arvados-login-sync 2.0.3 → 2.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/arvados-login-sync +82 -22
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 26bdae065f222a1bf829104d946b977925df1b7ebfa246f6d11e5a362bf45bbf
|
4
|
+
data.tar.gz: 26bbc165ea34ef4ced71a09425c5db9cefda73d03d5eacfc0c9fe727fb4e9b12
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 614dd9ac71b15ba4f803baad5033d0d0afcaf26ddb05c06e178d5a19d3f9774dde0acea2e971a9dd4342742a716e120236caafa279311103f79f96ecedfbabce
|
7
|
+
data.tar.gz: 91ba4b18994e78857592d3d44db7224eb68d4aaab3bc5b1d87b7168d4b583c6e8aed304d123b9550d02378378d8f4f252e0fb09425bfc2652a8091c2f8a6db9d
|
data/bin/arvados-login-sync
CHANGED
@@ -31,12 +31,15 @@ keys = ''
|
|
31
31
|
|
32
32
|
begin
|
33
33
|
arv = Arvados.new({ :suppress_ssl_warnings => false })
|
34
|
+
logincluster_arv = Arvados.new({ :api_host => (ENV['LOGINCLUSTER_ARVADOS_API_HOST'] || ENV['ARVADOS_API_HOST']),
|
35
|
+
:api_token => (ENV['LOGINCLUSTER_ARVADOS_API_TOKEN'] || ENV['ARVADOS_API_TOKEN']),
|
36
|
+
:suppress_ssl_warnings => false })
|
34
37
|
|
35
38
|
vm_uuid = ENV['ARVADOS_VIRTUAL_MACHINE_UUID']
|
36
39
|
|
37
40
|
logins = arv.virtual_machine.logins(:uuid => vm_uuid)[:items]
|
38
41
|
logins = [] if logins.nil?
|
39
|
-
logins = logins.reject { |l| l[:username].nil? or l[:hostname].nil? or l[:
|
42
|
+
logins = logins.reject { |l| l[:username].nil? or l[:hostname].nil? or l[:virtual_machine_uuid] != vm_uuid }
|
40
43
|
|
41
44
|
# No system users
|
42
45
|
uid_min = 1000
|
@@ -79,48 +82,77 @@ begin
|
|
79
82
|
logins.each do |l|
|
80
83
|
keys[l[:username]] = Array.new() if not keys.has_key?(l[:username])
|
81
84
|
key = l[:public_key]
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
85
|
+
if !key.nil?
|
86
|
+
# Handle putty-style ssh public keys
|
87
|
+
key.sub!(/^(Comment: "r[^\n]*\n)(.*)$/m,'ssh-rsa \2 \1')
|
88
|
+
key.sub!(/^(Comment: "d[^\n]*\n)(.*)$/m,'ssh-dss \2 \1')
|
89
|
+
key.gsub!(/\n/,'')
|
90
|
+
key.strip
|
91
|
+
|
92
|
+
keys[l[:username]].push(key) if not keys[l[:username]].include?(key)
|
93
|
+
end
|
89
94
|
end
|
90
95
|
|
91
96
|
seen = Hash.new()
|
92
|
-
|
97
|
+
|
98
|
+
current_user_groups = Hash.new
|
99
|
+
while (ent = Etc.getgrent()) do
|
100
|
+
ent.mem.each do |member|
|
101
|
+
current_user_groups[member] ||= Array.new
|
102
|
+
current_user_groups[member].push ent.name
|
103
|
+
end
|
104
|
+
end
|
105
|
+
Etc.endgrent()
|
93
106
|
|
94
107
|
logins.each do |l|
|
95
108
|
next if seen[l[:username]]
|
96
109
|
seen[l[:username]] = true
|
97
110
|
|
111
|
+
username = l[:username]
|
112
|
+
|
98
113
|
unless pwnam[l[:username]]
|
99
114
|
STDERR.puts "Creating account #{l[:username]}"
|
100
|
-
groups = l[:groups] || []
|
101
|
-
# Adding users to the FUSE group has long been hardcoded behavior.
|
102
|
-
groups << "fuse"
|
103
|
-
groups.select! { |g| Etc.getgrnam(g) rescue false }
|
104
115
|
# Create new user
|
105
116
|
unless system("useradd", "-m",
|
106
|
-
"-c",
|
117
|
+
"-c", username,
|
107
118
|
"-s", "/bin/bash",
|
108
|
-
|
109
|
-
l[:username],
|
110
|
-
out: devnull)
|
119
|
+
username)
|
111
120
|
STDERR.puts "Account creation failed for #{l[:username]}: #{$?}"
|
112
121
|
next
|
113
122
|
end
|
114
123
|
begin
|
115
|
-
pwnam[
|
124
|
+
pwnam[username] = Etc.getpwnam(username)
|
116
125
|
rescue => e
|
117
126
|
STDERR.puts "Created account but then getpwnam() failed for #{l[:username]}: #{e}"
|
118
127
|
raise
|
119
128
|
end
|
120
129
|
end
|
121
130
|
|
122
|
-
|
123
|
-
|
131
|
+
existing_groups = current_user_groups[username] || []
|
132
|
+
groups = l[:groups] || []
