/** * Deletes a sudo policy based on the policy name. * * @static * @param $sudoername * @return bool */ static function deleteSudoer( $sudoername ) { global $wgAuth; OpenStackNovaLdapConnection::connect(); $sudoer = new OpenStackNovaSudoer( $sudoername ); if ( ! $sudoer ) { $wgAuth->printDebug( "Sudoer $sudoername does not exist", NONSENSITIVE ); return false; } $dn = $sudoer->sudoerDN; $success = LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $dn ); if ( $success ) { $wgAuth->printDebug( "Successfully deleted sudoer $sudoername", NONSENSITIVE ); return true; } else { $wgAuth->printDebug( "Failed to delete sudoer $sudoername", NONSENSITIVE ); return false; } }
/** * Deletes a sudo policy based on the policy name. * * @static * @param $sudoername * @param $projectName * @return bool */ static function deleteSudoer($sudoername, $projectName) { global $wgAuth; global $wgMemc; OpenStackNovaLdapConnection::connect(); $project = OpenStackNovaProject::getProjectByName($projectName); $sudoer = new OpenStackNovaSudoer($sudoername, $project); if (!$sudoer) { $wgAuth->printDebug("Sudoer {$sudoername} does not exist", NONSENSITIVE); return false; } $dn = $sudoer->sudoerDN; $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $dn); if ($success) { $wgAuth->printDebug("Successfully deleted sudoer {$sudoername}", NONSENSITIVE); $key = wfMemcKey('openstackmanager', 'sudoerinfo', $projectName . $sudoername); $wgMemc->delete($key); return true; } else { $wgAuth->printDebug("Failed to delete sudoer {$sudoername}", NONSENSITIVE); return false; } }
/** * Deletes a project group based on project name. * * @param $projectname String * @return bool */ static function deleteProjectGroup($projectname) { global $wgAuth; global $wgOpenStackManagerLDAPProjectGroupBaseDN; OpenStackNovaLdapConnection::connect(); $projectGroupName = self::$prefix . $projectname; $projectGroupDN = 'cn=' . $projectGroupName . ',' . $wgOpenStackManagerLDAPProjectGroupBaseDN; $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $projectGroupDN); if ($success) { $wgAuth->printDebug("Successfully deleted project group {$projectGroupDN}", NONSENSITIVE); } else { $wgAuth->printDebug("Failed to delete project group {$projectGroupDN}: " . ldap_error($wgAuth->ldapconn), NONSENSITIVE); } return $success; }
/** * @static * @param $groupName * @param $project OpenStackNovaProject * @return bool */ static function deleteServiceGroup($groupName, $project) { global $wgAuth; global $wgMemc; $group = self::getServiceGroupByName($groupName, $project); if (!$group) { $wgAuth->printDebug("We are trying to delete a nonexistent service group, {$groupName}", NONSENSITIVE); return false; } # Delete our special member. $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $group->getSpecialUserDN()); if ($success) { $wgAuth->printDebug("Successfully deleted service user {$groupName}", NONSENSITIVE); } else { $wgAuth->printDebug("Failed to delete service user {$groupName}", NONSENSITIVE); return false; } # Now delete the group. $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $group->groupDN); if ($success) { $wgAuth->printDebug("Successfully deleted service group {$groupName}", NONSENSITIVE); $key = wfMemcKey('openstackmanager', 'servicegroup', $groupName); $wgMemc->delete($key); } else { $wgAuth->printDebug("Failed to delete service group {$groupName}", NONSENSITIVE); return false; } return true; }
/** * Deletes a project based on project name. This function will also delete all roles * associated with the project. * * @param $projectname String * @return bool */ static function deleteProject($projectname) { global $wgAuth; OpenStackNovaLdapConnection::connect(); $project = new OpenStackNovaProject($projectname); if (!$project) { return false; } $dn = $project->projectDN; # Projects can have roles as sub-entries, we need to delete them first $result = LdapAuthenticationPlugin::ldap_list($wgAuth->ldapconn, $dn, 'objectclass=*'); $roles = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result); array_shift($roles); foreach ($roles as $role) { $roledn = $role['dn']; $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $roledn); if ($success) { $wgAuth->printDebug("Successfully deleted role {$roledn}", NONSENSITIVE); } else { $wgAuth->printDebug("Failed to delete role {$roledn}", NONSENSITIVE); } } $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $dn); if ($success) { $wgAuth->printDebug("Successfully deleted project {$projectname}", NONSENSITIVE); return true; } else { $wgAuth->printDebug("Failed to delete project {$projectname}", NONSENSITIVE); return false; } }
