Skip to content

Commit

Permalink
Merge pull request #667 from sarkapalkovicova/service-parametrization
Browse files Browse the repository at this point in the history 
feat(gen): kerberos_renewal_principals defines resource by destination file
  • Loading branch information
@Johaney-s
Johaney-s authored Mar 3, 2022
2 parents cdf1cd5 + 4b60dbc commit c0f8c54
Show file tree
Hide file tree
Showing 3 changed files with 64 additions and 21 deletions.
38 changes: 27 additions & 11 deletions gen/kerberos_renewal_principals
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,35 +8,51 @@ use File::Basename;

local $::SERVICE_NAME = basename($0);
local $::PROTOCOL_VERSION = "3.0.0";
my $SCRIPT_VERSION = "3.0.0";
my $SCRIPT_VERSION = "3.0.1";

perunServicesInit::init;
my $data = perunServicesInit::getHashedHierarchicalData;
my $DIRECTORY = perunServicesInit::getDirectory;

our $A_PRINCIPALS; *A_PRINCIPALS = \'urn:perun:user:attribute-def:def:kerberosLogins';
our $A_MEMBER_STATUS; *A_MEMBER_STATUS = \'urn:perun:member:attribute-def:core:status';
our $A_RESOURCE_KERBEROS_PRINCIPALS_FILE_SUFFIX; *A_RESOURCE_KERBEROS_PRINCIPALS_FILE_SUFFIX = \'urn:perun:resource:attribute-def:def:kerberosPrincipalsFileSuffix';

our $A_PRINCIPALS; *A_PRINCIPALS = \'urn:perun:user:attribute-def:def:kerberosLogins';
our $A_MEMBER_STATUS; *A_MEMBER_STATUS = \'urn:perun:member:attribute-def:core:status';
my $principalsDirectory = "$DIRECTORY/kerberos_renewal_principals";
mkdir $principalsDirectory or die "kerberos_renewal_principals directory can't be created: $!";

my $service_file_name = "$DIRECTORY/$::SERVICE_NAME";
my $fileStructureWithData;

my %userPrincipals;
foreach my $resourceId ($data->getResourceIds()) {
my $fileSuffix = $data->getResourceAttributeValue( resource => $resourceId, attrName => $A_RESOURCE_KERBEROS_PRINCIPALS_FILE_SUFFIX );
my $fileName = $fileSuffix ? "kerberos_renewal_principals_${fileSuffix}" : "kerberos_renewal_principals";
my %userPrincipals;
foreach my $memberId ($data->getMemberIdsForResource( resource => $resourceId )) {
next if $data->getMemberAttributeValue( member => $memberId, attrName => $A_MEMBER_STATUS ) ne 'VALID';
for my $principal (@{$data->getUserAttributeValue( member => $memberId, attrName => $A_PRINCIPALS )}) {
$userPrincipals{$principal} = 1;
}
}

if (defined $fileStructureWithData->{$fileName}) {
foreach my $key (keys %userPrincipals) {
$fileStructureWithData->{$fileName}->{$key} = 1;
}
} else {
$fileStructureWithData->{$fileName} = \%userPrincipals;
}
}

####### output file ######################
open SERVICE_FILE,">$service_file_name" or die "Cannot open $service_file_name: $! \n";
foreach my $file (sort keys %$fileStructureWithData) {
my $principals = $fileStructureWithData->{$file};
my $service_file_name = "$principalsDirectory/$file";
open SERVICE_FILE,">$service_file_name" or die "Cannot open $service_file_name: $! \n";

print SERVICE_FILE "target_clients =\n";
print SERVICE_FILE join("\n", sort keys %userPrincipals), "\n";
print SERVICE_FILE ";\n";
print SERVICE_FILE "target_clients =\n";
print SERVICE_FILE join("\n", sort keys %$principals), "\n";
print SERVICE_FILE ";\n";

close(SERVICE_FILE);
close(SERVICE_FILE);
}

perunServicesInit::finalize;
40 changes: 30 additions & 10 deletions slave/process-kerberos-renewal-principals/bin/process-kerberos_renewal_principals.sh
View file
Original file line number Diff line number Diff line change
@@ -1,25 +1,45 @@
#!/bin/bash

PROTOCOL_VERSION='3.0.0'

function process {

DST_DIR="/etc/heimdal-kdc/krb525d.d/"
DST_FILE="${SERVICE}.conf"
FROM_PERUN="${WORK_DIR}/${SERVICE}"
FROM_PERUN_DIR="${WORK_DIR}/kerberos_renewal_principals/"

### Status codes
I_CHANGED=(0 "${DST_FILE} updated")
E_NOT_CHANGE=(50 "Cannot copy file ${FROM_PERUN} to ${DST_FILE}")
I_EVERYTHING_OK=(0 'All files has been updated.')
E_FINISHED_WITH_ERRORS=(50 'Slave script finished with errors!')

ERROR=0

create_lock

cp "${FROM_PERUN}" "${DST_DIR}/${DST_FILE}"
# Delete all files with 'kerberos_renewal_principals prefix from destination directory
if [[ $(find $DST_DIR -mindepth 1 -maxdepth 1 -name "kerberos_renewal_principals*") ]]; then
if ! rm $DST_DIR/kerberos_renewal_principals*; then
ERROR=1
fi
fi

if [ $? -eq 0 ]; then
log_msg I_CHANGED
# Copy all files from perun
for FROM_PERUN_FILE in "$FROM_PERUN_DIR"/*
do
# Get name of file
local FILE_NAME
if ! FILE_NAME=$(basename "$FROM_PERUN_FILE"); then
ERROR=1
continue
fi

# Copy file to destination dir
if ! cp "${FROM_PERUN_FILE}" "${DST_DIR}/${FILE_NAME}.conf"; then
ERROR=1
fi
done

if [ $ERROR -ne 0 ]; then
log_msg E_FINISHED_WITH_ERRORS
else
log_msg E_NOT_CHANGED
log_msg I_EVERYTHING_OK
fi

}
7 changes: 7 additions & 0 deletions slave/process-kerberos-renewal-principals/changelog
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,10 @@
perun-slave-process-kerberos-renewal-principals (3.0.1) stable; urgency=low

* Handled receive of many files from perun.
* Copies them to the destination directory and deletes unnecessary ones.

-- Sarka Palkovicova <[email protected]> Tue, 1 Mar 2022 15:27:00 +0100

perun-slave-process-kerberos-renewal-principals (3.0.0) stable; urgency=low

* added new service kerberos-renewal-principals
Expand Down

0 comments on commit c0f8c54

Please sign in to comment.