Commit a7a6da9e authored by julian.gethmann's avatar julian.gethmann

Fix syntax errors and format set_ipa_pwpolicies

parent 498f1bc8
......@@ -22,29 +22,32 @@ import datetime
import ipalib
import yaml
def bootstrap():
"""
"""
Bootstrap the script.
I hope that all of this stuff is re-entrant.
Also, api is defined in __init__.py.
"""
api.bootstrap_with_global_options(context='cli')
api.finalize()
api.Backend.rpcclient.connect()
api.bootstrap_with_global_options(context="cli")
api.finalize()
api.Backend.rpcclient.connect()
def decrypt(filename: str) -> Dict[str, str]:
return yaml.load(run(["ansible-vault", "view", filename], stdout=PIPE).stdout)
def main():
EXPIRE = 5 * 52 # weeks
IPA_USER_CONFIG = "./group_vars/all/vault.yml"
bootstrap()
pw = api.Command.pwpolicy_find(u"global_policy")["result"]
pw = api.Command.pwpolicy_find("global_policy")["result"]
prev_lifetime = int(pw[0]["krbmaxpwdlife"][0])
print("Set new default password expiration time")
with suppress(ipalib.errors.EmptyModlist):
api.Command.pwpolicy_mod(u"global_policy", krbmaxpwdlife="0")
api.Command.pwpolicy_mod("global_policy", krbmaxpwdlife="0")
print("Set password expiration time for all users")
new_expiretime = datetime.datetime.now() + datetime.timedelta(weeks=EXPIRE)
......@@ -59,18 +62,22 @@ def main():
continue
user = user["name"]
prev_expire = api.Command.user_show(user, all=True)["result"].get("krbpasswordexpiration",
(datetime.datetime(1970, 1, 1),))[0]
print(f"Set password expiration time for {user} from
{prev_expire:%Y-%m-%dT%H:%M:%S} to {new_expiretime:%Y-%m-%d}")
prev_expire = api.Command.user_show(user, all=True)["result"].get(
"krbpasswordexpiration", (datetime.datetime(1970, 1, 1),)
)[0]
print(
f"Set password expiration time for {user} from "
f"{prev_expire:%Y-%m-%dT%H:%M:%S} to {new_expiretime:%Y-%m-%d}"
)
with suppress(ipalib.errors.EmptyModlist):
api.Command.user_mod(
user,
setattr=f"krbPasswordExpiration={new_expiretime:%Y%m%d%H%M%S}Z",
user, setattr=f"krbPasswordExpiration={new_expiretime:%Y%m%d%H%M%S}Z"
)
if __name__ == "__main__":
import sys
if len(sys.argv) > 1:
print(__doc__)
sys.exit(0)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment