rs_user_policy 0.0.2 → 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +3 -0
- data/bin/rs_user_policy +40 -18
- metadata +5 -5
data/README.rdoc
CHANGED
|
@@ -2,6 +2,9 @@
|
|
|
2
2
|
|
|
3
3
|
A useful tool for managing many users across many child accounts in a RightScale Enterprise Edition
|
|
4
4
|
|
|
5
|
+
While the tests are not exhaustive, the current build status is..
|
|
6
|
+
{<img src="https://travis-ci.org/rgeyer/rs_user_policy.png" />}[https://travis-ci.org/rgeyer/rs_user_policy]
|
|
7
|
+
|
|
5
8
|
== Usage
|
|
6
9
|
|
|
7
10
|
The binary contained in this gem accepts two files as inputs to determine it's behavior. The first, is a policy JSON file which specifies the permissions to be applied to users.
|
data/bin/rs_user_policy
CHANGED
|
@@ -45,7 +45,7 @@ accounts = []
|
|
|
45
45
|
user_href_resource_map = {}
|
|
46
46
|
user_email_resource_map = {}
|
|
47
47
|
permission_delete_order = [
|
|
48
|
-
'
|
|
48
|
+
'enterprise_manager',
|
|
49
49
|
'admin',
|
|
50
50
|
'security_manager',
|
|
51
51
|
'actor',
|
|
@@ -58,26 +58,34 @@ permission_delete_order = [
|
|
|
58
58
|
'observer'
|
|
59
59
|
]
|
|
60
60
|
|
|
61
|
+
log.info("The dry_run option was selected, no action will be taken, but the user_assignments output and audit_log files will be written reflecting the actions which would have been taken") if opts[:dry_run]
|
|
62
|
+
|
|
61
63
|
user_assignments_output = "user_assignments-#{timestamp}.json"
|
|
62
64
|
|
|
63
65
|
audit_log = AuditLog.new opts.merge(:timestamp => timestamp)
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
66
|
+
policy = {}
|
|
67
|
+
|
|
68
|
+
def valid_policy_json_file?(json_file, &block)
|
|
69
|
+
# TODO: Also validate that the policy file is in the correct form.
|
|
70
|
+
# I.E. {
|
|
71
|
+
# "policy-name": {
|
|
72
|
+
# "account-href-or-default": ["list", "of", "permissions"]
|
|
73
|
+
# }
|
|
74
|
+
#}
|
|
75
|
+
yield JSON.parse(File.read(json_file))
|
|
76
|
+
return true
|
|
77
|
+
rescue JSON::ParserError
|
|
78
|
+
return false
|
|
70
79
|
end
|
|
71
80
|
|
|
72
|
-
accounts << {:client => client, :href => master_account.href, :name => master_account.name}
|
|
73
|
-
|
|
74
|
-
log.info("The dry_run option was selected, no action will be taken, but the user_assignments output and audit_log files will be written reflecting the actions which would have been taken") if opts[:dry_run]
|
|
75
|
-
|
|
76
|
-
log.info("Operating on the Enterprise Master Account #{master_account.name}")
|
|
77
|
-
|
|
78
81
|
if File.exists? opts[:policy]
|
|
79
|
-
|
|
80
|
-
|
|
82
|
+
if valid_policy_json_file?(opts[:policy]) do |p|
|
|
83
|
+
policy = p
|
|
84
|
+
end
|
|
85
|
+
else
|
|
86
|
+
log.fatal("The policy file named #{opts[:policy]} is not a properly formatted json file!")
|
|
87
|
+
exit 1
|
|
88
|
+
end
|
|
81
89
|
else
|
|
82
90
|
log.fatal("The policy file named #{opts[:policy]} was not found!")
|
|
83
91
|
exit 1
|
|
@@ -94,6 +102,17 @@ else
|
|
|
94
102
|
log.warn("No user_assignments file was specified. All users will be treated as immutable and written to the user_assigments output file.")
|
|
95
103
|
end
|
|
96
104
|
|
|
105
|
+
client = RightApi::Client.new(:email => opts[:rs_email], :password => opts[:rs_pass], :account_id => opts[:rs_acct_num])
|
|
106
|
+
master_account = client.accounts(:id => opts[:rs_acct_num]).show()
|
|
107
|
+
client.users().index.each do |user|
|
|
108
|
+
user_href_resource_map[user.href] = user
|
|
109
|
+
user_email_resource_map[user.email] = user
|
|
110
|
+
end
|
|
111
|
+
|
|
112
|
+
accounts << {:client => client, :href => master_account.href, :name => master_account.name}
|
|
113
|
+
|
|
114
|
+
log.info("Operating on the Enterprise Master Account #{master_account.name}")
|
|
115
|
+
|
|
97
116
|
begin
|
|
98
117
|
client.child_accounts().index.each do |child|
|
|
99
118
|
child_client = RightApi::Client.new(:email => opts[:rs_email], :password => opts[:rs_pass], :account_id => Utilities.id_from_href(child.href))
|
|
@@ -155,9 +174,12 @@ accounts.each do |account|
|
|
|
155
174
|
audit_log.add_entry(email, account[:name], 'deleted', 'deleted')
|
|
156
175
|
else
|
|
157
176
|
user_policy = []
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
177
|
+
if policy[user_assignments[email]].key?(account[:href])
|
|
178
|
+
user_policy = policy[user_assignments[email]][account[:href]]
|
|
179
|
+
elsif policy[user_assignments[email]].key?('default')
|
|
180
|
+
user_policy = policy[user_assignments[email]]['default']
|
|
181
|
+
end
|
|
182
|
+
removed = (user_policy.length == 0) ? user.keys : user.keys - user_policy
|
|
161
183
|
added = user_policy - user.keys
|
|
162
184
|
changes = "-#{removed} +#{added}"
|
|
163
185
|
unless opts[:dry_run]
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rs_user_policy
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.3
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2012-11-
|
|
12
|
+
date: 2012-11-20 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: right_api_client
|
|
@@ -71,7 +71,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
71
71
|
version: '0'
|
|
72
72
|
segments:
|
|
73
73
|
- 0
|
|
74
|
-
hash: -
|
|
74
|
+
hash: -2736044117757199136
|
|
75
75
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
76
76
|
none: false
|
|
77
77
|
requirements:
|
|
@@ -80,10 +80,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
80
80
|
version: '0'
|
|
81
81
|
segments:
|
|
82
82
|
- 0
|
|
83
|
-
hash: -
|
|
83
|
+
hash: -2736044117757199136
|
|
84
84
|
requirements: []
|
|
85
85
|
rubyforge_project:
|
|
86
|
-
rubygems_version: 1.8.
|
|
86
|
+
rubygems_version: 1.8.24
|
|
87
87
|
signing_key:
|
|
88
88
|
specification_version: 3
|
|
89
89
|
summary: Manages users across many different child accounts of a RightScale Enterprise
|