122 |
122 |
if instance.ou_id in ous:
|
123 |
123 |
instance.ou = ous[instance.ou_id]
|
124 |
124 |
|
125 |
|
def notify_users(self, ous, users, mode='provision'):
|
|
125 |
def notify_users(self, ous, users, mode='provision', sync=False):
|
126 |
126 |
allowed_technical_roles_prefixes = getattr(settings, 'HOBO_PROVISION_ROLE_PREFIXES', []) or []
|
127 |
127 |
|
128 |
128 |
if mode == 'provision':
|
... | ... | |
240 |
240 |
for user in batched_users
|
241 |
241 |
],
|
242 |
242 |
},
|
243 |
|
}
|
|
243 |
},
|
|
244 |
sync=sync,
|
244 |
245 |
)
|
245 |
246 |
else:
|
246 |
247 |
for ou, users in ous.items():
|
... | ... | |
262 |
263 |
'@type': 'user',
|
263 |
264 |
'data': [user_to_json(ou, None, user, user_roles) for user in users],
|
264 |
265 |
},
|
265 |
|
}
|
|
266 |
},
|
|
267 |
sync=sync,
|
266 |
268 |
)
|
267 |
269 |
elif users:
|
268 |
270 |
audience = [audience for ou in ous.keys() for s, audience in self.get_audience(ou)]
|
... | ... | |
284 |
286 |
for user in users
|
285 |
287 |
],
|
286 |
288 |
},
|
287 |
|
}
|
|
289 |
},
|
|
290 |
sync=sync,
|
288 |
291 |
)
|
289 |
292 |
|
290 |
|
def notify_roles(self, ous, roles, mode='provision', full=False):
|
|
293 |
def notify_roles(self, ous, roles, mode='provision', full=False, sync=False):
|
291 |
294 |
allowed_technical_roles_prefixes = getattr(settings, 'HOBO_PROVISION_ROLE_PREFIXES', []) or []
|
292 |
295 |
|
293 |
296 |
def is_forbidden_technical_role(role):
|
... | ... | |
340 |
343 |
'@type': 'role',
|
341 |
344 |
'data': data,
|
342 |
345 |
},
|
343 |
|
}
|
|
346 |
},
|
|
347 |
sync=sync,
|
344 |
348 |
)
|
345 |
349 |
|
346 |
350 |
global_roles = set(ous.get(None, []))
|
... | ... | |
486 |
490 |
for other_instance in instance.members.all():
|
487 |
491 |
self.add_saved(other_instance)
|
488 |
492 |
|
489 |
|
def notify_agents(self, data):
|
|
493 |
def notify_agents(self, data, sync=False):
|
490 |
494 |
log_path = getattr(settings, 'DEBUG_PROVISIONNING_LOG_PATH', '')
|
491 |
495 |
if log_path and getattr(settings, 'HOBO_PROVISIONNING_DEBUG', False):
|
492 |
496 |
try:
|
... | ... | |
498 |
502 |
pass
|
499 |
503 |
|
500 |
504 |
if getattr(settings, 'HOBO_HTTP_PROVISIONNING', False):
|
501 |
|
leftover_audience = self.notify_agents_http(data)
|
|
505 |
leftover_audience = self.notify_agents_http(data, sync=sync)
|
502 |
506 |
if not leftover_audience:
|
503 |
507 |
return
|
504 |
508 |
logger.info('leftover AMQP audience: %s', leftover_audience)
|
... | ... | |
515 |
519 |
services_by_url[service['saml-sp-metadata-url']] = service
|
516 |
520 |
return services_by_url
|
517 |
521 |
|
518 |
|
def notify_agents_http(self, data):
|
|
522 |
def notify_agents_http(self, data, sync=False):
|
519 |
523 |
services_by_url = self.get_http_services_by_url()
|
520 |
524 |
audience = data.get('audience')
|
521 |
525 |
rest_audience = [x for x in audience if x in services_by_url]
|
... | ... | |
523 |
527 |
for audience in rest_audience:
|
524 |
528 |
service = services_by_url[audience]
|
525 |
529 |
data['audience'] = [audience]
|
|
530 |
url = service['provisionning-url'] + '?orig=%s' % service['orig']
|
|
531 |
if sync:
|
|
532 |
url += '&sync=1'
|
526 |
533 |
try:
|
527 |
|
response = requests.put(
|
528 |
|
sign_url(service['provisionning-url'] + '?orig=%s' % service['orig'], service['secret']),
|
529 |
|
json=data,
|
530 |
|
)
|
|
534 |
response = requests.put(sign_url(url, service['secret']), json=data)
|
531 |
535 |
response.raise_for_status()
|
532 |
536 |
except requests.RequestException as e:
|
533 |
537 |
logger.error(u'error provisionning to %s (%s)', audience, e)
|