users ' + '(default: .super_admin).') + parser.add_option('-K', '--admin-key', dest='admin_key', + help='The key for the user with admin rights to add users.') + args = argv[1:] + if not args: + args.append('-h') + (options, args) = parser.parse_args(args) + if len(args) != 1: + parser.parse_args(['-h']) + account = args[0] + parsed = urlparse(options.admin_url) + if parsed.scheme not in ('http', 'https'): + raise Exception('Cannot handle protocol scheme %s for url %s' % + (parsed.scheme, repr(options.admin_url))) + parsed_path = parsed.path + if not parsed_path: + parsed_path = '/' + elif parsed_path[-1] != '/': + parsed_path += '/' + path = '%sv2/%s' % (parsed_path, account) + headers = {'X-Auth-Admin-User': options.admin_user, + 'X-Auth-Admin-Key': options.admin_key, + 'Content-Length': '0'} + if options.suffix: + headers['X-Account-Suffix'] = options.suffix + conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers, + ssl=(parsed.scheme == 'https')) + resp = conn.getresponse() + if resp.status // 100 != 2: + if resp.status == 401: + exit('Account creation failed: %s %s: Invalid user/key provided' % + (resp.status, resp.reason)) + elif resp.status == 403: + exit('Account creation failed: %s %s: Insufficient priveleges' % + (resp.status, resp.reason)) + else: + exit('Account creation failed: %s %s' % + (resp.status, resp.reason)) diff --git a/gluster/swift/common/middleware/gswauth/bin/gswauth-add-user b/gluster/swift/common/middleware/gswauth/bin/gswauth-add-user new file mode 100755 index 0000000..3ede12a --- /dev/null +++ b/gluster/swift/common/middleware/gswauth/bin/gswauth-add-user @@ -0,0 +1,107 @@ +#!/usr/bin/env python +# Copyright (c) 2010-2011 OpenStack, LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import gettext +from optparse import OptionParser +from os.path import basename +from sys import argv, exit + +from swift.common.bufferedhttp import http_connect_raw as http_connect +from swift.common.utils import urlparse + + +if __name__ == '__main__': + gettext.install('gswauth', unicode=1) + parser = OptionParser( + usage='Usage: %prog [options] ') + parser.add_option('-a', '--admin', dest='admin', action='store_true', + default=False, help='Give the user administrator access; otherwise ' + 'the user will only have access to containers specifically allowed ' + 'with ACLs.') + parser.add_option('-r', '--reseller-admin', dest='reseller_admin', + action='store_true', default=False, help='Give the user full reseller ' + 'administrator access, giving them full access to all accounts within ' + 'the reseller, including the ability to create new accounts. Creating ' + 'a new reseller admin requires super_admin rights.') + parser.add_option('-s', '--suffix', dest='suffix', + default='', help='The suffix to use with the reseller prefix as the ' + 'storage account name (default: ) Note: If ' + 'the account already exists, this will have no effect on existing ' + 'service URLs. Those will need to be updated with ' + 'gswauth-set-account-service') + parser.add_option('-A', '--admin-url', dest='admin_url', + default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' + 'subsystem (default: http://127.0.0.1:8080/auth/') + parser.add_option('-U', '--admin-user', dest='admin_user', + default='.super_admin', help='The user with admin rights to add users ' + '(default: .super_admin).') + parser.add_option('-K', '--admin-key', dest='admin_key', + help='The key for the user with admin rights to add users.') + args = argv[1:] + if not args: + args.append('-h') + (options, args) = parser.parse_args(args) + if len(args) != 3: + parser.parse_args(['-h']) + account, user, password = args + parsed = urlparse(options.admin_url) + if parsed.scheme not in ('http', 'https'): + raise Exception('Cannot handle protocol scheme %s for url %s' % + (parsed.scheme, repr(options.admin_url))) + parsed_path = parsed.path + if not parsed_path: + parsed_path = '/' + elif parsed_path[-1] != '/': + parsed_path += '/' + # Ensure the account exists + path = '%sv2/%s' % (parsed_path, account) + headers = {'X-Auth-Admin-User': options.admin_user, + 'X-Auth-Admin-Key': options.admin_key} + if options.suffix: + headers['X-Account-Suffix'] = options.suffix + conn = http_connect(parsed.hostname, parsed.port, 'GET', path, headers, + ssl=(parsed.scheme == 'https')) + resp = conn.getresponse() + if resp.status // 100 != 2: + headers['Content-Length'] = '0' + conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers, + ssl=(parsed.scheme == 'https')) + resp = conn.getresponse() + if resp.status // 100 != 2: + print 'Account creation failed: %s %s' % (resp.status, resp.reason) + # Add the user + path = '%sv2/%s/%s' % (parsed_path, account, user) + headers = {'X-Auth-Admin-User': options.admin_user, + 'X-Auth-Admin-Key': options.admin_key, + 'X-Auth-User-Key': password, + 'Content-Length': '0'} + if options.admin: + headers['X-Auth-User-Admin'] = 'true' + if options.reseller_admin: + headers['X-Auth-User-Reseller-Admin'] = 'true' + conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers, + ssl=(parsed.scheme == 'https')) + resp = conn.getresponse() + if resp.status // 100 != 2: + if resp.status == 401: + exit('User creation failed: %s %s: Invalid user/key provided' % + (resp.status, resp.reason)) + elif resp.status == 403: + exit('User creation failed: %s %s: Insufficient priveleges' % + (resp.status, resp.reason)) + else: + exit('User creation failed: %s %s' % + (resp.status, resp.reason)) diff --git a/gluster/swift/common/middleware/gswauth/bin/gswauth-cleanup-tokens b/gluster/swift/common/middleware/gswauth/bin/gswauth-cleanup-tokens new file mode 100755 index 0000000..621124e --- /dev/null +++ b/gluster/swift/common/middleware/gswauth/bin/gswauth-cleanup-tokens @@ -0,0 +1,167 @@ +#!