Skip to content
This repository
Newer
Older
100755 254 lines (210 sloc) 8.048 kb
f2a607c7 »
2010-06-24 made edit its own program
1 #!/usr/bin/python
2
3 """
4 Creates a new nimbus users. It will create all needed user aliases (cumulus,
5 x509, and web loging id)
6 """
7 from nimbusweb.setup import autoca
8 import string
9 import random
10 import os
11 import sys
12 import sys
13 from ConfigParser import SafeConfigParser
14 import time
15 import pycb
16 import pycb.tools
17 import pynimbusauthz
18 import tempfile
19 import filecmp
20 from pynimbusauthz.cmd_opts import cbOpts
21 from pynimbusauthz.db import DB
22 from pynimbusauthz.user import *
23 import logging
24 import shlex
25 from nimbusweb.setup.setuperrors import *
812109d5 »
2010-07-07 Restore the user in the right group when editing the DN
26 from nimbusweb.setup.groupauthz import *
f2a607c7 »
2010-06-24 made edit its own program
27 from optparse import SUPPRESS_HELP
374bb2e8 »
2011-07-12 patch for GH-65
28 import shutil
f2a607c7 »
2010-06-24 made edit its own program
29
1dba0470 »
2011-01-26 fixing bug:
30 g_report_options = ["dn", "canonical_id", "access_id", "access_secret", "group"]
f2a607c7 »
2010-06-24 made edit its own program
31
32
33 def get_nimbus_home():
34 """Determines home directory of Nimbus install we are using.
35
36 First looks for a NIMBUS_HOME enviroment variable, else assumes that
37 the home directory is the parent directory of the directory with this
38 script.
39 """
40 nimbus_home = os.getenv("NIMBUS_HOME")
41 if not nimbus_home:
42 script_dir = os.path.dirname(__file__)
43 nimbus_home = os.path.dirname(script_dir)
44 if not os.path.exists(nimbus_home):
45 raise CLIError('ENIMBUSHOME', "NIMBUS_HOME must refer to a valid path")
46 return nimbus_home
47
48 def get_dn(cert_file):
49 nimbus_home = get_nimbus_home()
50 webdir = os.path.join(nimbus_home, 'web/')
51 if not os.path.exists(webdir):
52 raise CLIError('ENIMBUSHOME',
53 "web dir doesn't exist. is this a valid Nimbus install? (%s)"
54 % webdir)
55 log = logging.getLogger()
56 dn = autoca.getCertDN(cert_file, webdir, log)
57 return dn
58
59 def setup_options(argv):
60
61 u = """[options] <email>
62 Create/edit a nimbus user
63 """
64 (parser, all_opts) = pynimbusauthz.get_default_options(u)
65
66 opt = cbOpts("dn", "s", "Change the users dn", None)
67 all_opts.append(opt)
68 opt = cbOpts("access_id", "a", "Instead of generating a new access id/secret pair, use this one. This must be used with the --access-secret option", None)
69 all_opts.append(opt)
70 opt = cbOpts("access_secret", "p", "Instead of generating a new access id/secret pair, use this one. This must be used with the --access-id option", None)
71 all_opts.append(opt)
72 opt = cbOpts("delim", "D", "Character between columns in the report", ",")
73 all_opts.append(opt)
192c7411 »
2010-08-22 Made group-authz options more forgiving of input
74 opt = cbOpts("group", "g", "Change the users group", None)
8eee8da5 »
2010-07-13 allowing edit program to change the group
75 all_opts.append(opt)
76
f2a607c7 »
2010-06-24 made edit its own program
77 opt = cbOpts("report", "r", "Report the selected columns from the following: " + pycb.tools.report_options_to_string(g_report_options), pycb.tools.report_options_to_string(g_report_options))
78 all_opts.append(opt)
79
80 (o, args) = pynimbusauthz.parse_args(parser, all_opts, argv)
81
82 # def verify_opts(o, args, parser):
83 if len(args) != 1:
84 pynimbusauthz.parse_args(parser, [], ["--help"])
85
86 o.canonical_id = None
87 o.url = None
88
89 return (o, args, parser)
90
e1f34adb »
2010-07-09 roll back code for new user programs with tests
91 def add_gridmap(dn):
f2a607c7 »
2010-06-24 made edit its own program
92 nimbus_home = get_nimbus_home()
93 configpath = os.path.join(nimbus_home, 'nimbus-setup.conf')
94 config = SafeConfigParser()
95 if not config.read(configpath):
96 raise CLIError('ENIMBUSHOME',
97 "Failed to read config from '%s'. Has Nimbus been configured?"
98 % configpath)
99 gmf = config.get('nimbussetup', 'gridmap')
100 gmf = os.path.join(nimbus_home, gmf)
101
102 f = open(gmf, 'r+')
103 for l in f.readlines():
104 l = l.strip()
105 if l == "":
106 continue
107 a = shlex.split(l)
e1f34adb »
2010-07-09 roll back code for new user programs with tests
108 if dn == a[0]:
f2a607c7 »
2010-06-24 made edit its own program
109 print "WARNING! This dn is already in the gridmap file"
110 f.close()
111 return
e1f34adb »
2010-07-09 roll back code for new user programs with tests
112 f.write("\"%s\" not_a_real_account\n" % (dn))
f2a607c7 »
2010-06-24 made edit its own program
113 f.close()
114
115 def remove_gridmap(dn):
116 nimbus_home = get_nimbus_home()
117 configpath = os.path.join(nimbus_home, 'nimbus-setup.conf')
118 config = SafeConfigParser()
119 if not config.read(configpath):
120 raise CLIError('ENIMBUSHOME',
121 "Failed to read config from '%s'. Has Nimbus been configured?"
122 % configpath)
123 gmf = config.get('nimbussetup', 'gridmap')
124 gmf = os.path.join(nimbus_home, gmf)
125
126 found = False
127 f = open(gmf, 'r')
128 (nf, new_name) = tempfile.mkstemp(dir=nimbus_home+"/var", prefix="gridmap", text=True)
129 for l in f.readlines():
130 l = l.strip()
131 if l == "":
132 continue
133 a = shlex.split(l)
134 if dn == a[0]:
135 found = True
136 else:
137 os.write(nf, l)
138 os.write(nf, os.linesep)
139
140 if not found:
141 print "WARNING! user not found in %s" % (dn)
142 os.close(nf)
143 f.close()
e887f78a »
2011-07-12 copy and paste troubles
144 shutil.move(new_name, gmf)
f2a607c7 »
2010-06-24 made edit its own program
145
146
147 def report_results(o, db):
148 user = User.get_user_by_friendly(db, o.emailaddr)
149 if user == None:
150 raise CLIError('EUSER', "The user should not be in db but is not: %s" % (o.emailaddr))
151
1dba0470 »
2011-01-26 fixing bug:
152 # reset group for proper report
153 o.group = None
154 nh = get_nimbus_home()
155 groupauthz_dir = os.path.join(nh, "services/etc/nimbus/workspace-service/group-authz/")
f2a607c7 »
2010-06-24 made edit its own program
156 dnu = user.get_alias_by_friendly(o.emailaddr, pynimbusauthz.alias_type_x509)
157 if dnu != None:
158 o.dn = dnu.get_name()
1dba0470 »
2011-01-26 fixing bug:
159 X = find_member(groupauthz_dir, o.dn)
160 if X:
161 o.group = str(X.group_id)
162 else:
163 o.group = "None"
f2a607c7 »
2010-06-24 made edit its own program
164 o.canonical_id = user.get_id()
165
166 s3u = user.get_alias_by_friendly(o.emailaddr, pynimbusauthz.alias_type_s3)
167 if s3u != None:
168 o.access_id = s3u.get_name()
169 o.access_secret = s3u.get_data()
170
171 pycb.tools.print_report(o, o.report, o)
172
173 def edit_user(o, db):
174 # create canonical user
175 user = User.get_user_by_friendly(db, o.emailaddr)
176 if user == None:
177 raise CLIError('EUSER', "The user does not exists: %s" % (o.emailaddr))
178 dnu = user.get_alias_by_friendly(o.emailaddr, pynimbusauthz.alias_type_x509)
179
180 s3u = user.get_alias_by_friendly(o.emailaddr, pynimbusauthz.alias_type_s3)
181 # if there is a dn set it
874031ef »
2010-07-09 rollback new user programs
182 if o.access_id != None:
183 if s3u == None:
184 raise CLIError('EUSER', "There is no s3 user for: %s" % (o.emailaddr))
185 s3u.set_name(o.access_id.strip())
186
187 if o.access_secret != None:
188 if s3u == None:
189 raise CLIError('EUSER', "There is no s3 user for: %s" % (o.emailaddr))
190 s3u.set_data(o.access_secret.strip())
8eee8da5 »
2010-07-13 allowing edit program to change the group
191
192 nh = get_nimbus_home()
193 groupauthz_dir = os.path.join(nh, "services/etc/nimbus/workspace-service/group-authz/")
194 if o.group != None:
f2a607c7 »
2010-06-24 made edit its own program
195 if dnu == None:
196 raise CLIError('EUSER', "There is x509 entry for: %s" % (o.emailaddr))
8eee8da5 »
2010-07-13 allowing edit program to change the group
197 dn = dnu.get_name()
192c7411 »
2010-08-22 Made group-authz options more forgiving of input
198 oldgroup = find_member(groupauthz_dir, dn)
199 try:
200 add_member(groupauthz_dir, dn, o.group)
201 except InvalidGroupError:
202 raise CLIError('EUSER', "Authz group '%s' does not exist" % o.group)
1dba0470 »
2011-01-26 fixing bug:
203 if oldgroup and int(oldgroup.group_id) != int(o.group):
192c7411 »
2010-08-22 Made group-authz options more forgiving of input
204 oldgroup.remove_member(dn)
812109d5 »
2010-07-07 Restore the user in the right group when editing the DN
205
8eee8da5 »
2010-07-13 allowing edit program to change the group
206 if o.dn != None:
207 if dnu == None:
208 raise CLIError('EUSER', "There is x509 entry for: %s" % (o.emailaddr))
f2a607c7 »
2010-06-24 made edit its own program
209 old_dn = dnu.get_name()
812109d5 »
2010-07-07 Restore the user in the right group when editing the DN
210
211
212 group = find_member(groupauthz_dir, old_dn)
213 if group == None:
214 raise CLIError('EUSER', "There is no authz group for user: %s" % (old_dn))
215 group_id = group.group_id
216
874031ef »
2010-07-09 rollback new user programs
217 dnu.set_name(o.dn.strip())
218
f2a607c7 »
2010-06-24 made edit its own program
219 remove_gridmap(old_dn)
e1f34adb »
2010-07-09 roll back code for new user programs with tests
220 add_gridmap(o.dn)
874031ef »
2010-07-09 rollback new user programs
221
222 try:
b15125d5 »
2010-06-27 new user programs must use the VE python
223 remove_member(groupauthz_dir, old_dn)
812109d5 »
2010-07-07 Restore the user in the right group when editing the DN
224 add_member(groupauthz_dir, o.dn, group_id)
874031ef »
2010-07-09 rollback new user programs
225 except:
226 remove_gridmap(o.dn)
227 add_gridmap(old_dn)
228
f2a607c7 »
2010-06-24 made edit its own program
229 db.commit()
230
231 # todo, reset options structure to report user
232
233 def main(argv=sys.argv[1:]):
234
235 try:
236 (o, args, p) = setup_options(argv)
237
238 con_str = pycb.config.authzdb
239 db = DB(con_str)
240
241 o.emailaddr = args[0]
242 edit_user(o, db)
243 report_results(o, db)
244 except CLIError, clie:
245 print clie
246 return clie.get_rc()
247
248 return 0
249
250 if __name__ == "__main__":
251 rc = main()
252 sys.exit(rc)
253
Something went wrong with that request. Please try again.