ldap_tools 0.5.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 87ea99ec2ff3fdf48a25f53868073540168f34fe
4
- data.tar.gz: 918dd42c64afeb5ceec56935fc72c34ff57439fa
3
+ metadata.gz: 3c022535acfa6078a97828ec84635bf46696480f
4
+ data.tar.gz: d9e03db054a580a268acf7742226602dfae551b7
5
5
  SHA512:
6
- metadata.gz: 208965f680e094e1afc62ee1a2b5c58f2d5a23e1afe11a1491beadea8dcdb21ab72bbfadefe0a5b763dee16b081bf36a439fd1d48bb0977456a55031bb8a3e14
7
- data.tar.gz: b52b0151ad7114e7e36ccab2347b43ac7e340ac784ca2d654ecdb19da64c27632403eb37012fbae006ad7f8045011fbd8ef59ab1cc932f7a5a24670033649bd2
6
+ metadata.gz: 1c0129b763def56e8a9ec64715b0339634a86db95387438175a1ae50004eb7fd6be7300137030fd7850c56e0c12df2a7597a89341844c369c0b7f01060c453a4
7
+ data.tar.gz: 9ea951e5f59988399c2447ea32e451a05f8769d2356dd0d30a87e85bef000eca5605ff5ddab52006775b4ea97d95b2d0691b791ad960a7e94d48b18b36128ded
@@ -25,10 +25,7 @@ when "user" # run commands associated with user object
25
25
  when 'group'
26
26
  Tapjoy::LDAP::Group.commands
27
27
  when 'key'
28
- KEY_SUB_COMMANDS = %w(add remove install list show)
29
- commands('This object is used for group management', cmd, KEY_SUB_COMMANDS)
30
- keys = Tapjoy::LDAP::Key.new
31
- puts keys.show(ARGV.shift)
28
+ Tapjoy::LDAP::Key.commands
32
29
  when 'audit'
33
30
  AUDIT_SUB_COMMANDS = %w(by_user by_group raw)
34
31
  commands('This object is used for auditing LDAP permissions', cmd, AUDIT_SUB_COMMANDS)
@@ -44,6 +44,16 @@ module Tapjoy
44
44
  return return_result
45
45
  end
46
46
 
47
+ def add_attribute(distinguished_name, attribute, value)
48
+ @conn.add_attribute(dn, attribute, value)
49
+ return return_result
50
+ end
51
+
52
+ def replace_attribute(distinguished_name, attribute, value)
53
+ @conn.replace_attribute(distinguished_name, attribute, value)
54
+ return_result
55
+ end
56
+
47
57
  # Modify objects in LDAP
48
58
  def modify(distinguished_name, operations)
49
59
  @conn.modify(:dn => distinguished_name, :operations => operations)
@@ -1,196 +1,97 @@
1
+ require_relative 'key/add'
2
+ require_relative 'key/remove'
3
+ require_relative 'key/show'
4
+ require_relative 'key/install'
5
+
1
6
  module Tapjoy
2
7
  module LDAP
3
- class Key
4
-
5
- # Instantiate class
6
- def initialize
7
- command = ARGV.shift
8
-
9
- case command
10
- when 'add', 'remove', 'install', 'list'
11
- send(command)
12
- when 'show'
13
- return
14
- else
15
- raise Tapjoy::LDAP::InvalidArgument
16
- end
17
- end
18
-
19
- def show(user)
20
- get_keys_from_ldap[user]
21
- end
8
+ # Entry point for all key subcommands
9
+ module Key
10
+ class << self
11
+ SUB_COMMANDS = %w(add remove install list show)
22
12
 
23
- ## Private methods start here ##
24
- private
25
- # Get key listing from LDAP
26
- def get_keys_from_ldap
13
+ def commands
14
+ Trollop::options do
15
+ usage 'key [SUB_COMMAND] [options]'
16
+ synopsis "\nThis object is used for user key management\nAvailable subcommands are: #{SUB_COMMANDS}"
27
17
 
28
- key_results = {}
29
-
30
- results = Tapjoy::LDAP::client.search(attributes = ['uid', 'sshPublicKey'],
31
- filter = Net::LDAP::Filter.eq('sshPublicKey', '*'))
32
-
33
- results.each { |result| key_results[result.uid[0]] = result.sshPublicKey }
34
-
35
- return key_results
36
- end
18
+ stop_on SUB_COMMANDS
19
+ end
37
20
 
38
- # Retrieve keys from file/stdin
39
- def get_keys_from_commandline(filename)
40
- return_keys = []
21
+ cmd = ARGV.shift
41
22
 
42
- if filename.eql?('-')
43
- STDIN.each do |str|
44
- return_keys << str.chomp!
23
+ case cmd
24
+ when 'add', 'remove', 'install', 'list', 'show'
25
+ send(cmd) # call method with respective name
26
+ else
27
+ raise Tapjoy::LDAP::InvalidArgument
45
28
  end
46
- else
47
- return_keys = Array(File.open(filename))
48
29
  end
49
30
 
50
- return_keys.each { |key| verify(key) }
51
- return return_keys
52
- end
53
-
54
- # Verify key format
55
- def verify(key)
56
- unless key.start_with?('ssh')
57
- puts "Invalid key due to missing ssh key type:\n\n"
58
- puts "\t#{ key }\n\n"
59
- abort "Please verify your key and try again"
31
+ def add
32
+ key = Tapjoy::LDAP::Key::Add.new
33
+ key.add
60
34
  end
61
- end
62
-
63
- # Add key to LDAP
64
- def add
65
- opts = Trollop::options do
66
- # Set help message
67
- banner("#{$0} key add [options]")
68
35
 
69
- opt :user, 'Specify username to add key to', :type => :string,
70
- :required => true
71
- opt :filename, 'File to load keys from', :type => :string, :default => '-'
36
+ def remove
37
+ key = Tapjoy::LDAP::Key::Remove.new
38
+ key.remove
72
39
  end
73
40
 
74
- keys = get_keys_from_commandline(opts[:filename])
75
-
76
- filter = Net::LDAP::Filter.eq('uid', opts[:user])
77
- results = Tapjoy::LDAP::client.search(attributes = ['*'], filter = filter)
78
-
79
- # Make sure we return one, and only one user DN
80
- if results.size < 1
81
- abort 'user not found'
82
- elsif results.size > 1
83
- abort 'Multiple users found. Please narrow your search.'
41
+ def install
42
+ key = Tapjoy::LDAP::Key::Install.new
43
+ key.install
84
44
  end
85
45
 
86
- results.each do |result|
87
- unless result.objectclass.include?('ldapPublicKey')
88
- puts 'LDAP Public Key Object Class not found.'
89
- abort 'Please ensure user was created correctly.'
90
- end
91
- keys.each do |key|
92
- Tapjoy::LDAP::client.conn.add_attribute(result.dn, :sshPublicKey, key)
93
- puts Tapjoy::LDAP::client.return_result
94
- end
46
+ def list
47
+ Tapjoy::LDAP::Key.get_keys_from_ldap
95
48
  end
96
- end
97
49
 
98
- # Remove key from LDAP
99
- def remove
100
- opts = Trollop::options do
101
- # Set help message
102
- banner("#{$0} key remove [options]")
103
-
104
- opt :user, 'Specify username to delete key from', :type => :string,
105
- :required => true
106
- opt :filename, 'File to load key deletion list from', :type => :string,
107
- :default => '-'
108
- opt(:force, 'Force delete')
50
+ def show
51
+ key = Tapjoy::LDAP::Key::Show.new
52
+ key.show
109
53
  end
110
54
 
111
- keys = get_keys_from_commandline(opts[:filename])
112
-
113
- filter = Net::LDAP::Filter.eq('uid', opts[:user])
114
- attributes = ['sshPublicKey']
115
- old_array = []
116
-
117
- new_array = []
55
+ def get_keys_from_ldap
118
56
 
119
- results = Tapjoy::LDAP::client.search(attributes, filter)
120
- if results.size < 1
121
- puts "User (#{ opts[:user] }) not found."
122
- abort 'Please check the username and try again'
123
- elsif results.size > 1
124
- abort 'Multiple users found. Please narrow your search.'
57
+ key_results = {}
58
+ filter = Net::LDAP::Filter.eq('sshPublicKey', '*')
59
+ attributes = %w(uid sshPublicKey)
60
+ results = Tapjoy::LDAP::client.search(attributes, filter)
61
+ results.each {|result| key_results[result.uid[0]] = result.sshPublicKey}
62
+ key_results
125
63
  end
126
64
 
127
- results.each do |result|
128
- @user_dn = result.dn
129
- puts "User DN: #{ @user_dn }"
130
- old_array = result.sshPublicKey
131
- end
65
+ # Retrieve keys from file/stdin
66
+ def get_keys_from_commandline(filename=nil)
67
+ ARGV << filename unless filename.nil?
68
+ return_keys = []
132
69
 
133
- keep_keys = old_array - keys
134
- delete_keys = old_array & keys
135
- keys_not_found = keys - old_array
136
-
137
- puts 'Please confirm the following operations:'
138
- puts "Keep these keys:\n\n"
139
- print "\t #{ keep_keys }\n\n"
140
- puts "Delete these keys:\n\n"
141
- print "\t #{ delete_keys }\n\n"
142
- puts "Ignore these keys (not found in LDAP for #{ opts[:user]}):\n\n"
143
- print "\t #{ keys_not_found }\n\n"
144
-
145
- # We have to create a new stdin here, because we already use stdin
146
- # in the get_keys_from_commandline method.
147
- fd = IO.sysopen('/dev/tty', 'w+')
148
- unless opts[:force]
149
- print '>'
150
- confirm = ''
151
- IO.open(fd, 'w+') { |io| confirm = io.gets.chomp }
152
- unless confirm.eql?('y') || confirm.eql?('yes')
153
- abort("Deletion of #{ opts[:user] } aborted")
70
+ ARGF.each do |line|
71
+ return_keys << line.chomp!
154
72
  end
73
+ ARGV << '-' # close ARGF
74
+ return_keys.each { |key| verify_key(key) }
75
+ return_keys
155
76
  end
156
77
 
157
- Tapjoy::LDAP::client.conn.replace_attribute(@user_dn, :sshPublicKey, keep_keys)
158
- end
159
-
160
- # Install key on localhost
161
- def install
162
- opts = Trollop::options do
163
- # Set help message
164
- banner("#{$0} key install [options]")
165
-
166
- opt :debug, 'Enable debug/dry-run mode'
167
- end
168
-
169
- # Store results of query
170
- if opts[:debug]
171
- puts search_results
172
- exit 1
78
+ def verify_key(key)
79
+ unless key.start_with?('ssh')
80
+ puts "Invalid key due to missing ssh key type:\n\n"
81
+ puts "\t#{ key }\n\n"
82
+ abort "Please verify your key and try again"
83
+ end
173
84
  end
174
85
 
175
- get_keys_from_ldap.each do |key,values|
176
- directory = "/etc/ssh/users/#{key}"
177
- FileUtils.mkdir_p(directory) unless File.exists?directory
178
- keypath = "#{directory}/authorized_keys"
179
- if File.exists?(keypath)
180
- keys = File.read(keypath)
181
- else
182
- keys = []
183
- end
184
- File.open(keypath, 'a+') do |file|
185
- file.puts values.reject { |value| keys.include?(value) }
86
+ def verify_user(user, results)
87
+ # Make sure we return one, and only one user DN
88
+ if results.size < 1
89
+ puts "User (#{user}) not found."
90
+ abort 'Please check the username and try again'
91
+ elsif results.size > 1
92
+ abort 'Multiple users found. Please narrow your search.'
186
93
  end
187
94
  end
188
-
189
- # @TODO method to remove from authorized_keys any key that is not in LDAP
190
- end
191
-
192
- def list
193
- puts get_keys_from_ldap
194
95
  end
195
96
  end
196
97
  end
@@ -0,0 +1,51 @@
1
+ module Tapjoy
2
+ module LDAP
3
+ module Key
4
+ # Add user key to user profile
5
+ class Add
6
+ # Add key to LDAP
7
+ def add
8
+ filter_users.each do |result|
9
+ confirm_ldap_schema(result)
10
+ keys.each do |key|
11
+ puts Tapjoy::LDAP::client.add_attribute(result.dn, :sshPublicKey, key)
12
+ end
13
+ end
14
+ end
15
+
16
+ private
17
+ def opts
18
+ @opts ||= Trollop::options do
19
+ # Set help message
20
+ usage 'key add [options]'
21
+ synopsis "\nThis command is for adding user keys to a given user's profile"
22
+
23
+ opt :user, 'Specify username to add key to', type: :string,
24
+ required: true
25
+ opt :filename, 'File to load keys from', type: :string
26
+ end
27
+ end
28
+
29
+ def keys
30
+ @keys ||= Tapjoy::LDAP::Key.get_keys_from_commandline(opts[:filename] || nil)
31
+ end
32
+
33
+ def filter_users
34
+ filter = Net::LDAP::Filter.eq('uid', opts[:user])
35
+ results = Tapjoy::LDAP::client.search(attributes = ['*'], filter = filter)
36
+
37
+ Tapjoy::LDAP::Key.verify_user(opts[:user], results)
38
+
39
+ results
40
+ end
41
+
42
+ def confirm_ldap_schema(result)
43
+ unless result.objectclass.include?('ldapPublicKey')
44
+ puts 'LDAP Public Key Object Class not found.'
45
+ abort 'Please ensure user was created correctly.'
46
+ end
47
+ end
48
+ end
49
+ end
50
+ end
51
+ end
@@ -0,0 +1,46 @@
1
+ module Tapjoy
2
+ module LDAP
3
+ module Key
4
+ # Install key on localhost
5
+ class Install
6
+ def install
7
+ Tapjoy::LDAP::Key.get_keys_from_ldap.each do |user, values|
8
+ directory = directory(user)
9
+ FileUtils.mkdir_p(directory) unless File.exists?directory
10
+ authorized_keys_file = "#{directory}/authorized_keys"
11
+ keys = load_keys_from_file(authorized_keys_file)
12
+ insert_keys(authorized_keys_file, keys, values)
13
+ end
14
+ end
15
+
16
+ private
17
+ def opts
18
+ @opts ||= Trollop::options do
19
+ # Set help message
20
+ usage 'key install [options]'
21
+ synopsis "\nThis command is for keys to the appropriate authorized_keys file"
22
+
23
+ end
24
+ end
25
+
26
+ def load_keys_from_file(authorized_keys_file)
27
+ if File.exists?(authorized_keys_file)
28
+ keys = File.read(authorized_keys_file)
29
+ else
30
+ keys = []
31
+ end
32
+ end
33
+
34
+ def insert_keys(authorized_keys_file, keys, values)
35
+ File.open(authorized_keys_file, 'a+') do |file|
36
+ file.puts values.reject { |value| keys.include?(value) }
37
+ end
38
+ end
39
+
40
+ def directory(user)
41
+ File.join('etc', 'ssh', 'users', user)
42
+ end
43
+ end
44
+ end
45
+ end
46
+ end
@@ -0,0 +1,92 @@
1
+ module Tapjoy
2
+ module LDAP
3
+ module Key
4
+ # Remove a user key from user profile
5
+ class Remove
6
+ # Remove key from LDAP
7
+ def remove
8
+ keys # Get keys first
9
+ Tapjoy::LDAP::Key.verify_user(opts[:user], results)
10
+
11
+ confirm unless opts[:force]
12
+ Tapjoy::LDAP::client.replace_attribute(
13
+ @user_dn, :sshPublicKey, keep_keys)
