first commit, this is clean and configurable code now

git-svn-id: https://textgridlab.org/svn/textgrid/trunk/middleware/tgauth@8277 7c539038-3410-0410-b1ec-0f2a7bf1c452

first commit, this is clean and configurable code now
90835b0e · Martin Haase · f3d4d921 · 90835b0e · 90835b0e · 90835b0e
Commit 90835b0e authored 14 years ago by Martin Haase
--- a/info.textgrid.middleware.tgauth.vomrs2gridmap/00Install.txt
+++ b/info.textgrid.middleware.tgauth.vomrs2gridmap/00Install.txt
+How to proceed when installing vomrs2gridmap.
+
+1. checkout the sources into <progdir>
+2. checkout the VOMRS Soapclient from their site and put it under <progdir>/VOMRSclient
+3. compile printMemberDNs.java which will fetch the members
+4. adapt auth.properties-dist and save it as auth.properties. You will need to specify credentials belonging known in VOMRS and authorized to call getMembers().
+4. adapt <progdir>/etc/vomrs2gridmap.conf-dist and save it there under ...conf
+5. adapt the library path in runPrintMemberDNSsClient.sh to point to <progdir>/VOMRSclient/lib/*
+
+Then do a dry run by just firing vomrs2gridmap, and if everything looks o.k. force system write using -w.
+
--- a/info.textgrid.middleware.tgauth.vomrs2gridmap/00Readme.txt
+++ b/info.textgrid.middleware.tgauth.vomrs2gridmap/00Readme.txt
+# vomrs2gridmap - fetches Member DNs from a VOMRS server and adds them
+#                 to the system's Globus Toolkit Grid-mapfile, creating
+#                 the system accounts being mapped to on the fly.
+
+See file 00Install.txt for installation procedure.
+
+BUGS
+surely many.
+
+* one known caveat: when a member will be deleted from VOMRS, it won't
+  be from the gridmapfile. This is intended as the program by now
+  cannot tell which entries other processes or admins added to the
+  file and which ones it added itself.
+
--- a/info.textgrid.middleware.tgauth.vomrs2gridmap/auth.properties-dist
+++ b/info.textgrid.middleware.tgauth.vomrs2gridmap/auth.properties-dist
+sslCAFiles = /etc/grid-security/certificates/*.0
+sslKey = /root/.globus/voadmin-userkey.pem
+sslCertfile = /root/.globus/voadmin-usercert.pem
--- a/info.textgrid.middleware.tgauth.vomrs2gridmap/etc/vomrs2gridmap.conf-dist
+++ b/info.textgrid.middleware.tgauth.vomrs2gridmap/etc/vomrs2gridmap.conf-dist
+
+gridmapfilepath = /etc/grid-security/grid-mapfile
+
+vomsurl = https://voms.example.org:8443/vomrs/testvo/services/VOMRS
+
+vomrsfetchprogram = /path/to/vomrs2gridmap/runPrintMemberDNSsClient.sh
+
+accountprefix = sltv 
+# sl stands for SLC-Gap (instead of official D-Grid dg), tv could be a test vo.
--- a/info.textgrid.middleware.tgauth.vomrs2gridmap/etc/vomrs2gridmap.sys
+++ b/info.textgrid.middleware.tgauth.vomrs2gridmap/etc/vomrs2gridmap.sys
+progname = "vomrs2gridmap"
+
+version = 0.2
+
+date = "2011-01-04"
+<author>
+   name  = "Martin Haase" 
+   org= "DAASI International GmbH"
+   mail = "martin.haase@daasi.de"
+</author>
+
+<copyright>
+text1 = Copyright (c) 2010 DAASI International GmbH
+text2 = This library is free software; you can redistribute it and/or \
+modify it under the same terms as Perl itself.
+</copyright>
+
+progshortdescr = "manages grid-mapfile using VOMRS Member data"
+
+<progdescription>
+text01 = fetches Member DNs from a VOMRS server and adds them
+text02 = to the system's Globus Toolkit Grid-mapfile, creating
+text03 = the system accounts being mapped to on the fly.
+</progdescription>
+ 
+<bugs>
+text = Please report bugs to martin.haase@daasi.de
+</bugs>
+
+<additions example>
+text1 = "For getting this manpage: "
+text2 = "   vomrs2gridmap -h"
+</additions>
+
+<additions requirements>
+text1 = "Following modules are required: "
+text2 = Data::Dump 
+text3 = Set::Scalar
+text4 = DAASIlib::CONF
+text5 = DAASIlib::DATA
+</additions>
+
+<options write_to_system>
+        key = "w"
+        must = 0
+        description = "does not make a dry run, i.e. write to grid-mapfile and system users file. Unless -w is specified, nothing is really written into the system"
+        arg = 0
+	default = 0
+</options>
+
+<options printhelp>
+        key = "h"
+        must = 0
+        description = "prints out the manpage"
+        arg = 0
+</options>
+
+<options helpfeature>
+        key = "H"
+        must = 0
+        description = "prints out description of the feature referenced by \
+        commandline flag or config file token. "
+        arg = 1
+</options>
+
+<options configfile>
+        key = "c"
+        must = 0
+        description = Name of the user config file with absolute or relative path.
+        arg = 1
+        argtype = "filename_exist_subdir_etc"
+        default = "./etc/vomrs2gridmap.conf"
+</options>
--- a/info.textgrid.middleware.tgauth.vomrs2gridmap/printMemberDNs.java
+++ b/info.textgrid.middleware.tgauth.vomrs2gridmap/printMemberDNs.java
+import fnal.vox.vomrs.client.SoapClient; 
+
+public class printMemberDNs {            
+    public static void main(String [] args) throws Exception { 
+	if (args.length < 1) {
+	    System.out.println("Sorry, not enough information, cannot proceed");
+	    System.out.println("I want a VOMRS URL as argument, e.g. https://example.org:8443/vomrs/testvo/services/VOMRS");
+	    return;
+	}
+	String vomsurl = args[0];
+
+        SoapClient sc = new SoapClient(vomsurl);
+	
+	// getMembers
+        Object o = sc.execute("getMembers",new String[]{}); 
+	String members[] = (String[]) o;
+	for (String s : members) {
+	    System.out.println(s);
+	}
+    } 
+} 
--- a/info.textgrid.middleware.tgauth.vomrs2gridmap/runPrintMemberDNSsClient.sh
+++ b/info.textgrid.middleware.tgauth.vomrs2gridmap/runPrintMemberDNSsClient.sh
+#!/bin/sh
+
+export CLASSPATH="/path/to/vomrs2gridmap/VOMRSclient/lib/*:."
+
+java -Daxis.socketSecureFactory=org.glite.security.trustmanager.axis.AXISSocketFactory -DsslConfigFile=auth.properties printMemberDNs "$@"
+
+
--- a/info.textgrid.middleware.tgauth.vomrs2gridmap/vomrs2gridmap
+++ b/info.textgrid.middleware.tgauth.vomrs2gridmap/vomrs2gridmap
+#!/usr/bin/perl -w
+#
+#
+# vomrs2gridmap - fetches Member DNs from a VOMRS server and adds them
+#                 to the system's Globus Toolkit Grid-mapfile, creating 
+#                 the system accounts being mapped to on the fly.
+#
+#
+# Author: Martin Haase / DAASI International GmbH / Gap-SLC
+#
+# History:
+# version 0.1 2010-12-17 first poc
+# version 0.2 2011-01-04 configuration using DAASIlib and documentation
+#
+
+
+use Data::Dump qw(dump);
+use Set::Scalar;
+
+use DAASIlib::CONF qw (is_debug);
+use DAASIlib::Data;
+# these two need: IO::Prompt, Log::Log4perl, DBI, DAASIlib::Gettext, Config::General
+
+
+### configuration management 
+my $data = new DAASIlib::Data;
+my ($progname, $progpath, $etcdir, $sysconfig) = $data->getProgramFiles($0);
+
+my $conf = new DAASIlib::CONF;
+$conf->loadConfig($sysconfig, $progpath, $etcdir);
+
+
+###### CONSTANTS
+
+$DRY_RUN = 1;
+if (defined $conf->{data}->{write_to_system} && $conf->{data}->{write_to_system}) { $DRY_RUN = 0 }
+
+$vomrsfetchprogram = $conf->{data}->{vomrsfetchprogram};
+$vomsurl = $conf->{data}->{vomsurl};
+$gridmapfilepath = $conf->{data}->{gridmapfilepath};
+$accountprefix = $conf->{data}->{accountprefix};
+
+###### Main Logic
+$vomsDNs = fetch_from_vomrs($vomrsfetchprogram,$vomsurl);
+%previousgridmap = parse_gridmap ( $gridmapfilepath );
+$previousDNs = new Set::Scalar(keys %previousgridmap);
+$newDNs = $vomsDNs->difference($previousDNs);
+$highestsuffix = find_last_account($accountprefix, values %previousgridmap);
+
+open F, ">>$gridmapfilepath";
+foreach $dn ($newDNs->members) {
+    $highestsuffix++;
+    my $newaccount = sprintf ("$accountprefix%04d", $highestsuffix);
+    if ($DRY_RUN) {
+	print STDOUT "Would be adding '$dn' to grid-mapfile and $newaccount to system.\n";
+    } else {
+	print F "\"$dn\" $newaccount\n";
+	system "useradd --comment 'Account created by Pseudo-DGridMap-Script in TextGrid/Gap-SLC project for DN ($dn)' --create-home $newaccount";
+    }
+}
+close F;
+print STDOUT ($DRY_RUN?"Would have written ":"Wrote ").$newDNs->size." entries.\n";
+if ($DRY_RUN) {
+    print STDOUT "This has been a DRY RUN, did NOT alter anything on the system nor write grid-mapfile. After verifying from the logs that everything is correct, you can force this with -w.\n";
+}
+
+
+######################## SUBs
+
+### find out what the highest account assigned so far is (e.g. sltx0003 yields 3)
+sub find_last_account {
+    my $accountprefix = shift;
+    my @previousaccounts = @_;
+
+    my @previousprefixedaccounts = sort (grep {m/^$accountprefix/;} @previousaccounts);
+    my $highestsuffix = -1;
+    if (scalar @previousprefixedaccounts > 0) {
+	$previousprefixedaccounts[-1] =~ m/$accountprefix(\d+)/;
+	$highestsuffix = $1;
+    }
+    return $highestsuffix;
+}
+
+
+
+sub fetch_from_vomrs {
+    my ($vomrsfetchprogram,$vomsurl) =@_;
+    
+    open VOMSDNS, "$vomrsfetchprogram $vomsurl|";
+    # skip first two lines
+    <VOMSDNS>;
+    <VOMSDNS>;
+    
+    $vomsDNs = new Set::Scalar();
+    $i = 0;
+    while (<VOMSDNS>) {
+	$i++;
+	if ($i % 2 == 1) { # only odd lines contain user DNs, and even lines yield CA DNs for the user in the line before
+	    chomp;
+	    $vomsDNs->insert($_);
+	} 
+    }
+    close VOMSDNS;
+    return $vomsDNs;
+}
+
+sub parse_gridmap {
+    my ($path) = @_;
+
+    my %h = ();
+    open F, $path;
+    while (<F>) {
+	# Format: 
+	# "/C=DE/O=DFN-Verein/OU=DFN-PKI/OU=SLCS/OU=DAASI International GmbH/CN=Tanja Test - tanja.test@idp01.nds.daasi.de" ttest
+	m/"([^"]+)\" (\S+)/;
+	$h{$1} = $2; # dn => uid
+    }
+    close F;
+    return %h;
+}