From f4ae5b103db4ec544f4797081f155f8c74bf0780 Mon Sep 17 00:00:00 2001 From: Frederik Enste Date: Mon, 4 Jan 2021 15:50:57 +0100 Subject: [PATCH] #1 added environment support --- root/usr/share/teco/pve-ldap-sync | 51 ++++++++++++++++++++++++++----- 1 file changed, 43 insertions(+), 8 deletions(-) diff --git a/root/usr/share/teco/pve-ldap-sync b/root/usr/share/teco/pve-ldap-sync index c8c7747..ea7dc2b 100755 --- a/root/usr/share/teco/pve-ldap-sync +++ b/root/usr/share/teco/pve-ldap-sync @@ -1,8 +1,10 @@ #!/bin/python3 # This script is maintained by https://gitlab.teco.edu/it/debian/teco-pve-autoremove-subscription-message -from argparse import ArgumentParser +from argparse import ArgumentParser, Action +from os import environ from pprint import PrettyPrinter + from ldap import initialize, SCOPE_SUBTREE from ldap.ldapobject import LDAPObject from proxmoxer import ProxmoxAPI @@ -16,6 +18,9 @@ ldap_groups = 'ou=Group' proxmox_host = 'proxmox.teco.edu' proxmox_port = '443' +proxmox_user = None +proxmox_realm = None +proxmox_password = None proxmox_ssl_check = True proxmox_ldap_realm = 'ldap' proxmox_ldap_managed_groups = ['IT', 'Staff', 'Students'] @@ -39,6 +44,20 @@ dry_run = False be_verbose = False +# for parsing environment variables as parameters +class EnvDefault(Action): + def __init__(self, envvar, required=True, default=None, **kwargs): + if not default and envvar: + if envvar in environ: + default = environ[envvar] + if required and default: + required = False + super(EnvDefault, self).__init__(default=default, required=required, **kwargs) + + def __call__(self, parser, namespace, values, option_string=None): + setattr(namespace, self.dest, values) + + def log(msg): if isinstance(msg, str): print(msg) @@ -51,23 +70,32 @@ def verbose(msg): log(msg) -def login(): - global dry_run, be_verbose +def parse_arguments(): + global dry_run, be_verbose, proxmox_user, proxmox_realm, proxmox_password parser = ArgumentParser(description='Synchronizes the TECO LDAP to the Proxmox User database.') parser.add_argument('-u', '--user', + envvar='LDAP_SYNC_PROXMOX_USER', + action=EnvDefault, dest='user', required=True, help='Required argument. Specify the user for Proxmox. ' - 'The user needs at least PVEUserAdmin role for /access.') + 'The user needs at least PVEUserAdmin role for /access. ' + 'You can also pass this value via LDAP_SYNC_PROXMOX_USER environment variable.') parser.add_argument('-r', '--realm', + envvar='LDAP_SYNC_PROXMOX_REALM', + action=EnvDefault, dest='realm', required=True, - help='The Login Realm of the previously specified user') + help='The Login Realm of the previously specified user' + 'You can also pass this value via LDAP_SYNC_PROXMOX_REALM environment variable.') parser.add_argument('-p', '--password', + envvar='LDAP_SYNC_PROXMOX_PASSWORD', + action=EnvDefault, dest='password', metavar='PASS', required=True, - help='The password for the previously specified user') + help='The password for the previously specified user' + 'You can also pass this value via LDAP_SYNC_PROXMOX_PASSWORD environment variable.') parser.add_argument('-n', '--dry-run', dest='dry_run', action='store_const', @@ -83,6 +111,12 @@ def login(): args = parser.parse_args() dry_run = args.dry_run be_verbose = args.verbose + proxmox_user = args.user + proxmox_realm = args.realm + proxmox_password = args.password + + +def login(): verbose('Connecting to LDAP...') ldap = initialize(ldap_uri, bytes_mode=False) @@ -91,8 +125,8 @@ def login(): proxmox = ProxmoxAPI(host=proxmox_host, backend='https', port=proxmox_port, - user='{}@{}'.format(args.user, args.realm), - password=args.password, + user='{}@{}'.format(proxmox_user, proxmox_realm), + password=proxmox_password, verify_ssl=proxmox_ssl_check) verbose('done.') return ldap, proxmox @@ -243,6 +277,7 @@ def sync(proxmox: ProxmoxAPI, ldap_user_dict: dict, proxmox_user_dict: dict): def main(): + parse_arguments() (ldap, proxmox) = login() ldap_group_dict: dict = get_ldap_groups(ldap) ldap_user_dict: dict = get_ldap_users(ldap, ldap_group_dict) -- GitLab