From 31974a3d10cb2ccf51ee467e0379f94832409aca Mon Sep 17 00:00:00 2001 From: Thomas Oulevey Date: Aug 04 2016 11:13:20 +0000 Subject: Add check_tag_perm.py to check and enforce tag's permission. --- diff --git a/scripts/check_tag_perm.py b/scripts/check_tag_perm.py new file mode 100755 index 0000000..3900c2e --- /dev/null +++ b/scripts/check_tag_perm.py @@ -0,0 +1,62 @@ +#!/usr/bin/env python + +# Copyright (c) 2015, Thomas Oulevey +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE +# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER +# IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# This script checks if all tags have been assigned permissions and if not enforces them. + +import koji +import os.path +import sys +from collections import defaultdict + +KOJI_URL = 'http://localhost/kojihub' +CLIENT_CERT = os.path.expanduser('/etc/pki/koji/koji-admin.pem') +CLIENTCA_CERT = os.path.expanduser('/etc/pki/koji/koji_ca_cert.crt') +SERVERCA_CERT = os.path.expanduser('/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt') +USER = 'koji' +SYSTEM_TAGS = ['buildsys', 'bananas', 'infrastructure', 'oranges'] + +def get_all_tags(): + tags = [(x['name'], x['id'], x['perm']) for x in kojiclient.listTags()] + return [ t for t in tags if t[0].split('-')[0][:-1] not in SYSTEM_TAGS ] + + +def fix_tag_permission(tags): + for tag in tags: + if not tag[0].endswith('-build') and tag[2] == None: + perm_sig = 'build-' + tag[0].split('-')[0][:-1] + print 'Updating %s with permission %s...'% (tag[0],perm_sig) + kojiclient.editTag2(tag[0],perm=perm_sig) + +if __name__ == '__main__': + try: + kojiclient = koji.ClientSession(KOJI_URL) + kojiclient.ssl_login(CLIENT_CERT, CLIENTCA_CERT, SERVERCA_CERT) + except: + print "Could not connect to koji API" + sys.exit(2) + + fix_tag_permission(get_all_tags()) + sys.exit(0)