def process_changelog(evt_key, classes): """Process the entries from changelog identifying previous events by evt_key, and using events and callback methods in classes """ evt_id2call_back = {} for c in classes: for t in c.get_triggers(): evt_id2call_back.setdefault(int(getattr(cl_const, t)), []).append( getattr(c, "notify_%s" % t)) ei = CLHandler.CLHandler(Factory.get('Database')()) for evt in ei.get_events(evt_key, evt_id2call_back.keys()): ok = [] for call_back in evt_id2call_back[int(evt.fields.change_type_id)]: if evt['change_params']: params = pickle.loads(evt['change_params']) else: params = {} logger.debug2("Callback %i -> %s" % (evt['change_id'], call_back)) ok.append(call_back(evt, params)) # Only confirm if all call_backs returned true if not filter(lambda t: not t, ok): ei.confirm_event(evt) ei.commit_confirmations()
def main(): db = Factory.get('Database')() clco = Factory.get('CLConstants')(db) cl = CLHandler.CLHandler(db) parser = argparse.ArgumentParser(description=__doc__) parser.add_argument( '-t', '--changelog_tracker', dest='changelog_tracker', default=cereconf.PWD_WIPE_EVENT_HANDLER_KEY, help='Event handler key to monitor for changes. Default is {0}'.format( cereconf.PWD_WIPE_EVENT_HANDLER_KEY)) parser.add_argument( '-m', '--max_changes', dest='max_changes', default=cereconf.PWD_MAX_WIPES, help='Maximum number of passwords to wipe. Default is {0}'.format( cereconf.PWD_MAX_WIPES)) parser.add_argument( '-a', '-age_threshold', dest='age_threshold', default=cereconf.PWD_AGE_THRESHOLD, help='how old passwords need to be before they are wiped. ' + 'Default is {0}'.format(cereconf.PWD_AGE_THRESHOLD)) parser.add_argument('-c', '--commit', dest='commit', action='store_true', help='Write changes to database') Cerebrum.logutils.options.install_subparser(parser) args = parser.parse_args() Cerebrum.logutils.autoconf('cronjob', args) if not args.changelog_tracker: logger.error("Empty changelog tracker! This would go through the " "entire change-log. No way! Quitting!") return changes = cl.get_events(args.changelog_tracker, (clco.account_password, )) num_changes = len(changes) if num_changes == 0: logger.info("No passwords to wipe!") return elif num_changes > args.max_changes: logger.error( "Too many changes (%s)! Check if changelog tracker " "(%s) is correct, or override limit in command-line " "or cereconf", num_changes, args.changelog_tracker) return logger.info("Starting to wipe %s password changes since last wipe", num_changes) pwd_wipe(db, cl, changes, args.age_threshold, args.commit) logger.info("Finished wiping passwords")
def main(): global cl, db, co, ac, logger, server db = Factory.get('Database')() co = Factory.get('Constants')(db) ac = Factory.get('Account')(db) logger = Factory.get_logger("cronjob") cl = CLHandler.CLHandler(db) delete_objects = False user_spread = None dry_run = False passwd = db._read_password(cereconf.AD_SERVER_HOST, cereconf.AD_SERVER_UNAME) # Connect to AD-service at NMH # server = xmlrpclib.Server( "https://%s@%s:%i" % (passwd, cereconf.AD_SERVER_HOST, cereconf.AD_SERVER_PORT)) try: opts, args = getopt.getopt(sys.argv[1:], 'hds:', ['user_spread=', 'help', 'dry_run']) except getopt.GetoptError: usage() for opt, val in opts: if opt == '--user_spread': user_spread = getattr(co, val) # TODO: Need support in Util.py elif opt == '--help': usage() elif opt == '--dry_run': dry_run = True if not user_spread: usage() logger.info("Syncronizing passwords...") quick_sync(user_spread, dry_run) logger.info("All done.")
