Merge branch 'feat-group-manager' into 'main'

Feat group manager See merge request !146

Merge branch 'feat-group-manager' into 'main'
Feat group manager See merge request !146
7be16cf2 · Bo-Chun Chen · fa1c31be · d73303a2 · 7be16cf2 · 7be16cf2
Commit 7be16cf2 authored 9 months ago by Bo-Chun Chen
--- a/group_manager.py
+++ b/group_manager.py
+#!/usr/bin/env python3
+import argparse
+import grp
+import json
+import pika
+import pwd
+import rabbit_config as rcfg
+import sys
+import uuid
+from rc_rmq import RCRMQ
+from rc_util import get_caller_info, timeout
+
+
+# Instantiate rabbitmq object
+rc_rmq = RCRMQ({"exchange": rcfg.Exchange, "exchange_type": "topic"})
+
+
+def user_exists(username):
+    try:
+        pwd.getpwnam(username)
+    except KeyError:
+        return False
+    return True
+
+
+def group_exists(groupname):
+    try:
+        grp.getgrnam(groupname)
+    except KeyError:
+        return False
+    return True
+
+
+@timeout(rcfg.Function_timeout)
+def manage_group(op, usernames, groupname, debug=False):
+    callback_queue = rc_rmq.bind_queue(exclusive=True)
+    rpc_queue = f"group_member.{op}"
+    corr_id = str(uuid.uuid4())
+    status = dict.fromkeys(usernames, False)
+    response = 0
+
+    interface = "CLI"
+    executed_by, host = get_caller_info()
+
+    def handler(ch, method, properties, body):
+        if debug:
+            print("Message received:")
+            print(body)
+
+        nonlocal corr_id
+        nonlocal status
+        nonlocal response
+        msg = json.loads(body)
+        username = msg["username"]
+
+        if properties.correlation_id == corr_id:
+            status[username] = msg["success"]
+            response += 1
+            if not msg["success"]:
+                print(f"{username}: Something's wrong, please try again.")
+
+        if len(status) == response:
+            rc_rmq.stop_consume()
+            rc_rmq.disconnect()
+
+    if debug:
+        print(f"Adding user(s) {', '.join(usernames)} to group {groupname}")
+        print(f"Callback queue: {callback_queue}, correlation_id: {corr_id}")
+
+    for user in usernames:
+        rc_rmq.publish_msg(
+            {
+                "routing_key": rpc_queue,
+                "props": pika.BasicProperties(
+                    correlation_id=corr_id, reply_to=callback_queue
+                ),
+                "msg": {
+                    "groups": {f"{op}": [f"{groupname}"]},
+                    "username": user,
+                    "host": host,
+                    "executed_by": executed_by,
+                    "interface": interface,
+                },
+            }
+        )
+
+    rc_rmq.start_consume(
+        {
+            "queue": callback_queue,
+            "exclusive": True,
+            "bind": False,
+            "cb": handler,
+        }
+    )
+
+    print("Done")
+
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(description="Group management script")
+    parser.add_argument("--debug", action="store_true", help="Debug mode")
+    parser.add_argument(
+        "-d",
+        "--delete",
+        action="store_true",
+        help="Delete the user(s) from the group",
+    )
+    parser.add_argument(
+        "-g", "--group", required=True, help="The Group to add the user(s)"
+    )
+    parser.add_argument(
+        "users",
+        metavar="USER",
+        nargs="+",
+        help="User(s) to be add to the group",
+    )
+    args = parser.parse_args()
+
+    exist_users = []
+    miss = False
+
+    # Check if all of the users exist
+    for user in args.users:
+        if not user_exists(user):
+            print(f"{user} does not exist.", file=sys.stderr)
+            miss = True
+        else:
+            exist_users.append(user)
+
+    # Check if the group exists
+    if not group_exists(args.group):
+        print(f"{args.group} does not exist.", file=sys.stderr)
+        miss = True
+
+    if miss:
+        print("A user and/or group does not exist.", file=sys.stderr)
+        print("Abort.", file=sys.stderr)
+        exit(1)
+
+    elif exist_users:
+        op = "remove" if args.delete else "add"
+        manage_group(op, exist_users, args.group, args.debug)
+    else:
+        print("No user to change", file=sys.stderr)
+        print("Abort.", file=sys.stderr)
+        sys.exit(1)
--- a/prod_rmq_agents/group_member.py
+++ b/prod_rmq_agents/group_member.py
 #!/usr/bin/env python
-import os
+import dataset
 import json
 import pika
 import shlex
 import rc_util
-from subprocess import Popen,PIPE
-from pathlib import Path
+from datetime import datetime
+from subprocess import Popen, PIPE
 from rc_rmq import RCRMQ
 import rabbit_config as rcfg

@@ -14,85 +14,142 @@ task = "group_member"
 args = rc_util.get_args()
 logger = rc_util.get_logger(args)

+# Initialize db
+db = dataset.connect(f"sqlite:///{rcfg.db_path}/user_reg.db")
+table = db["groups"]
+
 # Instantiate rabbitmq object
 rc_rmq = RCRMQ({"exchange": rcfg.Exchange, "exchange_type": "topic"})


+def insert_db(operation, groupname, msg):
+    if operation == "remove":
+        op = 0
+    elif operation == "add":
+        op = 1
+
+    # SQL insert
+    table.insert(
+        {
+            "user": msg["username"],
+            "group": groupname,
+            "operation": op,
+            "date": datetime.now(),
+            "host": msg["host"],
+            "executed_by": msg["executed_by"],
+            "interface": msg["interface"],
+        }
+    )
+
+
 def group_member(ch, method, properties, body):
+    """
+    Properties:
+      correlation_id (str): The UUID for the request.
+      reply_to       (str): The RabbitMQ queue name for reply to send to.
+
+    Message(body):
+      username    (str): The user to be added/removed from groups.
+      groups     (dict): A dictionary with `add` or `remove` key.
+        add      (list): A list of groups to be added for the user.
+        remove   (list): A list of groups to be removed for the user.
+      executed_by (str): The user who request the change.
+      host        (str): Hostname where the request comes from.
+      interface   (str): whether it's from CLI or WebUI.
+
+    Returns:
+      status (bool): Whether or not the operation executed successfully.
+      errmsg  (str): Detailed error message if operation failed.
+      task    (str): The task name of the agent who handle the message.
+    """
    msg = json.loads(body)
    username = msg["username"]
-    action = msg["action"]
    msg["task"] = task
-    state = msg["state"]

    try:
-        if 'remove' in msg["groups"]:
+        if "remove" in msg["groups"]:
            for each_group in msg["groups"]["remove"]:
-                logger.debug(f'Removing user {username} from group {each_group}')
+                logger.debug(
+                    f"Removing user {username} from group {each_group}"
+                )
                if str(rcfg.bright_cm_version).split(".")[0] == "8":
-                    grp_remove_user_cmd = f'/cm/local/apps/cmd/bin/cmsh -n -c "group; removefrom {each_group} groupmembers {username}; commit;"'
+                    grp_remove_user_cmd = (
+                        '/cm/local/apps/cmd/bin/cmsh -n -c "group; removefrom'
+                        f' {each_group} groupmembers {username}; commit;"'
+                    )
                else:
-                    grp_remove_user_cmd = f'/cm/local/apps/cmd/bin/cmsh -n -c "group; removefrom {each_group} members {username}; commit;"'
-
-                logger.info(f'Running command: {grp_remove_user_cmd}')
-                proc = Popen(shlex.split(grp_remove_user_cmd), stdout=PIPE, stderr=PIPE)
-                out,err = proc.communicate()
-                logger.debug(f'Result: {err}')
-                logger.info(f'User {username} is removed from {each_group} group')
-
-        if 'add' in msg["groups"]:
+                    grp_remove_user_cmd = (
+                        '/cm/local/apps/cmd/bin/cmsh -n -c "group; removefrom'
+                        f' {each_group} members {username}; commit;"'
+                    )
+
+                logger.info(f"Running command: {grp_remove_user_cmd}")
+                proc = Popen(
+                    shlex.split(grp_remove_user_cmd), stdout=PIPE, stderr=PIPE
+                )
+                out, err = proc.communicate()
+                logger.debug(f"Result: {err}")
+                logger.info(
+                    f"User {username} is removed from {each_group} group"
+                )
+                insert_db("remove", each_group, msg)
+
+        if "add" in msg["groups"]:
            for each_group in msg["groups"]["add"]:
-                logger.debug(f'Adding user {username} to group {each_group}')
+                logger.debug(f"Adding user {username} to group {each_group}")
                if str(rcfg.bright_cm_version).split(".")[0] == "8":
-                    grp_add_user_cmd = f'/cm/local/apps/cmd/bin/cmsh -n -c "group; append {each_group} groupmembers {username}; commit;"'
+                    grp_add_user_cmd = (
+                        '/cm/local/apps/cmd/bin/cmsh -n -c "group; append'
+                        f' {each_group} groupmembers {username}; commit;"'
+                    )
                else:
-                    grp_add_user_cmd = f'/cm/local/apps/cmd/bin/cmsh -n -c "group; append {each_group} members {username}; commit;"'
-
-                logger.info(f'Running command: {grp_add_user_cmd}')
-                proc = Popen(shlex.split(grp_add_user_cmd), stdout=PIPE, stderr=PIPE)
-                out,err = proc.communicate()
-                logger.debug(f'Result: {err}')
-                logger.info(f'User {username} is added to {each_group} group')
-
+                    grp_add_user_cmd = (
+                        '/cm/local/apps/cmd/bin/cmsh -n -c "group; append'
+                        f' {each_group} members {username}; commit;"'
+                    )
+
+                logger.info(f"Running command: {grp_add_user_cmd}")
+                proc = Popen(
+                    shlex.split(grp_add_user_cmd), stdout=PIPE, stderr=PIPE
+                )
+                out, err = proc.communicate()
+                logger.debug(f"Result: {err}")
+                logger.info(f"User {username} is added to {each_group} group")
+                insert_db("add", each_group, msg)

        msg["success"] = True

    except Exception:
        msg["success"] = False
-        msg["errmsg"] = "Exception raised, while adding user to group {groupname}, check the logs for stack trace"
+        msg["errmsg"] = (
+            "Exception raised, while adding user to group {groupname}, check"
+            " the logs for stack trace"
+        )
        logger.error("", exc_info=True)

-
    corr_id = properties.correlation_id
    reply_to = properties.reply_to

-    logger.debug(f'corr_id: {corr_id} \n reply_to: {reply_to}')
+    logger.debug(f"corr_id: {corr_id} \n reply_to: {reply_to}")
    # send response to the callback queue
    if reply_to:
        props = pika.BasicProperties(correlation_id=corr_id)
        logger.debug("Sending confirmation back to reply_to")
        rc_rmq.publish_msg(
-            {
-             "routing_key": reply_to,
-             "props": props,
-             "msg": msg
-            }
+            {"routing_key": reply_to, "props": props, "msg": msg}
        )
    else:
        print("Error: no reply_to")

-    logger.debug(f'User {username} confirmation sent from {task}')
+    logger.debug(f"User {username} confirmation sent from {task}")

    ch.basic_ack(delivery_tag=method.delivery_tag)


 logger.info(f"Start listening to queue: {task}")
-rc_rmq.bind_queue(queue=task, routing_key='group_member.*', durable=True)
+rc_rmq.bind_queue(queue=task, routing_key="group_member.*", durable=True)

-rc_rmq.start_consume(
-    {"queue": task, "cb": group_member}
-)
+rc_rmq.start_consume({"queue": task, "cb": group_member})

 logger.info("Disconnected")
-rc_rmq.disconnect()      
-
+rc_rmq.disconnect()