0002-agent-authentic2-make-objects-homogenous-in-a-provis.patch
| hobo/agent/authentic2/apps.py | ||
|---|---|---|
| 18 | 18 | |
| 19 | 19 |
from django.apps import AppConfig |
| 20 | 20 |
from django.db.models.signals import post_save, post_delete |
| 21 |
from django.db.models import Q |
|
| 22 | 21 |
from django.conf import settings |
| 23 | 22 | |
| 24 | 23 |
from django_rbac.utils import get_role_model |
| ... | ... | |
| 69 | 68 |
'@type': 'provision', |
| 70 | 69 |
'audience': get_audience(instance), |
| 71 | 70 |
'full': True, |
| 72 |
'objects': [ |
|
| 73 |
{
|
|
| 74 |
'@type': 'role', |
|
| 75 |
'uuid': role.uuid, |
|
| 76 |
'name': role.name, |
|
| 77 |
'slug': role.slug, |
|
| 78 |
'description': role.description, |
|
| 79 |
'emails': role.emails, |
|
| 80 |
'emails_to_members': role.emails_to_members, |
|
| 81 |
} for role in get_related_roles(instance) |
|
| 82 |
] |
|
| 71 |
'objects': {
|
|
| 72 |
'@type': 'role', |
|
| 73 |
'data': [ |
|
| 74 |
{
|
|
| 75 |
'uuid': role.uuid, |
|
| 76 |
'name': role.name, |
|
| 77 |
'slug': role.slug, |
|
| 78 |
'description': role.description, |
|
| 79 |
'emails': role.emails, |
|
| 80 |
'emails_to_members': role.emails_to_members, |
|
| 81 |
} for role in get_related_roles(instance) |
|
| 82 |
], |
|
| 83 |
} |
|
| 83 | 84 |
}) |
| 84 | 85 |
except OrganizationalUnit.DoesNotExist: |
| 85 | 86 |
pass |
| hobo/agent/common/management/commands/hobo_notify.py | ||
|---|---|---|
| 48 | 48 |
and 'objects' in notification \ |
| 49 | 49 |
and 'audience' in notification \ |
| 50 | 50 |
and isinstance(notification['audience'], list) \ |
| 51 |
and isinstance(notification['objects'], list)
|
|
| 51 |
and isinstance(notification['objects'], dict)
|
|
| 52 | 52 | |
| 53 | 53 |
@classmethod |
| 54 | 54 |
def check_valid_role(cls, o): |
| 55 |
return '@type' in o \ |
|
| 56 |
and o['@type'] == 'role' \ |
|
| 57 |
and 'uuid' in o \ |
|
| 55 |
return 'uuid' in o \ |
|
| 58 | 56 |
and 'name' in o \ |
| 59 | 57 |
and 'description' in o |
| 60 | 58 | |
| ... | ... | |
| 99 | 97 |
if entity_id not in audience: |
| 100 | 98 |
return |
| 101 | 99 |
uuids = set() |
| 102 |
cls.provision_role(action, notification['objects'], full=full) |
|
| 100 |
object_type = notification['objects']['@type'] |
|
| 101 |
getattr(cls, 'provision_' + object_type)(action, notification['objects']['data'], full=full) |
|
| tests_authentic/test_provisionning.py | ||
|---|---|---|
| 27 | 27 |
assert arg['@type'] == 'provision' |
| 28 | 28 |
assert arg['full'] == True |
| 29 | 29 |
objects = arg['objects'] |
| 30 |
assert isinstance(objects, list) |
|
| 31 |
assert len(objects) == 2 |
|
| 30 |
assert isinstance(objects, dict) |
|
| 31 |
assert set(objects.keys()) == set(['data', '@type']) |
|
| 32 |
assert objects['@type'] == 'role' |
|
| 33 |
data = objects['data'] |
|
| 34 |
assert isinstance(data, list) |
|
| 35 |
assert len(data) == 2 |
|
| 32 | 36 |
like_role = 0 |
| 33 |
for o in objects:
|
|
| 34 |
assert set(o.keys()) == set(['@type', 'emails_to_members',
|
|
| 37 |
for o in data:
|
|
| 38 |
assert set(o.keys()) == set(['emails_to_members', |
|
| 35 | 39 |
'description', 'uuid', 'name', |
| 36 | 40 |
'slug', 'emails']) |
| 37 |
assert o['@type'] == 'role' |
|
| 38 | 41 |
assert o['emails_to_members'] == False |
| 39 | 42 |
assert o['emails'] == [] |
| 40 | 43 |
if o['uuid'] == role.uuid and o['name'] == role.name \ |
| tests_multitenant/test_hobo_notify.py | ||
|---|---|---|
| 17 | 17 |
notification = {
|
| 18 | 18 |
u'@type': u'provision', |
| 19 | 19 |
