def filter_stage(options):
"""Filter accounts in the first stage into mid-approval."""
# Process all of the recently requested accounts
with fancy_open(options.users_file, lock = True,
pass_missing = True) as f:
needs_approval = filter_accounts(get_users(f, options), options)
for user, comment in needs_approval:
msg = "`{}` ({}) needs approval: {}".format(user['account_name'], user['owner'], comment)
write_and_alert('/srv/atool/pending', msg, all=True)
# Write the users needing staff approval back to the users file
with fancy_open(options.users_file, "w", lock = True) as f:
write_users(f, [user for user, comment in needs_approval])
def log_creation(user, options):
with fancy_open(options.log_file, "a", lock = True) as f:
sections = [user["account_name"], user["owner"], user["university_uid"],
getuser(), gethostname(), 1, int(user["is_group"]),
asctime(), user["responsible"]]
f.write(":".join([str(i) for i in sections]) + "\n")
def filter_accounts(users, options):
"""Filter accounts into accepted, needs-staff-approval, and rejected."""
accepted = list(users)
needs_approval = []
rejected = []
# Check for log duplicates
# accepted, needs_approval, rejected = \
# _filter_log_duplicates(accepted, needs_approval, rejected, options)
# Check for account name duplicates
accepted, needs_approval, rejected = \
_filter_account_name_duplicates(accepted, needs_approval, rejected,
options)
# Check for owner duplicates
accepted, needs_approval, rejected = \
_filter_owner_duplicates(accepted, needs_approval, rejected, options)
# Check for CalNet UID duplicates
accepted, needs_approval, rejected = \
_filter_university_uid_duplicates(accepted, needs_approval, rejected,
options)
# Check for email address duplicates
# accepted, needs_approval, rejected = \
# _filter_email_duplicates(accepted, needs_approval, rejected, options)
# Check for OCF existing account duplicates
accepted, needs_approval, rejected = \
_filter_ocf_duplicates(accepted, needs_approval, rejected,
options)
# Check CalNet registration status
accepted, needs_approval, rejected = \
_filter_registration_status(accepted, needs_approval, rejected,
options)
# Check for expletives and restrictions in requested usernames
accepted, needs_approval, rejected = \
_filter_restricted_names(accepted, needs_approval, rejected, options)
# Check that requested username is based on real name
accepted, needs_approval, rejected = \
_filter_real_names(accepted, needs_approval, rejected, options)
# Write the accepted users to a staging file, allowing them marinate
with fancy_open(options.mid_approve, "a", lock=True) as f:
write_users(f, accepted)
# Email out this information
_send_rejection_mail(rejected, options)
return needs_approval
def create_stage(options):
"""Create accounts in the mid-approval stage."""
try:
principal = options.admin_user + "/admin"
if getattr(options, "keytab", None) is None:
# Autheticate our ldap session using gssapi
options.admin_password = \
getpass("{0}@OCF.BERKELEY.EDU's Password: "******"", ldap.sasl.gssapi(""))
with fancy_open(options.mid_approve, lock = True,
pass_missing = True, delete = True) as f:
finalize_accounts(get_users(f, options), options)
finally:
check_call(["kdestroy"])
