From ef8671aa7ebac1dd3fb53b7f2165e4a11bf1a65d Mon Sep 17 00:00:00 2001 From: Matteo Valentini Date: Tue, 24 Jan 2023 13:32:52 +0100 Subject: [PATCH] configure-module: use new admin domains REST API --- imageroot/actions/configure-module/20config | 93 ++++++++++++--------- 1 file changed, 52 insertions(+), 41 deletions(-) diff --git a/imageroot/actions/configure-module/20config b/imageroot/actions/configure-module/20config index 9ff215f5..f6b7c954 100755 --- a/imageroot/actions/configure-module/20config +++ b/imageroot/actions/configure-module/20config @@ -10,42 +10,11 @@ import sys import os import agent import agent.ldapproxy -import subprocess import urllib.request api_endpoint = "http://localhost:" + os.environ["TCP_PORT"] + "/webtop/api/com.sonicle.webtop.core/v1" api_headers={"Content-Type": "application/json", "Authorization": "Bearer " + os.environ["WEBAPP_API_TOKEN"]} -def domain_setup(user_domain_name, user_domain): - user_domain_uri = "ldapneth://accountprovider" + ":" + user_domain["port"] - user_domain_admin = user_domain["bind_dn"] - - user_domain_password = subprocess.check_output(['podman', 'run', '--rm', os.environ["WEBTOP_WEBAPP_IMAGE"], 'bash', '-c', "echo -n " + user_domain["bind_password"] + " | java -classpath /usr/share/webtop/ WebtopPassEncode"], text=True).splitlines().pop() - - user_domain_parameters = { - "loginDn": user_domain["base_dn"], - "loginFilter": None, - "userDn": user_domain["base_dn"], - "userFilter": None, - "userIdField": "uid", - "userFirstnameField": "givenName", - "userLastnameField": "sn", - "userDisplayNameField": "gecos", - } - - if user_domain["schema"] == "ad": - user_domain_parameters["loginFilter"] = "&(objectCategory=person)(objectClass=user)" - user_domain_parameters["userIdField"] = "sAMAccountName" - user_domain_parameters["userFilter"] = "(&(objectClass=user)(objectCategory=person)(!(isCriticalSystemObject=TRUE)))" - user_domain_parameters["userDisplayNameField"] = "displayName" - - with subprocess.Popen(['podman', 'exec', '-i', 'postgres', 'psql', '-U', 'postgres', 'webtop5'], stdin=subprocess.PIPE, text=True) as psql: - print("DELETE FROM core.domains WHERE domain_id = 'NethServer';\n", file=psql.stdin) - print("INSERT INTO core.domains (domain_id, internet_name, enabled, description, user_auto_creation, dir_uri, dir_admin, dir_password, dir_connection_security, dir_case_sensitive, dir_password_policy, dir_parameters) VALUES ('NethServer', '" + user_domain_name + "', 't', 'NethServer', 't', '" + user_domain_uri + "', '" + user_domain_admin + "', '" + user_domain_password + "', null, 'f', 'f', '" + json.dumps(user_domain_parameters) + "');\n", file=psql.stdin) - - agent.set_env("USER_DOMAIN_PORT", user_domain["port"]) - - # Try to parse the stdin as JSON. # If parsing fails, output everything to stderr data = json.load(sys.stdin) @@ -209,19 +178,61 @@ if "mail_module" in data: user_domain_name = rdb.hget(f"module/{mail_module}/srv/tcp/imap", "user_domain") or "" user_domain = agent.ldapproxy.Ldapproxy().get_domain(user_domain_name) or {} - domain_setup(user_domain_name, user_domain) + user_domain_json = { + "enabled": True, + "displayName": "NethServer", + "authDomainName": user_domain_name, + "domainName": user_domain_name, + "publicURL": "https://" + data["hostname"] + "/webtop", + "userAutoCreation": True, + "dirUri": "ldapneth://accountprovider" + ":" + user_domain["port"], + "dirAdmin": user_domain["bind_dn"], + "dirPassword": user_domain["bind_password"], + "dirConnSecurity": "OFF", + "dirCaseSensitive": False, + "dirRawParameters": { + "loginDn": user_domain["base_dn"], + "loginFilter": None, + "userDn": user_domain["base_dn"], + "userFilter": None, + "userIdField": "uid", + "userFirstnameField": "givenName", + "userLastnameField": "sn", + "userDisplayNameField": "gecos" + }, + "passwordPolicies": { + "minLength": None, + "complexity": False, + "avoidConsecutiveChars": False, + "avoidOldSimilarity": False, + "avoidUsernameSimilarity": False, + "expiration": None, + "verifyAtLogin": False + } + } - agent.set_env("MAIL_MODULE", mail_module) - agent.set_env("RESTART_WEBAPP", "1") + if user_domain["schema"] == "ad": + user_domain_json["dirRawParameters"]["loginFilter"] = "&(objectCategory=person)(objectClass=user)" + user_domain_json["dirRawParameters"]["userIdField"] = "sAMAccountName" + user_domain_json["dirRawParameters"]["userFilter"] = "(&(objectClass=user)(objectCategory=person)(!(isCriticalSystemObject=TRUE)))" + user_domain_json["dirRawParameters"]["userDisplayNameField"] = "displayName" -# In case of module move/migrate/restore, check if the port of local the ldapproxy is changed -if "MAIL_MODULE" in os.environ and ("mail_module" not in data or data["mail_module"] == os.getenv("MAIL_MODULE")) : - user_domain_name = rdb.hget(f'module/{data["mail_module"]}/srv/tcp/imap', "user_domain") or "" - user_domain = agent.ldapproxy.Ldapproxy().get_domain(user_domain_name) or {} + try: + #Check if the domain already exist + urllib.request.urlopen(urllib.request.Request(f"{api_endpoint}/admin/domains/NethServer", headers=api_headers)) + #Update the doiman + urllib.request.urlopen(urllib.request.Request(f"{api_endpoint}/admin/domains/NethServer?update_options=3", json.dumps(user_domain_json).encode(), headers=api_headers, method='PUT')) + except urllib.error.HTTPError as e: + if e.code == 404: + # Create the doiman + user_domain_json["domainId"] = "NethServer" + urllib.request.urlopen(urllib.request.Request(f"{api_endpoint}/admin/domains", json.dumps(user_domain_json).encode(), headers=api_headers, method='POST')) + pass + except urllib.error.URLError as e: + raise Exception(f'Error reaching webapp daemon: {e.reason}') + + agent.set_env("MAIL_MODULE", mail_module) - if user_domain["port"] != os.environ["USER_DOMAIN_PORT"]: - domain_setup(user_domain_name, user_domain) - agent.set_env("RESTART_WEBAPP", "1") if "webapp" in data: if "debug" in data["webapp"] and data["webapp"]["debug"] != os.getenv("WEBAPP_JS_DEBUG"):