14
+ end
15
+
16
+ private
17
+ def opts
18
+ @opts ||= Trollop::options do
19
+ # Set help message
20
+ usage 'key remove [options]'
21
+ synopsis "\nThis command is for removing a user's SSH key(s)"
22
+
23
+ opt :user, 'Specify username to delete key from', type: :string,
24
+ required: true
25
+ opt :filename, 'File to load key deletion list from', type: :string
26
+ opt :force, 'Force delete', short: '-F'
27
+ end
28
+ end
29
+
30
+ def keys
31
+ @keys ||= Tapjoy::LDAP::Key.get_keys_from_commandline(opts[:filename])
32
+ end
33
+
34
+ def filter
35
+ @filter ||= Net::LDAP::Filter.eq('uid', opts[:user])
36
+ end
37
+
38
+ def results
39
+ @results ||= Tapjoy::LDAP::client.search(['sshPublicKey'], filter)
40
+ end
41
+
42
+ def current_keys
43
+ @current_keys ||= begin
44
+ current_keys_array = []
45
+ results.each do |result|
46
+ @user_dn = result.dn
47
+ current_keys_array = result.sshPublicKey
48
+ end
49
+
50
+ current_keys_array
51
+ end
52
+ end
53
+
54
+ def keep_keys
55
+ @keep_keys ||= current_keys.flatten - keys.flatten
56
+ end
57
+
58
+ def delete_keys
59
+ @delete_keys ||= current_keys & keys
60
+ end
61
+
62
+ def keys_not_found
63
+ @keys_not_found ||= keys - current_keys
64
+ end
65
+
66
+ def confirm
67
+ puts 'Please confirm the following operations:'
68
+ puts "Keep these keys:\n\n"
69
+ print "\t #{ keep_keys }\n\n"
70
+ puts "Delete these keys:\n\n"
71
+ print "\t #{ delete_keys }\n\n"
72
+ puts "Ignore these keys (not found in LDAP for #{ opts[:user]}):\n\n"
73
+ print "\t #{ keys_not_found }\n\n"
74
+ get_confirmation
75
+ end
76
+
77
+ def fd
78
+ @fd ||= IO.sysopen('/dev/tty', 'w+')
79
+ end
80
+
81
+ def get_confirmation
82
+ print '>'
83
+ confirm = gets.chomp
84
+ # IO.open(fd, 'w+') { |io| confirm = io.gets.chomp }
85
+ unless confirm.eql?('y') || confirm.eql?('yes')
86
+ abort("Deletion of #{ opts[:user] } aborted")
87
+ end
88
+ end
89
+ end
90
+ end
91
+ end
92
+ end
@@ -0,0 +1,27 @@
1
+ module Tapjoy
2
+ module LDAP
3
+ module Key
4
+ # Show all of a user's keys
5
+ class Show
6
+ def show
7
+ username = opts[:user]
8
+ keys = Tapjoy::LDAP::Key.get_keys_from_ldap[username]
9
+ puts "No keys found for #{opts[:user]}" if keys.length? 0
10
+ puts keys
11
+ end
12
+
13
+ private
14
+ def opts
15
+ @opts ||= Trollop::options do
16
+ # Set help message
17
+ usage 'key show [options]'
18
+ synopsis "\nThis command is for showing a specific user's SSH keys"
19
+
20
+ opt :user, 'Specify username', type: :string, required: true
21
+ end
22
+ end
23
+
24
+ end
25
+ end
26
+ end
27
+ end
@@ -2,7 +2,7 @@ module Tapjoy
2
2
  module LDAP
3
3
  module Version
4
4
  MAJOR = 0
5
- MINOR = 5
5
+ MINOR = 6
6
6
  PATCH = 0
7
7
  end
8
8
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ldap_tools
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.0
4
+ version: 0.6.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ali Tayarani
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-12-14 00:00:00.000000000 Z
11
+ date: 2016-01-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: trollop
@@ -76,9 +76,6 @@ files:
76
76
  - bin/ldaptools
77
77
  - lib/tapjoy/ldap.rb
78
78
  - lib/tapjoy/ldap/audit.rb
79
- - lib/tapjoy/ldap/audit/by_group.rb
80
- - lib/tapjoy/ldap/audit/by_user.rb
81
- - lib/tapjoy/ldap/audit/raw.rb
82
79
  - lib/tapjoy/ldap/base.rb
83
80
  - lib/tapjoy/ldap/group.rb
84
81
  - lib/tapjoy/ldap/group/add_user.rb
@@ -86,7 +83,7 @@ files:
86
83
  - lib/tapjoy/ldap/group/delete.rb
87
84
  - lib/tapjoy/ldap/key.rb
88
85
  - lib/tapjoy/ldap/key/add.rb
89
- - lib/tapjoy/ldap/key/list.rb
86
+ - lib/tapjoy/ldap/key/install.rb
90
87
  - lib/tapjoy/ldap/key/remove.rb
91
88
  - lib/tapjoy/ldap/key/show.rb
92
89
  - lib/tapjoy/ldap/user.rb
File without changes
File without changes
File without changes
File without changes