Merge branch 'master' into 69-show-groups
continuous-integration/drone/pr Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
This commit is contained in:
commit
2b592dae53
|
@ -9,6 +9,8 @@ Make sure your GPG key is in /srv/debian/gpg on potassium-benzoate. See
|
||||||
[here](https://wiki.csclub.uwaterloo.ca/Debian_Repository#Step_1:_Add_to_Uploaders)
|
[here](https://wiki.csclub.uwaterloo.ca/Debian_Repository#Step_1:_Add_to_Uploaders)
|
||||||
for instructions.
|
for instructions.
|
||||||
|
|
||||||
|
Make sure you are in the `csc-mirror` group too.
|
||||||
|
|
||||||
## Creating the package
|
## Creating the package
|
||||||
Use Docker/Podman to avoid screwing up your main system.
|
Use Docker/Podman to avoid screwing up your main system.
|
||||||
For example, to create a package for bullseye (replace `podman` with `docker` in all instances below if you're using Docker):
|
For example, to create a package for bullseye (replace `podman` with `docker` in all instances below if you're using Docker):
|
||||||
|
@ -58,7 +60,7 @@ podman cp pyceo-packaging:/home/max/repos/pyceo.tar.gz .
|
||||||
(Replace `/home/max/repos` by the directory in the container with the tarball.)
|
(Replace `/home/max/repos` by the directory in the container with the tarball.)
|
||||||
Now upload the tarball to a CSC machine, e.g.
|
Now upload the tarball to a CSC machine, e.g.
|
||||||
```
|
```
|
||||||
scp pyceo.tar.gz mannitol:~/
|
scp pyceo.tar.gz mannitol:~
|
||||||
```
|
```
|
||||||
SSH into that machine and extract the tarball into a separate directory:
|
SSH into that machine and extract the tarball into a separate directory:
|
||||||
```
|
```
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
1.0.23
|
1.0.24
|
||||||
|
|
|
@ -6,7 +6,7 @@ from requests_gssapi import HTTPSPNEGOAuth
|
||||||
from zope import component
|
from zope import component
|
||||||
from zope.interface import implementer
|
from zope.interface import implementer
|
||||||
|
|
||||||
from ceo_common.interfaces import IConfig, IHTTPClient
|
from ceo_common.interfaces import IConfig, IHTTPClient, IKerberosService
|
||||||
|
|
||||||
|
|
||||||
@implementer(IHTTPClient)
|
@implementer(IHTTPClient)
|
||||||
|
@ -40,10 +40,18 @@ class HTTPClient:
|
||||||
'opportunistic_auth': True,
|
'opportunistic_auth': True,
|
||||||
'target_name': gssapi.Name('ceod/' + host),
|
'target_name': gssapi.Name('ceod/' + host),
|
||||||
}
|
}
|
||||||
if flask.has_request_context() and 'client_token' in g:
|
if flask.has_request_context():
|
||||||
# This is reached when we are the server and the client has
|
# This is reached when we are the server and the client has
|
||||||
# forwarded their credentials to us.
|
# forwarded their credentials to us.
|
||||||
spnego_kwargs['creds'] = gssapi.Credentials(token=g.client_token)
|
token = None
|
||||||
|
if g.get('need_admin_creds', False):
|
||||||
|
# Some Kerberos bindings in some programming languages can't
|
||||||
|
# perform delegation, so use the admin creds here.
|
||||||
|
token = component.getUtility(IKerberosService).get_admin_creds_token()
|
||||||
|
elif 'client_token' in g:
|
||||||
|
token = g.client_token
|
||||||
|
if token is not None:
|
||||||
|
spnego_kwargs['creds'] = gssapi.Credentials(token=token)
|
||||||
elif delegate:
|
elif delegate:
|
||||||
# This is reached when we are the client and we want to
|
# This is reached when we are the client and we want to
|
||||||
# forward our credentials to the server.
|
# forward our credentials to the server.
|
||||||
|
|
|
@ -316,12 +316,12 @@ class LDAPService:
|
||||||
self,
|
self,
|
||||||
dry_run: bool = False,
|
dry_run: bool = False,
|
||||||
members: Union[List[str], None] = None,
|
members: Union[List[str], None] = None,
|
||||||
uwldap_batch_size: int = 10,
|
uwldap_batch_size: int = 100,
|
||||||
):
|
):
|
||||||
if members:
|
if members:
|
||||||
filter = '(|' + ''.join([f'(uid={uid})' for uid in members]) + ')'
|
filter = '(|' + ''.join([f'(uid={uid})' for uid in members]) + ')'
|
||||||
else:
|
else:
|
||||||
filter = '(objectClass=*)'
|
filter = '(objectClass=member)'
|
||||||
conn = self._get_ldap_conn()
|
conn = self._get_ldap_conn()
|
||||||
conn.search(
|
conn.search(
|
||||||
self.ldap_users_base, filter, attributes=['uid', 'program'])
|
self.ldap_users_base, filter, attributes=['uid', 'program'])
|
||||||
|
@ -336,12 +336,17 @@ class LDAPService:
|
||||||
batch_uids = uids[i:i + uwldap_batch_size]
|
batch_uids = uids[i:i + uwldap_batch_size]
|
||||||
batch_uw_programs = uwldap_srv.get_programs_for_users(batch_uids)
|
batch_uw_programs = uwldap_srv.get_programs_for_users(batch_uids)
|
||||||
uw_programs.extend(batch_uw_programs)
|
uw_programs.extend(batch_uw_programs)
|
||||||
|
# uw_programs[i] will be None if the 'ou' attribute was not
|
||||||
|
# present in UWLDAP, or if no UWLDAP entry was found at all
|
||||||
|
for i, uw_program in enumerate(uw_programs):
|
||||||
|
if uw_program in (None, 'expired', 'orphaned'):
|
||||||
|
# If the UWLDAP record is orphaned, nonexistent, or missing
|
||||||
|
# data, assume that the member graduated
|
||||||
|
uw_programs[i] = 'Alumni'
|
||||||
users_to_change = [
|
users_to_change = [
|
||||||
(uids[i], csc_programs[i], uw_programs[i])
|
(uids[i], csc_programs[i], uw_programs[i])
|
||||||
for i in range(len(uids))
|
for i in range(len(uids))
|
||||||
if csc_programs[i] != uw_programs[i] and (
|
if csc_programs[i] != uw_programs[i]
|
||||||
uw_programs[i] not in (None, 'expired', 'orphaned')
|
|
||||||
)
|
|
||||||
]
|
]
|
||||||
if dry_run:
|
if dry_run:
|
||||||
return users_to_change
|
return users_to_change
|
||||||
|
|
|
@ -1,3 +1,16 @@
|
||||||
|
ceo (1.0.24-bullseye1) bullseye; urgency=high
|
||||||
|
|
||||||
|
* Add support for using number in member terms renwewal API
|
||||||
|
* Sort group member listing by WatIAM ID
|
||||||
|
* Add more logging for Cloudstack
|
||||||
|
* Use LDAP instead of NSS
|
||||||
|
* Fix shadowExpire deserialization
|
||||||
|
* Fix email formatting bug in ClubWebHostingService
|
||||||
|
* Check if mail_local_addresses exists in UWLDAP entry
|
||||||
|
* Remove override_dh_systemd_start
|
||||||
|
|
||||||
|
-- Max Erenberg <merenber@csclub.uwaterloo.ca> Sun, 23 Oct 2022 21:41:00 -0400
|
||||||
|
|
||||||
ceo (1.0.23-bullseye1) bullseye; urgency=high
|
ceo (1.0.23-bullseye1) bullseye; urgency=high
|
||||||
|
|
||||||
* Fix some bugs in ClubWebHostingService.
|
* Fix some bugs in ClubWebHostingService.
|
||||||
|
|
|
@ -6,7 +6,8 @@ Standards-Version: 4.3.0
|
||||||
Vcs-Git: https://git.csclub.uwaterloo.ca/public/pyceo.git
|
Vcs-Git: https://git.csclub.uwaterloo.ca/public/pyceo.git
|
||||||
Vcs-Browser: https://git.csclub.uwaterloo.ca/public/pyceo
|
Vcs-Browser: https://git.csclub.uwaterloo.ca/public/pyceo
|
||||||
Uploaders: Max Erenberg <merenber@csclub.uwaterloo.ca>,
|
Uploaders: Max Erenberg <merenber@csclub.uwaterloo.ca>,
|
||||||
Raymond Li <raymo@csclub.uwaterloo.ca>
|
Raymond Li <raymo@csclub.uwaterloo.ca>,
|
||||||
|
Edwin <e42zhang@csclub.uwaterloo.ca>
|
||||||
Build-Depends: debhelper (>= 12.1.1),
|
Build-Depends: debhelper (>= 12.1.1),
|
||||||
python3-dev (>= 3.7),
|
python3-dev (>= 3.7),
|
||||||
python3-venv (>= 3.7),
|
python3-venv (>= 3.7),
|
||||||
|
|
|
@ -298,6 +298,17 @@ def uwldap_srv(cfg, ldap_conn):
|
||||||
delete_subtree(conn, base_dn)
|
delete_subtree(conn, base_dn)
|
||||||
|
|
||||||
conn.add(base_dn, 'organizationalUnit')
|
conn.add(base_dn, 'organizationalUnit')
|
||||||
|
conn.add(
|
||||||
|
f'uid=ctdalek,{base_dn}',
|
||||||
|
['inetLocalMailRecipient', 'inetOrgPerson', 'organizationalPerson', 'person'],
|
||||||
|
{
|
||||||
|
'mailLocalAddress': 'ctdalek@uwaterloo.internal',
|
||||||
|
'ou': 'Math',
|
||||||
|
'cn': 'Calum T. Dalek',
|
||||||
|
'sn': 'Dalek',
|
||||||
|
'givenName': 'Calum',
|
||||||
|
},
|
||||||
|
)
|
||||||
_uwldap_srv = UWLDAPService()
|
_uwldap_srv = UWLDAPService()
|
||||||
component.getGlobalSiteManager().registerUtility(_uwldap_srv, IUWLDAPService)
|
component.getGlobalSiteManager().registerUtility(_uwldap_srv, IUWLDAPService)
|
||||||
yield _uwldap_srv
|
yield _uwldap_srv
|
||||||
|
|
Loading…
Reference in New Issue