import logging log = logging.getLogger('turbogears.identity.jsonfasprovider') if config.get('identity.ssl', False): fas_user = config.get('fas.username', None) fas_password = config.get('fas.password', None) if not (fas_user and fas_password): raise identity.IdentityConfigurationException( 'Cannot enable ssl certificate auth via identity.ssl' ' without setting fas.usernamme and fas.password for' ' authorization') __url = config.get('fas.url', None) if __url: fas = AccountSystem(__url, username=config.get('fas.username'), password=config.get('fas.password'), retries=3) class JsonFasIdentity(BaseClient): '''Associate an identity with a person in the auth system. ''' cookie_name = config.get('visit.cookie.name', 'tg-visit') fas_url = config.get('fas.url', 'https://admin.fedoraproject.org/accounts/') useragent = 'JsonFasIdentity/%s' % __version__ cache_session = False def __init__(self, visit_key=None, user=None,
from bugzilla import Bugzilla from fedora.client import AccountSystem, AuthError import pkgdb2client try: USERNAME = fedora_cert.read_user_cert() except fedora_cert.fedora_cert_error: pkgdb2client.LOG.debug('Could not read Fedora cert, asking for username') USERNAME = None RH_BZ_API = 'https://bugzilla.redhat.com/xmlrpc.cgi' BZCLIENT = Bugzilla(url=RH_BZ_API) FASCLIENT = AccountSystem( 'https://admin.fedoraproject.org/accounts', username=USERNAME) def bz_login(): ''' Login on bugzilla. ''' print 'To keep going, we need to authenticate against bugzilla' \ ' at {0}'.format(RH_BZ_API) username = raw_input("Bugzilla user: "******"Bugzilla password: ") BZCLIENT.login(username, password) def get_bugz(pkg_name): ''' Return the list of open bugs reported against a package.
""" import argparse import fedora_cert import getpass import koji import logging import re import sys import time import urllib from fedora.client import AppError, ServerError, AccountSystem from bugzilla.rhbugzilla import RHBugzilla3 kojiclient = koji.ClientSession('http://koji.fedoraproject.org/kojihub', {}) fasclient = AccountSystem() bzclient = RHBugzilla3(url='https://bugzilla.redhat.com/xmlrpc.cgi') # Initial simple logging stuff logging.basicConfig() log = logging.getLogger("pkgdb") if '--debug' in sys.argv: log.setLevel(logging.DEBUG) #pkgdbclient.debug = True elif '--verbose' in sys.argv: log.setLevel(logging.INFO) _table_keys = { 'user_perms': ['user_id', 'perm_id'], 'user_groups': ['user_id', 'group_id'], 'tag_inheritance': ['tag_id', 'parent_id'],
args.site = 'https://admin.fedoraproject.org/accounts/' if args.verbose: print('Using site: %(site)s' % {'site': args.site}) if args.verbose: if args.gpg_home == None: print('Using default gpg_home') else: print('Using gpg_home: %(gpghome)s' % {'gpghome': args.gpg_home}) if args.gpg_home != None: os.putenv('GNUPGHOME', args.gpg_home) fas = AccountSystem(args.site, username=args.admin_user, password=args.admin_pass, insecure=args.insecure) if args.verbose: print('Getting user details...') try: details = fas.person_by_username(args.target_user) except AuthError: print('Failed to login to FAS. Please check admin_user and admin_pass!') sys.exit(2) except ServerError: print('Failed to retrieve user details: the server reported an error!') sys.exit(3) if not 'username' in list(details.keys()): print('Error: user %(username)s is not known on this FAS site!' %
if verbose: print('Adding the following keys:') print(to_add) for key in to_add: add_key(openshift_host, openshift_user, openshift_pass, '%(prefix)s%(username)s' % {'prefix': prefix, 'username': key['username']}, key['type'], key['contents'], verbose=verbose) if verbose: print('Done') if __name__ == '__main__': parser = ArgumentParser() parser.add_argument('-config_file', help='The configuration file to use', default='/etc/sync-openshift-keys.conf') parser.add_argument('--verbose', '-v', help='Make the script more verbose', action='store_true') args = parser.parse_args() config = ConfigParser.ConfigParser() config.read(args.config_file) fas = AccountSystem(config.get('fas', 'url'), username=config.get('fas', 'user'), password=config.get('fas', 'pass')) fas.insecure = True if args.verbose: print('Getting users...') users = get_users_to_have_access(fas, string.split(config.get('general', 'groups'), ',')) if args.verbose: print('Done: %s' % users) print('Getting keys in FAS...') keys_fas = get_users_ssh_keys(fas, users) if args.verbose: print('Done: %s') print('Getting keys in Openshift...') keys_openshift = get_keys(config.get('openshift', 'host'), config.get('openshift', 'user'), config.get('openshift', 'pass')) if args.verbose: print('Done') print('Getting keys to remove...')
print _('''Please run this program as root as it will need to write directly to the yubikey usb''') sys.exit(5) print _(''' Attention: You are about to reprogram your yubikey! Please ensure it is plugged in to your USB slot before continuing. The secret key currently on your yubikey will be destroyed as part of this operation! ''') print 'Contacting %s' % opts.url password = getpass('Password for %s: ' % opts.username) fas = AccountSystem(username=opts.username, password=password, base_url=opts.url) try: new_key = fas.send_request('yubikey/genkey', auth=True) except AuthError, e: print e sys.exit(1) print print _('New key generated in FAS, attempting to burn to yubikey') print opts = new_key['key'].split() try: retcode = subprocess.call([