From ba954a5eb4e6abafb847bd12ee2948a4e395f26c Mon Sep 17 00:00:00 2001 From: Pheenoh Date: Sun, 7 Apr 2024 10:20:01 -0600 Subject: [PATCH 01/16] refactor for automerge --- .github/workflows/sync-users-check.yml | 24 +++ .github/workflows/sync-users.yml | 22 +++ .github/workflows/terraform-plan.yml | 26 --- .github/workflows/terraform.yml | 42 ----- .github/workflows/tofu-plan.yml | 22 +++ manage-users.py | 232 ++++++++++++++++++++----- requirements.txt | 3 +- 7 files changed, 255 insertions(+), 116 deletions(-) create mode 100644 .github/workflows/sync-users-check.yml create mode 100644 .github/workflows/sync-users.yml delete mode 100644 .github/workflows/terraform-plan.yml delete mode 100644 .github/workflows/terraform.yml create mode 100644 .github/workflows/tofu-plan.yml diff --git a/.github/workflows/sync-users-check.yml b/.github/workflows/sync-users-check.yml new file mode 100644 index 0000000..8d6d2bb --- /dev/null +++ b/.github/workflows/sync-users-check.yml @@ -0,0 +1,24 @@ +on: + pull_request: + branches: + - main + paths: + - 'users.yaml' +jobs: + sync-users-check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-python@v4 + with: + python-version: '3.12' + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + aws-region: us-east-2 + - name: "Install dependencies" + run: pip3 install -r requirements.txt + - name: "Sync Users Check" + run: | + python manage-users.py --dry-run \ No newline at end of file diff --git a/.github/workflows/sync-users.yml b/.github/workflows/sync-users.yml new file mode 100644 index 0000000..d64911a --- /dev/null +++ b/.github/workflows/sync-users.yml @@ -0,0 +1,22 @@ +on: + push: + branches: + - main +jobs: + manage-users: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-python@v4 + with: + python-version: '3.12' + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + aws-region: us-east-2 + - name: "Install dependencies" + run: pip3 install -r requirements.txt + - name: "Sync Users" + run: | + python manage-users.py diff --git a/.github/workflows/terraform-plan.yml b/.github/workflows/terraform-plan.yml deleted file mode 100644 index 43cdc69..0000000 --- a/.github/workflows/terraform-plan.yml +++ /dev/null @@ -1,26 +0,0 @@ -permissions: - contents: write - id-token: write - -on: - pull_request: - branches: - - main -jobs: - terraform-plan: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-2 - - uses: hashicorp/setup-terraform@v2 - with: - terraform_version: 1.2.6 - - name: "Terraform Plan" - run: | - terraform init - terraform plan diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml deleted file mode 100644 index 393c541..0000000 --- a/.github/workflows/terraform.yml +++ /dev/null @@ -1,42 +0,0 @@ -on: - push: - branches: - - main -jobs: - # deploy-terraform: - # runs-on: ubuntu-latest - # steps: - # - uses: actions/checkout@v3 - # - name: Configure AWS Credentials - # uses: aws-actions/configure-aws-credentials@v1 - # with: - # aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - # aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - # aws-region: us-east-2 - # - uses: hashicorp/setup-terraform@v2 - # with: - # terraform_version: 1.2.6 - # - name: "Deploy Terraform" - # run: | - # terraform init - # terraform apply -auto-approve - manage-users: - runs-on: ubuntu-latest - # needs: [deploy-terraform] - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 - with: - python-version: '3.10' - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-2 - - name: "Install dependencies" - run: pip3 install -r requirements.txt - - name: "Sync Users" - run: python manage-users.py - env: - AWS_DEFAULT_REGION: us-east-2 diff --git a/.github/workflows/tofu-plan.yml b/.github/workflows/tofu-plan.yml new file mode 100644 index 0000000..df89687 --- /dev/null +++ b/.github/workflows/tofu-plan.yml @@ -0,0 +1,22 @@ +permissions: + contents: write + id-token: write +on: + workflow_dispatch: +jobs: + terraform-plan: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + aws-region: us-east-2 + - uses: opentofu/setup-opentofu@v1 + with: + tofu_version: 1.6.2 + - name: "Terraform Plan" + run: | + tofu init + tofu plan diff --git a/manage-users.py b/manage-users.py index 