|
11 | 11 | import argparse |
12 | 12 | import ldap |
13 | 13 | import re |
| 14 | +import urllib.parse |
14 | 15 |
|
15 | 16 | # set up logging |
16 | 17 | LOGGER = logging.getLogger("AMS User create script per site") |
@@ -467,94 +468,135 @@ def create_users(config, verify): |
467 | 468 | format(service_dn.text, ve)) |
468 | 469 | continue |
469 | 470 |
|
470 | | - project = {'project': ams_project, 'roles': [users_role]} |
471 | | - usr_create = {'projects': [project], 'email': contact_email} |
| 471 | + # check if the given DN already corresponds to a binding |
| 472 | + # if the DN is already in use, skip the creation process and only perform the steps where the user |
| 473 | + # is being assigned to the topic's and sub's acl and the respective topic and subscription are being created. |
472 | 474 |
|
473 | | - # create the user |
474 | | - api_url = 'https://{0}/v1/projects/{1}/members/{2}?key={3}'.format(ams_host, ams_project, user_binding_name, ams_token) |
475 | | - ams_usr_crt_req = requests.post(url=api_url, data=json.dumps(usr_create), verify=verify) |
476 | | - LOGGER.info(ams_usr_crt_req.text) |
| 475 | + # TODO replace ams(service type name) with config value |
| 476 | + binding_exists_url = "https://{0}/v1/service-types/ams/hosts/{1}/bindings?key={2}&authID={3}".format( |
| 477 | + authn_host, authn_service_host, authn_token, urllib.parse.quote_plus(service_dn)) |
477 | 478 |
|
478 | | - ams_user_uuid = "" |
| 479 | + LOGGER.info("Checking if DN {0} is already in use . . . ".format(service_dn)) |
479 | 480 |
|
480 | | - # if the response is neither a 200(OK) nor a 409(already exists) |
481 | | - # then move on to the next user |
482 | | - if ams_usr_crt_req.status_code != 200 and ams_usr_crt_req.status_code != 409: |
483 | | - LOGGER.critical("\nUser: " + user_binding_name) |
484 | | - LOGGER.critical( |
485 | | - "\nSomething went wrong while creating ams user." + |
486 | | - "\nBody data: " + str(usr_create) + "\nResponse Body: " + |
487 | | - ams_usr_crt_req.text) |
488 | | - continue |
| 481 | + binding_exists_req = requests.get(url=binding_exists_url, verify=verify) |
489 | 482 |
|
490 | | - if ams_usr_crt_req.status_code == 200: |
491 | | - ams_user_uuid = ams_usr_crt_req.json()["uuid"] |
492 | | - # count how many users have been created |
493 | | - user_count += 1 |
| 483 | + # if the binding exists, retrieve it, and use its name for any further process |
| 484 | + if binding_exists_req.status_code == 200: |
| 485 | + user_binding_name = binding_exists_req.json()["bindings"][0]["name"] |
| 486 | + LOGGER.info("DN {0} is in use by the binding with name {1}".format(service_dn, user_binding_name)) |
494 | 487 |
|
495 | | - # If the user already exists, Get user by username |
496 | | - if ams_usr_crt_req.status_code == 409: |
497 | | - proj_member_list_url = "https://{0}/v1/projects/{1}/members/{2}?key={3}".format(ams_host, ams_project, user_binding_name, ams_token) |
498 | | - ams_usr_get_req = requests.get(url=proj_member_list_url, verify=verify) |
| 488 | + # else if the Dn isn't in use, go through the full process of creating or updating an existing binding |
| 489 | + elif binding_exists_req.status_code == 404: |
499 | 490 |
|
500 | | - # if the user retrieval was ok |
501 | | - if ams_usr_get_req.status_code == 200: |
502 | | - LOGGER.info("\nSuccessfully retrieved user {} from ams".format(user_binding_name)) |
503 | | - ams_user_uuid = ams_usr_get_req.json()["uuid"] |
504 | | - else: |
| 491 | + usr_create = {'email': contact_email} |
| 492 | + |
| 493 | + # create the user |
| 494 | + api_url = 'https://{0}/v1/projects/{1}/members/{2}?key={3}'.format(ams_host, ams_project, user_binding_name, ams_token) |
| 495 | + ams_usr_crt_req = requests.post(url=api_url, data=json.dumps(usr_create), verify=verify) |
| 496 | + LOGGER.info(ams_usr_crt_req.text) |
| 497 | + |
| 498 | + ams_user_uuid = "" |
| 499 | + |
| 500 | + # if the response is neither a 200(OK) nor a 409(already exists) |
| 501 | + # then move on to the next user |
| 502 | + if ams_usr_crt_req.status_code != 200 and ams_usr_crt_req.status_code != 409: |
| 503 | + LOGGER.critical("\nUser: " + user_binding_name) |
505 | 504 | LOGGER.critical( |
506 | | - "\nCould not retrieve user {} from ams." |
507 | | - "\n Response {}".format(user_binding_name, ams_usr_get_req.text)) |
| 505 | + "\nSomething went wrong while creating ams user." + |
| 506 | + "\nBody data: " + str(usr_create) + "\nResponse Body: " + |
| 507 | + ams_usr_crt_req.text) |
508 | 508 | continue |
509 | 509 |
|
510 | | - # Create the respective AUTH binding |
511 | | - bd_data = { |
512 | | - 'service_uuid': authn_service_uuid, |
513 | | - 'host': authn_service_host, |
514 | | - 'auth_identifier': service_dn, |
515 | | - 'unique_key': ams_user_uuid, |
516 | | - "auth_type": "x509" |
517 | | - } |
518 | | - |
519 | | - create_binding_url = "https://{0}/v1/bindings/{1}?key={2}".format(authn_host, user_binding_name, authn_token) |
520 | | - |
521 | | - authn_binding_crt_req = requests.post(url=create_binding_url, data=json.dumps(bd_data), verify=verify) |
522 | | - LOGGER.info(authn_binding_crt_req.text) |
523 | | - |
524 | | - # if the response is neither a 201(Created) nor a 409(already exists) |
525 | | - if authn_binding_crt_req.status_code != 201 and authn_binding_crt_req.status_code != 409: |
526 | | - LOGGER.critical( |
527 | | - "Something went wrong while creating a binding." + |
528 | | - "\nBody data: " + str(bd_data) + "\nResponse: " + |
529 | | - authn_binding_crt_req.text) |
530 | | - continue |
531 | | - |
532 | | - # if the binding already exists, check for an updated DN from gocdb |
533 | | - if authn_binding_crt_req.status_code == 409: |
534 | | - retrieve_binding_url = "https://{0}/v1/bindings/{1}?key={2}".format(authn_host, user_binding_name, authn_token) |
535 | | - authn_ret_bind_req = requests.get(url=retrieve_binding_url, verify=verify) |
536 | | - # if the binding retrieval was ok |
537 | | - if authn_ret_bind_req.status_code == 200: |
538 | | - LOGGER.info("\nSuccessfully retrieved binding {} from authn. Checking for DN update.".format(user_binding_name)) |
539 | | - binding = authn_ret_bind_req.json() |
540 | | - # check if the dn has changed |
541 | | - if binding["auth_identifier"] != service_dn: |
542 | | - # update the respective binding with the new dn |
543 | | - bind_upd_req_url = "https://{0}/v1/bindings/{1}?key={2}".format(authn_host, user_binding_name, authn_token) |
544 | | - upd_bd_data = { |
545 | | - "auth_identifier": service_dn |
546 | | - } |
547 | | - authn_bind_upd_req = requests.put(url=bind_upd_req_url, data=json.dumps(upd_bd_data), verify=verify) |
548 | | - LOGGER.info(authn_bind_upd_req.text) |
549 | | - if authn_bind_upd_req.status_code == 200: |
550 | | - update_binding_count += 1 |
551 | | - update_bindings_names.append(user_binding_name) |
552 | | - else: |
| 510 | + if ams_usr_crt_req.status_code == 200: |
| 511 | + ams_user_uuid = ams_usr_crt_req.json()["uuid"] |
| 512 | + # count how many users have been created |
| 513 | + user_count += 1 |
| 514 | + |
| 515 | + # If the user already exists, Get user by username |
| 516 | + if ams_usr_crt_req.status_code == 409: |
| 517 | + proj_member_list_url = "https://{0}/v1/projects/{1}/members/{2}?key={3}".format(ams_host, ams_project, user_binding_name, ams_token) |
| 518 | + ams_usr_get_req = requests.get(url=proj_member_list_url, verify=verify) |
| 519 | + |
| 520 | + # if the user retrieval was ok |
| 521 | + if ams_usr_get_req.status_code == 200: |
| 522 | + LOGGER.info("\nSuccessfully retrieved user {} from ams".format(user_binding_name)) |
| 523 | + ams_user_uuid = ams_usr_get_req.json()["uuid"] |
| 524 | + else: |
| 525 | + LOGGER.critical( |
| 526 | + "\nCould not retrieve user {} from ams." |
| 527 | + "\n Response {}".format(user_binding_name, ams_usr_get_req.text)) |
| 528 | + continue |
| 529 | + |
| 530 | + # Create the respective AUTH binding |
| 531 | + bd_data = { |
| 532 | + 'service_uuid': authn_service_uuid, |
| 533 | + 'host': authn_service_host, |
| 534 | + 'auth_identifier': service_dn, |
| 535 | + 'unique_key': ams_user_uuid, |
| 536 | + "auth_type": "x509" |
| 537 | + } |
| 538 | + |
| 539 | + create_binding_url = "https://{0}/v1/bindings/{1}?key={2}".format(authn_host, user_binding_name, authn_token) |
| 540 | + |
| 541 | + authn_binding_crt_req = requests.post(url=create_binding_url, data=json.dumps(bd_data), verify=verify) |
| 542 | + LOGGER.info(authn_binding_crt_req.text) |
| 543 | + |
| 544 | + # if the response is neither a 201(Created) nor a 409(already exists) |
| 545 | + if authn_binding_crt_req.status_code != 201 and authn_binding_crt_req.status_code != 409: |
553 | 546 | LOGGER.critical( |
554 | | - "\nCould not retrieve binding {} from authn." |
555 | | - "\n Response {}".format(user_binding_name, authn_ret_bind_req.text)) |
| 547 | + "Something went wrong while creating a binding." + |
| 548 | + "\nBody data: " + str(bd_data) + "\nResponse: " + |
| 549 | + authn_binding_crt_req.text) |
556 | 550 | continue |
557 | 551 |
|
| 552 | + # if the binding already exists, check for an updated DN from gocdb |
| 553 | + if authn_binding_crt_req.status_code == 409: |
| 554 | + retrieve_binding_url = "https://{0}/v1/bindings/{1}?key={2}".format(authn_host, user_binding_name, authn_token) |
| 555 | + authn_ret_bind_req = requests.get(url=retrieve_binding_url, verify=verify) |
| 556 | + # if the binding retrieval was ok |
| 557 | + if authn_ret_bind_req.status_code == 200: |
| 558 | + LOGGER.info("\nSuccessfully retrieved binding {} from authn. Checking for DN update.".format(user_binding_name)) |
| 559 | + binding = authn_ret_bind_req.json() |
| 560 | + # check if the dn has changed |
| 561 | + if binding["auth_identifier"] != service_dn: |
| 562 | + # update the respective binding with the new dn |
| 563 | + bind_upd_req_url = "https://{0}/v1/bindings/{1}?key={2}".format(authn_host, user_binding_name, authn_token) |
| 564 | + upd_bd_data = { |
| 565 | + "auth_identifier": service_dn |
| 566 | + } |
| 567 | + authn_bind_upd_req = requests.put(url=bind_upd_req_url, data=json.dumps(upd_bd_data), verify=verify) |
| 568 | + LOGGER.info(authn_bind_upd_req.text) |
| 569 | + if authn_bind_upd_req.status_code == 200: |
| 570 | + update_binding_count += 1 |
| 571 | + update_bindings_names.append(user_binding_name) |
| 572 | + else: |
| 573 | + LOGGER.critical( |
| 574 | + "\nCould not retrieve binding {} from authn." |
| 575 | + "\n Response {}".format(user_binding_name, authn_ret_bind_req.text)) |
| 576 | + continue |
| 577 | + |
| 578 | + # add the user to the AMS project with corresponding role |
| 579 | + add_user_project_url = "https://{0}/v1/projects/{1}/members/{2}:add?key={3}".format(ams_host, |
| 580 | + ams_project, |
| 581 | + user_binding_name, |
| 582 | + ams_token) |
| 583 | + |
| 584 | + add_user_project_req_body = { |
| 585 | + "project": ams_project, |
| 586 | + "roles": [users_role] |
| 587 | + } |
| 588 | + |
| 589 | + LOGGER.info("Adding user {0} to project {1} . . .".format(user_binding_name, ams_project)) |
| 590 | + |
| 591 | + add_user_project_req = requests.post(url=add_user_project_url, |
| 592 | + data=json.dumps(add_user_project_req_body), verify=verify) |
| 593 | + |
| 594 | + if add_user_project_req.status_code != 200 and add_user_project_req.status_code != 409: |
| 595 | + LOGGER.info("Could not add user {0} to project {1}.\nResponse {2}".format(user_binding_name, |
| 596 | + ams_project, |
| 597 | + add_user_project_req.text)) |
| 598 | + continue |
| 599 | + |
558 | 600 | # since both the ams user was created or already existed AND the authn binding was created or already existed |
559 | 601 | # move to topic and subscription creation |
560 | 602 |
|
|
0 commit comments