import cherrypy import json import logging import splunk import splunk.entity as en import splunk.rest as rest from splunk.appserver.mrsparkle.lib.util import make_url logger = logging.getLogger('splunk.acuif') """ @returns: { : } """ def fetch_admin_cfg_feature_flags(): featureFlags = dict() uri = '/properties/web/admin_config_ui?output_mode=json' try: resp, cont = rest.simpleRequest(uri) content = json.loads(cont) featureFlags = {} for flag in content['entry']: bool = flag['content'].lower() in ['true', '1'] featureFlags[flag['name']] = bool logger.debug('Admin config UI feature flags: %s' % featureFlags) except splunk.ResourceNotFound: logger.error('Resource not found: %s' % uri) except Exception as e: logger.exception(e) return featureFlags def fetch_current_user_capabilities(): try: currentUser = cherrypy.session['user'].get('name') currentUserInfo = en.getEntity('authentication/users', currentUser) currentUserCapabilities = None if currentUserInfo and 'capabilities' in currentUserInfo: currentUserCapabilities = currentUserInfo['capabilities'] return currentUserCapabilities except splunk.ResourceNotFound: logger.error('Resource not found: %s' % uri) except Exception as e: logger.exception(e) """ Fetches remoteUI settings to determine if a EC instance is optedIn to Automatic UI Updates. Re: SPL-217079 @returns: """ def fetch_opt_in_settings(): uri = '/properties/web/remoteUI/optInRemoteUI?output_mode=json' is_opted_in = False try: resp, cont = rest.simpleRequest(uri) is_opted_in = json.loads(cont) except splunk.ResourceNotFound: logger.error('Resource not found: %s' % uri) except Exception as e: logger.exception(e) return is_opted_in """ The ADMIN_CONFIG_PAGE_MAP key - page_name: Page name, which corresponds to the feature_flag for the page in web.conf value - page_config: title : Human readable page name. Used for link text capability : capability required to view the page """ ADMIN_CONFIG_PAGE_MAP = { 'ip_allow_list': { 'title': 'IP allow list', 'capability': 'edit_ip_allow_list', 'opt_in_required': False }, 'webhook_allow_list': { 'title': 'Webhook allow list', 'capability': 'edit_webhook_allow_list', 'opt_in_required': False }, 'dashboards_trusted_domains_list': { 'title': 'Dashboards trusted domains list', 'capability': 'edit_dashboard_allow_list', 'opt_in_required': False }, 'limits_conf': { 'title': 'Configure limits', 'capability': 'edit_limits_conf', 'opt_in_required': False }, } def get_acuif_pages(): """ Helper function that will: 1. Fetch all feature flags pertaning to admin config ui framework in web.conf 2. Fetch the current user's capabilities 3. Cross reference the returned data in #1 & #2, with the constant ADMIN_CONFIG_PAGE_MAP to build the return object. This obj will be used by the mako template to determine which cfg pages, if any, should be rendered. """ acuif_pages = {} conf_feature_flags = fetch_admin_cfg_feature_flags() user_capabilities = fetch_current_user_capabilities() opted_in = fetch_opt_in_settings() for page_name, page_config in ADMIN_CONFIG_PAGE_MAP.items(): if page_config['opt_in_required'] and not opted_in: continue if conf_feature_flags.get(page_name) and page_config['capability'] in user_capabilities: acuif_pages[page_name] = page_config return acuif_pages EDIT_ENTITY_CONFIG_MAP = { 'data/inputs/win-event-log-collections': 'win_event_log_collections', 'deployment/server/setup/data/inputs/remote_perfmon': 'win_fwd_perfmon', 'data/inputs/win-perfmon': 'win_perfmon', 'data/inputs/win-wmi-collections': 'win_wmi_collections', } def is_acuif_edit_entity(endpoint_path): """ Checks if URL is an edit entity managerXML page is within the ACUIF framework @returns: """ if endpoint_path in EDIT_ENTITY_CONFIG_MAP: return True return False def format_edit_entity_href(endpoint_path, namespace, entityName): """ Generates href for ACUIF edit entity pages. ACUIF expects querystring param {entity: entityName} @returns: """ try: acuif_ep_path = EDIT_ENTITY_CONFIG_MAP[endpoint_path] href = make_url(['manager', namespace, 'manage_system_config', acuif_ep_path], _qs={'entity': entityName}) return href except KeyError: logger.error('endpoint_path: %s does not exist in EDIT_ENTITY_CONFIG_MAP')