Add a sample implementation for issue #190

bmc-toolbox · Jan 21, 2021 · f14921e · f14921e
1 parent 4807cd9
commit f14921e
Show file tree

Hide file tree

Showing 9 changed files with 179 additions and 12 deletions.
diff --git a/cfgresources/cfgresources.go b/cfgresources/cfgresources.go
@@ -14,18 +14,20 @@ type SetupChassis struct {
 
 // ResourcesConfig struct holds all the configuration to be applied.
 type ResourcesConfig struct {
-	Ldap         *Ldap         `yaml:"ldap"`
-	LdapGroup    []*LdapGroup  `yaml:"ldapGroup"`
-	License      *License      `yaml:"license"`
-	Network      *Network      `yaml:"network"`
-	Syslog       *Syslog       `yaml:"syslog"`
-	User         []*User       `yaml:"user"`
-	HTTPSCert    *HTTPSCert    `yaml:"httpsCert"`
-	Ntp          *Ntp          `yaml:"ntp"`
-	Bios         *Bios         `yaml:"bios"`
-	Power        *Power        `yaml:"power"`
-	Supermicro   *Supermicro   `yaml:"supermicro"` //supermicro specific config, example of issue #34
-	SetupChassis *SetupChassis `yaml:"setupChassis"`
+	Ldap                     *Ldap         `yaml:"ldap"`
+	LdapGroup                []*LdapGroup  `yaml:"ldapGroup"`
+	PurgeUnmanagedLdapGroups bool          `yaml:"purgeUnmanagedLdapGroups"`
+	License                  *License      `yaml:"license"`
+	Network                  *Network      `yaml:"network"`
+	Syslog                   *Syslog       `yaml:"syslog"`
+	User                     []*User       `yaml:"user"`
+	PurgeUnmanagedUsers      bool          `yaml:"purgeUnmanagedUsers"`
+	HTTPSCert                *HTTPSCert    `yaml:"httpsCert"`
+	Ntp                      *Ntp          `yaml:"ntp"`
+	Bios                     *Bios         `yaml:"bios"`
+	Power                    *Power        `yaml:"power"`
+	Supermicro               *Supermicro   `yaml:"supermicro"` //supermicro specific config, example of issue #34
+	SetupChassis             *SetupChassis `yaml:"setupChassis"`
 }
 
 // Power struct holds Power settings configuration for each vendor.

diff --git a/devices/interfaces.go b/devices/interfaces.go
@@ -121,10 +121,12 @@ type CmcSetup interface {
 type Configure interface {
 	Resources() []string
 	User([]*cfgresources.User) error // UserCreator, UserUpdater, UserDeleter, UserReader
+	PurgeUnmanagedUsers([]*cfgresources.User) error
 	Syslog(*cfgresources.Syslog) error
 	Ntp(*cfgresources.Ntp) error
 	Ldap(*cfgresources.Ldap) error
 	LdapGroup([]*cfgresources.LdapGroup, *cfgresources.Ldap) error
+	PurgeUnmanagedLdapGroups([]*cfgresources.LdapGroup, *cfgresources.Ldap) error
 	Network(*cfgresources.Network) (bool, error)
 	SetLicense(*cfgresources.License) error
 	Bios(*cfgresources.Bios) error

diff --git a/providers/dell/idrac8/configure.go b/providers/dell/idrac8/configure.go
@@ -26,11 +26,13 @@ var _ devices.Configure = (*IDrac8)(nil)
 func (i *IDrac8) Resources() []string {
 	return []string{
 		"user",
+		"purge_unmanaged_users",
 		"syslog",
 		"network",
 		"ntp",
 		"ldap",
 		"ldap_group",
+		"purge_unmanaged_ldap_groups",
 		"https_cert",
 	}
 }
@@ -186,6 +188,12 @@ func (i *IDrac8) User(cfgUsers []*cfgresources.User) (err error) {
 	return err
 }
 
+// PurgeUnmanagedUsers purges any user not in the user configuration.
+// PurgeUnmanagedUsers implements the Configure interface.
+func (i *IDrac8) PurgeUnmanagedUsers(users []*cfgresources.User) (err error) {
+	return nil
+}
+
 // Syslog applies the Syslog configuration resource
 // Syslog implements the Configure interface
 //
@@ -524,6 +532,12 @@ func (i *IDrac8) LdapGroup(cfgGroup []*cfgresources.LdapGroup, cfgLdap *cfgresou
 	return err
 }
 
+// PurgeUnmanagedLdapGroups purges any group not in the ldapGroup configuration.
+// PurgeUnmanagedLdapGroups implements the Configure interface.
+func (i *IDrac8) PurgeUnmanagedLdapGroups(cfgGroup []*cfgresources.LdapGroup, cfgLdap *cfgresources.Ldap) (err error) {
+	return nil
+}
+
 // Apply ldap group privileges
 //https://10.193.251.10/postset?ldapconf
 // data=LDAPEnableMode:3,xGLNameSearchEnabled:0,xGLBaseDN:ou%5C%3DPeople%5C%2Cdc%5C%3Dactivehotels%5C%2Cdc%5C%3Dcom,xGLUserLogin:uid,xGLGroupMem:memberUid,xGLBindDN:,xGLCertValidationEnabled:1,xGLGroup1Priv:511,xGLGroup2Priv:97,xGLGroup3Priv:0,xGLGroup4Priv:0,xGLGroup5Priv:0,xGLServerPort:636

diff --git a/providers/dell/idrac9/configure.go b/providers/dell/idrac9/configure.go
@@ -26,11 +26,13 @@ var _ devices.Configure = (*IDrac9)(nil)
 func (i *IDrac9) Resources() []string {
 	return []string{
 		"user",
+		"purge_unmanaged_users",
 		"syslog",
 		"network",
 		"ntp",
 		"ldap",
 		"ldap_group",
+		"purge_unmanaged_ldap_groups",
 		"bios",
 		"https_cert",
 	}
@@ -252,6 +254,12 @@ func (i *IDrac9) User(cfgUsers []*cfgresources.User) (err error) {
 	return err
 }
 
+// PurgeUnmanagedUsers purges any user not in the user configuration.
+// PurgeUnmanagedUsers implements the Configure interface.
+func (i *IDrac9) PurgeUnmanagedUsers(users []*cfgresources.User) (err error) {
+	return nil
+}
+
 // Ldap applies LDAP configuration params.
 // Ldap implements the Configure interface.
 func (i *IDrac9) Ldap(cfg *cfgresources.Ldap) (err error) {
@@ -438,6 +446,12 @@ func (i *IDrac9) LdapGroup(cfg []*cfgresources.LdapGroup, cfgLdap *cfgresources.
 	return err
 }
 
+// PurgeUnmanagedLdapGroups purges any group not in the ldapGroup configuration.
+// PurgeUnmanagedLdapGroups implements the Configure interface.
+func (i *IDrac9) PurgeUnmanagedLdapGroups(cfg []*cfgresources.LdapGroup, cfgLdap *cfgresources.Ldap) (err error) {
+	return nil
+}
+
 // Ntp applies NTP configuration params
 // Ntp implements the Configure interface.
 func (i *IDrac9) Ntp(cfg *cfgresources.Ntp) (err error) {

diff --git a/providers/dell/m1000e/configure.go b/providers/dell/m1000e/configure.go
@@ -25,10 +25,12 @@ var _ devices.Configure = (*M1000e)(nil)
 func (m *M1000e) Resources() []string {
 	return []string{
 		"user",
+		"purge_unmanaged_users",
 		"syslog",
 		"ntp",
 		"ldap",
 		"ldap_group",
+		"purge_unmanaged_ldap_groups",
 		//"ssl",
 	}
 }
@@ -105,6 +107,12 @@ func (m *M1000e) User(cfgUsers []*cfgresources.User) (err error) {
 	return err
 }
 
+// PurgeUnmanagedUsers purges any user not in the user configuration.
+// PurgeUnmanagedUsers implements the Configure interface.
+func (m *M1000e) PurgeUnmanagedUsers(users []*cfgresources.User) (err error) {
+	return nil
+}
+
 // Syslog applies the Syslog configuration resource
 // Syslog implements the Configure interface
 // TODO: this currently applies network config as well,
@@ -228,6 +236,12 @@ func (m *M1000e) LdapGroup(cfg []*cfgresources.LdapGroup, cfgLdap *cfgresources.
 	return nil
 }
 
+// PurgeUnmanagedLdapGroups purges any group not in the ldapGroup configuration.
+// PurgeUnmanagedLdapGroups implements the Configure interface.
+func (m *M1000e) PurgeUnmanagedLdapGroups(cfg []*cfgresources.LdapGroup, cfgLdap *cfgresources.Ldap) (err error) {
+	return nil
+}
+
 // GenerateCSR generates a CSR request on the BMC.
 // GenerateCSR implements the Configure interface.
 func (m *M1000e) GenerateCSR(cert *cfgresources.HTTPSCertAttributes) ([]byte, error) {

diff --git a/providers/hp/c7000/configure.go b/providers/hp/c7000/configure.go
@@ -18,10 +18,12 @@ var _ devices.Configure = (*C7000)(nil)
 func (c *C7000) Resources() []string {
 	return []string{
 		"user",
+		"purge_unmanaged_users",
 		"syslog",
 		"license",
 		"ntp",
 		"ldap_group",
+		"purge_unmanaged_ldap_groups",
 		"ldap",
 	}
 }
@@ -292,6 +294,12 @@ func (c *C7000) LdapGroup(cfg []*cfgresources.LdapGroup, cfgLdap *cfgresources.L
 	return
 }
 
+// PurgeUnmanagedLdapGroups purges any group not in the ldapGroup configuration.
+// PurgeUnmanagedLdapGroups implements the Configure interface.
+func (c *C7000) PurgeUnmanagedLdapGroups(cfg []*cfgresources.LdapGroup, cfgLdap *cfgresources.Ldap) (err error) {
+	return nil
+}
+
 // LDAP remove group, soap actions in order.
 // <hpoa:removeLdapGroup>
 //  <hpoa:ldapGroup>bmcAdmins</hpoa:ldapGroup>
@@ -587,6 +595,12 @@ func (c *C7000) User(users []*cfgresources.User) (err error) {
 	return err
 }
 
+// PurgeUnmanagedUsers purges any user not in the user configuration.
+// PurgeUnmanagedUsers implements the Configure interface.
+func (c *C7000) PurgeUnmanagedUsers(users []*cfgresources.User) (err error) {
+	return nil
+}
+
 func (c *C7000) setUserPassword(user string, password string) (err error) {
 
 	u := Username{Text: user}

diff --git a/providers/hp/ilo/configure.go b/providers/hp/ilo/configure.go
@@ -20,10 +20,12 @@ var _ devices.Configure = (*Ilo)(nil)
 func (i *Ilo) Resources() []string {
 	return []string{
 		"user",
+		"purge_unmanaged_users",
 		"syslog",
 		"license",
 		"ntp",
 		"ldap_group",
+		"purge_unmanaged_ldap_groups",
 		"ldap",
 		"network",
 		"power",
@@ -221,6 +223,81 @@ func (i *Ilo) User(users []*cfgresources.User) (err error) {
 	return err
 }
 
+// PurgeUnmanagedUsers purges any user not in the user configuration.
+// PurgeUnmanagedUsers implements the Configure interface.
+func (i *Ilo) PurgeUnmanagedUsers(users []*cfgresources.User) (err error) {
+
+	var managedUser map[string]bool
+	for _, user := range users {
+		managedUser[user.Name] = true
+	}
+
+	existingUsers, err := i.queryUsers()
+	if err != nil {
+		msg := "Unable to query existing users"
+		i.log.V(1).Info(msg,
+			"IP", i.ip,
+			"Model", i.HardwareType(),
+			"step", "applyUserParams",
+			"Error", internal.ErrStringOrEmpty(err),
+		)
+		return errors.New(msg)
+	}
+
+	for _, userinfo := range existingUsers {
+		if !managedUser[userinfo.LoginName] {
+			userinfo.SessionKey = i.sessionKey
+
+			userinfo.Method = "del_user"
+			userinfo.UserID = userinfo.ID
+			msg := "User is unmanaged, will be deleted."
+			i.log.V(1).Info(msg,
+				"IP", i.ip,
+				"Model", i.HardwareType(),
+				"User", userinfo.LoginName,
+			)
+
+			payload, err := json.Marshal(userinfo)
+			if err != nil {
+				msg := "Unable to marshal userInfo payload to delete user."
+				i.log.V(1).Info(msg,
+					"IP", i.ip,
+					"Model", i.HardwareType(),
+					"step", helper.WhosCalling(),
+					"User", userinfo.LoginName,
+					"Error", internal.ErrStringOrEmpty(err),
+				)
+				continue
+			}
+
+			endpoint := "json/user_info"
+			statusCode, response, err := i.post(endpoint, payload)
+			if err != nil || statusCode != 200 {
+				msg := "POST request to delete user returned error."
+				i.log.V(1).Info(msg,
+					"IP", i.ip,
+					"Model", i.HardwareType(),
+					"endpoint", endpoint,
+					"step", helper.WhosCalling(),
+					"User", userinfo.LoginName,
+					"StatusCode", statusCode,
+					"response", string(response),
+					"Error", internal.ErrStringOrEmpty(err),
+				)
+				continue
+			}
+
+			i.log.V(1).Info("User was deleted.",
+				"IP", i.ip,
+				"Model", i.HardwareType(),
+				"User", userinfo.LoginName,
+			)
+		}
+	}
+
+	return err
+}
+
 // Syslog applies the Syslog configuration resource
 // Syslog implements the Configure interface
 func (i *Ilo) Syslog(cfg *cfgresources.Syslog) (err error) {
@@ -567,6 +644,12 @@ func (i *Ilo) LdapGroup(cfg []*cfgresources.LdapGroup, cfgLdap *cfgresources.Lda
 	return err
 }
 
+// PurgeUnmanagedLdapGroups purges any group not in the ldapGroup configuration.
+// PurgeUnmanagedLdapGroups implements the Configure interface.
+func (i *Ilo) PurgeUnmanagedLdapGroups(cfg []*cfgresources.LdapGroup, cfgLdap *cfgresources.Ldap) (err error) {
+	return nil
+}
+
 // Ldap applies LDAP configuration params.
 // Ldap implements the Configure interface.
 func (i *Ilo) Ldap(cfg *cfgresources.Ldap) (err error) {

diff --git a/providers/supermicro/supermicrox/configure.go b/providers/supermicro/supermicrox/configure.go
@@ -180,6 +180,12 @@ func (s *SupermicroX) User(users []*cfgresources.User) (err error) {
 	return err
 }
 
+// PurgeUnmanagedUsers purges any user not in the user configuration.
+// PurgeUnmanagedUsers implements the Configure interface.
+func (s *SupermicroX) PurgeUnmanagedUsers(users []*cfgresources.User) (err error) {
+	return nil
+}
+
 // Network method implements the Configure interface
 // applies various network parameters.
 func (s *SupermicroX) Network(cfg *cfgresources.Network) (reset bool, err error) {
@@ -439,6 +445,12 @@ func (s *SupermicroX) LdapGroup(cfgGroup []*cfgresources.LdapGroup, cfgLdap *cfg
 	return err
 }
 
+// PurgeUnmanagedLdapGroups purges any group not in the ldapGroup configuration.
+// PurgeUnmanagedLdapGroups implements the Configure interface.
+func (s *SupermicroX) PurgeUnmanagedLdapGroups(cfgGroup []*cfgresources.LdapGroup, cfgLdap *cfgresources.Ldap) (err error) {
+	return nil
+}
+
 // Syslog applies the Syslog configuration resource
 // Syslog implements the Configure interface
 // this also enables alerts from the BMC

diff --git a/providers/supermicro/supermicrox11/configure.go b/providers/supermicro/supermicrox11/configure.go
@@ -218,6 +218,12 @@ func (s *SupermicroX) User(users []*cfgresources.User) (err error) {
 	return err
 }
 
+// PurgeUnmanagedUsers purges any user not in the user configuration.
+// PurgeUnmanagedUsers implements the Configure interface.
+func (s *SupermicroX) PurgeUnmanagedUsers(users []*cfgresources.User) (err error) {
+	return nil
+}
+
 // Network method implements the Configure interface
 // applies various network parameters.
 func (s *SupermicroX) Network(cfg *cfgresources.Network) (reset bool, err error) {
@@ -513,6 +519,12 @@ func (s *SupermicroX) LdapGroup(cfgGroup []*cfgresources.LdapGroup, cfgLdap *cfg
 	return err
 }
 
+// PurgeUnmanagedLdapGroups purges any group not in the ldapGroup configuration.
+// PurgeUnmanagedLdapGroups implements the Configure interface.
+func (s *SupermicroX) PurgeUnmanagedLdapGroups(cfgGroup []*cfgresources.LdapGroup, cfgLdap *cfgresources.Ldap) (err error) {
+	return nil
+}
+
 // Syslog applies the Syslog configuration resource
 // Syslog implements the Configure interface
 // this also enables alerts from the BMC