Revert "Rbac uplift"

ministryofjustice · Aug 18, 2023 · 26e19ee · 26e19ee
1 parent cb1c29f
commit 26e19ee
Show file tree

Hide file tree

Showing 13 changed files with 80 additions and 405 deletions.
diff --git a/.gitignore b/.gitignore
@@ -159,11 +159,4 @@ cython_debug/
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 .idea/
 # VSCode Config
-.vscode
-
-.secrets
-.vars
-/rbac
-
-*.ldif
-*.ldif.j2
+.vscode
diff --git a/cli/__init__.py b/cli/__init__.py
@@ -1,33 +1,28 @@
 import click
-import cli.ldap.add_roles_to_username, cli.ldap.rbac
+from cli import ldap
 
 from cli import git
-import cli.env
-
 
 @click.group()
 def main_group():
     pass
 
-
 @click.command()
 @click.option("--user-ou", help="OU to add users to, defaults to ou=Users", default="ou=Users")
 @click.option("--root-dn", help="Root DN to add users to", default="dc=moj,dc=com")
 @click.argument("user-role-list", required=True)
 def add_roles_to_users(user_ou, root_dn, user_role_list):
-    cli.ldap.add_roles_to_username.process_user_roles_list(user_role_list, user_ou, root_dn)
+    ldap.process_user_roles_list(user_role_list, user_ou, root_dn)
 
 
 @click.command()
-@click.option("--rbac-repo-tag", help="RBAC repo tag to use", default="master")
-def rbac_uplift(rbac_repo_tag):
-    cli.ldap.rbac.main(rbac_repo_tag)
-
+def git_test():
+    git.dl_test()
 
 # from cli.ldap import test
 
 main_group.add_command(add_roles_to_users)
-main_group.add_command(rbac_uplift)
+main_group.add_command(git_test)
 
 if __name__ == "__main__":
     main_group()
diff --git a/cli/ansible/__init__.py b/cli/ansible/__init__.py
@@ -0,0 +1,2 @@
+import ansible_runner
+
diff --git a/cli/config.py b/cli/config.py
@@ -0,0 +1,17 @@
+import os
+
+from dotenv import load_dotenv
+
+load_dotenv()
+
+ldap_host = os.getenv("LDAP_HOST")
+ldap_user = os.getenv("LDAP_USER")
+ldap_password = os.getenv("LDAP_PASSWORD")
+db_user = os.getenv("DB_USER")
+db_password = os.getenv("DB_PASSWORD")
+db_host = os.getenv("DB_HOST")
+db_port = os.getenv("DB_PORT")
+db_service_name = os.getenv("DB_SERVICE_NAME")
+gh_app_id = os.getenv("GH_APP_ID")
+gh_private_key = os.getenv("GH_PRIVATE_KEY")
+gh_installation_id = os.getenv("GH_INSTALLATION_ID")
diff --git a/cli/env.py b/cli/env.py
diff --git a/cli/git/__init__.py b/cli/git/__init__.py
@@ -4,37 +4,47 @@
 import time
 import requests
 import logging
-from cli import env
-
-
+from cli import config
 def get_access_token(app_id, private_key, installation_id):
     # Create a JSON Web Token (JWT) using the app's private key
     now = int(time.time())
-    payload = {"iat": now, "exp": now + 600, "iss": app_id}
+    payload = {
+        "iat": now,
+        "exp": now + 600,
+        "iss": app_id
+    }
     jwt_token = jwt.encode(payload, private_key, algorithm="RS256")
 
     # Exchange the JWT for an installation access token
-    headers = {"Authorization": f"Bearer {jwt_token}", "Accept": "application/vnd.github.v3+json"}
-    response = requests.post(
-        f"https://api.github.com/app/installations/{installation_id}/access_tokens", headers=headers
-    )
+    headers = {
+        "Authorization": f"Bearer {jwt_token}",
+        "Accept": "application/vnd.github.v3+json"
+    }
+    response = requests.post(f"https://api.github.com/app/installations/{installation_id}/access_tokens",
+                             headers=headers)
     # extract the token from the response
     access_token = response.json().get("token")
     return access_token
 
-
-def get_repo(url, depth="1", branch_or_tag="master", token=None, auth_type="x-access-token", dest_name="repo"):
+def get_repo(url, token=None, auth_type="x-access-token", dest_name="repo"):
     # if there is an @ in the url, assume auth is already specified
-    multi_options = ["--depth " + depth, "--branch " + branch_or_tag]
-    if "@" in url:
-        logging.info("auth already specified in url")
-        return Repo.clone_from(url, dest_name, multi_options=multi_options)
+    if '@' in url:
+        logging.info('auth already specified in url')
+        return Repo.clone_from(url, dest_name)
     # if there is a token, assume auth is required and use the token and auth_type
     elif token:
         templated_url = f'https://{auth_type}:{token}@{url.split("//")[1]}'
-        logging.info(f"cloning with token: {templated_url}")
-        return Repo.clone_from(templated_url, dest_name, multi_options=multi_options)
+        logging.info(f'cloning with token: {templated_url}')
+        return Repo.clone_from(templated_url, dest_name)
     # if there is no token, assume auth is not required and clone without
     else:
-        logging.info("cloning without auth")
-        return Repo.clone_from(url, dest_name, multi_options=multi_options)
+        logging.info('cloning without auth')
+        return Repo.clone_from(url, dest_name)
+def dl_test():
+    app_id = config.gh_app_id
+    private_key = config.gh_private_key
+    installation_id = config.gh_installation_id
+    url = 'https://github.com/ministryofjustice/hmpps-delius-pipelines.git'
+    token = get_access_token(app_id, private_key, installation_id)
+    repo = get_repo(url, token=token, dest_name='delius-pipelines')
+    print(repo)
diff --git a/cli/ldap/__init__.py b/cli/ldap/__init__.py
@@ -1,12 +1,14 @@
 from ldap3 import Server, Connection, ALL
-from logging import log
-
 
 # import oracledb
+import logging
+
+logging.basicConfig(level=logging.DEBUG)
+
+
 def ldap_connect(ldap_host, ldap_user, ldap_password):
-    server = Server(ldap_host, get_info=ALL)
     return Connection(
-        server=server, user=ldap_user, password=ldap_password, auto_bind="NO_TLS", authentication="SIMPLE"
+        server=ldap_host, user=ldap_user, password=ldap_password, auto_bind="NO_TLS", authentication="SIMPLE"
     )
 
 

diff --git a/cli/ldap/add_roles_to_username.py b/cli/ldap/add_roles_to_username.py
@@ -1,22 +1,16 @@
-from cli.logging import log
-from cli import env
+import logging
+
+from cli import config
 from cli.ldap import ldap_connect
 
 
 def parse_user_role_list(user_role_list):
-    # The format of the list should be a pipe separated list of username and role lists,
-    # where the username and role list is separated by a comma character,
-    # and the roles are separated by a semi-colon:
-    # username1,role1;role2;role3|username2,role1;role2
-
     return {user.split(",")[0]: user.split(",")[1].split(";") for user in user_role_list.split("|")}
 
 
 def add_roles_to_user(username, roles, user_ou="ou=Users", root_dn="dc=moj,dc=com"):
-    log.info(f"Adding roles {roles} to user {username}")
-    ldap_connection = ldap_connect(
-        env.vars.get("LDAP_HOST"), env.vars.get("LDAP_USER"), env.secrets.get("LDAP_BIND_PASSWORD")
-    )
+    logging.info(f"Adding roles {roles} to user {username}")
+    ldap_connection = ldap_connect(config.ldap_host, config.ldap_user, config.ldap_password)
     for role in roles:
         ldap_connection.add(
             f"cn={role},cn={username},{user_ou},{root_dn}",
@@ -36,7 +30,6 @@ def add_roles_to_user(username, roles, user_ou="ou=Users", root_dn="dc=moj,dc=co
 
 
 def process_user_roles_list(user_role_list, user_ou="ou=Users", root_dn="dc=moj,dc=com"):
-    log.info(f"secrets: {env.secrets}")
     user_roles = parse_user_role_list(user_role_list)
     for user, roles in user_roles.items():
         add_roles_to_user(user, roles, user_ou, root_dn)