// Loop through all the users and add user locally to main which will call sync // we need to call dokeys on if the user exists or not so need to check the error message // for whether the user exists or not and run it anyway unless some other error func (u userMap) userSync(grp []string) error { // set region cfg := &aws.Config{Region: aws.String(*region)} // set Iam service iamsvc := sync_iam.GetIamClient(cfg) // Fetch all iam users from group and assign to userMap type if err := u.setIamUsers(iamsvc, grp); err != nil { return err } // Set all the keys for users if err := u.setKey(iamsvc); err != nil { return err } var IamUsers []string for userStr, data := range u { IamUsers = append(IamUsers, userStr) luser := sync_users.New(userStr, data.group, *sudoGroup, data.keys) if err := luser.Sync(); err != nil { log.Error(fmt.Sprintf("Error syncing users: %v", err)) return err } } ignored := splitString(*ignoreusers) userCmp, err := sync_users.CmpNew(IamUsers, ignored) if err != nil { return err } if err := userCmp.Cleanup(); err != nil { return err } return nil }
func GetKeys(user string, svc *iam.IAM) ([]string, error) { resp, err := svc.ListSSHPublicKeys(&iam.ListSSHPublicKeysInput{ UserName: aws.String(user), }) if err != nil { log.Error(fmt.Sprintf("Error getting keys for user %v", user)) return nil, err } if len(resp.SSHPublicKeys) > 0 { ukey, err := getUserKey(user, svc, resp.SSHPublicKeys) if err != nil { log.Error("Error calling getUserKey") return nil, err } else { return ukey, nil } } return nil, nil }
// Set the IAM users func (u userMap) setIamUsers(svc *iam.IAM, g []string) error { for _, grp := range g { resp, err := svc.GetGroup(&iam.GetGroupInput{GroupName: aws.String(grp)}) if err != nil { log.Error(fmt.Sprintf("Error getting Group: %v, %v", grp, err)) return err } for _, user := range sync_iam.GetIamUsers(resp) { u[user] = &userData{group: grp} } } return nil }
// Remove users from system that are not in the group list func RemoveUser(usr string) error { u, err := user.Lookup(usr) if err != nil { return err } CMD := "userdel" CMD_ARGS := []string{"-r", u.Username} if _, err := exec.Command(CMD, CMD_ARGS...).Output(); err != nil { log.Error(fmt.Sprintf("Error deleting user %v", usr)) return err } log.Info(fmt.Sprintf("Deleted user %v", usr)) return nil }
// Set the key in the structure for the user fetched from iam or delete user from // structure if the user hasn't set a key func (u userMap) setKey(svc *iam.IAM) error { for user, struc := range u { keys, err := sync_iam.GetKeys(user, svc) if err != nil { log.Error(fmt.Sprintf("Error occurred getting keys: %v", err)) return err } if len(keys) == 0 { log.Debug(fmt.Sprintf("No active keys for %v. Not adding user [get them to add their key]", user)) delete(u, user) } else { struc.keys = keys } } return nil }
// Loop through the keys and call add key to add key to the box func Keys(l *user.User, kp string, ks []string) error { f, err := os.Create(kp) defer f.Close() if err != nil { return err log.Error(fmt.Sprintf("Error creating %v", kp)) } log.Debug(fmt.Sprintf("Created file %v writing keys %v", kp, ks)) w := bufio.NewWriter(f) for _, k := range ks { fmt.Fprintln(w, k) log.Info(fmt.Sprintf("adding key %v", k[0:20])) } w.Flush() if err := setPerms(l, kp); err != nil { return err } return nil }
// function main call out into validate code func main() { // Make and initaize the map for structure umap := make(userMap) // Check the flag options flagOptions() // Get a list of the groups grpList = splitString(*groups) if *onetime { if err := umap.userSync(grpList); err != nil { os.Exit(1) } os.Exit(0) } // Set the channels stopChan := make(chan bool) doneChan := make(chan bool) errChan := make(chan error, 10) go umap.process(grpList, doneChan, stopChan, *interval) signalChan := make(chan os.Signal, 1) signal.Notify(signalChan, syscall.SIGINT, syscall.SIGTERM) for { select { case err := <-errChan: log.Error(fmt.Sprintf("Error captured: %v", err.Error())) case s := <-signalChan: log.Info(fmt.Sprintf("Captured %v. Exiting...", s)) close(doneChan) case <-doneChan: os.Exit(0) } } }