u'audience': [u'http://coin.com/saml/metadata'], |
| 20 |
u'objects': [ |
|
| 21 |
{
|
|
| 22 |
u'@type': 'role', |
|
| 23 |
u'uuid': u'12345', |
|
| 24 |
u'name': u'Service petite enfance', |
|
| 25 |
u'slug': u'service-petite-enfance', |
|
| 26 |
u'description': u'Role du service petite enfance %s' % tenant.domain_url, |
|
| 27 |
} |
|
| 28 |
] |
|
| 20 |
u'objects': {
|
|
| 21 |
u'@type': 'role', |
|
| 22 |
u'data': [ |
|
| 23 |
{
|
|
| 24 |
u'uuid': u'12345', |
|
| 25 |
u'name': u'Service petite enfance', |
|
| 26 |
u'slug': u'service-petite-enfance', |
|
| 27 |
u'description': u'Role du service petite enfance %s' % tenant.domain_url, |
|
| 28 |
} |
|
| 29 |
] |
|
| 30 |
} |
|
| 29 | 31 |
} |
| 30 | 32 |
Command.process_notification(tenant, notification) |
| 31 | 33 |
assert Group.objects.count() == 0 |
| ... | ... | |
| 37 | 39 |
notification = {
|
| 38 | 40 |
u'@type': u'provision', |
| 39 | 41 |
u'audience': [u'%s/saml/metadata' % tenant.get_base_url()], |
| 40 |
u'objects': [ |
|
| 41 |
{
|
|
| 42 |
u'@type': 'role', |
|
| 43 |
u'uuid': u'12345', |
|
| 44 |
u'name': u'Service petite enfance', |
|
| 45 |
u'slug': u'service-petite-enfance', |
|
| 46 |
u'description': u'Role du service petite enfance %s' % tenant.domain_url, |
|
| 47 |
} |
|
| 48 |
] |
|
| 42 |
u'objects': {
|
|
| 43 |
u'@type': 'role', |
|
| 44 |
u'data': [ |
|
| 45 |
{
|
|
| 46 |
u'uuid': u'12345', |
|
| 47 |
u'name': u'Service petite enfance', |
|
| 48 |
u'slug': u'service-petite-enfance', |
|
| 49 |
u'description': u'Role du service petite enfance %s' % tenant.domain_url, |
|
| 50 |
} |
|
| 51 |
] |
|
| 52 |
} |
|
| 49 | 53 |
} |
| 50 | 54 |
Command.process_notification(tenant, notification) |
| 51 | 55 |
assert Group.objects.count() == 1 |
| ... | ... | |
| 62 | 66 |
u'@type': u'provision', |
| 63 | 67 |
u'full': True, |
| 64 | 68 |
u'audience': [u'%s/saml/metadata' % tenant.get_base_url()], |
| 65 |
u'objects': [ |
|
| 66 |
{
|
|
| 67 |
u'@type': 'role', |
|
| 68 |
u'uuid': u'xyz', |
|
| 69 |
u'name': u'Service état civil', |
|
| 70 |
u'slug': u'service-etat-civil', |
|
| 71 |
u'description': u'Role du service état civil %s' % tenant.domain_url, |
|
| 72 |
} |
|
| 73 |
] |
|
| 69 |
u'objects': {
|
|
| 70 |
u'@type': 'role', |
|
| 71 |
u'data': [ |
|
| 72 |
{
|
|
| 73 |
u'uuid': u'xyz', |
|
| 74 |
u'name': u'Service état civil', |
|
| 75 |
u'slug': u'service-etat-civil', |
|
| 76 |
u'description': u'Role du service état civil %s' % tenant.domain_url, |
|
| 77 |
} |
|
| 78 |
] |
|
| 79 |
} |
|
| 74 | 80 |
} |
| 75 | 81 |
Command.process_notification(tenant, notification) |
| 76 | 82 |
assert Group.objects.count() == 1 |
| ... | ... | |
| 86 | 92 |
notification = {
|
| 87 | 93 |
u'@type': u'deprovision', |
| 88 | 94 |
u'audience': [u'%s/saml/metadata' % tenant.get_base_url()], |
| 89 |
u'objects': [ |
|
| 90 |
{
|
|
| 91 |
u'@type': 'role', |
|
| 92 |
u'uuid': u'xyz', |
|
| 93 |
u'name': u'Service état civil', |
|
| 94 |
u'slug': u'service-etat-civil', |
|
| 95 |
u'description': u'Role du service état civil %s' % tenant.domain_url, |
|
| 96 |
} |
|
| 97 |
] |
|
| 95 |
u'objects': {
|
|
| 96 |
u'@type': 'role', |
|
| 97 |
u'data': [ |
|
| 98 |
{
|
|
| 99 |
u'uuid': u'xyz', |
|
| 100 |
u'name': u'Service état civil', |
|
| 101 |
u'slug': u'service-etat-civil', |
|
| 102 |
u'description': u'Role du service état civil %s' % tenant.domain_url, |
|
| 103 |
} |
|
| 104 |
] |
|
| 105 |
} |
|
| 98 | 106 |
} |
| 99 | 107 |
Command.process_notification(tenant, notification) |
| 100 | 108 |
assert Group.objects.count() == 0 |
| 101 |
- |
|