Commit 70ffa4eb authored by Rob Carleski's avatar Rob Carleski 🇮🇸
Browse files

Fix retry for groups which need ownership granted via the web UI

parent 9bddd8f4
......@@ -17,6 +17,7 @@ from secrets import choice
from subprocess import check_output as cmd
from subprocess import CalledProcessError
from subprocess import STDOUT
from time import sleep
devnull = open(os.devnull, 'w')
......@@ -201,7 +202,7 @@ https://documentation.its.umich.edu/node/339/
def set_up_mcommunity_group(self):
_control_group = self.config['mcommunity']['api_control_group']
self.control_group = self.config['mcommunity']['api_control_group']
_ext_addr = self.username + '@go.itd.umich.edu'
_needs_update = False
......@@ -210,25 +211,25 @@ https://documentation.its.umich.edu/node/339/
'Checking Mcommunity for associated group',
extra={'entity': self.account}
)
client = mcommunity.MCommClient(
self.mcomm_client = mcommunity.MCommClient(
self.config['mcommunity']['client_id'],
self.config['mcommunity']['secret']
)
mcomm_group = client.group(self.groupname)
self.mcomm_group = self.mcomm_client.group(self.groupname)
except mcommunity.core.MCommError as e:
self.logger.info(e, extra={'entity': self.account})
if mcomm_group.exists:
if self.mcomm_group.exists:
self.logger.info(
'Found associated MCommunity group',
extra={'entity': self.account}
)
if set(self.owners) - set(mcomm_group.owners):
if set(self.owners) - set(self.mcomm_group.owners):
_needs_update = True
if self.service in ['google', 'both']:
if _ext_addr not in mcomm_group.externalMembers:
if _ext_addr not in self.mcomm_group.externalMembers:
_needs_update = True
if _needs_update:
......@@ -236,14 +237,8 @@ https://documentation.its.umich.edu/node/339/
'Mcommunity group needs updating',
extra={'entity': self.account}
)
if _control_group not in mcomm_group.owners:
if not self.take_group_ownership():
self.logger.error(
'Failed to obtain group ownership',
extra={'entity': self.account}
)
exit(2)
mcomm_group.fetch()
if self.control_group not in self.mcomm_group.owners:
self.take_group_ownership()
else:
self.logger.info(
'Mcommunity group does not need an update',
......@@ -262,19 +257,19 @@ https://documentation.its.umich.edu/node/339/
'Reserving new Mcommunity group',
extra={'entity': self.account}
)
mcomm_group.reserve()
self.mcomm_group.reserve()
except mcommunity.core.MCommError as e:
self.logger.info(e, extra={'entity': self.account})
exit(2)
try:
if self.alias not in mcomm_group.aliases:
if self.alias not in self.mcomm_group.aliases:
self.logger.info(
'Adding Mcommunity group alias',
extra={'entity': self.account}
)
mcomm_group.aliases.append(self.alias)
mcomm_group.update_aliases()
self.mcomm_group.aliases.append(self.alias)
self.mcomm_group.update_aliases()
except mcommunity.core.MCommError as e:
self.logger.warning(e, extra={'entity': self.account})
......@@ -284,10 +279,10 @@ https://documentation.its.umich.edu/node/339/
extra={'entity': self.account}
)
if self.service in ['google', 'both']:
mcomm_group.externalMembers.append(_ext_addr)
if _control_group in mcomm_group.memberGroups:
mcomm_group.memberGroups.remove(_control_group)
mcomm_group.update_membership()
self.mcomm_group.externalMembers.append(_ext_addr)
if self.control_group in self.mcomm_group.memberGroups:
self.mcomm_group.memberGroups.remove(self.control_group)
self.mcomm_group.update_membership()
except mcommunity.core.MCommError as e:
self.logger.warning(e, extra={'entity': self.account})
......@@ -296,13 +291,13 @@ https://documentation.its.umich.edu/node/339/
'Updating Mcommunity group ownership',
extra={'entity': self.account}
)
mcomm_group.owners.extend(self.owners)
mcomm_group.owners.remove(
_control_group
self.mcomm_group.owners.extend(self.owners)
self.mcomm_group.owners.remove(
self.control_group
)
mcomm_group.update_ownership()
assert len(mcomm_group.owners) > 0
assert _control_group not in mcomm_group.owners
self.mcomm_group.update_ownership()
assert len(self.mcomm_group.owners) > 0
assert self.control_group not in self.mcomm_group.owners
except AssertionError as e:
self.logger.warning(e, extra={'entity': self.account})
except mcommunity.core.MCommError as e:
......@@ -310,7 +305,16 @@ https://documentation.its.umich.edu/node/339/
def take_group_ownership(self):
input('Add api controller as group owner, then press enter.')
return True
for i in range(5):
del(self.mcomm_group)
self.mcomm_group = self.mcomm_client.group(self.groupname)
if self.control_group in self.mcomm_group.owners:
return True
else:
sleep(2**i)
else:
self.logger.error('Failed to obtain group ownership.')
exit(2)
def set_kerberos_password(self):
try:
......
......@@ -63,16 +63,6 @@ def test_set_up_mcommunity_group_existing_owned(mock_client):
sa.set_up_mcommunity_group()
@mock.patch('collab_admin_kit.create_shared.input')
@mock.patch('mcommunity.MCommClient')
def test_set_up_mcommunity_group_existing_unowned(mock_client, mock_input):
mock_input.return_value(True)
mock_client.return_value.group.return_value.fetch.return_value = json.loads(
open(data_dir + '/mock_mcomm/profile_testgroup.json').read()
)
sa.set_up_mcommunity_group()
@mock.patch('kadmin.init_with_keytab')
def test_set_kerberos_password(kadmin):
sa.set_kerberos_password()
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment