0002-add-new-agent-task-to-provision-objects-to-tenants-f.patch
| debian/agent/sudo-hobo-agent | ||
|---|---|---|
| 3 | 3 |
hobo-agent ALL=(combo)NOPASSWD:/usr/bin/combo-manage hobo_deploy * - |
| 4 | 4 |
hobo-agent ALL=(passerelle)NOPASSWD:/usr/bin/passerelle-manage hobo_deploy * - |
| 5 | 5 |
hobo-agent ALL=(fargo)NOPASSWD:/usr/bin/fargo-manage hobo_deploy * - |
| 6 |
hobo-agent ALL=(wcs-au-quotidien)NOPASSWD:/usr/sbin/wcsctl -f /etc/wcs/wcs-au-quotidien.cfg hobo_notify - |
|
| 7 |
hobo-agent ALL=(authentic-multitenant)NOPASSWD:/usr/bin/authentic2-multitenant-manage hobo_notify - |
|
| 8 |
hobo-agent ALL=(combo)NOPASSWD:/usr/bin/combo-manage hobo_notify - |
|
| 9 |
hobo-agent ALL=(passerelle)NOPASSWD:/usr/bin/passerelle-manage hobo_notify - |
|
| 10 |
hobo-agent ALL=(fargo)NOPASSWD:/usr/bin/fargo-manage hobo_notify - |
|
| debian/debian_config_common.py | ||
|---|---|---|
| 176 | 176 |
LANGUAGES = (('fr', u'Fran\xe7ais'),)
|
| 177 | 177 |
USE_L10N = True |
| 178 | 178 |
USE_TZ = True |
| 179 | ||
| 180 |
# Celery configuration |
|
| 181 |
BROKER_URL = 'amqp://' |
|
| 182 |
BROKER_TASK_EXPIRES = 120 |
|
| hobo/agent/authentic2/apps.py | ||
|---|---|---|
| 1 |
import json |
|
| 2 | ||
| 1 | 3 |
from django.apps import AppConfig |
| 4 |
from django.db.models.signals import post_save, post_delete |
|
| 5 |
from django.db.models import Q |
|
| 6 |
from django.conf import settings |
|
| 7 | ||
| 8 |
from django_rbac.utils import get_role_model |
|
| 9 | ||
| 10 |
from hobo.agent.common import notify_agents |
|
| 11 |
from authentic2.utils import to_list |
|
| 12 |
from authentic2.saml.models import LibertyProvider |
|
| 13 | ||
| 14 | ||
| 15 |
def get_ou(role_or_through): |
|
| 16 |
if hasattr(role_or_through, 'ou'): |
|
| 17 |
return role_or_through.ou |
|
| 18 |
else: |
|
| 19 |
return role_or_through.role.ou |
|
| 20 | ||
| 21 | ||
| 22 |
def get_audience(role_or_through): |
|
| 23 |
ou = get_ou(role_or_through) |
|
| 24 |
if ou: |
|
| 25 |
qs = LibertyProvider.objects.filter(ou=ou) |
|
| 26 |
else: |
|
| 27 |
qs = LibertyProvider.objects.filter(ou__isnull=True) |
|
| 28 |
return list(qs.values_list('entity_id', flat=True))
|
|
| 29 | ||
| 30 | ||
| 31 |
def get_related_roles(role_or_through): |
|
| 32 |
ou = get_ou(role_or_through) |
|
| 33 |
Role = get_role_model() |
|
| 34 |
qs = Role.objects.filter(admin_scope_id__isnull=True) \ |
|
| 35 |
.prefetch_related('attributes')
|
|
| 36 |
if ou: |
|
| 37 |
qs = qs.filter(ou=ou) |
|
| 38 |
else: |
|
| 39 |
qs = qs.filter(ou__isnull=True) |
|
| 40 |
for role in qs: |
|
| 41 |
role.emails = [] |
|
| 42 |
role.emails_to_members = False |
|
| 43 |
for attribute in role.attributes.all(): |
|
| 44 |
if attribute.name in ('emails', 'emails_to_members') and attribute.kind == 'json':
|
|
| 45 |
setattr(role, attribute.name, json.loads(attribute.value)) |
|
| 46 |
return qs |
|
| 47 | ||
| 48 | ||
| 49 |
def notify_roles(sender, instance, **kwargs): |
|
| 50 |
notify_agents({
|
|
| 51 |
'@type': 'provision', |
|
| 52 |
'audience': get_audience(instance), |
|
| 53 |
'full': True, |
|
| 54 |
'objects': [ |
|
| 55 |
{
|
|
| 56 |
'@type': 'role', |
|
| 57 |
'uuid': role.uuid, |
|
| 58 |
'name': role.name, |
|
| 59 |
'slug': role.slug, |
|
| 60 |
'description': role.description, |
|
| 61 |
'emails': role.emails, |
|
| 62 |
'emails_to_members': role.emails_to_members, |
|
| 63 |
} for role in get_related_roles(instance) |
|
| 64 |
] |
|
| 65 |
}) |
|
| 66 | ||
| 2 | 67 | |
| 3 | 68 |
class Authentic2AgentConfig(AppConfig): |
| 4 | 69 |
name = 'hobo.agent.authentic2' |
| 5 | 70 |
label = 'authentic2_agent' |
| 6 | 71 |
verbose_name = 'Authentic2 Agent' |
| 72 | ||
| 73 |
def ready(self): |
|
| 74 |
Role = get_role_model() |
|
| 75 |
post_save.connect(notify_roles, Role) |
|
| 76 |
post_delete.connect(notify_roles, Role) |
|
| 77 |
post_save.connect(notify_roles, Role.members.through) |
|
| 78 |
post_delete.connect(notify_roles, Role.members.through) |
|
| 79 |
settings.A2_MANAGER_ROLE_FORM_CLASS = 'hobo.agent.authentic2.role_forms.RoleForm' |
|
| hobo/agent/authentic2/locale/fr/LC_MESSAGES/django.po | ||
|---|---|---|
| 1 |
# Translation of hobo |
|
| 2 |
# Copyright (C) 2015 Entr'ouvert |
|
| 3 |
# This file is distributed under the same license as the hobo package. |
|
| 4 |
# Benjamin Dauvergne <bdauvergne@entrouvert.com>, 2015 |
|
| 5 |
# |
|
| 6 |
msgid "" |
|
| 7 |
msgstr "" |
|
| 8 |
"Project-Id-Version: hobo 0\n" |
|
| 9 |
"Report-Msgid-Bugs-To: \n" |
|
| 10 |
"POT-Creation-Date: 2015-06-11 15:06+0200\n" |
|
| 11 |
"PO-Revision-Date: 2014-03-24 19:31+0100\n" |
|
| 12 |
"Last-Translator: Benjamin Dauvergne <bdauvergne@entrouvert.com>\n" |
|
| 13 |
"Language: French\n" |
|
| 14 |
"MIME-Version: 1.0\n" |
|
| 15 |
"Content-Type: text/plain; charset=UTF-8\n" |
|
| 16 |
"Content-Transfer-Encoding: 8bit\n" |
|
| 17 |
"Plural-Forms: nplurals=2; plural=(n > 1);\n" |
|
| 18 | ||
| 19 |
#: management/commands/hobo_deploy.py:148 |
|
| 20 |
#: management/commands/import-wcs-roles.py:49 |
|
| 21 |
msgid "Superuser" |
|
| 22 |
msgstr "Super-utilisateur" |
|
| 23 | ||
| 24 |
#: role_forms.py:23 |
|
| 25 |
#, python-brace-format |
|
| 26 |
msgid "Item {0} is invalid: {1}"
|
|
| 27 |
msgstr "L'élément {0} est invalide: {1}"
|
|
| 28 | ||
| 29 |
#: role_forms.py:62 |
|
| 30 |
msgid "Emails" |
|
| 31 |
msgstr "Courriels" |
|
| 32 | ||
| 33 |
#: role_forms.py:65 |
|
| 34 |
msgid "Emails to members" |
|
| 35 |
msgstr "Propager les courriels à tous les utilisateurs ayant ce rôle" |
|
| hobo/agent/authentic2/role_forms.py | ||
|---|---|---|
| 1 |
import json |
|
| 2 | ||
| 3 |
from django import forms |
|
| 4 |
from django.core import validators |
|
| 5 |
from django.core.exceptions import ValidationError |
|
| 6 |
from django.utils.translation import ugettext_lazy as _ |
|
| 7 | ||
| 8 |
from authentic2.a2_rbac.models import RoleAttribute, Role |
|
| 9 |
from authentic2.validators import EmailValidator |
|
| 10 |
from authentic2.manager.forms import RoleEditForm |
|
| 11 | ||
| 12 | ||
| 13 |
class ListValidator(object): |
|
| 14 |
def __init__(self, item_validator): |
|
| 15 |
self.item_validator = item_validator |
|
| 16 | ||
| 17 |
def __call__(self, value): |
|
| 18 |
for i, item in enumerate(value): |
|
| 19 |
try: |
|
| 20 |
self.item_validator(item) |
|
| 21 |
except ValidationError, e: |
|
| 22 |
raise ValidationError( |
|
| 23 |
_('Item {0} is invalid: {1}') % (i, e.args[0]))
|
|
| 24 | ||
| 25 | ||
| 26 |
class CommaSeparatedInput(forms.TextInput): |
|
| 27 |
def _format_value(self, value): |
|
| 28 |
return u', '.join(value) |
|
| 29 | ||
| 30 | ||
| 31 |
class CommaSeparatedCharField(forms.Field): |
|
| 32 |
widget = CommaSeparatedInput |
|
| 33 | ||
| 34 |
def __init__(self, dedup=True, max_length=None, min_length=None, *args, |
|
| 35 |
**kwargs): |
|
| 36 |
self.dedup = dedup |
|
| 37 |
self.max_length = max_length |
|
| 38 |
self.min_length = min_length |
|
| 39 |
item_validators = kwargs.pop('item_validators', [])
|
|
| 40 |
super(CommaSeparatedCharField, self).__init__(*args, **kwargs) |
|
| 41 |
for item_validator in item_validators: |
|
| 42 |
self.validators.append(ListValidator(item_validator)) |
|
| 43 | ||
| 44 |
def to_python(self, value): |
|
| 45 |
if value in validators.EMPTY_VALUES: |
|
| 46 |
return [] |
|
| 47 | ||
| 48 |
value = [item.strip() for item in value.split(',') if item.strip()]
|
|
| 49 |
if self.dedup: |
|
| 50 |
value = list(set(value)) |
|
| 51 | ||
| 52 |
return value |
|
| 53 | ||
| 54 |
def clean(self, value): |
|
| 55 |
value = self.to_python(value) |
|
| 56 |
self.validate(value) |
|
| 57 |
self.run_validators(value) |
|
| 58 |
return value |
|
| 59 | ||
| 60 | ||
| 61 |
class RoleForm(RoleEditForm): |
|
| 62 |
emails = CommaSeparatedCharField(label=_('Emails'),
|
|
| 63 |
item_validators=[EmailValidator()]) |
|
| 64 |
emails_to_members = forms.BooleanField(required=False, |
|
| 65 |
label=_('Emails to members'))
|
|
| 66 | ||
| 67 |
def __init__(self, *args, **kwargs): |
|
| 68 |
instance = kwargs.get('instance')
|
|
| 69 |
if instance: |
|
| 70 |
fields = Role._meta.get_all_field_names() |
|
| 71 |
initial = kwargs.setdefault('initial', {})
|
|
| 72 |
role_attributes = RoleAttribute.objects.filter(role=instance, |
|
| 73 |
kind='json') |
|
