Пример #1
0
// Loop through all the users and add user locally to main which will call sync
// we need to call dokeys on if the user exists or not so need to check the error message
// for whether the user exists or not and run it anyway unless some other error
func (u userMap) userSync(grp []string) error {
	// set region
	cfg := &aws.Config{Region: aws.String(*region)}

	// set Iam service
	iamsvc := sync_iam.GetIamClient(cfg)

	// Fetch all iam users from group and assign to userMap type
	if err := u.setIamUsers(iamsvc, grp); err != nil {
		return err
	}

	// Set all the keys for users
	if err := u.setKey(iamsvc); err != nil {
		return err
	}
	var IamUsers []string
	for userStr, data := range u {
		IamUsers = append(IamUsers, userStr)
		luser := sync_users.New(userStr, data.group, *sudoGroup, data.keys)
		if err := luser.Sync(); err != nil {
			log.Error(fmt.Sprintf("Error syncing users: %v", err))
			return err
		}
	}
	ignored := splitString(*ignoreusers)
	userCmp, err := sync_users.CmpNew(IamUsers, ignored)
	if err != nil {
		return err
	}
	if err := userCmp.Cleanup(); err != nil {
		return err
	}
	return nil
}
Пример #2
0
func GetKeys(user string, svc *iam.IAM) ([]string, error) {
	resp, err := svc.ListSSHPublicKeys(&iam.ListSSHPublicKeysInput{
		UserName: aws.String(user),
	})
	if err != nil {
		log.Error(fmt.Sprintf("Error getting keys for user %v", user))
		return nil, err
	}
	if len(resp.SSHPublicKeys) > 0 {
		ukey, err := getUserKey(user, svc, resp.SSHPublicKeys)
		if err != nil {
			log.Error("Error calling getUserKey")
			return nil, err
		} else {
			return ukey, nil
		}
	}
	return nil, nil
}
Пример #3
0
// Set the IAM users
func (u userMap) setIamUsers(svc *iam.IAM, g []string) error {
	for _, grp := range g {
		resp, err := svc.GetGroup(&iam.GetGroupInput{GroupName: aws.String(grp)})
		if err != nil {
			log.Error(fmt.Sprintf("Error getting Group: %v, %v", grp, err))
			return err
		}
		for _, user := range sync_iam.GetIamUsers(resp) {
			u[user] = &userData{group: grp}
		}
	}
	return nil
}
Пример #4
0
// Remove users from system that are not in the group list
func RemoveUser(usr string) error {
	u, err := user.Lookup(usr)
	if err != nil {
		return err
	}
	CMD := "userdel"
	CMD_ARGS := []string{"-r", u.Username}
	if _, err := exec.Command(CMD, CMD_ARGS...).Output(); err != nil {
		log.Error(fmt.Sprintf("Error deleting user %v", usr))
		return err
	}
	log.Info(fmt.Sprintf("Deleted user %v", usr))
	return nil
}
Пример #5
0
// Set the key in the structure for the user fetched from iam or delete user from
// structure if the user hasn't set a key
func (u userMap) setKey(svc *iam.IAM) error {
	for user, struc := range u {
		keys, err := sync_iam.GetKeys(user, svc)
		if err != nil {
			log.Error(fmt.Sprintf("Error occurred getting keys: %v", err))
			return err
		}
		if len(keys) == 0 {
			log.Debug(fmt.Sprintf("No active keys for %v. Not adding user [get them to add their key]", user))
			delete(u, user)
		} else {
			struc.keys = keys
		}
	}
	return nil
}
Пример #6
0
// Loop through the keys and call add key to add key to the box
func Keys(l *user.User, kp string, ks []string) error {
	f, err := os.Create(kp)
	defer f.Close()
	if err != nil {
		return err
		log.Error(fmt.Sprintf("Error creating %v", kp))
	}
	log.Debug(fmt.Sprintf("Created file %v writing keys %v", kp, ks))
	w := bufio.NewWriter(f)
	for _, k := range ks {
		fmt.Fprintln(w, k)
		log.Info(fmt.Sprintf("adding key %v", k[0:20]))
	}
	w.Flush()
	if err := setPerms(l, kp); err != nil {
		return err
	}
	return nil
}
Пример #7
0
// function main call out into validate code
func main() {
	// Make and initaize the map for structure
	umap := make(userMap)

	// Check the flag options
	flagOptions()

	// Get a list of the groups
	grpList = splitString(*groups)

	if *onetime {
		if err := umap.userSync(grpList); err != nil {
			os.Exit(1)
		}
		os.Exit(0)
	}

	// Set the channels
	stopChan := make(chan bool)
	doneChan := make(chan bool)
	errChan := make(chan error, 10)

	go umap.process(grpList, doneChan, stopChan, *interval)
	signalChan := make(chan os.Signal, 1)
	signal.Notify(signalChan, syscall.SIGINT, syscall.SIGTERM)
	for {
		select {
		case err := <-errChan:
			log.Error(fmt.Sprintf("Error captured: %v", err.Error()))
		case s := <-signalChan:
			log.Info(fmt.Sprintf("Captured %v. Exiting...", s))
			close(doneChan)
		case <-doneChan:
			os.Exit(0)
		}
	}

}