import logging
log = logging.getLogger('turbogears.identity.jsonfasprovider')
if config.get('identity.ssl', False):
fas_user = config.get('fas.username', None)
fas_password = config.get('fas.password', None)
if not (fas_user and fas_password):
raise identity.IdentityConfigurationException(
'Cannot enable ssl certificate auth via identity.ssl'
' without setting fas.usernamme and fas.password for'
' authorization')
__url = config.get('fas.url', None)
if __url:
fas = AccountSystem(__url,
username=config.get('fas.username'),
password=config.get('fas.password'),
retries=3)
class JsonFasIdentity(BaseClient):
'''Associate an identity with a person in the auth system.
'''
cookie_name = config.get('visit.cookie.name', 'tg-visit')
fas_url = config.get('fas.url',
'https://admin.fedoraproject.org/accounts/')
useragent = 'JsonFasIdentity/%s' % __version__
cache_session = False
def __init__(self,
visit_key=None,
user=None,
from bugzilla import Bugzilla
from fedora.client import AccountSystem, AuthError
import pkgdb2client
try:
USERNAME = fedora_cert.read_user_cert()
except fedora_cert.fedora_cert_error:
pkgdb2client.LOG.debug('Could not read Fedora cert, asking for username')
USERNAME = None
RH_BZ_API = 'https://bugzilla.redhat.com/xmlrpc.cgi'
BZCLIENT = Bugzilla(url=RH_BZ_API)
FASCLIENT = AccountSystem(
'https://admin.fedoraproject.org/accounts',
username=USERNAME)
def bz_login():
''' Login on bugzilla. '''
print 'To keep going, we need to authenticate against bugzilla' \
' at {0}'.format(RH_BZ_API)
username = raw_input("Bugzilla user: "******"Bugzilla password: ")
BZCLIENT.login(username, password)
def get_bugz(pkg_name):
''' Return the list of open bugs reported against a package.
"""
import argparse
import fedora_cert
import getpass
import koji
import logging
import re
import sys
import time
import urllib
from fedora.client import AppError, ServerError, AccountSystem
from bugzilla.rhbugzilla import RHBugzilla3
kojiclient = koji.ClientSession('http://koji.fedoraproject.org/kojihub', {})
fasclient = AccountSystem()
bzclient = RHBugzilla3(url='https://bugzilla.redhat.com/xmlrpc.cgi')
# Initial simple logging stuff
logging.basicConfig()
log = logging.getLogger("pkgdb")
if '--debug' in sys.argv:
log.setLevel(logging.DEBUG)
#pkgdbclient.debug = True
elif '--verbose' in sys.argv:
log.setLevel(logging.INFO)
_table_keys = {
'user_perms': ['user_id', 'perm_id'],
'user_groups': ['user_id', 'group_id'],
'tag_inheritance': ['tag_id', 'parent_id'],
args.site = 'https://admin.fedoraproject.org/accounts/'
if args.verbose:
print('Using site: %(site)s' % {'site': args.site})
if args.verbose:
if args.gpg_home == None:
print('Using default gpg_home')
else:
print('Using gpg_home: %(gpghome)s' % {'gpghome': args.gpg_home})
if args.gpg_home != None:
os.putenv('GNUPGHOME', args.gpg_home)
fas = AccountSystem(args.site,
username=args.admin_user,
password=args.admin_pass,
insecure=args.insecure)
if args.verbose:
print('Getting user details...')
try:
details = fas.person_by_username(args.target_user)
except AuthError:
print('Failed to login to FAS. Please check admin_user and admin_pass!')
sys.exit(2)
except ServerError:
print('Failed to retrieve user details: the server reported an error!')
sys.exit(3)
if not 'username' in list(details.keys()):
print('Error: user %(username)s is not known on this FAS site!' %
if verbose:
print('Adding the following keys:')
print(to_add)
for key in to_add:
add_key(openshift_host, openshift_user, openshift_pass, '%(prefix)s%(username)s' % {'prefix': prefix, 'username': key['username']}, key['type'], key['contents'], verbose=verbose)
if verbose:
print('Done')
if __name__ == '__main__':
parser = ArgumentParser()
parser.add_argument('-config_file', help='The configuration file to use', default='/etc/sync-openshift-keys.conf')
parser.add_argument('--verbose', '-v', help='Make the script more verbose', action='store_true')
args = parser.parse_args()
config = ConfigParser.ConfigParser()
config.read(args.config_file)
fas = AccountSystem(config.get('fas', 'url'), username=config.get('fas', 'user'), password=config.get('fas', 'pass'))
fas.insecure = True
if args.verbose:
print('Getting users...')
users = get_users_to_have_access(fas, string.split(config.get('general', 'groups'), ','))
if args.verbose:
print('Done: %s' % users)
print('Getting keys in FAS...')
keys_fas = get_users_ssh_keys(fas, users)
if args.verbose:
print('Done: %s')
print('Getting keys in Openshift...')
keys_openshift = get_keys(config.get('openshift', 'host'), config.get('openshift', 'user'), config.get('openshift', 'pass'))
if args.verbose:
print('Done')
print('Getting keys to remove...')
print _('''Please run this program as root as it will need to write
directly to the yubikey usb''')
sys.exit(5)
print _('''
Attention: You are about to reprogram your yubikey! Please ensure it is
plugged in to your USB slot before continuing. The secret key currently on
your yubikey will be destroyed as part of this operation!
''')
print 'Contacting %s' % opts.url
password = getpass('Password for %s: ' % opts.username)
fas = AccountSystem(username=opts.username,
password=password,
base_url=opts.url)
try:
new_key = fas.send_request('yubikey/genkey', auth=True)
except AuthError, e:
print e
sys.exit(1)
print
print _('New key generated in FAS, attempting to burn to yubikey')
print
opts = new_key['key'].split()
try:
retcode = subprocess.call([