| 74 |
for role_attribute in role_attributes: |
|
| 75 |
if role_attribute.name in fields: |
|
| 76 |
continue |
|
| 77 |
initial[role_attribute.name] = json.loads(role_attribute.value) |
|
| 78 |
super(RoleForm, self).__init__(*args, **kwargs) |
|
| 79 | ||
| 80 |
def save(self, commit=True): |
|
| 81 |
fields = Role._meta.get_all_field_names() |
|
| 82 |
assert commit |
|
| 83 |
instance = super(RoleForm, self).save(commit=commit) |
|
| 84 |
for field in self.cleaned_data: |
|
| 85 |
if field in fields: |
|
| 86 |
continue |
|
| 87 |
value = json.dumps(self.cleaned_data[field]) |
|
| 88 |
ra, created = RoleAttribute.objects.get_or_create( |
|
| 89 |
role=instance, name=field, kind='json', |
|
| 90 |
defaults={'value': value})
|
|
| 91 |
if not created and ra.value != value: |
|
| 92 |
ra.value = value |
|
| 93 |
ra.save() |
|
| 94 |
instance.save() |
|
| 95 |
return instance |
|
| hobo/agent/common/__init__.py | ||
|---|---|---|
| 1 |
from celery import Celery |
|
| 2 |
from kombu.common import Broadcast |
|
| 3 | ||
| 4 |
from django.conf import settings |
|
| 5 |
from django.db import connection |
|
| 6 | ||
| 7 | ||
| 8 |
def notify_agents(data): |
|
| 9 |
'''Send notifications to all other tenants''' |
|
| 10 |
notification = {
|
|
| 11 |
'tenant': connection.get_tenant().domain_url, |
|
| 12 |
'data': data, |
|
| 13 |
} |
|
| 14 |
with Celery('hobo', broker=settings.BROKER_URL) as app:
|
|
| 15 |
app.conf.update( |
|
| 16 |
CELERY_TASK_SERIALIZER='json', |
|
| 17 |
CELERY_ACCEPT_CONTENT=['json'], |
|
| 18 |
CELERY_RESULT_SERIALIZER='json', |
|
| 19 |
CELERY_QUEUES=(Broadcast('broadcast_tasks'), )
|
|
| 20 |
) |
|
| 21 |
# see called method in hobo.agent.worker.celery |
|
| 22 |
app.send_task('hobo-notify',
|
|
| 23 |
(notification,), |
|
| 24 |
expires=settings.BROKER_TASK_EXPIRES, |
|
| 25 |
queue='broadcast_tasks') |
|
| hobo/agent/common/management/commands/hobo_notify.py | ||
|---|---|---|
| 1 |
from django.core.management.base import BaseCommand |
|
| 2 | ||
| 3 | ||
| 4 |
class Command(BaseCommand): |
|
| 5 |
def handle(self, *args, **kwargs): |
|
| 6 |
pass |
|
| hobo/agent/worker/celery.py | ||
|---|---|---|
| 13 | 13 |
CELERY_QUEUES=(Broadcast('broadcast_tasks'), )
|
| 14 | 14 |
) |
| 15 | 15 | |
| 16 | ||
| 16 | 17 |
@app.task(name='hobo-deploy', bind=True) |
| 17 | 18 |
def deploy(self, environment): |
| 18 | 19 |
services.deploy(environment) |
| 20 | ||
| 21 | ||
| 22 |
@app.task(name='hobo-notify', bind=True, acks_late=True) |
|
| 23 |
def hobo_notify(self, notification): |
|
| 24 |
assert 'tenant' in notification |
|
| 25 |
assert 'data' in notification |
|
| 26 |
services.notify(notification['data']) |
|
| hobo/agent/worker/services.py | ||
|---|---|---|
| 1 |
import sys |
|
| 1 | 2 |
