Commit 35490193 authored by Jérome Perrin's avatar Jérome Perrin

palo: login worker for erp5

parent ac84d713
#!${buildout:executable}
import sys
import xmlrpclib
import logging
import csv
import hashlib
import socket
def main():
logfile = sys.argv[1]
logging.basicConfig(filename=logfile,
format='%(asctime)s [%(levelname)s] %(message)s')
logger = logging.getLogger('erp5_palo_login_worker')
logger.setLevel(logging.DEBUG)
erp5 = xmlrpclib.ServerProxy(sys.argv[2])
ostream = sys.stdout
def output(line):
print >> ostream, line
ostream.flush()
istream = sys.stdin
def stdin_reader():
yield istream.readline()
while True:
try:
csv_reader = csv.reader(stdin_reader(), delimiter=";")
line = csv_reader.next()
if not line:
output('DONE')
logger.info("Exiting")
break
cmd = line[0]
args = line[1:]
if cmd == 'SESSION':
session_id = args[0]
logger.debug("SESSION %r" % (session_id, ))
elif cmd == 'AUTHORIZATION':
login, password = args
if login == 'admin':
# XXX better way ?
# admin_pass = "admin"
# authentication_success = hashlib.md5(admin_pass).hexdigest() == password
authentication_success = True
groups = []
if authentication_success:
groups = ['admin',]
else:
try:
authentication_success, groups = erp5.ERP5Site_authenticatePaloUser(
login, password)
except (xmlrpclib.Fault, socket.error), e:
logger.exception(e)
authentication_success = 'FALSE'
groups = []
result = authentication_success and "TRUE" or "FALSE"
if not authentication_success:
logger.info("Wrong login from %r" % (login, ))
output('LOGIN;%s' % result)
logger.info("Authenticated user %r with groups %r" % (login, groups))
output(";".join(['GROUPS'] + groups))
elif cmd == 'USER LOGOUT':
logger.debug("USER LOGOUT %s" % args)
else:
logger.warning("Unhandled command %s with args:%s" % (cmd, args))
output('DONE')
except:
logger.critical("Error occured", exc_info=True)
raise
if __name__ == '__main__':
main()
...@@ -39,7 +39,6 @@ log = $${:var}/log ...@@ -39,7 +39,6 @@ log = $${:var}/log
[TODO] [TODO]
todo = todo =
worker_login
tunnel tunnel
patch ipv6 patch ipv6
etl etl
...@@ -54,11 +53,11 @@ extensions = jinja2.ext.do ...@@ -54,11 +53,11 @@ extensions = jinja2.ext.do
context = import json_module json context = import json_module json
key directory_var directory:var key directory_var directory:var
key directory_log directory:log key directory_log directory:log
key login_woker erp5_login_worker:wrapper-path
raw palo_olap_repository_location ${palo_olap-repository.git:location} raw palo_olap_repository_location ${palo_olap-repository.git:location}
section parameter instance-parameter section parameter instance-parameter
section palo_olap_parameter palo_olap_parameter section palo_olap_parameter palo_olap_parameter
key erp5_url instance-parameter:configuration.erp5_url key erp5_url instance-parameter:configuration.erp5_url
raw erp5_login_worker_path ${erp5_login_worker:output}
[palo] [palo]
# This recipe will try to "exec" the command-line after separating parameters. # This recipe will try to "exec" the command-line after separating parameters.
...@@ -66,9 +65,6 @@ recipe = slapos.cookbook:wrapper ...@@ -66,9 +65,6 @@ recipe = slapos.cookbook:wrapper
command-line = ${palo:location}/bin/palo --init-file $${palo_ini:rendered} --chdir command-line = ${palo:location}/bin/palo --init-file $${palo_ini:rendered} --chdir
wrapper-path = $${directory:service}/palo_olap wrapper-path = $${directory:service}/palo_olap
[erp5_login_worker]
wrapper-path = TODO
[publish-connection-parameter] [publish-connection-parameter]
recipe = slapos.cookbook:publish recipe = slapos.cookbook:publish
palo_olap_url = $${palo_olap_parameter:ipv4}:$${palo_olap_parameter:palo_olap_port} palo_olap_url = $${palo_olap_parameter:ipv4}:$${palo_olap_parameter:palo_olap_port}
......
...@@ -2,11 +2,15 @@ data-directory {{ directory_var }} ...@@ -2,11 +2,15 @@ data-directory {{ directory_var }}
template-directory {{ palo_olap_repository_location }}/Api template-directory {{ palo_olap_repository_location }}/Api
http {{ palo_olap_parameter.ipv4 }} {{ palo_olap_parameter.palo_olap_port }} http {{ palo_olap_parameter.ipv4 }} {{ palo_olap_parameter.palo_olap_port }}
http {{ palo_olap_parameter.ipv6 }} {{ palo_olap_parameter.palo_olap_port }} http {{ palo_olap_parameter.ipv6 }} {{ palo_olap_parameter.palo_olap_port }}
admin {{ palo_olap_parameter.ipv4 }} {{ palo_olap_parameter.palo_olap_admin_port }}
log {{ directory_log }}/palo_olap.log log {{ directory_log }}/palo_olap.log
verbose debug verbose debug
user-login
#worker /srv/slapgrid/slappart8/srv/runner/instance/slappart0/sbin/erp5_login_worker /srv/slapgrid/slappart8/srv/runner/instance/slappart0/var//log//palo_login_worker.log https://aact.erp5.net/erp5/ {% if erp5_url %}
#workerlogin authorization user-login
workerlogin authorization
worker {{ erp5_login_worker_path }} {{ directory_log }}/erp5_login_worker.log {{ erp5_url }}
admin {{ palo_olap_parameter.ipv4 }} {{ palo_olap_parameter.palo_olap_admin_port }}
{% else %}
# no authorization enabled, as instance parameter erp5_url was not defined
{% endif %}
...@@ -22,6 +22,13 @@ output = ${buildout:directory}/instance.cfg ...@@ -22,6 +22,13 @@ output = ${buildout:directory}/instance.cfg
#md5sum = #md5sum =
mode = 0644 mode = 0644
[erp5_login_worker]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/erp5_login_worker.py
output = ${buildout:bin-directory}/erp5_login_worker.py
#md5sum =
mode = 0755
[palo_olap-repository.git] [palo_olap-repository.git]
recipe = slapos.recipe.build:gitclone recipe = slapos.recipe.build:gitclone
repository = https://gitlab.com/perrinjerome/palo_olap.git repository = https://gitlab.com/perrinjerome/palo_olap.git
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment