Code indexing in gitaly is broken and leads to code not being visible to the user. We work on the issue with highest priority.

Skip to content
Snippets Groups Projects
Commit a03fc94b authored by feichtinger's avatar feichtinger
Browse files

rewrote ldap2gplazma to produce also gridmap file, cleaned a lot

parent 1b2810eb
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
t3-filecopy/dcache/ldap2gplazma/ldap2gplazma.py
+ 61
69
View file @ a03fc94b
#!/usr/bin/python
# Puppet Managed File
# 12/12/2011 by martinelli
#
# 12/12/2011 Original version by martinelli
# 17.04.2020 fast fix to also produce a gridmap file, which we need for webdav and REST
# also, cleaned up a lot of the string handling. More needs to be done.
"""
THE SCRIPT WAS CREATED TO BUILD 2 dCache gPlazma FILEs, USUALLY TO BE STORED INTO:
......@@ -17,8 +19,6 @@ https://wiki.chipp.ch/twiki/bin/view/CmsTier3/NodeTypeStorageElement#Automatic_c
# grid-vorolemap_template example
"""
# Hand-written version (Derek)
#
# This file maps VOMS information to local user accounts
# DN VOMS local_account
......@@ -60,16 +60,21 @@ from optparse import OptionParser
import socket
from string import Template
######## MAIN VARIABLEs ###################
global myldaptree
##########################################
################## MAIN ###################
usage = "usage: %prog options "
parser = OptionParser(usage)
parser.add_option("-v", "--verbose", action="store_true", dest="verbose", help="Produce verbose information during the execution", default="")
parser.add_option("-H", "--host-ssl", dest="ldaphost", help="An SSL LDAP server like 't3ldap01.psi.ch' ( domain psi.ch matters for SSL )", default="")
parser.add_option("-D", "--output-directory", dest="output_dir", help="The directory where to store the grid-vorolemap and storage-authzdb files produced, default is the current directory.", default=".")
parser.add_option("-v", "--verbose",
action="store_true",
dest="verbose",
help="Produce verbose information during the execution",
default="")
parser.add_option("-H", "--host-ssl",
dest="ldaphost",
help="An SSL LDAP server like 't3ldap01.psi.ch' ( domain psi.ch matters for SSL )"
, default="")
parser.add_option("-D", "--output-directory",
dest="output_dir",
help="The directory where to store the grid-vorolemap and storage-authzdb files produced, default is the current directory.",
default="./")
(options, args) = parser.parse_args()
......@@ -80,7 +85,7 @@ if options == NO_OPTIONS_PROVIDED:
sys.exit(0)
if options.ldaphost == "":
print "ERROR: -Hs or --host-ssl is a compulsory option"
print "ERROR: -H/--host-ssl is a required option"
sys.exit(1)
else:
try:
......@@ -95,7 +100,7 @@ assert stat.S_ISDIR( os.stat(options.output_dir)[stat.ST_MODE] )
# without a reachable SSL LDAP server we can't do anything
try:
myldaptree = ldap.initialize("ldaps://"+options.ldaphost)
ldaptree = ldap.initialize("ldaps://"+options.ldaphost)
except ldap.LDAPError, e:
print e.message['info']
if type(e.message) == dict and e.message.has_key('desc'):
......@@ -104,72 +109,59 @@ except ldap.LDAPError, e:
sys.exit(1)
# Preliminary coherence checks
assert os.path.isfile('grid-vorolemap_template')
assert os.path.isfile('storage-authzdb_template')
assert os.path.getsize('grid-vorolemap_template') > 0
assert os.path.getsize('storage-authzdb_template') > 0
grid_vorolemap_template_readlines = ''.join(open('grid-vorolemap_template').readlines() )
storage_authzdb_template_readlines = ''.join(open('storage-authzdb_template').readlines() )
# Placeholders must to be present inside the 2 template files
assert grid_vorolemap_template_readlines.find("$DNs_VOMSROLE_LINUXUSERs") != -1
assert storage_authzdb_template_readlines.find("$AUTHORIZE_USERs_PERMs_UID_GID") != -1
####################
