arvados-login-sync 2.0.2 → 2.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/bin/arvados-login-sync +79 -22
  3. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cc7a1105097c49dfe896893545c78fa5a41d0e4012488988abda4198875daabc
4
- data.tar.gz: 0a939b261ee7c6cd5f951d7014a675e57fd53cf6b9e7e4743665a63bab1b050a
3
+ metadata.gz: d62966a42aec769855347fa3a88f00951729531a6c208b05f1785505e1989947
4
+ data.tar.gz: 2d6287af163d20d13c67c3d5b84eeb56a49aa37f128052317d7bc367cbbc55f1
5
5
  SHA512:
6
- metadata.gz: 90531c75fefb3ce0f4e2ee43a858565a5a7379a778dc9313512d5d9d61112b5029ae2dc84603ed7611b65976555f8af205c7ee318302119cd9226308c038a3cc
7
- data.tar.gz: 25fc16728e3cb6c5a79623a2228aa155782a5fb1be6385a4fee7fc7c5882b0b2e75605195e1e40c1831f7cc915b0e142d6b2fb6ea50ec4fd52ba45e7e0df6459
6
+ metadata.gz: 52c1d7609cbc9f06a602a7a78ec78123117cf500cc0476695e5afc49173fad6499b1d8567e5127526e6ee2c24fea3215828175aa14f93abe8e500d6a60c83a79
7
+ data.tar.gz: 7deffe423ebe0a5a56e327376ebba6e21a856af1bfb01ffbc0376e42b3642e2ae7451202f8c812b3e163d663baa620bf553a31b43c25c6d0f6b007d15419b981
data/bin/arvados-login-sync CHANGED
@@ -36,7 +36,7 @@ begin
36
36
 
37
37
  logins = arv.virtual_machine.logins(:uuid => vm_uuid)[:items]
38
38
  logins = [] if logins.nil?
39
- logins = logins.reject { |l| l[:username].nil? or l[:hostname].nil? or l[:public_key].nil? or l[:virtual_machine_uuid] != vm_uuid }
39
+ logins = logins.reject { |l| l[:username].nil? or l[:hostname].nil? or l[:virtual_machine_uuid] != vm_uuid }
40
40
 
41
41
  # No system users
42
42
  uid_min = 1000
@@ -79,48 +79,77 @@ begin
79
79
  logins.each do |l|
80
80
  keys[l[:username]] = Array.new() if not keys.has_key?(l[:username])
81
81
  key = l[:public_key]
82
- # Handle putty-style ssh public keys
83
- key.sub!(/^(Comment: "r[^\n]*\n)(.*)$/m,'ssh-rsa \2 \1')
84
- key.sub!(/^(Comment: "d[^\n]*\n)(.*)$/m,'ssh-dss \2 \1')
85
- key.gsub!(/\n/,'')
86
- key.strip
87
-
88
- keys[l[:username]].push(key) if not keys[l[:username]].include?(key)
82
+ if !key.nil?
83
+ # Handle putty-style ssh public keys
84
+ key.sub!(/^(Comment: "r[^\n]*\n)(.*)$/m,'ssh-rsa \2 \1')
85
+ key.sub!(/^(Comment: "d[^\n]*\n)(.*)$/m,'ssh-dss \2 \1')
86
+ key.gsub!(/\n/,'')
87
+ key.strip
88
+
89
+ keys[l[:username]].push(key) if not keys[l[:username]].include?(key)
90
+ end
89
91
  end
90
92
 
91
93
  seen = Hash.new()
92
- devnull = open("/dev/null", "w")
94
+
95
+ current_user_groups = Hash.new
96
+ while (ent = Etc.getgrent()) do
97
+ ent.mem.each do |member|
98
+ current_user_groups[member] ||= Array.new
99
+ current_user_groups[member].push ent.name
100
+ end
101
+ end
102
+ Etc.endgrent()
93
103
 
94
104
  logins.each do |l|
95
105
  next if seen[l[:username]]
96
106
  seen[l[:username]] = true
97
107
 
108
+ username = l[:username]
109
+
98
110
  unless pwnam[l[:username]]
99
111
  STDERR.puts "Creating account #{l[:username]}"
100
- groups = l[:groups] || []
101
- # Adding users to the FUSE group has long been hardcoded behavior.
102
- groups << "fuse"
103
- groups.select! { |g| Etc.getgrnam(g) rescue false }
104
112
  # Create new user
105
113
  unless system("useradd", "-m",
106
- "-c", l[:username],
114
+ "-c", username,
107
115
  "-s", "/bin/bash",
108
- "-G", groups.join(","),
109
- l[:username],
110
- out: devnull)
116
+ username)
111
117
  STDERR.puts "Account creation failed for #{l[:username]}: #{$?}"
112
118
  next
113
119
  end
114
120
  begin
115
- pwnam[l[:username]] = Etc.getpwnam(l[:username])
121
+ pwnam[username] = Etc.getpwnam(username)
116
122
  rescue => e
117
123
  STDERR.puts "Created account but then getpwnam() failed for #{l[:username]}: #{e}"
118
124
  raise
119
125
  end
120
126
  end
121
127
 
122
- @homedir = pwnam[l[:username]].dir
123
- userdotssh = File.join(@homedir, ".ssh")
128
+ existing_groups = current_user_groups[username] || []
129
+ groups = l[:groups] || []
130
+ # Adding users to the FUSE group has long been hardcoded behavior.
131
+ groups << "fuse"
132
+ groups << username
133
+ groups.select! { |g| Etc.getgrnam(g) rescue false }
134
+
135
+ groups.each do |addgroup|
136
+ if existing_groups.index(addgroup).nil?
137
+ # User should be in group, but isn't, so add them.
138
+ STDERR.puts "Add user #{username} to #{addgroup} group"
139
+ system("adduser", username, addgroup)
140
+ end
141
+ end
142
+
143
+ existing_groups.each do |removegroup|
144
+ if groups.index(removegroup).nil?
145
+ # User is in a group, but shouldn't be, so remove them.
146
+ STDERR.puts "Remove user #{username} from #{removegroup} group"
147
+ system("deluser", username, removegroup)
148
+ end
149
+ end
150
+
151
+ homedir = pwnam[l[:username]].dir
152
+ userdotssh = File.join(homedir, ".ssh")
124
153
  Dir.mkdir(userdotssh) if !File.exist?(userdotssh)
125
154
 
126
155
  newkeys = "###\n###\n" + keys[l[:username]].join("\n") + "\n###\n###\n"
@@ -148,13 +177,41 @@ begin
148
177
  f.write(newkeys)
149
178
  f.close()
150
179
  end
180
+
181
+ userdotconfig = File.join(homedir, ".config")
182
+ if !File.exist?(userdotconfig)
183
+ Dir.mkdir(userdotconfig)
184
+ end
185
+
186
+ configarvados = File.join(userdotconfig, "arvados")
187
+ Dir.mkdir(configarvados) if !File.exist?(configarvados)
188
+
189
+ tokenfile = File.join(configarvados, "settings.conf")
190
+
191
+ begin
192
+ if !File.exist?(tokenfile)
193
+ user_token = arv.api_client_authorization.create(api_client_authorization: {owner_uuid: l[:user_uuid], api_client_id: 0})
194
+ f = File.new(tokenfile, 'w')
195
+ f.write("ARVADOS_API_HOST=#{ENV['ARVADOS_API_HOST']}\n")
196
+ f.write("ARVADOS_API_TOKEN=v2/#{user_token[:uuid]}/#{user_token[:api_token]}\n")
197
+ f.close()
198
+ end
199
+ rescue => e
200
+ STDERR.puts "Error setting token for #{l[:username]}: #{e}"
201
+ end
202
+
151
203
  FileUtils.chown_R(l[:username], nil, userdotssh)
204
+ FileUtils.chown_R(l[:username], nil, userdotconfig)
152
205
  File.chmod(0700, userdotssh)
153
- File.chmod(0750, @homedir)
206
+ File.chmod(0700, userdotconfig)
207
+ File.chmod(0700, configarvados)
208
+ File.chmod(0750, homedir)
154
209
  File.chmod(0600, keysfile)
210
+ if File.exist?(tokenfile)
211
+ File.chmod(0600, tokenfile)
212
+ end
155
213
  end
156
214
 
157
- devnull.close
158
215
  rescue Exception => bang
159
216
  puts "Error: " + bang.to_s
160
217
  puts bang.backtrace.join("\n")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: arvados-login-sync
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.2
4
+ version: 2.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Arvados Authors
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-04-13 00:00:00.000000000 Z
11
+ date: 2020-09-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: arvados
@@ -73,7 +73,7 @@ dependencies:
73
73
  - !ruby/object:Gem::Version
74
74
  version: '0.12'
75
75
  description: Creates and updates local login accounts for Arvados users. Built from
76
- git commit 5f300020c51e8073a9cb6e45ee49991386244510
76
+ git commit 1771152da97200b038378666457d18679f4c8cd7
77
77
  email: gem-dev@curoverse.com
78
78
  executables:
79
79
  - arvados-login-sync