tim/fluke
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

use devops config

Browse Source
This commit is contained in:
Anton Chuchkalov 2015-09-08 16:20:27 +03:00
parent a63aaa4651
commit 53961231d9
1 changed files with 22 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
devops-service/lib/users_permissions_updater.rb
View File

@ -1,21 +1,27 @@
require "mongo" require "mongo"
require "../core/devops-config"
class UsersPermissionsUpdater class UsersPermissionsUpdater
attr_reader :users_collection attr_reader :users_collection
def initialize(config) def initialize
db = config[:db] || "devops" DevopsConfig.read
host = config[:host] || "localhost" config = DevopsConfig.config
port = config[:port] || 27017
user = config[:user] db = config[:mongo_db] || "devops"
password = config[:password] host = config[:mongo_host] || "localhost"
port = config[:mongo_port] || 27017
user = config[:mongo_user]
password = config[:mongo_password]
puts
puts "Initialized updater for db '#{db}' located on host '#{host}'"
@db = Mongo::MongoClient.new(host, port).db(db) @db = Mongo::MongoClient.new(host, port).db(db)
@db.authenticate(user, password) @db.authenticate(user, password)
@users_collection = @db.collection('users') @users_collection = @db.collection('users')
end end
# returns users who have rwx in permissions.server field
def admins def admins
users_collection.find('privileges.server' => 'rwx') users_collection.find('privileges.server' => 'rwx')
end end
@ -24,38 +30,26 @@ class UsersPermissionsUpdater
users_collection.find('privileges.server' => 'r') users_collection.find('privileges.server' => 'r')
end end
def set_priveleges_to_users(users, privilege_name, privilege_value) def set_priveleges_to_users(users, privilege_value)
ids = users.to_a.map {|u| u['_id']} ids = users.to_a.map {|u| u['_id']}
puts "users: #{ids.join(', ')}"
users_collection.update( users_collection.update(
{"_id" => {'$in' => ids}}, {"_id" => {'$in' => ids}},
{ {
"$set" => { "$set" => {
"privileges.#{privilege_name}" => privilege_value "privileges.stack" => privilege_value,
"privileges.stack_template" => privilege_value
} }
} }
) )
end end
def not_admin_or_readers
all = users_collection.find({}).to_a
admin_ids = admins.to_a.map {|u| u['_id']}
reader_ids = readers.to_a.map {|u| u['_id']}
admin_or_reader_ids = admin_ids + reader_ids
result = all.delete_if do |user|
admin_or_reader_ids.include?(user['_id'])
end
end
end end
updater = UsersPermissionsUpdater.new(user: 'user', password: 'pass', db: 'devops_prod') updater = UsersPermissionsUpdater.new
updater.set_priveleges_to_users(updater.admins, 'stack', 'rwx') updater.set_priveleges_to_users(updater.admins, 'rwx')
updater.set_priveleges_to_users(updater.admins, 'stack_template', 'rwx') puts "Admin privileges updated"
updater.set_priveleges_to_users(updater.readers, 'stack', 'r') updater.set_priveleges_to_users(updater.readers, 'r')
updater.set_priveleges_to_users(updater.readers, 'stack_template', 'r') puts "Readers privileges updated"
puts "Updated admins"
puts "Updated readers"