The SSSD info plugin configures SSSD and modules in
Apache as root during installation. This cannot be
done in the UI so we must not allow users to modify
the state if it was not "preconfigured" during
install.
If it has been configured then users are allowed
to enable/disable the plugin.
This is controlled by a value stored in the
info_config table, preconfigured.
The plugin configuration is hidden from the UI by
overridding the get_config_object() method.
https://fedorahosted.org/ipsilon/ticket/111
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
except AdminError, e:
return self.root_with_msg(str(e), ADMIN_STATUS_WARN)
if not obj.is_enabled:
except AdminError, e:
return self.root_with_msg(str(e), ADMIN_STATUS_WARN)
if not obj.is_enabled:
+ try:
+ obj.enable()
+ except Exception as e: # pylint: disable=broad-except
+ return self.root_with_msg(str(e), ADMIN_STATUS_WARN)
obj.save_enabled_state()
msg = "Plugin %s enabled" % obj.name
return self.root_with_msg(msg, ADMIN_STATUS_OK,
obj.save_enabled_state()
msg = "Plugin %s enabled" % obj.name
return self.root_with_msg(msg, ADMIN_STATUS_OK,
except AdminError, e:
return self.root_with_msg(str(e), ADMIN_STATUS_WARN)
if obj.is_enabled:
except AdminError, e:
return self.root_with_msg(str(e), ADMIN_STATUS_WARN)
if obj.is_enabled:
+ try:
+ obj.disable()
+ except Exception as e: # pylint: disable=broad-except
+ return self.root_with_msg(str(e), ADMIN_STATUS_WARN)
obj.save_enabled_state()
msg = "Plugin %s disabled" % obj.name
return self.root_with_msg(msg, ADMIN_STATUS_OK,
obj.save_enabled_state()
msg = "Plugin %s disabled" % obj.name
return self.root_with_msg(msg, ADMIN_STATUS_OK,
if item not in plugins.available:
self.debug('Info Plugin %s not found' % item)
continue
if item not in plugins.available:
self.debug('Info Plugin %s not found' % item)
continue
- plugins.available[item].enable()
+ try:
+ plugins.available[item].enable()
+ except Exception as e: # pylint: disable=broad-except
+ while item in plugins.enabled:
+ plugins.enabled.remove(item)
+ self.debug("Info Plugin %s couldn't be enabled: %s" % (
+ item, str(e)))
def get_user_attrs(self, user, requested=None):
plugins = self._site[FACILITY].available
def get_user_attrs(self, user, requested=None):
plugins = self._site[FACILITY].available
from ipsilon.info.common import InfoProviderInstaller
from ipsilon.util.plugin import PluginObject
from ipsilon.util.policy import Policy
from ipsilon.info.common import InfoProviderInstaller
from ipsilon.util.plugin import PluginObject
from ipsilon.util.policy import Policy
+from ipsilon.util import config as pconfig
from string import Template
import cherrypy
import time
from string import Template
import cherrypy
import time
super(InfoProvider, self).__init__(*pargs)
self.mapper = Policy(sssd_mapping)
self.name = 'sssd'
super(InfoProvider, self).__init__(*pargs)
self.mapper = Policy(sssd_mapping)
self.name = 'sssd'
- self.new_config(self.name)
+ self.new_config(
+ self.name,
+ pconfig.Condition(
+ 'preconfigured',
+ 'SSSD can only be used when pre-configured',
+ False),
+ )
def _get_user_data(self, user):
reply = dict()
def _get_user_data(self, user):
reply = dict()
+ def save_plugin_config(self, *args, **kwargs):
+ raise ValueError('Configuration cannot be modified live for SSSD')
+
+ def get_config_obj(self):
+ return None
+
+ def enable(self):
+ self.refresh_plugin_config()
+ if not self.get_config_value('preconfigured'):
+ raise Exception("SSSD Can be enabled only if pre-configured")
+ super(InfoProvider, self).enable()
+
CONF_TEMPLATE = """
LoadModule lookup_identity_module modules/mod_lookup_identity.so
CONF_TEMPLATE = """
LoadModule lookup_identity_module modules/mod_lookup_identity.so
po.name = 'sssd'
po.wipe_data()
po.wipe_config_values()
po.name = 'sssd'
po.wipe_data()
po.wipe_config_values()
+ config = {'preconfigured': True}
+ po.save_plugin_config(config)
# Update global config to add info plugin
po.is_enabled = True
# Update global config to add info plugin
po.is_enabled = True