From 45ee8d99c6d2affa2c35aa36e66d72ec9c2e2fa5 Mon Sep 17 00:00:00 2001
From: fandrem <none@none>
Date: Mon, 2 May 2022 14:49:04 +0200
Subject: [PATCH] Feature #28491 - sid_user.py script
---
bin/sid_user.py | 57 ++++++++++++++++++++++++++++++++++++++-----------
1 file changed, 45 insertions(+), 12 deletions(-)
diff --git a/bin/sid_user.py b/bin/sid_user.py
index 2a34800..5bea449 100755
--- a/bin/sid_user.py
+++ b/bin/sid_user.py
@@ -355,6 +355,32 @@ def sid_update_user_to_resigned(diego, dfqdn, res_rw_user, user, uid, context_ui
# print('scrat %s update cmd: %s' % (str(i), to_print[250 * i:250 * (i + 1)]))
+def sid_update_user_exlude_approver_scheduler_change_management(diego, dfqdn, res_rw_user, user, uid, typeExclude, context_uid=778000000, verify=True):
+
+ results = diego.diegoGetObject(uid, context_uid)
+ logger.debug(results)
+ logger.debug('Type: ' + typeExclude)
+ block_to_update = {
+ 'uid': uid,
+ 'name': user,
+ 'context': context_uid,
+ 'type': typeExclude,
+ 'properties': {'is a': typeExclude}
+ }
+ to_print = pformat(block_to_update)
+ for i in list(range(0, int(round(len(to_print) / 250)) + 1)):
+ logger.info('scrat %s update cmd: %s' % (str(i), to_print[250 * i:250 * (i + 1)]))
+
+ ''' delete: need to check the line exist if not 409'''
+ scrat_inst = Scrat(res_rw_user, '', fqdn=dfqdn, version=2, verify=verify)
+ print(dfqdn)
+ (scratres) = scrat_inst.deleteLine(block_to_update)
+ if str(scratres) != '200':
+ print("not removed " + user + " from " + typeExclude)
+ else:
+ print("removed " + user + " from " + typeExclude)
+
+
def main():
parser = argparse.ArgumentParser(formatter_class=argparse.RawDescriptionHelpFormatter,
@@ -395,6 +421,8 @@ def main():
logger.error('should not happen')
sys.exit(1)
+ print(fqdn)
+ #exit(1)
snet_groups = 'com,mgt,net,pm,sd,sec,sup,tda'.split(',')
official_groups = ['officials']
@@ -411,6 +439,9 @@ def main():
departments = ['DIGIT.C.4', 'DIGIT.C.4.002', 'DIGIT.C.4.003', 'DIGIT.C.4.006', 'DIGIT.C.4.007', 'DIGIT.C.4.008']
+
+ # last reminder request: 04/2022
+ approver_scheduler_list = ['fournla', 'chevaju', 'gondago']
snet_results = dict()
snet_results = snet_ldap_get()
logger.debug(pformat(snet_results))
@@ -594,7 +625,8 @@ def main():
block_to_update['properties']['has access to application program'] = list()
block_to_update['properties']['has access to application program'].append(t)
- block_to_update['properties']['has as directorate general'] = ec_results['users'][user]['dg']
+ if 'dg' in ec_results['users'][user] :
+ block_to_update['properties']['has as directorate general'] = ec_results['users'][user]['dg']
block_to_update['properties']['has as long name'] = ec_results['users'][user]['givenName'] + ' ' + ec_results['users'][user]['sn']
@@ -604,11 +636,12 @@ def main():
block_to_update['properties']['has telephone number'] = ec_results['users'][user]['ecInternationalTelephoneNumber']
- block_to_update['properties']['is a member of'] = ec_results['users'][user]['departmentNumber']
+ if 'departmentNumber' in ec_results['users'][user] :
+ block_to_update['properties']['is a member of'] = ec_results['users'][user]['departmentNumber']
- if ec_results['users'][user]['c'] == 'BE':
+ if 'c' in ec_results['users'][user] and ec_results['users'][user]['c'] == 'BE':
block_to_update['properties']['is located in'] = 'Brussels'
- elif ec_results['users'][user]['c'] == 'LU':
+ elif 'c' in ec_results['users'][user] and ec_results['users'][user]['c'] == 'LU':
block_to_update['properties']['is located in'] = 'Luxembourg'
# 'com,mgt,net,pm,sd,sec,sup,tda'
@@ -734,7 +767,7 @@ def main():
if 'Visual' not in block_to_update['properties']['has access to application program']:
block_to_update['properties']['has access to application program'].append('Visual')
- if need_to_update is False and need_to_create is True:
+ if need_to_update is False and need_to_create is True and 'departmentNumber' in ec_results['users'][user]:
if ec_results['users'][user]['departmentNumber'] == 'DIGIT.C.4.007':
block_to_update['properties']['belongs to'].append('NIS')
@@ -783,11 +816,11 @@ def main():
for user in sid_s_results[1]:
if user in devnull_del_user:
continue
- if user not in sid_need_scheduler:
+ if user not in sid_need_scheduler or user not in approver_scheduler_list:
logger.error('SID user ' + user + ' should not be an scheduler.')
if not dryrun:
- # sid_update_user_to_resigned(diego, dfqdn, res_rw_user, user, sid_results[1][user]['uid'])
- pass
+ sid_update_user_exlude_approver_scheduler_change_management(diego, dfqdn, res_rw_user, user, sid_s_results[1][user]['uid'], 'scheduler')
+ #pass
else:
logger.error('dry run, user not removed from the scheduler role.')
continue
@@ -809,11 +842,11 @@ def main():
for user in sid_a_results[1]:
if user in devnull_del_user:
continue
- if user not in sid_need_approver:
+ if user not in sid_need_approver or user not in approver_scheduler_list:
logger.error('SID user ' + user + ' should not be an approver.')
if not dryrun:
- # sid_update_user_to_resigned(diego, dfqdn, res_rw_user, user, sid_results[1][user]['uid'])
- pass
+ sid_update_user_exlude_approver_scheduler_change_management(diego, dfqdn, res_rw_user, user, sid_a_results[1][user]['uid'], 'approver')
+ #pass
else:
logger.error('dry run, user not removed from the approver role.')
continue
@@ -851,7 +884,7 @@ def main():
for user in snet_account_index:
if user in devnull_user:
continue
- if ec_results['users'][user]['departmentNumber'] != department:
+ if 'departmentNumber' in ec_results['users'][user] and ec_results['users'][user]['departmentNumber'] != department:
continue
if user not in sid_d_results[1][department]['has as member']:
logger.info('SID user ' + user + ' should be addded to department ' + department + '.')
--
GitLab