with open('gridmap_template','r') as f:
gridmap_template_str = f.read()
template_gridmap = Template(gridmap_template_str)
# Preparing the template objects
myStringTemplate01 = Template(grid_vorolemap_template_readlines)
myStringTemplate02 = Template(storage_authzdb_template_readlines)
with open('grid-vorolemap_template','r') as f:
vorolemap_template_str = f.read()
template_vorolemap = Template(vorolemap_template_str)
USERsLIST = myldaptree.search_s( base="ou=People,dc=cmst3,dc=psi,dc=ch", scope=ldap.SCOPE_SUBTREE, filterstr="(subjectDN~=/)", attrlist=['uid','subjectDN','uidNumber','gidNumber','loginShell'],attrsonly=0 )
with open('storage-authzdb_template', 'r') as f:
storage_authzdb_template_str = f.read()
template_authzdb = Template(storage_authzdb_template_str)
myAUTHORIZE_USERs_PERMs_UID_GID=""
myDNs_VOMSROLE_LINUXUSERs=""
ldap_userlist = ldaptree.search_s( base="ou=People,dc=cmst3,dc=psi,dc=ch",
scope=ldap.SCOPE_SUBTREE,
filterstr="(subjectDN~=/)",
attrlist=['uid','subjectDN','uidNumber',
'gidNumber','loginShell'],
attrsonly=0 )
# we use one 'for' for both files
for user in USERsLIST:
tmp_gridmap = ''
tmp_authzdb = ''
tmp_vorolemap = ''
for user in ldap_userlist:
if user[1]['loginShell'] == '/sbin/nologin' : pass # we skip ghost users
assert ''.join(user[1]['subjectDN']) != ''
myString01 = '"'
myString01 += ''.join(user[1]['subjectDN'])
myString01 += '" '
while len(myString01)< 120 : myString01+=' '
myString01 += '"/cms" '
myString01 += ''.join(user[1]['uid'])
myDNs_VOMSROLE_LINUXUSERs+=myString01 + '\n'
myString02 = 'authorize '
myString02 += ''.join(user[1]['uid']) + ' '
while len(myString02)< 30 : myString02+=' '
myString02 += ' read-write '
myString02 += ''.join(user[1]['uidNumber'])+' '
while len(myString02)< 50 : myString02+=' '
tmp_gridmap += '%-95s %s\n' % ('"' + user[1]['subjectDN'][0] + '"',
user[1]['uid'][0])
if user[1]['gidNumber'] == ['500'] : # 500 is the CMS group
myString02 += ''.join( ' 500' ) + ' '
#myString02 += ' / / /'
else :
myString02 += ''.join(user[1]['gidNumber']) + ',500 '
#myString02 += ' / / /'
myString02 += ' / / /'
tmp_vorolemap += '%-95s "/cms" %s\n' % ('"' + user[1]['subjectDN'][0]
+ '"',
user[1]['uid'][0])
myAUTHORIZE_USERs_PERMs_UID_GID+=myString02 + '\n'
if user[1]['gidNumber'][0] != '500':
add_cmsgroup = ',500'
else:
add_cmsgroup =''
tmp_authzdb += 'authorize %-16s read-write %-8s %s%s / / /\n' % (user[1]['uid'][0],
user[1]['uidNumber'][0],
user[1]['gidNumber'][0],
add_cmsgroup)
#print myDNs_VOMSROLE_LINUXUSERs
#print myAUTHORIZE_USERs_PERMs_UID_GID
with open(options.output_dir + '/grid-vorolemap', 'w') as f:
f.write(template_vorolemap.substitute(DNs_VOMSROLE_LINUXUSERs=tmp_vorolemap))
if options.verbose != "":
print 'Created file: ' + options.output_dir + '/grid-vorolemap'
myFile01 = open( options.output_dir + '/grid-vorolemap', 'w')
myFile02 = open( options.output_dir + '/storage-authzdb','w')
with open(options.output_dir + '/storage-authzdb', 'w') as f:
f.write(template_authzdb.substitute(AUTHORIZE_USERs_PERMs_UID_GID=tmp_authzdb))
if options.verbose != "" :
print 'Created file: ' + options.output_dir + '/storage-authzdb'
myFile01.write( myStringTemplate01.substitute(DNs_VOMSROLE_LINUXUSERs=myDNs_VOMSROLE_LINUXUSERs) )
if options.verbose != "" : print 'Created file: ' + options.output_dir + '/grid-vorolemap'
myFile02.write( myStringTemplate02.substitute(AUTHORIZE_USERs_PERMs_UID_GID=myAUTHORIZE_USERs_PERMs_UID_GID))
if options.verbose != "" : print 'Created file: ' + options.output_dir + '/storage-authzdb'
##############################################
with open(options.output_dir + '/grid-mapfile', 'w') as f:
f.write(template_gridmap.substitute(GRIDMAP_ENTRIES=tmp_gridmap))
sys.exit(0)
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment