connect

2025-12-06 17:22:49 +01:00 · 2024-11-01 15:37:59 -04:00
parent cd2e5bf2d0
commit 825dbb36dd
3 changed files with 15 additions and 30 deletions
--- a/salt/manager/tools/sbin/so-client
+++ b/salt/manager/tools/sbin/so-client
@@ -45,6 +45,7 @@ function usage() {
              --id <id>
              --name <name>
              --note <note>
+              --searchusername <run-as username>
  
  generate-secret: Regenerates a client's secret and outputs the new secret. 
            Required parameters: 
@@ -84,7 +85,12 @@ while [[ $# -gt 0 ]]; do
      ;;
    --note) 
      note=$1
-      [[ ${#note} -gt 50 ]] && fail "note cannot be longer than 500 characters"
+      [[ ${#note} -gt 100 ]] && fail "note cannot be longer than 100 characters"
+      shift
+      ;;
+    --searchusername) 
+      searchusername=$1
+      [[ ${#searchusername} -gt 50 ]] && fail "search username cannot be longer than 50 characters"
      shift
      ;;
    --json) 
@@ -199,7 +205,7 @@ function adjustClientPermission() {
      echo "$perm:$identityId" >> "$filename"
    fi
  elif [[ "$op" == "del" ]]; then
-    if [[ "$hasPermission" -ne 1 ]]; then
+    if [[ "$hasPerm" -ne 1 ]]; then
      fail "Client '$identityId' does not have the permission: $perm"
    else
      sed -e "\!^$perm:$identityId\$!d" "$filename" > "$filename.tmp"
@@ -328,7 +334,7 @@ case "${operation}" in
    if [[ "$json" == "1" ]]; then
      echo "{\"id\":\"$id\",\"secret\":\"$secret\"}"
    else
-      echo "Successfully added user ID $id with generated secret: $secret"
+      echo "Successfully added client ID $id with generated secret: $secret"
    fi
    ;;

@@ -363,9 +369,10 @@ case "${operation}" in
    [[ "$id" == "" ]] && fail "Id must be provided"
    [[ "$name" == "" ]] && fail "Name must be provided"
    [[ "$note" == "" ]] && fail "Note must be provided"
+    [[ "$searchusername" == "" ]] && fail "Search Username must be provided"

    lock
-    update "$id" "$name" "$note"
+    update "$id" "$name" "$note" "$searchusername"
    echo "Successfully updated client"
    ;;

@@ -388,7 +395,7 @@ case "${operation}" in

    lock
    deleteClient "$id"
-    echo "Successfully deleted client. Run 'so-user sync' to sync with Elasticsearch."
+    echo "Successfully deleted client."
    ;;
  *)
    fail "Unsupported operation: $operation"
--- a/salt/manager/tools/sbin/so-user
+++ b/salt/manager/tools/sbin/so-user
@@ -136,7 +136,6 @@ bcryptRounds=${BCRYPT_ROUNDS:-12}
 elasticUsersFile=${ELASTIC_USERS_FILE:-/opt/so/saltstack/local/salt/elasticsearch/files/users}
 elasticRolesFile=${ELASTIC_ROLES_FILE:-/opt/so/saltstack/local/salt/elasticsearch/files/users_roles}
 socRolesFile=${SOC_ROLES_FILE:-/opt/so/conf/soc/soc_users_roles}
-clientRolesFile=${SOC_ROLES_FILE:-/opt/so/conf/soc/soc_clients_roles}
 esUID=${ELASTIC_UID:-930}
 esGID=${ELASTIC_GID:-930}
 soUID=${SOCORE_UID:-939}
@@ -283,18 +282,6 @@ function ensureRoleFileExists() {
    fi
    mv "${rolesTmpFile}" "${socRolesFile}"
  fi
-
-  if [[ ! -f "$clientRolesFile" || ! -s "$clientRolesFile" ]]; then
-    # Generate the new client roles file
-    rolesTmpFile="${clientRolesFile}.tmp"
-    createFile "$rolesTmpFile" "$soUID" "$soGID"
-
-    if [[ -d "$clientRolesFile" ]]; then
-      echo "Removing invalid roles directory created by Docker"
-      rm -fr "$clientRolesFile"
-    fi
-    mv "${rolesTmpFile}" "${clientRolesFile}"
-  fi
 }

 function syncElasticSystemUser() {
@@ -370,7 +357,6 @@ function syncElastic() {
      random_crypt=$(get_random_value 53)
      user_data_formatted=$(echo "${user_data_formatted}" | sed -r "s/^(.+:)\$/\\1\$2a\$12${random_crypt}/")
    fi
-
    echo "${user_data_formatted}" >> "$usersTmpFile"

    # Append the user roles
@@ -386,10 +372,6 @@ function syncElastic() {
        sqlite3 -cmd ".timeout ${databaseTimeout}" "$databasePath" >> "$rolesTmpFile"
      [[ $? != 0 ]] && fail "Unable to read role identities from database"
    done < "$socRolesFile"
-
-    # Append the client roles
-    cat "$clientRolesFile" >> "$rolesTmpFile"
-
  else
    echo "Database file or soc roles file does not exist yet, skipping users export"
  fi
--- a/salt/soc/files/bin/salt-relay.sh
+++ b/salt/soc/files/bin/salt-relay.sh
@@ -197,13 +197,9 @@ function manage_client() {
        client_id=$(echo "$request" | jq -r .id)
        name=$(echo "$request" | jq -r .name)
        note=$(echo "$request" | jq -r .note)
-        log "Performing '$op' update for client '$client_id' with name '$name', and note '$note'"
-        response=$(so-client "$op" --id "$client_id" --name "$name" --note "$note")
-        exit_code=$?
-        ;;
-      sync)
-        log "Performing '$op'"
-        response=$(so-user "$op")
+        searchusername=$(echo "$request" | jq -r .searchusername)
+        log "Performing '$op' update for client '$client_id' with name '$name', search username '$searchusername', and note '$note'"
+        response=$(so-client "$op" --id "$client_id" --name "$name" --searchusername "$searchusername" --note "$note")
        exit_code=$?
        ;;
      *)