def _all_groups():
# Want to get all groups, normal/public and private; I would have thought
# there would be a single `ipa` command that would give these but AFAICT it
# can only be done using both of these.
public_groups = ipa_utils.ipa_find('group-find', all_fields=False)
private_groups = ipa_utils.ipa_find('group-find', ['--private'], all_fields=False)
return public_groups + private_groups
def _users_primary_group(gid):
group_find_args = ['--gid={}'.format(gid)]
# will only find max one group between the two calls
# if the first doesn't find the group it will error but continue due to `error_allowed`
# if neither find it (i.e. if the GID is invalid) [{}] will be returned
primary_group = ipa_utils.ipa_find('group-find', group_find_args + ['--private'], error_allowed='0 groups matched')
if primary_group == [{}]:
primary_group = ipa_utils.ipa_find('group-find', group_find_args, error_allowed='0 groups matched')
return primary_group
def _generate_extra_name_options(argument, options):
new_first = options['first']
new_last = options['last']
if not (new_first or new_last):
# We've not been given an option that requires us to pass any extra
# name options.
return {}
if new_first and new_last:
# We've been given both name parameters; we can just create the extra
# name options without needing to find the current user.
return _extra_name_options(new_first, new_last)
user_find_args = ['--login={}'.format(argument)]
try:
matching_user_dicts = ipa_utils.ipa_find('user-find', user_find_args)
except IpaRunError:
# We can't find any matching user; the actual `ipa user-mod` command
# should fail so return no extra options and just let this happen.
return {}
current_user = matching_user_dicts[0]
current_first = current_user['First name'][0]
current_last = current_user['Last name'][0]
# Create the extra name options using the passed name parameter (if given)
# and the current user name fields.
first = new_first or current_first
last = new_last or current_last
return _extra_name_options(first, last)
def _diagnose_member_command_error(group_name, users, add_command=False):
if add_command:
error = "Group-add error: "
else:
error = "Group-remove error: "
# first checking if group exists
try:
group_find_args = ['--group-name={}'.format(group_name)]
groups_found = ipa_utils.ipa_find('group-find', group_find_args, all_fields=False)
except IpaRunError:
error = error + '{} - group not found'.format(group_name)
raise click.ClickException(error)
# the other errors are non-castrophic, the command still goes through
error = "Non-fatal " + error.lower()
# next checking if each user in users exists
user_not_found = None
for user in users:
try:
user_find_args = ['--login={}'.format(user)]
users_found = ipa_utils.ipa_find('user-find', user_find_args, all_fields=False)
except IpaRunError:
user_not_found = user
break
if user_not_found:
error = error + '{} - user not found'.format(user_not_found)
raise click.ClickException(error)
#check if the any of the users already are/aren't in the group
for user in users:
try:
group_find_args = ['--group-name={}'.format(group_name), '--users={}'.format(user)]
groups_found = ipa_utils.ipa_find('group-find', group_find_args, all_fields=False)
#if the user's in the group the cmd's trying to add them to, that's an error
if add_command:
error = error + "User " + user + " already in the group"
raise click.ClickException(error)
except IpaRunError:
# if the user's not in the group & the cmd's is trying to remove them, that's an error
if not add_command:
error = error + "User " + user + " not in the group"
raise click.ClickException(error)
error = "Unknown error"
raise click.ClickException(error)
def _diagnose_member_command_error(hostgroup_name, hosts, add_command=False):
if add_command:
error = "Hostgroup-add error: "
else:
error = "Hostgroup-remove error: "
# first checking if hostgroup exists
try:
hostgroup_find_args = ['--hostgroup-name={}'.format(hostgroup_name)]
hostgroups_found = ipa_utils.ipa_find('hostgroup-find',
hostgroup_find_args)
except IpaRunError:
error = error + '{} - hostgroup not found'.format(hostgroup_name)
raise click.ClickException(error)
# the other errors are non-castrophic
error = "Non-fatal " + error.lower()
# next checking if each host in hosts exists
all_hosts = ipa_utils.ipa_find('host-find')
for host in hosts:
host_found = False
for host_data in all_hosts:
if host_data['serverhostname'][0] == host or host_data[
'Host name'][0] == host:
host_found = True
break
if not host_found:
error = error + '{} - host not found'.format(host)
raise click.ClickException(error)
# then report that a host was likely already in/not in the group
if add_command:
error = error + "Were one or more of the hosts already in the group?"
raise click.ClickException(error)
else:
error = error + "Were one or more of the hosts not in the group?"
raise click.ClickException(error)
error = "Unknown Error"
raise click.ClickException(error)
def _validate_create_uid(uid):
if not uid:
return
try:
user_find_args = ['--uid={}'.format(uid)]
matching_user_uid = ipa_utils.ipa_find('user-find', user_find_args)
except IpaRunError:
# If no user with UID exists capture the runtime error
# and use empty array
matching_user_uid = []
if matching_user_uid:
error = "User with uid '" + uid + "' already exists"
raise click.ClickException(error)
def modify(name, desc):
args = locals()
wrapper = ipa_wrapper_command.create_ipa_wrapper(
'group-mod',
argument_name='name',
)
if all(a is not None for a in args.values()):
_validate_blacklist_groups(args['name'])
params = OrderedDict([])
for arg, value in args.items():
if value != "":
params.update({arg:value})
elif name is not None:
error = """
Please provide a login, a first name, a last name and an email.
To leave a field unchanged, enter "".
Leave all fields blank to be prompted for values.""".strip()
raise click.ClickException(error)
else:
click.echo('Please enter the name of the group you want to modify:')
group = click.prompt(' Group name')
group_find_args = ['--group-name={}'.format(group)]
try:
group_data = ipa_utils.ipa_find(
'group-find',
group_find_args,
all_fields=True
)[0]
except IpaRunError:
error = '{}: group not found'.format(group)
raise click.ClickException(error)
_validate_blacklist_groups(group)
click.echo(
'Adjust the following fields as necessary:\n'
'Leave blank to keep current value shown within brackets'
)
params = OrderedDict([
('name', group),
('desc', click.prompt(
' Description',
default=group_data['Description'][0]
))
])
wrapper(**params)
logger.log_simple_cmd(params)
def _get_group_id(group):
# If present the clusterusers group now takes precedence.
# However as a last resort this will return None. This causes IPA to use
# its default.
try:
return ipa_utils.ipa_find(
'group-find',
[group],
all_fields=False
)[0].get('GID')[0]
except IpaRunError:
# It might be worth adjusting this so that it only returns None when
# the group can't be found. Currently this will catch all IPA run
# errors which isn't ideal.
return None
def do(
ipa_find_command=None,
ipa_find_args=[],
all_fields=True,
field_configs=None,
sort_key=None,
generate_additional_data=lambda item_dict=None: {},
display=table_displayer,
blacklist_key=None,
blacklist_val_array=[]
):
if not all([ipa_find_command, field_configs]):
raise TypeError
item_dicts = ipa_utils.ipa_find(ipa_find_command, ipa_find_args, all_fields=all_fields)
# Remove blacklisted items
if blacklist_key:
item_dicts = [item_dict for item_dict in item_dicts if item_dict[blacklist_key][0] not in blacklist_val_array]
if sort_key:
item_dicts.sort(key=itemgetter(sort_key))
headers = field_configs.keys()
# this condition ensures that ipa_find isn't run against no entries, which it reports as an error
# more specifically, when `user list` is called `generate_additional_data` involves calling `ipa group-find --private`
# which, as there are only private groups created for each user, if there are no users queries against an empty list and returns an error
if not item_dicts == []:
results_data = _create_data(
item_dicts,
field_configs,
generate_additional_data(item_dict=item_dicts[0])
)
display(headers, results_data)
else:
display(headers, [])
def _all_dns_zones():
dns_zones = ipa_utils.ipa_find('dnszone-find', all_fields=False)
return dns_zones
def modify(login, first, last, email, key):
args = locals()
wrapper = ipa_wrapper_command.create_ipa_wrapper(
'user-mod',
argument_name='login',
transform_options_callback=_transform_modify_options,
handle_result_callback=_handle_modify_result,
)
if all(a is not None for a in args.values()):
_validate_blacklist_users(args['login'])
params = OrderedDict([])
for arg, value in args.items():
if value != "":
params.update({arg:value})
elif login is not None:
error = """
Please provide a login, a first name, a last name, an email and an SSH public key.
To leave a field unchanged, enter "".
Leave all fields blank to be prompted for values.""".strip()
raise click.ClickException(error)
else:
click.echo("""
Please enter the name of the user you want to modify:
""".strip())
user = click.prompt(' Username')
user_find_args = ['--login={}'.format(user)]
try:
user_data = ipa_utils.ipa_find(
'user-find',
user_find_args,
all_fields=True
)[0]
except IpaRunError:
# Matches error shown for user show, can extract logic to a method
# in the future
error = '{}: user not found'.format(user)
raise click.ClickException(error)
_validate_blacklist_users(user)
click.echo(
'Adjust the following fields as necessary:\n'
'Leave blank to keep current value shown within brackets'
)
params = OrderedDict([
('login', user),
('first', click.prompt(
' First name',
default=user_data['First name'][0]
)),
('last', click.prompt(
' Surname',
default=user_data['Last name'][0]
)),
('email', click.prompt(
' Email',
default=user_data['Email address'][0]
)),
])
ssh_key_list = user_data.get('SSH public key')
ssh_key_default = ssh_key_list[0] if ssh_key_list else 'None'
new_ssh = click.prompt(' SSH public key', default=ssh_key_default)
if new_ssh != 'None':
params = { **params, 'key': new_ssh }
wrapper(**params)
logger.log_simple_cmd(params)