0001-add-new-agent-task-to-provision-objects-to-tenants-f.patch
| debian/agent/sudo-hobo-agent | ||
|---|---|---|
| 3 | 3 |
hobo-agent ALL=(combo)NOPASSWD:/usr/bin/combo-manage hobo_deploy * - |
| 4 | 4 |
hobo-agent ALL=(passerelle)NOPASSWD:/usr/bin/passerelle-manage hobo_deploy * - |
| 5 | 5 |
hobo-agent ALL=(fargo)NOPASSWD:/usr/bin/fargo-manage hobo_deploy * - |
| 6 |
hobo-agent ALL=(wcs-au-quotidien)NOPASSWD:/usr/sbin/wcsctl -f /etc/wcs/wcs-au-quotidien.cfg hobo_notify - |
|
| 7 |
hobo-agent ALL=(authentic-multitenant)NOPASSWD:/usr/bin/authentic2-multitenant-manage hobo_notify - |
|
| 8 |
hobo-agent ALL=(combo)NOPASSWD:/usr/bin/combo-manage hobo_notify - |
|
| 9 |
hobo-agent ALL=(passerelle)NOPASSWD:/usr/bin/passerelle-manage hobo_notify - |
|
| 10 |
hobo-agent ALL=(fargo)NOPASSWD:/usr/bin/fargo-manage hobo_notify - |
|
| debian/debian_config_common.py | ||
|---|---|---|
| 176 | 176 |
LANGUAGES = (('fr', u'Fran\xe7ais'),)
|
| 177 | 177 |
USE_L10N = True |
| 178 | 178 |
USE_TZ = True |
| 179 | ||
| 180 |
# Celery configuration |
|
| 181 |
BROKER_URL = 'amqp://' |
|
| 182 |
BROKER_TASK_EXPIRES = 120 |
|
| hobo/agent/authentic2/apps.py | ||
|---|---|---|
| 1 |
import json |
|
| 2 | ||
| 1 | 3 |
from django.apps import AppConfig |
| 4 |
from django.db.models.signals import post_save, post_delete |
|
| 5 |
from django.db.models import Q |
|
| 6 |
from django.conf import settings |
|
| 7 | ||
| 8 |
from django_rbac.utils import get_role_model |
|
| 9 | ||
| 10 |
from hobo.agent.common import notify_agents |
|
| 11 |
from authentic2.utils import to_list |
|
| 12 |
from authentic2.saml.models import LibertyProvider |
|
| 13 | ||
| 14 | ||
| 15 |
def get_ou(role_or_through): |
|
| 16 |
if hasattr(role_or_through, 'ou'): |
|
| 17 |
return role_or_through.ou |
|
| 18 |
else: |
|
| 19 |
return role_or_through.role.ou |
|
| 20 | ||
| 21 | ||
| 22 |
def get_audience(role_or_through): |
|
| 23 |
ou = get_ou(role_or_through) |
|
| 24 |
if ou: |
|
| 25 |
qs = LibertyProvider.objects.filter(ou=ou) |
|
| 26 |
else: |
|
| 27 |
qs = LibertyProvider.objects.filter(ou__isnull=True) |
|
| 28 |
return list(qs.values_list('entity_id', flat=True))
|
|
| 29 | ||
| 30 | ||
| 31 |
def get_related_roles(role_or_through): |
|
| 32 |
ou = get_ou(role_or_through) |
|
| 33 |
Role = get_role_model() |
|
| 34 |
qs = Role.objects.filter(admin_scope_id__isnull=True) \ |
|
| 35 |
.prefetch_related('attributes')
|
|
| 36 |
if ou: |
|
| 37 |
qs = qs.filter(ou=ou) |
|
| 38 |
else: |
|
| 39 |
qs = qs.filter(ou__isnull=True) |
|
| 40 |
for role in qs: |
|
| 41 |
role.emails = [] |
|
| 42 |
role.emails_to_members = False |
|
| 43 |
for attribute in role.attributes.all(): |
|
| 44 |
if attribute.name in ('emails', 'emails_to_members') and attribute.kind == 'json':
|
|
| 45 |
