Blame scripts/fas_perms_to_koji.py

Koji buildservice 8cda32
#!/usr/bin/env python
Koji buildservice 8cda32
Koji buildservice 8cda32
# Copyright (c) 2015, Thomas Oulevey <thomas.oulevey@cern.ch>
Koji buildservice 8cda32
# All rights reserved.
Koji buildservice 8cda32
#
Koji buildservice 8cda32
# Redistribution and use in source and binary forms, with or without
Koji buildservice 8cda32
# modification, are permitted provided that the following conditions are met:
Koji buildservice 8cda32
#
Koji buildservice 8cda32
# 1. Redistributions of source code must retain the above copyright notice, this
Koji buildservice 8cda32
#   list of conditions and the following disclaimer.
Koji buildservice 8cda32
# 2. Redistributions in binary form must reproduce the above copyright notice,
Koji buildservice 8cda32
#   this list of conditions and the following disclaimer in the documentation
Koji buildservice 8cda32
#   and/or other materials provided with the distribution.
Koji buildservice 8cda32
#
Thomas Oulevey 5b1748
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
Thomas Oulevey 5b1748
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
Thomas Oulevey 5b1748
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
Thomas Oulevey 5b1748
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
Thomas Oulevey 5b1748
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
Thomas Oulevey 5b1748
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
Thomas Oulevey 5b1748
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
Thomas Oulevey 5b1748
# INTERRUPTION) HOWEVER CAUSED AND  ON ANY THEORY OF LIABILITY, WHETHER
Thomas Oulevey 5b1748
# IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
Thomas Oulevey 5b1748
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
Thomas Oulevey 5b1748
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Thomas Oulevey 5b1748
Thomas Oulevey 5b1748
# This script reads from a file, group information generated by FAS and sync
Koji buildservice 8cda32
# it with koji
Koji buildservice 8cda32
# No command line argument, options are hardcoded at this time.
Koji buildservice 8cda32
Koji buildservice 8cda32
import koji
Koji buildservice 8cda32
import os.path
Koji buildservice 8cda32
import sys
Koji buildservice 8cda32
from collections import defaultdict
Koji buildservice 8cda32
Thomas Oulevey 5b1748
KOJI_URL = 'http://localhost/kojihub'
Thomas Oulevey d6187f
CLIENT_CERT = os.path.expanduser('/etc/pki/koji/koji-admin.pem')
Thomas Oulevey d6187f
CLIENTCA_CERT = os.path.expanduser('/etc/pki/koji/koji_ca_cert.crt')
492b7f
SERVERCA_CERT = os.path.expanduser('/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt')
Koji buildservice 8cda32
USER = 'koji'
Koji buildservice 8cda32
FASDUMP = '/etc/bsadmin/groups'
Koji buildservice 8cda32
SYSTEM_USERS = ['koji', 'kojira']
Thomas Oulevey ea4e08
IMAGE_PERM = ['virt', 'cloud', 'atomic']
Koji buildservice 8cda32
Koji buildservice 8cda32
def get_user_list():
Thomas Oulevey 5b1748
    users = [(x['name'], x['id']) for x in kojiclient.listUsers()]
Koji buildservice 8cda32
    return users if len(users) else None
Koji buildservice 8cda32
Koji buildservice 8cda32
def get_user(user):
Koji buildservice 8cda32
    user = kojiclient.getUser(user)
Koji buildservice 8cda32
    return user
Koji buildservice 8cda32
Koji buildservice 8cda32
def get_user_perms(user):
Koji buildservice 8cda32
    perms = kojiclient.getUserPerms(user[1])
Koji buildservice 8cda32
    return perms
Koji buildservice 8cda32
Koji buildservice 8cda32
def get_users_perms():
Koji buildservice 8cda32
    userlist = defaultdict(list)
Koji buildservice 8cda32
    for user in get_user_list():
Thomas Oulevey 5b1748
        userlist[user[0]] = get_user_perms(user)
Koji buildservice 8cda32
Koji buildservice 8cda32
    return userlist if len(userlist) else None
Koji buildservice 8cda32
Koji buildservice 8cda32
def get_user_perms_from_file(user):
Koji buildservice 8cda32
    perms = get_users_perms_from_file()
Koji buildservice 8cda32
    return perms[user]
Koji buildservice 8cda32
Koji buildservice 8cda32
def get_all_defined_perms():
Koji buildservice 8cda32
    perms = []
Koji buildservice 8cda32
    for perm in kojiclient.getAllPerms():
Thomas Oulevey 5b1748
        perms.append(perm['name'])
Koji buildservice 8cda32
    return perms
Koji buildservice 8cda32
Koji buildservice 8cda32
def get_users_perms_from_file():
Koji buildservice 8cda32
    userlist = defaultdict(list)
Koji buildservice 8cda32
    try:
Thomas Oulevey 5b1748
        groups = open(FASDUMP, 'r')
Koji buildservice 8cda32
    except:
Thomas Oulevey 5b1748
        return None
Koji buildservice 8cda32
Koji buildservice 8cda32
    for line in groups.readlines():
Koji buildservice 8cda32
        sig, users = line.strip('\n').split(':')
Thomas Oulevey 5b1748
        for user in users.replace(" ", "").split(','):
Thomas Oulevey 5b1748
            perm = "build-"+sig
Koji buildservice 8cda32
            userlist[user].append(perm)
Thomas Oulevey 2386f5
            userlist[user].append('build')
Thomas Oulevey ea4e08
            if sig in IMAGE_PERM:
Thomas Oulevey ea4e08
                userlist[user].append('image')
Koji buildservice 8cda32
Koji buildservice 8cda32
    return userlist if len(userlist) else None
Koji buildservice 8cda32
Koji buildservice 8cda32
def fix_permissions(new, old):
Koji buildservice 8cda32
    usernames = list(set(new)|set(old))
Koji buildservice 8cda32
    # Do not touch system users
Thomas Oulevey 5b1748
    usernames = [u for u in usernames if u not in SYSTEM_USERS]
Koji buildservice 8cda32
    for username in usernames:
Koji buildservice 8cda32
        togrant = list(set(new[username]) - set(old[username]))
Koji buildservice 8cda32
        torevoke = list(set(old[username]) - set(new[username]))
Koji buildservice 8cda32
        user = get_user(username)
Koji buildservice 8cda32
        if togrant or torevoke:
Koji buildservice 8cda32
            print "\n# user:%s\n# NEW perms:%s\n# OLD perms:%s \
Koji buildservice 8cda32
                  \n# To grant:%s\n# To revoke:%s" \
Thomas Oulevey 5b1748
                  % (user, new[username], old[username], togrant, torevoke)
Koji buildservice 8cda32
        if not user:
Koji buildservice 8cda32
            # Create user if it doesn't exist yet
Thomas Oulevey 5b1748
            user = kojiclient.createUser(username)
Koji buildservice 8cda32
            # Always grant "build" permission for building from srpm
Thomas Oulevey 5b1748
            kojiclient.grantPermission(username, 'build')
Koji buildservice 8cda32
        for perm in togrant:
Koji buildservice 8cda32
            if perm in get_all_defined_perms():
Thomas Oulevey 5b1748
                kojiclient.grantPermission(username, perm)
Koji buildservice 8cda32
        for perm in torevoke:
Koji buildservice 8cda32
            if perm in get_all_defined_perms():
Thomas Oulevey 5b1748
                kojiclient.revokePermission(username, perm)
Koji buildservice 8cda32
Koji buildservice 8cda32
if __name__ == '__main__':
Koji buildservice 8cda32
    try:
Koji buildservice 8cda32
        kojiclient = koji.ClientSession(KOJI_URL)
Koji buildservice 8cda32
        kojiclient.ssl_login(CLIENT_CERT, CLIENTCA_CERT, SERVERCA_CERT)
Koji buildservice 8cda32
    except:
Koji buildservice 8cda32
        print "Could not connect to koji API"
Koji buildservice 8cda32
        sys.exit(2)
Koji buildservice 8cda32
Koji buildservice 8cda32
    fas_perms = get_users_perms_from_file()
Koji buildservice 8cda32
    koji_perms = get_users_perms()
Koji buildservice 8cda32
Koji buildservice 8cda32
    if not fas_perms:
Koji buildservice 8cda32
        print "Could not read %s file." % FASDUMP
Koji buildservice 8cda32
        sys.exit(1)
Koji buildservice 8cda32
Koji buildservice 8cda32
    if not koji_perms:
Koji buildservice 8cda32
        print "Could not read koji's user database"
Koji buildservice 8cda32
        sys.exit(2)
Koji buildservice 8cda32
Koji buildservice 8cda32
    fix_permissions(fas_perms, koji_perms)
Koji buildservice 8cda32
    sys.exit(0)