Commit a9ace0e2 authored by Alex Tayts's avatar Alex Tayts
Browse files

initial commit

parents
.DS_Store
Ruby scripts to add and remove users from "users" module hirea datasource. POSIX attributes
of a user account are matching ones in LDAP.
Prerequisites:
* The scripts assume that they live in `tools` directory in the root of the repo.
* A user running this script _must_ have a kerberos ticket.
* Kerberos principal must be allowed to run remctl command `remctl lsdb user show`
#!/usr/bin/env ruby
# Adds a user to users::stanford_users hash in "users" module hiera
# common.yaml data source.
#
# NOTE: Since the user data in hiera is a hash, output of the tool
# is not sorted. Every time the script is used, the data
# source is rewritten with the user list in a different order.
#
# NOTE: The code assumes that the script is located in "tools" subdirectory
# in the root of the repo.
require 'yaml'
require 'pathname'
if ARGV.empty?
puts 'Usage: add_user sunet_id'
exit
end
sunetid = ARGV.shift
# determine where the root of the repo is
# assuming that this script is always in "tools" subdirectory
# of ther repo's root.
repo_root = Pathname.new(__dir__).parent()
# figure out a path to the data file
data_source = repo_root.join('modules/users/data/common.yaml')
unless File.exists?(data_source)
puts "Unable to locate data source"
puts "at #{data_source.to_s}."
exit
end
# read the contents of the hiera data source
hiera_data = YAML.load_file(data_source)
# check if the user already exists in the data source
if hiera_data['users::stanford_users'].has_key?(sunetid)
puts "The user #{sunetid} is already known."
exit
end
# lookup a u information in lsdb
account = `remctl lsdb user show #{sunetid}`
# if a remctl command failed, then there is no ticket or remctl
# client is not installed.
unless $?.success?
puts "Please make sure remctl is installed, you have a valid kerberos ticket,"
puts "and you have the rights to execute remctl lsdb queries."
exit
end
# if sunetid is not found
if account.include? "not found in database"
puts "#{sunetid} is not a valid SUnet ID."
exit
end
# create a hash with all user attributes
u = Hash.new
account.each_line do |line|
attrib, val = line.strip.split(/:\s*/, 2)
next if val.nil? or val.empty?
u[attrib] = val unless u.has_key?(attrib)
end
# add user attributes from passwd string
u['pwd'], u['uid'], u['gid'], u['gecos'], u['home'], u['shell'] = u[sunetid].split(/:/)
# if there is no attribute 'Services' or there is no 'afs' value there
# then the user has a base sponsored sunet id or inactive
unless u.has_key?('Services') and u['Services'].include?('afs')
u['home'] = "/home/#{sunetid}"
end
# add user to hiera data source
hiera_data['users::stanford_users'][sunetid] = {
'uid' => u['uid'],
'gid' => u['gid'],
'comment' => u['gecos'],
'home' => u['home'],
'shell' => u['shell']
}
# save data source as yaml
File.open(data_source, 'w') {|f| f.write hiera_data.to_yaml }
# commit the change to git, watch for errors
if system('git add ' + data_source.to_s)
unless system('git commit -m "Add a user \"' + sunetid + '\" to users module data source."')
puts "Error committing the change to git. Please do it manually."
exit
end
else
puts "Error adding the data source file to git. Please add and commit manually."
exit
end
puts <<-EOS
User "#{sunetid}" has been successfully added. The commit has not yet been
pushed to the remote. To complete this change, run:
git push
EOS
#!/usr/bin/env ruby
# Deletes a user from users::stanford_users hash in "users" module hiera
# common.yaml data source.
#
# NOTE: Since the user data in hiera is a hash, output of the tool
# is not sorted. Every time the script is used, the data
# source is rewritten with the user list in a different order.
#
# TODO: Sort the user hash when output to the file.
require 'yaml'
require 'pathname'
if ARGV.empty?
puts 'Usage: add_user sunet_id'
exit
end
sunetid = ARGV.shift
# determine where the root of the repo is
# assuming that this script is always in "tools" subdirectory
# of ther repo's root.
repo_root = Pathname.new(__dir__).parent()
# figure out a path to the data file
data_source = repo_root.join('modules/users/data/common.yaml')
unless File.exists?(data_source)
puts "Unable to locate data source"
puts "at #{data_source.to_s}."
exit
end
# read the contents of the hiera data source
hiera_data = YAML.load_file(data_source)
# check if the user already exists in the data source
if hiera_data['users::stanford_users'].has_key?(sunetid)
just_deleted = hiera_data['users::stanford_users'].delete(sunetid)
# puts 'Deleted the following data from hiera:'
# puts just_deleted.to_yaml
else
puts "The user #{sunetid} is not in hiera data. Nothing to do."
exit
end
# save data source as yaml
File.open(data_source, 'w') {|f| f.write hiera_data.to_yaml }
# commit the change to git, watch for errors
if system('git add ' + data_source.to_s)
unless system('git commit -m "Delete a user \"' + sunetid + '\" from the users module data source."')
puts "Error committing the change to git. Please do it manually."
exit
end
else
puts "Error adding the data source file to git. Please add and commit manually."
exit
end
puts <<-EOS
User "#{sunetid}" has been successfully deleted. The commit has not yet been
pushed to the remote. To complete this change, run:
git push
EOS
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment