arvados-login-sync 2.2.1 → 2.3.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/arvados-login-sync +36 -5
- metadata +12 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 941f4da9a70e1e75662241cae5d81116e4e852c347ce0e28db604fa486cf1d8a
|
4
|
+
data.tar.gz: 510c842f8cb0bfeb076890f2c774e5ac3e0acdf94e863d3e26e6be476ef94481
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 547916ee962ac63cb58cfc854640a7aa34cc9c73c0316c2effe99de0548ac4a9efed470f6980d569b08b44fe2d13a9ccb1b6d5878039b008410366bbe6117ce9
|
7
|
+
data.tar.gz: c320947708536a41f2c2d6e46a14a126d091d014cd2396536ecc5779cbbbfd99f664de3fd92cb2508c90d2157ecc0f2ca78e4d1f872ba09ccc59e84e71abd906
|
data/bin/arvados-login-sync
CHANGED
@@ -21,9 +21,10 @@ end
|
|
21
21
|
options = {}
|
22
22
|
OptionParser.new do |parser|
|
23
23
|
parser.on('--exclusive', 'Manage SSH keys file exclusively.')
|
24
|
-
parser.on('--rotate-tokens', '
|
24
|
+
parser.on('--rotate-tokens', 'Force a rotation of all user tokens.')
|
25
25
|
parser.on('--skip-missing-users', "Don't try to create any local accounts.")
|
26
26
|
parser.on('--token-lifetime SECONDS', 'Create user tokens that expire after SECONDS.', Integer)
|
27
|
+
parser.on('--debug', 'Enable debug output')
|
27
28
|
end.parse!(into: options)
|
28
29
|
|
29
30
|
exclusive_banner = "#######################################################################################
|
@@ -35,6 +36,10 @@ end_banner = "### END Arvados-managed keys -- changes between markers will be ov
|
|
35
36
|
keys = ''
|
36
37
|
|
37
38
|
begin
|
39
|
+
debug = false
|
40
|
+
if options[:"debug"]
|
41
|
+
debug = true
|
42
|
+
end
|
38
43
|
arv = Arvados.new({ :suppress_ssl_warnings => false })
|
39
44
|
logincluster_arv = Arvados.new({ :api_host => (ENV['LOGINCLUSTER_ARVADOS_API_HOST'] || ENV['ARVADOS_API_HOST']),
|
40
45
|
:api_token => (ENV['LOGINCLUSTER_ARVADOS_API_TOKEN'] || ENV['ARVADOS_API_TOKEN']),
|
@@ -75,7 +80,7 @@ begin
|
|
75
80
|
end
|
76
81
|
else
|
77
82
|
if pwnam[l[:username]].uid < uid_min
|
78
|
-
STDERR.puts "Account #{l[:username]} uid #{pwnam[l[:username]].uid} < uid_min #{uid_min}. Skipping"
|
83
|
+
STDERR.puts "Account #{l[:username]} uid #{pwnam[l[:username]].uid} < uid_min #{uid_min}. Skipping" if debug
|
79
84
|
true
|
80
85
|
end
|
81
86
|
end
|
@@ -85,6 +90,7 @@ begin
|
|
85
90
|
|
86
91
|
# Collect all keys
|
87
92
|
logins.each do |l|
|
93
|
+
STDERR.puts("Considering #{l[:username]} ...") if debug
|
88
94
|
keys[l[:username]] = Array.new() if not keys.has_key?(l[:username])
|
89
95
|
key = l[:public_key]
|
90
96
|
if !key.nil?
|
@@ -144,7 +150,7 @@ begin
|
|
144
150
|
if existing_groups.index(addgroup).nil?
|
145
151
|
# User should be in group, but isn't, so add them.
|
146
152
|
STDERR.puts "Add user #{username} to #{addgroup} group"
|
147
|
-
system("
|
153
|
+
system("usermod", "-aG", addgroup, username)
|
148
154
|
end
|
149
155
|
end
|
150
156
|
|
@@ -152,7 +158,7 @@ begin
|
|
152
158
|
if groups.index(removegroup).nil?
