arvados-login-sync 2.2.0 → 2.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/arvados-login-sync +36 -5
- metadata +12 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1753f8ad3246c7f6b289df31c0b72d9c6b87da026c8002eb8bbca46e1ece8ae2
|
|
4
|
+
data.tar.gz: ccdc485af8a773582adcffe639908b26fd1ea884528977b67d5517f2c08e328c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ea6a189747ec64e3fc332f242f9858a97935a4dae37b4d32f22f9a5b03f67fdab6813e666b9ce46e7c969384573bd22bd5f3e66f8d28559779cafbd70e5473eb
|
|
7
|
+
data.tar.gz: 19ff5a50d9acc8c96b617ef3d6c2f8045d6221ae14bb8644da6ad2102abd9f94884d73b81c9cd87e7a680e5826faa5e68687524efb32aeabe016e6cc8e292137
|
data/bin/arvados-login-sync
CHANGED
|
@@ -21,9 +21,10 @@ end
|
|
|
21
21
|
options = {}
|
|
22
22
|
OptionParser.new do |parser|
|
|
23
23
|
parser.on('--exclusive', 'Manage SSH keys file exclusively.')
|
|
24
|
-
parser.on('--rotate-tokens', '
|
|
24
|
+
parser.on('--rotate-tokens', 'Force a rotation of all user tokens.')
|
|
25
25
|
parser.on('--skip-missing-users', "Don't try to create any local accounts.")
|
|
26
26
|
parser.on('--token-lifetime SECONDS', 'Create user tokens that expire after SECONDS.', Integer)
|
|
27
|
+
parser.on('--debug', 'Enable debug output')
|
|
27
28
|
end.parse!(into: options)
|
|
28
29
|
|
|
29
30
|
exclusive_banner = "#######################################################################################
|
|
@@ -35,6 +36,10 @@ end_banner = "### END Arvados-managed keys -- changes between markers will be ov
|
|
|
35
36
|
keys = ''
|
|
36
37
|
|
|
37
38
|
begin
|
|
39
|
+
debug = false
|
|
40
|
+
if options[:"debug"]
|
|
41
|
+
debug = true
|
|
42
|
+
end
|
|
38
43
|
arv = Arvados.new({ :suppress_ssl_warnings => false })
|
|
39
44
|
logincluster_arv = Arvados.new({ :api_host => (ENV['LOGINCLUSTER_ARVADOS_API_HOST'] || ENV['ARVADOS_API_HOST']),
|
|
40
45
|
:api_token => (ENV['LOGINCLUSTER_ARVADOS_API_TOKEN'] || ENV['ARVADOS_API_TOKEN']),
|
|
@@ -75,7 +80,7 @@ begin
|
|
|
75
80
|
end
|
|
76
81
|
else
|
|
77
82
|
if pwnam[l[:username]].uid < uid_min
|
|
78
|
-
STDERR.puts "Account #{l[:username]} uid #{pwnam[l[:username]].uid} < uid_min #{uid_min}. Skipping"
|
|
83
|
+
STDERR.puts "Account #{l[:username]} uid #{pwnam[l[:username]].uid} < uid_min #{uid_min}. Skipping" if debug
|
|
79
84
|
true
|
|
80
85
|
end
|
|
81
86
|
end
|
|
@@ -85,6 +90,7 @@ begin
|
|
|
85
90
|
|
|
86
91
|
# Collect all keys
|
|
87
92
|
logins.each do |l|
|
|
93
|
+
STDERR.puts("Considering #{l[:username]} ...") if debug
|
|
88
94
|
keys[l[:username]] = Array.new() if not keys.has_key?(l[:username])
|
|
89
95
|
key = l[:public_key]
|
|
90
96
|
if !key.nil?
|
|
@@ -144,7 +150,7 @@ begin
|
|
|
144
150
|
if existing_groups.index(addgroup).nil?
|
|
145
151
|
# User should be in group, but isn't, so add them.
|
|
146
152
|
STDERR.puts "Add user #{username} to #{addgroup} group"
|
|
147
|
-
system("
|
|
153
|
+
system("usermod", "-aG", addgroup, username)
|
|
148
154
|
end
|
|
149
155
|
end
|
|
150
156
|
|
|
@@ -152,7 +158,7 @@ begin
|
|
|
152
158
|
if groups.index(removegroup).nil?
|
|
153
159
|
# User is in a group, but shouldn't be, so remove them.
|
|
154
160
|
STDERR.puts "Remove user #{username} from #{removegroup} group"
|
|
155
|
-
system("
|
|
161
|
+
system("gpasswd", "-d", username, removegroup)
|
|
156
162
|
end
|
|
157
163
|
end
|
|
158
164
|
|
|
@@ -197,7 +203,32 @@ begin
|
|
|
197
203
|
tokenfile = File.join(configarvados, "settings.conf")
|
|
198
204
|
|
|
199
205
|
begin
|
|
200
|
-
|
|
206
|
+
STDERR.puts "Processing #{tokenfile} ..." if debug
|
|
207
|
+
newToken = false
|
|
208
|
+
if File.exist?(tokenfile)
|
|
209
|
+
# check if the token is still valid
|
|
210
|
+
myToken = ENV["ARVADOS_API_TOKEN"]
|
|
211
|
+
userEnv = IO::read(tokenfile)
|
|
212
|
+
if (m = /^ARVADOS_API_TOKEN=(.*?\n)/m.match(userEnv))
|
|
213
|
+
begin
|
|
214
|
+
tmp_arv = Arvados.new({ :api_host => (ENV['LOGINCLUSTER_ARVADOS_API_HOST'] || ENV['ARVADOS_API_HOST']),
|
|
215
|
+
:api_token => (m[1]),
|
|
216
|
+
:suppress_ssl_warnings => false })
|
|
217
|
+
tmp_arv.user.current
|
|
218
|
+
rescue Arvados::TransactionFailedError => e
|
|
219
|
+
if e.to_s =~ /401 Unauthorized/
|
|
220
|
+
STDERR.puts "Account #{l[:username]} token not valid, creating new token."
|
|
221
|
+
newToken = true
|
|
222
|
+
else
|
|
223
|
+
raise
|
|
224
|
+
end
|
|
225
|
+
end
|
|
226
|
+
end
|
|
227
|
+
elsif !File.exist?(tokenfile) || options[:"rotate-tokens"]
|
|
228
|
+
STDERR.puts "Account #{l[:username]} token file not found, creating new token."
|
|
229
|
+
newToken = true
|
|
230
|
+
end
|
|
231
|
+
if newToken
|
|
201
232
|
aca_params = {owner_uuid: l[:user_uuid], api_client_id: 0}
|
|
202
233
|
if options[:"token-lifetime"] && options[:"token-lifetime"] > 0
|
|
203
234
|
aca_params.merge!(expires_at: (Time.now + options[:"token-lifetime"]))
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: arvados-login-sync
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Arvados Authors
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-11-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: arvados
|
|
@@ -39,19 +39,25 @@ dependencies:
|
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '2.5'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
|
-
name:
|
|
42
|
+
name: arvados-google-api-client
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
|
+
- - ">="
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: 0.8.7.3
|
|
45
48
|
- - "<"
|
|
46
49
|
- !ruby/object:Gem::Version
|
|
47
|
-
version:
|
|
50
|
+
version: 0.8.9
|
|
48
51
|
type: :runtime
|
|
49
52
|
prerelease: false
|
|
50
53
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
54
|
requirements:
|
|
55
|
+
- - ">="
|
|
56
|
+
- !ruby/object:Gem::Version
|
|
57
|
+
version: 0.8.7.3
|
|
52
58
|
- - "<"
|
|
53
59
|
- !ruby/object:Gem::Version
|
|
54
|
-
version:
|
|
60
|
+
version: 0.8.9
|
|
55
61
|
- !ruby/object:Gem::Dependency
|
|
56
62
|
name: signet
|
|
57
63
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -67,7 +73,7 @@ dependencies:
|
|
|
67
73
|
- !ruby/object:Gem::Version
|
|
68
74
|
version: '0.12'
|
|
69
75
|
description: Creates and updates local login accounts for Arvados users. Built from
|
|
70
|
-
git commit
|
|
76
|
+
git commit bc9d8d1e4caeef8c4b2da02f9a134fc7b57148d7
|
|
71
77
|
email: packaging@arvados.org
|
|
72
78
|
executables:
|
|
73
79
|
- arvados-login-sync
|