1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
#!/usr/bin/python
# Copyright 2012 Patrick Uiterwijk <puiterwijk@fedoraproject.org>
# This file has been released as LGPLv3+, see COPYING for the complete license
import sys
import string
import ConfigParser
from argparse import ArgumentParser
from fedora.client import AccountSystem
from oshift_mod import Openshift
from getpass import getpass
import os
os.environ['OPENSHIFT_REST_API'] = '1.5'
def get_keys(host,user,passwd):
os = Openshift(host=host,user=user,passwd=passwd)
(resp, content) = os.keys_list()
if resp != 200:
print('ERROR! Result: %(resp)s' % {'resp': resp})
sys.exit(1)
return os.rest.response.json()['data']
def add_key(host,user,passwd,key_name,key_type,key_contents, verbose=False):
if verbose:
print('Adding key %(keyname)s' % {'keyname': key_name})
os = Openshift(host=host,user=user,passwd=passwd)
(resp, content) = os.key_add(name=key_name, type=key_type, key_str=key_contents)
# 200 = ok, 201 = created, 422 = error in key format
# The latest one is an error, but shouldn't break adding the rest of the keys
if resp != 200 and resp != 201 and resp != 422:
print('ERROR! Result: %(resp)s' % {'resp': resp})
sys.exit(2)
if verbose:
print('Done')
return os.rest.response.json()['data']
def remove_key(host,user,passwd,key_name, verbose=False):
if verbose:
print('Removing key %(keyname)s' % {'keyname': key_name})
os = Openshift(host=host,user=user,passwd=passwd)
(resp, content) = os.key_delete(key_name)
if resp != 200:
print 'ERROR! Result: %(resp)s' % {'resp': resp}
sys.exit(3)
if verbose:
print('Done')
return os.rest.response.json()['data']
def get_users_to_have_access(fas, groups):
all_users = set()
for group in groups:
new_users = fas.group_members(group)
for new_user in new_users:
all_users.add(new_user['username'])
return all_users
def get_users_ssh_keys(fas, users):
keys = {}
user_data = fas.user_data()
for userid in user_data.keys():
if user_data[userid]['username'] in users:
if user_data[userid]['ssh_key']:
contents = user_data[userid]['ssh_key']
if contents.split(' ') > 1:
key_type = contents.split(' ')[0]
key_contents = contents.split(' ')[1]
keys[user_data[userid]['username']] = {'type': key_type,
'contents': key_contents,
'username': user_data[userid]['username']}
return keys
def get_keys_to_remove(keys_in_openshift, keys_in_fas):
keys_to_remove = set()
for key in keys_in_openshift:
keys_to_remove.add(key['name'])
for key_in_fas in keys_in_fas:
if keys_in_fas[key_in_fas]['contents'] == key['content']:
keys_to_remove.remove(key['name'])
return keys_to_remove
def get_keys_to_add(keys_in_openshift, keys_in_fas):
usernames_to_add = set()
for username in keys_in_fas:
usernames_to_add.add(username)
for key in keys_in_openshift:
if key['content'] == keys_in_fas[username]['contents']:
usernames_to_add.remove(username)
keys_to_add = []
for username in usernames_to_add:
keys_to_add.append(keys_in_fas[username])
return keys_to_add
def remove_keys(openshift_host, openshift_user, openshift_pass, to_remove, verbose=False):
if verbose:
print('Removing the following keys:')
print(to_remove)
for key in to_remove:
remove_key(openshift_host, openshift_user, openshift_pass, key, verbose=verbose)
if verbose:
print('Done')
def add_keys(openshift_host, openshift_user, openshift_pass, to_add, prefix, verbose=False):
if verbose:
print('Adding the following keys:')
print(to_add)
for key in to_add:
add_key(openshift_host, openshift_user, openshift_pass, '%(prefix)s%(username)s' % {'prefix': prefix, 'username': key['username']}, key['type'], key['contents'], verbose=verbose)
if verbose:
print('Done')
if __name__ == '__main__':
parser = ArgumentParser()
parser.add_argument('-config_file', help='The configuration file to use', default='/etc/sync-openshift-keys.conf')
parser.add_argument('--verbose', '-v', help='Make the script more verbose', action='store_true')
args = parser.parse_args()
config = ConfigParser.ConfigParser()
config.read(args.config_file)
fas = AccountSystem(config.get('fas', 'url'), username=config.get('fas', 'user'), password=config.get('fas', 'pass'))
fas.insecure = True
if args.verbose:
print('Getting users...')
users = get_users_to_have_access(fas, string.split(config.get('general', 'groups'), ','))
if args.verbose:
print('Done: %s' % users)
print('Getting keys in FAS...')
keys_fas = get_users_ssh_keys(fas, users)
if args.verbose:
print('Done: %s')
print('Getting keys in Openshift...')
keys_openshift = get_keys(config.get('openshift', 'host'), config.get('openshift', 'user'), config.get('openshift', 'pass'))
if args.verbose:
print('Done')
print('Getting keys to remove...')
keys_to_remove = get_keys_to_remove(keys_openshift, keys_fas)
if args.verbose:
print('Done')
print('Getting keys to add...')
keys_to_add = get_keys_to_add(keys_openshift, keys_fas)
if args.verbose:
print('Done')
remove_keys(config.get('openshift', 'host'), config.get('openshift', 'user'), config.get('openshift', 'pass'), keys_to_remove, verbose=args.verbose)
add_keys(config.get('openshift', 'host'), config.get('openshift', 'user'), config.get('openshift', 'pass'), keys_to_add, config.get('general', 'keyname_prefix'), verbose=args.verbose)
|
