Untitled

import json
import configparser
import difflib
from keystoneauth1 import session
from keystoneauth1.identity import v2
from keystoneauth1.identity import v3
from keystoneclient.v2_0 import client as ksclient_v2
from keystoneclient.v3 import client as ksclient_v3
from ldap3 import Server, Connection, ALL, ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES


def ad_group_persons(server_name, domain_name, user_name, password, group):
    server = Server(server_name, get_info=ALL)
    conn = Connection(server, user=user_name+'@'+domain_name, password=password, auto_bind=True)
    conn.search('dc=sys,dc=local', "(&(objectCategory=Person)(memberOf=CN=%s,OU=Groups,OU=org,DC=sys,DC=local)(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))"%(group),
                attributes=[ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES])
    persons = []
    for e in sorted(conn.entries):
        persons.append(e.sAMAccountName[0])
    return persons


def _get_config_file_creds(infra_name, config='config.cfg'):
    with open(config) as fp:
        config = configparser.ConfigParser()
        config.read_file(fp)
        creds = {}
        for entry in config.items(infra_name):
            creds[entry[0]] = entry[1]
    return creds


def _do_auth(**creds):
    if int(creds.get('os_identity_api_version')) == 3:
        auth = v3.Password(username=creds.get('os_username'),
                           password=creds.get('os_password'),
                           project_domain_name=creds.get('os_project_domain_name'),
                           user_domain_name=creds.get('os_user_domain_name'),
                           project_name=creds.get('os_project_name'),
                           auth_url=creds.get('os_auth_url'))
    else:
        auth = v2.Password(username=creds.get('os_username'),
                           password=creds.get('os_password'),
                           tenant_name=creds.get('os_tenant_name'),
                           auth_url=creds.get('os_auth_url'))
    sess = session.Session(auth=auth)
    if int(creds.get('os_identity_api_version')) == 3:
        keystone = ksclient_v3.Client(session=sess)
    else:
        keystone = ksclient_v2.Client(session=sess)
    return keystone


def _check_defir_groups(client, group):
    for tenant in client.tenants.list():
        ig = dict()
        if tenant.name == f'DEFIR_{group}':
            ig['name'] = tenant.name
            ig['status'] = True
            ig['id'] = tenant.id
            ig['users'] = [u.username for u in client.tenants.list_users(tenant.id)]
            break
        else:
            ig['status'] = False
    return ig


def Diff(old, new):
    diff = (difflib.unified_diff(old, new, fromfile='a', tofile='b'))
    lines = list(diff)[2:]
    d = dict()
    add = [line[1:] for line in lines if line[0] == '+']
    remove = [line[1:] for line in lines if line[0] == '-']
    d['a'] = [a for a in remove if a not in add]
    d['r'] = [r for r in add if r not in remove]
    return d


CURRENT='current_users.txt'
OLD="old_users.txt"
group = 'TAM-Users'
main_users = ['admin', 'orchestrator', 'openstack-msk']

adcreds={'server_name': 'p0029ad-dc01.sys.local',
       'domain_name': 'sys.local',
       'user_name': 'kvmreport',
       'password': '********',
       'group': 'TAM-Users'}

cred = _get_config_file_creds('i04')
auth = _do_auth(**cred)


class T:
    def __init__(self, auth):
        self.auth = auth
        self._data = self.tenant_info()
        self.users = self.all_users()
        self.roles = self.roles_list()
        return

    def tenant_info(self):
        users = {}
        _data = {t.name: {'id': t.id, 'users': users} for t in self.auth.tenants.list() }
        for k, v in _data.items():
            v['users'] = {u.username: u.id for u in self.auth.tenants.list_users(v['id'])}
        return _data

    def users_in_tenant(self, tenant):
        _users = [user for user in self._data[tenant]['users']]
        return _users

    def all_users(self):
        allu = {u.username: u.id for u in self.auth.users.list()}
        return allu

    def user_in_groups(self,user):
        user_tenant = {t[0]: t[1]["id"] for t in self._data.items() if user in t[1]['users'].keys()}
        return user_tenant

    def check_user(self, user):
        if user in self.users.keys():
            return self.users[user]

    def roles_list(self):
        roles = {role.name: role.id for role in self.auth.roles.list()}
        return roles

    def check_tenant(self, tenant):
       for t in self._data:
           if t == f'{tenant}':
               check = True
               break
           else:
               check = False
       return check

tinf = T(auth)
all_stack_users = tinf.users
ldap_persons = ad_group_persons(**adcreds)
#ldap_persons = ['evgeniy.gaynutdinov', 'nsuvorov', 'aleksandr.pronin', 'ekaterina.zheludkova']
defir_project = _check_defir_groups(auth, adcreds['group'])

if defir_project["status"]:
    print(defir_project['name'])
    state = (Diff(ldap_persons, tinf.users_in_tenant(defir_project['name'])))
    for add in state['a']:
        print("Add to project new user ", add)
        if tinf.check_user(add):
            auth.users.update_tenant(tinf.check_user(add),defir_project['id'])
        else:
            auth.users.create(add, tenant_id=defir_project['id'])
    for remove in state['r']:
        print("Remove from project user ", remove)
        if tinf.check_user(remove):
            auth.users.delete(tinf.check_user(remove))
else:
    auth.tenants.create(f'DEFIR_{adcreds["group"]}')
    new_project = _check_defir_groups(auth, adcreds['group'])
    for user in ldap_persons:
        print(user)
        if user in all_stack_users.keys():
            print("change user project")
            auth.users.update_tenant(all_stack_users[user], new_project["id"])
        else:
            print("create new")
            auth.users.create(user, tenant_id=new_project['id'])

with open(f'{adcreds["group"]}_access.json') as steps:
    data = json.load(steps)

for os in data.items():
    os_setup = os[0]
    projects = os[1]["projects"]
    for user in ldap_persons:
        if type(projects) == list and projects != []:
            p = [f'tenant_{pr}' for pr in projects]
            p.append(f'DEFIR_{adcreds["group"]}')
            state = Diff(p, list(tinf.user_in_groups(user).keys()))
            if state['a'] != []:
                for pr in state['a']:
                    if tinf.check_tenant(pr):
                        auth.tenants.add_user(tinf._data[pr]['id'], tinf.users[user], tinf.roles['_member_'])
                    else:
                        print("Project failed")
                for pr in state['r']:
                    if tinf.check_tenant(pr):
                        auth.tenants.remove_user(tinf._data[pr]['id'], tinf.users[user], tinf.roles['_member_'])
                    else:
                        print("Project failed")

        if projects == []:
            if tinf.user_in_groups(user) != {defir_project['name']: defir_project['id']}:
                print("I need delete user from group ", user)
                for pr in tinf.user_in_groups(user):
                    if pr != defir_project['name']:
                        print("i need delete from project ", pr)
                        auth.tenants.remove_user(tinf._data[pr]['id'], tinf.users[user], tinf.roles['_member_'])