6111cf8..8b88c08 100644 --- a/manage-users.py +++ b/manage-users.py @@ -6,12 +6,16 @@ import re import yaml import sys +import click ssm_client = boto3.client('ssm') ec2_client = boto3.client('ec2') - def get_instance_id(): + """ + Returns the EC2 instance ID of the Ghidra server. + """ + response = ec2_client.describe_instances(Filters=[ { 'Name': 'tag:Name', @@ -25,8 +29,14 @@ def get_instance_id(): return response["Reservations"][0]["Instances"][0]["InstanceId"] - def run_ssm_command(cmd): + """ + Runs an arbitrary command on the Ghidra server using SSM. + + Keyword arguments: + cmd - The command to run on the Ghidra server. + """ + instance_id = get_instance_id() run_commands = ["source /etc/profile", cmd] @@ -44,28 +54,56 @@ def run_ssm_command(cmd): ) return output["StandardOutputContent"] - def list_users(): + """ + Lists all users on the Ghidra server. + """ + svr_admin_list_cmd = f'/opt/ghidra/server/svrAdmin -list --users' return run_ssm_command(svr_admin_list_cmd) - def add_user(user): + """ + Adds a user to the Ghidra server. + + Keyword arguments: + user - The user to add to the Ghidra server. + """ + svr_admin_add_cmd = f'/opt/ghidra/server/svrAdmin -add {user}' run_ssm_command(svr_admin_add_cmd) - def set_permission(user, perm): + """ + Sets a permission for a user on the Ghidra server. + + Keyword arguments: + user - The user to set permissions for. + perm - The permission to set for the user. Should be one of: read-only, write, admin. + """ + svr_admin_grant_cmd = f'/opt/ghidra/server/svrAdmin -grant {user} {perm} tp' run_ssm_command(svr_admin_grant_cmd) - def remove_user(user): + """ + Removes a user from the Ghidra server. + + Keyword arguments: + user - The user to remove from the Ghidra server. + """ + svr_admin_remove_cmd = f'/opt/ghidra/server/svrAdmin -remove {user}' run_ssm_command(svr_admin_remove_cmd) - def check_and_set_permission(user, perm): + """ + Checks if the supplied permission is valid and sets it for the user. + + Keyword arguments: + user - The user to check and set permissions for. + perm - The permission to set for the user. Should be one of: read-only, write, admin. + """ match perm: case "admin": set_permission(user, "+a") @@ -77,8 +115,11 @@ def check_and_set_permission(user, perm): print("User", user, "has invalid permissions. Should be one of: read-only, write, admin", file=sys.stderr) raise SystemExit(1) - def get_ghidra_users(): + """ + Returns a dictionary of all users on the Ghidra server and their permissions. + """ + std_output = list_users() regex = r"tp" @@ -97,48 +138,145 @@ def get_ghidra_users(): return current_users - -if __name__ == "__main__": - current_users = get_ghidra_users() +def remove_ghidra_users(current_users,yaml_users,dry_run): + """ + Removes any users that are no longer in the source control list. + + Keyword arguments: + current_users - The current users on the Ghidra server. + yaml_users - The users in the source control list. + dry_run - If set, the script will run in dry-run mode and no action will be taken. + + Returns: + ret_users - The number of users that will be removed. + """ + + ret_users = 0 + + users_to_remove = ghidra_user in current_users.keys() if ghidra_user not in yaml_users else [] + + # Remove any users that are no longer in the source control list + for ghidra_user in users_to_remove: + print(ghidra_user, "isn't in the source control list anymore. Removing...",end='') + + if not dry_run: + # remove_user(ghidra_user) + print("Done.") + else: + print("Dry run mode. Skipping.") + ret_users += 1 + + return ret_users + +def update_ghidra_users(current_users,yaml_users,dry_run): + """ + Updates any users that have had their permissions changed in the source control list. + + Keyword arguments: + current_users - Dict of the current users and their permission on the Ghidra server. + yaml_users - Dict of the users and their permissions in the source control list. + dry_run - If set, the script will run in dry-run mode and no action will be taken. + + Returns: + ret_users - The number of users that will be updated. + """ + + # dict to track num users to update + ret_users = 0 + + for i in range(len(yaml_users)): + curr_yaml_name = yaml_users[i]["ghidraName"] + curr_yaml_perm = (yaml_users[i]["permissions"]).lower() + + # Check if any user permissions need to be updated + if current_users[curr_yaml_name] != curr_yaml_perm: + print("User", curr_yaml_name, "permissions don't match. Updating...", end='') + if not dry_run: + # check_and_set_permission(curr_yaml_name, curr_yaml_perm) + print("Done.") + else: + print("Dry run mode. Skipping.") + ret_users += 1 + + else: + print("User", curr_yaml_name, "is up-to-date.") + + return ret_users + +def add_ghidra_users(current_users,yaml_users,dry_run): + """ + Adds any users that are in the source control list but not on the Ghidra server. + + Keyword arguments: + current_users - Dict of the current users and their permission on the Ghidra server. + yaml_users - Dict of the users and their permissions in the source control list. + dry_run - If set, the script will run in dry-run mode and no action will be taken. + + Returns: + ret_users - The number of users and their permissions that will be added. + """ + + # dict to track num users to add and their permissions + ret_users = { + "num_users": 0, + "permissions": [] + } + + # list comprehension to grab the user:permission pairs that appear in yaml_users but not in current_users + users_to_add = [ghidra_user for ghidra_user in yaml_users if ghidra_user["ghidraName"] not in current_users.keys()] + + for ghidra_user in users_to_add: + print("User", ghidra_user["ghidraName"], + "doesn't exist. Creating...", end='') + if not dry_run: + # add_user(ghidra_user["ghidraName"]) + print("Done.") + else: + print("Dry run mode. Skipping.") + ret_users["num_users"] += 1 + + print("Setting permissions for", ghidra_user["ghidraName"] + "...", end='') + + if not dry_run: + # check_and_set_permission(ghidra_user["ghidraName"], ghidra_user["permissions"]) + print("Done.") + else: + print("Dry run mode. Skipping.") + ret_users["permissions"].append(ghidra_user["permissions"]) + + return ret_users + +@click.command() +@click.option('--dry-run', is_flag=True, help='Dry run mode.') +def manage_users(dry_run=False): + """ + Manages users on the Ghidra server. + + Keyword arguments: + dry_run - If set, the script will run in dry-run mode and no action will be taken. + """ + + ghidra_server_users = get_ghidra_users() with open("users.yaml", "r") as stream: try: - user_entry_list = yaml.safe_load(stream) - yaml_users = [] - - for entry in user_entry_list: - yaml_users.append(entry["ghidraName"]) - - # Remove any users not in source control anymore - for ghidra_user in current_users.keys(): - if ghidra_user not in yaml_users: - print(ghidra_user, "isn't in the source control list anymore. Removing...",end='') - remove_user(ghidra_user) - print("Done.") - - # Add or update any users in source control - for i in range(len(user_entry_list)): - curr_yaml_name = user_entry_list[i]["ghidraName"] - curr_yaml_perm = (user_entry_list[i]["permissions"]).lower() - - if curr_yaml_name not in current_users.keys(): - print("User", curr_yaml_name, - "doesn't exist. Creating...", end='') - add_user(curr_yaml_name) - print("Done.") - - print("Setting permissions for", curr_yaml_name + "...", end='') - check_and_set_permission(curr_yaml_name, curr_yaml_perm) - print("Done.") - - elif current_users[curr_yaml_name] != curr_yaml_perm: - print("User", curr_yaml_name, - "permissions don't match. Updating...", end='') - check_and_set_permission(curr_yaml_name, curr_yaml_perm) - print("Done.") - - else: - print("User", curr_yaml_name, "is up-to-date.") + source_control_users = yaml.safe_load(stream) + + rm_users = remove_ghidra_users(ghidra_server_users,source_control_users,dry_run) + update_users = update_ghidra_users(ghidra_server_users,source_control_users,dry_run) + add_users = add_ghidra_users(ghidra_server_users,source_control_users,dry_run) + + if dry_run: + if rm_users > 0 or update_users > 0: + sys.exit(1) + elif add_users > 0: + for permission in add_users["permissions"]: + if permission in ["write", "admin"]: + sys.exit(1) + sys.exit(0) except yaml.YAMLError as err: print(err) + +if __name__ == "__main__": + manage_users() \ No newline at end of file diff --git a/requirements.txt b/requirements.txt index d218c6d..8511cc0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,3 @@ boto3 -pyyaml \ No newline at end of file +pyyaml +click \ No newline at end of file From 3cdc9a526cdf91799a365a2e6d05707173e5df95 Mon Sep 17 00:00:00 2001 From: Pheenoh Date: Sun, 7 Apr 2024 10:25:42 -0600 Subject: [PATCH 02/16] add test user --- users.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/users.yaml b/users.yaml index 85fcfe7..2f6c690 100644 --- a/users.yaml +++ b/users.yaml @@ -163,3 +163,5 @@ permissions: read-only - ghidraName: mloughnane permissions: read-only +- ghidraName: pheenoh-test + permissions: read-only \ No newline at end of file From 8569efff2c8f6d0c4c04b048243f85916da2e1c5 Mon Sep 17 00:00:00 2001 From: Pheenoh Date: Sun, 7 Apr 2024 10:59:37 -0600 Subject: [PATCH 03/16] More Nodejs deprecation fixes --- .github/workflows/sync-users-check.yml | 2 +- .github/workflows/sync-users.yml | 2 +- .github/workflows/tofu-plan.yml | 8 ++++++-- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/sync-users-check.yml b/.github/workflows/sync-users-check.yml index 8d6d2bb..acdc76c 100644 --- a/.github/workflows/sync-users-check.yml +++ b/.github/workflows/sync-users-check.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: '3.12' - name: Configure AWS Credentials diff --git a/.github/workflows/sync-users.yml b/.github/workflows/sync-users.yml index d64911a..8326e48 100644 --- a/.github/workflows/sync-users.yml +++ b/.github/workflows/sync-users.yml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: '3.12' - name: Configure AWS Credentials diff --git a/.github/workflows/tofu-plan.yml b/.github/workflows/tofu-plan.yml index df89687..49de297 100644 --- a/.github/workflows/tofu-plan.yml +++ b/.github/workflows/tofu-plan.yml @@ -3,8 +3,12 @@ permissions: id-token: write on: workflow_dispatch: + pull_request: + paths: + - 'backend.tf' + - 'ghidra-server.tf' jobs: - terraform-plan: + tofu-plan: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -16,7 +20,7 @@ jobs: - uses: opentofu/setup-opentofu@v1 with: tofu_version: 1.6.2 - - name: "Terraform Plan" + - name: "Tofu Plan" run: | tofu init tofu plan From f1078f8c48503ab8a8a476cc88835aa2b849ce6a Mon Sep 17 00:00:00 2001 From: Pheenoh Date: Sun, 7 Apr 2024 11:01:27 -0600 Subject: [PATCH 04/16] add permissions --- .github/workflows/sync-users-check.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/sync-users-check.yml b/.github/workflows/sync-users-check.yml index acdc76c..cfd152f 100644 --- a/.github/workflows/sync-users-check.yml +++ b/.github/workflows/sync-users-check.yml @@ -1,3 +1,6 @@ +permissions: + id-token: write + contents: read on: pull_request: branches: From a16f0b1901ddff2989fc325914cfc7562d5cce80 Mon Sep 17 00:00:00 2001 From: Pheenoh Date: Sun, 7 Apr 2024 11:26:13 -0600 Subject: [PATCH 05/16] bug fix --- manage-users.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/manage-users.py b/manage-users.py index 8b88c08..3f680c4 100644 --- a/manage-users.py +++ b/manage-users.py @@ -153,7 +153,7 @@ def remove_ghidra_users(current_users,yaml_users,dry_run): ret_users = 0 - users_to_remove = ghidra_user in current_users.keys() if ghidra_user not in yaml_users else [] + users_to_remove = [ghidra_user for ghidra_user in current_users.keys() if ghidra_user not in yaml_users] # Remove any users that are no longer in the source control list for ghidra_user in users_to_remove: @@ -181,7 +181,6 @@ def update_ghidra_users(current_users,yaml_users,dry_run): ret_users - The number of users that will be updated. """ - # dict to track num users to update ret_users = 0 for i in range(len(yaml_users)): From a6c79c7637e0302d75e17d0c3bbea71937130454 Mon Sep 17 00:00:00 2001 From: Pheenoh Date: Sun, 7 Apr 2024 11:28:20 -0600 Subject: [PATCH 06/16] debug --- manage-users.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manage-users.py b/manage-users.py index 3f680c4..1daecf9 100644 --- a/manage-users.py +++ b/manage-users.py @@ -155,6 +155,12 @@ def remove_ghidra_users(current_users,yaml_users,dry_run): users_to_remove = [ghidra_user for ghidra_user in current_users.keys() if ghidra_user not in yaml_users] + + print("Current users:", current_users) + print("YAML users:", yaml_users) + print("Users to remove:", users_to_remove) + sys.exit(1) + # Remove any users that are no longer in the source control list for ghidra_user in users_to_remove: print(ghidra_user, "isn't in the source control list anymore. Removing...",end='') From 4a6168cacda07bc5f97a46a4cc859708b368bff8 Mon Sep 17 00:00:00 2001 From: Pheenoh Date: Sun, 7 Apr 2024 11:30:44 -0600 Subject: [PATCH 07/16] debug --- manage-users.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manage-users.py b/manage-users.py index 1daecf9..bdef329 100644 --- a/manage-users.py +++ b/manage-users.py @@ -153,7 +153,7 @@ def remove_ghidra_users(current_users,yaml_users,dry_run): ret_users = 0 - users_to_remove = [ghidra_user for ghidra_user in current_users.keys() if ghidra_user not in yaml_users] + users_to_remove = [ghidra_user for ghidra_user in current_users.keys() if ghidra_user not in yaml_users["ghidraName"]] print("Current users:", current_users) From 44bba9c0375a3217688d6ab8e85b3087d9541c5d Mon Sep 17 00:00:00 2001 From: Pheenoh Date: Sun, 7 Apr 2024 11:32:33 -0600 Subject: [PATCH 08/16] debug --- manage-users.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manage-users.py b/manage-users.py index bdef329..91c8012 100644 --- a/manage-users.py +++ b/manage-users.py @@ -153,7 +153,7 @@ def remove_ghidra_users(current_users,yaml_users,dry_run): ret_users = 0 - users_to_remove = [ghidra_user for ghidra_user in current_users.keys() if ghidra_user not in yaml_users["ghidraName"]] + users_to_remove = [ghidra_user for ghidra_user in current_users.keys() if all(ghidra_user != user.get('ghidraName') for user in yaml_users)] print("Current users:", current_users) From 6146a8f93f15d9097f12a80a7ab1503a5395b8a6 Mon Sep 17 00:00:00 2001 From: Pheenoh Date: Sun, 7 Apr 2024 11:34:47 -0600 Subject: [PATCH 09/16] debug --- manage-users.py | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/manage-users.py b/manage-users.py index 91c8012..ba74d96 100644 --- a/manage-users.py +++ b/manage-users.py @@ -155,12 +155,6 @@ def remove_ghidra_users(current_users,yaml_users,dry_run): users_to_remove = [ghidra_user for ghidra_user in current_users.keys() if all(ghidra_user != user.get('ghidraName') for user in yaml_users)] - - print("Current users:", current_users) - print("YAML users:", yaml_users) - print("Users to remove:", users_to_remove) - sys.exit(1) - # Remove any users that are no longer in the source control list for ghidra_user in users_to_remove: print(ghidra_user, "isn't in the source control list anymore. Removing...",end='') @@ -228,7 +222,12 @@ def add_ghidra_users(current_users,yaml_users,dry_run): } # list comprehension to grab the user:permission pairs that appear in yaml_users but not in current_users - users_to_add = [ghidra_user for ghidra_user in yaml_users if ghidra_user["ghidraName"] not in current_users.keys()] + users_to_add = [user for user in yaml_users if user.get('ghidraName') not in current_users.keys()] + + print("Current users:", current_users) + print("YAML users:", yaml_users) + print("Users to add:", users_to_add) + sys.exit(1) for ghidra_user in users_to_add: print("User", ghidra_user["ghidraName"], From 5f69d5274ac799ab59f301ddfb42737feca99b85 Mon Sep 17 00:00:00 2001 From: Pheenoh Date: Sun, 7 Apr 2024 11:38:06 -0600 Subject: [PATCH 10/16] debug --- manage-users.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manage-users.py b/manage-users.py index ba74d96..830934e 100644 --- a/manage-users.py +++ b/manage-users.py @@ -267,8 +267,8 @@ def manage_users(dry_run=False): source_control_users = yaml.safe_load(stream) rm_users = remove_ghidra_users(ghidra_server_users,source_control_users,dry_run) - update_users = update_ghidra_users(ghidra_server_users,source_control_users,dry_run) add_users = add_ghidra_users(ghidra_server_users,source_control_users,dry_run) + update_users = update_ghidra_users(ghidra_server_users,source_control_users,dry_run) if dry_run: if rm_users > 0 or update_users > 0: From ae65d6dc837db6cfd04d8053b410c86702df74ac Mon Sep 17 00:00:00 2001 From: Pheenoh Date: Sun, 7 Apr 2024 12:16:25 -0600 Subject: [PATCH 11/16] debug --- manage-users.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/manage-users.py b/manage-users.py index 830934e..dfa57f1 100644 --- a/manage-users.py +++ b/manage-users.py @@ -187,8 +187,7 @@ def update_ghidra_users(current_users,yaml_users,dry_run): curr_yaml_name = yaml_users[i]["ghidraName"] curr_yaml_perm = (yaml_users[i]["permissions"]).lower() - # Check if any user permissions need to be updated - if current_users[curr_yaml_name] != curr_yaml_perm: + if curr_yaml_name in current_users.keys() and current_users[curr_yaml_name] != curr_yaml_perm: print("User", curr_yaml_name, "permissions don't match. Updating...", end='') if not dry_run: # check_and_set_permission(curr_yaml_name, curr_yaml_perm) @@ -267,8 +266,8 @@ def manage_users(dry_run=False): source_control_users = yaml.safe_load(stream) rm_users = remove_ghidra_users(ghidra_server_users,source_control_users,dry_run) - add_users = add_ghidra_users(ghidra_server_users,source_control_users,dry_run) update_users = update_ghidra_users(ghidra_server_users,source_control_users,dry_run) + add_users = add_ghidra_users(ghidra_server_users,source_control_users,dry_run) if dry_run: if rm_users > 0 or update_users > 0: From 3078646fa95144d3897028b07341c66486d34bea Mon Sep 17 00:00:00 2001 From: Pheenoh Date: Sun, 7 Apr 2024 12:16:43 -0600 Subject: [PATCH 12/16] rm debug --- manage-users.py | 5 ----- 1 file changed, 5 deletions(-) diff --git a/manage-users.py b/manage-users.py index dfa57f1..52e54d4 100644 --- a/manage-users.py +++ b/manage-users.py @@ -223,11 +223,6 @@ def add_ghidra_users(current_users,yaml_users,dry_run): # list comprehension to grab the user:permission pairs that appear in yaml_users but not in current_users users_to_add = [user for user in yaml_users if user.get('ghidraName') not in current_users.keys()] - print("Current users:", current_users) - print("YAML users:", yaml_users) - print("Users to add:", users_to_add) - sys.exit(1) - for ghidra_user in users_to_add: print("User", ghidra_user["ghidraName"], "doesn't exist. Creating...", end='') From 34d16b851511eb94399fc15e2ab765f81f11413f Mon Sep 17 00:00:00 2001 From: Pheenoh Date: Sun, 7 Apr 2024 12:36:19 -0600 Subject: [PATCH 13/16] debug --- manage-users.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manage-users.py b/manage-users.py index 52e54d4..90942ce 100644 --- a/manage-users.py +++ b/manage-users.py @@ -267,7 +267,7 @@ def manage_users(dry_run=False): if dry_run: if rm_users > 0 or update_users > 0: sys.exit(1) - elif add_users > 0: + elif add_users["num_users"] > 0: for permission in add_users["permissions"]: if permission in ["write", "admin"]: sys.exit(1) From da132b3c19a3a50a2bf11f05d405c0aceb237829 Mon Sep 17 00:00:00 2001 From: Pheenoh Date: Sun, 7 Apr 2024 12:41:52 -0600 Subject: [PATCH 14/16] automerge fail test --- users.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users.yaml b/users.yaml index b8fc207..66c294e 100644 --- a/users.yaml +++ b/users.yaml @@ -166,4 +166,4 @@ - ghidraName: Badfoxrox permissions: read-only - ghidraName: pheenoh-test - permissions: read-only \ No newline at end of file + permissions: admin \ No newline at end of file From fe3ee05328ab570a82083014bc8e110662d3e5cf Mon Sep 17 00:00:00 2001 From: Pheenoh Date: Sun, 7 Apr 2024 12:43:15 -0600 Subject: [PATCH 15/16] rm test user --- users.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/users.yaml b/users.yaml index 66c294e..5df9199 100644 --- a/users.yaml +++ b/users.yaml @@ -164,6 +164,4 @@ - ghidraName: mloughnane permissions: read-only - ghidraName: Badfoxrox - permissions: read-only -- ghidraName: pheenoh-test - permissions: admin \ No newline at end of file + permissions: read-only \ No newline at end of file From 8cc516dbb8d6068cebf7a38800be182e5bb58a51 Mon Sep 17 00:00:00 2001 From: Pheenoh Date: Sun, 7 Apr 2024 12:44:58 -0600 Subject: [PATCH 16/16] test --- users.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/users.yaml b/users.yaml index 5df9199..b61ce94 100644 --- a/users.yaml +++ b/users.yaml @@ -164,4 +164,5 @@ - ghidraName: mloughnane permissions: read-only - ghidraName: Badfoxrox - permissions: read-only \ No newline at end of file + permissions: read-only + \ No newline at end of file