def update_existing_user(self, irods_session, dry_run):
if dry_run:
return self.irods_user
logger.debug("-- changing existing irods user:"******"-- existing AVUs BEFORE: " + str(existing_avus))
if not LdapUser.is_uid_unique_id_combination_valid(irods_session, self.uid, self.unique_id, update=True,
existing_avus=existing_avus):
raise Exception("-- for user {} the provided voPersonUniqueID {} is invalid!".format(self.uid, self.unique_id))
# careful: because the list of existing AVUs is not updated changing a key multiple times will lead to
# strange behavior!
if set_singular_avu(self.irods_user, UserAVU.EMAIL.value, self.email):
logger.info("-- user {} updated AVU: {} {}".format(self.uid, UserAVU.EMAIL.value, self.email))
if set_singular_avu(self.irods_user, UserAVU.DISPLAY_NAME.value, self.display_name):
logger.info(
"-- user {} updated AVU: {} {}".format(self.uid, UserAVU.DISPLAY_NAME.value, self.display_name))
if set_singular_avu(self.irods_user, UserAVU.EXTERNAL_ID.value, self.external_id):
logger.info(
"-- user {} updated AVU: {} {}".format(self.uid, UserAVU.EXTERNAL_ID.value, self.external_id))
if set_singular_avu(self.irods_user, UserAVU.EXTERNAL_AFFILIATION.value, self.external_affiliation):
logger.info("-- user {} updated AVU: {} {}".format(self.uid, UserAVU.EXTERNAL_AFFILIATION.value,
self.external_affiliation))
if set_singular_avu(self.irods_user, UserAVU.PENDING_INVITE.value, None):
logger.info("-- user {} updated AVU: {} {}".format(self.uid, UserAVU.PENDING_INVITE.value, None))
except iRODSException as error:
logger.error("-- error changing AVUs" + str(error))
existing_avus = get_all_avus(self.irods_user)
logger.debug("-- existing AVUs AFTER: " + str(existing_avus))
return self.irods_user
def update_existing_group(self, irods_session, dry_run):
if dry_run:
return self.irods_user
logger.debug("-- changing existing irods group: {}".format(
self.group_name))
try:
# read current AVUs and change if needed
existing_avus = get_all_avus(self.irods_group)
logger.debug("-- existing AVUs BEFORE: " + str(existing_avus))
# careful: because the list of existing AVUs is not updated changing a key multiple times will lead to
# strange behavior!
if set_singular_avu(self.irods_group, GroupAVU.DESCRIPTION.value,
self.description):
logger.info("-- group {} updated AVU: {} {}".format(
self.group_name, GroupAVU.DESCRIPTION.value,
self.description))
if set_singular_avu(self.irods_group, GroupAVU.DISPLAY_NAME.value,
self.display_name):
logger.info("-- group {} updated AVU: {} {}".format(
self.group_name, GroupAVU.DISPLAY_NAME.value,
self.display_name))
except iRODSException as error:
logger.error("-- error changing AVUs" + str(error))
existing_avus = get_all_avus(self.irods_group)
logger.debug("-- existing AVUs AFTER: " + str(existing_avus))
return self.irods_group
def update_existing_user(self, irods_session, dry_run):
if dry_run:
return self.irods_user
logger.debug("-- changing existing irods user:"******"-- existing AVUs BEFORE: " + str(existing_avus))
# careful: because the list of existing AVUs is not updated changing a key multiple times will lead to
# strange behavior!
if set_singular_avu(self.irods_user, UserAVU.EMAIL.value,
self.email):
logger.info("-- user {} updated AVU: {} {}".format(
self.uid, UserAVU.EMAIL.value, self.email))
if set_singular_avu(self.irods_user, UserAVU.DISPLAY_NAME.value,
self.display_name):
logger.info("-- user {} updated AVU: {} {}".format(
self.uid, UserAVU.DISPLAY_NAME.value, self.display_name))
if set_singular_avu(self.irods_user, UserAVU.PENDING_INVITE.value,
None):
logger.info("-- user {} updated AVU: {} {}".format(
self.uid, UserAVU.PENDING_INVITE.value, None))
except iRODSException as error:
logger.error("-- error changing AVUs" + str(error))
existing_avus = get_all_avus(self.irods_user)
logger.debug("-- existing AVUs AFTER: " + str(existing_avus))
return self.irods_user
def remove_obsolete_irods_users(sess, ldap_users, irods_users, dry_run):
logger.info("* Deleting obsolete irods users...")
deletion_candidates = irods_users.copy()
for ldap_user in ldap_users:
deletion_candidates.discard(ldap_user.uid)
number_pending_invites = 0
deletion_users = []
for uid in deletion_candidates:
user = sess.users.get(uid)
avus = get_all_avus(user)
if UserAVU.PENDING_INVITE.value in avus:
logger.info("-- won't delete user {} since its marked as invitation pending.".format(uid))
number_pending_invites = number_pending_invites + 1
else:
logger.info( "-- will delete user {}".format( uid ) )
deletion_users.append( uid )
logger.info( "-- found obsolete users for deletion {} and users with pending invites {}.".format( len(deletion_users), number_pending_invites ) )
# Safety pal: the script must not delete if amount of users to be deleted is higher than the threshold
if len(deletion_users) >= DELETE_USERS_LIMIT:
logger.error("-- The limit of deletions ({} >= {}) in one synchronization is exceeded. "
"Deletions aborted".format(len(deletion_users), DELETE_USERS_LIMIT))
else:
if dry_run:
logger.info("-- deletion of users not permitted. wont delete any user" )
else:
for uid in deletion_users:
logger.info("-- deleting user: {}".format(uid))
user = sess.users.get(uid)
user.remove()
def remove_obsolete_irods_users(sess, ldap_users, irods_users):
logger.info("* Deleting obsolete irods users...")
deletion_candidates = irods_users.copy()
for ldap_user in ldap_users:
deletion_candidates.discard(ldap_user.uid)
number_deletions = len(deletion_candidates)
logger.info("-- identified %d obsolete irods users for deletion" %
number_deletions)
# Safety pal: the script must not delete if amount of users to be deleted is higher than the threshold
if number_deletions >= DELETE_USERS_LIMIT:
logger.error(
"-- The limit of deletions (%d) in one synchronization have been reached. "
"Deletions aborted" % number_deletions)
else:
for uid in deletion_candidates:
user = sess.users.get(uid)
avus = get_all_avus(user)
if UserAVU.PENDING_INVITE.value in avus:
logger.info(
"-- won't delete user {} since its marked as invitation pending."
.format(uid))
else:
logger.info("-- deleting user: {}".format(uid))
user.remove()
def update_existing_group(self, irods_session, dry_run):
if dry_run:
return self.irods_group
logger.debug("-- changing existing irods group: {}".format(self.group_name))
try:
# read current AVUs and change if needed
existing_avus = get_all_avus(self.irods_group)
logger.debug("-- existing AVUs BEFORE: {}".format( existing_avus ) )
#basically this check was also done in get_group_by_unique_id, when we get to this point
#only two posibilities: its an old group without any uniqueId (then update) or it should be the same (then update other AVUs).
#it should be impossible to trigger the exception here, but better be safe then sorry...
if GroupAVU.UNIQUE_ID.value in existing_avus :
if existing_avus[ GroupAVU.UNIQUE_ID.value ] != self.unique_id:
str = "GroupTracking: The uniqueId '{}' for irods group '{}' differs from the uniqueId in LDAP: '{}'. This should never happen. Please check with SRAM what is going on.".format( existing_avus[ GroupAVU.UNIQUE_ID.value ], self.group_name, self.unique_id )
logger.error( str )
raise Exception( str )
else:
#apparently there is no uniqueId on the existing grouo! This should usually not happen!
logger.warn( "-- The group: {} doesnt have a uniqueId-AVU, will add uniqueId: {}".format( self.group_name, self.unique_id ) )
if set_singular_avu(self.irods_group, GroupAVU.UNIQUE_ID.value, self.unique_id):
logger.info("-- group {} updated AVU: {} {}".format(self.group_name, GroupAVU.UNIQUE_ID.value, self.unique_id))
# careful: because the list of existing AVUs is not updated changing a key multiple times will lead to
# strange behavior!
if set_singular_avu(self.irods_group, GroupAVU.DESCRIPTION.value, self.description):
logger.info("-- group {} updated AVU: {} {}".format(self.group_name, GroupAVU.DESCRIPTION.value,
self.description))
if set_singular_avu(self.irods_group, GroupAVU.DISPLAY_NAME.value, self.display_name):
logger.info("-- group {} updated AVU: {} {}".format(self.group_name, GroupAVU.DISPLAY_NAME.value,
self.display_name))
except iRODSException as error:
logger.error("-- error changing AVUs" + str(error))
existing_avus = get_all_avus(self.irods_group)
logger.debug("-- existing AVUs AFTER: {}".format(existing_avus))
return self.irods_group