arvados-login-sync 2.0.3 → 2.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/arvados-login-sync +82 -22
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 26bdae065f222a1bf829104d946b977925df1b7ebfa246f6d11e5a362bf45bbf
|
4
|
+
data.tar.gz: 26bbc165ea34ef4ced71a09425c5db9cefda73d03d5eacfc0c9fe727fb4e9b12
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 614dd9ac71b15ba4f803baad5033d0d0afcaf26ddb05c06e178d5a19d3f9774dde0acea2e971a9dd4342742a716e120236caafa279311103f79f96ecedfbabce
|
7
|
+
data.tar.gz: 91ba4b18994e78857592d3d44db7224eb68d4aaab3bc5b1d87b7168d4b583c6e8aed304d123b9550d02378378d8f4f252e0fb09425bfc2652a8091c2f8a6db9d
|
data/bin/arvados-login-sync
CHANGED
@@ -31,12 +31,15 @@ keys = ''
|
|
31
31
|
|
32
32
|
begin
|
33
33
|
arv = Arvados.new({ :suppress_ssl_warnings => false })
|
34
|
+
logincluster_arv = Arvados.new({ :api_host => (ENV['LOGINCLUSTER_ARVADOS_API_HOST'] || ENV['ARVADOS_API_HOST']),
|
35
|
+
:api_token => (ENV['LOGINCLUSTER_ARVADOS_API_TOKEN'] || ENV['ARVADOS_API_TOKEN']),
|
36
|
+
:suppress_ssl_warnings => false })
|
34
37
|
|
35
38
|
vm_uuid = ENV['ARVADOS_VIRTUAL_MACHINE_UUID']
|
36
39
|
|
37
40
|
logins = arv.virtual_machine.logins(:uuid => vm_uuid)[:items]
|
38
41
|
logins = [] if logins.nil?
|
39
|
-
logins = logins.reject { |l| l[:username].nil? or l[:hostname].nil? or l[:
|
42
|
+
logins = logins.reject { |l| l[:username].nil? or l[:hostname].nil? or l[:virtual_machine_uuid] != vm_uuid }
|
40
43
|
|
41
44
|
# No system users
|
42
45
|
uid_min = 1000
|
@@ -79,48 +82,77 @@ begin
|
|
79
82
|
logins.each do |l|
|
80
83
|
keys[l[:username]] = Array.new() if not keys.has_key?(l[:username])
|
81
84
|
key = l[:public_key]
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
85
|
+
if !key.nil?
|
86
|
+
# Handle putty-style ssh public keys
|
87
|
+
key.sub!(/^(Comment: "r[^\n]*\n)(.*)$/m,'ssh-rsa \2 \1')
|
88
|
+
key.sub!(/^(Comment: "d[^\n]*\n)(.*)$/m,'ssh-dss \2 \1')
|
89
|
+
key.gsub!(/\n/,'')
|
90
|
+
key.strip
|
91
|
+
|
92
|
+
keys[l[:username]].push(key) if not keys[l[:username]].include?(key)
|
93
|
+
end
|
89
94
|
end
|
90
95
|
|
91
96
|
seen = Hash.new()
|
92
|
-
|
97
|
+
|
98
|
+
current_user_groups = Hash.new
|
99
|
+
while (ent = Etc.getgrent()) do
|
100
|
+
ent.mem.each do |member|
|
101
|
+
current_user_groups[member] ||= Array.new
|
102
|
+
current_user_groups[member].push ent.name
|
103
|
+
end
|
104
|
+
end
|
105
|
+
Etc.endgrent()
|
93
106
|
|
94
107
|
logins.each do |l|
|
95
108
|
next if seen[l[:username]]
|
96
109
|
seen[l[:username]] = true
|
97
110
|
|
111
|
+
username = l[:username]
|
112
|
+
|
98
113
|
unless pwnam[l[:username]]
|
99
114
|
STDERR.puts "Creating account #{l[:username]}"
|
100
|
-
groups = l[:groups] || []
|
101
|
-
# Adding users to the FUSE group has long been hardcoded behavior.
|
102
|
-
groups << "fuse"
|
103
|
-
groups.select! { |g| Etc.getgrnam(g) rescue false }
|
104
115
|
# Create new user
|
105
116
|
unless system("useradd", "-m",
|
106
|
-
"-c",
|
117
|
+
"-c", username,
|
107
118
|
"-s", "/bin/bash",
|
108
|
-
|
109
|
-
l[:username],
|
110
|
-
out: devnull)
|
119
|
+
username)
|
111
120
|
STDERR.puts "Account creation failed for #{l[:username]}: #{$?}"
|
112
121
|
next
|
113
122
|
end
|
114
123
|
begin
|
115
|
-
pwnam[
|
124
|
+
pwnam[username] = Etc.getpwnam(username)
|
116
125
|
rescue => e
|
117
126
|
STDERR.puts "Created account but then getpwnam() failed for #{l[:username]}: #{e}"
|
118
127
|
raise
|
119
128
|
end
|
120
129
|
end
|
121
130
|
|
122
|
-
|
123
|
-
|
131
|
+
existing_groups = current_user_groups[username] || []
|
132
|
+
groups = l[:groups] || []
