From cb853d91bc6cfa66e243ccb0c0d51b2415324dcd Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Mon, 22 Jun 2015 22:33:38 +0200
Subject: [PATCH] agent/authentic2: attach roles to their service's ou (fixes
 #7648)

---
 hobo/agent/authentic2/management/commands/hobo_deploy.py      | 2 +-
 hobo/agent/authentic2/management/commands/import-wcs-roles.py | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/hobo/agent/authentic2/management/commands/hobo_deploy.py b/hobo/agent/authentic2/management/commands/hobo_deploy.py
index 3170508..afc27e8 100644
--- a/hobo/agent/authentic2/management/commands/hobo_deploy.py
+++ b/hobo/agent/authentic2/management/commands/hobo_deploy.py
@@ -151,7 +151,7 @@ class Command(hobo_deploy.Command):
                 Role = get_role_model()
                 su_role, created = Role.objects.get_or_create(
                     service=provider, slug='_a2-hobo-superuser',
-                    defaults={'name': _('Superuser')})
+                    ou=provider.ou, defaults={'name': _('Superuser')})
                 su_role.attributes.get_or_create(name='is_superuser',
                                                  kind='string',
                                                  value='true')
diff --git a/hobo/agent/authentic2/management/commands/import-wcs-roles.py b/hobo/agent/authentic2/management/commands/import-wcs-roles.py
index ba3e8d8..9441ef7 100644
--- a/hobo/agent/authentic2/management/commands/import-wcs-roles.py
+++ b/hobo/agent/authentic2/management/commands/import-wcs-roles.py
@@ -46,7 +46,7 @@ class WcsRoleImporter(object):
             self.delete_dead_roles()
         su_role, created = Role.objects.get_or_create(
             service=self.service, slug='_a2-hobo-superuser',
-            defaults={'name': _('Superuser')})
+            ou=self.service.ou, defaults={'name': _('Superuser')})
         su_role.attributes.get_or_create(name='is_superuser', kind='string',
                                          value='true')
 
@@ -60,6 +60,7 @@ class WcsRoleImporter(object):
         # search role by external id, create if not found
         role, created = Role.objects.get_or_create(
             service=self.service,
+            ou=self.service.ou,
             external_id=role_tpl.external_id,
             defaults=defaults)
         RoleAttribute.objects.filter(role=role).delete()
-- 
2.1.4