def main(): global db, constants, logger, person, account global default_creator_id, default_expire_date db = Factory.get('Database')() db.cl_init(change_program='auto_create') acc = Factory.get('Account')(db) constants = Factory.get('Constants')(db) cl_handler = CLHandler.CLHandler(db) logger = Factory.get_logger('cronjob') person = Factory.get('Person')(db) account = Factory.get('Account')(db) acc.find_by_name(cereconf.INITIAL_ACCOUNTNAME) default_creator_id = acc.entity_id default_expire_date = None cl_events = [] new_acc_id = None try: cl_events = cl_handler.get_events('auto_create', (constants.person_create, )) if cl_events == []: logger.info("Nothing to do.") sys.exit(0) for event in cl_events: if event['change_type_id'] == constants.person_create: new_acc_id = build_account(event['subject_entity']) if new_acc_id == None: logger.error('Could not create an account for %s', event['subject_entity']) continue cl_handler.confirm_event(event) except TypeError, e: logger.warn("No such event, %s" % e) return None
def quicksync_roles_and_perms(client, selection_spread, config, commit): """Quick sync for roles and permissions. :type client: EphorteWS :param client: The client used to talk to ePhorte :type selection_spread: Spread :param selection_spread: A person must have this spread to be synced :type config: Config :param config: Configuration :type commit: bool :param commit: Commit confirmed events? """ from Cerebrum.modules import CLHandler clh = CLHandler.CLHandler(db) pe = Factory.get('Person')(db) change_types_roles = (clconst.ephorte_role_add, clconst.ephorte_role_rem, clconst.ephorte_role_upd) change_types_perms = (clconst.ephorte_perm_add, clconst.ephorte_perm_rem) change_types = change_types_roles + change_types_perms event_selector = select_events_by_person( clh=clh, config=config, change_types=change_types, selection_spread=selection_spread) for person_id, events in event_selector: if not sanity_check_person(person_id=person_id, selection_spread=selection_spread): continue pe.clear() pe.find(person_id) if not update_person_info(pe, client): continue try: if update_person_roles(pe, client, remove_superfluous=True): for event in events: if event['change_type_id'] in change_types_roles: clh.confirm_event(event) except: logger.warn( 'Failed to update roles for person_id:%s', person_id, exc_info=True) else: if commit: clh.commit_confirmations() try: if update_person_perms(pe, client, remove_superfluous=True): for event in events: if event['change_type_id'] in change_types_perms: clh.confirm_event(event) except: logger.warn( 'Failed to update permissions for person_id:%s', person_id, exc_info=True) else: if commit: clh.commit_confirmations() if commit: clh.commit_confirmations()
If sendmail is enabled, events will be confirmed in CLHandler, and emails will be sent instead of outputted to the logger instance. """ import pickle import cereconf import cerebrum_path from Cerebrum import Errors from Cerebrum import Utils from Cerebrum.Utils import Factory from Cerebrum.modules import CLHandler db = Factory.get('Database')() co = Factory.get('Constants')(db) ac = Factory.get('Account')(db) cl = CLHandler.CLHandler(db) def check_changelog_for_quarantine_triggers(logger, sendmail): """ Scans the changelog for changes related to the quarantines defined in cereconf.QUARANTINE_NOTIFY_DATA. This dict also contains which actions should trigger an email notification for specific quarantines, as well as the email sender/recipient and a quarantine-specific CLHandler-key. If sendmail is enabled, events will be confirmed in CLHandler, and emails will be sent instead of outputted to the logger instance. :param logger: Factory-generated logger-instance :param sendmail: Turns on event confirming to CLHandler and email sending :type: bool """
