You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
161 lines
4.7 KiB
161 lines
4.7 KiB
import cherrypy
|
|
import json
|
|
import logging
|
|
import splunk
|
|
import splunk.entity as en
|
|
import splunk.rest as rest
|
|
from splunk.appserver.mrsparkle.lib.util import make_url
|
|
|
|
logger = logging.getLogger('splunk.acuif')
|
|
|
|
"""
|
|
@returns: {
|
|
<feature_flag_name>: <bool>
|
|
}
|
|
"""
|
|
def fetch_admin_cfg_feature_flags():
|
|
featureFlags = dict()
|
|
uri = '/properties/web/admin_config_ui?output_mode=json'
|
|
try:
|
|
resp, cont = rest.simpleRequest(uri)
|
|
content = json.loads(cont)
|
|
featureFlags = {}
|
|
|
|
for flag in content['entry']:
|
|
bool = flag['content'].lower() in ['true', '1']
|
|
featureFlags[flag['name']] = bool
|
|
|
|
logger.debug('Admin config UI feature flags: %s' % featureFlags)
|
|
|
|
except splunk.ResourceNotFound:
|
|
logger.error('Resource not found: %s' % uri)
|
|
except Exception as e:
|
|
logger.exception(e)
|
|
|
|
return featureFlags
|
|
|
|
def fetch_current_user_capabilities():
|
|
try:
|
|
currentUser = cherrypy.session['user'].get('name')
|
|
currentUserInfo = en.getEntity('authentication/users', currentUser)
|
|
|
|
currentUserCapabilities = None
|
|
if currentUserInfo and 'capabilities' in currentUserInfo:
|
|
currentUserCapabilities = currentUserInfo['capabilities']
|
|
return currentUserCapabilities
|
|
except splunk.ResourceNotFound:
|
|
logger.error('Resource not found: %s' % uri)
|
|
except Exception as e:
|
|
logger.exception(e)
|
|
|
|
"""
|
|
Fetches remoteUI settings to determine if a EC instance is optedIn to Automatic UI Updates.
|
|
Re: SPL-217079
|
|
|
|
@returns: <bool>
|
|
"""
|
|
def fetch_opt_in_settings():
|
|
uri = '/properties/web/remoteUI/optInRemoteUI?output_mode=json'
|
|
is_opted_in = False
|
|
try:
|
|
resp, cont = rest.simpleRequest(uri)
|
|
is_opted_in = json.loads(cont)
|
|
|
|
except splunk.ResourceNotFound:
|
|
logger.error('Resource not found: %s' % uri)
|
|
except Exception as e:
|
|
logger.exception(e)
|
|
|
|
return is_opted_in
|
|
|
|
"""
|
|
The ADMIN_CONFIG_PAGE_MAP
|
|
|
|
key - page_name: Page name, which corresponds to the feature_flag for the page in web.conf
|
|
value - page_config:
|
|
title <str>: Human readable page name. Used for link text
|
|
capability <str>: capability required to view the page
|
|
"""
|
|
|
|
ADMIN_CONFIG_PAGE_MAP = {
|
|
'ip_allow_list': {
|
|
'title': 'IP allow list',
|
|
'capability': 'edit_ip_allow_list',
|
|
'opt_in_required': False
|
|
},
|
|
'webhook_allow_list': {
|
|
'title': 'Webhook allow list',
|
|
'capability': 'edit_webhook_allow_list',
|
|
'opt_in_required': False
|
|
},
|
|
'dashboards_trusted_domains_list': {
|
|
'title': 'Dashboards trusted domains list',
|
|
'capability': 'edit_dashboard_allow_list',
|
|
'opt_in_required': False
|
|
},
|
|
'limits_conf': {
|
|
'title': 'Configure limits',
|
|
'capability': 'edit_limits_conf',
|
|
'opt_in_required': False
|
|
},
|
|
}
|
|
|
|
def get_acuif_pages():
|
|
"""
|
|
Helper function that will:
|
|
1. Fetch all feature flags pertaning to admin config ui framework in web.conf
|
|
2. Fetch the current user's capabilities
|
|
3. Cross reference the returned data in #1 & #2, with the constant ADMIN_CONFIG_PAGE_MAP to
|
|
build the return object. This obj will be used by the mako template to determine which
|
|
cfg pages, if any, should be rendered.
|
|
|
|
"""
|
|
acuif_pages = {}
|
|
conf_feature_flags = fetch_admin_cfg_feature_flags()
|
|
user_capabilities = fetch_current_user_capabilities()
|
|
opted_in = fetch_opt_in_settings()
|
|
|
|
for page_name, page_config in ADMIN_CONFIG_PAGE_MAP.items():
|
|
|
|
if page_config['opt_in_required'] and not opted_in:
|
|
continue
|
|
|
|
if conf_feature_flags.get(page_name) and page_config['capability'] in user_capabilities:
|
|
acuif_pages[page_name] = page_config
|
|
|
|
return acuif_pages
|
|
|
|
|
|
EDIT_ENTITY_CONFIG_MAP = {
|
|
'data/inputs/win-event-log-collections': 'win_event_log_collections',
|
|
'deployment/server/setup/data/inputs/remote_perfmon': 'win_fwd_perfmon',
|
|
'data/inputs/win-perfmon': 'win_perfmon',
|
|
'data/inputs/win-wmi-collections': 'win_wmi_collections',
|
|
}
|
|
|
|
def is_acuif_edit_entity(endpoint_path):
|
|
"""
|
|
Checks if URL is an edit entity managerXML page is within the ACUIF framework
|
|
|
|
@returns: <bool>
|
|
"""
|
|
if endpoint_path in EDIT_ENTITY_CONFIG_MAP:
|
|
return True
|
|
|
|
return False
|
|
|
|
|
|
def format_edit_entity_href(endpoint_path, namespace, entityName):
|
|
"""
|
|
Generates href for ACUIF edit entity pages. ACUIF expects querystring param {entity: entityName}
|
|
|
|
@returns: <str>
|
|
"""
|
|
try:
|
|
acuif_ep_path = EDIT_ENTITY_CONFIG_MAP[endpoint_path]
|
|
href = make_url(['manager', namespace, 'manage_system_config', acuif_ep_path], _qs={'entity': entityName})
|
|
return href
|
|
except KeyError:
|
|
logger.error('endpoint_path: %s does not exist in EDIT_ENTITY_CONFIG_MAP')
|
|
|