Commit a711c1ba authored by redmitry@list.ru's avatar redmitry@list.ru

assign owner:community to appropriate users

parent fe60f99f
......@@ -5,57 +5,102 @@ import json
import urllib.request
import urllib.parse
OPENEBENCH_COMMUNITY_URL = "https://dev-openebench.bsc.es/api/scientific/access/Community"
OPENEBENCH_URL = "https://dev-openebench.bsc.es/api/scientific/access"
KEYCLOAK_TOKEN_ENDPOINT = "https://inb.bsc.es/auth/realms/master/protocol/openid-connect/token"
KEYCLOAK_OPENEBENCH_REALM = "https://inb.bsc.es/auth/admin/realms/openebench/"
def main():
passowrd = None
if (len(sys.argv) > 1):
password = sys.argv[1]
else:
print('password:', end = ' ')
password = str(input())
updateCommunities('admin', password)
token = getAdminToken('admin', password)
headers = {'Authorization' : 'Bearer ' + token}
updateCommunities(headers)
updatePrivileges(headers)
# Update OpenEBench communities groups in the Keycloak server
def updateCommunities(user, password):
def updateCommunities(headers):
token = getAdminToken(user, password)
headers = {'Authorization' : 'Bearer ' + token}
communities = getOpenebenchCommunities()
root = getKeycloakCommunities(headers)
groups = root['subGroups']
communities = getOpenebenchCommunities()
# update existing communities
for group in groups[:]:
attributes = group['attributes']
print(attributes)
for community in communities[:]:
if (community['_id'] in attributes['community_id']):
attributes['acronym'] = [community['acronym']]
updateGroup(group, headers)
communities.remove(community)
groups.remove(group)
break
roles = attributes.get('roles')
if (roles != None):
for role in roles:
if (role.startswith('owner:')):
for community in communities[:]:
if (community['_id'] == role[6:]):
#attributes['acronym'] = [community['acronym']]
updateCommunityGroup(group, headers)
communities.remove(community)
groups.remove(group)
break
# insert new communities
for community in communities:
group = {}
group['name'] = community['name']
group['attributes'] = {'community_id' : [community['_id']], 'acronym' : [community['acronym']]}
addGroup(root, group, headers)
#group['attributes'] = {'community_id' : [community['_id']], 'acronym' : [community['acronym']]}
group['attributes'] = {'roles' : ['owner:' + community['_id']], 'acronym' : [community['acronym']]}
addCommunityGroup(root, group, headers)
#remove old communities
for group in groups:
deleteGroup(group, headers)
deleteCommunityGroup(group, headers)
# Update OpenEBench users communities on the Keycloak server
def updatePrivileges(headers):
root = getKeycloakCommunities(headers)
groups = root['subGroups']
contacts = getOpenebenchContacts()
users = getKeycloakUsers(headers)
privileges = getOpenebenchPrivileges()
for contact in contacts:
emails = contact.get('email')
if (emails != None):
for user in users:
for email in emails:
if (email == user['email']):
for privilege in privileges:
if (privilege['_id'] == contact['_id']):
roles = privilege.get('roles')
if (roles != None):
for role in roles:
community_id = role.get('community_id')
if (community_id != None):
addContactToCommunity(groups, user, community_id, headers)
else:
challenge_id = role.get('challenge_id')
# Assigns the user to the community group (owner)
def addContactToCommunity(groups, user, community_id, headers):
print('adding user ' + user['username'] + ' to the community ' + community_id)
for group in groups:
attributes = group['attributes']
roles = attributes.get('roles')
if (roles != None):
for role in roles:
if (role.startswith('owner:') and community_id == role[6:]):
addKeycloakUserToGroup(user, group, headers)
# Update the openebench community ('group')
def updateGroup(group, headers):
def updateCommunityGroup(group, headers):
print('updating community ' + group['name'])
......@@ -71,7 +116,7 @@ def updateGroup(group, headers):
# Insert the openebench community ('group') into the 'Community' group ('root')
def addGroup(root, group, headers):
def addCommunityGroup(root, group, headers):
print('inserting community ' + group['name'])
......@@ -86,7 +131,7 @@ def addGroup(root, group, headers):
print("error adding openebench community", group_req)
# Remove the openebench community ('group') from the 'Community' root group
def deleteGroup(group, headers):
def deleteCommunityGroup(group, headers):
print('removing community ' + group['name'])
......@@ -128,16 +173,90 @@ def getKeycloakCommunities(headers):
if(group_res.getcode() >= 400):
print("error adding Keycloak 'Community' group ", group_req)
# Get Keycloak users
def getKeycloakUsers(headers):
KC_OEB_USERS = KEYCLOAK_OPENEBENCH_REALM + 'users?briefRepresentation=false'
users_req = urllib.request.Request(KC_OEB_USERS, headers=headers)
users_res = urllib.request.urlopen(users_req);
if(users_res.getcode() >= 400):
print("error obtaining openebench users", users_req)
data = users_res.read()
return json.loads(data)
# Update Keycloak user
def updateKeycloakUser(user, headers):
print('updating user ' + user['username'])
KC_OEB_USER = KEYCLOAK_OPENEBENCH_REALM + 'users/' + user['id']
user_req = urllib.request.Request(KC_OEB_USER, data=json.dumps(user).encode("utf-8"), headers=headers, method='PUT')
user_req.add_header("Content-type", "application/json; charset=UTF-8")
user_res = urllib.request.urlopen(user_req);
if(user_res.getcode() >= 400):
print("error updating openebench user", user_req)
# Inserts user to the group of users
def addKeycloakUserToGroup(user, group, headers):
print('putting user ' + user['username'] + ' to group ' + group['id'])
KC_OEB_GROUP = KEYCLOAK_OPENEBENCH_REALM + 'users/' + user['id'] + '/groups/' + group['id']
user_req = urllib.request.Request(KC_OEB_GROUP, data=json.dumps(user).encode("utf-8"), headers=headers, method='PUT')
user_req.add_header("Content-type", "application/json; charset=UTF-8")
user_res = urllib.request.urlopen(user_req);
if(user_res.getcode() >= 400):
print("error assigning the user to a group", user_req)
# Get OpenEBench communities via the REST API
def getOpenebenchCommunities():
res = urllib.request.urlopen(OPENEBENCH_COMMUNITY_URL);
res = urllib.request.urlopen(OPENEBENCH_URL + '/Community');
if(res.getcode() < 300):
data = res.read()
return json.loads(data)
print("error reading communities", req)
# Get OpenEBench benchmarking events via the REST API
def getOpenebenchBenchmarkingEvents():
res = urllib.request.urlopen(OPENEBENCH_URL + '/BenchmarkingEvent');
if(res.getcode() < 300):
data = res.read()
return json.loads(data)
print("error reading benchmarking events", req)
# Get OpenEBench contacts via the REST API
def getOpenebenchContacts():
res = urllib.request.urlopen(OPENEBENCH_URL + '/Contact');
if(res.getcode() < 300):
data = res.read()
return json.loads(data)
print("error reading contacts", req)
# Get OpenEBench contacts via the REST API
def getOpenebenchPrivileges():
res = urllib.request.urlopen(OPENEBENCH_URL + '/Privilege');
if(res.getcode() < 300):
data = res.read()
return json.loads(data)
print("error reading privileges", req)
# Get OIDC access token with provided user and password
def getAdminToken(user, password):
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment