Skip to content

Commit

Permalink
Merge branch 'master' into production
Browse files Browse the repository at this point in the history
  • Loading branch information
xkureck committed Oct 6, 2021
2 parents 704ad49 + ba898e2 commit 6f2b57f
Show file tree
Hide file tree
Showing 13 changed files with 205 additions and 0 deletions.
4 changes: 4 additions & 0 deletions gen/ad_user_vsup
Original file line number Diff line number Diff line change
Expand Up @@ -217,6 +217,10 @@ for my $login (@logins) {
print FILE "altSecurityIdentities: " . $val . "\n";
}

# primary mail must be in proxyAddresses for normal users
if (defined $exchangeMail and length $exchangeMail) {
print FILE "proxyAddresses: SMTP:" . $exchangeMail . "\n";
}
foreach my $val (@$exchangeMailAliases) {
print FILE "proxyAddresses: smtp:" . $val . "\n";
}
Expand Down
11 changes: 11 additions & 0 deletions gen/ad_user_vsup_service
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ our $A_CARD_CHIP_NUMBERS; *A_CARD_CHIP_NUMBERS = \'urn:perun:user:attribute-def
our $A_VSUP_PREF_MAIL; *A_VSUP_PREF_MAIL = \'urn:perun:user:attribute-def:def:vsupPreferredMail';
our $A_VSUP_SSH_KEYS; *A_VSUP_SSH_KEYS = \'urn:perun:user:attribute-def:def:sshPublicKey';
our $A_VSUP_EXCHANGE_MAIL_ALIASES; *A_VSUP_EXCHANGE_MAIL_ALIASES = \'urn:perun:user:attribute-def:def:vsupExchangeMailAliases';
our $A_AD_DISPLAY_NAME; *A_AD_DISPLAY_NAME = \'urn:perun:user:attribute-def:def:adDisplayName';

# CHECK ON FACILITY ATTRIBUTES
if (!defined($data->getFacilityAttributeValue( attrName => $A_F_BASE_DN ))) {
Expand Down Expand Up @@ -99,6 +100,7 @@ foreach my $memberId ($data->getMemberIdsForFacility()) {
# store standard attrs
$users->{$login}->{$A_FIRST_NAME} = $artisticFirstName || $firstName;
$users->{$login}->{$A_LAST_NAME} = $artisticLastName || $lastName;
$users->{$login}->{$A_AD_DISPLAY_NAME} = $data->getUserAttributeValue( member => $memberId, attrName => $A_AD_DISPLAY_NAME );
$users->{$login}->{$A_UCO} = $data->getUserAttributeValue( member => $memberId, attrName => $A_UCO );
$users->{$login}->{$A_TITLE_BEFORE} = $data->getUserAttributeValue( member => $memberId, attrName => $A_TITLE_BEFORE );
$users->{$login}->{$A_TITLE_AFTER} = $data->getUserAttributeValue( member => $memberId, attrName => $A_TITLE_AFTER );
Expand Down Expand Up @@ -135,6 +137,7 @@ for my $login (@logins) {
# skip attributes which are empty and LDAP can't handle it (FIRST_NAME, EMAIL)
my $sn = $users->{$login}->{$A_LAST_NAME};
my $givenName = $users->{$login}->{$A_FIRST_NAME};
my $adDisplayName = $users->{$login}->{$A_AD_DISPLAY_NAME};
my $uco = $users->{$login}->{$A_UCO};
my $titleBefore = $users->{$login}->{$A_TITLE_BEFORE};
my $titleAfter = $users->{$login}->{$A_TITLE_AFTER};
Expand All @@ -154,6 +157,10 @@ for my $login (@logins) {
} elsif (!(defined $givenName and length $givenName) and defined $sn and length $sn) {
$printedDisplayName = $sn;
}
# prefer manually set display name for service accounts if present
if (defined $adDisplayName and length $adDisplayName) {
$printedDisplayName = $adDisplayName;
}
if (defined $printedDisplayName and length $printedDisplayName) {
print FILE "displayName: " . $printedDisplayName . "\n";
print FILE "gecos: " . $printedDisplayName . "\n";
Expand Down Expand Up @@ -200,6 +207,10 @@ for my $login (@logins) {
print FILE "altSecurityIdentities: " . $val . "\n";
}

# preferred mail must be in proxyAddresses as primary mail for service users
if (defined $vsupPrefMail and length $vsupPrefMail) {
print FILE "proxyAddresses: SMTP:" . $vsupPrefMail . "\n";
}
foreach my $val (@$exchangeMailAliases) {
print FILE "proxyAddresses: smtp:" . $val . "\n";
}
Expand Down
12 changes: 12 additions & 0 deletions gen/o365_mu_account_status
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#!/usr/bin/perl

use strict;
use warnings;
use File::Basename;
use perunDataGenerator;

local $::SERVICE_NAME = basename($0);
local $::PROTOCOL_VERSION = "3.0.0";

perunDataGenerator::generateUsersDataInJSON;

129 changes: 129 additions & 0 deletions gen/openstack_projects
Original file line number Diff line number Diff line change
@@ -0,0 +1,129 @@
#!/usr/bin/perl

use strict;
use warnings;
use perunServicesInit;
use perunServicesUtils;
use JSON::XS;

our $SERVICE_NAME = "openstack_projects";
our $PROTOCOL_VERSION = "3.0.0";
my $SCRIPT_VERSION = "3.0.0";

perunServicesInit::init;
my $DIRECTORY = perunServicesInit::getDirectory;
my $data = perunServicesInit::getHashedHierarchicalData;

our $A_FACILITY_PROJECT_NAMESPACE; *A_FACILITY_PROJECT_NAMESPACE = \'urn:perun:facility:attribute-def:def:projectNamespace';
our $A_USER_MAIL; *A_USER_MAIL = \'urn:perun:user:attribute-def:def:preferredMail';
our $A_USER_FACILITY_LOGIN; *A_USER_FACILITY_LOGIN = \'urn:perun:user_facility:attribute-def:virt:login';
our $A_USER_OPTIONAL_LOGIN; *A_USER_OPTIONAL_LOGIN = \'urn:perun:user:attribute-def:virt:optionalLogin-namespace:mu';
our $A_RESOURCE_NAME; *A_RESOURCE_NAME = \'urn:perun:resource:attribute-def:core:name';
our $A_MEMBER_EXPIRATION; *A_MEMBER_EXPIRATION = \'urn:perun:member:attribute-def:def:membershipExpiration';
our $A_MEMBER_STATUS; *A_MEMBER_STATUS = \'urn:perun:member:attribute-def:core:status';

our $STATUS_VALID; *STATUS_VALID = \'VALID';

our $members = {};

my $instance = $data->getFacilityAttributeValue(attrName => $A_FACILITY_PROJECT_NAMESPACE);
my $projectPrefix = lc $instance . "_";

foreach my $resourceId ($data->getResourceIds()) {

my $resourceName = $data->getResourceAttributeValue(resource => $resourceId, attrName => $A_RESOURCE_NAME);
my $projectName = $resourceName;

my $hasAccess = 0;
if ($resourceName =~ /-access$/) {
$hasAccess = 1;
$projectName = $projectPrefix . substr $resourceName, 0, length($resourceName) - 7;
}

my $isManager = 0;
if ($resourceName =~ /-managers$/) {
$isManager = 1;
$projectName = $projectPrefix . substr $resourceName, 0, length($resourceName) - 9;
}

my $isPersonalProject = 0;
if ($resourceName =~ /-personalProjects$/) {
$isPersonalProject = 1;
}

foreach my $memberId ($data->getMemberIdsForResource(resource => $resourceId)) {
my $identifier = $data->getUserFacilityAttributeValue(member => $memberId, attrName => $A_USER_FACILITY_LOGIN);
$identifier = $identifier . "\@muni.cz" if $projectPrefix eq "mu_";

if($members->{$identifier}) {
if ($hasAccess) {
push @{$members->{$identifier}->{'projects_access'}}, $projectName;
}
if ($isManager) {
push @{$members->{$identifier}->{'projects_managers'}}, $projectName;
}
if ($isPersonalProject) {
my $status = $data->getMemberAttributeValue(member => $memberId, attrName => $A_MEMBER_STATUS);
if($status eq $STATUS_VALID) {
$members->{$identifier}->{'personal_project'} = JSON::XS::true;
my $memberExpiration = $data->getMemberAttributeValue(member => $memberId, attrName => $A_MEMBER_EXPIRATION);
if (!$memberExpiration) {
$memberExpiration = "";
}
$members->{$identifier}->{'expiration'} = $memberExpiration;
}
}
} else {
my @additionalIdentifier = ();
my $muLogin = $data->getUserAttributeValue(member => $memberId, attrName => $A_USER_OPTIONAL_LOGIN);
if ($muLogin) {
push @additionalIdentifier, $muLogin . "\@muni.cz";
}

my $mail = $data->getUserAttributeValue(member => $memberId, attrName => $A_USER_MAIL);

my @projects_access = ();
if ($hasAccess) {
push @projects_access, $projectName;
}
my @projects_managers = ();
if ($isManager) {
push @projects_managers, $projectName;
}

my $member = {
identifier => $identifier,
additional_identifier => \@additionalIdentifier,
mail => $mail,
projects_access => \@projects_access,
projects_managers => \@projects_managers
};

my $status = $data->getMemberAttributeValue(member => $memberId, attrName => $A_MEMBER_STATUS);
if ($isPersonalProject && $status eq $STATUS_VALID) {
$member->{'personal_project'} = JSON::XS::true;
my $memberExpiration = $data->getMemberAttributeValue(member => $memberId, attrName => $A_MEMBER_EXPIRATION);
if(!$memberExpiration) {
$memberExpiration = "";
}
$member->{'expiration'} = $memberExpiration;
} else {
$member->{'personal_project'} = JSON::XS::false;
}

$members->{$identifier} = $member;
}
}
}

my @values = values(%$members);
my $fileData = {
instance => $instance,
access => \@values
};
my $file = $DIRECTORY . "access.json";
open FILE_USERS, ">$file" or die "Cannot open $file: $! \n";
print FILE_USERS JSON::XS->new->utf8->pretty->canonical->encode($fileData), "\n";
close(FILE_USERS) or die "Cannot close $file: $! \n";

perunServicesInit::finalize;
2 changes: 2 additions & 0 deletions send/ADConnector.pm
Original file line number Diff line number Diff line change
Expand Up @@ -577,6 +577,7 @@ sub add_members_to_entry($$$$) {
ldap_log($service_name, "Group members added: " . $ad_entry->dn() . " | \n" . join(",\n", @$_));
} else {
ldap_log($service_name, "Group members NOT added: " . $ad_entry->dn() . " | " . $response->error() . " | \n" . join(",\n", @$_));
print STDERR "Group members NOT added: " . $ad_entry->dn() . " | " . $response->error() . " | \n" . join(",\n", @$_);
$return_code = $FAIL;
}
}
Expand Down Expand Up @@ -611,6 +612,7 @@ sub remove_members_from_entry($$$$) {
ldap_log($service_name, "Group members removed: " . $ad_entry->dn() . " | \n" . join(",\n", @$_));
} else {
ldap_log($service_name, "Group members NOT removed: " . $ad_entry->dn() . " | " . $response->error() . " | \n" . join(",\n", @$_));
print STDERR "Group members NOT removed: " . $ad_entry->dn() . " | " . $response->error() . " | \n" . join(",\n", @$_);
$return_code = $FAIL;
}
}
Expand Down
4 changes: 4 additions & 0 deletions send/o365_mu_account_status
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
#!/bin/bash
SERVICE_NAME="o365_mu_account_status"

. generic_send
4 changes: 4 additions & 0 deletions send/openstack_projects
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
#!/bin/bash
SERVICE_NAME="openstack_projects"

. generic_send
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
#!/bin/bash
PROTOCOL_VERSION='3.0.0'

function process {

### Status codes
I_CHANGED=(0 "${DST_FILE} updated")
I_NOT_CHANGED=(0 "${DST_FILE} has not changed")

E_MISSING_DST=(50 'Missing destination of file (DST_FILE), need to be set in pre_script.')

FROM_PERUN="${WORK_DIR}/o365_mu_account_status"

if [ -z ${DST_FILE} ]; then
log_msg E_MISSING_DST
fi

create_lock

# Create diff between old.perun and .new
diff_mv_sync "${FROM_PERUN}" "${DST_FILE}"

if [ $? -eq 0 ]; then
log_msg I_CHANGED
else
log_msg I_NOT_CHANGED
fi
}
5 changes: 5 additions & 0 deletions slave/process-o365-mu-account-status/changelog
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
perun-slave-process-o365-mu-account-status (3.1.1) stable; urgency=low

* New package version for perun-slave-process-o365-mu-account-status

-- Michal Stava <[email protected]> Wed, 29 Sep 2021 15:21:00 +0200
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
#!/bin/sh
#SET destination file
#DST_FILE=/var/opt/perun/o365_mu_account_status
1 change: 1 addition & 0 deletions slave/process-o365-mu-account-status/dependencies
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
perun-slave-base
1 change: 1 addition & 0 deletions slave/process-o365-mu-account-status/rpm.dependencies
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
perun-slave-base
1 change: 1 addition & 0 deletions slave/process-o365-mu-account-status/short_desc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Package for perun service - o365_mu_account_status

0 comments on commit 6f2b57f

Please sign in to comment.