Skip to content

Commit

Permalink
Merge branch 'master' into production
Browse files Browse the repository at this point in the history
  • Loading branch information
xkostka2 committed Sep 13, 2021
2 parents e77e7d2 + bd02f42 commit 771593b
Show file tree
Hide file tree
Showing 28 changed files with 11,483 additions and 251 deletions.
25 changes: 25 additions & 0 deletions .github/workflows/semantic-release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: Semantic release
on:
push:
branches-ignore:
- master
tags-ignore:
- v*
jobs:
semantic-release:
name: Semantic release
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v1
- name: Setup Node.js
uses: actions/setup-node@v1
with:
node-version: 16
- name: Install dependencies
run: npm ci
- name: Release
id: semantic
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: npx semantic-release
7 changes: 7 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,14 @@
*.war
*.ear

# Semantic releasing related
node_modules

# Ignore slave packages
*.deb
*.rpm
*.buildinfo
*.changes

# Ignore Maven target #

Expand Down Expand Up @@ -58,6 +63,8 @@ nb-configuration.xml
# LINUX ignore #

.*
!.github
!.releaserc.json
!.editorconfig
!.gitignore
!.gitattributes
Expand Down
9 changes: 9 additions & 0 deletions .releaserc.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{
"branches": [ "production", "+([0-9])?(.{+([0-9]),x}).x"],
"plugins": [
"@semantic-release/commit-analyzer",
"@semantic-release/release-notes-generator",
"@semantic-release/github"
]
}

205 changes: 166 additions & 39 deletions gen/ad_group_mu_ucn
Original file line number Diff line number Diff line change
@@ -1,34 +1,57 @@
#!/usr/bin/perl
use feature "switch";
use Switch;
use strict;
use warnings;
use perunServicesInit;
use perunServicesUtils;
no if $] >= 5.017011, warnings => 'experimental::smartmatch';

local $::SERVICE_NAME = "ad_group_mu_ucn";
local $::PROTOCOL_VERSION = "3.0.0";
my $SCRIPT_VERSION = "3.0.2";
my $SCRIPT_VERSION = "3.0.3";

sub addMemberToGroup;
sub processWorkplaces;
sub processGroup;
sub createGroup;
sub processTree;
sub writeDebug;

perunServicesInit::init;
my $DIRECTORY = perunServicesInit::getDirectory;
my $fileName = "$DIRECTORY/$::SERVICE_NAME".".ldif";
my $baseDnFileName = "$DIRECTORY/baseDN";

#Get hierarchical data without expired members
my $data = perunServicesInit::getHashedHierarchicalData(1);
# Get hierarchical data without expired members
my $data = perunServicesInit::getHashedDataWithGroups(1);
my $DEBUG = 0;

#Constants
our $A_LOGIN; *A_LOGIN = \'urn:perun:user_facility:attribute-def:virt:login';
our $A_F_BASE_DN; *A_F_BASE_DN = \'urn:perun:facility:attribute-def:def:adBaseDN';
our $A_F_GROUP_BASE_DN; *A_F_GROUP_BASE_DN = \'urn:perun:facility:attribute-def:def:adGroupBaseDN';
our $A_R_GROUP_NAME; *A_R_GROUP_NAME = \'urn:perun:resource:attribute-def:def:adGroupName';
our $A_G_GROUP_NAME_COMPUTED; *A_G_GROUP_NAME_COMPUTED = \'urn:perun:group:attribute-def:virt:adGroupName';
# Tree / Workplace / Group (Default)
our $A_R_REPRESENTATION; *A_R_REPRESENTATION = \'urn:perun:resource:attribute-def:def:adResourceRepresentation';
our $A_MR_V_IS_BANNED; *A_MR_V_IS_BANNED = \'urn:perun:member_resource:attribute-def:virt:isBanned';
our $A_MEMBER_STATUS; *A_MEMBER_STATUS = \'urn:perun:member:attribute-def:core:status';
our $A_ALLOW_INACTIVE; *A_ALLOW_INACTIVE = \'urn:perun:resource:attribute-def:def:allowInactiveMembers';
our $A_R_ALLOW_INACTIVE; *A_R_ALLOW_INACTIVE = \'urn:perun:resource:attribute-def:def:allowInactiveMembers';

our $STATUS_VALID; *STATUS_VALID = \'VALID';
our $STATUS_EXPIRED; *STATUS_EXPIRED = \'EXPIRED';

our $A_R_ADOUNAME; *A_R_ADOUNAME = \'urn:perun:resource:attribute-def:def:adOuName';
our $A_G_INETCISPR; *A_G_INETCISPR = \'urn:perun:group:attribute-def:def:inetCispr';
our $A_G_DESCRIPTION; *A_G_DESCRIPTION = \'urn:perun:group:attribute-def:core:description';
our $A_R_DESCRIPTION; *A_R_DESCRIPTION = \'urn:perun:resource:attribute-def:core:description';

# Default description of group in Active Directory
my $defaultDescription = "no-desc in Perun";
# Default representation of resource in Active Directory
my $defaultRepresentation = "group";

# CHECK ON FACILITY ATTRIBUTES
if (!defined($data->getFacilityAttributeValue( attrName => $A_F_GROUP_BASE_DN ))) {
exit 1;
Expand All @@ -47,45 +70,22 @@ open FILE,">:encoding(UTF-8)","$baseDnFileName" or die "Cannot open $baseDnFileN
print FILE $baseGroupDN;
close(FILE);

my $groups = {};
my $usersByResource = {};
our $groups = {};
our $usersByGroups = {};

# FOR EACH RESOURCE
foreach my $resourceId ($data->getResourceIds()) {
# Default value for representation is "group".
# Possible values: tree / workplace / group (Default)
my $representation = lc ($data->getResourceAttributeValue( resource => $resourceId, attrName => $A_R_REPRESENTATION ) || $defaultRepresentation);

my $allowInactiveMembers = $data->getResourceAttributeValue( resource => $resourceId, attrName => $A_ALLOW_INACTIVE );
my $group = $data->getResourceAttributeValue( resource => $resourceId, attrName => $A_R_GROUP_NAME );
$groups->{$group} = 1;

# FOR EACH MEMBER ON RESOURCE
foreach my $memberId ($data->getMemberIdsForResource( resource => $resourceId )) {

my $login = $data->getUserFacilityAttributeValue( member => $memberId, attrName => $A_LOGIN );
my $isBanned = $data->getMemberResourceAttributeValue( member => $memberId, resource => $resourceId, attrName => $A_MR_V_IS_BANNED );
my $memberStatus = $data->getMemberAttributeValue( member => $memberId, attrName => $A_MEMBER_STATUS );

#skip banned members
next if $isBanned;

next unless ( ($memberStatus eq $STATUS_VALID) || (($memberStatus eq $STATUS_EXPIRED) && $allowInactiveMembers) );

# allow only UČO, 9UČO and s-[smth] logins

if ($login =~ /^9[0-9]{6}$/ or $login =~ /^[0-9]{1,6}$/) {

# store UČO and 9UČO users
$usersByResource->{$group}->{"CN=" . $login . "," . $baseDN} = 1

} elsif ($login =~ /^s-/) {

# store "s-[something]" users - hack to be compatible with existing accounts
$usersByResource->{$group}->{"CN=" . $login . "," . $baseDNforSpecial} = 1

}

writeDebug("Resource ID: $resourceId (represented as: $representation)", 0);

switch($representation){
case "tree" {processTree($resourceId)}
case "workplace" {processWorkplaces($resourceId)}
case "group" {processGroup($resourceId)}
}

}

#
Expand All @@ -95,13 +95,15 @@ open FILE,">:encoding(UTF-8)","$fileName" or die "Cannot open $fileName: $! \n";

for my $group (sort keys %$groups) {

print FILE "dn: CN=" . $group . "," . $baseGroupDN . "\n";
print FILE "dn: CN=" . $group . "," . $groups->{$group}->{$A_R_ADOUNAME} . "\n";
print FILE "cn: " . $group . "\n";
print FILE "samAccountName: " . $group . "\n";
print FILE "description: " . $groups->{$group}->{"description"} . "\n";
print FILE "info: perun\@muni.cz\n";
print FILE "objectClass: group\n";
print FILE "objectClass: top\n";

my @groupMembers = sort keys %{$usersByResource->{$group}};
my @groupMembers = sort keys %{$usersByGroups->{$group}};
for my $member (@groupMembers) {
print FILE "member: " . $member . "\n";
}
Expand All @@ -114,3 +116,128 @@ for my $group (sort keys %$groups) {
close FILE;

perunServicesInit::finalize;

####################
# Helper functions #
####################

sub addMemberToGroup {
my $memberId = shift;
my $group = shift;
my $resourceId = shift;

my $login = $data->getUserFacilityAttributeValue( member => $memberId, attrName => $A_LOGIN );
my $isBanned = $data->getMemberResourceAttributeValue( member => $memberId, resource => $resourceId, attrName => $A_MR_V_IS_BANNED );

my $allowInactiveMembers = $data->getResourceAttributeValue( resource => $resourceId, attrName => $A_R_ALLOW_INACTIVE );
my $memberStatus = $data->getMemberAttributeValue( member => $memberId, attrName => $A_MEMBER_STATUS );

# Add only VALID members or EXPIRED members if allowed by Resource
return unless ( ($memberStatus eq $STATUS_VALID) || (($memberStatus eq $STATUS_EXPIRED) && $allowInactiveMembers) );

addMember($login, $group, $isBanned)
}

sub processTree {
my $resourceId = shift;

foreach my $groupId ( $data->getGroupIdsForResource( resource => $resourceId ) ) {
writeDebug("Process Tree Group: $groupId", 1);
my $group = $data->getGroupAttributeValue(group => $groupId, attrName => $A_G_GROUP_NAME_COMPUTED);
my $description = $data->getGroupAttributeValue( group => $groupId, attrName => $A_G_DESCRIPTION );
my $adOuName = $data->getResourceAttributeValue( resource => $resourceId, attrName => $A_R_ADOUNAME );

writeDebug("Obtained data group '$group'.", 2);
createGroup($group, $description, $adOuName);

writeDebug("Continue to add members", 3);
for my $memberId ( $data->getMemberIdsForResourceAndGroup( resource => $resourceId, group => $groupId )) {
addMemberToGroup($memberId, $group, $resourceId);
}
}


}

sub processWorkplaces {
my $resourceId = shift;

foreach my $groupId ( $data->getGroupIdsForResource( resource => $resourceId ) ) {
writeDebug("Process Workplace Group: $groupId", 1);

my $inetCispr = $data->getGroupAttributeValue( group => $groupId, attrName => $A_G_INETCISPR );
my $group = "Wplace-$inetCispr";
my $description = $data->getGroupAttributeValue( group => $groupId, attrName => $A_G_DESCRIPTION );

writeDebug("Obtained data group '$group'.", 2);
createGroup($group, $description, undef);

writeDebug("Continue to add members", 3);
for my $memberId ( $data->getMemberIdsForResourceAndGroup( resource => $resourceId, group => $groupId )) {
addMemberToGroup($memberId, $group, $resourceId);
}
}
}

sub processGroup {
my $resourceId = shift;

my $group = $data->getResourceAttributeValue( resource => $resourceId, attrName => $A_R_GROUP_NAME );
my $description = $data->getResourceAttributeValue( resource => $resourceId, attrName => $A_R_DESCRIPTION );
my $adOuName = $data->getResourceAttributeValue( resource => $resourceId, attrName => $A_R_ADOUNAME );

writeDebug("Process Standard Group: '$group'", 1);
createGroup($group, $description, $adOuName);

writeDebug("Continue to add members", 3);
foreach my $memberId ($data->getMemberIdsForResource( resource => $resourceId )) {
addMemberToGroup($memberId, $group, $resourceId);
}
}

sub createGroup {
my $name = shift;
my $description = shift;
my $adOuName = shift;

# Ensure that there is one group with specific name
$groups->{$name}->{"description"} = $description || $defaultDescription;
# Is expected that adOuName and baseGroupDN cotains valid DN.
# The groups can be created in custom DN path, if the adOuName is not specified
# baseGroupDN should be used.
$groups->{$name}->{$A_R_ADOUNAME} = $adOuName || $baseGroupDN;
writeDebug("Group created", 3);
}

sub addMember {
my $login = shift;
my $group = shift;
my $isBanned = shift;

#skip banned members
return if $isBanned;

# allow only UČO, 9UČO and s-[smth] logins

if ($login =~ /^9[0-9]{6}$/ or $login =~ /^[0-9]{1,6}$/) {

# store UČO and 9UČO users
$usersByGroups->{$group}->{"CN=" . $login . "," . $baseDN} = 1

} elsif ($login =~ /^s-/) {

# store "s-[something]" users - hack to be compatible with existing accounts
$usersByGroups->{$group}->{"CN=" . $login . "," . $baseDNforSpecial} = 1

}
}

sub writeDebug {
my $message = shift;
my $indentation = shift;

return unless $DEBUG;

print "\t" x $indentation;
print $message . "\n";
}
2 changes: 1 addition & 1 deletion gen/ad_mu
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ our $A_FIRST_NAME; *A_FIRST_NAME = \'urn:perun:user:attribute-def:core:firstNam
our $A_LAST_NAME; *A_LAST_NAME = \'urn:perun:user:attribute-def:core:lastName';
our $A_U_MAILS; *A_U_MAILS = \'urn:perun:user:attribute-def:def:o365EmailAddresses:mu';
our $A_LOGIN; *A_LOGIN = \'urn:perun:user_facility:attribute-def:virt:login';
our $A_M_G_O365_SEND_ON_BEHALF; *A_M_G_O365_SEND_ON_BEHALF = \'urn:perun:member_group:attribute-def:def:o365SendOnBehalf';
our $A_M_G_O365_SEND_ON_BEHALF; *A_M_G_O365_SEND_ON_BEHALF = \'urn:perun:member_group:attribute-def:virt:o365SendOnBehalf';
our $A_U_F_O365_PREFERRED_LANGUAGE; *A_U_F_O365_PREFERRED_LANGUAGE = \'urn:perun:user_facility:attribute-def:def:o365PreferredLanguage';
our $A_U_F_O365_LICENCE; *A_U_F_O365_LICENCE = \'urn:perun:user_facility:attribute-def:def:o365Licence';
our $A_MEMBER_STATUS; *A_MEMBER_STATUS = \'urn:perun:member:attribute-def:core:status';
Expand Down
6 changes: 3 additions & 3 deletions gen/drupal_elixir
Original file line number Diff line number Diff line change
Expand Up @@ -129,14 +129,14 @@ sub processUsers {

my $uid = $data->getUserAttributeValue( member => $memberId, attrName => $A_USER_ID );
my $login = $data->getUserAttributeValue( member => $memberId, attrName => $A_USER_LOGIN );
my $status = $data->getMemberAttributeValue( member => $memberId, group => $groupId, attrName => $A_USER_STATUS );
if($data->getMemberAttributeValue( member => $memberId, group => $groupId, attrName => $A_MEMBER_IS_SUSPENDED )) {
my $status = $data->getMemberAttributeValue( member => $memberId, attrName => $A_USER_STATUS );
if($data->getMemberAttributeValue( member => $memberId, attrName => $A_MEMBER_IS_SUSPENDED )) {
$status = $STATUS_SUSPENDED;
}
my $email = $data->getUserAttributeValue( member => $memberId, attrName => $A_USER_EMAIL );
my $d_name = $data->getUserAttributeValue( member => $memberId, attrName => $A_USER_D_NAME );

# Select right eppn from the list of eppns, TEMPORARLY get google one, then we will use elixir
# Select right eppn from the list of eppns, TEMPORARILY get google one, then we will use elixir
my @eppns = @{$data->getUserAttributeValue( member => $memberId, attrName => $A_USER_EPPNS)};


Expand Down
Loading

0 comments on commit 771593b

Please sign in to comment.