security-and-privacy/ldapcherry
security-and-privacy
/
ldapcherry
mirror of https://github.com/kakwa/ldapcherry
1
0
Fork 0
Code Releases Activity

more pep8 compliance

This commit is contained in:
kakwa 2015-07-11 22:03:58 +02:00
parent f29039704e
commit f73d4e37bc
3 changed files with 62 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ldapcherry/attributes.py
View File

@ -10,7 +10,7 @@ import sys
from ldapcherry.pyyamlwrapper import loadNoDump
from ldapcherry.pyyamlwrapper import DumplicatedKey
from ldapcherry.exceptions import MissingAttributesFile, MissingKey, WrongAttributeType, WrongBackend, DumplicateUserKey, MissingUserKey
from ldapcherry.exceptions import *
from sets import Set
import yaml
@ -43,7 +43,7 @@ class Attributes:
if 'self' in attr and attr['self']:
self.self_attributes[attrid] = attr
if 'key' in attr and attr['key']:
if not self.key is None:
if self.key is not None:
raise DumplicateUserKey(attrid, self.key)
self.key = attrid
for b in attr['backends']:

18
ldapcherry/pyyamlwrapper.py
View File

@ -32,7 +32,7 @@ except ImportError:
# PyYaml wrapper that loads yaml files throwing an exception
#if a key is dumplicated
# if a key is dumplicated
class MyLoader(Reader, Scanner, Parser, Composer, Constructor, Resolver):
def __init__(self, stream):
@ -46,17 +46,23 @@ class MyLoader(Reader, Scanner, Parser, Composer, Constructor, Resolver):
def construct_mapping(self, node, deep=False):
exc = sys.exc_info()[1]
if not isinstance(node, MappingNode):
raise ConstructorError(None, None,
"expected a mapping node, but found %s" % node.id,
node.start_mark)
raise ConstructorError(
None,
None,
"expected a mapping node, but found %s" % node.id,
node.start_mark
)
mapping = {}
for key_node, value_node in node.value:
key = self.construct_object(key_node, deep=deep)
try:
hash(key)
except TypeError:
raise ConstructorError("while constructing a mapping", node.start_mark,
"found unacceptable key (%s)" % exc, key_node.start_mark)
raise ConstructorError(
"while constructing a mapping",
node.start_mark,
"found unacceptable key (%s)" % exc, key_node.start_mark
)
value = self.construct_object(value_node, deep=deep)
if key in mapping:
raise DumplicatedKey(key, '')

75
ldapcherry/roles.py
View File

@ -12,7 +12,7 @@ import copy
from sets import Set
from ldapcherry.pyyamlwrapper import loadNoDump
from ldapcherry.pyyamlwrapper import DumplicatedKey
from ldapcherry.exceptions import DumplicateRoleKey, MissingKey, DumplicateRoleContent, MissingRolesFile, MissingRole
from ldapcherry.exceptions import *
import yaml
@ -50,7 +50,7 @@ class Roles:
ret = {}
for backends in backends_list:
for b in backends:
if not b in ret:
if b not in ret:
ret[b] = Set([])
for group in backends[b]:
ret[b].add(group)
@ -66,11 +66,15 @@ class Roles:
roles_in = roles
for roleid in roles_in:
role = roles_in[roleid]
if not groups is None:
role['backends_groups'] = self._merge_groups([role['backends_groups'], groups])
if groups is not None:
role['backends_groups'] = self._merge_groups(
[role['backends_groups'], groups],
)
if 'subroles' in role:
self._flatten(role['subroles'],
role['backends_groups'])
self._flatten(
role['subroles'],
role['backends_groups'],
)
del role['subroles']
self.flatten[roleid] = role
@ -91,18 +95,18 @@ class Roles:
# Check if role1 is contained by role2
for b1 in role1['backends_groups']:
if not b1 in role2['backends_groups']:
if b1 not in role2['backends_groups']:
return False
for group in role1['backends_groups'][b1]:
if not group in role2['backends_groups'][b1]:
if group not in role2['backends_groups'][b1]:
return False
# If role2 is inside role1, roles are equal, throw exception
for b2 in role2['backends_groups']:
if not b2 in role1['backends_groups']:
if b2 not in role1['backends_groups']:
return True
for group in role2['backends_groups'][b2]:
if not group in role1['backends_groups'][b2]:
if group not in role1['backends_groups'][b2]:
return True
raise DumplicateRoleContent(roleid1, roleid2)
@ -114,22 +118,25 @@ class Roles:
role = copy.deepcopy(self.flatten[roleid])
# Display name is mandatory
if not 'display_name' in role:
if 'display_name' not in role:
raise MissingKey('display_name', role, self.role_file)
if not 'description' in role:
if 'description' not in role:
raise MissingKey('description', role, self.role_file)
# Backend is mandatory
if not 'backends_groups' in role:
if 'backends_groups' not in role:
raise MissingKey('backends_groups', role, self.role_file)
# Create the list of backends
for backend in role['backends_groups']:
self.backends.add(backend)
if not roleid in self.graph:
self.graph[roleid] = {'parent_roles': Set([]), 'sub_roles': Set([])}
if roleid not in self.graph:
self.graph[roleid] = {
'parent_roles': Set([]),
'sub_roles': Set([])
}
# Create the nested groups
for roleid in self.flatten:
@ -137,9 +144,9 @@ class Roles:
# create reverse groups 2 roles
for b in role['backends_groups']:
for g in role['backends_groups'][b]:
if not b in self.group2roles:
if b not in self.group2roles:
self.group2roles[b] = {}
if not g in self.group2roles[b]:
if g not in self.group2roles[b]:
self.group2roles[b][g] = Set([])
self.group2roles[b][g].add(roleid)
@ -190,7 +197,9 @@ class Roles:
"""dump the nested role hierarchy"""
return yaml.dump(self.flatten, Dumper=CustomDumper)
def _check_member(self, role, groups, notroles, roles, parentroles, usedgroups):
def _check_member(
self, role, groups, notroles,
roles, parentroles, usedgroups):
# if we have already calculate user is not member of role
# return False
@ -207,13 +216,13 @@ class Roles:
if b not in groups:
notroles.add(role)
return False
if not g in groups[b]:
if g not in groups[b]:
notroles.add(role)
return False
# add groups of the role to usedgroups
for b in self.roles[role]['backends_groups']:
if not b in usedgroups:
if b not in usedgroups:
usedgroups[b] = Set([])
for g in self.roles[role]['backends_groups'][b]:
usedgroups[b].add(g)
@ -221,7 +230,15 @@ class Roles:
flag = True
# recursively determine if user is member of any subrole
for subrole in self.roles[role]['subroles']:
flag = flag and not self._check_member(subrole, groups, notroles, roles, parentroles, usedgroups)
flag = flag and not \
self._check_member(
subrole,
groups,
notroles,
roles,
parentroles,
usedgroups,
)
# if not, add role to the list of roles
if flag:
roles.add(role)
@ -234,7 +251,9 @@ class Roles:
return True
def get_groups_to_remove(self, current_roles, roles_to_remove):
"""get groups to remove from list of roles to remove and current roles"""
"""get groups to remove from list of
roles to remove and current roles
"""
current_roles = Set(current_roles)
ret = {}
@ -244,7 +263,7 @@ class Roles:
# if we remove a role, there is no reason to keep the sub roles
for r in roles_to_remove:
for sr in self._get_subroles(r):
if not sr in roles_to_remove and sr in current_roles:
if sr not in roles_to_remove and sr in current_roles:
tmp.add(sr)
roles_to_remove = roles_to_remove.union(tmp)
@ -288,12 +307,14 @@ class Roles:
ret = {}
# determine roles membership
for role in self.roles:
if self._check_member(role, groups, notroles, tmp, parentroles, usedgroups):
if self._check_member(
role, groups, notroles,
tmp, parentroles, usedgroups):
roles.add(role)
# determine standalone groups not matching any roles
for b in groups:
for g in groups[b]:
if not b in usedgroups or not g in usedgroups[b]:
if b not in usedgroups or g not in usedgroups[b]:
if b not in unusedgroups:
unusedgroups[b] = Set([])
unusedgroups[b].add(g)
@ -308,7 +329,7 @@ class Roles:
def get_display_name(self, role):
"""get the display name of a role"""
if not role in self.flatten:
if role not in self.flatten:
raise MissingRole(role)
return self.flatten[role]['display_name']
@ -316,7 +337,7 @@ class Roles:
"""get the list of groups from role"""
ret = {}
for role in roles:
if not role in self.flatten:
if role not in self.flatten:
raise MissingRole(role)
for b in self.flatten[role]['backends_groups']:
if b not in ret: