arvados-login-sync 2.1.5 → 2.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/arvados-login-sync +36 -5
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8d4d5cb0dc3dee04326d48be68713f48ad78b04017bde44dd40ca0860612d7e4
|
4
|
+
data.tar.gz: b8f1e93b27f5382578eee8d83eaaa6b5a72f10dc8c462373d0f9de7c0e71382e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 36b28aa854725eadf7a329ee374892a06661c2560e10d1fe25e2119432cd9f811166587338c9f4cf394e2f610bb20f6e94506fd60fd54e6c47220b4a81a20072
|
7
|
+
data.tar.gz: 281dc0df4857fe705b43d280b79c36a99231f8c357881a83e917ecd853d8015874d1415e67614412b721252d54f1300fd2072a42b5e7d2d2c7dbca899ac62566
|
data/bin/arvados-login-sync
CHANGED
@@ -21,9 +21,10 @@ end
|
|
21
21
|
options = {}
|
22
22
|
OptionParser.new do |parser|
|
23
23
|
parser.on('--exclusive', 'Manage SSH keys file exclusively.')
|
24
|
-
parser.on('--rotate-tokens', '
|
24
|
+
parser.on('--rotate-tokens', 'Force a rotation of all user tokens.')
|
25
25
|
parser.on('--skip-missing-users', "Don't try to create any local accounts.")
|
26
26
|
parser.on('--token-lifetime SECONDS', 'Create user tokens that expire after SECONDS.', Integer)
|
27
|
+
parser.on('--debug', 'Enable debug output')
|
27
28
|
end.parse!(into: options)
|
28
29
|
|
29
30
|
exclusive_banner = "#######################################################################################
|
@@ -35,6 +36,10 @@ end_banner = "### END Arvados-managed keys -- changes between markers will be ov
|
|
35
36
|
keys = ''
|
36
37
|
|
37
38
|
begin
|
39
|
+
debug = false
|
40
|
+
if options[:"debug"]
|
41
|
+
debug = true
|
42
|
+
end
|
38
43
|
arv = Arvados.new({ :suppress_ssl_warnings => false })
|
39
44
|
logincluster_arv = Arvados.new({ :api_host => (ENV['LOGINCLUSTER_ARVADOS_API_HOST'] || ENV['ARVADOS_API_HOST']),
|
40
45
|
:api_token => (ENV['LOGINCLUSTER_ARVADOS_API_TOKEN'] || ENV['ARVADOS_API_TOKEN']),
|
@@ -75,7 +80,7 @@ begin
|
|
75
80
|
end
|
76
81
|
else
|
77
82
|
if pwnam[l[:username]].uid < uid_min
|
78
|
-
STDERR.puts "Account #{l[:username]} uid #{pwnam[l[:username]].uid} < uid_min #{uid_min}. Skipping"
|
83
|
+
STDERR.puts "Account #{l[:username]} uid #{pwnam[l[:username]].uid} < uid_min #{uid_min}. Skipping" if debug
|
79
84
|
true
|
80
85
|
end
|
81
86
|
end
|
@@ -85,6 +90,7 @@ begin
|
|
85
90
|
|
86
91
|
# Collect all keys
|
87
92
|
logins.each do |l|
|
93
|
+
STDERR.puts("Considering #{l[:username]} ...") if debug
|
88
94
|
keys[l[:username]] = Array.new() if not keys.has_key?(l[:username])
|
89
95
|
key = l[:public_key]
|
90
96
|
if !key.nil?
|
@@ -144,7 +150,7 @@ begin
|
|
144
150
|
if existing_groups.index(addgroup).nil?
|
145
151
|
# User should be in group, but isn't, so add them.
|
146
152
|
STDERR.puts "Add user #{username} to #{addgroup} group"
|
147
|
-
system("
|
153
|
+
system("usermod", "-aG", addgroup, username)
|
148
154
|
end
|
149
155
|
end
|
150
156
|
|
@@ -152,7 +158,7 @@ begin
|
|
152
158
|
if groups.index(removegroup).nil?
|
153
159
|
# User is in a group, but shouldn't be, so remove them.
|
154
160
|
STDERR.puts "Remove user #{username} from #{removegroup} group"
|
155
|
-
system("
|
161
|
+
system("gpasswd", "-d", username, removegroup)
|
156
162
|
end
|
157
163
|
end
|
158
164
|
|
@@ -197,7 +203,32 @@ begin
|
|
197
203
|
tokenfile = File.join(configarvados, "settings.conf")
|
198
204
|
|
199
205
|
begin
|
200
|
-
|
206
|
+
STDERR.puts "Processing #{tokenfile} ..." if debug
|
207
|
+
newToken = false
|
208
|
+
if File.exist?(tokenfile)
|
209
|
+
# check if the token is still valid
|
210
|
+
myToken = ENV["ARVADOS_API_TOKEN"]
|
211
|
+
userEnv = IO::read(tokenfile)
|
212
|
+
if (m = /^ARVADOS_API_TOKEN=(.*?\n)/m.match(userEnv))
|
213
|
+
begin
|
214
|
+
tmp_arv = Arvados.new({ :api_host => (ENV['LOGINCLUSTER_ARVADOS_API_HOST'] || ENV['ARVADOS_API_HOST']),
|
215
|
+
:api_token => (m[1]),
|
216
|
+
:suppress_ssl_warnings => false })
|
217
|
+
tmp_arv.user.current
|
218
|
+
rescue Arvados::TransactionFailedError => e
|
219
|
+
if e.to_s =~ /401 Unauthorized/
|
220
|
+
STDERR.puts "Account #{l[:username]} token not valid, creating new token."
|
221
|
+
newToken = true
|
222
|
+
else
|
223
|
+
raise
|
224
|
+
end
|
225
|
+
end
|
226
|
+
end
|
227
|
+
elsif !File.exist?(tokenfile) || options[:"rotate-tokens"]
|
228
|
+
STDERR.puts "Account #{l[:username]} token file not found, creating new token."
|
229
|
+
newToken = true
|
230
|
+
end
|
231
|
+
if newToken
|
201
232
|
aca_params = {owner_uuid: l[:user_uuid], api_client_id: 0}
|
202
233
|
if options[:"token-lifetime"] && options[:"token-lifetime"] > 0
|
203
234
|
aca_params.merge!(expires_at: (Time.now + options[:"token-lifetime"]))
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: arvados-login-sync
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Arvados Authors
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-10-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: arvados
|
@@ -67,7 +67,7 @@ dependencies:
|
|
67
67
|
- !ruby/object:Gem::Version
|
68
68
|
version: '0.12'
|
69
69
|
description: Creates and updates local login accounts for Arvados users. Built from
|
70
|
-
git commit
|
70
|
+
git commit 308c90af198f5dd6b25ac284fe24aa8e648bc6d8
|
71
71
|
email: packaging@arvados.org
|
72
72
|
executables:
|
73
73
|
- arvados-login-sync
|