fixed group for perunsync

martin-kuba · martin-kuba · commit e271b9ac042d · 2024-03-21T16:16:03.000+01:00
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -710,7 +710,6 @@ perun_msmtp_config: |
 perun_sync_enabled: no
 perun_sync_users:
   - user: perunsync
-    group: perunsync
     comment: Perun-to-Perun synchronization
     src_host: idm.ics.muni.cz
     ssh_key_file: files/idm.ics.muni.cz/id_rsa.pub
diff --git a/files/perun_sync.py b/files/perun_sync.py
@@ -1,12 +1,12 @@
 #!/usr/bin/env python3
-import grp
 import os
-import pwd
 import sys
 import json
 
-DIR = os.getenv('HOME')
+DIR = os.getenv('HOME') + "/perun_sync_json"
 RESOURCE_ATTR_NAME = "urn:perun:resource:attribute-def:def:authorizationResourceId"
+os.umask(0o022)
+
 
 def update_json(data):
     for user_uuid, user_data in data["users"].items():
@@ -38,9 +38,6 @@ def replace_files(data):
             json.dump(resource_data, tmp_file, indent=4)
             tmp_file.flush()
             os.fsync(tmp_file.fileno())
-        # uid = pwd.getpwnam("perunrpc").pw_uid
-        # gid = grp.getgrnam("perunrpc").gr_gid
-        # os.chown(f"{filepath}.tmp", uid, gid)
         os.replace(f"{filepath}.tmp", f"{filepath}.json")
 
 
diff --git a/tasks/perun_sync.yml b/tasks/perun_sync.yml
@@ -26,20 +26,32 @@
     group: root
     mode: '0755'
 
-- name: "create groups for each source Perun"
-  loop: "{{ perun_sync_users }}"
+- name: "create group perunsync"
   group:
-    name: "{{ item.group }}"
+    name: perunsync
+    gid: 959
+    system: yes
 
 - name: "create users for each source Perun"
   loop: "{{ perun_sync_users }}"
   user:
     name: "{{ item.user }}"
-    group: "{{ item.group }}"
+    group: perunsync
     comment: "{{ item.comment }}"
     shell: /bin/bash
     create_home: true
 
+- name: "create directory perun_sync_json in each home"
+  loop: "{{ perun_sync_users }}"
+  loop_control:
+    label: "/home/{{ item.user }}/perun_sync_json"
+  file:
+    state: directory
+    path: "/home/{{ item.user }}/perun_sync_json"
+    owner: "{{ item.user }}"
+    group: perunsync
+    mode: '0755'
+
 - name: "add source Perun's engine ssh keys"
   loop: "{{ perun_sync_users }}"
   authorized_key:
@@ -60,10 +72,3 @@
   systemd:
     name: sshd
     state: reloaded
-
-- name: "add perunrpc to groups for sync"
-  loop: "{{ perun_sync_users }}"
-  user:
-    name: perunrpc
-    groups: "{{ item.group }}"
-    append: true
