rs_user_policy 0.1.11 → 0.1.12

checksums.yaml

@@ -1,15 +1,7 @@
 ---
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    ODAwMDdlOGM2NDMzMzljMDQwZjZiNTkyODFlZmVlYTBjOGViMTczYg==
-  data.tar.gz: !binary |-
-    OGI0YTE4NTQ2MzAzNzJiOTg1ODIyNWQ1NzliZTM5NGJmNjkyZjY0Mw==
+SHA1:
+  metadata.gz: 4576f396772da4c965b1cbfdf34bc09ee5f9a6fd
+  data.tar.gz: 5216592d2b36de78aef33502ce652ff7da27bad1
 SHA512:
-  metadata.gz: !binary |-
-    ZTM4Mjk0MjlkZTQ1N2NhMTM4ZDZmZGVjZGVhZjJmMDg5Njk1Yjc3YTMxZTMy
-    ZTM4NTY2MTkwOWUyZjk2NjBmN2YwY2QyYmYwMDgzNWIzMTU1OGQ2OWZjNjRj
-    NDRmNWVjNTU0OGE4NGE4ZTNkZTFlZDM5MTZjMDlhNDk3NWE2MGY=
-  data.tar.gz: !binary |-
-    NTgyNWU1YmE0ODQwN2UyNGZkMmY3YzUyMTMxZDdlNjQ2NTg0NGI0NTZiMTRk
-    YmFlZjMxMDAwM2JkMmM3MmJiZTMwYWE4NmFiMGY3ZTkxNzYxZTE3ZTVhNmRl
-    ZTY1NWE0NWViYzMxMTA5NTcyN2M2MTkxNTFmNWQ2Yjc0MTY3ZDI=
+  metadata.gz: d3e8afa8cd3950f14730d5a397805baa7555c21dea52c735b20be6dafa1be97827d4d6d6b1f698a24fde1b8ddc057cf3d805535f57bbea429576cfdaa37915d0
+  data.tar.gz: f7f73a20e3ee04b9115b09d19f2fac91a3e9a5f9686c255a00b58bb37296726ac2cfcd622fe6ad615996a47b4d6db38aad1bc4556342a61ed38e5619e06e9ea5

data/bin/rs_user_policy

@@ -50,9 +50,15 @@ opts = Trollop::options do
   opt :audit_dir, "A directory where audit logs will be stored. By default this is the current working directory.", :type => :string
   opt :dry_run, "A flag indicating that no changes should be made, only the user_assignments.json should be evaluated (or created) and the audit_log.json produced"
   opt :authority, "A flag indicating that all users in the user_assignments file \"MUST\" exist, and will always be created.  Effectively asserting that the user_assignments is your canonical authority for users."
+  opt :debug, "A flag which will cause very verbose logging to help torubleshoot problems."
 end
 
 log = Logger.new(STDOUT)
+if opts[:debug]
+  log.level = Logger::DEBUG
+else
+  log.level = Logger::INFO
+end
 timestamp = Time::now.to_i
 
 if opts[:dry_run]
@@ -92,10 +98,25 @@ log.info("Invoked with account numbers (#{opts[:rs_acct_num].join(",")}).")
 # Iterate over all accounts once to discover users and their permissions
 multi_client.each do |account_id, account|
   child_client = account[:client]
-  child_account = child_client.accounts(:id => account_id).show()
+  begin
+    child_account = child_client.accounts(:id => account_id).show()
+  rescue RightApi::ApiError => e
+    log.error("Failed to get account details for account id #{account_id}.\n  Error: #{e}")
+    next
+  end
   account_href = child_account.href
-  users = child_client.users.index
-  permissions = child_client.permissions.index
+  begin
+    users = child_client.users.index
+  rescue RightApi::ApiError => e
+    log.error("Failed to list users for account #{child_account.name}:#{account_id} - #{child_account.href}.\n  Error: #{e}")
+    next
+  end
+  begin
+    permissions = child_client.permissions.index
+  rescue RightApi::ApiError => e
+    log.error("Failed to create a user with the following properties.\n  Properties: #{JSON.pretty_generate(user_create_params)}\n  Error: #{e}")
+    next
+  end
   user_collection.add_users(users)
   user_collection.add_permissions(account_href, permissions)
 
@@ -154,9 +175,15 @@ end
 begin
   multi_client.each do |account_id,account|
     child_client = account[:client]
-    child_account = child_client.accounts(:id => account_id).show()
+    begin
+      child_account = child_client.accounts(:id => account_id).show()
+    rescue RightApi::ApiError => e
+      log.error("Failed to get account details for account id #{account_id}.\n  Error: #{e}")
+      next
+    end
     account_name = child_account.name
     account_href = child_account.href
+    log.info("Making user permission changes in account #{account_name}:#{account_href}")
 
     user_collection.users.each do |user|
       email = user.email
@@ -169,15 +196,28 @@ begin
         # a user can also be effectively deleted if they have an empty list of
         # permissions for a particular account
         unless opts[:dry_run]
-          log.debug("Deleting #{user.email} from #{account_name} by removing these permissions #{JSON.pretty_generate(existing_permissions)}")
-          user.clear_permissions(account_href, child_client)
+          log.debug("  Deleting #{user.email} from #{account_name} by removing these permissions #{JSON.pretty_generate(existing_permissions)}")
+          begin
+            user.clear_permissions(account_href, child_client)
+          rescue RightApi::ApiError => e
+            log.error("  Failed to delete user #{user.email}:#{user.href} from #{account_name}.\n  Error: #{e}")
+            next
+          end
         end
         audit_log.add_entry(email, account_name, 'deleted', 'deleted')
       elsif !user_role.include?("immutable")
-        user_policy = policy.get_permissions(user_role, account_href)
-        removed,added = user.set_api_permissions(user_policy, account_href, child_client, :dry_run => opts[:dry_run])
-        changes = "-#{removed.values} +#{added.values}"
-        audit_log.add_entry(email, account_name, 'update_permissions', changes) unless removed.length + added.length == 0
+        begin
+          user_policy = policy.get_permissions(user_role, account_href)
+          role_titles = existing_permissions.map{|p| p.role_title }
+          log.debug("  Updating user #{user.email}:#{user.href}.\n    Existing Permissions: #{role_titles.sort}\n    Desired Permissions: #{user_policy.sort}")
+
+          removed,added = user.set_api_permissions(user_policy, account_href, child_client, :dry_run => opts[:dry_run])
+          changes = "-#{removed.values} +#{added.values}"
+          audit_log.add_entry(email, account_name, 'update_permissions', changes) unless removed.length + added.length == 0
+        rescue RightApi::ApiError => e
+          log.error("Failed to update permissions for user #{user.email}:#{user.href} in account #{account_name}:#{account_href}.\n  Error: #{e}")
+          next
+        end
       end
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rs_user_policy
 version: !ruby/object:Gem::Version
-  version: 0.1.11
+  version: 0.1.12
 platform: ruby
 authors:
 - Ryan J. Geyer
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-12-02 00:00:00.000000000 Z
+date: 2015-08-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: right_api_client
@@ -28,7 +28,7 @@ dependencies:
   name: trollop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '1.16'
     - - <
@@ -38,7 +38,7 @@ dependencies:
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '1.16'
     - - <
@@ -52,10 +52,6 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- LICENSE.txt
-- README.rdoc
-- bin/rs_user_policy
-- lib/rs_user_policy.rb
 - lib/rs_user_policy/audit_log.rb
 - lib/rs_user_policy/policy/json_policy.rb
 - lib/rs_user_policy/policy/policy.rb
@@ -66,6 +62,10 @@ files:
 - lib/rs_user_policy/user_assignments/user_assignments.rb
 - lib/rs_user_policy/user_collection.rb
 - lib/rs_user_policy/utilities.rb
+- lib/rs_user_policy.rb
+- bin/rs_user_policy
+- LICENSE.txt
+- README.rdoc
 homepage: https://github.com/rgeyer/rs_user_policy
 licenses:
 - MIT
@@ -76,17 +76,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.0.14
 signing_key: 
 specification_version: 4
 summary: Manages users across many different child accounts of a RightScale Enterprise