Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

remove batcave's retrieve-security-question.py

Browse source 
Removes the batcave script, retrieve-security-question.py
which is no longer needed with Noggin / FreeIPA-FAS

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
This commit is contained in:
Ryan Lercho 2020-07-20 21:08:25 +10:00
parent c902575f49
commit 9a11a95feb
2 changed files with 0 additions and 118 deletions
Download patch file Download diff file Expand all files Collapse all files

107
roles/batcave/files/retrieve-security-question.py
View file

@ -1,107 +0,0 @@
#!/usr/bin/python -tt
# -*- coding: utf-8 -*-
# Use this script to retrieve the security_question and security_answer from FAS (requires FAS >= 0.8.14)
# Author: Patrick Uiterwijk <puiterwijk@fedoraproject.org>
#
# Copyright 2012-2021 Patrick Uiterwijk. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE FEDORA PROJECT ''AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# The views and conclusions contained in the software and documentation are those
# of the authors and should not be interpreted as representing official policies,
# either expressed or implied, of the Fedora Project.
import os
import getpass
import sys
import gpg.core
from fedora.client import AccountSystem
from fedora.client import AuthError
from fedora.client import ServerError
import argparse
from io import BytesIO
parser = argparse.ArgumentParser()
parser.add_argument('admin_user', help='The user as which to log in to retrieve the question and answer')
parser.add_argument('target_user', help='The user of which to retrieve the security question and answer')
parser.add_argument('--verbose', action='store_true')
parser.add_argument('--no-answer', action='store_true', help='Only show the question, do not decrypt the answer')
parser.add_argument('--site', help='The FAS URL to get the information from')
parser.add_argument('--insecure', action='store_true', default=False,
help='Do not check the certificate for the server. *WARNING*: Only use this for testing')
parser.add_argument('--gpg_home', help='The directory where secring.gpg and pubring.gpg reside')
args = parser.parse_args()
args.admin_pass = getpass.getpass()
if args.site == None:
args.site = 'https://admin.fedoraproject.org/accounts/'
if args.verbose:
print('Using site: %(site)s' % {'site': args.site})
if args.verbose:
if args.gpg_home == None:
print('Using default gpg_home')
else:
print('Using gpg_home: %(gpghome)s' % {'gpghome': args.gpg_home})
if args.gpg_home != None:
os.putenv('GNUPGHOME', args.gpg_home)
fas = AccountSystem(args.site, username=args.admin_user, password=args.admin_pass, insecure=args.insecure)
if args.verbose:
print('Getting user details...')
try:
details = fas.person_by_username(args.target_user)
except AuthError:
print('Failed to login to FAS. Please check admin_user and admin_pass!')
sys.exit(2)
except ServerError:
print('Failed to retrieve user details: the server reported an error!')
sys.exit(3)
if not 'username' in list(details.keys()):
print('Error: user %(username)s is not known on this FAS site!' % {'username': args.target_user})
sys.exit(4)
if not 'security_question' in list(details.keys()):
print('Error: security_question was not retrieved by FAS! Are you sure you are using FAS >= 0.8.14, and that admin_user has the privileges to retrieve security_question?')
sys.exit(5)
if details.security_question == None or details.security_answer == None:
print('Error: unable to retrieve security_question or security_answer. Are you sure you have privileges to return this information?')
sys.exit(6)
if not args.no_answer:
if args.verbose:
print('Decrypting answer...')
cipher = BytesIO(details.security_answer.encode('utf-8'))
ctx = gpg.core.Context()
plain = ctx.decrypt(cipher)[0].decode('utf8')
details.security_answer = plain
print('Security question: %(question)s' % {'question': details.security_question})
if not args.no_answer:
print('Security answer: %(answer)s' % {'answer': details.security_answer})

11
roles/batcave/tasks/main.yml
View file

@ -238,17 +238,6 @@
- config
#
# Script used to gather encrypted security questions from fas
#
- name: setup /usr/local/bin/retrieve-security-question.py
copy: src=retrieve-security-question.py dest=/usr/local/bin/retrieve-security-question.py mode=0755
tags:
- batcave
- config
# The zodbot server must allow TCP on whatever port zodbot is listening on
# for this to work (currently TCP port 5050).
# Once that is done, you can symlink /usr/local/bin/zodbot-announce-commits.py