# description: Wraps PLCAPI into the SFA compliant API
#
+echo "sfa-cm is no longer supported"
+echo "you should consider rpm -e sfa-cm"
+exit 1
+
# Source config
-. /etc/sfa/sfa_config
+[ -f /etc/sfa/sfa_config.sh ] && . /etc/sfa/sfa_config.sh
# source function library
. /etc/init.d/functions
%define name sfa
%define version 2.1
-%define taglevel 21
+%define taglevel 22
%define release %{taglevel}%{?pldistro:.%{pldistro}}%{?date:.%{date}}
%global python_sitearch %( python -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)" )
[ "$1" -ge "1" ] && service sfa-cm restart || :
%changelog
+* Sun Dec 16 2012 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-2.1-22
+- suited (and required) to run with plcapi-5.1-5 b/c of changes to AddPerson
+- tweaks in nitos importer
+- improvements to sfaadmin check-gid
+
* Tue Dec 11 2012 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - sfa-2.1-21
- PL importer: minor fixes for corner cases
- PL importer: also handles last_updated more accurately
@args('-x', '--xrn', dest='xrn', metavar='<xrn>', help='object hrn/urn', default=None)
@args('-t', '--type', dest='type', metavar='<type>', help='object type (mandatory)',)
@args('-a', '--all', dest='all', metavar='<all>', action='store_true', default=False, help='check all users GID')
- def check_gid(self, xrn=None, type=None, all=None):
+ @args('-v', '--verbose', dest='verbose', metavar='<verbose>', action='store_true', default=False, help='verbose mode: display user\'s hrn ')
+ def check_gid(self, xrn=None, type=None, all=None, verbose=None):
"""Check the correspondance between the GID and the PubKey"""
# db records
OK = []
NOK = []
+ ERROR = []
+ NOKEY = []
for record in records:
# get the pubkey stored in SFA DB
- db_pubkey_str = record.reg_keys[0].key
- db_pubkey_obj = convert_public_key(db_pubkey_str)
+ if record.reg_keys:
+ db_pubkey_str = record.reg_keys[0].key
+ try:
+ db_pubkey_obj = convert_public_key(db_pubkey_str)
+ except:
+ ERROR.append(record.hrn)
+ continue
+ else:
+ NOKEY.append(record.hrn)
+ continue
# get the pubkey from the gid
gid_str = record.gid
else:
NOK.append(record.hrn)
- print "GID/PubKey correpondence is OK for: %s\nGID/PubKey correpondence is NOT OK for: %s" %(OK,NOK)
+ if not verbose:
+ print "Users NOT having a PubKey: %s\n\
+Users having a non RSA PubKey: %s\n\
+Users having a GID/PubKey correpondence OK: %s\n\
+Users having a GID/PubKey correpondence Not OK: %s\n"%(len(NOKEY), len(ERROR), len(OK), len(NOK))
+ else:
+ print "Users NOT having a PubKey: %s and are: \n%s\n\n\
+Users having a non RSA PubKey: %s and are: \n%s\n\n\
+Users having a GID/PubKey correpondence OK: %s and are: \n%s\n\n\
+Users having a GID/PubKey correpondence NOT OK: %s and are: \n%s\n\n"%(len(NOKEY),NOKEY, len(ERROR), ERROR, len(OK), OK, len(NOK), NOK)
# if user's primary key has changed then we need to update the
# users gid by forcing an update here
sfa_keys = user_record.reg_keys
- def key_in_list (key,sfa_keys):
- for reg_key in sfa_keys:
- if reg_key.key==key: return True
+
+ def sfa_key_in_list (sfa_key,nitos_user_keys):
+ for nitos_key in nitos_user_keys:
+ if nitos_key==sfa_key: return True
return False
- # is there a new key in NITOS ?
+ # are all the SFA keys known to nitos ?
new_keys=False
- for key in user['keys']:
- if not key_in_list (key,sfa_keys):
- new_keys = True
+ if not sfa_keys and user['keys']:
+ new_keys = True
+ else:
+ for sfa_key in sfa_keys:
+ if not sfa_key_in_list (sfa_key.key,user['keys']):
+ new_keys = True
+
if new_keys:
(pubkey,pkey) = init_user_key (user)
user_gid = self.auth_hierarchy.create_gid(user_urn, create_uuid(), pkey)
user_record.reg_keys=[]
else:
user_record.reg_keys=[ RegKey (pubkey)]
+ user_record.gid = user_gid
+ user_record.just_updated()
self.logger.info("NitosImporter: updated user: %s" % user_record)
user_record.email = user['email']
dbsession.commit()
dbsession.commit()
-
-if __name__ == "__main__":
- from sfa.util.sfalogging import logger
- nitosimporter = NitosImporter("pla.nitos", logger)
- nitosimporter.run(None)