Tree - centos/cbs-tools - CentOS Git server

amoralej / centos / cbs-tools

Forked from centos/cbs-tools 4 years ago

Source
Stats

Blame scripts/fas_perms_to_koji.py

Blob History Raw

Koji buildservice	8cda32	`#!/usr/bin/env python`
Koji buildservice	8cda32
Koji buildservice	8cda32	`# Copyright (c) 2015, Thomas Oulevey <thomas.oulevey@cern.ch>`
Koji buildservice	8cda32	`# All rights reserved.`
Koji buildservice	8cda32	`#`
Koji buildservice	8cda32	`# Redistribution and use in source and binary forms, with or without`
Koji buildservice	8cda32	`# modification, are permitted provided that the following conditions are met:`
Koji buildservice	8cda32	`#`
Koji buildservice	8cda32	`# 1. Redistributions of source code must retain the above copyright notice, this`
Koji buildservice	8cda32	`# list of conditions and the following disclaimer.`
Koji buildservice	8cda32	`# 2. Redistributions in binary form must reproduce the above copyright notice,`
Koji buildservice	8cda32	`# this list of conditions and the following disclaimer in the documentation`
Koji buildservice	8cda32	`# and/or other materials provided with the distribution.`
Koji buildservice	8cda32	`#`
Thomas Oulevey	5b1748	`# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"`
Thomas Oulevey	5b1748	`# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE`
Thomas Oulevey	5b1748	`# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE`
Thomas Oulevey	5b1748	`# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE`
Thomas Oulevey	5b1748	`# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR`
Thomas Oulevey	5b1748	`# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF`
Thomas Oulevey	5b1748	`# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS`
Thomas Oulevey	5b1748	`# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER`
Thomas Oulevey	5b1748	`# IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR`
Thomas Oulevey	5b1748	`# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN`
Thomas Oulevey	5b1748	`# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.`
Thomas Oulevey	5b1748
Thomas Oulevey	5b1748	`# This script reads from a file, group information generated by FAS and sync`
Koji buildservice	8cda32	`# it with koji`
Koji buildservice	8cda32	`# No command line argument, options are hardcoded at this time.`
Koji buildservice	8cda32
Koji buildservice	8cda32	`import koji`
Koji buildservice	8cda32	`import os.path`
Koji buildservice	8cda32	`import sys`
Koji buildservice	8cda32	`from collections import defaultdict`
Koji buildservice	8cda32
Thomas Oulevey	5b1748	`KOJI_URL = 'http://localhost/kojihub'`
Thomas Oulevey	d6187f	`CLIENT_CERT = os.path.expanduser('/etc/pki/koji/koji-admin.pem')`
Thomas Oulevey	d6187f	`CLIENTCA_CERT = os.path.expanduser('/etc/pki/koji/koji_ca_cert.crt')`
	492b7f	`SERVERCA_CERT = os.path.expanduser('/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt')`
Koji buildservice	8cda32	`USER = 'koji'`
Koji buildservice	8cda32	`FASDUMP = '/etc/bsadmin/groups'`
Koji buildservice	8cda32	`SYSTEM_USERS = ['koji', 'kojira']`
Thomas Oulevey	ea4e08	`IMAGE_PERM = ['virt', 'cloud', 'atomic']`
Koji buildservice	8cda32
Koji buildservice	8cda32	`def get_user_list():`
Thomas Oulevey	5b1748	`users = [(x['name'], x['id']) for x in kojiclient.listUsers()]`
Koji buildservice	8cda32	`return users if len(users) else None`
Koji buildservice	8cda32
Koji buildservice	8cda32	`def get_user(user):`
Koji buildservice	8cda32	`user = kojiclient.getUser(user)`
Koji buildservice	8cda32	`return user`
Koji buildservice	8cda32
Koji buildservice	8cda32	`def get_user_perms(user):`
Koji buildservice	8cda32	`perms = kojiclient.getUserPerms(user[1])`
Koji buildservice	8cda32	`return perms`
Koji buildservice	8cda32
Koji buildservice	8cda32	`def get_users_perms():`
Koji buildservice	8cda32	`userlist = defaultdict(list)`
Koji buildservice	8cda32	`for user in get_user_list():`
Thomas Oulevey	5b1748	`userlist[user[0]] = get_user_perms(user)`
Koji buildservice	8cda32
Koji buildservice	8cda32	`return userlist if len(userlist) else None`
