59 lines
2.0 KiB
Python
59 lines
2.0 KiB
Python
from subprocess import call
|
|
import os
|
|
|
|
import requests
|
|
from requests_kerberos import HTTPKerberosAuth
|
|
|
|
|
|
class EntitlementHandler:
|
|
def __init__(self, conf):
|
|
class Requestor:
|
|
def __init__(self, conf):
|
|
self.active = False
|
|
self.entbase = conf['entbase']
|
|
self.cache = conf['cachefile']
|
|
self.princ = conf['principal']
|
|
self.key = conf['keytab']
|
|
self.url = conf['url'].rstrip('/')
|
|
self.session = requests.Session()
|
|
self.session.auth = HTTPKerberosAuth()
|
|
|
|
def __enter__(self):
|
|
os.environ['KRB5CCNAME'] = self.cache
|
|
call(['kinit', '-t', self.key, self.princ])
|
|
self.active = True
|
|
return self
|
|
|
|
def __exit__(self, exc_type, exc_value, traceback):
|
|
call(['kdestroy'])
|
|
del os.environ['KRB5CCNAME']
|
|
self.active = False
|
|
|
|
def __update(self, method, user, entitlement):
|
|
if not self.active:
|
|
raise ValueError('This object is not in a usable state for this operation')
|
|
path = '{}/{}/{}'.format(self.url,
|
|
user,
|
|
self.entbase + entitlement)
|
|
r = self.session.request(method,
|
|
path)
|
|
r.raise_for_status()
|
|
return True
|
|
|
|
def add(self, entitlement, user):
|
|
return self.__update('PUT', user, entitlement)
|
|
|
|
def remove(self, entitlement, user):
|
|
return self.__update('DELETE', user, entitlement)
|
|
|
|
def get(self, user):
|
|
path = '{}/{}'.format(self.url, user)
|
|
r = self.session.get(path)
|
|
r.raise_for_status()
|
|
return r.json()['entitlements']
|
|
|
|
self.requestor = Requestor(conf)
|
|
|
|
def open(self):
|
|
return self.requestor
|