0001-authentic2-use-direct-imports-for-rbac-models-70963.patch
| hobo/agent/authentic2/management/commands/hobo_deploy.py | ||
|---|---|---|
| 5 | 5 | |
| 6 | 6 |
import requests |
| 7 | 7 |
from authentic2 import app_settings |
| 8 |
from authentic2.a2_rbac.models import OrganizationalUnit, Role |
|
| 8 | 9 |
from authentic2.a2_rbac.utils import get_default_ou |
| 9 | 10 |
from authentic2.compat_lasso import lasso |
| 10 | 11 |
from authentic2.models import Attribute |
| ... | ... | |
| 15 | 16 |
from django.core import serializers |
| 16 | 17 |
from django.utils.translation import activate |
| 17 | 18 |
from django.utils.translation import ugettext as _ |
| 18 |
from django_rbac.utils import get_ou_model, get_role_model |
|
| 19 | 19 |
from tenant_schemas.utils import tenant_context |
| 20 | 20 | |
| 21 | 21 |
from hobo.agent.authentic2.provisionning import Provisionning |
| ... | ... | |
| 185 | 185 |
provider.metadata_url = service['saml-sp-metadata-url'] |
| 186 | 186 |
variables = service.get('variables', {})
|
| 187 | 187 |
if variables.get('ou-slug'):
|
| 188 |
ou, created = get_ou_model().objects.get_or_create(
|
|
| 188 |
ou, created = OrganizationalUnit.objects.get_or_create(
|
|
| 189 | 189 |
slug=service['variables']['ou-slug'] |
| 190 | 190 |
) |
| 191 | 191 |
ou.name = service['variables']['ou-label'] |
| ... | ... | |
| 208 | 208 |
create_ou = True |
| 209 | 209 |
break |
| 210 | 210 |
if create_ou: |
| 211 |
ou, created = get_ou_model().objects.get_or_create(name=service['title'])
|
|
| 211 |
ou, created = OrganizationalUnit.objects.get_or_create(name=service['title'])
|
|
| 212 | 212 |
if service_created or not provider.ou: |
| 213 | 213 |
provider.ou = ou |
| 214 | 214 |
provision_target_ous[provider.ou.id] = provider.ou |
| ... | ... | |
| 226 | 226 |
service_provider.save() |
| 227 | 227 | |
| 228 | 228 |
# add a superuser role for the service |
| 229 |
Role = get_role_model() |
|
| 230 | 229 |
name = _('Superuser of %s') % service['title']
|
| 231 | 230 |
su_role, created = Role.objects.get_or_create( |
| 232 | 231 |
service=provider, slug='_a2-hobo-superuser', defaults={'name': name}
|
| ... | ... | |
| 272 | 271 |
if provision_target_ous: |
| 273 | 272 |
# mass provision roles on new created services |
| 274 | 273 |
engine = Provisionning() |
| 275 |
roles = get_role_model().objects.all()
|
|
| 274 |
roles = Role.objects.all()
|
|
| 276 | 275 |
engine.notify_roles(provision_target_ous, roles, full=True) |
| 277 | 276 | |
| 278 | 277 |
for service in services: |
| ... | ... | |
| 298 | 297 |
if not os.path.exists(roles_filename): |
| 299 | 298 |
self.logger.debug('no skeleton roles: roles file %r does not ' 'exist', roles_filename)
|
| 300 | 299 |
return |
| 301 |
Role = get_role_model() |
|
| 302 | 300 |
if Role.objects.filter(ou=provider.ou).exclude(slug__startswith='_').exists(): |
| 303 | 301 |
return |
| 304 | 302 |
roles = [] |
| hobo/agent/authentic2/management/commands/hobo_provision.py | ||
|---|---|---|
| 1 | 1 |
import time |
| 2 | 2 | |
| 3 |
from authentic2.a2_rbac.models import OrganizationalUnit, Role |
|
| 3 | 4 |
from django.contrib.auth import get_user_model |
| 4 | 5 |
from django.core.management.base import BaseCommand |
| 5 |
from django_rbac.utils import get_ou_model, get_role_model |
|
| 6 | 6 | |
| 7 | 7 |
from hobo.agent.authentic2.provisionning import Provisionning |
| 8 | 8 | |
| ... | ... | |
| 26 | 26 |
def handle(self, *args, **options): |
| 27 | 27 |
self.verbosity = options['verbosity'] |
| 28 | 28 |
engine = Provisionning() |
| 29 |
ous = {ou.id: ou for ou in get_ou_model().objects.all()}
|
|
| 29 |
ous = {ou.id: ou for ou in OrganizationalUnit.objects.all()}
|
|
| 30 | 30 | |
| 31 | 31 |
if options['roles']: |
| 32 | 32 |
self.provision_roles(engine, ous) |
| ... | ... | |
| 43 | 43 |
self.stdout.write('Done.')
|
| 44 | 44 | |
| 45 | 45 |
def provision_roles(self, engine, ous): |
| 46 |
roles = get_role_model().objects.all()
|
|
| 46 |
roles = Role.objects.all()
|
|
| 47 | 47 |
if self.verbosity > 0: |
| 48 | 48 |
self.stdout.write(f'Provisionning {roles.count()} roles.')
|
| 49 | 49 |
engine.notify_roles(ous, roles, full=True) |
| ... | ... | |
| 69 | 69 |
time.sleep(batch_sleep) |
| 70 | 70 | |
| 71 | 71 |
if has_role_attributes: |
| 72 |
roles_with_attributes = ( |
|
| 73 |
get_role_model().objects.filter(attributes__name='is_superuser').children() |
|
| 74 |
) |
|
| 72 |
roles_with_attributes = Role.objects.filter(attributes__name='is_superuser').children() |
|
| 75 | 73 |
else: |
| 76 |
roles_with_attributes = get_role_model().objects.filter(is_superuser=True).children()
|
|
| 74 |
roles_with_attributes = Role.objects.filter(is_superuser=True).children()
|
|
| 77 | 75 |
# first those without and admin attribute |
| 78 | 76 |
normal_users = qs.exclude(roles__in=roles_with_attributes) |
| 79 | 77 | |
| hobo/agent/authentic2/provisionning.py | ||
|---|---|---|
| 7 | 7 |
from itertools import chain, islice |
| 8 | 8 | |
| 9 | 9 |
import requests |
| 10 |
from authentic2.a2_rbac.models import OrganizationalUnit as OU |
|
| 11 |
from authentic2.a2_rbac.models import Role, RoleParenting |
|
| 10 | 12 |
from authentic2.models import AttributeValue |
| 11 | 13 |
from authentic2.saml.models import LibertyProvider |
| 12 | 14 |
from django.conf import settings |
| ... | ... | |
| 14 | 16 |
from django.db import connection, transaction |
| 15 | 17 |
from django.urls import reverse |
| 16 | 18 |
from django.utils.encoding import force_text |
| 17 |
from django_rbac.utils import get_ou_model, get_role_model, get_role_parenting_model |
|
| 18 | 19 | |
| 19 | 20 |
from hobo.agent.common import notify_agents |
| 20 | 21 |
from hobo.signature import sign_url |
| ... | ... | |
| 28 | 29 | |
| 29 | 30 | |
| 30 | 31 |
User = get_user_model() |
| 31 |
Role = get_role_model() |
|
| 32 |
OU = get_ou_model() |
|
| 33 |
RoleParenting = get_role_parenting_model() |
|
| 34 | 32 | |
| 35 | 33 |
logger = logging.getLogger(__name__) |
| 36 | 34 | |
| tests_authentic/test_provisionning.py | ||
|---|---|---|
| 5 | 5 |
import lasso |
| 6 | 6 |
import pytest |
| 7 | 7 |
import requests |
| 8 |
from authentic2.a2_rbac.models import Role, RoleAttribute |
|
| 8 |
from authentic2.a2_rbac.models import OrganizationalUnit, Role, RoleAttribute
|
|
| 9 | 9 |
from authentic2.a2_rbac.utils import get_default_ou |
| 10 | 10 |
from authentic2.models import Attribute, AttributeValue |
| 11 | 11 |
from authentic2.saml.models import LibertyProvider |
| 12 | 12 |
from django.contrib.auth import get_user_model |
| 13 | 13 |
from django.core.management import call_command |
| 14 |
from django_rbac.utils import get_ou_model |
|
| 15 | 14 |
from tenant_schemas.utils import tenant_context |
| 16 | 15 | |
| 17 | 16 |
from hobo import signature |
| ... | ... | |
| 249 | 248 | |
| 250 | 249 |
# test a service in a second OU also get the provisionning message |
| 251 | 250 |
notify_agents.reset_mock() |
| 252 |
ou2 = get_ou_model().objects.create(name='ou2', slug='ou2')
|
|
| 251 |
ou2 = OrganizationalUnit.objects.create(name='ou2', slug='ou2')
|
|
| 253 | 252 |
LibertyProvider.objects.create( |
| 254 | 253 |
ou=ou2, |
| 255 | 254 |
name='provider2', |
| ... | ... | |
| 482 | 481 |
assert o['is_superuser'] is False |
| 483 | 482 | |
| 484 | 483 |
notify_agents.reset_mock() |
| 485 |
ou2 = get_ou_model().objects.create(name='ou2', slug='ou2')
|
|
| 484 |
ou2 = OrganizationalUnit.objects.create(name='ou2', slug='ou2')
|
|
| 486 | 485 |
LibertyProvider.objects.create( |
| 487 | 486 |
ou=get_default_ou(), |
| 488 | 487 |
name='provider2', |
| 489 |
- |
|