def update_existing_user(self, irods_session, dry_run): if dry_run: return self.irods_user logger.debug("-- changing existing irods user:"******"-- existing AVUs BEFORE: " + str(existing_avus)) if not LdapUser.is_uid_unique_id_combination_valid(irods_session, self.uid, self.unique_id, update=True, existing_avus=existing_avus): raise Exception("-- for user {} the provided voPersonUniqueID {} is invalid!".format(self.uid, self.unique_id)) # careful: because the list of existing AVUs is not updated changing a key multiple times will lead to # strange behavior! if set_singular_avu(self.irods_user, UserAVU.EMAIL.value, self.email): logger.info("-- user {} updated AVU: {} {}".format(self.uid, UserAVU.EMAIL.value, self.email)) if set_singular_avu(self.irods_user, UserAVU.DISPLAY_NAME.value, self.display_name): logger.info( "-- user {} updated AVU: {} {}".format(self.uid, UserAVU.DISPLAY_NAME.value, self.display_name)) if set_singular_avu(self.irods_user, UserAVU.EXTERNAL_ID.value, self.external_id): logger.info( "-- user {} updated AVU: {} {}".format(self.uid, UserAVU.EXTERNAL_ID.value, self.external_id)) if set_singular_avu(self.irods_user, UserAVU.EXTERNAL_AFFILIATION.value, self.external_affiliation): logger.info("-- user {} updated AVU: {} {}".format(self.uid, UserAVU.EXTERNAL_AFFILIATION.value, self.external_affiliation)) if set_singular_avu(self.irods_user, UserAVU.PENDING_INVITE.value, None): logger.info("-- user {} updated AVU: {} {}".format(self.uid, UserAVU.PENDING_INVITE.value, None)) except iRODSException as error: logger.error("-- error changing AVUs" + str(error)) existing_avus = get_all_avus(self.irods_user) logger.debug("-- existing AVUs AFTER: " + str(existing_avus)) return self.irods_user
def update_existing_group(self, irods_session, dry_run): if dry_run: return self.irods_user logger.debug("-- changing existing irods group: {}".format( self.group_name)) try: # read current AVUs and change if needed existing_avus = get_all_avus(self.irods_group) logger.debug("-- existing AVUs BEFORE: " + str(existing_avus)) # careful: because the list of existing AVUs is not updated changing a key multiple times will lead to # strange behavior! if set_singular_avu(self.irods_group, GroupAVU.DESCRIPTION.value, self.description): logger.info("-- group {} updated AVU: {} {}".format( self.group_name, GroupAVU.DESCRIPTION.value, self.description)) if set_singular_avu(self.irods_group, GroupAVU.DISPLAY_NAME.value, self.display_name): logger.info("-- group {} updated AVU: {} {}".format( self.group_name, GroupAVU.DISPLAY_NAME.value, self.display_name)) except iRODSException as error: logger.error("-- error changing AVUs" + str(error)) existing_avus = get_all_avus(self.irods_group) logger.debug("-- existing AVUs AFTER: " + str(existing_avus)) return self.irods_group
def update_existing_user(self, irods_session, dry_run): if dry_run: return self.irods_user logger.debug("-- changing existing irods user:"******"-- existing AVUs BEFORE: " + str(existing_avus)) # careful: because the list of existing AVUs is not updated changing a key multiple times will lead to # strange behavior! if set_singular_avu(self.irods_user, UserAVU.EMAIL.value, self.email): logger.info("-- user {} updated AVU: {} {}".format( self.uid, UserAVU.EMAIL.value, self.email)) if set_singular_avu(self.irods_user, UserAVU.DISPLAY_NAME.value, self.display_name): logger.info("-- user {} updated AVU: {} {}".format( self.uid, UserAVU.DISPLAY_NAME.value, self.display_name)) if set_singular_avu(self.irods_user, UserAVU.PENDING_INVITE.value, None): logger.info("-- user {} updated AVU: {} {}".format( self.uid, UserAVU.PENDING_INVITE.value, None)) except iRODSException as error: logger.error("-- error changing AVUs" + str(error)) existing_avus = get_all_avus(self.irods_user) logger.debug("-- existing AVUs AFTER: " + str(existing_avus)) return self.irods_user
def remove_obsolete_irods_users(sess, ldap_users, irods_users, dry_run): logger.info("* Deleting obsolete irods users...") deletion_candidates = irods_users.copy() for ldap_user in ldap_users: deletion_candidates.discard(ldap_user.uid) number_pending_invites = 0 deletion_users = [] for uid in deletion_candidates: user = sess.users.get(uid) avus = get_all_avus(user) if UserAVU.PENDING_INVITE.value in avus: logger.info("-- won't delete user {} since its marked as invitation pending.".format(uid)) number_pending_invites = number_pending_invites + 1 else: logger.info( "-- will delete user {}".format( uid ) ) deletion_users.append( uid ) logger.info( "-- found obsolete users for deletion {} and users with pending invites {}.".format( len(deletion_users), number_pending_invites ) ) # Safety pal: the script must not delete if amount of users to be deleted is higher than the threshold if len(deletion_users) >= DELETE_USERS_LIMIT: logger.error("-- The limit of deletions ({} >= {}) in one synchronization is exceeded. " "Deletions aborted".format(len(deletion_users), DELETE_USERS_LIMIT)) else: if dry_run: logger.info("-- deletion of users not permitted. wont delete any user" ) else: for uid in deletion_users: logger.info("-- deleting user: {}".format(uid)) user = sess.users.get(uid) user.remove()
def remove_obsolete_irods_users(sess, ldap_users, irods_users): logger.info("* Deleting obsolete irods users...") deletion_candidates = irods_users.copy() for ldap_user in ldap_users: deletion_candidates.discard(ldap_user.uid) number_deletions = len(deletion_candidates) logger.info("-- identified %d obsolete irods users for deletion" % number_deletions) # Safety pal: the script must not delete if amount of users to be deleted is higher than the threshold if number_deletions >= DELETE_USERS_LIMIT: logger.error( "-- The limit of deletions (%d) in one synchronization have been reached. " "Deletions aborted" % number_deletions) else: for uid in deletion_candidates: user = sess.users.get(uid) avus = get_all_avus(user) if UserAVU.PENDING_INVITE.value in avus: logger.info( "-- won't delete user {} since its marked as invitation pending." .format(uid)) else: logger.info("-- deleting user: {}".format(uid)) user.remove()
def update_existing_group(self, irods_session, dry_run): if dry_run: return self.irods_group logger.debug("-- changing existing irods group: {}".format(self.group_name)) try: # read current AVUs and change if needed existing_avus = get_all_avus(self.irods_group) logger.debug("-- existing AVUs BEFORE: {}".format( existing_avus ) ) #basically this check was also done in get_group_by_unique_id, when we get to this point #only two posibilities: its an old group without any uniqueId (then update) or it should be the same (then update other AVUs). #it should be impossible to trigger the exception here, but better be safe then sorry... if GroupAVU.UNIQUE_ID.value in existing_avus : if existing_avus[ GroupAVU.UNIQUE_ID.value ] != self.unique_id: str = "GroupTracking: The uniqueId '{}' for irods group '{}' differs from the uniqueId in LDAP: '{}'. This should never happen. Please check with SRAM what is going on.".format( existing_avus[ GroupAVU.UNIQUE_ID.value ], self.group_name, self.unique_id ) logger.error( str ) raise Exception( str ) else: #apparently there is no uniqueId on the existing grouo! This should usually not happen! logger.warn( "-- The group: {} doesnt have a uniqueId-AVU, will add uniqueId: {}".format( self.group_name, self.unique_id ) ) if set_singular_avu(self.irods_group, GroupAVU.UNIQUE_ID.value, self.unique_id): logger.info("-- group {} updated AVU: {} {}".format(self.group_name, GroupAVU.UNIQUE_ID.value, self.unique_id)) # careful: because the list of existing AVUs is not updated changing a key multiple times will lead to # strange behavior! if set_singular_avu(self.irods_group, GroupAVU.DESCRIPTION.value, self.description): logger.info("-- group {} updated AVU: {} {}".format(self.group_name, GroupAVU.DESCRIPTION.value, self.description)) if set_singular_avu(self.irods_group, GroupAVU.DISPLAY_NAME.value, self.display_name): logger.info("-- group {} updated AVU: {} {}".format(self.group_name, GroupAVU.DISPLAY_NAME.value, self.display_name)) except iRODSException as error: logger.error("-- error changing AVUs" + str(error)) existing_avus = get_all_avus(self.irods_group) logger.debug("-- existing AVUs AFTER: {}".format(existing_avus)) return self.irods_group