Class: Entitlements::Backend::MemberOf::Controller

Inherits:
BaseController show all
Includes:
Contracts::Core
Defined in:
lib/entitlements/backend/member_of/controller.rb

Constant Summary collapse

C = 
::Contracts

Constants inherited from BaseController

BaseController::COMMON_GROUP_CONFIG

Instance Attribute Summary

Attributes inherited from BaseController

#actions

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Contracts::Core

common, extended, included

Methods inherited from BaseController

#change_count, identifier, #preapply, #prefetch, #priority, register, #validate

Constructor Details

#initialize(group_name, config = nil) ⇒ Controller

Returns a new instance of Controller.



22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/entitlements/backend/member_of/controller.rb', line 22

def initialize(group_name, config = nil)
  super

  @ldap = Entitlements::Service::LDAP.new_with_cache(
    addr: @config.fetch("ldap_uri"),
    binddn: @config.fetch("ldap_binddn"),
    bindpw: @config.fetch("ldap_bindpw"),
    ca_file: @config.fetch("ldap_ca_file", ENV["LDAP_CACERT"]),
    disable_ssl_verification: @config.fetch("ldap_disable_ssl_verification", false),
    person_dn_format: @config.fetch("person_dn_format")
  )
end

Class Method Details

.priorityObject

Controller priority and registration



8
9
10
 
# File 'lib/entitlements/backend/member_of/controller.rb', line 8

def self.priority
  20
end

Instance Method Details

#apply(action) ⇒ Object 



93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
 
# File 'lib/entitlements/backend/member_of/controller.rb', line 93

def apply(action)
  person = action.updated
  changes = person.attribute_changes
  changes.each do |attrib, val|
    if val.nil?
      logger.debug "APPLY: Delete #{attrib} from #{person.uid}"
    else
      logger.debug "APPLY: Upsert #{attrib} to #{person.uid}"
    end
  end

  person_dn = ldap.person_dn_format.gsub("%KEY%", person.uid)
  unless ldap.modify(person_dn, changes)
    logger.warn "DID NOT APPLY: Changes to #{person.uid} failed!"
    raise "LDAP modify error on #{person_dn}!"
  end
end

#calculateObject 



41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
# File 'lib/entitlements/backend/member_of/controller.rb', line 41

def calculate
  logger.debug "Calculating memberOf attributes for configured groups"

  # We need to update people attributes for each group that is calculated and tagged with an
  # attribute that needs to be updated.
  cleared = Set.new

  relevant_groups = Entitlements::Data::Groups::Calculated.all_groups.select do |ou_key, _|
    config["ou"].include?(ou_key)
  end

  unless relevant_groups.any?
    raise "memberOf emulator found no OUs matching: #{config['ou'].join(', ')}"
  end

  attribute = config["memberof_attribute"]

  relevant_groups.each do |ou_key, data|
    if cleared.add?(attribute)
      Entitlements.cache[:people_obj].read.each do |uid, _person|
        Entitlements.cache[:people_obj].read(uid)[attribute] = []
      end
    end

    data[:groups].each do |group_dn, group_data|
      group_data.member_strings.each do |member|
        Entitlements.cache[:people_obj].read(member).add(attribute, group_dn)
      end
    end
  end

  # Now to populate the actions we have to see which persons have changed attributes.
  @actions = Entitlements.cache[:people_obj].read
    .reject { |_uid, person| person.attribute_changes.empty? }
    .map do |person_uid, person|
      print_differences(person)

      Entitlements::Models::Action.new(
        person_uid,
        :none, # Convention, since entitlements doesn't (yet) create people
        person,
        group_name
      )
    end
end

#print_differences(person) ⇒ Object 



119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
 
# File 'lib/entitlements/backend/member_of/controller.rb', line 119

def print_differences(person)
  changes = person.attribute_changes
  return if changes.empty?

  plural = changes.size == 1 ? "" : "s"
  logger.info "Person #{person.uid} attribute change#{plural}:"

  changes.sort.to_h.each do |attrib, val|
    orig = person.original(attrib)
    if orig.nil?
      # Added attribute
      if val.is_a?(Array)
        logger.info ". ADD attribute #{attrib}:"
        val.each { |item| logger.info ".   + #{item}" }
      else
        logger.info ". ADD attribute #{attrib}: #{val.inspect}"
      end
    elsif val.nil?
      # Removed attribute
      if orig.is_a?(Array)
        word = orig.size == 1 ? "entry" : "entries"
        logger.info ". REMOVE attribute #{attrib}: #{orig.size} #{word}"
      else
        logger.info ". REMOVE attribute #{attrib}: #{orig.inspect}"
      end
    else
      # Modified attribute
      logger.info ". MODIFY attribute #{attrib}:"
      if val.is_a?(String) && orig.is_a?(String)
        # Simple string change
        logger.info ".  - #{orig.inspect}"
        logger.info ".  + #{val.inspect}"
      elsif val.is_a?(Array) && orig.is_a?(Array)
        # Array difference
        added = Set.new(val - orig)
        removed = Set.new(orig - val)
        combined = (added.to_a + removed.to_a)
        combined.sort.each do |item|
          sign = added.member?(item) ? "+" : "-"
          logger.info ".  #{sign} #{item.inspect}"
        end
      else
        # Data type mismatch is unexpected, so don't try to handle every possible case.
        # This should only happen if LDAP schema changes. Just dump out the data structures.
        logger.info ".  - (#{orig.class})"
        logger.info ".  + #{val.inspect}"
      end
    end
  end

  # Return nil to satisfy contract
  nil
end