ucb_confluence 0.0.2

data/.svnignore

@@ -0,0 +1,6 @@
+Manifest
+log
+pkg
+.idea
+.rvmrc
+Ucb_confluence.iml

data/Gemfile

@@ -0,0 +1,5 @@
+source :rubygems
+
+gemspec
+
+gem "bundler", "1.0.18"

data/Gemfile.lock

@@ -0,0 +1,37 @@
+PATH
+  remote: .
+  specs:
+    ucb_confluence (0.0.1)
+      rake (>= 0.8.7)
+      ucb_ldap (>= 1.4.2)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    columnize (0.3.4)
+    diff-lcs (1.1.2)
+    linecache (0.46)
+      rbx-require-relative (> 0.0.4)
+    rake (0.8.7)
+    rbx-require-relative (0.0.5)
+    rcov (0.9.9)
+    rspec (1.3.0)
+    ruby-debug (0.10.4)
+      columnize (>= 0.1)
+      ruby-debug-base (~> 0.10.4.0)
+    ruby-debug-base (0.10.4)
+      linecache (>= 0.3)
+    ruby-net-ldap (0.0.4)
+    ucb_ldap (1.4.2)
+      ruby-net-ldap (>= 0.0.4)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (= 1.0.18)
+  diff-lcs (>= 1.1.2)
+  rcov (>= 0.9.9)
+  rspec (>= 1.3.0)
+  ruby-debug (>= 0.10.4)
+  ucb_confluence!

data/INTERNALS.md

@@ -0,0 +1,12 @@
+
+Resources
+---------
+
+http://confluence.atlassian.com/display/CONFDEV/Remote+API+Specification
+
+
+Tests
+-----
+
+To run the test suite, its recommended that you setup a local version of
+confluence.

data/README.md

@@ -0,0 +1,41 @@
+UCB Confluence
+============
+
+UCB Confluence is a gem to assist with User and Group administration via
+the Confluence xmlrpc API.
+
+
+Overview
+--------
+
+Installation
+------------
+
+    gem install ucb_confluence
+
+
+Assumptions
+-----------
+
+General Configuration
+---------------------
+- Create the directory: $HOME/.ucb_confluence
+- Create the file: $HOME/.ucb_confluence/config.yml
+- Configure your config.yml file w/appropriate values, see sample config.yml below
+
+server_url: https://<your-confluence-hostname>
+ldap_url: ldap.berkeley.edu
+username: <confluence-username>
+password: <your-password>
+user_default_password: <default-password-for-new-users>
+
+ 
+Confluence Configuration
+------------------------
+
+Usage
+-----
+
+See all available commands with:
+
+    ucb_confluence -T

data/Rakefile

@@ -0,0 +1,21 @@
+require 'bundler'  
+require 'spec/rake/spectask'
+require 'spec/rake/verify_rcov'
+
+Bundler::GemHelper.install_tasks()
+
+Spec::Rake::SpecTask.new("spec:rcov") do |t|
+  t.spec_opts ||= []
+  t.spec_opts << "--options" << "spec/spec.opts"
+  t.rcov = true
+end
+
+Spec::Rake::SpecTask.new("spec") do |t|
+  t.spec_opts ||= []
+  t.spec_opts << "--options" << "spec/spec.opts"
+end
+
+RCov::VerifyTask.new(:rcov => "spec:rcov") do |t|
+  t.threshold = 100
+end
+

data/TODO.md

@@ -0,0 +1,8 @@
+
+* Make thread safe: put Conn and Config objects in an instance of Confluence class 
+instead of the class itself so if we use this class in a JRuby rails app where multiple
+threads are used we will be happy.
+
+- Add module for Spaces
+
+- Add module for Permissions

data/bin/ucb_confluence

@@ -0,0 +1,84 @@
+#!/usr/bin/env ruby
+
+require 'pp'
+require 'rubygems'
+require 'rake'
+$LOAD_PATH.unshift(File.expand_path(File.dirname(__FILE__) + '/../lib'))
+require 'confluence'
+
+
+Rake.application.init("ucb_confluence")
+
+namespace(:jobs) do
+  desc "Sync Confluence IST group with LDAP IST group."
+  task(:ist_ldap_sync) do
+    Confluence::Jobs::IstLdapSync.new.execute()
+  end
+
+  desc "Disable expired Confluence users."
+  task(:disable_expired_users) do
+    Confluence::Jobs::DisableExpiredUsers.new.execute()
+  end                 
+end
+
+namespace(:user) do
+  desc "List of all users in Confluence."
+  task(:all) do
+    $stdout.puts(Confluence::User.all)
+  end
+
+  desc "List of all disabled confluence users."
+  task(:expired) do
+    $stdout.puts(Confluence::User.expired())
+  end
+
+  desc "List of all active confluence users."
+  task(:active) do
+    $stdout.puts(Confluence::User.active())
+  end
+  
+  desc "Number of total users (both expired and active) in Confluence."
+  task(:total_count) do
+    $stdout.puts(Confluence::User.all.length)
+  end
+
+  desc "Number of expired users in Confluence."
+  task(:expired_count) do
+    $stdout.puts(Confluence::User.expired.length)
+  end
+
+  desc "Number of active users in Confluence."
+  task(:active_count) do
+    $stdout.puts(Confluence::User.active.length)
+  end
+  
+  desc "List of groups for a given user in Confluence."
+  task(:groups) do
+    user = Confluence::User.find_by_name(ENV["NAME"])
+    if user
+      $stdout.puts(user.groups)
+    else
+      $stdout.puts("[]")
+    end
+  end
+
+  desc "Display info for a given user"
+  task(:find) do
+    $stdout.puts(Confluence::User.find_by_name(ENV["NAME"]))
+  end           
+end
+
+namespace(:group) do
+  desc "List of all groups in Confluence."
+  task(:all) do
+    $stdout.puts(Confluence::Group.all())
+  end
+
+  desc "Number of groups in Confluence."
+  task(:count) do
+    $stdout.puts(Confluence::Group.all.length)
+  end
+end
+
+
+Rake.application.top_level

data/config/.svnignore

@@ -0,0 +1 @@
+config.yml

data/config/config.skel.yml

@@ -0,0 +1,21 @@
+dev:
+  server_url: https://wikihub-dev.berkeley.edu
+  ldap_host: ldap-test.berkeley.edu
+  username: <username>
+  password: <password>
+  user_default_password: <user_default_password>
+
+qa:
+  server_url: https://wikihub-qa.berkeley.edu
+  ldap_host: ldap.berkeley.edu
+  username: <username>
+  password: <password>
+  user_default_password: <user_default_password>
+
+prod:
+  server_url: https://wikihub.berkeley.edu
+  ldap_host: ldap.berkeley.edu
+  username: <username>
+  password: <password>
+  user_default_password: <user_default_password>
+

data/lib/confluence.rb

@@ -0,0 +1,57 @@
+require 'pp'
+require 'logger'
+require 'ucb_ldap'
+require 'xmlrpc/client'
+require 'fileutils'
+
+require 'confluence/conn'
+require 'confluence/user'
+require 'confluence/group'
+require 'confluence/config'
+
+require 'confluence/jobs/ist_ldap_sync'
+require 'confluence/jobs/disable_expired_users'
+
+
+module Confluence
+  ROOT =  File.expand_path(File.dirname(__FILE__) + '/../')
+
+  class << self
+    
+    def conn()
+      unless @conn
+        @conn = Confluence::Conn.new(config())
+      end
+      @conn
+    end
+
+    def config()
+      unless @config
+        @config = Confluence::Config.new()
+        Confluence.logger.debug(@config.inspect())
+      end
+      @config
+    end
+
+    def config=(config)
+      @config = config
+    end
+    
+    def logger()
+      unless @logger
+        @logger = Logger.new("#{config.home()}/log/ucb_confluence.log")
+        @logger.level = Logger::DEBUG
+      end
+      @logger
+    end
+
+    def logger=(logger)
+      @logger = logger
+    end
+    
+    def root()
+      ROOT
+    end
+  end
+end
+

data/lib/confluence/config.rb

@@ -0,0 +1,31 @@
+module Confluence
+  class Config
+    
+    def initialize(config_file = "#{home()}/config.yml")
+      init_home_dir()
+      config = YAML.load_file(config_file)
+      
+      @config = {}
+      @config[:server_url] = config['server_url']
+      @config[:server_url].concat("/rpc/xmlrpc") unless @config[:server_url][-11..-1] == "/rpc/xmlrpc"
+      @config[:ldap_url] = config['ldap_url']
+      @config[:username] = config['username'].to_s
+      @config[:password] = config['password'].to_s
+      @config[:user_default_password] = config['user_default_password'].to_s
+    end
+
+    def [](key)
+      @config[key.to_sym]
+    end
+
+    def home()
+      "#{ENV['HOME']}/.ucb_confluence"
+    end
+    
+    def init_home_dir()
+      FileUtils.mkdir(home()) unless File.exists?(home())
+      FileUtils.mkdir("#{home()}/log") unless File.exists?("#{home()}/log")
+    end
+    
+  end
+end

data/lib/confluence/conn.rb

@@ -0,0 +1,35 @@
+module Confluence
+  class Conn
+    
+    def initialize(config)
+      @config = config
+      server = XMLRPC::Client.new2(@config[:server_url])
+      @conn = server.proxy("confluence1")
+      @token = "12345"
+      do_connect()
+    end
+
+    def method_missing(method_name, *args)
+      begin
+        @conn.send(method_name, *([@token] + args))
+      rescue XMLRPC::FaultException => e
+        if (e.faultString.include?("InvalidSessionException"))
+          do_connect
+          retry
+        else
+          raise(e.faultString)
+        end
+      end
+    end
+
+    def do_connect()
+      @token = @conn.login(@config[:username], @config[:password])
+    rescue XMLRPC::FaultException => e
+      raise(e.faultString)
+    rescue => e
+      Confluence.logger.debug("#{e.class}: #{e.message}")
+      raise(e)
+    end
+    
+  end
+end

data/lib/confluence/group.rb

@@ -0,0 +1,56 @@
+module Confluence
+  class Group
+    class << self
+      ##
+      # Retrieve a list of all groups in Confluence.
+      #
+      # @return [Array<String>] names of all groups in our Confluence instance.
+      #
+      def all()
+        Confluence.conn.getGroups()
+      end
+      
+      ##
+      # Creates a new group in Confluence.
+      #
+      # @param [String] name of group to create.
+      # @return [true, false] result of whether group was successfully created.
+      #
+      def create(name)
+        if all.include?(name)
+          return false
+        else
+          result = Confluence.conn.addGroup(name)
+          Confluence.logger.debug("Created group: #{name}")
+        end
+        result
+      end
+      
+      ##
+      # Delete a group from Confluence.
+      #
+      # @param [String] name of group to delete.
+      # @return [true, false] result of whether group was successfully deleted.
+      #
+      def delete(name)
+        if all.include?(name)
+          result = Confluence.conn.removeGroup(name, Confluence::User::DEFAULT_GROUP)
+          Confluence.logger.debug("Deleted group: #{name}")
+          return result
+        else
+          return false
+        end
+      end
+      
+      ##
+      # Predicate that indicates whether a given group exists in Confluence
+      #
+      # @param [String] the group name.
+      # @return [true,false]
+      #
+      def exists?(grp_name)
+        all.include?(grp_name)
+      end
+    end
+  end
+end

data/lib/confluence/jobs/disable_expired_users.rb

@@ -0,0 +1,87 @@
+
+##
+# Disables a user's Confluence account if they are considered expired.
+#
+module Confluence
+  module Jobs
+    class DisableExpiredUsers
+      
+      def initialize()
+        @disabled_users = []
+      end
+      
+      ##
+      # Run the job
+      #
+      def execute()
+        @disabled_users.clear()
+        disable_expired_users()
+        log_job()
+      end
+      
+      ##
+      # Disables any users that are expired in LDAP or are no longer in LDAP.
+      #
+      def disable_expired_users()
+        confluence_user_names.each do |name|
+          next if name == "conflusa"      
+          ldap_person = find_in_ldap(name)
+          
+          if ldap_person.nil? || !eligible_for_confluence?(ldap_person)
+            user = find_in_confluence(name)
+            user.disable()
+            @disabled_users << user        
+          end
+        end
+      end
+  
+      def log_job()
+        msg = "#{self.class.name}\n\n"
+        msg.concat("Disabled the following Users:\n\n")
+        @disabled_users.each { |u| msg.concat(u) }
+        logger.info(msg)
+      end
+      
+      def logger()
+        Confluence.logger
+      end
+      
+      ##
+      # @return [Array<String>] confluence user names.
+      #
+      def confluence_user_names()
+        Confluence::User.active.map(&:name)
+      end
+      
+      ##
+      # @param [String] user's confluence account name.
+      # @return [Confluence::User, nil]
+      #
+      def find_in_confluence(name)
+        Confluence::User.find_by_name(name)
+      end
+      
+      ##
+      # @param [String] user's ldap uid
+      # @return [UCB::LDAP::Person, nil]
+      #
+      def find_in_ldap(ldap_uid)
+        UCB::LDAP::Person.find_by_uid(ldap_uid)
+      end
+
+      def eligible_for_confluence?(person)
+        valid_affiliations = person.affiliations.inject([]) do |accum, aff|
+          if aff =~ /AFFILIATE-TYPE.*(ALUMNUS|RETIREE|EXPIRED)/
+            accum
+          elsif aff =~ /AFFILIATE-TYPE.*/
+            accum << aff
+          end
+          accum
+        end
+        
+        person.employee? || !valid_affiliations.empty?
+      end
+    end
+  end
+end
+