def make_zone(zone_name, endpoint, comment=None): """ This function calls iadmin mkzone to create a new remote zone definition. The endpoint is of the form hostname:port. It will also make sure that the zone path /zone_name is readable by the public group and (if it's configured) the anonymous user. On success make_zone will return a dict representing the new zone details. On failure, None will be returned. """ if not zone_name or not endpoint: return None mkzone_args = [ zone_name, 'remote', endpoint ] if comment: mkzone_args.append(comment) if run_iadmin('mkzone', mkzone_args): return None # add the zone read ACLs. if run_iadmin('modzonecollacl', ['read', 'public', '/%s' % zone_name]): print('could not add "read" permission to "public" on zone %s' % zone_name) # ignore an error for the anonymous user, as this user is only optionally defined run_iadmin('modzonecollacl', ['read', 'anonymous', '/%s' % zone_name]) newzone = get_zone_details(zone_name) return newzone[0]
def remove_zone(zone_name): """ This function will remove a zone definition from icat. Returns 0 on success and -1 on error. """ if not zone_name: return 0 return run_iadmin('rmzone', [zone_name,])
def modify_zone(zone_name, endpoint=None, comment=None): """ This function calls iadmin modzone to update a remote zone definition (endpoint or comment). The endpoint is of the form hostname:port. At this time, mod_zone will not support changing the zone name. On success mod_zone will return a dict representing the new zone details. On failure, None will be returned. """ if not zone_name: return None if comment and run_iadmin('modzone', [zone_name, 'comment', comment]): return None if endpoint and run_iadmin('modzone', [zone_name, 'conn', endpoint]): return None zone = get_zone_details(zone_name) return zone[0]
def synchronize_user_db(source_groups, dest_groups, remove=False, verbose=False): """ This function compares the source of users/groups to the destination and makes any changes to the destination iRODS instance to make them the same. Takes as input two dictionaries that are indexed by group name. Each dictionary entry is a list of users that are members of the group. The remove flag indicates that items that don't exist in the source zone should be removed from the destination. Make sure this is false if you want to make sure that local changes to the user DB are retained. The verbose flag causes messages to be printed to indicate what synchronization stage is being performed. """ if not source_groups or dest_groups == None: return None # remove groups locally that don't exist in IDS if remove: if verbose: print('Removing groups no longer defined in the source zone...') for group in dest_groups: if group not in source_groups: if run_iadmin('rmgroup', [ group, ], verbose=verbose): if verbose: print('\terror removing group %s' % (group,)) else: if verbose: print('\tremoved group %s' % (group,)) # remove users that don't exist in IDS's ids-user group if remove: if verbose: print('Removing users that have been removed from \'ids-user\'...') if 'ids-user' in dest_groups: for user in dest_groups['ids-user']: if user not in source_groups['ids-user']: zone_user = user + '#incf' if run_iadmin('rmuser', [ zone_user, ], verbose=verbose): if verbose: print('\terror removing user %s' % (zone_user,)) print('\tThey might still own files in iRODS.') else: if verbose: print('\tremoved user %s' % (zone_user,)) # Additions # add groups from IDS that don't exist locally if verbose: print('Adding new source zone groups...') for group in source_groups: if group not in dest_groups: if run_iadmin('mkgroup', [ group, ], verbose=verbose): if verbose: print('\terror adding new group %s' % (group,)) else: dest_groups[group] = [] if verbose: print('\tadded new group %s' % (group,)) # can happen on initial sync if there is an error adding ids-user above if 'ids-user' not in dest_groups: if verbose: print("\tCannot synchronize group 'ids-user'. It does not exist locally!") return None # add users from ids-user that don't exist locally if verbose: print('Adding new users from \'ids-user\'...') for user in source_groups['ids-user']: if user not in dest_groups['ids-user']: zone_user = user + '#incf' if run_iadmin('mkuser', [ zone_user, 'rodsuser' ], verbose=verbose): if verbose: print('\terror adding new user %s' % (zone_user,)) else: if verbose: print('\tadded new user %s' % (zone_user,)) if run_iadmin('atg', [ 'ids-user', zone_user ], verbose=verbose): if verbose: print('\terror adding %s to \'ids-user\' group' % (zone_user,)) else: if verbose: print('\tadded %s to group \'ids-user\'' % (zone_user,)) # Synchronize group membership (except for ids-user which has # already been processed) if verbose: print('Synchronizing group membership...') for group in source_groups: if group == 'ids-user': continue if group not in dest_groups: if verbose: print('\tCannot synchronize group %s. It does not exist locally.' % (group,)) continue # remove user from group for user in dest_groups[group]: if remove and user not in source_groups[group]: zone_user = user + '#incf' if run_iadmin('rfg', [group, zone_user], verbose=verbose): if verbose: print('\terror removing %s from group %s' % (zone_user, group)) else: if verbose: print('\tremoved user %s from group %s' % (zone_user, group)) # add users to group for user in source_groups[group]: if user not in dest_groups[group]: zone_user = user + '#incf' if run_iadmin('atg', [ group, zone_user], verbose=verbose): if verbose: print('\terror adding %s to group %s' % (zone_user, group)) else: if verbose: print('\tadded user %s to group %s' % (zone_user, group)) return 1