ccfos
/
nightingale
Not watched
1
0
Fork 0
Code
Releases 20 Wiki evaluate Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain HPC
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree: a4e9349dfd
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a4e9349dfd'
${ noResults }
nightingale/pkg/ldapx/user_sync.go

199 lines
5.3 kB
Raw Blame History 

  1. package ldapx

  2. 

  3. import (

  4. 	"fmt"

  5. 	"time"

  6. 

  7. 	"github.com/ccfos/nightingale/v6/dumper"

  8. 	"github.com/ccfos/nightingale/v6/models"

  9. 	"github.com/ccfos/nightingale/v6/pkg/ctx"

  10. 

  11. 	"github.com/toolkits/pkg/logger"

  12. )

  13. 

  14. func (s *SsoClient) SyncAddAndDelUsers(ctx *ctx.Context) error {

  15. 	if !s.Enable || !s.SyncAdd {

  16. 		return nil

  17. 	}

  18. 

  19. 	start := time.Now()

  20. 

  21. 	usersFromSso, usersFromDb, err := s.getUsersFromSsoAndDb(ctx)

  22. 	if err != nil {

  23. 		dumper.PutSyncRecord("sso_user", start.Unix(), -1, -1, "failed to query users: "+err.Error())

  24. 		return err

  25. 	}

  26. 

  27. 	usersToBeAdd, usersExists := diffUsers(usersFromDb, usersFromSso)

  28. 	// Incremental users synchronize both user information and group information

  29. 	for _, user := range usersToBeAdd {

  30. 		if err = user.AddUserAndGroups(ctx, s.CoverTeams); err != nil {

  31. 			logger.Warningf("failed to sync add user[%v] to db, err: %v", *user, err)

  32. 		}

  33. 	}

  34. 

  35. 	// Existing users synchronize group information only

  36. 	for _, user := range usersExists {

  37. 		if err = models.UserGroupMemberSyncByUser(ctx, user, s.CoverTeams); err != nil {

  38. 			logger.Warningf("failed to sync add user[%v] to db, err: %v", *user, err)

  39. 		}

  40. 	}

  41. 

  42. 	var usersToBeDel []*models.User

  43. 	if s.SyncDel {

  44. 		usersToBeDel, _ = diffUsers(usersFromSso, usersFromDb)

  45. 		if len(usersToBeDel) > 0 {

  46. 			delIds := make([]int64, 0, len(usersToBeDel))

  47. 			for _, user := range usersToBeDel {

  48. 				delIds = append(delIds, user.Id)

  49. 			}

  50. 			if err := models.UserDelByIds(ctx, delIds); err != nil {

  51. 				logger.Warningf("failed to sync del users[%v] to db, err: %v", usersToBeDel, err)

  52. 			}

  53. 		}

  54. 	}

  55. 

  56. 	ms := time.Since(start).Milliseconds()

  57. 	logger.Infof("timer: sync sso users done, cost: %dms, number: %d", ms, len(usersToBeDel)+len(usersToBeAdd))

  58. 	dumper.PutSyncRecord("sso_user", start.Unix(), ms, len(usersToBeDel)+len(usersToBeAdd), "success")

  59. 	return nil

  60. }

  61. 

  62. func (s *SsoClient) getUsersFromSsoAndDb(ctx *ctx.Context) (usersFromSso, usersFromDb map[string]*models.User, err error) {

  63. 	usersFromSso, err = s.UserGetAll()

  64. 	if err != nil {

  65. 		return nil, nil, err

  66. 	}

  67. 

  68. 	usersFromDb, err = models.UserGetsBySso(ctx, "ldap")

  69. 	if err != nil {

  70. 		return nil, nil, err

  71. 	}

  72. 

  73. 	return

  74. }

  75. 

  76. func (s *SsoClient) UserGetAll() (map[string]*models.User, error) {

  77. 	lc := s.Copy()

  78. 

  79. 	conn, err := lc.newLdapConn()

  80. 	if err != nil {

  81. 		return nil, err

  82. 	}

  83. 	defer conn.Close()

  84. 

  85. 	srs, err := lc.ldapReq(conn, lc.UserFilter)

  86. 	if err != nil {

  87. 		return nil, fmt.Errorf("ldap.error: ldap search fail: %v", err)

  88. 	}

  89. 

  90. 	res := make(map[string]*models.User)

  91. 

  92. 	for i := range srs {

  93. 		if srs[i] == nil {

  94. 			continue

  95. 		}

  96. 		for _, entry := range srs[i].Entries {

  97. 			attrs := lc.Attributes

  98. 			username := entry.GetAttributeValue(attrs.Username)

  99. 			nickname := entry.GetAttributeValue(attrs.Nickname)

  100. 			email := entry.GetAttributeValue(attrs.Email)

  101. 			phone := entry.GetAttributeValue(attrs.Phone)

  102. 

  103. 			// Gets the roles and teams for this entry

  104. 			roleTeamMapping := lc.GetUserRolesAndTeams(entry)

  105. 			if len(roleTeamMapping.Roles) == 0 {

  106. 				// No role mapping is configured, the configured default role is used

  107. 				roleTeamMapping.Roles = lc.DefaultRoles

  108. 			}

  109. 			user := new(models.User)

  110. 			user.FullSsoFieldsWithTeams("ldap", username, nickname, phone, email, roleTeamMapping.Roles, roleTeamMapping.Teams)

  111. 

  112. 			res[entry.GetAttributeValue(attrs.Username)] = user

  113. 		}

  114. 	}

  115. 

  116. 	return res, nil

  117. }

  118. 

  119. // newExtraUsers: in newUsers not in base

  120. // updatedUsers: in newUsers and in base, update the user.TeamsLst data

  121. func diffUsers(base, newUsers map[string]*models.User) (newExtraUsers, updatedUsers []*models.User) {

  122. 	for username, user := range newUsers {

  123. 		if baseUser, exist := base[username]; !exist {

  124. 			newExtraUsers = append(newExtraUsers, user)

  125. 		} else {

  126. 			if len(baseUser.TeamsLst) == 0 {

  127. 				// Need to pass on the team message

  128. 				baseUser.TeamsLst = user.TeamsLst

  129. 			}

  130. 			updatedUsers = append(updatedUsers, baseUser)

  131. 		}

  132. 	}

  133. 	return

  134. }

  135. 

  136. func (s *SsoClient) SyncDelUsers(ctx *ctx.Context) error {

  137. 	if !s.Enable || s.SyncAdd || !s.SyncDel {

  138. 		return nil

  139. 	}

  140. 

  141. 	start := time.Now()

  142. 

  143. 	usersFromDb, err := models.UserGetsBySso(ctx, "ldap")

  144. 	if err != nil {

  145. 		dumper.PutSyncRecord("sso_user", start.Unix(), -1, -1, "failed to query users: "+err.Error())

  146. 		return err

  147. 	}

  148. 

  149. 	delIds := make([]int64, 0)

  150. 	for _, user := range usersFromDb {

  151. 		exist, err := s.UserExist(user.Username)

  152. 		if err != nil {

  153. 			dumper.PutSyncRecord("sso_user", start.Unix(), -1, -1, "failed to check whether the user exists: "+err.Error())

  154. 		} else if !exist {

  155. 			delIds = append(delIds, user.Id)

  156. 		}

  157. 	}

  158. 

  159. 	if len(delIds) > 0 {

  160. 		if err := models.UserDelByIds(ctx, delIds); err != nil {

  161. 			dumper.PutSyncRecord("sso_user", start.Unix(), -1, -1, "failed to sync del users: "+err.Error())

  162. 			return err

  163. 		}

  164. 	}

  165. 

  166. 	ms := time.Since(start).Milliseconds()

  167. 	logger.Infof("timer: sync del sso users done, cost: %dms, number: %d", ms, len(delIds))

  168. 	dumper.PutSyncRecord("sso_user", start.Unix(), ms, len(delIds), "success")

  169. 	return nil

  170. }

  171. 

  172. func (s *SsoClient) UserExist(username string) (bool, error) {

  173. 	lc := s.Copy()

  174. 

  175. 	conn, err := lc.newLdapConn()

  176. 	if err != nil {

  177. 		return false, err

  178. 	}

  179. 	defer conn.Close()

  180. 

  181. 	srs, err := lc.ldapReq(conn, "(&(%s=%s))", lc.Attributes.Username, username)

  182. 	if err != nil {

  183. 		return false, err

  184. 	}

  185. 

  186. 	for i := range srs {

  187. 		if srs[i] == nil {

  188. 			continue

  189. 		}

  190. 

  191. 		if len(srs[i].Entries) > 0 {

  192. 			return true, nil

  193. 		}

  194. 

  195. 	}

  196. 

  197. 	return false, nil

  198. }