From 8cda323357af26647810c456dc3f82b487866caa Mon Sep 17 00:00:00 2001 From: Koji buildservice Date: Sep 08 2015 12:39:15 +0000 Subject: First version of fas_perms_to_koji.py --- diff --git a/scripts/fas_perms_to_koji.py b/scripts/fas_perms_to_koji.py new file mode 100755 index 0000000..e703242 --- /dev/null +++ b/scripts/fas_perms_to_koji.py @@ -0,0 +1,131 @@ +#!/usr/bin/env python + +# Copyright (c) 2015, Thomas Oulevey +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# 1. Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR +# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# This script reads from a file, group information generated by FAS and sync +# it with koji +# No command line argument, options are hardcoded at this time. + +import koji +import os.path +import sys +from collections import defaultdict + +KOJI_URL='http://localhost/kojihub' +CLIENT_CERT = os.path.expanduser('~/.koji/client.crt') +CLIENTCA_CERT = os.path.expanduser('~/.koji/clientca.crt') +SERVERCA_CERT = os.path.expanduser('~/.koji/serverca.crt') +USER = 'koji' +FASDUMP = '/etc/bsadmin/groups' +SYSTEM_USERS = ['koji', 'kojira'] + +def get_user_list(): + users = [(x['name'],x['id']) for x in kojiclient.listUsers()] + return users if len(users) else None + +def get_user(user): + user = kojiclient.getUser(user) + return user + +def get_user_perms(user): + perms = kojiclient.getUserPerms(user[1]) + return perms + +def get_users_perms(): + userlist = defaultdict(list) + for user in get_user_list(): + userlist[user[0]] = get_user_perms(user) + + return userlist if len(userlist) else None + +def get_user_perms_from_file(user): + perms = get_users_perms_from_file() + return perms[user] + +def get_all_defined_perms(): + perms = [] + for perm in kojiclient.getAllPerms(): + perms.append(perm['name']) + return perms + +def get_users_perms_from_file(): + userlist = defaultdict(list) + try: + groups = open (FASDUMP, 'r') + except: + return None + + for line in groups.readlines(): + sig, users = line.strip('\n').split(':') + for user in users.replace(" ","").split(','): + perm="build-"+sig + userlist[user].append(perm) + + return userlist if len(userlist) else None + +def fix_permissions(new, old): + usernames = list(set(new)|set(old)) + # Do not touch system users + usernames = [ u for u in usernames if u not in SYSTEM_USERS ] + for username in usernames: + togrant = list(set(new[username]) - set(old[username])) + torevoke = list(set(old[username]) - set(new[username])) + user = get_user(username) + if togrant or torevoke: + print "\n# user:%s\n# NEW perms:%s\n# OLD perms:%s \ + \n# To grant:%s\n# To revoke:%s" \ + % (user,new[username],old[username],togrant,torevoke) + if not user: + # Create user if it doesn't exist yet + user = kojiclient.createUser(username) + # Always grant "build" permission for building from srpm + kojiclient.grantPermission(username, 'build') + for perm in togrant: + if perm in get_all_defined_perms(): + kojiclient.grantPermission(username, perm) + for perm in torevoke: + if perm in get_all_defined_perms(): + kojiclient.revokePermission(username, perm) + +if __name__ == '__main__': + try: + kojiclient = koji.ClientSession(KOJI_URL) + kojiclient.ssl_login(CLIENT_CERT, CLIENTCA_CERT, SERVERCA_CERT) + except: + print "Could not connect to koji API" + sys.exit(2) + + fas_perms = get_users_perms_from_file() + koji_perms = get_users_perms() + + if not fas_perms: + print "Could not read %s file." % FASDUMP + sys.exit(1) + + if not koji_perms: + print "Could not read koji's user database" + sys.exit(2) + + fix_permissions(fas_perms, koji_perms) + sys.exit(0)