| [Dev OpenGP] [116] added XML validation in core |
[ Thread Index |
Date Index
| More opengp.tuxfamily.org/development Archives
]
Revision: 116
Author: nicolaf
Date: 2009-03-26 21:55:42 +0100 (Thu, 26 Mar 2009)
Log Message:
-----------
added XML validation in core
Modified Paths:
--------------
trunk/schemas/ogpxmlconfig.xsd
trunk/src/lib/ogp/core/ogpcore.py
Added Paths:
-----------
trunk/src/lib/ogp/core/ogpxmlconfig.xsd
Modified: trunk/schemas/ogpxmlconfig.xsd
===================================================================
--- trunk/schemas/ogpxmlconfig.xsd 2009-03-26 19:50:30 UTC (rev 115)
+++ trunk/schemas/ogpxmlconfig.xsd 2009-03-26 20:55:42 UTC (rev 116)
@@ -51,7 +51,7 @@
<xs:element name="uid" type="xs:nonNegativeInteger"/>
<xs:element name="gid" type="xs:nonNegativeInteger"/>
<!-- Standard Unix Permissions. If not specified, inherited from the last parent
- conf which specifies it or computed from current umask by default.
+ conf which specifies it or 0644 by default.
See man chmod for more details.
-->
<xs:element name="us" type="xs:boolean"/>
Modified: trunk/src/lib/ogp/core/ogpcore.py
===================================================================
--- trunk/src/lib/ogp/core/ogpcore.py 2009-03-26 19:50:30 UTC (rev 115)
+++ trunk/src/lib/ogp/core/ogpcore.py 2009-03-26 20:55:42 UTC (rev 116)
@@ -11,7 +11,11 @@
import sys
from hashlib import sha1
from base64 import standard_b64encode
+from pkg_resources import resource_filename
+from os.path import dirname,join
+XML_SCHEMA="ogpxmlconfig.xsd"
+
class OgpCore(object):
"""
Provides LDAP acces methods
@@ -80,6 +84,10 @@
logging.debug('OgpCore.__ogpcore.__init__(uri=' + repr(uri) + ', dn=' + repr(dn) + ', passwd=****, certs=[not implemented])')
self.l = ldap.initialize(uri)
self.l.simple_bind_s(dn, passwd)
+ path = dirname(resource_filename(__name__, '__init.py__'))
+ schema_f=open(join(path, XML_SCHEMA))
+ self.__schema = etree.XMLSchema(parse(schema_f))
+ close(f)
def __del__(self):
logging.debug('OgpCore.__ogpcore.__del__()')
@@ -239,6 +247,9 @@
currentConf.remove(p)
break
currentConf.append(pluginConf)
+ #validates against schema
+ if not self.__schema.validate(currentConf):
+ raise OgpCoreError('validation failed when pushing conf for plugin' + pluginName + '.')
strConf = currentConf.toString()
#get SOA
@@ -338,3 +349,14 @@
logging.error('OgpCore: __pullSOA failed with ' + repr(sys.exc_info()[1]) + '.')
raise
+class OgpCoreError(Exception):
+ """
+ OGP plugin error class.
+ """
+ def __init__(self, value):
+ self.value = value
+ logging.error(str(self))
+
+ def __str__(self):
+ return repr("OgpCoreError: " + self.value)
+
Added: trunk/src/lib/ogp/core/ogpxmlconfig.xsd
===================================================================
--- trunk/src/lib/ogp/core/ogpxmlconfig.xsd (rev 0)
+++ trunk/src/lib/ogp/core/ogpxmlconfig.xsd 2009-03-26 20:55:42 UTC (rev 116)
@@ -0,0 +1,132 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright (C) 2009 by Nicolas FRANÇOIS
+ nicolaf@xxxxxxxxxxxxx
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the
+ Free Software Foundation, Inc.,
+ 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ -->
+
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema";>
+ <!-- Root element -->
+ <xs:element name="ogp">
+ <xs:complexType>
+ <xs:sequence>
+ <!-- "plugin" elements : one entry for each plugin affecting the OU or machine
+ The "name" attribute specifies the plugin name. This attribute must be
+ unique among all the "plugin" elements.
+ -->
+ <xs:element name="plugin" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:all minOccurs="1" maxOccurs="1">
+ <xs:element name="files">
+ <xs:complexType>
+ <xs:sequence>
+ <!-- "file" elements : files affected by the plugin
+ The "name" attribute specifies a logical name (not necessary the "real" file name) to be used by the plugin.
+ This attribute must be unique among all the "file" elements.
+ -->
+ <xs:element name="file" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:all minOccurs="1" maxOccurs="1">
+ <!-- "security" element : standard unix security attributes + ACL. -->
+ <xs:element name="security">
+ <xs:complexType>
+ <xs:all minOccurs="0" maxOccurs="1">
+ <!-- User and group IDs. If not specified, inherited from the last parent OU which
+ specifies it or 0 (root) by default
+ -->
+ <xs:element name="uid" type="xs:nonNegativeInteger"/>
+ <xs:element name="gid" type="xs:nonNegativeInteger"/>
+ <!-- Standard Unix Permissions. If not specified, inherited from the last parent
+ conf which specifies it or 0644 by default.
+ See man chmod for more details.
+ -->
+ <xs:element name="us" type="xs:boolean"/>
+ <xs:element name="gs" type="xs:boolean"/>
+ <xs:element name="t" type="xs:boolean"/>
+ <xs:element name="ur" type="xs:boolean"/>
+ <xs:element name="uw" type="xs:boolean"/>
+ <xs:element name="ux" type="xs:boolean"/>
+ <xs:element name="gr" type="xs:boolean"/>
+ <xs:element name="gw" type="xs:boolean"/>
+ <xs:element name="gx" type="xs:boolean"/>
+ <xs:element name="or" type="xs:boolean"/>
+ <xs:element name="ow" type="xs:boolean"/>
+ <xs:element name="ox" type="xs:boolean"/>
+
+ <!-- ACL, as dumped by getfacl -->
+ <xs:element name="acl" minOccurs="0" maxOccurs="1">
+ <xs:complexType>
+ <xs:choice minOccurs="1" maxOccurs="unbounded">
+ <!-- One "ace" element for each access control entry.
+ The unique attribute "id" specifies the position in the list.
+ -->
+ <xs:element name="ace">
+ <xs:complexType>
+ <xs:attribute name="id" type="xs:nonNegativeInteger" use="required"/>
+ <xs:attribute name="value" type="xs:string" use="required"/>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:complexType>
+ <!-- Unicity of the ace's id attribute -->
+ <xs:unique name="ace_id">
+ <xs:selector xpath="ace"/>
+ <xs:field xpath="@id"/>
+ </xs:unique>
+ </xs:element>
+ </xs:all>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="conf">
+ <xs:complexType mixed="true">
+ <xs:sequence minOccurs="0" maxOccurs="unbounded">
+ <xs:any processContents="skip"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:all>
+ <xs:attribute name="name" type="xs:string" use="required"/>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ <!-- Unicity of the file's name attribute -->
+ <xs:unique name="file_name">
+ <xs:selector xpath="file"/>
+ <xs:field xpath="@name"/>
+ </xs:unique>
+ </xs:element>
+ <xs:element name="conf">
+ <xs:complexType mixed="true">
+ <xs:sequence minOccurs="0" maxOccurs="unbounded">
+ <xs:any processContents="skip"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:all>
+ <xs:attribute name="name" type="xs:string" use="required"/>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ <!-- Unicity of the plugin's name attribute -->
+ <xs:unique name="plugin_name">
+ <xs:selector xpath="plugin"/>
+ <xs:field xpath="@name"/>
+ </xs:unique>
+ </xs:element>
+</xs:schema>