/usr/bin/env python +# Copyright (c) 2010-2011 OpenStack, LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +try: + import simplejson as json +except ImportError: + import json +import gettext +import re +from datetime import datetime, timedelta +from optparse import OptionParser +from sys import argv, exit +from time import sleep, time + +from swiftclient.client import Connection, ClientException + +if __name__ == '__main__': + gettext.install('gswauth', unicode=1) + parser = OptionParser(usage='Usage: %prog [options]') + parser.add_option('-t', '--token-life', dest='token_life', + default='86400', help='The expected life of tokens; token objects ' + 'modified more than this number of seconds ago will be checked for ' + 'expiration (default: 86400).') + parser.add_option('-s', '--sleep', dest='sleep', + default='0.1', help='The number of seconds to sleep between token ' + 'checks (default: 0.1)') + parser.add_option('-v', '--verbose', dest='verbose', action='store_true', + default=False, help='Outputs everything done instead of just the ' + 'deletions.') + parser.add_option('-A', '--admin-url', dest='admin_url', + default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' + 'subsystem (default: http://127.0.0.1:8080/auth/)') + parser.add_option('-K', '--admin-key', dest='admin_key', + help='The key for .super_admin.') + parser.add_option('', '--purge', dest='purge_account', help='Purges all ' + 'tokens for a given account whether the tokens have expired or not.') + parser.add_option('', '--purge-all', dest='purge_all', action='store_true', + default=False, help='Purges all tokens for all accounts and users ' + 'whether the tokens have expired or not.') + args = argv[1:] + if not args: + args.append('-h') + (options, args) = parser.parse_args(args) + if len(args) != 0: + parser.parse_args(['-h']) + options.admin_url = options.admin_url.rstrip('/') + if not options.admin_url.endswith('/v1.0'): + options.admin_url += '/v1.0' + options.admin_user = '.super_admin:.super_admin' + options.token_life = timedelta(0, float(options.token_life)) + options.sleep = float(options.sleep) + conn = Connection(options.admin_url, options.admin_user, options.admin_key) + if options.purge_account: + marker = None + while True: + if options.verbose: + print 'GET %s?marker=%s' % (options.purge_account, marker) + objs = conn.get_container(options.purge_account, marker=marker)[1] + if objs: + marker = objs[-1]['name'] + else: + if options.verbose: + print 'No more objects in %s' % options.purge_account + break + for obj in objs: + if options.verbose: + print 'HEAD %s/%s' % (options.purge_account, obj['name']) + headers = conn.head_object(options.purge_account, obj['name']) + if 'x-object-meta-auth-token' in headers: + token = headers['x-object-meta-auth-token'] + container = '.token_%s' % token[-1] + if options.verbose: + print '%s/%s purge account %r; deleting' % \ + (container, token, options.purge_account) + print 'DELETE %s/%s' % (container, token) + try: + conn.delete_object(container, token) + except ClientException, err: + if err.http_status != 404: + raise + continue + if options.verbose: + print 'Done.' + exit(0) + for x in xrange(16): + container = '.token_%x' % x + marker = None + while True: + if options.verbose: + print 'GET %s?marker=%s' % (container, marker) + try: + objs = conn.get_container(container, marker=marker)[1] + except ClientException, e: + if e.http_status == 404: + exit('Container %s not found. gswauth-prep needs to be ' + 'rerun' % (container)) + elif e.http_status == 401: + exit('Cleanup tokens failed: 401 Unauthorized: Invalid user/key provided') + else: + exit('Object listing on container %s failed with status ' + 'code %d' % (container, e.http_status)) + if objs: + marker = objs[-1]['name'] + else: + if options.verbose: + print 'No more objects in %s' % container + break + for obj in objs: + if options.purge_all: + if options.verbose: + print '%s/%s purge all; deleting' % \ + (container, obj['name']) + print 'DELETE %s/%s' % (container, obj['name']) + try: + conn.delete_object(container, obj['name']) + except ClientException, err: + if err.http_status != 404: + raise + continue + last_modified = datetime(*map(int, re.split('[^\d]', + obj['last_modified'])[:-1])) + ago = datetime.utcnow() - last_modified + if ago > options.token_life: + if options.verbose: + print '%s/%s last modified %ss ago; investigating' % \ + (container, obj['name'], + ago.days * 86400 + ago.seconds) + print 'GET %s/%s' % (container, obj['name']) + detail = conn.get_object(container, obj['name'])[1] + detail = json.loads(detail) + if detail['expires'] < time(): + if options.verbose: + print '%s/%s expired %ds ago; deleting' % \ + (container, obj['name'], + time() - detail['expires']) + print 'DELETE %s/%s' % (container, obj['name']) + try: + conn.delete_object(container, obj['name']) + except ClientException, e: + if e.http_status != 404: + print 'DELETE of %s/%s failed with status ' \ + 'code %d' % (container, obj['name'], + e.http_status) + elif options.verbose: + print "%s/%s won't expire for %ds; skipping" % \ + (container, obj['name'], + detail['expires'] - time()) + elif options.verbose: + print '%s/%s last modified %ss ago; skipping' % \ + (container, obj['name'], + ago.days * 86400 + ago.seconds) + sleep(options.sleep) + if options.verbose: + print 'Done.' diff --git a/gluster/swift/common/middleware/gswauth/bin/gswauth-delete-account b/gluster/swift/common/middleware/gswauth/bin/gswauth-delete-account new file mode 100755 index 0000000..7bd513c --- /dev/null +++ b/gluster/swift/common/middleware/gswauth/bin/gswauth-delete-account @@ -0,0 +1,73 @@ +#!/usr/bin/env python +# Copyright (c) 2010-2011 OpenStack, LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import gettext +from optparse import OptionParser +from os.path import basename +from sys import argv, exit + +from swift.common.bufferedhttp import http_connect_raw as http_connect +from swift.common.utils import urlparse + + +if __name__ == '__main__': + gettext.install('gswauth', unicode=1) + parser = OptionParser(usage='Usage: %prog [options] ') + parser.add_option('-A', '--admin-url', dest='admin_url', + default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' + 'subsystem (default: http://127.0.0.1:8080/auth/') + parser.add_option('-U', '--admin-user', dest='admin_user', + default='.super_admin', help='The user with admin rights to add users ' + '(default: .super_admin).') + parser.add_option('-K', '--admin-key', dest='admin_key', + help='The key for the user with admin rights to add users.') + args = argv[1:] + if not args: + args.append('-h') + (options, args) = parser.parse_args(args) + if len(args) != 1: + parser.parse_args(['-h']) + account = args[0] + parsed = urlparse(options.admin_url) + if parsed.scheme not in ('http', 'https'): + raise Exception('Cannot handle protocol scheme %s for url %s' % + (parsed.scheme, repr(options.admin_url))) + parsed_path = parsed.path + if not parsed_path: + parsed_path = '/' + elif parsed_path[-1] != '/': + parsed_path += '/' + path = '%sv2/%s' % (parsed_path, account) + headers = {'X-Auth-Admin-User': options.admin_user, + 'X-Auth-Admin-Key': options.admin_key} + conn = http_connect(parsed.hostname, parsed.port, 'DELETE', path, headers, + ssl=(parsed.scheme == 'https')) + resp = conn.getresponse() + if resp.status // 100 != 2: + if resp.status == 401: + exit('Delete account failed: %s %s: Invalid user/key provided' % + (resp.status, resp.reason)) + elif resp.status == 403: + exit('Delete account failed: %s %s: Insufficient priveleges' % + (resp.status, resp.reason)) + elif resp.status == 404: + exit('Delete account failed: %s %s: Account %s does not exist' % + (resp.status, resp.reason, account)) + elif resp.status == 409: + exit('Delete account failed: %s %s: Account %s contains active users. ' + 'Delete all users first.' % (resp.status, resp.reason, account)) + else: + exit('Delete account failed: %s %s' % (resp.status, resp.reason)) diff --git a/gluster/swift/common/middleware/gswauth/bin/gswauth-delete-user b/gluster/swift/common/middleware/gswauth/bin/gswauth-delete-user new file mode 100755 index 0000000..5958d5e --- /dev/null +++ b/gluster/swift/common/middleware/gswauth/bin/gswauth-delete-user @@ -0,0 +1,70 @@ +#!/usr/bin/env python +# Copyright (c) 2010-2011 OpenStack, LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import gettext +from optparse import OptionParser +from os.path import basename +from sys import argv, exit + +from swift.common.bufferedhttp import http_connect_raw as http_connect +from swift.common.utils import urlparse + + +if __name__ == '__main__': + gettext.install('gswauth', unicode=1) + parser = OptionParser(usage='Usage: %prog [options] ') + parser.add_option('-A', '--admin-url', dest='admin_url', + default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' + 'subsystem (default: http://127.0.0.1:8080/auth/') + parser.add_option('-U', '--admin-user', dest='admin_user', + default='.super_admin', help='The user with admin rights to add users ' + '(default: .super_admin).') + parser.add_option('-K', '--admin-key', dest='admin_key', + help='The key for the user with admin rights to add users.') + args = argv[1:] + if not args: + args.append('-h') + (options, args) = parser.parse_args(args) + if len(args) != 2: + parser.parse_args(['-h']) + account, user = args + parsed = urlparse(options.admin_url) + if parsed.scheme not in ('http', 'https'): + raise Exception('Cannot handle protocol scheme %s for url %s' % + (parsed.scheme, repr(options.admin_url))) + parsed_path = parsed.path + if not parsed_path: + parsed_path = '/' + elif parsed_path[-1] != '/': + parsed_path += '/' + path = '%sv2/%s/%s' % (parsed_path, account, user) + headers = {'X-Auth-Admin-User': options.admin_user, + 'X-Auth-Admin-Key': options.admin_key} + conn = http_connect(parsed.hostname, parsed.port, 'DELETE', path, headers, + ssl=(parsed.scheme == 'https')) + resp = conn.getresponse() + if resp.status // 100 != 2: + if resp.status == 401: + exit('Delete user failed: %s %s: Invalid user/key provided' % + (resp.status, resp.reason)) + elif resp.status == 403: + exit('Delete user failed: %s %s: Insufficient priveleges' % + (resp.status, resp.reason)) + elif resp.status == 404: + exit('Delete user failed: %s %s: User %s does not exist' % + (resp.status, resp.reason, user)) + else: + exit('Delete user failed: %s %s' % (resp.status, resp.reason)) diff --git a/gluster/swift/common/middleware/gswauth/bin/gswauth-list b/gluster/swift/common/middleware/gswauth/bin/gswauth-list new file mode 100755 index 0000000..ebf9b6f --- /dev/null +++ b/gluster/swift/common/middleware/gswauth/bin/gswauth-list @@ -0,0 +1,105 @@ +#!/usr/bin/env python +# Copyright (c) 2010-2011 OpenStack, LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +try: + import simplejson as json +except ImportError: + import json +import gettext +from optparse import OptionParser +from os.path import basename +from sys import argv, exit + +from swift.common.bufferedhttp import http_connect_raw as http_connect +from swift.common.utils import urlparse + +from prettytable import PrettyTable + +if __name__ == '__main__': + gettext.install('gswauth', unicode=1) + parser = OptionParser(usage=''' +Usage: %prog [options] [account] [user] + +If [account] and [user] are omitted, a list of accounts will be output. + +If [account] is included but not [user], a list of users within the account +will be output. + +If [account] and [user] are included, a list of groups the user belongs to +will be ouptput. + +If the [user] is '.groups', the active groups for the account will be listed. +'''.strip()) + parser.add_option('-p', '--plain-text', dest='plain_text', + action='store_true', default=False, help='Changes the output from ' + 'JSON to plain text. This will cause an account to list only the ' + 'users and a user to list only the groups.') + parser.add_option('-j', '--json', dest='json_format', + action='store_true', default=False, help='Output in JSON format. ' + 'This will print all information about given account or user, ' + 'including stored password.') + parser.add_option('-A', '--admin-url', dest='admin_url', + default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' + 'subsystem (default: http://127.0.0.1:8080/auth/') + parser.add_option('-U', '--admin-user', dest='admin_user', + default='.super_admin', help='The user with admin rights to add users ' + '(default: .super_admin).') + parser.add_option('-K', '--admin-key', dest='admin_key', + help='The key for the user with admin rights to add users.') + args = argv[1:] + if not args: + args.append('-h') + (options, args) = parser.parse_args(args) + if len(args) > 2: + parser.parse_args(['-h']) + parsed = urlparse(options.admin_url) + if parsed.scheme not in ('http', 'https'): + raise Exception('Cannot handle protocol scheme %s for url %s' % + (parsed.scheme, repr(options.admin_url))) + parsed_path = parsed.path + if not parsed_path: + parsed_path = '/' + elif parsed_path[-1] != '/': + parsed_path += '/' + path = '%sv2/%s' % (parsed_path, '/'.join(args)) + headers = {'X-Auth-Admin-User': options.admin_user, + 'X-Auth-Admin-Key': options.admin_key} + conn = http_connect(parsed.hostname, parsed.port, 'GET', path, headers, + ssl=(parsed.scheme == 'https')) + resp = conn.getresponse() + body = resp.read() + if resp.status // 100 != 2: + if resp.status == 401: + exit('List failed: %s %s: Invalid user/key provided' % + (resp.status, resp.reason)) + elif resp.status == 403: + exit('List failed: %s %s: Insufficient priveleges' % + (resp.status, resp.reason)) + else: + exit('List failed: %s %s' % (resp.status, resp.reason)) + if options.plain_text: + info = json.loads(body) + for group in info[['accounts', 'users', 'groups'][len(args)]]: + print group['name'] + elif options.json_format: + print body + else: + info = json.loads(body) + h = ['accounts', 'users', 'groups'][len(args)] + table = PrettyTable([h.title()]) + for group in info[h]: + table.add_row([group['name']]) + print table diff --git a/gluster/swift/common/middleware/gswauth/bin/gswauth-prep b/gluster/swift/common/middleware/gswauth/bin/gswauth-prep new file mode 100755 index 0000000..74071d5 --- /dev/null +++ b/gluster/swift/common/middleware/gswauth/bin/gswauth-prep @@ -0,0 +1,64 @@ +#!/usr/bin/env python +# Copyright (c) 2010-2011 OpenStack, LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import gettext +from optparse import OptionParser +from os.path import basename +from sys import argv, exit + +from swift.common.bufferedhttp import http_connect_raw as http_connect +from swift.common.utils import urlparse + + +if __name__ == '__main__': + gettext.install('gswauth', unicode=1) + parser = OptionParser(usage='Usage: %prog [options]') + parser.add_option('-A', '--admin-url', dest='admin_url', + default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' + 'subsystem (default: http://127.0.0.1:8080/auth/') + parser.add_option('-U', '--admin-user', dest='admin_user', + default='.super_admin', help='The user with admin rights to add users ' + '(default: .super_admin).') + parser.add_option('-K', '--admin-key', dest='admin_key', + help='The key for the user with admin rights to add users.') + args = argv[1:] + if not args: + args.append('-h') + (options, args) = parser.parse_args(args) + if args: + parser.parse_args(['-h']) + parsed = urlparse(options.admin_url) + if parsed.scheme not in ('http', 'https'): + raise Exception('Cannot handle protocol scheme %s for url %s' % + (parsed.scheme, repr(options.admin_url))) + parsed_path = parsed.path + if not parsed_path: + parsed_path = '/' + elif parsed_path[-1] != '/': + parsed_path += '/' + path = '%sv2/.prep' % parsed_path + headers = {'X-Auth-Admin-User': options.admin_user, + 'X-Auth-Admin-Key': options.admin_key} + conn = http_connect(parsed.hostname, parsed.port, 'POST', path, headers, + ssl=(parsed.scheme == 'https')) + resp = conn.getresponse() + if resp.status // 100 != 2: + if resp.status == 401: + exit('gswauth preparation failed: %s %s: Invalid user/key provided' % + (resp.status, resp.reason)) + else: + exit('gswauth preparation failed: %s %s' % + (resp.status, resp.reason)) diff --git a/gluster/swift/common/middleware/gswauth/bin/gswauth-set-account-service b/gluster/swift/common/middleware/gswauth/bin/gswauth-set-account-service new file mode 100755 index 0000000..eef4f05 --- /dev/null +++ b/gluster/swift/common/middleware/gswauth/bin/gswauth-set-account-service @@ -0,0 +1,80 @@ +#!/usr/bin/env python +# Copyright (c) 2010-2011 OpenStack, LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +try: + import simplejson as json +except ImportError: + import json +import gettext +from optparse import OptionParser +from os.path import basename +from sys import argv, exit + +from swift.common.bufferedhttp import http_connect_raw as http_connect +from swift.common.utils import urlparse + + +if __name__ == '__main__': + gettext.install('gswauth', unicode=1) + parser = OptionParser(usage=''' +Usage: %prog [options] + +Sets a service URL for an account. Can only be set by a reseller admin. + +Example: %prog -K gswauthkey test storage local http://127.0.0.1:8080/v1/AUTH_018c3946-23f8-4efb-a8fb-b67aae8e4162 +'''.strip()) + parser.add_option('-A', '--admin-url', dest='admin_url', + default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' + 'subsystem (default: http://127.0.0.1:8080/auth/)') + parser.add_option('-U', '--admin-user', dest='admin_user', + default='.super_admin', help='The user with admin rights to add users ' + '(default: .super_admin).') + parser.add_option('-K', '--admin-key', dest='admin_key', + help='The key for the user with admin rights to add users.') + args = argv[1:] + if not args: + args.append('-h') + (options, args) = parser.parse_args(args) + if len(args) != 4: + parser.parse_args(['-h']) + account, service, name, url = args + parsed = urlparse(options.admin_url) + if parsed.scheme not in ('http', 'https'): + raise Exception('Cannot handle protocol scheme %s for url %s' % + (parsed.scheme, repr(options.admin_url))) + parsed_path = parsed.path + if not parsed_path: + parsed_path = '/' + elif parsed_path[-1] != '/': + parsed_path += '/' + path = '%sv2/%s/.services' % (parsed_path, account) + body = json.dumps({service: {name: url}}) + headers = {'Content-Length': str(len(body)), + 'X-Auth-Admin-User': options.admin_user, + 'X-Auth-Admin-Key': options.admin_key} + conn = http_connect(parsed.hostname, parsed.port, 'POST', path, headers, + ssl=(parsed.scheme == 'https')) + conn.send(body) + resp = conn.getresponse() + if resp.status // 100 != 2: + if resp.status == 401: + exit('Service set failed: %s %s: Invalid user/key provided' % + (resp.status, resp.reason)) + elif resp.status == 403: + exit('Service set failed: %s %s: Insufficient priveleges' % + (resp.status, resp.reason)) + else: + exit('Service set failed: %s %s' % (resp.status, resp.reason)) diff --git a/gluster/swift/common/middleware/gswauth/bin/swauth-add-account b/gluster/swift/common/middleware/gswauth/bin/swauth-add-account deleted file mode 100755 index 92b6b73..0000000 --- a/gluster/swift/common/middleware/gswauth/bin/swauth-add-account +++ /dev/null @@ -1,77 +0,0 @@ -#!/usr/bin/env python -# Copyright (c) 2010-2011 OpenStack, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import gettext -from optparse import OptionParser -from os.path import basename -from sys import argv, exit - -from swift.common.bufferedhttp import http_connect_raw as http_connect -from swift.common.utils import urlparse - - -if __name__ == '__main__': - gettext.install('swauth', unicode=1) - parser = OptionParser(usage='Usage: %prog [options] ') - parser.add_option('-s', '--suffix', dest='suffix', - default='', help='The suffix to use with the reseller prefix as the ' - 'storage account name (default: ) Note: If ' - 'the account already exists, this will have no effect on existing ' - 'service URLs. Those will need to be updated with ' - 'swauth-set-account-service') - parser.add_option('-A', '--admin-url', dest='admin_url', - default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' - 'subsystem (default: http://127.0.0.1:8080/auth/)') - parser.add_option('-U', '--admin-user', dest='admin_user', - default='.super_admin', help='The user with admin rights to add users ' - '(default: .super_admin).') - parser.add_option('-K', '--admin-key', dest='admin_key', - help='The key for the user with admin rights to add users.') - args = argv[1:] - if not args: - args.append('-h') - (options, args) = parser.parse_args(args) - if len(args) != 1: - parser.parse_args(['-h']) - account = args[0] - parsed = urlparse(options.admin_url) - if parsed.scheme not in ('http', 'https'): - raise Exception('Cannot handle protocol scheme %s for url %s' % - (parsed.scheme, repr(options.admin_url))) - parsed_path = parsed.path - if not parsed_path: - parsed_path = '/' - elif parsed_path[-1] != '/': - parsed_path += '/' - path = '%sv2/%s' % (parsed_path, account) - headers = {'X-Auth-Admin-User': options.admin_user, - 'X-Auth-Admin-Key': options.admin_key, - 'Content-Length': '0'} - if options.suffix: - headers['X-Account-Suffix'] = options.suffix - conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers, - ssl=(parsed.scheme == 'https')) - resp = conn.getresponse() - if resp.status // 100 != 2: - if resp.status == 401: - exit('Account creation failed: %s %s: Invalid user/key provided' % - (resp.status, resp.reason)) - elif resp.status == 403: - exit('Account creation failed: %s %s: Insufficient priveleges' % - (resp.status, resp.reason)) - else: - exit('Account creation failed: %s %s' % - (resp.status, resp.reason)) diff --git a/gluster/swift/common/middleware/gswauth/bin/swauth-add-user b/gluster/swift/common/middleware/gswauth/bin/swauth-add-user deleted file mode 100755 index 7336297..0000000 --- a/gluster/swift/common/middleware/gswauth/bin/swauth-add-user +++ /dev/null @@ -1,107 +0,0 @@ -#!/usr/bin/env python -# Copyright (c) 2010-2011 OpenStack, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import gettext -from optparse import OptionParser -from os.path import basename -from sys import argv, exit - -from swift.common.bufferedhttp import http_connect_raw as http_connect -from swift.common.utils import urlparse - - -if __name__ == '__main__': - gettext.install('swauth', unicode=1) - parser = OptionParser( - usage='Usage: %prog [options] ') - parser.add_option('-a', '--admin', dest='admin', action='store_true', - default=False, help='Give the user administrator access; otherwise ' - 'the user will only have access to containers specifically allowed ' - 'with ACLs.') - parser.add_option('-r', '--reseller-admin', dest='reseller_admin', - action='store_true', default=False, help='Give the user full reseller ' - 'administrator access, giving them full access to all accounts within ' - 'the reseller, including the ability to create new accounts. Creating ' - 'a new reseller admin requires super_admin rights.') - parser.add_option('-s', '--suffix', dest='suffix', - default='', help='The suffix to use with the reseller prefix as the ' - 'storage account name (default: ) Note: If ' - 'the account already exists, this will have no effect on existing ' - 'service URLs. Those will need to be updated with ' - 'swauth-set-account-service') - parser.add_option('-A', '--admin-url', dest='admin_url', - default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' - 'subsystem (default: http://127.0.0.1:8080/auth/') - parser.add_option('-U', '--admin-user', dest='admin_user', - default='.super_admin', help='The user with admin rights to add users ' - '(default: .super_admin).') - parser.add_option('-K', '--admin-key', dest='admin_key', - help='The key for the user with admin rights to add users.') - args = argv[1:] - if not args: - args.append('-h') - (options, args) = parser.parse_args(args) - if len(args) != 3: - parser.parse_args(['-h']) - account, user, password = args - parsed = urlparse(options.admin_url) - if parsed.scheme not in ('http', 'https'): - raise Exception('Cannot handle protocol scheme %s for url %s' % - (parsed.scheme, repr(options.admin_url))) - parsed_path = parsed.path - if not parsed_path: - parsed_path = '/' - elif parsed_path[-1] != '/': - parsed_path += '/' - # Ensure the account exists - path = '%sv2/%s' % (parsed_path, account) - headers = {'X-Auth-Admin-User': options.admin_user, - 'X-Auth-Admin-Key': options.admin_key} - if options.suffix: - headers['X-Account-Suffix'] = options.suffix - conn = http_connect(parsed.hostname, parsed.port, 'GET', path, headers, - ssl=(parsed.scheme == 'https')) - resp = conn.getresponse() - if resp.status // 100 != 2: - headers['Content-Length'] = '0' - conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers, - ssl=(parsed.scheme == 'https')) - resp = conn.getresponse() - if resp.status // 100 != 2: - print 'Account creation failed: %s %s' % (resp.status, resp.reason) - # Add the user - path = '%sv2/%s/%s' % (parsed_path, account, user) - headers = {'X-Auth-Admin-User': options.admin_user, - 'X-Auth-Admin-Key': options.admin_key, - 'X-Auth-User-Key': password, - 'Content-Length': '0'} - if options.admin: - headers['X-Auth-User-Admin'] = 'true' - if options.reseller_admin: - headers['X-Auth-User-Reseller-Admin'] = 'true' - conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers, - ssl=(parsed.scheme == 'https')) - resp = conn.getresponse() - if resp.status // 100 != 2: - if resp.status == 401: - exit('User creation failed: %s %s: Invalid user/key provided' % - (resp.status, resp.reason)) - elif resp.status == 403: - exit('User creation failed: %s %s: Insufficient priveleges' % - (resp.status, resp.reason)) - else: - exit('User creation failed: %s %s' % - (resp.status, resp.reason)) diff --git a/gluster/swift/common/middleware/gswauth/bin/swauth-cleanup-tokens b/gluster/swift/common/middleware/gswauth/bin/swauth-cleanup-tokens deleted file mode 100755 index 21f99ba..0000000 --- a/gluster/swift/common/middleware/gswauth/bin/swauth-cleanup-tokens +++ /dev/null @@ -1,167 +0,0 @@ -#!/usr/bin/env python -# Copyright (c) 2010-2011 OpenStack, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -try: - import simplejson as json -except ImportError: - import json -import gettext -import re -from datetime import datetime, timedelta -from optparse import OptionParser -from sys import argv, exit -from time import sleep, time - -from swiftclient.client import Connection, ClientException - -if __name__ == '__main__': - gettext.install('swauth', unicode=1) - parser = OptionParser(usage='Usage: %prog [options]') - parser.add_option('-t', '--token-life', dest='token_life', - default='86400', help='The expected life of tokens; token objects ' - 'modified more than this number of seconds ago will be checked for ' - 'expiration (default: 86400).') - parser.add_option('-s', '--sleep', dest='sleep', - default='0.1', help='The number of seconds to sleep between token ' - 'checks (default: 0.1)') - parser.add_option('-v', '--verbose', dest='verbose', action='store_true', - default=False, help='Outputs everything done instead of just the ' - 'deletions.') - parser.add_option('-A', '--admin-url', dest='admin_url', - default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' - 'subsystem (default: http://127.0.0.1:8080/auth/)') - parser.add_option('-K', '--admin-key', dest='admin_key', - help='The key for .super_admin.') - parser.add_option('', '--purge', dest='purge_account', help='Purges all ' - 'tokens for a given account whether the tokens have expired or not.') - parser.add_option('', '--purge-all', dest='purge_all', action='store_true', - default=False, help='Purges all tokens for all accounts and users ' - 'whether the tokens have expired or not.') - args = argv[1:] - if not args: - args.append('-h') - (options, args) = parser.parse_args(args) - if len(args) != 0: - parser.parse_args(['-h']) - options.admin_url = options.admin_url.rstrip('/') - if not options.admin_url.endswith('/v1.0'): - options.admin_url += '/v1.0' - options.admin_user = '.super_admin:.super_admin' - options.token_life = timedelta(0, float(options.token_life)) - options.sleep = float(options.sleep) - conn = Connection(options.admin_url, options.admin_user, options.admin_key) - if options.purge_account: - marker = None - while True: - if options.verbose: - print 'GET %s?marker=%s' % (options.purge_account, marker) - objs = conn.get_container(options.purge_account, marker=marker)[1] - if objs: - marker = objs[-1]['name'] - else: - if options.verbose: - print 'No more objects in %s' % options.purge_account - break - for obj in objs: - if options.verbose: - print 'HEAD %s/%s' % (options.purge_account, obj['name']) - headers = conn.head_object(options.purge_account, obj['name']) - if 'x-object-meta-auth-token' in headers: - token = headers['x-object-meta-auth-token'] - container = '.token_%s' % token[-1] - if options.verbose: - print '%s/%s purge account %r; deleting' % \ - (container, token, options.purge_account) - print 'DELETE %s/%s' % (container, token) - try: - conn.delete_object(container, token) - except ClientException, err: - if err.http_status != 404: - raise - continue - if options.verbose: - print 'Done.' - exit(0) - for x in xrange(16): - container = '.token_%x' % x - marker = None - while True: - if options.verbose: - print 'GET %s?marker=%s' % (container, marker) - try: - objs = conn.get_container(container, marker=marker)[1] - except ClientException, e: - if e.http_status == 404: - exit('Container %s not found. swauth-prep needs to be ' - 'rerun' % (container)) - elif e.http_status == 401: - exit('Cleanup tokens failed: 401 Unauthorized: Invalid user/key provided') - else: - exit('Object listing on container %s failed with status ' - 'code %d' % (container, e.http_status)) - if objs: - marker = objs[-1]['name'] - else: - if options.verbose: - print 'No more objects in %s' % container - break - for obj in objs: - if options.purge_all: - if options.verbose: - print '%s/%s purge all; deleting' % \ - (container, obj['name']) - print 'DELETE %s/%s' % (container, obj['name']) - try: - conn.delete_object(container, obj['name']) - except ClientException, err: - if err.http_status != 404: - raise - continue - last_modified = datetime(*map(int, re.split('[^\d]', - obj['last_modified'])[:-1])) - ago = datetime.utcnow() - last_modified - if ago > options.token_life: - if options.verbose: - print '%s/%s last modified %ss ago; investigating' % \ - (container, obj['name'], - ago.days * 86400 + ago.seconds) - print 'GET %s/%s' % (container, obj['name']) - detail = conn.get_object(container, obj['name'])[1] - detail = json.loads(detail) - if detail['expires'] < time(): - if options.verbose: - print '%s/%s expired %ds ago; deleting' % \ - (container, obj['name'], - time() - detail['expires']) - print 'DELETE %s/%s' % (container, obj['name']) - try: - conn.delete_object(container, obj['name']) - except ClientException, e: - if e.http_status != 404: - print 'DELETE of %s/%s failed with status ' \ - 'code %d' % (container, obj['name'], - e.http_status) - elif options.verbose: - print "%s/%s won't expire for %ds; skipping" % \ - (container, obj['name'], - detail['expires'] - time()) - elif options.verbose: - print '%s/%s last modified %ss ago; skipping' % \ - (container, obj['name'], - ago.days * 86400 + ago.seconds) - sleep(options.sleep) - if options.verbose: - print 'Done.' diff --git a/gluster/swift/common/middleware/gswauth/bin/swauth-delete-account b/gluster/swift/common/middleware/gswauth/bin/swauth-delete-account deleted file mode 100755 index 3ada02c..0000000 --- a/gluster/swift/common/middleware/gswauth/bin/swauth-delete-account +++ /dev/null @@ -1,73 +0,0 @@ -#!/usr/bin/env python -# Copyright (c) 2010-2011 OpenStack, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import gettext -from optparse import OptionParser -from os.path import basename -from sys import argv, exit - -from swift.common.bufferedhttp import http_connect_raw as http_connect -from swift.common.utils import urlparse - - -if __name__ == '__main__': - gettext.install('swauth', unicode=1) - parser = OptionParser(usage='Usage: %prog [options] ') - parser.add_option('-A', '--admin-url', dest='admin_url', - default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' - 'subsystem (default: http://127.0.0.1:8080/auth/') - parser.add_option('-U', '--admin-user', dest='admin_user', - default='.super_admin', help='The user with admin rights to add users ' - '(default: .super_admin).') - parser.add_option('-K', '--admin-key', dest='admin_key', - help='The key for the user with admin rights to add users.') - args = argv[1:] - if not args: - args.append('-h') - (options, args) = parser.parse_args(args) - if len(args) != 1: - parser.parse_args(['-h']) - account = args[0] - parsed = urlparse(options.admin_url) - if parsed.scheme not in ('http', 'https'): - raise Exception('Cannot handle protocol scheme %s for url %s' % - (parsed.scheme, repr(options.admin_url))) - parsed_path = parsed.path - if not parsed_path: - parsed_path = '/' - elif parsed_path[-1] != '/': - parsed_path += '/' - path = '%sv2/%s' % (parsed_path, account) - headers = {'X-Auth-Admin-User': options.admin_user, - 'X-Auth-Admin-Key': options.admin_key} - conn = http_connect(parsed.hostname, parsed.port, 'DELETE', path, headers, - ssl=(parsed.scheme == 'https')) - resp = conn.getresponse() - if resp.status // 100 != 2: - if resp.status == 401: - exit('Delete account failed: %s %s: Invalid user/key provided' % - (resp.status, resp.reason)) - elif resp.status == 403: - exit('Delete account failed: %s %s: Insufficient priveleges' % - (resp.status, resp.reason)) - elif resp.status == 404: - exit('Delete account failed: %s %s: Account %s does not exist' % - (resp.status, resp.reason, account)) - elif resp.status == 409: - exit('Delete account failed: %s %s: Account %s contains active users. ' - 'Delete all users first.' % (resp.status, resp.reason, account)) - else: - exit('Delete account failed: %s %s' % (resp.status, resp.reason)) diff --git a/gluster/swift/common/middleware/gswauth/bin/swauth-delete-user b/gluster/swift/common/middleware/gswauth/bin/swauth-delete-user deleted file mode 100755 index d87d02b..0000000 --- a/gluster/swift/common/middleware/gswauth/bin/swauth-delete-user +++ /dev/null @@ -1,70 +0,0 @@ -#!/usr/bin/env python -# Copyright (c) 2010-2011 OpenStack, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import gettext -from optparse import OptionParser -from os.path import basename -from sys import argv, exit - -from swift.common.bufferedhttp import http_connect_raw as http_connect -from swift.common.utils import urlparse - - -if __name__ == '__main__': - gettext.install('swauth', unicode=1) - parser = OptionParser(usage='Usage: %prog [options] ') - parser.add_option('-A', '--admin-url', dest='admin_url', - default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' - 'subsystem (default: http://127.0.0.1:8080/auth/') - parser.add_option('-U', '--admin-user', dest='admin_user', - default='.super_admin', help='The user with admin rights to add users ' - '(default: .super_admin).') - parser.add_option('-K', '--admin-key', dest='admin_key', - help='The key for the user with admin rights to add users.') - args = argv[1:] - if not args: - args.append('-h') - (options, args) = parser.parse_args(args) - if len(args) != 2: - parser.parse_args(['-h']) - account, user = args - parsed = urlparse(options.admin_url) - if parsed.scheme not in ('http', 'https'): - raise Exception('Cannot handle protocol scheme %s for url %s' % - (parsed.scheme, repr(options.admin_url))) - parsed_path = parsed.path - if not parsed_path: - parsed_path = '/' - elif parsed_path[-1] != '/': - parsed_path += '/' - path = '%sv2/%s/%s' % (parsed_path, account, user) - headers = {'X-Auth-Admin-User': options.admin_user, - 'X-Auth-Admin-Key': options.admin_key} - conn = http_connect(parsed.hostname, parsed.port, 'DELETE', path, headers, - ssl=(parsed.scheme == 'https')) - resp = conn.getresponse() - if resp.status // 100 != 2: - if resp.status == 401: - exit('Delete user failed: %s %s: Invalid user/key provided' % - (resp.status, resp.reason)) - elif resp.status == 403: - exit('Delete user failed: %s %s: Insufficient priveleges' % - (resp.status, resp.reason)) - elif resp.status == 404: - exit('Delete user failed: %s %s: User %s does not exist' % - (resp.status, resp.reason, user)) - else: - exit('Delete user failed: %s %s' % (resp.status, resp.reason)) diff --git a/gluster/swift/common/middleware/gswauth/bin/swauth-list b/gluster/swift/common/middleware/gswauth/bin/swauth-list deleted file mode 100755 index 4a8c546..0000000 --- a/gluster/swift/common/middleware/gswauth/bin/swauth-list +++ /dev/null @@ -1,105 +0,0 @@ -#!/usr/bin/env python -# Copyright (c) 2010-2011 OpenStack, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -try: - import simplejson as json -except ImportError: - import json -import gettext -from optparse import OptionParser -from os.path import basename -from sys import argv, exit - -from swift.common.bufferedhttp import http_connect_raw as http_connect -from swift.common.utils import urlparse - -from prettytable import PrettyTable - -if __name__ == '__main__': - gettext.install('swauth', unicode=1) - parser = OptionParser(usage=''' -Usage: %prog [options] [account] [user] - -If [account] and [user] are omitted, a list of accounts will be output. - -If [account] is included but not [user], a list of users within the account -will be output. - -If [account] and [user] are included, a list of groups the user belongs to -will be ouptput. - -If the [user] is '.groups', the active groups for the account will be listed. -'''.strip()) - parser.add_option('-p', '--plain-text', dest='plain_text', - action='store_true', default=False, help='Changes the output from ' - 'JSON to plain text. This will cause an account to list only the ' - 'users and a user to list only the groups.') - parser.add_option('-j', '--json', dest='json_format', - action='store_true', default=False, help='Output in JSON format. ' - 'This will print all information about given account or user, ' - 'including stored password.') - parser.add_option('-A', '--admin-url', dest='admin_url', - default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' - 'subsystem (default: http://127.0.0.1:8080/auth/') - parser.add_option('-U', '--admin-user', dest='admin_user', - default='.super_admin', help='The user with admin rights to add users ' - '(default: .super_admin).') - parser.add_option('-K', '--admin-key', dest='admin_key', - help='The key for the user with admin rights to add users.') - args = argv[1:] - if not args: - args.append('-h') - (options, args) = parser.parse_args(args) - if len(args) > 2: - parser.parse_args(['-h']) - parsed = urlparse(options.admin_url) - if parsed.scheme not in ('http', 'https'): - raise Exception('Cannot handle protocol scheme %s for url %s' % - (parsed.scheme, repr(options.admin_url))) - parsed_path = parsed.path - if not parsed_path: - parsed_path = '/' - elif parsed_path[-1] != '/': - parsed_path += '/' - path = '%sv2/%s' % (parsed_path, '/'.join(args)) - headers = {'X-Auth-Admin-User': options.admin_user, - 'X-Auth-Admin-Key': options.admin_key} - conn = http_connect(parsed.hostname, parsed.port, 'GET', path, headers, - ssl=(parsed.scheme == 'https')) - resp = conn.getresponse() - body = resp.read() - if resp.status // 100 != 2: - if resp.status == 401: - exit('List failed: %s %s: Invalid user/key provided' % - (resp.status, resp.reason)) - elif resp.status == 403: - exit('List failed: %s %s: Insufficient priveleges' % - (resp.status, resp.reason)) - else: - exit('List failed: %s %s' % (resp.status, resp.reason)) - if options.plain_text: - info = json.loads(body) - for group in info[['accounts', 'users', 'groups'][len(args)]]: - print group['name'] - elif options.json_format: - print body - else: - info = json.loads(body) - h = ['accounts', 'users', 'groups'][len(args)] - table = PrettyTable([h.title()]) - for group in info[h]: - table.add_row([group['name']]) - print table diff --git a/gluster/swift/common/middleware/gswauth/bin/swauth-prep b/gluster/swift/common/middleware/gswauth/bin/swauth-prep deleted file mode 100755 index f520426..0000000 --- a/gluster/swift/common/middleware/gswauth/bin/swauth-prep +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/bin/env python -# Copyright (c) 2010-2011 OpenStack, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import gettext -from optparse import OptionParser -from os.path import basename -from sys import argv, exit - -from swift.common.bufferedhttp import http_connect_raw as http_connect -from swift.common.utils import urlparse - - -if __name__ == '__main__': - gettext.install('swauth', unicode=1) - parser = OptionParser(usage='Usage: %prog [options]') - parser.add_option('-A', '--admin-url', dest='admin_url', - default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' - 'subsystem (default: http://127.0.0.1:8080/auth/') - parser.add_option('-U', '--admin-user', dest='admin_user', - default='.super_admin', help='The user with admin rights to add users ' - '(default: .super_admin).') - parser.add_option('-K', '--admin-key', dest='admin_key', - help='The key for the user with admin rights to add users.') - args = argv[1:] - if not args: - args.append('-h') - (options, args) = parser.parse_args(args) - if args: - parser.parse_args(['-h']) - parsed = urlparse(options.admin_url) - if parsed.scheme not in ('http', 'https'): - raise Exception('Cannot handle protocol scheme %s for url %s' % - (parsed.scheme, repr(options.admin_url))) - parsed_path = parsed.path - if not parsed_path: - parsed_path = '/' - elif parsed_path[-1] != '/': - parsed_path += '/' - path = '%sv2/.prep' % parsed_path - headers = {'X-Auth-Admin-User': options.admin_user, - 'X-Auth-Admin-Key': options.admin_key} - conn = http_connect(parsed.hostname, parsed.port, 'POST', path, headers, - ssl=(parsed.scheme == 'https')) - resp = conn.getresponse() - if resp.status // 100 != 2: - if resp.status == 401: - exit('gswauth preparation failed: %s %s: Invalid user/key provided' % - (resp.status, resp.reason)) - else: - exit('gswauth preparation failed: %s %s' % - (resp.status, resp.reason)) diff --git a/gluster/swift/common/middleware/gswauth/bin/swauth-set-account-service b/gluster/swift/common/middleware/gswauth/bin/swauth-set-account-service deleted file mode 100755 index 41a33d2..0000000 --- a/gluster/swift/common/middleware/gswauth/bin/swauth-set-account-service +++ /dev/null @@ -1,80 +0,0 @@ -#!/usr/bin/env python -# Copyright (c) 2010-2011 OpenStack, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -try: - import simplejson as json -except ImportError: - import json -import gettext -from optparse import OptionParser -from os.path import basename -from sys import argv, exit - -from swift.common.bufferedhttp import http_connect_raw as http_connect -from swift.common.utils import urlparse - - -if __name__ == '__main__': - gettext.install('swauth', unicode=1) - parser = OptionParser(usage=''' -Usage: %prog [options] - -Sets a service URL for an account. Can only be set by a reseller admin. - -Example: %prog -K swauthkey test storage local http://127.0.0.1:8080/v1/AUTH_018c3946-23f8-4efb-a8fb-b67aae8e4162 -'''.strip()) - parser.add_option('-A', '--admin-url', dest='admin_url', - default='http://127.0.0.1:8080/auth/', help='The URL to the auth ' - 'subsystem (default: http://127.0.0.1:8080/auth/)') - parser.add_option('-U', '--admin-user', dest='admin_user', - default='.super_admin', help='The user with admin rights to add users ' - '(default: .super_admin).') - parser.add_option('-K', '--admin-key', dest='admin_key', - help='The key for the user with admin rights to add users.') - args = argv[1:] - if not args: - args.append('-h') - (options, args) = parser.parse_args(args) - if len(args) != 4: - parser.parse_args(['-h']) - account, service, name, url = args - parsed = urlparse(options.admin_url) - if parsed.scheme not in ('http', 'https'): - raise Exception('Cannot handle protocol scheme %s for url %s' % - (parsed.scheme, repr(options.admin_url))) - parsed_path = parsed.path - if not parsed_path: - parsed_path = '/' - elif parsed_path[-1] != '/': - parsed_path += '/' - path = '%sv2/%s/.services' % (parsed_path, account) - body = json.dumps({service: {name: url}}) - headers = {'Content-Length': str(len(body)), - 'X-Auth-Admin-User': options.admin_user, - 'X-Auth-Admin-Key': options.admin_key} - conn = http_connect(parsed.hostname, parsed.port, 'POST', path, headers, - ssl=(parsed.scheme == 'https')) - conn.send(body) - resp = conn.getresponse() - if resp.status // 100 != 2: - if resp.status == 401: - exit('Service set failed: %s %s: Invalid user/key provided' % - (resp.status, resp.reason)) - elif resp.status == 403: - exit('Service set failed: %s %s: Insufficient priveleges' % - (resp.status, resp.reason)) - else: - exit('Service set failed: %s %s' % (resp.status, resp.reason)) -- cgit