V2 controller #76
V2 controller #76
Conversation
| :return: value of the key in section (if set) | ||
| """ | ||
| if section is None: | ||
| # simple config files without sections |
There was a problem hiding this comment.
Support for getting values from section-less config is fragile and due to lack of "logic" in section-less configs this can not be reliably improved. This will return value for first occurrence, however, there can be multiple occurrences of the same key in section-less file. As we discussed earlier, section-less config files are problematic and we support them rather symbolically. There should be at least some warning saying "You are applying get method on non-standard config file. This method would return only the first match". However, this is problematic itself, because some tools may use last match rather than first. IMHO, better approach would be to check if the key is present in the config multiple times and raise an exception if true.
There was a problem hiding this comment.
Can you please fix this via PR?
| file do not support sections (section for this method is not provided), | ||
| then file would be parsed in a simple way with `.readlines()` method and | ||
| using separator each line would be split into two parts: key and a | ||
| value. If key is matched, the value is striped and returned. |
There was a problem hiding this comment.
We should explicitly mention that first match is returned or rewrite this method (see below).
SCAutolib/models/file.py
Outdated
| @@ -414,3 +476,7 @@ def save(self): | |||
| else: | |||
| # in case set method was used | |||
| self._default_parser.write(config) | |||
|
|
|||
| @property | |||
There was a problem hiding this comment.
This method can be removed as it is already in parent class.
| @@ -53,6 +54,10 @@ def __init__(self, filepath: Union[str, Path], template: str = None): | |||
| if template is not None: | |||
| self._template = Path(template) | |||
|
|
|||
| @property | |||
| def path(self): | |||
There was a problem hiding this comment.
Do we want to add simple one-line docstring for purposes of auto-generated documentation?
| @@ -144,6 +199,12 @@ def clean(self): | |||
| except FileNotFoundError: | |||
| logger.info(f"{self._conf_file} does not exist. Nothing to do.") | |||
|
|
|||
| def backup(self): | |||
| new_name = f"{self._conf_file.name}.backup" | |||
There was a problem hiding this comment.
Docstring missing, please add at least one-liner so auto-generated documentation print something.
| @@ -144,6 +199,12 @@ def clean(self): | |||
| except FileNotFoundError: | |||
| logger.info(f"{self._conf_file} does not exist. Nothing to do.") | |||
|
|
|||
| def backup(self): | |||
There was a problem hiding this comment.
We need to discuss back-ups as for example SSSDConf class has it's own backup mechanism and for other files we did not consider backing-up at all. If we keep this method here, SSSDConf class should return exception if we try to apply it.
There was a problem hiding this comment.
Well, I don't see backup method in SSSD class. So, this means that backup there is done in some other method of the SSSD class (what is not good) or somewhere else (what is also not very good). To avoid usage of this parent class method SSSDConf class only should implement its own method called backup. I didn't check this because I made changes only related to the controller by itself and didn't look for side effects because this work would be much bigger. From this perspective, I would suggest you add this method via PR. What do you think about this?
| @@ -261,6 +322,7 @@ def save(self): | |||
| # to empty parser object | |||
| self._changes = ConfigParser() | |||
| self._changes.optionxform = str | |||
| os.chmod(self._conf_file, 0o600) | |||
There was a problem hiding this comment.
I'm not sure if this should be done here or directly in controller. But if it happens here, docstring needs to be modified.
There was a problem hiding this comment.
It should be done here because after this method is called it is expected that the file is in a ready-to-use state. So, will add docstring
| @@ -0,0 +1,104 @@ | |||
| from cryptography.hazmat.primitives import serialization | |||
There was a problem hiding this comment.
Add module docstring please.
|
|
||
| run(["semodule", "-i", f"{TEMPLATES_DIR}/virtcacard.cil"]) | ||
|
|
||
| run(["systemctl", "restart", "pcscd"]) |
There was a problem hiding this comment.
To discuss: Should we restart services from one place (controller) or from diverse methods and functions? IMHO, this should be controlled by controller.
There was a problem hiding this comment.
This topic needs more discussion
SCAutolib/utils.py
Outdated
| return OSVersion.RHEL_9 | ||
| elif "Red Hat Enterprise Linux release 8" in cnt: | ||
| return OSVersion.RHEL_8 | ||
| else: |
There was a problem hiding this comment.
This will consider any other OS version as Fedora. For example RHEL-10 will be fedora and this may cause troubles in the future. In case there is no match fo RHEL-9 and RHEL-8, we should try to match Fedora and raise an exception if non of RHEL-9, RHEL-8 and Fedora is matched.
SCAutolib/utils.py
Outdated
| :param packages: list of packages to be installed | ||
| """ | ||
| for pkg in packages: | ||
| logger.warning(f"Package {pkg} is not installed on the " |
There was a problem hiding this comment.
This function does not know if package is installed or not and just try to install it. Log message may be updated to reflect it.
There was a problem hiding this comment.
Actually, everything is correct. this function is called after _check_packages, which returns a list of missing packages. But yes, this log message is redundant here, will remove it
SCAutolib/utils.py
Outdated
| out = run(["rpm", "-qa", pkg]) | ||
| if pkg not in out.stdout: | ||
| logger.warning(f"Package {pkg} is required for the testing, " | ||
| f"but doesn't present in the system") |
There was a problem hiding this comment.
is not instead of doesn't
SCAutolib/models/user.py
Outdated
| run(['userdel', '-f', self.username], check=True) | ||
| except KeyError: | ||
| pass | ||
| logger.info(f"User {self.username} does not present on the system") |
SCAutolib/models/user.py
Outdated
| run(cmd, check=True) | ||
| cmd = ["passwd", self.username, "--stdin"] | ||
| run(cmd, input=self.password) | ||
| logger.info(f"User {self.username} presents ons the system") |
There was a problem hiding this comment.
is present instead of presents and fix typo in on
| pass | ||
| logger.info(f"User {self.username} does not present on the system") | ||
|
|
||
| def add_user(self, force=False): |
There was a problem hiding this comment.
If we are adding some logic in creating and deleting users, we may want to add also some unit-tests.
There was a problem hiding this comment.
Yes. But again, the same resolution as for this comment, this PR is about the controller and I'm trying to not make it anormous
| @@ -167,3 +189,14 @@ def delete_user(self): | |||
| run(['rm', '-r', '-f', f"/home/{self.username}"], check=True) | |||
| logger.info(f"User {self.username} directory is removed.") | |||
| logger.debug(r) | |||
|
|
|||
| def gen_csr(self): | |||
| @@ -0,0 +1,375 @@ | |||
| import json | |||
There was a problem hiding this comment.
module docstring missing
| if install_missing: | ||
| _install_packages(missing) | ||
|
|
||
| run(['dnf', 'groupinstall', "Smart Card Support", '-y']) |
There was a problem hiding this comment.
We may want conditional execution here as Smart Card Support may already be installed at some systems.
There was a problem hiding this comment.
no need to check it explicitly, because this would be skipped by the dnf if all packages are present
|
|
||
| with self._lib_conf_path.open("r") as f: | ||
| self.lib_conf = json.load(f) | ||
| assert self.lib_conf, "Data are not loaded correctly." |
There was a problem hiding this comment.
Shouldn't this assert be after the validate_configuration function in the next line?
There was a problem hiding this comment.
No, it shouldn't. This assert checks that json.load() loaded the file without problems. In validate_configuration there is schema.validate() method that would raise an expectation if the configuration doesn't match the schema of correctly loaded JSON file
| """ | ||
| ... | ||
|
|
||
| def setup_system(self, install_missing: bool, gdm: bool): |
There was a problem hiding this comment.
install_missing and gdm should default to False probably
There was a problem hiding this comment.
yes, it is. These default values would be set in CLI and passed here in anyway
SCAutolib/controller.py
Outdated
| logger.info("Set force argument to True if you want to remove " | ||
| "previous installation.") | ||
| return | ||
| self.ipa_ca.restore() |
There was a problem hiding this comment.
Why do we need ipa_ca.restore() here?
There was a problem hiding this comment.
This will remove IPA client installation if force option is set
| if not force: | ||
| logger.info("Set force argument to True if you want to remove " | ||
| "previous installation.") | ||
| return |
There was a problem hiding this comment.
Shouldn't we raise an exception? The user expects IPA to be configured, but if an installation already exists and he didn't use 'force', we should probably raise an exception
There was a problem hiding this comment.
I don't think so. Imagine that the user installed and configured IPA client on his own and wants to use the library with this configuration. Then it is not a problem that IPA is already installed.
| cert=user_dict["cert"], | ||
| key=user_dict["key"]) | ||
|
|
||
| new_user.add_user() |
There was a problem hiding this comment.
Don't we need create and save here also?
There was a problem hiding this comment.
create and save for what? user is just added to the system. this action includes "creation" and "saving"
SCAutolib/controller.py
Outdated
| def cleanup(self): | ||
| ... |
There was a problem hiding this comment.
I suppose this is still in progress?
| Validate schema of the configuration file. If some value doesn't present | ||
| in the config file, this value would be looked in the CLI parameters |
There was a problem hiding this comment.
I'm wondering if we should prioritize CLI parameters over config file, I think it might make more sense
There was a problem hiding this comment.
Yes, makes sense. But let's leave this until the implementation of CLI commands would be in progress.
| with virtual smart card. Also, repository for installing virt_cacard | ||
| package is added in this method. |
There was a problem hiding this comment.
Shouldn't the virt_cacard repo be added in setup_system before we try to install virt_cacard?
There was a problem hiding this comment.
Actually, it is added before installation here. But this call should be removed from this function
| rmtree("/var/lib/sss/mc/*", ignore_errors=True) | ||
| rmtree("/var/lib/sss/db/*", ignore_errors=True) |
There was a problem hiding this comment.
Are these directories something that we can safely remove?
There was a problem hiding this comment.
yes. it is cache directories
SCAutolib/models/card.py
Outdated
| _nssdb: Path = None | ||
| _template: Path = Path(TEMPLATES_DIR, "virt_cacard.service") | ||
| _pattern = r"(pkcs11:model=PKCS%2315%20emulated;" \ | ||
| r"manufacturer=Common%20Access%20Card;serial=.*)" | ||
|
|
||
| def __init__(self, user: User, insert: bool = False, | ||
| softhsm2_conf: Path = None): | ||
| def __init__(self, user, insert: bool = False, ): |
x00Pavel
force-pushed
the
V2-Controller
branch
3 times, most recently
from
a70d41c
to
8521456
Compare
Add setup methods
Move functions to static methods
Code cleanup
Add docs and code cleanup
|
Closing this PR because it is too big. Several smaller PR's will follow
|
Implementation of Controller class.
The controller contains methods for system preparation and should act as a glue between CLI - models and test - models.
Design changes
None for now
Issue resolved/closed