Koji buildservice	8cda32
Koji buildservice	8cda32	`def get_user_perms_from_file(user):`
Koji buildservice	8cda32	`perms = get_users_perms_from_file()`
Koji buildservice	8cda32	`return perms[user]`
Koji buildservice	8cda32
Koji buildservice	8cda32	`def get_all_defined_perms():`
Koji buildservice	8cda32	`perms = []`
Koji buildservice	8cda32	`for perm in kojiclient.getAllPerms():`
Thomas Oulevey	5b1748	`perms.append(perm['name'])`
Koji buildservice	8cda32	`return perms`
Koji buildservice	8cda32
Koji buildservice	8cda32	`def get_users_perms_from_file():`
Koji buildservice	8cda32	`userlist = defaultdict(list)`
Koji buildservice	8cda32	`try:`
Thomas Oulevey	5b1748	`groups = open(FASDUMP, 'r')`
Koji buildservice	8cda32	`except:`
Thomas Oulevey	5b1748	`return None`
Koji buildservice	8cda32
Koji buildservice	8cda32	`for line in groups.readlines():`
Koji buildservice	8cda32	`sig, users = line.strip('\n').split(':')`
Thomas Oulevey	5b1748	`for user in users.replace(" ", "").split(','):`
Thomas Oulevey	5b1748	`perm = "build-"+sig`
Koji buildservice	8cda32	`userlist[user].append(perm)`
Thomas Oulevey	2386f5	`userlist[user].append('build')`
Thomas Oulevey	ea4e08	`if sig in IMAGE_PERM:`
Thomas Oulevey	ea4e08	`userlist[user].append('image')`
Koji buildservice	8cda32
Koji buildservice	8cda32	`return userlist if len(userlist) else None`
Koji buildservice	8cda32
Koji buildservice	8cda32	`def fix_permissions(new, old):`
Koji buildservice	8cda32	`usernames = list(set(new)\|set(old))`
Koji buildservice	8cda32	`# Do not touch system users`
Thomas Oulevey	5b1748	`usernames = [u for u in usernames if u not in SYSTEM_USERS]`
Koji buildservice	8cda32	`for username in usernames:`
Koji buildservice	8cda32	`togrant = list(set(new[username]) - set(old[username]))`
Koji buildservice	8cda32	`torevoke = list(set(old[username]) - set(new[username]))`
Koji buildservice	8cda32	`user = get_user(username)`
Koji buildservice	8cda32	`if togrant or torevoke:`
Koji buildservice	8cda32	`print "\n# user:%s\n# NEW perms:%s\n# OLD perms:%s \`
Koji buildservice	8cda32	`\n# To grant:%s\n# To revoke:%s" \`
Thomas Oulevey	5b1748	`% (user, new[username], old[username], togrant, torevoke)`
Koji buildservice	8cda32	`if not user:`
Koji buildservice	8cda32	`# Create user if it doesn't exist yet`
Thomas Oulevey	5b1748	`user = kojiclient.createUser(username)`
Koji buildservice	8cda32	`# Always grant "build" permission for building from srpm`
Thomas Oulevey	5b1748	`kojiclient.grantPermission(username, 'build')`
Koji buildservice	8cda32	`for perm in togrant:`
Koji buildservice	8cda32	`if perm in get_all_defined_perms():`
Thomas Oulevey	5b1748	`kojiclient.grantPermission(username, perm)`
Koji buildservice	8cda32	`for perm in torevoke:`
Koji buildservice	8cda32	`if perm in get_all_defined_perms():`
Thomas Oulevey	5b1748	`kojiclient.revokePermission(username, perm)`
Koji buildservice	8cda32
Koji buildservice	8cda32	`if __name__ == '__main__':`
Koji buildservice	8cda32	`try:`
Koji buildservice	8cda32	`kojiclient = koji.ClientSession(KOJI_URL)`
Koji buildservice	8cda32	`kojiclient.ssl_login(CLIENT_CERT, CLIENTCA_CERT, SERVERCA_CERT)`
Koji buildservice	8cda32	`except:`
Koji buildservice	8cda32	`print "Could not connect to koji API"`
Koji buildservice	8cda32	`sys.exit(2)`
Koji buildservice	8cda32
Koji buildservice	8cda32	`fas_perms = get_users_perms_from_file()`
Koji buildservice	8cda32	`koji_perms = get_users_perms()`
Koji buildservice	8cda32
Koji buildservice	8cda32	`if not fas_perms:`
Koji buildservice	8cda32	`print "Could not read %s file." % FASDUMP`
Koji buildservice	8cda32	`sys.exit(1)`
Koji buildservice	8cda32
Koji buildservice	8cda32	`if not koji_perms:`
Koji buildservice	8cda32	`print "Could not read koji's user database"`
Koji buildservice	8cda32	`sys.exit(2)`
Koji buildservice	8cda32
Koji buildservice	8cda32	`fix_permissions(fas_perms, koji_perms)`
Koji buildservice	8cda32	`sys.exit(0)`

amoralej / centos / cbs-tools

Source Code

Blame scripts/fas_perms_to_koji.py