arvados-login-sync 2.2.1 → 2.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/arvados-login-sync +36 -5
- metadata +12 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 941f4da9a70e1e75662241cae5d81116e4e852c347ce0e28db604fa486cf1d8a
|
|
4
|
+
data.tar.gz: 510c842f8cb0bfeb076890f2c774e5ac3e0acdf94e863d3e26e6be476ef94481
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 547916ee962ac63cb58cfc854640a7aa34cc9c73c0316c2effe99de0548ac4a9efed470f6980d569b08b44fe2d13a9ccb1b6d5878039b008410366bbe6117ce9
|
|
7
|
+
data.tar.gz: c320947708536a41f2c2d6e46a14a126d091d014cd2396536ecc5779cbbbfd99f664de3fd92cb2508c90d2157ecc0f2ca78e4d1f872ba09ccc59e84e71abd906
|
data/bin/arvados-login-sync
CHANGED
|
@@ -21,9 +21,10 @@ end
|
|
|
21
21
|
options = {}
|
|
22
22
|
OptionParser.new do |parser|
|
|
23
23
|
parser.on('--exclusive', 'Manage SSH keys file exclusively.')
|
|
24
|
-
parser.on('--rotate-tokens', '
|
|
24
|
+
parser.on('--rotate-tokens', 'Force a rotation of all user tokens.')
|
|
25
25
|
parser.on('--skip-missing-users', "Don't try to create any local accounts.")
|
|
26
26
|
parser.on('--token-lifetime SECONDS', 'Create user tokens that expire after SECONDS.', Integer)
|
|
27
|
+
parser.on('--debug', 'Enable debug output')
|
|
27
28
|
end.parse!(into: options)
|
|
28
29
|
|
|
29
30
|
exclusive_banner = "#######################################################################################
|
|
@@ -35,6 +36,10 @@ end_banner = "### END Arvados-managed keys -- changes between markers will be ov
|
|
|
35
36
|
keys = ''
|
|
36
37
|
|
|
37
38
|
begin
|
|
39
|
+
debug = false
|
|
40
|
+
if options[:"debug"]
|
|
41
|
+
debug = true
|
|
42
|
+
end
|
|
38
43
|
arv = Arvados.new({ :suppress_ssl_warnings => false })
|
|
39
44
|
logincluster_arv = Arvados.new({ :api_host => (ENV['LOGINCLUSTER_ARVADOS_API_HOST'] || ENV['ARVADOS_API_HOST']),
|
|
40
45
|
:api_token => (ENV['LOGINCLUSTER_ARVADOS_API_TOKEN'] || ENV['ARVADOS_API_TOKEN']),
|
|
@@ -75,7 +80,7 @@ begin
|
|
|
75
80
|
end
|
|
76
81
|
else
|
|
77
82
|
if pwnam[l[:username]].uid < uid_min
|
|
78
|
-
STDERR.puts "Account #{l[:username]} uid #{pwnam[l[:username]].uid} < uid_min #{uid_min}. Skipping"
|
|
83
|
+
STDERR.puts "Account #{l[:username]} uid #{pwnam[l[:username]].uid} < uid_min #{uid_min}. Skipping" if debug
|
|
79
84
|
true
|
|
80
85
|
end
|
|
81
86
|
end
|
|
@@ -85,6 +90,7 @@ begin
|
|
|
85
90
|
|
|
86
91
|
# Collect all keys
|
|
87
92
|
logins.each do |l|
|
|
93
|
+
STDERR.puts("Considering #{l[:username]} ...") if debug
|
|
88
94
|
keys[l[:username]] = Array.new() if not keys.has_key?(l[:username])
|
|
89
95
|
key = l[:public_key]
|
|
90
96
|
if !key.nil?
|
|
@@ -144,7 +150,7 @@ begin
|
|
|
144
150
|
if existing_groups.index(addgroup).nil?
|
|
145
151
|
# User should be in group, but isn't, so add them.
|
|
146
152
|
STDERR.puts "Add user #{username} to #{addgroup} group"
|
|
147
|
-
system("
|
|
153
|
+
system("usermod", "-aG", addgroup, username)
|
|
148
154
|
end
|
|
149
155
|
end
|
|
150
156
|
|
|
@@ -152,7 +158,7 @@ begin
|
|
|
152
158
|
if groups.index(removegroup).nil?
|
|
153
159
|
# User is in a group, but shouldn't be, so remove them.
|
|
154
160
|
STDERR.puts "Remove user #{username} from #{removegroup} group"
|
|
155
|
-
system("
|
|
161
|
+
system("gpasswd", "-d", username, removegroup)
|
|
156
162
|
end
|
|
157
163
|
end
|
|
158
164
|
|
|
@@ -197,7 +203,32 @@ begin
|
|
|
197
203
|
tokenfile = File.join(configarvados, "settings.conf")
|
|
198
204
|
|
|
199
205
|
begin
|
|
200
|
-
|
|
206
|
+
STDERR.puts "Processing #{tokenfile} ..." if debug
|
|
207
|
+
newToken = false
|
|
208
|
+
if File.exist?(tokenfile)
|
|
209
|
+
# check if the token is still valid
|
|
210
|
+
myToken = ENV["ARVADOS_API_TOKEN"]
|
|
211
|
+
userEnv = IO::read(tokenfile)
|
|
212
|
+
if (m = /^ARVADOS_API_TOKEN=(.*?\n)/m.match(userEnv))
|
|
213
|
+
begin
|
|
214
|
+
tmp_arv = Arvados.new({ :api_host => (ENV['LOGINCLUSTER_ARVADOS_API_HOST'] || ENV['ARVADOS_API_HOST']),
|
|
215
|
+
:api_token => (m[1]),
|
|
216
|
+
:suppress_ssl_warnings => false })
|
|
217
|
+
tmp_arv.user.current
|
|
218
|
+
rescue Arvados::TransactionFailedError => e
|
|
219
|
+
if e.to_s =~ /401 Unauthorized/
|
|
220
|
+
STDERR.puts "Account #{l[:username]} token not valid, creating new token."
|
|
221
|
+
newToken = true
|
|
222
|
+
else
|
|
223
|
+
raise
|
|
224
|
+
end
|
|
225
|
+
end
|
|
226
|
+
end
|
|
227
|
+
elsif !File.exist?(tokenfile) || options[:"rotate-tokens"]
|
|
228
|
+
STDERR.puts "Account #{l[:username]} token file not found, creating new token."
|
|
229
|
+
newToken = true
|
|
230
|
+
end
|
|
231
|
+
if newToken
|
|
201
232
|
aca_params = {owner_uuid: l[:user_uuid], api_client_id: 0}
|
|
202
233
|
if options[:"token-lifetime"] && options[:"token-lifetime"] > 0
|
|
203
234
|
aca_params.merge!(expires_at: (Time.now + options[:"token-lifetime"]))
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: arvados-login-sync
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.2
|
|
4
|
+
version: 2.3.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Arvados Authors
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-11-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: arvados
|
|
@@ -39,19 +39,25 @@ dependencies:
|
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '2.5'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
|
-
name:
|
|
42
|
+
name: arvados-google-api-client
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
|
+
- - ">="
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: 0.8.7.3
|
|
45
48
|
- - "<"
|
|
46
49
|
- !ruby/object:Gem::Version
|
|
47
|
-
version:
|
|
50
|
+
version: 0.8.9
|
|
48
51
|
type: :runtime
|
|
49
52
|
prerelease: false
|
|
50
53
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
54
|
requirements:
|
|
55
|
+
- - ">="
|
|
56
|
+
- !ruby/object:Gem::Version
|
|
57
|
+
version: 0.8.7.3
|
|
52
58
|
- - "<"
|
|
53
59
|
- !ruby/object:Gem::Version
|
|
54
|
-
version:
|
|
60
|
+
version: 0.8.9
|
|
55
61
|
- !ruby/object:Gem::Dependency
|
|
56
62
|
name: signet
|
|
57
63
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -67,7 +73,7 @@ dependencies:
|
|
|
67
73
|
- !ruby/object:Gem::Version
|
|
68
74
|
version: '0.12'
|
|
69
75
|
description: Creates and updates local login accounts for Arvados users. Built from
|
|
70
|
-
git commit
|
|
76
|
+
git commit bc9d8d1e4caeef8c4b2da02f9a134fc7b57148d7
|
|
71
77
|
email: packaging@arvados.org
|
|
72
78
|
executables:
|
|
73
79
|
- arvados-login-sync
|