0001-provisionning-log-received-provisionning-messages-an.patch

Benjamin Dauvergne, 13 septembre 2021 14:36

Voir les différences: en ligne côte à côte

Subject: [PATCH] provisionning: log received provisionning messages and
 actions (#56907)

 .../common/management/commands/hobo_notify.py |  5 ++
 hobo/multitenant/utils.py                     | 15 +++--
 hobo/provisionning/middleware.py              |  6 ++
 hobo/provisionning/utils.py                   | 63 +++++++++++++++----
 4 files changed, 73 insertions(+), 16 deletions(-)

     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     import json
     import logging
     import os
     import sys
-...
     from hobo.multitenant.middleware import TenantMiddleware
     from hobo.provisionning.utils import NotificationProcessing, TryAgain
     logger = logging.getLogger(__name__)
     class Command(BaseCommand, NotificationProcessing):
         requires_system_checks = False
-...
             if entity_id not in audience:
                 return
             object_type = notification['objects']['@type']
             msg = 'received request for %sing %%d %%s objects (Celery)' % action
             logger.info(msg, len(notification['objects']['data']), object_type)
             for i in range(20):
                 try:
                     getattr(cls, 'provision_' + object_type)(

             return
         logger = logging.getLogger(__name__)
         existing_pks = user.groups.values_list('pk', flat=True)
         for role in Role.objects.filter(uuid__in=uuids).exclude(pk__in=existing_pks):
         existing_pks = set(user.groups.values_list('pk', flat=True))
         uuids = set(uuids)
         not_found = uuids.copy()
         for role in Role.objects.filter(uuid__in=uuids):
             not_found.discard(role.uuid)
             if role.pk in existing_pks:
                 continue
             user.groups.through.objects.get_or_create(group=role, user=user)
             logger.info(u'adding role %s to %s (%s)', role, user, user.pk)
             logger.info('adding role %s to %s (%s)', role, user, user.pk)
         qs = user.groups.through.objects.filter(user=user, group__role__isnull=False).exclude(
             group__role__uuid__in=uuids
+        )
-...
             except DatabaseError:
                 pass
             else:
                 logger.info(u'removed role %s from %s (%s)', rel.group, user, user.pk)
                 logger.info('removed role %s from %s (%s)', rel.group, user, user.pk)
         for uuid in not_found:
             logger.warning('role %s of user %s does not exist', uuid, user)

     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     import json
     import logging
     from django.conf import settings
     from django.http import HttpResponseBadRequest, HttpResponseForbidden, JsonResponse
-...
     from hobo.provisionning.utils import NotificationProcessing, TryAgain
     from hobo.rest_authentication import PublikAuthentication, PublikAuthenticationFailed
     logger = logging.getLogger(__name__)
     class ProvisionningMiddleware(MiddlewareMixin, NotificationProcessing):
         def process_request(self, request):
-...
                 return HttpResponseBadRequest()
             full = notification['full'] if 'full' in notification else False
             msg = 'received request for %sing %%d %%s objects (HTTP)' % action
             logger.info(msg, len(notification['objects']['data']), object_type)
             for i in range(20):
                 try:
                     getattr(self, 'provision_' + object_type)(

     from hobo.agent.common.models import Role
     from hobo.multitenant.utils import provision_user_groups
     logger = logging.getLogger(__name__)
     class TryAgain(Exception):
         pass
-...
                 try:
                     with atomic():
                         if action == 'provision':
                             new = False
                             assert cls.check_valid_user(o)
                             try:
                                 mellon_user = UserSAMLIdentifier.objects.get(issuer=issuer, name_id=o['uuid'])
-...
                                     # temp user object
                                     random_uid = str(random.randint(1, 10000000000000))
                                     user = User.objects.create(username=random_uid)
                                     new = True
                                 mellon_user = UserSAMLIdentifier.objects.create(
                                     user=user, issuer=issuer, name_id=o['uuid']
+                                )
-...
                             user.save()
                             role_uuids = [role['uuid'] for role in o.get('roles', [])]
                             provision_user_groups(user, role_uuids)
                             msg = '%s user %%s' % ('provisionned new' if new else 'updated')
                             user_description = ''
                             if user.email:
                                 user_description += user.email + ' '
                             user_description += '(%s)' % o['uuid']
                             logger.info(msg, user_description)
                         elif action == 'deprovision':
                             assert 'uuid' in o
                     uuids.add(o['uuid'])
                 except IntegrityError:
                     raise TryAgain
             if full and action == 'provision':
                 for usi in UserSAMLIdentifier.objects.exclude(name_id__in=uuids):
                 qs = UserSAMLIdentifier.objects.exclude(name_id__in=uuids)
                 logger.info(
                     'deprovisionning users %s',
                     ', '.join(
                         ((email + ' ' if email else '') + '(%s)' % username)
                         for email, username in qs.values_list('email', 'username')
                     ),
+                )
                 for usi in qs:
                     usi.user.delete()
             elif action == 'deprovision':
                 for user in User.objects.filter(saml_identifiers__name_id__in=uuids):
                 qs = User.objects.filter(saml_identifiers__name_id__in=uuids)
                 for user in qs:
                     user.delete()
                 logger.info(
                     'deprovisionning users %s',
                     ', '.join(
                         ((email + ' ' if email else '') + '(%s)' % username)
                         for email, username in qs.values_list('email', 'username')
                     ),
+                )
         group_name_max_length = Group._meta.get_field('name').max_length
-...
         @classmethod
         def provision_role(cls, issuer, action, data, full=False):
             logger = logging.getLogger(__name__)
             uuids = set()
             for o in data:
                 assert 'uuid' in o
                 uuids.add(o['uuid'])
                 if action == 'provision':
                     created = False
                     save = False
                     assert cls.check_valid_role(o)
                     role_name = cls.truncate_role_name(o['name'])
                     try:
                         role = Role.objects.get(uuid=o['uuid'])
                         created = False
                     except Role.DoesNotExist:
                         try:
                             with atomic():
-...
                                     defaults={
                                         'uuid': o['uuid'],
                                         'description': o['description'],
                                         'details': o.get('details', u''),
                                         'details': o.get('details', ''),
                                         'emails': o.get('emails', []),
                                         'emails_to_members': o.get('emails_to_members', True),
                                     },
+                                )
                         except IntegrityError:
                             # Can happen if uuid and name already exist
                             logger.error(u'cannot provision role "%s" (%s)', o['name'], o['uuid'])
                             logger.error('cannot provision role "%s" (%s)', o['name'], o['uuid'])
                             continue
                     if not created:
                         save = False
                         if role.name != role_name:
                             role.name = role_name
                             save = True
-...
                         if role.description != o['description']:
                             role.description = o['description']
                             save = True
                         if role.details != o.get('details', u''):
                             role.details = o.get('details', u'')
                         if role.details != o.get('details', ''):
                             role.details = o.get('details', '')
                             save = True
                         if role.emails != o.get('emails', []):
                             role.emails = o.get('emails', [])
-...
                                     role.save()
                             except IntegrityError:
                                 # Can happen if uuid and name already exist
                                 logger.error(u'cannot provision role "%s" (%s)', o['name'], o['uuid'])
                                 logger.error('cannot provision role "%s" (%s)', o['name'], o['uuid'])
                                 continue
                     if created:
                         logger.info('provisionned new role %s (%s)', o['name'], o['uuid'])
                     if save:
                         logger.info('updated role %s (%s)', o['name'], o['uuid'])
             if full and action == 'provision':
                 for role in Role.objects.exclude(uuid__in=uuids):
                 qs = Role.objects.exclude(uuid__in=uuids)
                 logger.info(
                     'deprovisionning roles %s',
                     ', '.join('%s (%s)' % (name, uuid) for name, uuid in qs.values_list('name', 'uuid')),
+                )
                 for role in qs:
                     role.delete()
             elif action == 'deprovision':
                 for role in Role.objects.filter(uuid__in=uuids):
                 qs = Role.objects.filter(uuid__in=uuids)
                 logger.info(
                     'deprovisionning roles %s',
                     ', '.join('%s (%s)' % (name, uuid) for name, uuid in qs.values_list('name', 'uuid')),
+                )
                 for role in qs:
                     role.delete()
+    -

Projet

Général

Profil

Produits Entr'ouvert » Hobo

0001-provisionning-log-received-provisionning-messages-an.patch