def filter_stage(options): """Filter accounts in the first stage into mid-approval.""" # Process all of the recently requested accounts with fancy_open(options.users_file, lock = True, pass_missing = True) as f: needs_approval = filter_accounts(get_users(f, options), options) for user, comment in needs_approval: msg = "`{}` ({}) needs approval: {}".format(user['account_name'], user['owner'], comment) write_and_alert('/srv/atool/pending', msg, all=True) # Write the users needing staff approval back to the users file with fancy_open(options.users_file, "w", lock = True) as f: write_users(f, [user for user, comment in needs_approval])
def log_creation(user, options): with fancy_open(options.log_file, "a", lock = True) as f: sections = [user["account_name"], user["owner"], user["university_uid"], getuser(), gethostname(), 1, int(user["is_group"]), asctime(), user["responsible"]] f.write(":".join([str(i) for i in sections]) + "\n")
def filter_accounts(users, options): """Filter accounts into accepted, needs-staff-approval, and rejected.""" accepted = list(users) needs_approval = [] rejected = [] # Check for log duplicates # accepted, needs_approval, rejected = \ # _filter_log_duplicates(accepted, needs_approval, rejected, options) # Check for account name duplicates accepted, needs_approval, rejected = \ _filter_account_name_duplicates(accepted, needs_approval, rejected, options) # Check for owner duplicates accepted, needs_approval, rejected = \ _filter_owner_duplicates(accepted, needs_approval, rejected, options) # Check for CalNet UID duplicates accepted, needs_approval, rejected = \ _filter_university_uid_duplicates(accepted, needs_approval, rejected, options) # Check for email address duplicates # accepted, needs_approval, rejected = \ # _filter_email_duplicates(accepted, needs_approval, rejected, options) # Check for OCF existing account duplicates accepted, needs_approval, rejected = \ _filter_ocf_duplicates(accepted, needs_approval, rejected, options) # Check CalNet registration status accepted, needs_approval, rejected = \ _filter_registration_status(accepted, needs_approval, rejected, options) # Check for expletives and restrictions in requested usernames accepted, needs_approval, rejected = \ _filter_restricted_names(accepted, needs_approval, rejected, options) # Check that requested username is based on real name accepted, needs_approval, rejected = \ _filter_real_names(accepted, needs_approval, rejected, options) # Write the accepted users to a staging file, allowing them marinate with fancy_open(options.mid_approve, "a", lock=True) as f: write_users(f, accepted) # Email out this information _send_rejection_mail(rejected, options) return needs_approval
def create_stage(options): """Create accounts in the mid-approval stage.""" try: principal = options.admin_user + "/admin" if getattr(options, "keytab", None) is None: # Autheticate our ldap session using gssapi options.admin_password = \ getpass("{0}@OCF.BERKELEY.EDU's Password: "******"", ldap.sasl.gssapi("")) with fancy_open(options.mid_approve, lock = True, pass_missing = True, delete = True) as f: finalize_accounts(get_users(f, options), options) finally: check_call(["kdestroy"])