0001-authentic-agent-mass-provision-roles-on-new-services.patch
hobo/agent/authentic2/management/commands/hobo_deploy.py | ||
---|---|---|
22 | 22 |
from tenant_schemas.utils import tenant_context |
23 | 23 | |
24 | 24 |
from hobo.agent.common.management.commands import hobo_deploy |
25 |
from hobo.agent.authentic2.provisionning import Provisionning |
|
25 | 26 | |
26 | 27 |
User = get_user_model() |
27 | 28 | |
... | ... | |
123 | 124 |
services = hobo_environment['services'] |
124 | 125 |
retries = 0 |
125 | 126 |
loaded = 0 |
127 |
provision_target_ous = {} |
|
126 | 128 |
max_retries = 1 if self.redeploy else 5 |
127 | 129 |
while retries < max_retries: |
128 | 130 |
for service in services: |
... | ... | |
183 | 185 |
name=service['title']) |
184 | 186 |
if service_created or not provider.ou: |
185 | 187 |
provider.ou = ou |
188 |
provision_target_ous[provider.ou.id] = provider.ou |
|
186 | 189 |
provider.save() |
187 | 190 |
if service_created: |
188 | 191 |
service_provider = LibertyServiceProvider( |
... | ... | |
233 | 236 |
time.sleep(self.backoff_factor * (2 ** retries)) |
234 | 237 |
retries += 1 |
235 | 238 | |
239 |
if provision_target_ous: |
|
240 |
# mass provision roles on new created services |
|
241 |
engine = Provisionning() |
|
242 |
roles = get_role_model().objects.all() |
|
243 |
engine.notify_roles(provision_target_ous, roles, full=True) |
|
244 | ||
236 | 245 |
for service in services: |
237 | 246 |
if not service.get('$done'): |
238 | 247 |
last_error = service['$last-error'] |
tests_authentic/test_hobo_deploy.py | ||
---|---|---|
56 | 56 |
}, |
57 | 57 |
], roles_json) |
58 | 58 | |
59 |
# As a user is created, notify_agents is called, as celery is not running |
|
60 |
# we just block it |
|
61 |
mocker.patch('hobo.agent.authentic2.provisionning.notify_agents') |
|
62 | 59 |
requests_get = mocker.patch('requests.get') |
63 | 60 |
meta1 = '''<?xml version="1.0"?> |
64 | 61 |
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" |
... | ... | |
314 | 311 |
hobo_json = tempfile.NamedTemporaryFile() |
315 | 312 |
hobo_json.write(hobo_json_content) |
316 | 313 |
hobo_json.flush() |
317 |
call_command('hobo_deploy', 'http://sso.example.net', hobo_json.name) |
|
314 | ||
315 |
with mock.patch('hobo.agent.authentic2.provisionning.notify_agents') as mock_notify: |
|
316 |
call_command('hobo_deploy', 'http://sso.example.net', hobo_json.name) |
|
317 | ||
318 |
# check role mass provisionning to new services |
|
319 |
# two wcs => two ous => two audiences |
|
320 |
assert mock_notify.call_count == 2 |
|
321 |
audiences = sorted([arg[0][0]['audience'] for arg in mock_notify.call_args_list]) |
|
322 |
assert audiences == [['http://clapiers.example.net/saml/metadata'], |
|
323 |
['http://eservices.example.net/saml/metadata', 'http://passerelle.example.net/saml/metadata']] |
|
324 |
assert [arg[0][0]['@type'] for arg in mock_notify.call_args_list] == ['provision', 'provision'] |
|
325 |
assert [arg[0][0]['objects']['@type'] for arg in mock_notify.call_args_list] == ['role', 'role'] |
|
326 |
assert [arg[0][0]['full'] for arg in mock_notify.call_args_list] == [True, True] |
|
318 | 327 | |
319 | 328 |
from hobo.multitenant.middleware import TenantMiddleware |
320 | 329 |
tenants = list(TenantMiddleware.get_tenants()) |
321 |
- |