hosts

44b3b7e4 · shirenn · shirenn · 1535c68a · 44b3b7e4 · 44b3b7e4
Commit 44b3b7e4 authored 3 years ago by shirenn 🌊 Committed by shirenn 3 years ago
--- a/.gitignore
+++ b/.gitignore
 proxmox-user.json
+generated/
--- a/proxmox-user.py
+++ b/proxmox-user.py
@@ -25,7 +25,9 @@ if __name__ == '__main__':
 	parser = argparse.ArgumentParser(
 		description="Generate user configuration for proxmox",
 	)
-	parser.add_argument('-e', '--export', help='Exporte la configuration vers la sortie standartd', action='store_true')
+	group = parser.add_mutually_exclusive_group()
+	group.add_argument('-e', '--export', help='Export the user configuration to stdout', action='store_true')
+	group.add_argument('-p', '--path', help='Select path to export user configuration', default='/etc/pve')
 	args = parser.parse_args()

 	with open(os.path.join(path, 'proxmox-user.json')) as file:
@@ -36,7 +38,8 @@ if __name__ == '__main__':
 	for target,cfg in config['ldap'].items():
 		base[target] = connect(cfg)
 		field = 'uid' if cfg['realm'] == 'pam' else 'cn'
-		users_qid = base[target].search(cfg['userBase'], ldap.SCOPE_ONELEVEL, 'objectClass=inetOrgPerson')
+		users_qid = base[target].search(cfg['userBase'], ldap.SCOPE_ONELEVEL, 'objectClass=inetOrgPerson',
+			attrlist=['givenName', 'sn', 'mail', 'userPassword', field])
 		users_q = base[target].result(users_qid)[1]
 		for dn, entries in users_q:
 			uid = entries[field][0].decode('utf-8')
@@ -49,7 +52,8 @@ if __name__ == '__main__':
 	groups = {}
 	acls = []
 	# Recover groups with admin privileges
-	nounous_qid = base['admin'].search('dc=crans,dc=org', ldap.SCOPE_SUBTREE, 'cn=_nounou')
+	nounous_qid = base['admin'].search('dc=crans,dc=org', ldap.SCOPE_SUBTREE, 'cn=_nounou',
+		attrlist=['memberUid'])
 	nounous = base['admin'].result(nounous_qid)[1][0][1]
 	nounous = { user.decode('utf-8') for user in nounous['memberUid'] }
 	apprentis = set(users['admin'].keys()) - nounous
@@ -61,7 +65,8 @@ if __name__ == '__main__':
 	# Recover clubs
 	if 'user' in config['ldap']:
 		clubs_qid = base['user'].search('ou=clubs,dc=adh,dc=crans,dc=org',
-			ldap.SCOPE_ONELEVEL, 'objectClass=organization')
+			ldap.SCOPE_ONELEVEL, 'objectClass=organization',
+			attrlist=['description', 'o'])
 		clubs_q = base['user'].result(clubs_qid)[1]
 		for dn, entries in clubs_q:
 			club = entries['o'][0].decode('utf-8')
@@ -69,6 +74,17 @@ if __name__ == '__main__':
 				groups[club] = ','.join(
 					[ '{}@pve'.format(user.decode('utf-8')) for user in entries['description'] ]
 				)
+		hosts_qid = base['user'].search('ou=hosts,dc=adh,dc=crans,dc=org',
+			ldap.SCOPE_ONELEVEL, '(&(objectClass=device)(serialNumber=*))',
+			attrlist=['serialNumber', 'owner'])
+		hosts_q = base['user'].result(hosts_qid)[1]
+		for dn,host in hosts_q:
+			vmid = host['serialNumber'][0].decode('utf-8')
+			for owner in host['owner']:
+				owner = owner.decode('utf-8').split(',')
+				o = owner[0].split('=')[1]
+				owner = f'@{o}' if owner[1] == 'ou=clubs' else '{}@{}'.format(o,config['user']['realm'])
+				acls.append({'propagate': 0, 'role': 'VMUser', 'target': owner, 'path': f'/vms/{vmid}'})

 	passwords = {}
 	user_db = {}
@@ -76,7 +92,7 @@ if __name__ == '__main__':
 		for user,info in users[target].items():
 			user_db['{}@{}'.format(user,cfg['realm'])] = info
 			if cfg['realm'] == 'pve':
-				passwords[user] = info['userPassword']
+				passwords[user] = info['userPassword'].replace('{CRYPT}','')
 	users = user_db

 	with open(os.path.join(path, 'templates', 'user.cfg.j2')) as template:
@@ -93,3 +109,8 @@ if __name__ == '__main__':
 		print('# | -> priv/shadow.cfg |')
 		print('# +--------------------+')
 		print(shadow_template.render(users=passwords))
+	else:
+		with open(os.path.join(args.path, 'user.cfg'), 'w') as file:
+			file.write(user_template.render(users=users, groups=groups, acls=acls))
+		with open(os.path.join(args.path, 'priv/shadow.cfg'), 'w') as file:
+			file.write(shadow_template.render(users=passwords))