From df4d956d3806dbffe51915edad6d96c229f4abfc Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Fri, 13 Apr 2018 16:30:12 +0200
Subject: [PATCH] agent/authentic2: add an hobo_provision command (#19853)

To provision all users or roles, the role provisionning is full, i.e. it
removes old roles. The user provisionning is not currently.
---
 .../management/commands/hobo_provision.py          | 54 ++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 hobo/agent/authentic2/management/commands/hobo_provision.py

diff --git a/hobo/agent/authentic2/management/commands/hobo_provision.py b/hobo/agent/authentic2/management/commands/hobo_provision.py
new file mode 100644
index 0000000..03c9506
--- /dev/null
+++ b/hobo/agent/authentic2/management/commands/hobo_provision.py
@@ -0,0 +1,54 @@
+from django.core.management.base import BaseCommand
+
+from django_rbac.utils import get_role_model, get_ou_model
+from django.contrib.auth import get_user_model
+
+from hobo.agent.authentic2.provisionning import Provisionning
+
+
+class Command(BaseCommand):
+    help = 'Provision all roles or users'
+
+    def add_arguments(self, parser):
+        parser.add_argument('--roles', action='store_true', default=False)
+        parser.add_argument('--users', action='store_true', default=False)
+        parser.add_argument('--batch-size', type=int, default=512)
+
+    def handle(self, *args, **options):
+        engine = Provisionning()
+        ous = {ou.id: ou for ou in get_ou_model().objects.all()}
+
+        if options['roles']:
+            self.provision_roles(engine, ous)
+
+        if options['users']:
+            self.provision_users(engine, ous, batch_size=options['batch_size'])
+        print 'Done.'
+
+    def provision_roles(self, engine, ous):
+        roles = get_role_model().objects.all()
+        print 'Provisionning', roles.count(), 'roles.'
+        engine.notify_roles(ous, roles, full=True)
+
+    def provision_users(self, engine, ous, batch_size=512):
+        qs = get_user_model().objects.all()
+        # allow easy pagination by pk
+        qs = qs.order_by('pk')
+        # prevent too much select
+        qs = qs.prefetch_related('attribute_values__attribute')
+
+        def do_provision(qs):
+            users = list(qs[:batch_size])
+            while users:
+                engine.notify_users(ous, users)
+                users = list(qs.filter(id__gt=users[-1].pk)[:batch_size])
+
+        roles_with_attributes = get_role_model().objects.filter(attributes__name='is_superuser').children()
+        # first those without and admin attribute
+        normal_users = qs.exclude(roles__in=roles_with_attributes)
+        print 'Provisionning', normal_users.count(), 'normal users.'
+        do_provision(normal_users)
+        # then thos with an admin attribute
+        admin_users = qs.filter(roles__in=roles_with_attributes)
+        print 'Provisionning', admin_users.count(), 'admin users.'
+        do_provision(admin_users)
-- 
2.16.3