import ConfigParser |
| 2 | 3 |
import fnmatch |
| 3 | 4 |
import json |
| ... | ... | |
| 19 | 20 |
self.title = title |
| 20 | 21 |
self.secret_key = secret_key |
| 21 | 22 | |
| 22 |
def is_for_us(self): |
|
| 23 |
@classmethod |
|
| 24 |
def is_for_us(cls, url): |
|
| 23 | 25 |
# This function checks if the requested service is to be hosted |
| 24 | 26 |
# on this server, and return True if appropriate. |
| 25 | 27 |
# |
| ... | ... | |
| 30 | 32 |
# (ex: "! *.dev.au-quotidien.com"). |
| 31 | 33 |
if not settings.AGENT_HOST_PATTERNS: |
| 32 | 34 |
return True |
| 33 |
patterns = settings.AGENT_HOST_PATTERNS.get(self.service_id)
|
|
| 35 |
patterns = settings.AGENT_HOST_PATTERNS.get(cls.service_id)
|
|
| 34 | 36 |
if patterns is None: |
| 35 | 37 |
return True |
| 36 |
parsed_url = urllib2.urlparse.urlsplit(self.base_url)
|
|
| 38 |
parsed_url = urllib2.urlparse.urlsplit(url) |
|
| 37 | 39 |
netloc = parsed_url.netloc |
| 38 | 40 |
match = False |
| 39 | 41 |
for pattern in patterns: |
| ... | ... | |
| 55 | 57 |
shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE) |
| 56 | 58 |
stdout = cmd_process.communicate(input=json.dumps(environment)) |
| 57 | 59 | |
| 60 |
@classmethod |
|
| 61 |
def notify(cls, data): |
|
| 62 |
for audience in data.get('audience', []):
|
|
| 63 |
if cls.is_for_us(audience): |
|
| 64 |
break |
|
| 65 |
else: |
|
| 66 |
return |
|
| 67 |
cmd = cls.service_manage_cmd + ' hobo_notify -' |
|
| 68 |
try: |
|
| 69 |
cmd_process = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE, |
|
| 70 |
stdout=subprocess.PIPE, stderr=subprocess.PIPE) |
|
| 71 |
except OSError: |
|
| 72 |
return |
|
| 73 |
stdout, stderr = cmd_process.communicate(input=json.dumps(data)) |
|
| 74 |
if cmd_process.returncode != 0: |
|
| 75 |
raise RuntimeError('command "%s" failed: %r %r' % (cmd, stdout, stderr))
|
|
| 76 | ||
| 58 | 77 | |
| 59 | 78 |
class Passerelle(BaseService): |
| 60 | 79 |
service_id = 'passerelle' |
| ... | ... | |
| 106 | 125 |
if not service_id in service_classes: |
| 107 | 126 |
continue |
| 108 | 127 |
service_obj = service_classes.get(service_id)(**service) |
| 109 |
if not service_obj.is_for_us(): |
|
| 128 |
if not service_obj.is_for_us(service_obj.base_url):
|
|
| 110 | 129 |
logger.debug('skipping as not for us: %r', service_obj)
|
| 111 | 130 |
continue |
| 112 | 131 |
if service_obj.check_timestamp(hobo_timestamp): |
| 113 | 132 |
logger.debug('skipping uptodate site: %r', service_obj)
|
| 114 | 133 |
continue |
| 115 | 134 |
service_obj.execute(environment) |
| 135 | ||
| 136 |
def notify(data): |
|
| 137 |
for klassname, service in globals().items(): |
|
| 138 |
if not hasattr(service, 'service_id'): |
|
| 139 |
continue |
|
| 140 |
service.notify(data) |
|
| 116 |
- |
|