public function execute() { global $wgAuth; global $wgOpenStackManagerLDAPUsername; global $wgOpenStackManagerLDAPUserPassword; $user = new OpenStackNovaUser($wgOpenStackManagerLDAPUsername); $userNova = OpenStackNovaController::newFromUser($user); $projects = OpenStackNovaProject::getAllProjects(); # HACK (please fix): Keystone doesn't deliver services and endpoints unless # a project token is returned, so we need to feed it a project. Ideally this # should be configurable, and not hardcoded like this. $userNova->setProject('bastion'); $userNova->authenticate($wgOpenStackManagerLDAPUsername, $wgOpenStackManagerLDAPUserPassword); $regions = $userNova->getRegions('compute'); foreach ($regions as $region) { $this->output("Running region : " . $region . "\n"); foreach ($projects as $project) { $projectName = $project->getProjectName(); $this->output("Running project : " . $projectName . "\n"); $userNova->setProject($projectName); $userNova->setRegion($region); $instances = $userNova->getInstances(); if (!$instances) { $wgAuth->printDebug("No instance, continuing", NONSENSITIVE); continue; } foreach ($instances as $instance) { $this->output("Updating instance : " . $instance->getInstanceId() . "\n"); $instance->editArticle($userNova); } } } $this->output("Done.\n"); }
function execute() { $this->params = $this->extractRequestParams(); $this->userLDAP = new OpenStackNovaUser(); switch ($this->params['subaction']) { case 'getall': if (isset($this->params['project'])) { $projects = array(OpenStackNovaProject::getProjectByName($this->params['project'])); } else { $projects = OpenStackNovaProject::getAllProjects(); } $data = array(); foreach ($projects as $project) { $project->fetchProjectInfo(); if (!$project->loaded) { continue; } $projectName = $project->getProjectName(); $data[$projectName]['members'] = $project->getMembers(); $data[$projectName]['roles'] = array(); foreach ($project->getRoles() as $role) { $roleName = $role->getRoleName(); $data[$projectName]['roles'][$roleName] = array('members' => $role->getMembers()); $this->getResult()->setIndexedTagName($data[$projectName]['roles'][$roleName]['members'], 'member'); } $this->getResult()->setIndexedTagName($data[$projectName]['members'], 'member'); $this->getResult()->setIndexedTagName($data[$projectName]['roles'], 'roles'); } $this->getResult()->addValue(null, $this->getModuleName(), $data); break; case 'getuser': $data = array(); if ($this->params['username']) { $user = new OpenStackNovaUser($this->params['username']); } else { $user = $this->userLDAP; } $projectNames = $user->getProjects(); foreach ($projectNames as $projectName) { $project = OpenStackNovaProject::getProjectByName($projectName); $project->fetchProjectInfo(); if (!$project->loaded) { continue; } $projectName = $project->getProjectName(); $data[$projectName] = array(); $data[$projectName]['roles'] = array(); foreach ($project->getRoles() as $role) { if ($role->userInRole($user)) { $data[$projectName]['roles'][] = $role->getRoleName(); } } $this->getResult()->setIndexedTagName($data[$projectName]['roles'], 'role'); } $this->getResult()->setIndexedTagName($data, 'project'); $this->getResult()->addValue(null, $this->getModuleName(), $data); break; } }
public function execute() { global $wgAuth; global $wgOpenStackManagerLDAPUsername; global $wgOpenStackManagerLDAPUserPassword; if ($this->hasOption('all-instances')) { if ($this->hasOption('region')) { $this->error("--all-instances cannot be used with --region.\n", true); } $instancelist = array(); $user = new OpenStackNovaUser($wgOpenStackManagerLDAPUsername); $userNova = OpenStackNovaController::newFromUser($user); $projects = OpenStackNovaProject::getAllProjects(); $userNova->setProject('bastion'); $userNova->authenticate($wgOpenStackManagerLDAPUsername, $wgOpenStackManagerLDAPUserPassword); $regions = $userNova->getRegions('compute'); foreach ($regions as $region) { foreach ($projects as $project) { $projectName = $project->getProjectName(); $userNova->setProject($projectName); $userNova->setRegion($region); $instances = $userNova->getInstances(); if ($instances) { foreach ($instances as $instance) { $instancelist[] = array($region, $instance->getInstanceName(), $projectName); } } } } } elseif ($this->hasOption('name')) { if (!$this->hasOption('region')) { $this->error("--name requires --region.\n", true); } if (!$this->hasOption('project')) { $this->error("--name requires --project.\n", true); } $instancelist = array(array($this->getOption('region'), $this->getOption('name'), $this->getOption('project'))); } else { $this->error("Must specify either --name or --all-instances.\n", true); } if (!class_exists('OpenStackNovaHost')) { $this->error("Couldn't find OpenStackNovaHost class.\n", true); } OpenStackNovaLdapConnection::connect(); foreach ($instancelist as $instancepair) { list($instanceregion, $instancename, $instanceproject) = $instancepair; $host = OpenStackNovaHost::getHostByNameAndProject($instancename, $instanceproject, $instanceregion); if (!$host) { print "Skipping {$instancename}.{$instanceproject}.{$instanceregion}; not found.\n"; continue; } print "\nFor instance {$instancename} in region {$instanceregion} and project {$instanceproject}:\n\n"; $namefqdn = $instancename . '.' . $instanceproject . '.' . $instanceregion . '.' . 'wmflabs'; $host->addAssociatedDomain($namefqdn); } }
public function execute() { $projects = OpenStackNovaProject::getAllProjects(); foreach ($projects as $project) { $projectName = $project->getProjectName(); $project->fetchProjectInfo(); $this->output("Running project : " . $projectName . "\n"); $project->editArticle(); } $this->output("Done.\n"); }
public function execute() { global $wgOpenStackManagerLDAPUsername; global $wgOpenStackManagerServiceGroupPrefix; $user = new OpenStackNovaUser($wgOpenStackManagerLDAPUsername); $projects = OpenStackNovaProject::getAllProjects(); $failedSync = false; $attempt_count = 0; $synced_count = 0; $failed_count = 0; /** * @var $project OpenStackNovaProject */ foreach ($projects as $project) { // actually load the project info from ldap // (getAllProjects() doesn't do this) $project->fetchProjectInfo(); $projectName = $project->getProjectName(); $serviceGroups = $project->getServiceGroups(); foreach ($serviceGroups as $serviceGroup) { $fullGroupName = $serviceGroup->getGroupName(); if (strpos($fullGroupName, $wgOpenStackManagerServiceGroupPrefix, 0) === 0) { $groupName = substr($fullGroupName, strlen($wgOpenStackManagerServiceGroupPrefix)); } else { $groupName = $fullGroupName; } $groupMembers = $serviceGroup->getMembers(); if (empty($groupMembers)) { continue; } $originalMember = $groupMembers[0]; $retval = OpenStackNovaServiceGroup::createServiceGroup($groupName, $project, $this->updateMemberName($originalMember, $project)); $attempt_count++; if ($retval) { $this->output("Succeeded copying service group {$groupName} in {$projectName}\n"); $synced_count++; foreach ($groupMembers as $member) { if ($member === $originalMember) { continue; } $serviceGroup->addMember($this->updateMemberName($member, $project)); } } else { $this->output("Failed copying service group {$groupName} in {$projectName}\n"); $failedSync = true; $failed_count++; } } } $this->output("{$attempt_count} service groups were synced, {$synced_count} changed, {$failed_count} failed.\n"); $this->output("Done.\n"); // return true if there were no failed syncs return !$failedSync; }
public function run() { $projects = OpenStackNovaProject::getAllProjects(); foreach ($projects as $project) { $this->getResult()->addValue(array('query', $this->getModuleName()), null, $project->getName()); } if (defined('ApiResult::META_CONTENT')) { $this->getResult()->addIndexedTagName(array('query', $this->getModuleName()), 'project'); } else { $this->getResult()->setIndexedTagName_internal(array('query', $this->getModuleName()), 'project'); } }
/** * Default action * @return void */ function listInstances() { $this->setHeaders(); $this->getOutput()->addModules('ext.openstack.Instance'); $projects = OpenStackNovaProject::getProjectsByName($this->userLDAP->getProjects()); $instanceOut = ''; $ownedProjects = array(); $instanceCount = 0; foreach ($projects as $project) { $projectName = $project->getProjectName(); $instancesInProject = 0; if ($this->userLDAP->inRole('projectadmin', $projectName)) { $ownedProjects[] = $projectName; } $projectactions = array('projectadmin' => array()); $regions = ''; $this->userNova->setProject($projectName); foreach ($this->userNova->getRegions('compute') as $region) { $regionactions = array(); $thisCount = 0; $instances = $this->getInstances($projectName, $region, $thisCount); $instancesInProject += $thisCount; if ($thisCount > 0) { $regions .= $this->createRegionSection($region, $projectName, $regionactions, $instances); } } if ($instancesInProject) { $instanceOut .= $this->createProjectSection($projectName, $projectactions, $regions); $instanceCount += $instancesInProject; } else { } } $out = ''; if ($ownedProjects) { $this->getOutput()->setPagetitle($this->msg('openstackmanager-ownedprojects', count($ownedProjects))); foreach ($ownedProjects as $ownedProject) { $projectNameOut = $this->createResourceLink($ownedProject); $out .= $projectNameOut . " "; } } else { $this->getOutput()->setPagetitle($this->msg('openstackmanager-noownedprojects')); } if ($instanceCount) { $out .= Html::rawElement('h1', array(), $this->msg('openstackmanager-ownedinstances', $instanceCount)->text()); $out .= $instanceOut; } else { $out .= Html::rawElement('h1', array(), $this->msg('openstackmanager-noownedinstances')->text()); } $this->getOutput()->addHTML($out); }
public function execute() { global $wgAuth; global $wgOpenStackManagerLDAPUsername; global $wgOpenStackManagerLDAPUserPassword; $user = new OpenStackNovaUser($wgOpenStackManagerLDAPUsername); $userNova = OpenStackNovaController::newFromUser($user); $projects = OpenStackNovaProject::getAllProjects(); # HACK (please fix): Keystone doesn't deliver services and endpoints unless # a project token is returned, so we need to feed it a project. Ideally this # should be configurable, and not hardcoded like this. $userNova->setProject('bastion'); $userNova->authenticate($wgOpenStackManagerLDAPUsername, $wgOpenStackManagerLDAPUserPassword); $regions = $userNova->getRegions('compute'); foreach ($regions as $region) { $this->output("Running region: " . $region . "\n"); foreach ($projects as $project) { $projectName = $project->getProjectName(); $this->output("Running project: " . $projectName . "\n"); $userNova->setProject($projectName); $userNova->setRegion($region); $instances = $userNova->getInstances(); if (!$instances) { $wgAuth->printDebug("No instance, continuing", NONSENSITIVE); continue; } foreach ($instances as $instance) { $host = $instance->getHost(); if (!$host) { $this->output("Skipping instance due to missing host entry: " . $instance->getInstanceId() . "\n"); continue; } $this->output("Renaming instance: " . $instance->getInstanceId() . "\n"); $ot = Title::newFromText($instance->getInstanceId(), NS_NOVA_RESOURCE); $nt = Title::newFromText($host->getFullyQualifiedHostName(), NS_NOVA_RESOURCE); $ot->moveTo($nt, false, 'Maintenance script move from id to fqdn.'); } } } $this->output("Done.\n"); }
public function execute() { global $wgOpenStackManagerLDAPUsername; $user = new OpenStackNovaUser($wgOpenStackManagerLDAPUsername); $projects = OpenStackNovaProject::getAllProjects(); $failedSync = false; $attempt_count = 0; $synced_count = 0; $failed_count = 0; /** * @var $project OpenStackNovaProject */ foreach ($projects as $project) { // actually load the project info from ldap // (getAllProjects() doesn't do this) $project->fetchProjectInfo(); $projectName = $project->getProjectName(); $retval = $project->syncProjectGroupMembers(); $attempt_count++; // -1: failure // 0: no change // 1: successful sync if ($retval != 0) { $this->output(($retval ? "Succeeded" : "Failed") . " syncing members for project {$projectName} and group " . $project->projectGroup->getProjectGroupName()); if ($retval < 0) { $failedSync = true; $failed_count++; } else { $synced_count++; } } // echo "\nproject member DNs:\n"; // print_r( $project->getMemberDNs() ); // echo "\nproject group member DNs:\n"; // print_r( $projectGroup->getMemberDNs() ); } $this->output("{$attempt_count} project groups were synced, {$synced_count} changed, {$failed_count} failed.\n"); $this->output("Done.\n"); // return true if there were no failed syncs return !$failedSync; }
function execute() { $this->params = $this->extractRequestParams(); switch ($this->params['subaction']) { case 'getservicegroups': $project = OpenStackNovaProject::getProjectByName($this->params['project']); $project->fetchServiceGroups(); $serviceGroups = $project->getServiceGroups(); $data = array(); foreach ($serviceGroups as $serviceGroup) { $serviceGroupName = $serviceGroup->getGroupName(); if ($this->params['shellmembers']) { $data[$serviceGroupName]['members'] = $serviceGroup->getUidMembers(); } else { $data[$serviceGroupName]['members'] = $serviceGroup->getMembers(); } $this->getResult()->setIndexedTagName($data[$serviceGroupName]['members'], 'member'); } $this->getResult()->addValue(null, $this->getModuleName(), $data); break; } }
/** * @param $formData * @param string $entryPoint * @return bool */ function tryConfigureProjectSubmit($formData, $entryPoint = 'internal') { $project = OpenStackNovaProject::getProjectByName($formData['projectname']); if (!$project) { $this->getOutput()->addWikiMsg('openstackmanager-nonexistentproject'); return true; } $vols = array(); if ($formData['homedirs']) { $vols[] = "home"; } if ($formData['storage']) { $vols[] = "project"; } $homedirPattern = $formData['serviceuserhome']; if ($project->setVolumeSettings($vols) && $project->setServiceGroupHomedirPattern($homedirPattern)) { $this->getOutput()->addWikiMsg('openstackmanager-configureproject-success'); } else { $this->getOutput()->addWikiMsg('openstackmanager-configureproject-failed'); } $out = Linker::link($this->getPageTitle(), $this->msg('openstackmanager-backprojectlist')->escaped()); $this->getOutput()->addHTML($out); return true; }
/** * @return bool */ function listSecurityGroups() { $this->setHeaders(); $this->getOutput()->addModuleStyles('ext.openstack'); $this->getOutput()->setPagetitle($this->msg('openstackmanager-securitygrouplist')); if ($this->userCanExecute($this->getUser())) { $projects = OpenStackNovaProject::getAllProjects(); } else { $projects = OpenStackNovaProject::getProjectsByName($this->userLDAP->getProjects()); } $this->showProjectFilter($projects); $projectfilter = $this->getProjectFilter(); if (!$projectfilter) { $this->getOutput()->addWikiMsg('openstackmanager-setprojectfilter'); return null; } $out = ''; foreach ($projects as $project) { $projectName = $project->getProjectName(); if (!in_array($projectName, $projectfilter)) { continue; } $projectactions = array('projectadmin' => array()); $regions = ''; $this->userNova->setProject($projectName); foreach ($this->userNova->getRegions('compute') as $region) { $this->userNova->setRegion($region); $regionactions = array('projectadmin' => array($this->createActionLink('openstackmanager-createnewsecuritygroup', array('action' => 'create', 'project' => $projectName, 'region' => $region)))); $securityGroups = $this->getSecurityGroups($projectName, $region); $regions .= $this->createRegionSection($region, $projectName, $regionactions, $securityGroups); } $out .= $this->createProjectSection($projectName, $projectactions, $regions); } $this->getOutput()->addHTML($out); return true; }
public function getAllowedParams() { return array('project' => array(ApiBase::PARAM_TYPE => OpenStackNovaProject::getAllProjectNames(), ApiBase::PARAM_REQUIRED => true), 'region' => array(ApiBase::PARAM_TYPE => $this->getRegions(), ApiBase::PARAM_REQUIRED => true)); }
/** * Deletes a sudo policy based on the policy name. * * @static * @param $sudoername * @param $projectName * @return bool */ static function deleteSudoer($sudoername, $projectName) { global $wgAuth; global $wgMemc; OpenStackNovaLdapConnection::connect(); $project = OpenStackNovaProject::getProjectByName($projectName); $sudoer = new OpenStackNovaSudoer($sudoername, $project); if (!$sudoer) { $wgAuth->printDebug("Sudoer {$sudoername} does not exist", NONSENSITIVE); return false; } $dn = $sudoer->sudoerDN; $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $dn); if ($success) { $wgAuth->printDebug("Successfully deleted sudoer {$sudoername}", NONSENSITIVE); $key = wfMemcKey('openstackmanager', 'sudoerinfo', $projectName . $sudoername); $wgMemc->delete($key); return true; } else { $wgAuth->printDebug("Failed to delete sudoer {$sudoername}", NONSENSITIVE); return false; } }
/** * Default action * @return void */ function listInstances() { global $wgOpenStackManagerReadOnlyRegions; $this->setHeaders(); $this->getOutput()->addModules('ext.openstack.Instance'); $this->getOutput()->setPagetitle($this->msg('openstackmanager-instancelist')); if ($this->getUser()->isAllowed('listall')) { $projects = OpenStackNovaProject::getAllProjects(); } else { $projects = OpenStackNovaProject::getProjectsByName($this->userLDAP->getProjects()); } $this->showProjectFilter($projects); $projectfilter = $this->getProjectFilter(); if (!$projectfilter) { $this->getOutput()->addWikiMsg('openstackmanager-setprojectfilter'); return null; } $out = ''; foreach ($projects as $project) { $projectName = $project->getProjectName(); if (!in_array($projectName, $projectfilter)) { continue; } $projectactions = array('projectadmin' => array()); $regions = ''; $this->userNova->setProject($projectName); foreach ($this->userNova->getRegions('compute') as $region) { if (in_array($region, $wgOpenStackManagerReadOnlyRegions)) { $regionactions = array('projectadmin' => array($this->msg('openstackmanager-creationdisabled'))); } else { $regionactions = array('projectadmin' => array($this->createActionLink('openstackmanager-createinstance', array('action' => 'create', 'project' => $projectName, 'region' => $region)))); } $instances = $this->getInstances($projectName, $region); $regions .= $this->createRegionSection($region, $projectName, $regionactions, $instances); } $out .= $this->createProjectSection($projectName, $projectactions, $regions); } $this->getOutput()->addHTML($out); }
/** * @param $role * @param string $projectname * @return bool */ function inRole( $role, $projectname='', $strict=false ) { global $wgAuth; global $wgOpenStackManagerLDAPRolesIntersect; if ( $this->inGlobalRole( $role ) ) { # If roles intersect, or we wish to explicitly check # project role, we can't return here. if ( !$wgOpenStackManagerLDAPRolesIntersect && !$strict ) { return true; } } else { if ( $wgOpenStackManagerLDAPRolesIntersect ) { return false; } } if ( $projectname ) { # Check project specific role $project = OpenStackNovaProject::getProjectByName( $projectname ); if ( ! $project ) { return false; } $filter = "(&(cn=$role)(member=$this->userDN))"; $result = LdapAuthenticationPlugin::ldap_search( $wgAuth->ldapconn, $project->projectDN, $filter ); if ( $result ) { $entries = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result ); if ( $entries ) { if ( $entries['count'] == "0" ) { $wgAuth->printDebug( "Couldn't find the user in role: $role", NONSENSITIVE ); return false; } else { return true; } } else { return false; } } else { return false; } } return false; }
/** * @param $formData * @param string $entryPoint * @return bool */ function tryDeleteMemberSubmit( $formData, $entryPoint = 'internal' ) { $project = OpenStackNovaProject::getProjectByName( $formData['projectname'] ); if ( ! $project ) { $this->getOutput()->addWikiMsg( 'openstackmanager-nonexistentproject' ); return true; } foreach ( $formData['members'] as $member ) { $success = $project->deleteMember( $member ); if ( $success ) { $project->editArticle(); $this->getOutput()->addWikiMsg( 'openstackmanager-removedfrom', $member, $formData['projectname'] ); } else { $this->getOutput()->addWikiMsg( 'openstackmanager-failedtoremove', $member, $formData['projectname'] ); } } $out = '<br />'; $out .= Linker::link( $this->getTitle(), wfMsgHtml( 'openstackmanager-backprojectlist' ) ); $this->getOutput()->addHTML( $out ); return true; }
public static function removeUserFromBastionProject($user, &$group) { global $wgOpenStackManagerRemoveUserFromBastionProjectOnShellDisable; global $wgOpenStackManagerRemoveUserFromAllProjectsOnShellDisable; global $wgOpenStackManagerBastionProjectName; // Check whether after removing the group the user would still // have the loginviashell permission. foreach ($user->getEffectiveGroups() as $g) { // Ignore the group that will be removed. if ($g === $group) { continue; } // If the user still has the loginviashell permission, we // can immediately return. if (User::groupHasPermission($g, 'loginviashell')) { return true; } } // At this point we know that the user will not have the // loginviashell permission after the group is removed so we // can remove him from the bastion projects if the // configuration requires that. $username = $user->getName(); if ($wgOpenStackManagerRemoveUserFromAllProjectsOnShellDisable) { // Get a users projects $userLDAP = new OpenStackNovaUser($username); foreach ($userLDAP->getProjects() as $projectName) { // Remove the user from the project $project = new OpenStackNovaProject($projectName); $project->deleteMember($username); } } elseif ($wgOpenStackManagerRemoveUserFromBastionProjectOnShellDisable) { // Remove the user from the bastion project $project = new OpenStackNovaProject($wgOpenStackManagerBastionProjectName); if (in_array($username, $project->getMembers())) { $project->deleteMember($username); } } return true; }
/** * @param $formData * @param string $entryPoint * @return bool */ function tryRemoveServiceGroupSubmit($formData, $entryPoint = 'internal') { $project = OpenStackNovaProject::getProjectByName($formData['projectname']); $success = $project->deleteServiceGroup($formData['groupname'], $project); if ($success) { $this->getOutput()->addWikiMsg('openstackmanager-removedservicegroup'); } else { $this->getOutput()->addWikiMsg('openstackmanager-removeservicegroupfailed'); } $out = '<br />'; $out .= Linker::link($this->getPageTitle(), $this->msg('openstackmanager-backservicegrouplist')->escaped()); $this->getOutput()->addHTML($out); return true; }
/** * @param $formData * @param string $entryPoint * @return bool */ function tryModifySubmit($formData, $entryPoint = 'internal') { $sudoer = OpenStackNovaSudoer::getSudoerByName($formData['sudoername'], $formData['project']); if ($sudoer) { if ($formData['commands']) { $commands = explode("\n", $formData['commands']); } else { $commands = array(); } if ($formData['options']) { $options = explode("\n", $formData['options']); } else { $options = array(); } if ($formData['requirepassword']) { $options[] = 'authenticate'; } else { $options[] = '!authenticate'; } $projectName = $formData['project']; $project = OpenStackNovaProject::getProjectByName($projectName); $projectuids = $project->getMemberUids(); $projectserviceusers = $project->getServiceUsers(); $projectGroup = "%" . $project->getProjectGroup()->getProjectGroupName(); $users = $this->removeALLFromUserKeys($formData['users']); $formerusers = $sudoer->getSudoerUsers(); foreach ($formerusers as $candidate) { # Anything in this list that isn't a user or ALL # wasn't exposed to user selection so needs to stay. if ($candidate != $projectGroup) { if (!in_array($candidate, $projectuids) && !in_array($candidate, $projectserviceusers)) { $users[] = $candidate; } } } $runasusers = $this->removeALLFromRunAsUserKeys($formData['runas']); foreach ($sudoer->getSudoerRunAsUsers() as $candidate) { if ($candidate != $projectGroup && $candidate != 'ALL') { if (!in_array($candidate, $projectuids) && !in_array($candidate, $projectserviceusers)) { $runasusers[] = $candidate; } } } $success = $sudoer->modifySudoer($users, $runasusers, $commands, $options); if (!$success) { $this->getOutput()->addWikiMsg('openstackmanager-modifysudoerfailed'); return true; } $this->getOutput()->addWikiMsg('openstackmanager-modifiedsudoer'); } else { $this->getOutput()->addWikiMsg('openstackmanager-nonexistantsudoer'); } $out = '<br />'; $out .= Linker::link($this->getPageTitle(), $this->msg('openstackmanager-backsudoerlist')->escaped()); $this->getOutput()->addHTML($out); return true; }
/** * Define who gets notifications for an event. * * @param $event EchoEvent to get implicitly subscribed users for * @param &$users array to append implicitly subscribed users to. * @return bool true in all cases */ function efOpenStackGetDefaultNotifiedUsers($event, &$users) { if ($event->getType() == 'osm-instance-build-completed' || $event->getType() == 'osm-instance-deleted') { $extra = $event->getExtra(); foreach (OpenStackNovaProject::getProjectByName($extra['projectName'])->getRoles() as $role) { if ($role->getRoleName() == 'projectadmin') { foreach ($role->getMembers() as $roleMember) { $roleMemberUser = User::newFromName($roleMember); $users[$roleMemberUser->getId()] = $roleMemberUser; } } } } elseif ($event->getType() == 'osm-instance-reboot-completed') { // Only notify the person who initiated the reboot. $users[$event->getAgent()->getId()] = $event->getAgent(); } elseif ($event->getType() == 'osm-projectmembers-add') { $extra = $event->getExtra(); $users[$extra['userAdded']] = User::newFromId($extra['userAdded']); } unset($users[0]); return true; }
/** * @return void */ function listPuppetGroups() { $this->setHeaders(); $this->getOutput()->setPagetitle($this->msg('openstackmanager-puppetgrouplist')); $this->getOutput()->addModuleStyles('ext.openstack'); if ($this->getUser()->isAllowed('listall')) { $projects = OpenStackNovaProject::getAllProjects(); } else { $projects = OpenStackNovaProject::getProjectsByName($this->userLDAP->getProjects()); } $this->showProjectFilter($projects); $projectfilter = $this->getProjectFilter(); if (!$projectfilter) { $this->getOutput()->addWikiMsg('openstackmanager-setprojectfilter'); return null; } $out = ''; foreach ($projects as $project) { $projectName = $project->getProjectName(); if ($projectfilter && !in_array($projectName, $projectfilter)) { continue; } $actions = array('projectadmin' => array()); $actions['projectadmin'][] = $this->createActionLink('openstackmanager-createpuppetgroup', array('action' => 'create', 'project' => $projectName)); $out .= $this->createProjectSection($projectName, $actions, $this->getPuppetGroupOutput(OpenStackNovaPuppetGroup::getGroupList($projectName))); } $action = ''; $showlinks = $this->userCanExecute($this->getUser()); if ($showlinks) { $action = $this->createActionLink('openstackmanager-createpuppetgroup', array('action' => 'create')); $action = Html::rawElement('span', array('id' => 'novaaction'), "[{$action}]"); } $allProjectsMsg = Html::rawElement('span', array('class' => 'mw-customtoggle-allprojects', 'id' => 'novaproject'), $this->msg('openstackmanager-puppetallprojects')->escaped()); $out .= Html::rawElement('h2', array(), "{$allProjectsMsg} {$action}"); $groupsOut = $this->getPuppetGroupOutput(OpenStackNovaPuppetGroup::getGroupList(), $showlinks); $out .= Html::rawElement('div', array('class' => 'mw-collapsible', 'id' => 'mw-customcollapsible-allprojects'), $groupsOut); $this->getOutput()->addHTML($out); }
public function execute() { global $wgOpenStackManagerLDAPUsername; global $wgAuth; $user = new OpenStackNovaUser($wgOpenStackManagerLDAPUsername); $projects = OpenStackNovaProject::getAllProjects(); $failedSync = false; $attempt_count = 0; $synced_count = 0; $failed_count = 0; /** * @var $project OpenStackNovaProject */ foreach ($projects as $project) { // actually load the project info from ldap // (getAllProjects() doesn't do this) $project->fetchProjectInfo(); $projectName = $project->getProjectName(); $oldServiceGroupOUDN = 'ou=groups,' . $project->getProjectDN(); $oldServiceUserOUDN = 'ou=people,' . $project->getProjectDN(); $result = LdapAuthenticationPlugin::ldap_search($wgAuth->ldapconn, $oldServiceGroupOUDN, '(objectclass=groupofnames)'); if ($result) { $this->serviceGroups = array(); $groupList = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result); if (isset($groupList)) { array_shift($groupList); foreach ($groupList as $groupEntry) { $deleteme = "cn=" . $groupEntry['cn'][0] . "," . $oldServiceGroupOUDN; print "needs deleting: " . $deleteme . "..."; $attempt_count++; $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $deleteme); if ($success) { $synced_count++; print "done.\n"; } else { $failed_count++; print "FAILED\n"; } } } } $result = LdapAuthenticationPlugin::ldap_search($wgAuth->ldapconn, $oldServiceUserOUDN, '(objectclass=person)'); if ($result) { $this->serviceGroups = array(); $groupList = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result); if (isset($groupList)) { array_shift($groupList); foreach ($groupList as $groupEntry) { $deleteme = "uid=" . $groupEntry['cn'][0] . "," . $oldServiceUserOUDN; print "user needs deleting: " . $deleteme . "..."; $attempt_count++; $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $deleteme); if ($success) { $synced_count++; print "done.\n"; } else { $failed_count++; print "FAILED\n"; } } } } $deleteme = $oldServiceGroupOUDN; print "ou needs deleting: " . $deleteme . "..."; $attempt_count++; $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $deleteme); if ($success) { $synced_count++; print "done.\n"; } else { $failed_count++; print "FAILED\n"; } $deleteme = $oldServiceUserOUDN; print "ou needs deleting: " . $deleteme . "..."; $attempt_count++; $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $deleteme); if ($success) { $synced_count++; print "done.\n"; } else { $failed_count++; print "FAILED\n"; } } $this->output("{$attempt_count} items needed cleanup. {$synced_count} removed, {$failed_count} failed.\n"); $this->output("Done.\n"); return $failed_count == 0; }
/** * @param $formData * @param string $entryPoint * @return bool */ function tryDeleteMemberSubmit( $formData, $entryPoint = 'internal' ) { $projectname = $formData['projectname']; if ( $projectname ) { $project = OpenStackNovaProject::getProjectByName( $projectname ); if ( ! $project ) { $this->getOutput()->addWikiMsg( 'openstackmanager-nonexistentproject' ); return true; } $role = OpenStackNovaRole::getProjectRoleByName( $formData['rolename'], $project ); } else { $role = OpenStackNovaRole::getGlobalRoleByName( $formData['rolename'] ); } if ( ! $role ) { $this->getOutput()->addWikiMsg( 'openstackmanager-nonexistentrole' ); return true; } foreach ( $formData['members'] as $member ) { $success = $role->deleteMember( $member ); if ( $success ) { $this->getOutput()->addWikiMsg( 'openstackmanager-removedfrom', $member, $formData['rolename'] ); } else { $this->getOutput()->addWikiMsg( 'openstackmanager-failedtoremove', $member, $formData['rolename'] ); } } $out = '<br />'; $returnto = Title::newFromText( $formData['returnto'] ); $out .= Linker::link( $returnto, wfMsgHtml( 'openstackmanager-backprojectlist' ) ); $this->getOutput()->addHTML( $out ); return true; }
/** * Deletes a project based on project name. This function will also delete all roles * associated with the project. * * @param $projectname String * @return bool */ static function deleteProject($projectname) { global $wgAuth; OpenStackNovaLdapConnection::connect(); $project = new OpenStackNovaProject($projectname); if (!$project) { return false; } $dn = $project->projectDN; # Projects can have roles as sub-entries, we need to delete them first $result = LdapAuthenticationPlugin::ldap_list($wgAuth->ldapconn, $dn, 'objectclass=*'); $roles = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result); array_shift($roles); foreach ($roles as $role) { $roledn = $role['dn']; $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $roledn); if ($success) { $wgAuth->printDebug("Successfully deleted role {$roledn}", NONSENSITIVE); } else { $wgAuth->printDebug("Failed to delete role {$roledn}", NONSENSITIVE); } } # Projects can have a separate group entry. If so, delete it now. if (OpenStackNovaProject::useProjectGroup()) { OpenStackNovaProjectGroup::deleteProjectGroup($projectname); } # Projects have a sudo OU and sudoers entries below that OU, we must delete them first $sudoers = OpenStackNovaSudoer::getAllSudoersByProject($project->getProjectName()); foreach ($sudoers as $sudoer) { $success = OpenStackNovaSudoer::deleteSudoer($sudoer->getSudoerName(), $project->getProjectName()); if ($success) { $wgAuth->printDebug("Successfully deleted sudoer " . $sudoer->getSudoerName(), NONSENSITIVE); } else { $wgAuth->printDebug("Failed to delete sudoer " . $sudoer->getSudoerName(), NONSENSITIVE); } } $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $project->getSudoersDN()); if ($success) { $wgAuth->printDebug("Successfully deleted sudoers OU " . $project->getSudoersDN(), NONSENSITIVE); } else { $wgAuth->printDebug("Failed to delete sudoers OU " . $project->getSudoersDN(), NONSENSITIVE); } # And, we need to clean up service groups. $servicegroups = $project->getServiceGroups(); foreach ($servicegroups as $group) { $groupName = $group->groupName; $success = OpenStackNovaServiceGroup::deleteServiceGroup($groupName, $project); if ($success) { $wgAuth->printDebug("Successfully deleted service group " . $groupName, NONSENSITIVE); } else { $wgAuth->printDebug("Failed to delete servie group " . $groupName, NONSENSITIVE); } } $success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $dn); if ($success) { $wgAuth->printDebug("Successfully deleted project {$projectname}", NONSENSITIVE); return true; } else { $wgAuth->printDebug("Failed to delete project {$projectname}", NONSENSITIVE); return false; } }