diff --git a/salt/common/tools/sbin/so-user b/salt/common/tools/sbin/so-user index 74dc14107..2c6a28914 100755 --- a/salt/common/tools/sbin/so-user +++ b/salt/common/tools/sbin/so-user @@ -27,20 +27,27 @@ function usage() { --firstName (defaults to blank)" --lastName (defaults to blank)" --note (defaults to blank)" + --skip-sync (defers the Elastic sync until the next scheduled time) addrole: Grants a role to an existing user" Required parameters: " --email " --role " + Optional parameters: " + --skip-sync (defers the Elastic sync until the next scheduled time) delrole: Removes a role from an existing user" Required parameters: " --email " --role " + Optional parameters: " + --skip-sync (defers the Elastic sync until the next scheduled time) password: Updates a user's password and disables MFA" Required parameters: " --email " + Optional parameters: " + --skip-sync (defers the Elastic sync until the next scheduled time) profile: Updates a user's profile information" Required parameters: " @@ -54,10 +61,14 @@ function usage() { enable: Enables a user" Required parameters: " --email " + Optional parameters: " + --skip-sync (defers the Elastic sync until the next scheduled time) disable: Disables a user" Required parameters: " --email " + Optional parameters: " + --skip-sync (defers the Elastic sync until the next scheduled time) validate: Validates that the given email address and password are acceptable" Required parameters: " @@ -105,6 +116,9 @@ while [[ $# -gt 0 ]]; do note=$1 shift ;; + --skip-sync) + SKIP_SYNC=1 + ;; *) echo "Encountered unexpected parameter: $param" usage @@ -290,6 +304,8 @@ function syncElasticSystemRole() { } function syncElastic() { + [[ -n $SKIP_SYNC ]] && return + echo "Syncing users and roles between SOC and Elastic..." usersTmpFile="${elasticUsersFile}.tmp" diff --git a/salt/soc/files/bin/salt-relay.sh b/salt/soc/files/bin/salt-relay.sh index 752b1b1ad..c912cbeff 100755 --- a/salt/soc/files/bin/salt-relay.sh +++ b/salt/soc/files/bin/salt-relay.sh @@ -55,7 +55,6 @@ function manage_minion() { function manage_user() { request=$1 op=$(echo "$request" | jq -r .operation) - email=$(echo "$request" | jq -r .email) case "$op" in add) @@ -66,27 +65,27 @@ function manage_user() { lastName=$(echo "$request" | jq -r .lastName) note=$(echo "$request" | jq -r .note) log "Performing user '$op' for user '$email' with firstname '$firstName', lastname '$lastName', note '$note' and role '$role'" - response=$(echo "$password" | so-user "$op" --email "$email" --firstName "$firstName" --lastName "$lastName" --note "$note" --role "$role") + response=$(echo "$password" | so-user "$op" --email "$email" --firstName "$firstName" --lastName "$lastName" --note "$note" --role "$role" --skip-sync) exit_code=$? ;; add|enable|disable|delete) email=$(echo "$request" | jq -r .email) log "Performing user '$op' for user '$email'" - response=$(so-user "$op" --email "$email") + response=$(so-user "$op" --email "$email" --skip-sync) exit_code=$? ;; addrole|delrole) email=$(echo "$request" | jq -r .email) role=$(echo "$request" | jq -r .role) log "Performing '$op' for user '$email' with role '$role'" - response=$(so-user "$op" --email "$email" --role "$role") + response=$(so-user "$op" --email "$email" --role "$role" --skip-sync) exit_code=$? ;; password) email=$(echo "$request" | jq -r .email) password=$(echo "$request" | jq -r .password) log "Performing '$op' operation for user '$email'" - response=$(echo "$password" | so-user "$op" --email "$email") + response=$(echo "$password" | so-user "$op" --email "$email" --skip-sync) exit_code=$? ;; profile) @@ -98,6 +97,11 @@ function manage_user() { response=$(so-user "$op" --email "$email" --firstName "$firstName" --lastName "$lastName" --note "$note") exit_code=$? ;; + sync) + log "Performing '$op'" + response=$(so-user "$op") + exit_code=$? + ;; *) response="Unsupported user operation: $op" exit_code=1 @@ -119,12 +123,14 @@ function manage_salt() { case "$op" in state) + log "Performing '$op' for '$state'" state=$(echo "$request" | jq -r .state) - response=$(salt-call state.apply "$state" queue=True) + response=$(salt '*' state.apply "$state" queue=True) exit_code=$? ;; highstate) - response=$(salt-call state.highstate queue=True) + log "Performing '$op'" + response=$(salt '*' state.highstate queue=True) exit_code=$? ;; *)