Context Navigation

← Previous Change
Next Change →

sync_moira_authz.py

Timestamp:

Dec 19, 2011, 8:30:04 PM (14 years ago)

Author:

Alex Dehnert <adehnert@…>

Branches:

master, space-access, stable, stage, test-hooks

Children:

8d36a62, 9af5b25

Parents:

b90e90b

git-author:

Alex Dehnert <adehnert@…> (12/18/11 01:00:30)

git-committer:

Alex Dehnert <adehnert@…> (12/19/11 20:30:04)

Message:

Moira->Django sync script

Major changes from 776830deb5:

Actually sync
Use AFS

File:

: 1 edited

asadb/util/sync_moira_authz.py (modified) (3 diffs, 1 prop)

Legend:

: Unmodified
: Added
: Removed

asadb/util/sync_moira_authz.py

Property mode changed from 100644 to 100755

-                      r776830d
+                      r5543d51
 #!/usr/bin/python
+import afs.pts
 import ldap
 import ldap.dn
 …
 import sys
+class LDAPConnector(object):
+if __name__ == '__main__':
+    cur_file = os.path.abspath(__file__)
+    django_dir = os.path.abspath(os.path.join(os.path.dirname(cur_file), '..'))
+    sys.path.append(django_dir)
+    os.environ['DJANGO_SETTINGS_MODULE'] = 'settings'
+import django.contrib.auth.models
+import mit
+class DjangoConnector(object):
     def __init__(self, ):
+        self.dj_groups = django.contrib.auth.models.Group.objects
+    def sync_members(self, sys_name, dj_name, ):
+        kept = []
+        added = []
+        nonexist = []
+        created = []
+        removed = []
+        sys_members = self.get_members(sys_name)
+        dj_group = self.dj_groups.get(name=dj_name)
+        dj_members = dj_group.user_set.all()
+        dj_usernames = set([m.username for m in dj_members])
+        for username in sys_members:
+            if username in dj_usernames:
+                kept.append(username)
+            else:
+                # Need to add to the Django group
+                try:
+                    user, is_new = mit.get_or_create_mit_user(username, )
+                    if is_new: created.append(username)
+                    user.groups.add(dj_group)
+                    added.append(username)
+                except ValueError:
+                    nonexist.append(username)
+        for user in dj_members:
+            username = user.username
+            if username in sys_members:
+                assert username in kept
+            else:
+                user.groups.remove(dj_group)
+                removed.append(username)
+        return {
+            'change' : len(added) + len(removed),
+            'keep' : kept,
+            'add'  : added,
+            'create' : created,
+            'nonexist' : nonexist,
+            'remove': removed,
+        }
+    def sync_many(con, what, force_print=False, ):
+        changed = False
+        results = {}
+        for sys_name, dj_group in what:
+            assert dj_group not in results
+            results[dj_group] = con_afs.sync_members(sys_name, dj_group)
+            if results[dj_group]['change']: changed = True
+        if changed or force_print:
+            for group in results:
+                print ""
+                print "Results for %s:" % (group, )
+                for key, value in results[group].items():
+                    print "%7s:\t%s" % (key, value, )
+class LDAPConnector(DjangoConnector):
+    name = "LDAP"
+    def __init__(self, *args, **kwargs):
+        super(LDAPConnector, self).__init__(*args, **kwargs)
         self.con = ldap.initialize('ldaps://ldap-too.mit.edu')
         self.con.simple_bind_s("", "")
     def get_members_ldap(self, groupname):
+    def get_members(self, groupname):
         base_dn = 'ou=lists,ou=moira,dc=mit,dc=edu'
         groupfilter = ldap.filter.filter_format('(&(objectClass=group)(displayName=%s))', [groupname])
 …
             else:
                 assert False, "Don't know what %s is" % (c_type, )
+        return ret
+        return [r[1] for r in ret if r[0] == 'user']
+class AFSConnector(DjangoConnector):
+    name = "AFS"
+    def __init__(self, *args, **kwargs):
+        super(AFSConnector, self).__init__(*args, **kwargs)
+        # TODO: possibly kinit and aklog
+        self.pts = afs.pts.PTS(sec=afs.pts.PTS_ENCRYPT, cell='athena.mit.edu', )
+    def get_members(self, groupname, ):
+        afs_members = self.pts.getEntry("system:%s" % (groupname, )).members
+        members = [ m.name for m in afs_members ]
+        return members
+sync_pairs = [
+    ('asa-internal', 'asa-ebm', ),
+]
+def test_memberships(cons):
+    for sys_name, dj_group in sync_pairs:
+        for con in cons:
+            members = con.get_members(sys_name)
+            print "%s\t%s\t%s" % (con.name, sys_name, sorted(members))
 if __name__ == '__main__':
     con = LDAPConnector()
     for listname in sys.argv[1:]:
         members = con.get_members_ldap(listname)
         print "%s\t%s" % (listname, members)
+    con_afs = AFSConnector()
+    #con_ldap = LDAPConnector()
+    #test_memberships([con_afs, con_ldap, ])
+    con_afs.sync_many(sync_pairs)

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 5543d51 for asadb/util/sync_moira_authz.py

Legend:

asadb/util/sync_moira_authz.py

Download in other formats: