diff --git a/gen/kerberos_renewal_principals b/gen/kerberos_renewal_principals index dd417b4b..b92c392b 100755 --- a/gen/kerberos_renewal_principals +++ b/gen/kerberos_renewal_principals @@ -8,35 +8,51 @@ use File::Basename; local $::SERVICE_NAME = basename($0); local $::PROTOCOL_VERSION = "3.0.0"; -my $SCRIPT_VERSION = "3.0.0"; +my $SCRIPT_VERSION = "3.0.1"; perunServicesInit::init; my $data = perunServicesInit::getHashedHierarchicalData; my $DIRECTORY = perunServicesInit::getDirectory; +our $A_PRINCIPALS; *A_PRINCIPALS = \'urn:perun:user:attribute-def:def:kerberosLogins'; +our $A_MEMBER_STATUS; *A_MEMBER_STATUS = \'urn:perun:member:attribute-def:core:status'; +our $A_RESOURCE_KERBEROS_PRINCIPALS_FILE_SUFFIX; *A_RESOURCE_KERBEROS_PRINCIPALS_FILE_SUFFIX = \'urn:perun:resource:attribute-def:def:kerberosPrincipalsFileSuffix'; -our $A_PRINCIPALS; *A_PRINCIPALS = \'urn:perun:user:attribute-def:def:kerberosLogins'; -our $A_MEMBER_STATUS; *A_MEMBER_STATUS = \'urn:perun:member:attribute-def:core:status'; +my $principalsDirectory = "$DIRECTORY/kerberos_renewal_principals"; +mkdir $principalsDirectory or die "kerberos_renewal_principals directory can't be created: $!"; -my $service_file_name = "$DIRECTORY/$::SERVICE_NAME"; +my $fileStructureWithData; -my %userPrincipals; foreach my $resourceId ($data->getResourceIds()) { + my $fileSuffix = $data->getResourceAttributeValue( resource => $resourceId, attrName => $A_RESOURCE_KERBEROS_PRINCIPALS_FILE_SUFFIX ); + my $fileName = $fileSuffix ? "kerberos_renewal_principals_${fileSuffix}" : "kerberos_renewal_principals"; + my %userPrincipals; foreach my $memberId ($data->getMemberIdsForResource( resource => $resourceId )) { next if $data->getMemberAttributeValue( member => $memberId, attrName => $A_MEMBER_STATUS ) ne 'VALID'; for my $principal (@{$data->getUserAttributeValue( member => $memberId, attrName => $A_PRINCIPALS )}) { $userPrincipals{$principal} = 1; } } + + if (defined $fileStructureWithData->{$fileName}) { + foreach my $key (keys %userPrincipals) { + $fileStructureWithData->{$fileName}->{$key} = 1; + } + } else { + $fileStructureWithData->{$fileName} = \%userPrincipals; + } } -####### output file ###################### -open SERVICE_FILE,">$service_file_name" or die "Cannot open $service_file_name: $! \n"; +foreach my $file (sort keys %$fileStructureWithData) { + my $principals = $fileStructureWithData->{$file}; + my $service_file_name = "$principalsDirectory/$file"; + open SERVICE_FILE,">$service_file_name" or die "Cannot open $service_file_name: $! \n"; -print SERVICE_FILE "target_clients =\n"; -print SERVICE_FILE join("\n", sort keys %userPrincipals), "\n"; -print SERVICE_FILE ";\n"; + print SERVICE_FILE "target_clients =\n"; + print SERVICE_FILE join("\n", sort keys %$principals), "\n"; + print SERVICE_FILE ";\n"; -close(SERVICE_FILE); + close(SERVICE_FILE); +} perunServicesInit::finalize; diff --git a/slave/process-kerberos-renewal-principals/bin/process-kerberos_renewal_principals.sh b/slave/process-kerberos-renewal-principals/bin/process-kerberos_renewal_principals.sh index 10c642d1..61139530 100755 --- a/slave/process-kerberos-renewal-principals/bin/process-kerberos_renewal_principals.sh +++ b/slave/process-kerberos-renewal-principals/bin/process-kerberos_renewal_principals.sh @@ -1,25 +1,45 @@ #!/bin/bash - PROTOCOL_VERSION='3.0.0' function process { DST_DIR="/etc/heimdal-kdc/krb525d.d/" - DST_FILE="${SERVICE}.conf" - FROM_PERUN="${WORK_DIR}/${SERVICE}" + FROM_PERUN_DIR="${WORK_DIR}/kerberos_renewal_principals/" ### Status codes - I_CHANGED=(0 "${DST_FILE} updated") - E_NOT_CHANGE=(50 "Cannot copy file ${FROM_PERUN} to ${DST_FILE}") + I_EVERYTHING_OK=(0 'All files has been updated.') + E_FINISHED_WITH_ERRORS=(50 'Slave script finished with errors!') + + ERROR=0 create_lock - cp "${FROM_PERUN}" "${DST_DIR}/${DST_FILE}" + # Delete all files with 'kerberos_renewal_principals prefix from destination directory + if [[ $(find $DST_DIR -mindepth 1 -maxdepth 1 -name "kerberos_renewal_principals*") ]]; then + if ! rm $DST_DIR/kerberos_renewal_principals*; then + ERROR=1 + fi + fi - if [ $? -eq 0 ]; then - log_msg I_CHANGED + # Copy all files from perun + for FROM_PERUN_FILE in "$FROM_PERUN_DIR"/* + do + # Get name of file + local FILE_NAME + if ! FILE_NAME=$(basename "$FROM_PERUN_FILE"); then + ERROR=1 + continue + fi + + # Copy file to destination dir + if ! cp "${FROM_PERUN_FILE}" "${DST_DIR}/${FILE_NAME}.conf"; then + ERROR=1 + fi + done + + if [ $ERROR -ne 0 ]; then + log_msg E_FINISHED_WITH_ERRORS else - log_msg E_NOT_CHANGED + log_msg I_EVERYTHING_OK fi - } diff --git a/slave/process-kerberos-renewal-principals/changelog b/slave/process-kerberos-renewal-principals/changelog index f2df2fe7..bce7eec2 100644 --- a/slave/process-kerberos-renewal-principals/changelog +++ b/slave/process-kerberos-renewal-principals/changelog @@ -1,3 +1,10 @@ +perun-slave-process-kerberos-renewal-principals (3.0.1) stable; urgency=low + + * Handled receive of many files from perun. + * Copies them to the destination directory and deletes unnecessary ones. + + -- Sarka Palkovicova Tue, 1 Mar 2022 15:27:00 +0100 + perun-slave-process-kerberos-renewal-principals (3.0.0) stable; urgency=low * added new service kerberos-renewal-principals