add manual sync

2025-12-06 09:12:45 +01:00 · 2022-09-27 07:05:04 -04:00
parent 0ad1a1a262
commit 8e175b2d3f
2 changed files with 29 additions and 7 deletions
--- a/salt/common/tools/sbin/so-user
+++ b/salt/common/tools/sbin/so-user
@@ -27,20 +27,27 @@ function usage() {
              --firstName <firstName>   (defaults to blank)"
              --lastName <lastName>     (defaults to blank)"
              --note <note>             (defaults to blank)"
+              --skip-sync               (defers the Elastic sync until the next scheduled time)
  
   addrole: Grants a role to an existing user"
            Required parameters: "
              --email <email>"
              --role <role>"
+            Optional parameters: "
+              --skip-sync               (defers the Elastic sync until the next scheduled time)
  
   delrole: Removes a role from an existing user"
            Required parameters: "
              --email <email>"
              --role <role>"
+            Optional parameters: "
+              --skip-sync               (defers the Elastic sync until the next scheduled time)
  
  password: Updates a user's password and disables MFA"
            Required parameters: "
              --email <email>"
+            Optional parameters: "
+              --skip-sync               (defers the Elastic sync until the next scheduled time)
  
    profile: Updates a user's profile information"
            Required parameters: "
@@ -54,10 +61,14 @@ function usage() {
    enable: Enables a user"
            Required parameters: "
              --email <email>"
+            Optional parameters: "
+              --skip-sync               (defers the Elastic sync until the next scheduled time)
  
   disable: Disables a user"
            Required parameters: "
              --email <email>"
+            Optional parameters: "
+              --skip-sync               (defers the Elastic sync until the next scheduled time)
  
  validate: Validates that the given email address and password are acceptable"
            Required parameters: "
@@ -105,6 +116,9 @@ while [[ $# -gt 0 ]]; do
      note=$1
      shift
      ;;
+    --skip-sync) 
+      SKIP_SYNC=1
+      ;;
    *) 
      echo "Encountered unexpected parameter: $param"
      usage
@@ -290,6 +304,8 @@ function syncElasticSystemRole() {
 }

 function syncElastic() {
+  [[ -n $SKIP_SYNC ]] && return
+
  echo "Syncing users and roles between SOC and Elastic..."

  usersTmpFile="${elasticUsersFile}.tmp"
--- a/salt/soc/files/bin/salt-relay.sh
+++ b/salt/soc/files/bin/salt-relay.sh
@@ -55,7 +55,6 @@ function manage_minion() {
 function manage_user() {
  request=$1
  op=$(echo "$request" | jq -r .operation)
-  email=$(echo "$request" | jq -r .email)

  case "$op" in
    add)
@@ -66,27 +65,27 @@ function manage_user() {
      lastName=$(echo "$request" | jq -r .lastName)
      note=$(echo "$request" | jq -r .note)
      log "Performing user '$op' for user '$email' with firstname '$firstName', lastname '$lastName', note '$note' and role '$role'"
-      response=$(echo "$password" | so-user "$op" --email "$email" --firstName "$firstName" --lastName "$lastName" --note "$note" --role "$role")
+      response=$(echo "$password" | so-user "$op" --email "$email" --firstName "$firstName" --lastName "$lastName" --note "$note" --role "$role" --skip-sync)
      exit_code=$?
      ;;
    add|enable|disable|delete)
      email=$(echo "$request" | jq -r .email)
      log "Performing user '$op' for user '$email'"
-      response=$(so-user "$op" --email "$email")
+      response=$(so-user "$op" --email "$email" --skip-sync)
      exit_code=$?
      ;;
    addrole|delrole)
      email=$(echo "$request" | jq -r .email)
      role=$(echo "$request" | jq -r .role)
      log "Performing '$op' for user '$email' with role '$role'"
-      response=$(so-user "$op" --email "$email" --role "$role")
+      response=$(so-user "$op" --email "$email" --role "$role" --skip-sync)
      exit_code=$?
      ;;
    password)
      email=$(echo "$request" | jq -r .email)
      password=$(echo "$request" | jq -r .password)
      log "Performing '$op' operation for user '$email'"
-      response=$(echo "$password" | so-user "$op" --email "$email")
+      response=$(echo "$password" | so-user "$op" --email "$email" --skip-sync)
      exit_code=$?
      ;;
    profile)
@@ -98,6 +97,11 @@ function manage_user() {
      response=$(so-user "$op" --email "$email" --firstName "$firstName" --lastName "$lastName" --note "$note")
      exit_code=$?
      ;;
+    sync)
+      log "Performing '$op'"
+      response=$(so-user "$op")
+      exit_code=$?
+      ;;
    *)
      response="Unsupported user operation: $op"
      exit_code=1
@@ -119,12 +123,14 @@ function manage_salt() {

  case "$op" in
    state)
+      log "Performing '$op' for '$state'"
      state=$(echo "$request" | jq -r .state)
-      response=$(salt-call state.apply "$state" queue=True)
+      response=$(salt '*' state.apply "$state" queue=True)
      exit_code=$?
      ;;
    highstate)
-      response=$(salt-call state.highstate queue=True)
+      log "Performing '$op'"
+      response=$(salt '*' state.highstate queue=True)
      exit_code=$?
      ;;
    *)