/**
* Deletes a sudo policy based on the policy name.
*
* @static
* @param $sudoername
* @return bool
*/
static function deleteSudoer( $sudoername ) {
global $wgAuth;
OpenStackNovaLdapConnection::connect();
$sudoer = new OpenStackNovaSudoer( $sudoername );
if ( ! $sudoer ) {
$wgAuth->printDebug( "Sudoer $sudoername does not exist", NONSENSITIVE );
return false;
}
$dn = $sudoer->sudoerDN;
$success = LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $dn );
if ( $success ) {
$wgAuth->printDebug( "Successfully deleted sudoer $sudoername", NONSENSITIVE );
return true;
} else {
$wgAuth->printDebug( "Failed to delete sudoer $sudoername", NONSENSITIVE );
return false;
}
}
/**
* Deletes a sudo policy based on the policy name.
*
* @static
* @param $sudoername
* @param $projectName
* @return bool
*/
static function deleteSudoer($sudoername, $projectName)
{
global $wgAuth;
global $wgMemc;
OpenStackNovaLdapConnection::connect();
$project = OpenStackNovaProject::getProjectByName($projectName);
$sudoer = new OpenStackNovaSudoer($sudoername, $project);
if (!$sudoer) {
$wgAuth->printDebug("Sudoer {$sudoername} does not exist", NONSENSITIVE);
return false;
}
$dn = $sudoer->sudoerDN;
$success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $dn);
if ($success) {
$wgAuth->printDebug("Successfully deleted sudoer {$sudoername}", NONSENSITIVE);
$key = wfMemcKey('openstackmanager', 'sudoerinfo', $projectName . $sudoername);
$wgMemc->delete($key);
return true;
} else {
$wgAuth->printDebug("Failed to delete sudoer {$sudoername}", NONSENSITIVE);
return false;
}
}
/**
* Deletes a project group based on project name.
*
* @param $projectname String
* @return bool
*/
static function deleteProjectGroup($projectname)
{
global $wgAuth;
global $wgOpenStackManagerLDAPProjectGroupBaseDN;
OpenStackNovaLdapConnection::connect();
$projectGroupName = self::$prefix . $projectname;
$projectGroupDN = 'cn=' . $projectGroupName . ',' . $wgOpenStackManagerLDAPProjectGroupBaseDN;
$success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $projectGroupDN);
if ($success) {
$wgAuth->printDebug("Successfully deleted project group {$projectGroupDN}", NONSENSITIVE);
} else {
$wgAuth->printDebug("Failed to delete project group {$projectGroupDN}: " . ldap_error($wgAuth->ldapconn), NONSENSITIVE);
}
return $success;
}
/**
* @static
* @param $groupName
* @param $project OpenStackNovaProject
* @return bool
*/
static function deleteServiceGroup($groupName, $project)
{
global $wgAuth;
global $wgMemc;
$group = self::getServiceGroupByName($groupName, $project);
if (!$group) {
$wgAuth->printDebug("We are trying to delete a nonexistent service group, {$groupName}", NONSENSITIVE);
return false;
}
# Delete our special member.
$success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $group->getSpecialUserDN());
if ($success) {
$wgAuth->printDebug("Successfully deleted service user {$groupName}", NONSENSITIVE);
} else {
$wgAuth->printDebug("Failed to delete service user {$groupName}", NONSENSITIVE);
return false;
}
# Now delete the group.
$success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $group->groupDN);
if ($success) {
$wgAuth->printDebug("Successfully deleted service group {$groupName}", NONSENSITIVE);
$key = wfMemcKey('openstackmanager', 'servicegroup', $groupName);
$wgMemc->delete($key);
} else {
$wgAuth->printDebug("Failed to delete service group {$groupName}", NONSENSITIVE);
return false;
}
return true;
}
/**
* Deletes a project based on project name. This function will also delete all roles
* associated with the project.
*
* @param $projectname String
* @return bool
*/
static function deleteProject($projectname)
{
global $wgAuth;
OpenStackNovaLdapConnection::connect();
$project = new OpenStackNovaProject($projectname);
if (!$project) {
return false;
}
$dn = $project->projectDN;
# Projects can have roles as sub-entries, we need to delete them first
$result = LdapAuthenticationPlugin::ldap_list($wgAuth->ldapconn, $dn, 'objectclass=*');
$roles = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result);
array_shift($roles);
foreach ($roles as $role) {
$roledn = $role['dn'];
$success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $roledn);
if ($success) {
$wgAuth->printDebug("Successfully deleted role {$roledn}", NONSENSITIVE);
} else {
$wgAuth->printDebug("Failed to delete role {$roledn}", NONSENSITIVE);
}
}
$success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $dn);
if ($success) {
$wgAuth->printDebug("Successfully deleted project {$projectname}", NONSENSITIVE);
return true;
} else {
$wgAuth->printDebug("Failed to delete project {$projectname}", NONSENSITIVE);
return false;
}
}
/**
* Delete this host
*
* @return bool
*/
function deleteHost()
{
global $wgAuth;
# Grab the domain now, before we delete the entry and it's no longer there to grab.
$domain = $this->getDomain();
$success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $this->hostDN);
if ($success) {
$domain->updateSOA();
$wgAuth->printDebug("Successfully deleted host {$this->hostDN}", NONSENSITIVE);
return true;
} else {
$wgAuth->printDebug("Failed to delete host {$this->hostDN}", NONSENSITIVE);
return false;
}
}
public function execute()
{
global $wgOpenStackManagerLDAPUsername;
global $wgAuth;
$user = new OpenStackNovaUser($wgOpenStackManagerLDAPUsername);
$projects = OpenStackNovaProject::getAllProjects();
$failedSync = false;
$attempt_count = 0;
$synced_count = 0;
$failed_count = 0;
/**
* @var $project OpenStackNovaProject
*/
foreach ($projects as $project) {
// actually load the project info from ldap
// (getAllProjects() doesn't do this)
$project->fetchProjectInfo();
$projectName = $project->getProjectName();
$oldServiceGroupOUDN = 'ou=groups,' . $project->getProjectDN();
$oldServiceUserOUDN = 'ou=people,' . $project->getProjectDN();
$result = LdapAuthenticationPlugin::ldap_search($wgAuth->ldapconn, $oldServiceGroupOUDN, '(objectclass=groupofnames)');
if ($result) {
$this->serviceGroups = array();
$groupList = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result);
if (isset($groupList)) {
array_shift($groupList);
foreach ($groupList as $groupEntry) {
$deleteme = "cn=" . $groupEntry['cn'][0] . "," . $oldServiceGroupOUDN;
print "needs deleting: " . $deleteme . "...";
$attempt_count++;
$success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $deleteme);
if ($success) {
$synced_count++;
print "done.\n";
} else {
$failed_count++;
print "FAILED\n";
}
}
}
}
$result = LdapAuthenticationPlugin::ldap_search($wgAuth->ldapconn, $oldServiceUserOUDN, '(objectclass=person)');
if ($result) {
$this->serviceGroups = array();
$groupList = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result);
if (isset($groupList)) {
array_shift($groupList);
foreach ($groupList as $groupEntry) {
$deleteme = "uid=" . $groupEntry['cn'][0] . "," . $oldServiceUserOUDN;
print "user needs deleting: " . $deleteme . "...";
$attempt_count++;
$success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $deleteme);
if ($success) {
$synced_count++;
print "done.\n";
} else {
$failed_count++;
print "FAILED\n";
}
}
}
}
$deleteme = $oldServiceGroupOUDN;
print "ou needs deleting: " . $deleteme . "...";
$attempt_count++;
$success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $deleteme);
if ($success) {
$synced_count++;
print "done.\n";
} else {
$failed_count++;
print "FAILED\n";
}
$deleteme = $oldServiceUserOUDN;
print "ou needs deleting: " . $deleteme . "...";
$attempt_count++;
$success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $deleteme);
if ($success) {
$synced_count++;
print "done.\n";
} else {
$failed_count++;
print "FAILED\n";
}
}
$this->output("{$attempt_count} items needed cleanup. {$synced_count} removed, {$failed_count} failed.\n");
$this->output("Done.\n");
return $failed_count == 0;
}
/**
* Deletes a domain based on the domain's short name. Will fail to
* delete the domain if any host entries still exist in the domain.
*
* @static
* @param $domainname
* @return bool
*/
static function deleteDomain( $domainname ) {
global $wgAuth;
OpenStackNovaLdapConnection::connect();
$domain = new OpenStackNovaDomain( $domainname );
if ( ! $domain ) {
$wgAuth->printDebug( "Domain $domainname does not exist", NONSENSITIVE );
return false;
}
$dn = $domain->domainDN;
# Domains can have records as sub entries. If sub-entries exist, fail.
$result = LdapAuthenticationPlugin::ldap_list( $wgAuth->ldapconn, $dn, 'objectclass=*' );
$hosts = LdapAuthenticationPlugin::ldap_get_entries( $wgAuth->ldapconn, $result );
if ( $hosts['count'] != "0" ) {
$wgAuth->printDebug( "Failed to delete domain $domainname, since it had sub entries", NONSENSITIVE );
return false;
}
$success = LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $dn );
if ( $success ) {
$wgAuth->printDebug( "Successfully deleted domain $domainname", NONSENSITIVE );
return true;
} else {
$wgAuth->printDebug( "Failed to delete domain $domainname, since it had sub entries", NONSENSITIVE );
return false;
}
}
/**
* Deletes a host based on its instanceid.
*
* @static
* @param $instanceid
* @return bool
*/
static function deleteHostByInstanceId( $instanceid ) {
global $wgAuth;
OpenStackNovaLdapConnection::connect();
$host = OpenStackNovaHost::getHostByInstanceId( $instanceid );
if ( ! $host ) {
$wgAuth->printDebug( "Failed to delete host $instanceid as the DNS entry does not exist", NONSENSITIVE );
return false;
}
$dn = $host->hostDN;
$domain = $host->getDomain();
$success = LdapAuthenticationPlugin::ldap_delete( $wgAuth->ldapconn, $dn );
if ( $success ) {
$domain->updateSOA();
$wgAuth->printDebug( "Successfully deleted host $instanceid", NONSENSITIVE );
return true;
} else {
$wgAuth->printDebug( "Failed to delete host $instanceid", NONSENSITIVE );
return false;
}
}
/**
* Deletes a project based on project name. This function will also delete all roles
* associated with the project.
*
* @param $projectname String
* @return bool
*/
static function deleteProject($projectname)
{
global $wgAuth;
OpenStackNovaLdapConnection::connect();
$project = new OpenStackNovaProject($projectname);
if (!$project) {
return false;
}
$dn = $project->projectDN;
# Projects can have roles as sub-entries, we need to delete them first
$result = LdapAuthenticationPlugin::ldap_list($wgAuth->ldapconn, $dn, 'objectclass=*');
$roles = LdapAuthenticationPlugin::ldap_get_entries($wgAuth->ldapconn, $result);
array_shift($roles);
foreach ($roles as $role) {
$roledn = $role['dn'];
$success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $roledn);
if ($success) {
$wgAuth->printDebug("Successfully deleted role {$roledn}", NONSENSITIVE);
} else {
$wgAuth->printDebug("Failed to delete role {$roledn}", NONSENSITIVE);
}
}
# Projects can have a separate group entry. If so, delete it now.
if (OpenStackNovaProject::useProjectGroup()) {
OpenStackNovaProjectGroup::deleteProjectGroup($projectname);
}
# Projects have a sudo OU and sudoers entries below that OU, we must delete them first
$sudoers = OpenStackNovaSudoer::getAllSudoersByProject($project->getProjectName());
foreach ($sudoers as $sudoer) {
$success = OpenStackNovaSudoer::deleteSudoer($sudoer->getSudoerName(), $project->getProjectName());
if ($success) {
$wgAuth->printDebug("Successfully deleted sudoer " . $sudoer->getSudoerName(), NONSENSITIVE);
} else {
$wgAuth->printDebug("Failed to delete sudoer " . $sudoer->getSudoerName(), NONSENSITIVE);
}
}
$success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $project->getSudoersDN());
if ($success) {
$wgAuth->printDebug("Successfully deleted sudoers OU " . $project->getSudoersDN(), NONSENSITIVE);
} else {
$wgAuth->printDebug("Failed to delete sudoers OU " . $project->getSudoersDN(), NONSENSITIVE);
}
# And, we need to clean up service groups.
$servicegroups = $project->getServiceGroups();
foreach ($servicegroups as $group) {
$groupName = $group->groupName;
$success = OpenStackNovaServiceGroup::deleteServiceGroup($groupName, $project);
if ($success) {
$wgAuth->printDebug("Successfully deleted service group " . $groupName, NONSENSITIVE);
} else {
$wgAuth->printDebug("Failed to delete servie group " . $groupName, NONSENSITIVE);
}
}
$success = LdapAuthenticationPlugin::ldap_delete($wgAuth->ldapconn, $dn);
if ($success) {
$wgAuth->printDebug("Successfully deleted project {$projectname}", NONSENSITIVE);
return true;
} else {
$wgAuth->printDebug("Failed to delete project {$projectname}", NONSENSITIVE);
return false;
}
}