/** * Delete this host * * @return bool */ function deleteHost() { global $wgAuth; # Grab the domain now, before we delete the entry and it's no longer there to grab. $domain = $this->getDomain(); $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $this->hostDN); if ($success) { $domain->updateSOA(); $wgAuth->printDebug("Successfully deleted host {$this->hostDN}", NONSENSITIVE); return true; } else { $wgAuth->printDebug("Failed to delete host {$this->hostDN}", NONSENSITIVE); return false; } }
public function execute() { global $wgOpenStackManagerLDAPUsername; global $wgAuth; $user = new OpenStackNovaUser($wgOpenStackManagerLDAPUsername); $projects = OpenStackNovaProject::getAllProjects(); $failedSync = false; $attempt_count = 0; $synced_count = 0; $failed_count = 0; /** * @var $project OpenStackNovaProject */ foreach ($projects as $project) { // actually load the project info from ldap // (getAllProjects() doesn't do this) $project->fetchProjectInfo(); $projectName = $project->getProjectName(); $oldServiceGroupOUDN = 'ou=groups,' . $project->getProjectDN(); $oldServiceUserOUDN = 'ou=people,' . $project->getProjectDN(); $result = LdapAuthenticationPlugin::ldap_search($wgAuth->ldapconn, $oldServiceGroupOUDN, '(objectclass=groupofnames)'); if ($result) { $this->serviceGroups = array(); $groupList = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result); if (isset($groupList)) { array_shift($groupList); foreach ($groupList as $groupEntry) { $deleteme = "cn=" . $groupEntry['cn'][0] . "," . $oldServiceGroupOUDN; print "needs deleting: " . $deleteme . "..."; $attempt_count++; $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $deleteme); if ($success) { $synced_count++; print "done.\n"; } else { $failed_count++; print "FAILED\n"; } } } } $result = LdapAuthenticationPlugin::ldap_search($wgAuth->ldapconn, $oldServiceUserOUDN, '(objectclass=person)'); if ($result) { $this->serviceGroups = array(); $groupList = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result); if (isset($groupList)) { array_shift($groupList); foreach ($groupList as $groupEntry) { $deleteme = "uid=" . $groupEntry['cn'][0] . "," . $oldServiceUserOUDN; print "user needs deleting: " . $deleteme . "..."; $attempt_count++; $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $deleteme); if ($success) { $synced_count++; print "done.\n"; } else { $failed_count++; print "FAILED\n"; } } } } $deleteme = $oldServiceGroupOUDN; print "ou needs deleting: " . $deleteme . "..."; $attempt_count++; $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $deleteme); if ($success) { $synced_count++; print "done.\n"; } else { $failed_count++; print "FAILED\n"; } $deleteme = $oldServiceUserOUDN; print "ou needs deleting: " . $deleteme . "..."; $attempt_count++; $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $deleteme); if ($success) { $synced_count++; print "done.\n"; } else { $failed_count++; print "FAILED\n"; } } $this->output("{$attempt_count} items needed cleanup. {$synced_count} removed, {$failed_count} failed.\n"); $this->output("Done.\n"); return $failed_count == 0; }
/** * Deletes a domain based on the domain's short name. Will fail to * delete the domain if any host entries still exist in the domain. * * @static * @param $domainname * @return bool */ static function deleteDomain( $domainname ) { global $wgAuth; OpenStackNovaLdapConnection::connect(); $domain = new OpenStackNovaDomain( $domainname ); if ( ! $domain ) { $wgAuth->printDebug( "Domain $domainname does not exist", NONSENSITIVE ); return false; } $dn = $domain->domainDN; # Domains can have records as sub entries. If sub-entries exist, fail. $result = LdapAuthenticationPlugin::ldap_list( $wgAuth->ldapconn, $dn, 'objectclass=*' ); $hosts = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result ); if ( $hosts['count'] != "0" ) { $wgAuth->printDebug( "Failed to delete domain $domainname, since it had sub entries", NONSENSITIVE ); return false; } $success = LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $dn ); if ( $success ) { $wgAuth->printDebug( "Successfully deleted domain $domainname", NONSENSITIVE ); return true; } else { $wgAuth->printDebug( "Failed to delete domain $domainname, since it had sub entries", NONSENSITIVE ); return false; } }
/** * Deletes a host based on its instanceid. * * @static * @param $instanceid * @return bool */ static function deleteHostByInstanceId( $instanceid ) { global $wgAuth; OpenStackNovaLdapConnection::connect(); $host = OpenStackNovaHost::getHostByInstanceId( $instanceid ); if ( ! $host ) { $wgAuth->printDebug( "Failed to delete host $instanceid as the DNS entry does not exist", NONSENSITIVE ); return false; } $dn = $host->hostDN; $domain = $host->getDomain(); $success = LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $dn ); if ( $success ) { $domain->updateSOA(); $wgAuth->printDebug( "Successfully deleted host $instanceid", NONSENSITIVE ); return true; } else { $wgAuth->printDebug( "Failed to delete host $instanceid", NONSENSITIVE ); return false; } }
/** * Deletes a project based on project name. This function will also delete all roles * associated with the project. * * @param $projectname String * @return bool */ static function deleteProject($projectname) { global $wgAuth; OpenStackNovaLdapConnection::connect(); $project = new OpenStackNovaProject($projectname); if (!$project) { return false; } $dn = $project->projectDN; # Projects can have roles as sub-entries, we need to delete them first $result = LdapAuthenticationPlugin::ldap_list($wgAuth->ldapconn, $dn, 'objectclass=*'); $roles = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result); array_shift($roles); foreach ($roles as $role) { $roledn = $role['dn']; $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $roledn); if ($success) { $wgAuth->printDebug("Successfully deleted role {$roledn}", NONSENSITIVE); } else { $wgAuth->printDebug("Failed to delete role {$roledn}", NONSENSITIVE); } } # Projects can have a separate group entry. If so, delete it now. if (OpenStackNovaProject::useProjectGroup()) { OpenStackNovaProjectGroup::deleteProjectGroup($projectname); } # Projects have a sudo OU and sudoers entries below that OU, we must delete them first $sudoers = OpenStackNovaSudoer::getAllSudoersByProject($project->getProjectName()); foreach ($sudoers as $sudoer) { $success = OpenStackNovaSudoer::deleteSudoer($sudoer->getSudoerName(), $project->getProjectName()); if ($success) { $wgAuth->printDebug("Successfully deleted sudoer " . $sudoer->getSudoerName(), NONSENSITIVE); } else { $wgAuth->printDebug("Failed to delete sudoer " . $sudoer->getSudoerName(), NONSENSITIVE); } } $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $project->getSudoersDN()); if ($success) { $wgAuth->printDebug("Successfully deleted sudoers OU " . $project->getSudoersDN(), NONSENSITIVE); } else { $wgAuth->printDebug("Failed to delete sudoers OU " . $project->getSudoersDN(), NONSENSITIVE); } # And, we need to clean up service groups. $servicegroups = $project->getServiceGroups(); foreach ($servicegroups as $group) { $groupName = $group->groupName; $success = OpenStackNovaServiceGroup::deleteServiceGroup($groupName, $project); if ($success) { $wgAuth->printDebug("Successfully deleted service group " . $groupName, NONSENSITIVE); } else { $wgAuth->printDebug("Failed to delete servie group " . $groupName, NONSENSITIVE); } } $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $dn); if ($success) { $wgAuth->printDebug("Successfully deleted project {$projectname}", NONSENSITIVE); return true; } else { $wgAuth->printDebug("Failed to delete project {$projectname}", NONSENSITIVE); return false; } }