From db53a9988124e18b56e824d371ff2c2e99005b25 Mon Sep 17 00:00:00 2001 From: Matthieu Lamalle Date: Fri, 9 Jul 2021 15:04:17 +0200 Subject: [PATCH] update authorize_user_group --- scripts/zephir/authorize_user_group.py | 122 ++++++++++++++++---- scripts/zephir/set_timeout_servers_group.py | 1 + 2 files changed, 100 insertions(+), 23 deletions(-) diff --git a/scripts/zephir/authorize_user_group.py b/scripts/zephir/authorize_user_group.py index c76c171..3bbe81f 100644 --- a/scripts/zephir/authorize_user_group.py +++ b/scripts/zephir/authorize_user_group.py @@ -6,6 +6,7 @@ from pyeole.ihm import print_line from pyeole.ansiprint import print_orange, print_red from creole.client import CreoleClient from collections import OrderedDict +from zephir.backend.lib_backend import CxPool try: @@ -22,14 +23,14 @@ from zephir.lib_zephir import flushed_input def display_help(): print("Autorise une connexion ssh d'un utilisateur sur un groupe de serveur") - print("{} [numero du groupe] [--user utilisateur]".format(sys.argv[0])) - + print("{} [numero du groupe] [--user utilisateur] [--key chemin_de_la_clé]".format(sys.argv[0])) + print("--key : si ce paramètre est défini, la clé sera envoyé aux serveurs") def argparser(): # récupère l'ID du groupe arglen = len(sys.argv) if arglen == 1: - return None, None + return None, None, None if sys.argv[1] in ['-h', '--help']: display_help() sys.exit(0) @@ -40,16 +41,20 @@ def argparser(): display_help() sys.exit(1) - if sys.argv[2] in ['-v', '--var']: - varc = sys.argv[3] - return server_id, user + if sys.argv[2] in ['-u', '--user']: + user = sys.argv[3] + return server_id, user, None - return group_id, None + if sys.argv[4] in ['-k', '--key']: + keypath = sys.argv[5] + return server_id, user, keypath + + return group_id, None, None def main(): # import des fonctions communes de Zéphir client - group_id, user = argparser() + group_id, user, keypath = argparser() authentified, proxy = get_pwd(adresse_zephir, 7080) if authentified == False: @@ -68,33 +73,104 @@ def main(): print('Liste des groupes :') for grp_id, group_infos in groups.items(): print(' - ' + str(grp_id) + ' : ' + group_infos[0]) + print( ' - N : Créer un nouveau groupe') while group_id is None: tmp_group_id = flushed_input("Numéro du groupe : ") - try: - group_id = int(tmp_group_id) - except Exception as err: - print(err) - continue - if not group_id in groups: - print_red('Groupe inconnu') - group_id = None - elif not group_id in groups: - print_red('Le groupe "{}" est inconnu'.format(group_id)) - sys.exit(1) + if tmp_group_id == 'N': + group_id = 'N' + liste_serveurs = make_group() + else: + try: + group_id = int(tmp_group_id) + except Exception as err: + print(err) + continue + if not group_id in groups: + print_red('Groupe inconnu') + group_id = None + sys.exit(1) + liste_serveurs = groups[group_id][1] if user is None: user = flushed_input("Utilisateur : ") - liste_serveurs = groups[group_id][1] + if keypath is not None: + keyssh = None + with open(keypath) as f: + keyssh = f.read() + + clef_ssh = base64.encodestring(keyssh).decode() + os.chdir("/etc/postgresql/") + cmd="""sudo -u postgres psql -c "update users set cle='{}' where login='{}';" zephir""".format(clef_ssh,user) + output = os.popen(cmd) + res = output.read().strip() + output.close() + + if res == "UPDATE 1": + print('Clé ssh de utilisateur {} mise à jour'.format(user)) + else: + print("Erreur : ", str(res)) + sys.exit(1) ret = proxy.serveurs.authorize_user(user,liste_serveurs) - # on affiche les erreurs si nécessaire - if ret[1]: - print_orange('Erreur : ' + str(ret[1])) print('Utilisateur {} autorisé à accéder en ssh aux serveurs {}'.format(user, liste_serveurs)) +def make_group(): + cx_pool = CxPool() + cu = cx_pool.create() + cu.execute("""select libelle,id from modules""") + infos = {} + variante_infos = {} + filename = 'exportation' + server_infos = [] + for module_name in cu.fetchall(): + module, version = module_name[0].rsplit('-', 1) + infos.setdefault(version, {})[module] = module_name[1] + + versions = infos.keys() + versions.sort() + print('Choix de la version :') + for idx, version in enumerate(versions): + print('{}: {}'.format(idx, version)) + idx = input('> ') + version = versions[int(idx)] + filename += '-' + version + print + print('Choix du module :') + modules = infos[version].keys() + modules.sort() + for idx, module in enumerate(modules): + print('{}: {}'.format(idx, module)) + idx = input('> ') + module = modules[int(idx)] + filename += '-' + module + print + cu.execute("select libelle,id from variantes where module = " + str(infos[version][module])) + for variante_obj in cu.fetchall(): + variante_infos[variante_obj[0]] = variante_obj[1] + print('Choix de la variante :') + variantes = variante_infos.keys() + variantes.sort() + for idx, variante in enumerate(variantes): + print('{}: {}'.format(idx, variante)) + idx_all = idx + 1 + print('{}: toutes les variantes'.format(idx_all)) + idx = input('> ') + if idx == idx_all: + variantes = variante_infos.values() + else: + filename += '-' + variantes[idx] + variantes = [variante_infos[variantes[idx]]] + print + for variante in variantes: + cu.execute('select id,ip_publique,rne,libelle from serveurs where variante=' + str(variante)) + print("Liste des serveurs : ") + for server in cu.fetchall(): + print('{} - {} - {} - {}'.format(server[0], server[1], server[2], server[3])) + server_infos.append(server[0]) + return server_infos def get_pwd(addr, port): """lecture d'un login/passwd pour l'application zephir diff --git a/scripts/zephir/set_timeout_servers_group.py b/scripts/zephir/set_timeout_servers_group.py index 19ba84d..f250abb 100644 --- a/scripts/zephir/set_timeout_servers_group.py +++ b/scripts/zephir/set_timeout_servers_group.py @@ -98,6 +98,7 @@ def main(): print_orange('Erreur : ' + str(ret[1])) sys.exit(1) print('Polling mis à jour sur les serveurs {}'.format(liste_serveurs)) + def make_group(): cx_pool = CxPool() cu = cx_pool.create()