####### Permissions module ########## loadmodule "permissions.so" modparam("permissions", "db_url", "KAZOO_DB_URL") modparam("permissions", "db_mode", KZ_PERMISSIONS_CACHE) modparam("permissions", "peer_tag_avp", "$avp(trusted_x_header)") modparam("rtimer", "timer", "name=trusted_reload;interval=20;mode=1;") modparam("rtimer", "exec", "timer=trusted_reload;route=TRUSTED_RELOAD") modparam("rtimer", "exec", "timer=trusted_reload;route=TRUSTED_QUERY") modparam("pv", "shvset", "trusted_query=i:1") #!trydef TRUSTED_AMQP_FLAGS 2048 route[TRUSTED_LOAD] { $shv(trusted_query) = 0; $var(amqp_payload_request) = $_s({"Event-Category" : "trusted" , "Event-Name" : "query"}); $var(amqp_routing_key) = "trusted.query"; xlog("L_DEBUG", "$ci|amqp|publishing to acl => $var(amqp_routing_key) : $var(amqp_payload_request)\n"); if(kazoo_query("trusted", $var(amqp_routing_key), $var(amqp_payload_request), "$def(TRUSTED_AMQP_FLAGS)") != 1) { if($(kzR{kz.json,Event-Name}) == "message_returned" ) { xlog("L_WARNING", "trusted|query|message was returned by broker $(kzR{kz.json,Error-Code}) $(kzR{kz.json,Error-Reason})\n"); } else { xlog("L_WARNING", "trusted|query|failed $kzR\n"); } $shv(trusted_query) = 1; return; } xlog("L_DEBUG", "trusted|query|got reply $kzR\n"); avp_delete("$avp(TrustedKeys)/g"); if(kazoo_json_keys($kzR, "Trusted", "$avp(TrustedKeys)") != 1) { xlog("L_WARNING", "trusted|reply|no keys for Trusted\n"); return; } sql_query("exec", "delete from address"); $var(total) = 0; $var(Count) = $cnt($avp(TrustedKeys)); $var(Idx) = 0; while($var(Idx) < $var(Count)) { $var(KeyName) = $(avp(TrustedKeys)[$var(Idx)]); $var(Key) = $(var(KeyName){s.replace,.,%}); $var(token) = $(kzR{kz.json,Trusted.$var(Key).token}); $var(cidr_count) = $(kzR{kz.json.count, Trusted.$var(Key).cidrs}); ## ports $var(port_count) = $(kzR{kz.json.count, Trusted.$var(Key).ports}); $(avp(ports)[*]) = $null; if($var(port_count) == 0) { $avp(ports) = 0; $var(port_count) = 1; } else { $var(portIdx) = 0; while($var(portIdx) < $var(port_count)) { $avp(ports) = $(kzR{kz.json, Trusted.$var(Key).ports[$var(portIdx)}); $var(portIdx) = $var(portIdx) + 1; } } $var(cidr_idx) = 0; while($var(cidr_idx) < $var(cidr_count)) { $var(cidr) = $(kzR{kz.json,Trusted.$var(Key).cidrs[$var(cidr_idx)]}); $var(ip) = $(var(cidr){s.select,0,/}); $var(mask) = $(var(cidr){s.select,1,/}); $var(portIdx) = 0; while($var(portIdx) < $var(port_count)) { $var(sql) = $_s(insert into address(ip_addr, mask, port, tag) values("$var(ip)", $var(mask), $(avp(ports)[$var(portIdx)]), "$var(token)")); sql_query("exec", "$var(sql)"); $var(portIdx) = $var(portIdx) + 1; } $var(cidr_idx) = $var(cidr_idx) + 1; $var(total) = $var(total) + 1; } $var(Idx) = $var(Idx) + 1; } xlog("L_NOTICE", "trusted|query|loaded $var(total) entries into address table\n"); $shv(trusted_reload) = 1; } route[RELOAD_TRUSTED] { jsonrpc_exec('{"jsonrpc": "2.0", "method": "permissions.addressReload"}'); xlog("L_NOTICE", "trusted|reload|$(jsonrpl(body){kz.json,result})\n"); } route[TRUSTED_RELOAD] { if($shv(trusted_reload) == 1) { route(RELOAD_TRUSTED); }; $shv(trusted_reload) = 0; } route[TRUSTED_QUERY] { if($shv(trusted_query) == 1) { route(TRUSTED_LOAD); }; } route[TRUSTED_BINDINGS] { #!import_file "trusted-custom-bindings.cfg" #!ifndef TRUSTED_CUSTOM_BINDINGS $var(payload) = $_s({"name": "trusted-reload", "exchange": "trusted", "type": "topic", "queue": "trusted-reload-MY_HOSTNAME", "routing": "trusted.reload", "federate": 1 }); kazoo_subscribe("$var(payload)"); #!endif } event_route[kazoo:consumer-event-trusted-reload] { xlog("L_NOTICE", "received trusted reload\n"); $shv(trusted_query) = 1; }