|
133
|
+
# Adding users to the FUSE group has long been hardcoded behavior.
|
134
|
+
groups << "fuse"
|
135
|
+
groups << username
|
136
|
+
groups.select! { |g| Etc.getgrnam(g) rescue false }
|
137
|
+
|
138
|
+
groups.each do |addgroup|
|
139
|
+
if existing_groups.index(addgroup).nil?
|
140
|
+
# User should be in group, but isn't, so add them.
|
141
|
+
STDERR.puts "Add user #{username} to #{addgroup} group"
|
142
|
+
system("adduser", username, addgroup)
|
143
|
+
end
|
144
|
+
end
|
145
|
+
|
146
|
+
existing_groups.each do |removegroup|
|
147
|
+
if groups.index(removegroup).nil?
|
148
|
+
# User is in a group, but shouldn't be, so remove them.
|
149
|
+
STDERR.puts "Remove user #{username} from #{removegroup} group"
|
150
|
+
system("deluser", username, removegroup)
|
151
|
+
end
|
152
|
+
end
|
153
|
+
|
154
|
+
homedir = pwnam[l[:username]].dir
|
155
|
+
userdotssh = File.join(homedir, ".ssh")
|
124
156
|
Dir.mkdir(userdotssh) if !File.exist?(userdotssh)
|
125
157
|
|
126
158
|
newkeys = "###\n###\n" + keys[l[:username]].join("\n") + "\n###\n###\n"
|
@@ -148,13 +180,41 @@ begin
|
|
148
180
|
f.write(newkeys)
|
149
181
|
f.close()
|
150
182
|
end
|
183
|
+
|
184
|
+
userdotconfig = File.join(homedir, ".config")
|
185
|
+
if !File.exist?(userdotconfig)
|
186
|
+
Dir.mkdir(userdotconfig)
|
187
|
+
end
|
188
|
+
|
189
|
+
configarvados = File.join(userdotconfig, "arvados")
|
190
|
+
Dir.mkdir(configarvados) if !File.exist?(configarvados)
|
191
|
+
|
192
|
+
tokenfile = File.join(configarvados, "settings.conf")
|
193
|
+
|
194
|
+
begin
|
195
|
+
if !File.exist?(tokenfile)
|
196
|
+
user_token = logincluster_arv.api_client_authorization.create(api_client_authorization: {owner_uuid: l[:user_uuid], api_client_id: 0})
|
197
|
+
f = File.new(tokenfile, 'w')
|
198
|
+
f.write("ARVADOS_API_HOST=#{ENV['ARVADOS_API_HOST']}\n")
|
199
|
+
f.write("ARVADOS_API_TOKEN=v2/#{user_token[:uuid]}/#{user_token[:api_token]}\n")
|
200
|
+
f.close()
|
201
|
+
end
|
202
|
+
rescue => e
|
203
|
+
STDERR.puts "Error setting token for #{l[:username]}: #{e}"
|
204
|
+
end
|
205
|
+
|
151
206
|
FileUtils.chown_R(l[:username], nil, userdotssh)
|
207
|
+
FileUtils.chown_R(l[:username], nil, userdotconfig)
|
152
208
|
File.chmod(0700, userdotssh)
|
153
|
-
File.chmod(
|
209
|
+
File.chmod(0700, userdotconfig)
|
210
|
+
File.chmod(0700, configarvados)
|
211
|
+
File.chmod(0750, homedir)
|
154
212
|
File.chmod(0600, keysfile)
|
213
|
+
if File.exist?(tokenfile)
|
214
|
+
File.chmod(0600, tokenfile)
|
215
|
+
end
|
155
216
|
end
|
156
217
|
|
157
|
-
devnull.close
|
158
218
|
rescue Exception => bang
|
159
219
|
puts "Error: " + bang.to_s
|
160
220
|
puts bang.backtrace.join("\n")
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: arvados-login-sync
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.1.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Arvados Authors
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-02-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: arvados
|
@@ -73,8 +73,8 @@ dependencies:
|
|
73
73
|
- !ruby/object:Gem::Version
|
74
74
|
version: '0.12'
|
75
75
|
description: Creates and updates local login accounts for Arvados users. Built from
|
76
|
-
git commit
|
77
|
-
email:
|
76
|
+
git commit 78096170b070a9eb17b37f913798397744fa1ff5
|
77
|
+
email: packaging@arvados.org
|
78
78
|
executables:
|
79
79
|
- arvados-login-sync
|
80
80
|
extensions: []
|