setattr(role, attribute.name, json.loads(attribute.value)) |
|
| 46 |
return qs |
|
| 47 | ||
| 48 | ||
| 49 |
def notify_roles(sender, instance, **kwargs): |
|
| 50 |
notify_agents({
|
|
| 51 |
'@type': 'provision', |
|
| 52 |
'audience': get_audience(instance), |
|
| 53 |
'full': True, |
|
| 54 |
'objects': [ |
|
| 55 |
{
|
|
| 56 |
'@type': 'role', |
|
| 57 |
'uuid': role.uuid, |
|
| 58 |
'name': role.name, |
|
| 59 |
'slug': role.slug, |
|
| 60 |
'description': role.description, |
|
| 61 |
'emails': role.emails, |
|
| 62 |
'emails_to_members': role.emails_to_members, |
|
| 63 |
} for role in get_related_roles(instance) |
|
| 64 |
] |
|
| 65 |
}) |
|
| 66 | ||
| 2 | 67 | |
| 3 | 68 |
class Authentic2AgentConfig(AppConfig): |
| 4 | 69 |
name = 'hobo.agent.authentic2' |
| 5 | 70 |
label = 'authentic2_agent' |
| 6 | 71 |
verbose_name = 'Authentic2 Agent' |
| 72 | ||
| 73 |
def ready(self): |
|
| 74 |
Role = get_role_model() |
|
| 75 |
post_save.connect(notify_roles, Role) |
|
| 76 |
post_delete.connect(notify_roles, Role) |
|
| 77 |
post_save.connect(notify_roles, Role.members.through) |
|
| 78 |
post_delete.connect(notify_roles, Role.members.through) |
|
| 79 |
settings.A2_MANAGER_ROLE_FORM_CLASS = 'hobo.agent.authentic2.role_forms.RoleForm' |
|
| hobo/agent/common/__init__.py | ||
|---|---|---|
| 1 |
from celery import Celery |
|
| 2 |
from kombu.common import Broadcast |
|
| 3 | ||
| 4 |
from django.conf import settings |
|
| 5 |
from django.db import connection |
|
| 6 | ||
| 7 | ||
| 8 |
def notify_agents(data): |
|
| 9 |
'''Send notifications to all other tenants''' |
|
| 10 |
notification = {
|
|
| 11 |
'tenant': connection.get_tenant().domain_url, |
|
| 12 |
'data': data, |
|
| 13 |
} |
|
| 14 |
with Celery('hobo', broker=settings.BROKER_URL) as app:
|
|
| 15 |
app.conf.update( |
|
| 16 |
CELERY_TASK_SERIALIZER='json', |
|
| 17 |
CELERY_ACCEPT_CONTENT=['json'], |
|
| 18 |
CELERY_RESULT_SERIALIZER='json', |
|
| 19 |
CELERY_QUEUES=(Broadcast('broadcast_tasks'), )
|
|
| 20 |
) |
|
| 21 |
# see called method in hobo.agent.worker.celery |
|
| 22 |
app.send_task('hobo-notify',
|
|
| 23 |
(notification,), |
|
| 24 |
expires=settings.BROKER_TASK_EXPIRES, |
|
| 25 |
queue='broadcast_tasks') |
|
| hobo/agent/worker/celery.py | ||
|---|---|---|
| 13 | 13 |
CELERY_QUEUES=(Broadcast('broadcast_tasks'), )
|
| 14 | 14 |
) |
| 15 | 15 | |
| 16 | ||
| 16 | 17 |
@app.task(name='hobo-deploy', bind=True) |
| 17 | 18 |
def deploy(self, environment): |
| 18 | 19 |
services.deploy(environment) |
| 20 | ||
| 21 | ||
| 22 |
@app.task(name='hobo-notify', bind=True, acks_late=True) |
|
| 23 |
def hobo_notify(self, notification): |
|
| 24 |
assert 'tenant' in notification |
|
| 25 |
assert 'data' in notification |
|
| 26 |
services.notify(notification['data']) |
|
| hobo/agent/worker/services.py | ||
|---|---|---|
| 1 |
import sys |
|
| 1 | 2 |
import ConfigParser |
| 2 | 3 |
import fnmatch |
| 3 | 4 |
import json |
| ... | ... | |
| 19 | 20 |
self.title = title |
| 20 | 21 |
self.secret_key = secret_key |
| 21 | 22 | |
| 22 |
def is_for_us(self): |
|
| 23 |
@classmethod |
|
| 24 |
def is_for_us(cls, url): |
|
| 23 | 25 |
# This function checks if the requested service is to be hosted |
| 24 | 26 |
# on this server, and return True if appropriate. |
| 25 | 27 |
# |
| ... | ... | |
| 30 | 32 |
# (ex: "! *.dev.au-quotidien.com"). |
| 31 | 33 |
if not settings.AGENT_HOST_PATTERNS: |
| 32 | 34 |
return True |
| 33 |
patterns = settings.AGENT_HOST_PATTERNS.get(self.service_id)
|
|
| 35 |
patterns = settings.AGENT_HOST_PATTERNS.get(cls.service_id)
|
|
| 34 | 36 |
if patterns is None: |
| 35 | 37 |
return True |
| 36 |
parsed_url = urllib2.urlparse.urlsplit(self.base_url)
|
|
| 38 |
parsed_url = urllib2.urlparse.urlsplit(url) |
|
| 37 | 39 |
netloc = parsed_url.netloc |
| 38 | 40 |
match = False |
| 39 | 41 |
for pattern in patterns: |
| ... | ... | |
| 55 | 57 |
shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE) |
| 56 | 58 |
stdout = cmd_process.communicate(input=json.dumps(environment)) |
| 57 | 59 | |
| 60 |
@classmethod |
|
| 61 |
def notify(cls, data): |
|
| 62 |
for audience in data.get('audience', []):
|
|
| 63 |
if cls.is_for_us(audience): |
|
| 64 |
break |
|
| 65 |
else: |
|
| 66 |
return |
|
| 67 |
cmd = cls.service_manage_cmd + ' hobo_notify -' |
|
| 68 |
try: |
|
| 69 |
cmd_process = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE, |
|
| 70 |
stdout=subprocess.PIPE, stderr=subprocess.PIPE) |
|
| 71 |
except OSError: |
|
| 72 |
return |
|
| 73 |
stdout, stderr = cmd_process.communicate(input=json.dumps(data)) |
|
| 74 |
if cmd_process.returncode != 0: |
|
| 75 |
raise RuntimeError('command "%s" failed: %r %r' % (cmd, stdout, stderr))
|
|
| 76 | ||
| 58 | 77 | |
| 59 | 78 |
class Passerelle(BaseService): |
| 60 | 79 |
service_id = 'passerelle' |
| ... | ... | |
| 106 | 125 |
if not service_id in service_classes: |
| 107 | 126 |
continue |
| 108 | 127 |
service_obj = service_classes.get(service_id)(**service) |
| 109 |
if not service_obj.is_for_us(): |
|
| 128 |
if not service_obj.is_for_us(service_obj.base_url):
|
|
| 110 | 129 |
logger.debug('skipping as not for us: %r', service_obj)
|
| 111 | 130 |
continue |
| 112 | 131 |
if service_obj.check_timestamp(hobo_timestamp): |
| 113 | 132 |
logger.debug('skipping uptodate site: %r', service_obj)
|
| 114 | 133 |
continue |
| 115 | 134 |
service_obj.execute(environment) |
| 135 | ||
| 136 |
def notify(data): |
|
| 137 |
for klassname, service in globals().items(): |
|
| 138 |
if not hasattr(service, 'service_id'): |
|
| 139 |
continue |
|
| 140 |
service.notify(data) |
|
| 116 |
- |
|