|
133
|
+
# Adding users to the FUSE group has long been hardcoded behavior.
|
134
|
+
groups << "fuse"
|
135
|
+
groups << username
|
136
|
+
groups.select! { |g| Etc.getgrnam(g) rescue false }
|
137
|
+
|
138
|
+
groups.each do |addgroup|
|
139
|
+
if existing_groups.index(addgroup).nil?
|
140
|
+
# User should be in group, but isn't, so add them.
|
141
|
+
STDERR.puts "Add user #{username} to #{addgroup} group"
|
142
|
+
system("adduser", username, addgroup)
|
143
|
+
end
|
144
|
+
end
|
145
|
+
|
146
|
+
existing_groups.each do |removegroup|
|
147
|
+
if groups.index(removegroup).nil?
|
148
|
+
# User is in a group, but shouldn't be, so remove them.
|
149
|
+
STDERR.puts "Remove user #{username} from #{removegroup} group"
|
150
|
+
system("deluser", username, removegroup)
|
151
|
+
end
|
152
|
+
end
|
153
|
+
|
154
|
+
homedir = pwnam[l[:username]].dir
|
155
|
+
userdotssh = File.join(homedir, ".ssh")
|
124
156
|
Dir.mkdir(userdotssh) if !File.exist?(userdotssh)
|
125
157
|
|
126
158
|
newkeys = "###\n###\n" + keys[l[:username]].join("\n") + "\n###\n###\n"
|
@@ -148,13 +180,41 @@ begin
|
|
148
180
|
f.write(newkeys)
|
149
181
|
f.close()
|
150
182
|
end
|
183
|
+
|
184
|
+
userdotconfig = File.join(homedir, ".config")
|
185
|
+
if !File.exist?(userdotconfig)
|
186
|
+
Dir.mkdir(userdotconfig)
|
187
|
+
end
|
188
|
+
|
189
|
+
configarvados = File.join(userdotconfig, "arvados")
|
190
|
+
Dir.mkdir(configarvados) if !File.exist?(configarvados)
|
191
|
+
|
192
|
+
tokenfile = File.join(configarvados, "settings.conf")
|
193
|
+
|
194
|
+
begin
|
195
|
+
if !File.exist?(tokenfile)
|
196
|
+
user_token = logincluster_arv.api_client_authorization.create(api_client_authorization: {owner_uuid: l[:user_uuid], api_client_id: 0})
|
197
|
+
f = File.new(tokenfile, 'w')
|
198
|
+
f.write("ARVADOS_API_HOST=#{ENV['ARVADOS_API_HOST']}\n")
|
199
|
+
f.write("ARVADOS_API_TOKEN=v2/#{user_token[:uuid]}/#{user_token[:api_token]}\n")
|
200
|
+
f.close()
|
201
|
+
end
|
202
|
+
rescue => e
|
203
|
+
STDERR.puts "Error setting token for #{l[:username]}: #{e}"
|
204
|
+
end
|
205
|
+
|
151
206
|
FileUtils.chown_R(l[:username], nil, userdotssh)
|
207
|
+
FileUtils.chown_R(l[:username], nil, userdotconfig)
|
152
208
|
File.chmod(0700, userdotssh)
|
153
|
-
File.chmod(
|
209
|
+
File.chmod(0700, userdotconfig)
|
210
|
+
File.chmod(0700, configarvados)
|
211
|
+
File.chmod(0750, homedir)
|
154
212
|
File.chmod(0600, keysfile)
|
213
|
+
if File.exist?(tokenfile)
|
214
|
+
File.chmod(0600, tokenfile)
|
215
|
+
end
|
155
216
|
end
|
156
217
|
|
157
|
-
devnull.close
|
158
218
|
rescue Exception => bang
|
159
219
|
puts "Error: " + bang.to_s
|
160
220
|
puts bang.backtrace.join("\n")
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: arvados-login-sync
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.1.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Arvados Authors
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-02-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: arvados
|
@@ -73,8 +73,8 @@ dependencies:
|
|
73
73
|
- !ruby/object:Gem::Version
|
74
74
|
version: '0.12'
|
75
75
|
description: Creates and updates local login accounts for Arvados users. Built from
|
76
|
-
git commit
|
77
|
-
email:
|
76
|
+
git commit 78096170b070a9eb17b37f913798397744fa1ff5
|
77
|
+
email: packaging@arvados.org
|
78
78
|
executables:
|
79
79
|
- arvados-login-sync
|
80
80
|
extensions: []
|