diff --git a/gen/freeipa b/gen/freeipa deleted file mode 100755 index 53d04264..00000000 --- a/gen/freeipa +++ /dev/null @@ -1,116 +0,0 @@ -#!/usr/bin/perl - -use strict; -use warnings; -use perunServicesInit; -use perunServicesUtils; -use Text::Unidecode; -use JSON::XS; -use Data::Dumper; - -#forward declaration -sub processGroupData; -sub processGroupName; - -local $::SERVICE_NAME = "freeipa"; -local $::PROTOCOL_VERSION = "3.0.0"; -my $SCRIPT_VERSION = "3.0.1"; - -perunServicesInit::init; -my $DIRECTORY = perunServicesInit::getDirectory; -my $data = perunServicesInit::getHashedDataWithGroups; - -#Constants -our $A_FIRST_NAME; *A_FIRST_NAME = \'urn:perun:user:attribute-def:core:firstName'; -our $A_MIDDLE_NAME; *A_MIDDLE_NAME = \'urn:perun:user:attribute-def:core:middleName'; -our $A_LAST_NAME; *A_LAST_NAME = \'urn:perun:user:attribute-def:core:lastName'; -our $A_TITLE_BEFORE; *A_TITLE_BEFORE = \'urn:perun:user:attribute-def:core:titleBefore'; -our $A_TITLE_AFTER; *A_TITLE_AFTER = \'urn:perun:user:attribute-def:core:titleAfter'; -our $A_USER_LOGIN; *A_USER_LOGIN = \'urn:perun:user:attribute-def:def:login-namespace:czechglobe'; -our $A_USER_EMAIL; *A_USER_EMAIL = \'urn:perun:user:attribute-def:def:preferredMail'; -our $A_GROUP_NAME; *A_GROUP_NAME = \'urn:perun:group:attribute-def:core:name'; -our $A_G_R_IPA_G_NAME; *A_G_R_IPA_G_NAME = \'urn:perun:group_resource:attribute-def:def:freeipaGroupName'; - -my $outputData = { - members => [], - }; -my $members = {}; -my $groupNames = {}; - -foreach my $resourceId ($data->getResourceIds()) { - foreach my $groupId ($data->getGroupIdsForResource(resource => $resourceId)) { - processGroupData $groupId, $resourceId; - processGroupName $groupId, $groupNames, $resourceId; - } -} - -for my $login (keys %{$members}) { - my $member = $members->{$login}; - my @groups = keys %{$member->{'groups'}}; - $member->{'groups'} = \@groups; - push @{$outputData->{'members'}}, $member; -} - -push @{$outputData->{'groups'}}, $groupNames; - -my $out_file_name = "$DIRECTORY/$::SERVICE_NAME"; - -open FILE,">$out_file_name" or die "Cannot open $out_file_name: $! \n"; -print FILE JSON::XS->new->utf8->pretty->canonical->encode($outputData); -close (FILE); -perunServicesInit::finalize; - -############################################################################## -# Only subs definitions down there -############################################################################## - -sub processGroupName { - my $groupId = $_[0]; - my $groupNames = $_[1]; - my $resourceId = $_[2]; - - my $ipaGroupName = $data->getGroupResourceAttributeValue(resource => $resourceId, group => $groupId, attrName => $A_G_R_IPA_G_NAME); - - if(!defined($ipaGroupName)) { - #skip groups without ipa group name attribute set - print "Skipping: $data->getGroupAttributeValue(group => $groupId, attrName => $A_GROUP_NAME) and all it's subgroups.\n"; - return; - } - - if(!$groupNames->{$ipaGroupName}) { - $groupNames->{$ipaGroupName} = {}; - } -} - -sub processGroupData { - my $groupId = shift; - my $resourceId = shift; - - my $groupName = $data->getGroupResourceAttributeValue(resource => $resourceId, group => $groupId, attrName => $A_G_R_IPA_G_NAME); - - foreach my $memberId ($data->getMemberIdsForResourceAndGroup(resource => $resourceId, group => $groupId)) { - my $login = $data->getUserAttributeValue(member => $memberId, attrName => $A_USER_LOGIN); - if($members->{$login}) { - $members->{$login}->{'groups'}->{$groupName} = 1; - } else { - my $firstName = $data->getUserAttributeValue(member => $memberId, attrName => $A_FIRST_NAME); - my $lastName = $data->getUserAttributeValue(member => $memberId, attrName => $A_LAST_NAME); - my $middleName = $data->getUserAttributeValue(member => $memberId, attrName => $A_MIDDLE_NAME); - my $titleBefore = $data->getUserAttributeValue(member => $memberId, attrName => $A_TITLE_BEFORE); - my $titleAfter = $data->getUserAttributeValue(member => $memberId, attrName => $A_TITLE_AFTER); - my $mail = $data->getUserAttributeValue(member => $memberId, attrName => $A_USER_EMAIL); - my $member = { - first_name => $firstName ? $firstName : '', - middle_name => $middleName ? $middleName : '', - last_name => $lastName ? $lastName : '', - title_before => $titleBefore ? $titleBefore : '', - title_after => $titleAfter? $titleAfter: '', - user_login => $login ? $login : '', - mail => $mail ? $mail : '', - groups => { $groupName => 1 } - }; - - $members->{$login} = $member; - } - } -} diff --git a/send/freeipa b/send/freeipa deleted file mode 100755 index c3badd03..00000000 --- a/send/freeipa +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -SERVICE_NAME="freeipa" - -. generic_send diff --git a/slave/process-freeipa/bin/process-freeipa.sh b/slave/process-freeipa/bin/process-freeipa.sh deleted file mode 100644 index 8fa27fed..00000000 --- a/slave/process-freeipa/bin/process-freeipa.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash -PROTOCOL_VERSION='3.0.0' - -function process { - - FROM_PERUN="${WORK_DIR}/freeipa" - EXEC_SCRIPT="${LIB_DIR}/freeipa/process-freeipa.py" - - create_lock - - python2 $EXEC_SCRIPT --perun-file $FROM_PERUN --user $USER --password $PASSWORD --host-url $IPA_HOST - - exit $? -} - diff --git a/slave/process-freeipa/changelog b/slave/process-freeipa/changelog deleted file mode 100644 index a0ad8572..00000000 --- a/slave/process-freeipa/changelog +++ /dev/null @@ -1,11 +0,0 @@ -perun-slave-process-freeipa (3.1.2) stable; urgency=medium - - * Changed architecture to all - - -- Martin Kuba Fri, 09 Nov 2018 15:32:48 +0100 - -perun-slave-process-freeipa (3.1.1) stable; urgency=low - - * New package version for perun-slave-process-freeipa - - -- Jan Zagata Fri, 06 May 2016 13:25:00 +0100 diff --git a/slave/process-freeipa/conf/example-pre_01_api_options b/slave/process-freeipa/conf/example-pre_01_api_options deleted file mode 100644 index 1478f4a9..00000000 --- a/slave/process-freeipa/conf/example-pre_01_api_options +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -# FreeIPA host -#IPA_HOST="localhost" - -# User to authenticate in JSON API -#USER="admin" - -# API user's password -#PASSWORD="password" diff --git a/slave/process-freeipa/dependencies b/slave/process-freeipa/dependencies deleted file mode 100644 index 6ee32214..00000000 --- a/slave/process-freeipa/dependencies +++ /dev/null @@ -1 +0,0 @@ -perun-slave-base, python (<3.0) , python (>=2.7), python-requests diff --git a/slave/process-freeipa/lib/process-freeipa.py b/slave/process-freeipa/lib/process-freeipa.py deleted file mode 100644 index f6a7fdac..00000000 --- a/slave/process-freeipa/lib/process-freeipa.py +++ /dev/null @@ -1,148 +0,0 @@ -# -*- coding: utf-8 -*- - -import json -import requests -import urllib3 -from optparse import OptionParser - -urllib3.disable_warnings() - - -def main(file, user, password, url): - ipa = IPAConnector(url, user, password) - print ipa.login() - - input = open(file, "r").read() - decoded = json.loads(input, "utf-8") - - # print "Get current users list..." - # # get current users lists - # response = ipa.query("user_find", "", {"in_group": "members", "pkey_only": True}) - # ipa_users = [] - # for member in response["result"]["result"]: - # ipa_users.append(member["uid"][0]) - # - # print "Get current groups list..." - # response = ipa.query("group_find", "", {"pkey_only": True}) - # ipa_groups = [] - # for group in response["result"]["result"]: - # ipa_groups.append(group["cn"][0]) - - print "Checking groups..." - for group, subgroups in decoded['groups'][0].iteritems(): - check_group(ipa, group, subgroups) - - print "Modify user list" - # users_from_perun = [] - for member in decoded['members']: - print " # " + member["user_login"] - - user = ipa.query("user_show", member["user_login"])["result"]["result"] - - for group in member['groups']: - if group not in user["memberof_group"]: - ipa.query("group_add_member", group, {"user": member['user_login']}) - print "\t + " + group - - for group in list(set(user["memberof_group"]) - set(member["groups"]) - set(ipa.service_groups)): - ipa.query("group_remove_member", group, {"user": member['user_login']}) - print "\t - " + group - - - # users_from_perun.append(member["user_login"]) - - # print "Disable unactive users..." - # users_to_delete = list(set(ipa_users) - set(users_from_perun)) - # for user in users_to_delete: - # ipa.query("user_disable", user) - - # perun_groups = [x.lower() for x in decoded["groups"][0].keys()] - # groups_to_delete = list(set(ipa_groups) - set(perun_groups) - set(ipa.service_groups)) - # - # print "Delete needless groups..." - # for group in groups_to_delete: - # # 4018 - systemgroup, 4309 - ProtectedEntryError - # ipa.query("group_del", group, {}, [4018, 4309]) - - return 0 - - -class IPAConnector(): - base_url = None - headers = None - session = None - login_headers = {'Content-Type': 'application/x-www-form-urlencoded'} - - # IPA connection init - service_groups = [u"admins", u"ipausers"] - - def __init__(self, base_url, user, password): - self.base_url = "https://" + base_url - self.user = user - self.password = password - self.session = requests.session() - self.headers = {'Content-Type': 'application/json', 'referer': self.base_url + "/ipa"} - - def login(self): - return self.session.post(self.base_url + "/ipa/session/login_password", - data="user=" + self.user + "&password=" + self.password, - headers=self.login_headers, - verify=False) - - def query(self, method, args=[], options={}, accepted_errors=[]): - if not isinstance(args, list): - args = [args] - options['version'] = "2.156" - payload = { - "method": method, - "params": [ - args, - options - ] - } - result = self.session.post(self.base_url + "/ipa/session/json", data=json.dumps(payload), - headers=self.headers, - verify=False, ) - try: - result = result.json() - except: - raise Exception("Server response not in JSON: \n" + str(result)) - - if result['error'] is not None: - if result['error']['code'] not in accepted_errors: - raise Exception( - "IPA server returned unknown error code while calling: \n" \ - + unicode(payload) + "\nReturned: " + unicode(result)) - - return result - - -def check_group(ipa, group, subgroups, visited_groups=[]): - # if I doesnt visit this group already... - if group not in visited_groups: - # ...check if exists, create it if dont - response = ipa.query("group_show", group, {"no_members": True}, [4001]) - if response['error'] is not None: - ipa.query("group_add", group) - - # for all its subgroups - for subgroup in subgroups: - # ...check if them exists, create their childs... - check_group(ipa, subgroup, subgroups[subgroup], visited_groups) - # and connect them with their parents - # next state will fail silently if subgroup is already member of group - ipa.query("group_add_member", group, {"group": subgroup}) - visited_groups.append(group) - else: - return visited_groups - - -if __name__ == "__main__": - parser = OptionParser() - parser.add_option("-f", "--perun-file", dest="perun_file", help="path to file from Perun") - parser.add_option("-o", "--host-url", dest="host", help="FreeIPA host example: ipa.cesnet.cz") - parser.add_option("-u", "--user", dest="user", help="FreeIPA user to access JSON API") - parser.add_option("-p", "--password", dest="password", help="FreeIPA user password to access JSON API") - (options, args) = parser.parse_args() - main(options.perun_file, options.user, options.password, options.host) - diff --git a/slave/process-freeipa/lib/requirements.txt b/slave/process-freeipa/lib/requirements.txt deleted file mode 100644 index f2293605..00000000 --- a/slave/process-freeipa/lib/requirements.txt +++ /dev/null @@ -1 +0,0 @@ -requests diff --git a/slave/process-freeipa/rpm.dependencies b/slave/process-freeipa/rpm.dependencies deleted file mode 100644 index f16dac1f..00000000 --- a/slave/process-freeipa/rpm.dependencies +++ /dev/null @@ -1 +0,0 @@ -perun-slave-base, python < 3.0, python >= 2.7, python-requests diff --git a/slave/process-freeipa/short_desc b/slave/process-freeipa/short_desc deleted file mode 100644 index 4e773350..00000000 --- a/slave/process-freeipa/short_desc +++ /dev/null @@ -1 +0,0 @@ -Package for perun service - freeipa