Skip to content
Snippets Groups Projects
Commit ce701ff0 authored by Eesaan Atluri's avatar Eesaan Atluri
Browse files

RMQ agent to block/unblock ssh access based on the lock/unlock msg received

parent 0984d392
No related branches found
No related tags found
2 merge requests!147Merge previous default branch feat-cod-rmq into main,!119Feat account management
Hide whitespace changes
Inline Side-by-side
prod_rmq_agents/lock_ssh.py
+ 30
21
View file @ ce701ff0
...@@ -6,53 +6,62 @@ from pathlib import Path ...@@ -6,53 +6,62 @@ from pathlib import Path
from rc_rmq import RCRMQ from rc_rmq import RCRMQ
import rabbit_config as rcfg import rabbit_config as rcfg
task = "block_ssh" task = "ssh_access"
args = rc_util.get_args() args = rc_util.get_args()
logger = rc_util.get_logger(args) logger = rc_util.get_logger(args)
# Instantiate rabbitmq object # Instantiate rabbitmq object
rc_rmq = RCRMQ({"exchange": "", "exchange_type": "topic"}) rc_rmq = RCRMQ({"exchange": "RegUsr", "exchange_type": "topic"})
def block_ssh(ch, method, properties, body): def ssh_access(ch, method, properties, body):
msg = json.loads(body) msg = json.loads(body)
username = msg["username"] username = msg["username"]
msg["task"] = task action = msg["action"]
msg["success"] = False msg["success"] = False
corr_id = properties.correlation_id
reply_to = properties.reply_to reply_to = properties.reply_to
block_ssh_cmd = f"/cm/local/apps/cmd/bin/cmsh -n -c "group; use nossh; append members {username}; commit;"" try:
block_ssh = popen(block_ssh_cmd).read().rstrip() block_ssh_cmd = f'/cm/local/apps/cmd/bin/cmsh -n -c "group; use nossh; append members {username}; commit;"'
unblock_ssh_cmd = f'/cm/local/apps/cmd/bin/cmsh -n -c "group; use nossh; removefrom members {username}; commit;"'
msg["success"] = True if action == 'lock':
block_ssh = popen(block_ssh_cmd).read().rstrip()
elif action == 'unlock':
unblock_ssh = popen(unblock_ssh_cmd).read().rstrip()
msg["success"] = True
except Exception: except Exception:
msg["success"] = False msg["success"] = False
msg["errmsg"] = "Exception raised, check the logs for stack trace" msg["errmsg"] = "Exception raised, while blocking user's ssh access, check the logs for stack trace"
logger.error("", exc_info=True) logger.error("", exc_info=True)
# send confirm message # send response to callback queue with it's correlation ID
rc_rmq.publish_msg( if reply_to:
{"routing_key": reply_to, rc_rmq.publish_msg(
"props": pika.BasicProperties( {"routing_key": reply_to,
reply_to = callback_queue, "props": pika.BasicProperties(
), correlation_id=corr_id,
"msg": msg} ),
) "msg": msg}
)
logger.debug(f"User {username} confirmation sent for {task}") logger.debug(f"User {username} confirmation sent for {action}ing {task}")
ch.basic_ack(delivery_tag=method.delivery_tag) ch.basic_ack(delivery_tag=method.delivery_tag)
logger.info(f"Start listening to queue: {task}") logger.info(f"Start listening to queue: {task}")
rc_rmq.bind_queue(queue=task, routing_key='lock.*', durable=True)
rc_rmq.bind_queue(queue=task, routing_key='unlock.*', durable=True)
rc_rmq.bind_queue(queue=task, routing_key='ssh.*', durable=True)
rc_rmq.start_consume( rc_rmq.start_consume(
{"queue": task, "routing_key": "block.*", "cb": block_ssh} {"queue": task, "cb": ssh_access}
)
rc_rmq.start_consume(
{"queue": task, "routing_key": "block.ssh.*", "cb": block_ssh}
) )
logger.info("Disconnected") logger.info("Disconnected")
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment