Skip to content

Commit

Permalink
added option to synchronize activation status
Browse files Browse the repository at this point in the history
  • Loading branch information
balciiberk committed May 10, 2024
1 parent b8958dd commit d69903d
Showing 1 changed file with 41 additions and 3 deletions.
44 changes: 41 additions & 3 deletions vomsimporter.py
Original file line number Diff line number Diff line change
Expand Up @@ -392,6 +392,38 @@ def synchronise_aup(self, iam_user, voms_user):
logging.error("Failed AUP synchronisation for account %s with error: %s",
iam_user['id'], e.response.content)

def synchronize_activation(self, iam_user, voms_user):
url = "%s/scim/Users/%s" % (self._base_url(), iam_user['id'])
payload = {
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"operations": [
{
"op": "replace",
"value": {
"active": not voms_user['suspended']
}
}
]
}
headers = {'Content-type': 'application/scim+json'}

try:
if voms_user['suspended']:
logging.info("Suspending the user: %s", voms_user['id'])
else:
logging.info("Activating the user: %s", voms_user['id'])
r = self._s.patch(url, headers=headers, json=payload)
r.raise_for_status()
except requests.exceptions.RequestException as e:
if e.response is None:
logging.error("Failed synchronizing the activation status for account %s: %s",
iam_user['id'], e)
else:
logging.error("Failed synchronizing the activation status for account %s with error: %s",
iam_user['id'], e.response.content)

def retrieve_aup_sign_time(self, voms_user):
for aup in voms_user['aupAcceptanceRecords']:
signatureTime = aup.get('lastAcceptanceDate')
Expand Down Expand Up @@ -545,6 +577,8 @@ def import_voms_user(self, voms_user):
new_user = True

self.synchronise_aup(iam_user, voms_user)
if self._synchronize_activation_status and iam_user['active'] == voms_user['suspended']:
self.synchronize_activation(iam_user, voms_user)

iam_user_str = self.iam_user_str(iam_user)
logging.info("Syncing group/role membership for user %s",
Expand Down Expand Up @@ -766,7 +800,7 @@ def _load_email_override_csv_file(self, email_mapfile):
r['id'], r['email'])
self._email_override[int(r['id'])] = r['email']

def __init__(self, host, port, vo, ldap_host, ldap_port, protocol="https", username_attr=None, link_cern_sso=False, link_cern_sso_ldap=False, merge_accounts=False, email_mapfile=None, voms_groups=None, voms_roles=None, import_suspended_users=False):
def __init__(self, host, port, vo, ldap_host, ldap_port, protocol="https", username_attr=None, link_cern_sso=False, link_cern_sso_ldap=False, merge_accounts=False, email_mapfile=None, voms_groups=None, voms_roles=None, import_suspended_users=False, synchronize_activation_status=False):

self._host = host
self._port = port
Expand All @@ -782,6 +816,7 @@ def __init__(self, host, port, vo, ldap_host, ldap_port, protocol="https", usern
self._import_id_list = None
self._iam_groups = {}
self._import_suspended_users = import_suspended_users
self._synchronize_activation_status = synchronize_activation_status

if email_mapfile is not None:
self._load_email_override_csv_file(email_mapfile)
Expand Down Expand Up @@ -821,7 +856,8 @@ def __init__(self, args):
username_attr=args.username_attr, link_cern_sso=args.link_cern_sso,
link_cern_sso_ldap=args.link_cern_sso_ldap, ldap_host=args.cern_ldap_host, ldap_port=args.cern_ldap_port,
merge_accounts=args.merge_accounts, email_mapfile=args.email_mapfile,
voms_groups=voms_groups, voms_roles=voms_roles, import_suspended_users=args.import_suspended_users)
voms_groups=voms_groups, voms_roles=voms_roles, import_suspended_users=args.import_suspended_users,
synchronize_activation_status=args.synchronize_activation_status)

self._import_id = uuid.uuid4()
self._voms_user_ids = []
Expand Down Expand Up @@ -1032,7 +1068,9 @@ def init_argparse():
parser.add_argument('--id-file', required=False,
help="Limits import to VOMS users matching whose id is listed in the file (one id per line).", default=None, dest="id_file")
parser.add_argument('--import-suspended-users', required=False,
help="Imports the accounts that are suspended on VOMS Admin", default=False, action="store_true", dest="import_suspended_users")
help="Imports the suspended accounts and suspended certificates on VOMS Admin", default=False, action="store_true", dest="import_suspended_users")
parser.add_argument('--synchronize-activation-status', required=False,
help="Activates or suspends existing users depending on their status on VOMS Admin", default=False, action="store_true", dest="synchronize_activation_status")
return parser


Expand Down

0 comments on commit d69903d

Please sign in to comment.