|
153
159
|
# User is in a group, but shouldn't be, so remove them.
|
154
160
|
STDERR.puts "Remove user #{username} from #{removegroup} group"
|
155
|
-
system("
|
161
|
+
system("gpasswd", "-d", username, removegroup)
|
156
162
|
end
|
157
163
|
end
|
158
164
|
|
@@ -197,7 +203,32 @@ begin
|
|
197
203
|
tokenfile = File.join(configarvados, "settings.conf")
|
198
204
|
|
199
205
|
begin
|
200
|
-
|
206
|
+
STDERR.puts "Processing #{tokenfile} ..." if debug
|
207
|
+
newToken = false
|
208
|
+
if File.exist?(tokenfile)
|
209
|
+
# check if the token is still valid
|
210
|
+
myToken = ENV["ARVADOS_API_TOKEN"]
|
211
|
+
userEnv = IO::read(tokenfile)
|
212
|
+
if (m = /^ARVADOS_API_TOKEN=(.*?\n)/m.match(userEnv))
|
213
|
+
begin
|
214
|
+
tmp_arv = Arvados.new({ :api_host => (ENV['LOGINCLUSTER_ARVADOS_API_HOST'] || ENV['ARVADOS_API_HOST']),
|
215
|
+
:api_token => (m[1]),
|
216
|
+
:suppress_ssl_warnings => false })
|
217
|
+
tmp_arv.user.current
|
218
|
+
rescue Arvados::TransactionFailedError => e
|
219
|
+
if e.to_s =~ /401 Unauthorized/
|
220
|
+
STDERR.puts "Account #{l[:username]} token not valid, creating new token."
|
221
|
+
newToken = true
|
222
|
+
else
|
223
|
+
raise
|
224
|
+
end
|
225
|
+
end
|
226
|
+
end
|
227
|
+
elsif !File.exist?(tokenfile) || options[:"rotate-tokens"]
|
228
|
+
STDERR.puts "Account #{l[:username]} token file not found, creating new token."
|
229
|
+
newToken = true
|
230
|
+
end
|
231
|
+
if newToken
|
201
232
|
aca_params = {owner_uuid: l[:user_uuid], api_client_id: 0}
|
202
233
|
if options[:"token-lifetime"] && options[:"token-lifetime"] > 0
|
203
234
|
aca_params.merge!(expires_at: (Time.now + options[:"token-lifetime"]))
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: arvados-login-sync
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.2
|
4
|
+
version: 2.3.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Arvados Authors
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-11-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: arvados
|
@@ -39,19 +39,25 @@ dependencies:
|
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '2.5'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
|
-
name:
|
42
|
+
name: arvados-google-api-client
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: 0.8.7.3
|
45
48
|
- - "<"
|
46
49
|
- !ruby/object:Gem::Version
|
47
|
-
version:
|
50
|
+
version: 0.8.9
|
48
51
|
type: :runtime
|
49
52
|
prerelease: false
|
50
53
|
version_requirements: !ruby/object:Gem::Requirement
|
51
54
|
requirements:
|
55
|
+
- - ">="
|
56
|
+
- !ruby/object:Gem::Version
|
57
|
+
version: 0.8.7.3
|
52
58
|
- - "<"
|
53
59
|
- !ruby/object:Gem::Version
|
54
|
-
version:
|
60
|
+
version: 0.8.9
|
55
61
|
- !ruby/object:Gem::Dependency
|
56
62
|
name: signet
|
57
63
|
requirement: !ruby/object:Gem::Requirement
|
@@ -67,7 +73,7 @@ dependencies:
|
|
67
73
|
- !ruby/object:Gem::Version
|
68
74
|
version: '0.12'
|
69
75
|
description: Creates and updates local login accounts for Arvados users. Built from
|
70
|
-
git commit
|
76
|
+
git commit bc9d8d1e4caeef8c4b2da02f9a134fc7b57148d7
|
71
77
|
email: packaging@arvados.org
|
72
78
|
executables:
|
73
79
|
- arvados-login-sync
|