def main(): global logger global EVENT_KEY logger = Factory.get_logger('cronjob') parser = argparse.ArgumentParser(description=__doc__) parser.add_argument('-c', '--commit', action='store_true', default=False, help="Commit changes") parser.add_argument('-s', '--skip-events', action='store_true', default=False, help="Skip past events (good for initial" "run)") args = parser.parse_args() db = Factory.get('Database')(client_encoding='UTF-8') db.cl_init(change_program="update-ougroups") co = Factory.get('Constants')(db) clco = Factory.get('CLConstants')(db) clh = CLHandler.CLHandler(db) data = make_data() types = {} def make_handler(tp, function, const): if tp == 'person': filler = fill_person elif tp == 'account': filler = fill_account elif tp == 'both': filler = fill_account tp = 'person' else: def handler(event): function(event, db, co, data) return handler def handler(event): args = event['change_params'] if args is not None: args = pickle.loads(args) logger.debug('Handler(%s) called for %s', tp, args) eid = int(event['subject_entity']) datum = data[tp].get(eid) try: if datum is None: datum = filler(eid, db, co, data) function(event, db, co, datum, args) except NotFoundError: pass return handler for tp in (('person', (clco.person_aff_src_add, handle_person_aff_add), (clco.person_aff_src_mod, handle_person_aff_mod), (clco.person_aff_src_del, handle_person_aff_del)), ('account', (clco.account_type_add, handle_account_type_add), (clco.account_type_mod, handle_account_type_mod), (clco.account_type_del, handle_account_type_del)), ('group', (clco.group_add, handle_group_add), (clco.group_rem, handle_group_rem))): t, changes = tp[0], tp[1:] for const, adder in changes: logger.debug5("Setting up handler %s -> %s", const, adder) types[int(const)] = make_handler(t, adder, const) events = clh.get_events(EVENT_KEY, types.keys()) if args.skip_events: logger.info('Skipping events') for event in events: clh.confirm_event(event) logger.info('Done') else: logger.info('Starting event traversing') for event in reversed(events): logger.debug('Handling event %s', event) types.get(int(event['change_type_id']), lambda x: None)(event) clh.confirm_event(event) logger.info('Done event traversing, calculating changes') calculate_changes(db, data, co) logger.info('Done') if args.commit: logger.info('Committing') clh.commit_confirmations() db.commit() else: logger.info('Doing rollback') db.rollback()
def __init__(self, *args, **kwargs): super(ADquiSync, self).__init__(*args, **kwargs) self.cl = CLHandler.CLHandler(db)
def main(): parser = argparse.ArgumentParser(description=__doc__) parser.add_argument('-d', '--dryrun', dest='dryrun', action='store_true', default=False, help="Do not commit the changes to db") parser.add_argument( '--list-handlers', action='store_true', help="List defined change handlers from the db and quit") parser.add_argument('--print-handlers', action='store_true', help="Print all change handler data and quit") parser.add_argument('-k', '--key', help="Set what change handler key you want to work on") parser.add_argument( '--force-last-id', type=int, default=0, help="""Force last_id to the given number. The key argument must be specified. If the change handler key doesn't exist, it gets created. Note: This forces the last_id and removes all gaps in the range before this, setting every change to "completed". Use with care!""") args = parser.parse_args() db = Factory.get('Database')(client_encoding='UTF-8') db.cl_init(change_program="change-handler-manipulator") co = Factory.get('Constants')(db) clh = CLHandler.CLHandler(db) logger.info("change_handler_manipulate.py started") if args.dryrun: # Force rollback to be sure, since CLHandler forces commits itself db.commit = db.rollback if args.list_handlers: handlers = {} for row in clh.list_handler_data(): handlers.setdefault(row['evthdlr_key'], []).append(row) for key in sorted(handlers): first = None last = None ids = handlers[key] for i in ids: if first is None or i['first_id'] < first: first = i['first_id'] if last is None or i['last_id'] > last: last = i['last_id'] print "'%s' (%d handlers):" % (key, len(handlers[key])) print " First first_id: %20d" % first print " Last last_id: %20d" % last print elif args.print_handlers: handlers = {} for row in clh.list_handler_data(): handlers.setdefault(row['evthdlr_key'], []).append(row) print "%20s %10s %10s" % ('Key', 'first_id', 'last_id') for key in sorted(handlers): for r in handlers[key]: print "%20s %10d %10d" % (key, r['first_id'], r['last_id']) elif args.force_last_id > 0: if not args.key: raise Exception("Missing --key argument") logger.info("Forcing change handler key '%s' to last_id = %d", args.key, args.force_last_id) clh._update_ranges(args.key, [ [-1, args.force_last_id], ]) else: print "No action given. Quits" if args.dryrun: logger.info("Rolled back changes") db.rollback() else: logger.info("Commiting changes") db.commit() logger.info("change_handler_manipulate.py finished")