diff --git a/coldfront/plugins/project_openldap/management/commands/project_openldap_check_setup.py b/coldfront/plugins/project_openldap/management/commands/project_openldap_check_setup.py index 6d70857d2d..4d499081c1 100644 --- a/coldfront/plugins/project_openldap/management/commands/project_openldap_check_setup.py +++ b/coldfront/plugins/project_openldap/management/commands/project_openldap_check_setup.py @@ -11,7 +11,7 @@ from coldfront.core.utils.common import import_from_settings from coldfront.plugins.project_openldap.utils import ( PROJECT_OPENLDAP_BIND_USER, - ldapsearch_check_project_ou, + ldapsearch_check_ou, ) """ Coldfront project_openldap plugin - django management command - project_openldap_check_setup.py """ @@ -160,7 +160,7 @@ def check_setup_ldapsearch(self): self.stdout.write(self.style.SUCCESS(f" {PROJECT_OPENLDAP_OU} is set to {PROJECT_OPENLDAP_OU}")) self.stdout.write(self.style.SUCCESS(" ldapsearch...")) try: - ldapsearch_check_project_ou_result = ldapsearch_check_project_ou(PROJECT_OPENLDAP_OU) + ldapsearch_check_project_ou_result = ldapsearch_check_ou(PROJECT_OPENLDAP_OU) if ldapsearch_check_project_ou_result and not isinstance(ldapsearch_check_project_ou_result, Exception): self.stdout.write( self.style.SUCCESS( @@ -186,7 +186,7 @@ def check_setup_ldapsearch(self): ) self.stdout.write(self.style.SUCCESS(" ldapsearch...")) try: - ldapsearch_check_project_ou_result = ldapsearch_check_project_ou(PROJECT_OPENLDAP_ARCHIVE_OU) + ldapsearch_check_project_ou_result = ldapsearch_check_ou(PROJECT_OPENLDAP_ARCHIVE_OU) if ldapsearch_check_project_ou_result and not isinstance(ldapsearch_check_project_ou_result, Exception): self.stdout.write( self.style.SUCCESS( diff --git a/coldfront/plugins/project_openldap/management/commands/project_openldap_sync.py b/coldfront/plugins/project_openldap/management/commands/project_openldap_sync.py index ef2d83e026..70cfba319d 100644 --- a/coldfront/plugins/project_openldap/management/commands/project_openldap_sync.py +++ b/coldfront/plugins/project_openldap/management/commands/project_openldap_sync.py @@ -24,11 +24,10 @@ # this script relies HEAVILY on utils.py from coldfront.plugins.project_openldap.utils import ( - add_members_to_openldap_project_posixgroup, + add_members_to_openldap_posixgroup, add_per_project_ou_to_openldap, - add_project_posixgroup_to_openldap, + add_posixgroup_to_openldap, allocate_project_openldap_gid, - archive_project_in_openldap, construct_dn_archived_str, construct_dn_str, construct_ou_archived_dn_str, @@ -37,10 +36,11 @@ construct_project_ou_description, construct_project_posixgroup_description, ldapsearch_check_project_dn, - ldapsearch_get_project_description, - ldapsearch_get_project_memberuids, - remove_members_from_openldap_project_posixgroup, - update_project_posixgroup_in_openldap, + ldapsearch_get_description, + ldapsearch_get_posixgroup_memberuids, + move_dn_in_openldap, + remove_members_from_openldap_posixgroup, + update_posixgroup_description_in_openldap, ) # NOTE: functions starting with 'local_' or 'handle_' are local to this script @@ -170,7 +170,7 @@ def handle_missing_project_in_openldap_archive(self, project, project_dn, sync=F # create posixgroup self.stdout.write(f"Adding OpenLDAP project archive posixgroup entry - DN: {archive_posixgroup_dn}") - add_project_posixgroup_to_openldap( + add_posixgroup_to_openldap( archive_posixgroup_dn, archive_openldap_posixgroup_description, archive_gid, @@ -200,7 +200,7 @@ def handle_project_in_openldap_but_not_archive( # current_dn (ou_dn), relative_dn, ARCHIVE_OU need supplied - where relative_dn is the project's own ou try: relative_dn = construct_per_project_ou_relative_dn_str(project) - archive_project_in_openldap(project_ou_dn, relative_dn, PROJECT_OPENLDAP_ARCHIVE_OU, write=True) + move_dn_in_openldap(project_ou_dn, relative_dn, PROJECT_OPENLDAP_ARCHIVE_OU, write=True) self.stdout.write( f"Moving project to archive OU, DN: {archive_dn} in OpenLDAP - SYNC is {sync} - WRITING TO Openldap" ) @@ -247,12 +247,12 @@ def handle_description_update( PROJECT_STATUS_CHOICE_ACTIVE, ]: # fetch current description from project_dn - fetched_description = ldapsearch_get_project_description(project_dn) + fetched_description = ldapsearch_get_description(project_dn) if new_description == fetched_description: self.stdout.write("Description is up-to-date.") if new_description != fetched_description: if sync: - update_project_posixgroup_in_openldap(project_dn, new_description, write=True) + update_posixgroup_description_in_openldap(project_dn, new_description, write=True) self.stdout.write(f"{new_description}") else: # line up description output @@ -262,7 +262,7 @@ def handle_description_update( if project.status_id in [PROJECT_STATUS_CHOICE_ARCHIVED]: # fetch current description from archive DN - fetched_description = ldapsearch_get_project_description(archive_dn) + fetched_description = ldapsearch_get_description(archive_dn) if new_description == fetched_description: self.stdout.write("Description is up-to-date.") if new_description != fetched_description: @@ -277,7 +277,7 @@ def handle_description_update( "WRITE_TO_ARCHIVE is required to make changes, please supply: -z or --writearchive" ) if sync and write_to_archive: - update_project_posixgroup_in_openldap(archive_dn, new_description, write=True) + update_posixgroup_description_in_openldap(archive_dn, new_description, write=True) self.stdout.write(f"{new_description}") # get active users from the coldfront django project @@ -289,7 +289,7 @@ def local_get_cf_django_members(self, project_pk): return tuple(usernames) def local_get_openldap_members(self, dn): - entries = ldapsearch_get_project_memberuids(dn) + entries = ldapsearch_get_posixgroup_memberuids(dn) if entries is None: return @@ -348,7 +348,7 @@ def sync_members( if sync: if ldapsearch_project_result: try: - remove_members_from_openldap_project_posixgroup(member_change_dn, missing_in_cf, write=True) + remove_members_from_openldap_posixgroup(member_change_dn, missing_in_cf, write=True) self.stdout.write(f"SYNC {sync} - Removed members {missing_in_cf}") except Exception as e: self.stdout.write( @@ -361,7 +361,7 @@ def sync_members( ) elif write_to_archive: try: - remove_members_from_openldap_project_posixgroup(member_change_dn, missing_in_cf, write=True) + remove_members_from_openldap_posixgroup(member_change_dn, missing_in_cf, write=True) self.stdout.write(f"SYNC {sync} - Removed members {missing_in_cf}") except Exception as e: self.stdout.write( @@ -377,7 +377,7 @@ def sync_members( if sync: if ldapsearch_project_result: try: - add_members_to_openldap_project_posixgroup(member_change_dn, missing_in_openldap, write=True) + add_members_to_openldap_posixgroup(member_change_dn, missing_in_openldap, write=True) self.stdout.write(f"SYNC {sync} - Added members {missing_in_openldap}") except Exception as e: self.stdout.write( @@ -390,9 +390,7 @@ def sync_members( ) elif write_to_archive: try: - add_members_to_openldap_project_posixgroup( - member_change_dn, missing_in_openldap, write=True - ) + add_members_to_openldap_posixgroup(member_change_dn, missing_in_openldap, write=True) self.stdout.write(f"SYNC {sync} - Added members {missing_in_openldap}") except Exception as e: self.stdout.write( diff --git a/coldfront/plugins/project_openldap/tasks.py b/coldfront/plugins/project_openldap/tasks.py index 66f9350d11..01e782fc9a 100644 --- a/coldfront/plugins/project_openldap/tasks.py +++ b/coldfront/plugins/project_openldap/tasks.py @@ -9,19 +9,19 @@ from coldfront.core.project.models import ProjectUser from coldfront.core.utils.common import import_from_settings from coldfront.plugins.project_openldap.utils import ( - add_members_to_openldap_project_posixgroup, + add_members_to_openldap_posixgroup, add_per_project_ou_to_openldap, - add_project_posixgroup_to_openldap, + add_posixgroup_to_openldap, allocate_project_openldap_gid, - archive_project_in_openldap, construct_dn_str, construct_ou_dn_str, construct_per_project_ou_relative_dn_str, construct_project_ou_description, construct_project_posixgroup_description, + move_dn_in_openldap, remove_dn_from_openldap, - remove_members_from_openldap_project_posixgroup, - update_project_posixgroup_in_openldap, + remove_members_from_openldap_posixgroup, + update_posixgroup_description_in_openldap, ) # Setup logging @@ -77,7 +77,7 @@ def add_project(project_obj): openldap_posixgroup_description, ) - add_project_posixgroup_to_openldap(posixgroup_dn, openldap_posixgroup_description, gid_int) + add_posixgroup_to_openldap(posixgroup_dn, openldap_posixgroup_description, gid_int) # Coldfront archive project action @@ -99,7 +99,7 @@ def remove_project(project_obj): else: relative_dn = construct_per_project_ou_relative_dn_str(project_obj) logger.info(f"Project OU {ou_dn} is going to be ARCHIVED in OpenLDAP at {PROJECT_OPENLDAP_ARCHIVE_OU}...") - archive_project_in_openldap(ou_dn, relative_dn, PROJECT_OPENLDAP_ARCHIVE_OU) + move_dn_in_openldap(ou_dn, relative_dn, PROJECT_OPENLDAP_ARCHIVE_OU) def update_project(project_obj): @@ -110,7 +110,7 @@ def update_project(project_obj): logger.info("Modifying OpenLDAP entry: %s", dn) logger.info("Modifying OpenLDAP with description: %s", openldap_description) - update_project_posixgroup_in_openldap(dn, openldap_description) + update_posixgroup_description_in_openldap(dn, openldap_description) def add_user_project(project_user_pk): @@ -126,7 +126,7 @@ def add_user_project(project_user_pk): list_memberuids = [] list_memberuids.append(final_user_username) - add_members_to_openldap_project_posixgroup(dn, list_memberuids) + add_members_to_openldap_posixgroup(dn, list_memberuids) def remove_user_project(project_user_pk): @@ -142,4 +142,4 @@ def remove_user_project(project_user_pk): list_memberuids = [] list_memberuids.append(final_user_username) - remove_members_from_openldap_project_posixgroup(dn, list_memberuids) + remove_members_from_openldap_posixgroup(dn, list_memberuids) diff --git a/coldfront/plugins/project_openldap/utils.py b/coldfront/plugins/project_openldap/utils.py index 383fed6056..28047ee05a 100644 --- a/coldfront/plugins/project_openldap/utils.py +++ b/coldfront/plugins/project_openldap/utils.py @@ -60,7 +60,7 @@ def openldap_connection(server_opt, bind_user, bind_password): return None -def add_members_to_openldap_project_posixgroup(dn, list_memberuids, write=True): +def add_members_to_openldap_posixgroup(dn, list_memberuids, write=True): """Add members to a posixgroup in OpenLDAP""" member_uid = tuple(list_memberuids) conn = openldap_connection(server, PROJECT_OPENLDAP_BIND_USER, PROJECT_OPENLDAP_BIND_PASSWORD) @@ -81,7 +81,7 @@ def add_members_to_openldap_project_posixgroup(dn, list_memberuids, write=True): conn.unbind() -def remove_members_from_openldap_project_posixgroup(dn, list_memberuids, write=True): +def remove_members_from_openldap_posixgroup(dn, list_memberuids, write=True): """Remove members from a posixgroup in OpenLDAP""" member_uids_tuple = tuple(list_memberuids) conn = openldap_connection(server, PROJECT_OPENLDAP_BIND_USER, PROJECT_OPENLDAP_BIND_PASSWORD) @@ -131,8 +131,8 @@ def add_per_project_ou_to_openldap(project_obj, dn, openldap_ou_description, wri conn.unbind() -def add_project_posixgroup_to_openldap(dn, openldap_description, gid_int, write=True): - """Add a project to OpenLDAP - write a posixGroup""" +def add_posixgroup_to_openldap(dn, openldap_description, gid_int, write=True): + """Add a posixGroup to OpenLDAP""" conn = openldap_connection(server, PROJECT_OPENLDAP_BIND_USER, PROJECT_OPENLDAP_BIND_PASSWORD) if not conn: @@ -159,7 +159,7 @@ def add_project_posixgroup_to_openldap(dn, openldap_description, gid_int, write= # Remove a DN - e.g. DELETE a project OU or posixgroup in OpenLDAP def remove_dn_from_openldap(dn, write=True): - """Remove a project from OpenLDAP - delete a posixGroup""" + """Remove a DN from OpenLDAP""" conn = openldap_connection(server, PROJECT_OPENLDAP_BIND_USER, PROJECT_OPENLDAP_BIND_PASSWORD) if not conn: @@ -179,7 +179,7 @@ def remove_dn_from_openldap(dn, write=True): # Update the project title in OpenLDAP -def update_project_posixgroup_in_openldap(dn, openldap_description, write=True): +def update_posixgroup_description_in_openldap(dn, openldap_description, write=True): """Update the description of a posixGroup in OpenLDAP""" conn = openldap_connection(server, PROJECT_OPENLDAP_BIND_USER, PROJECT_OPENLDAP_BIND_PASSWORD) @@ -199,8 +199,8 @@ def update_project_posixgroup_in_openldap(dn, openldap_description, write=True): # MOVE the project to an archive OU - defined as env var -def archive_project_in_openldap(current_dn, relative_dn, archive_ou, write=True): - """Move a project to the archive OU in OpenLDAP""" +def move_dn_in_openldap(current_dn, relative_dn, destination_ou, write=True): + """Move a DN to another OU in OpenLDAP""" conn = openldap_connection(server, PROJECT_OPENLDAP_BIND_USER, PROJECT_OPENLDAP_BIND_PASSWORD) if not conn: @@ -210,7 +210,7 @@ def archive_project_in_openldap(current_dn, relative_dn, archive_ou, write=True) return None try: - conn.modify_dn(current_dn, relative_dn, new_superior=archive_ou) + conn.modify_dn(current_dn, relative_dn, new_superior=destination_ou) conn.unbind() except Exception as exc_log: logger.info(exc_log) @@ -236,7 +236,7 @@ def ldapsearch_check_project_dn(dn): # check bind user can see the Project OU or Archive OU - is also used in system setup check script -def ldapsearch_check_project_ou(OU): +def ldapsearch_check_ou(OU): """Test that ldapsearch can see an OU""" conn = openldap_connection(server, PROJECT_OPENLDAP_BIND_USER, PROJECT_OPENLDAP_BIND_PASSWORD) @@ -253,8 +253,8 @@ def ldapsearch_check_project_ou(OU): conn.unbind() -def ldapsearch_get_project_memberuids(dn): - """Get memberUids from a project's posixGroup""" +def ldapsearch_get_posixgroup_memberuids(dn): + """Get memberUids from a posixGroup""" conn = openldap_connection(server, PROJECT_OPENLDAP_BIND_USER, PROJECT_OPENLDAP_BIND_PASSWORD) if not conn: @@ -262,8 +262,7 @@ def ldapsearch_get_project_memberuids(dn): try: conn.search(dn, "(objectclass=posixGroup)", attributes=["memberUid"]) - ldapsearch_project_memberuids_entries = conn.entries - return ldapsearch_project_memberuids_entries + return conn.entries except Exception as exc_log: logger.info(exc_log) return None @@ -271,8 +270,8 @@ def ldapsearch_get_project_memberuids(dn): conn.unbind() -def ldapsearch_get_project_description(dn): - """Get description from a project's posixGroup""" +def ldapsearch_get_description(dn): + """Get description from an openldap entry""" conn = openldap_connection(server, PROJECT_OPENLDAP_BIND_USER, PROJECT_OPENLDAP_BIND_PASSWORD) if not conn: