From db0160a5b1818c4a96077bbf51ffa88db44077a7 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Mon, 28 Sep 2015 20:48:08 +0200 Subject: [PATCH 2/4] agent/authentic2: make objects homogenous in a provisionning message (#8440) In order to support 'full' provisionning of different kinds of objects, we impose that in the same message all objects are of the same type. --- hobo/agent/authentic2/apps.py | 25 +++---- .../common/management/commands/hobo_notify.py | 9 ++- tests_authentic/test_provisionning.py | 13 ++-- tests_multitenant/test_hobo_notify.py | 80 ++++++++++++---------- 4 files changed, 69 insertions(+), 58 deletions(-) diff --git a/hobo/agent/authentic2/apps.py b/hobo/agent/authentic2/apps.py index a3d6b4a..337d0d8 100644 --- a/hobo/agent/authentic2/apps.py +++ b/hobo/agent/authentic2/apps.py @@ -18,7 +18,6 @@ import json from django.apps import AppConfig from django.db.models.signals import post_save, post_delete -from django.db.models import Q from django.conf import settings from django_rbac.utils import get_role_model @@ -69,17 +68,19 @@ def notify_roles(sender, instance, **kwargs): '@type': 'provision', 'audience': get_audience(instance), 'full': True, - 'objects': [ - { - '@type': 'role', - 'uuid': role.uuid, - 'name': role.name, - 'slug': role.slug, - 'description': role.description, - 'emails': role.emails, - 'emails_to_members': role.emails_to_members, - } for role in get_related_roles(instance) - ] + 'objects': { + '@type': 'role', + 'data': [ + { + 'uuid': role.uuid, + 'name': role.name, + 'slug': role.slug, + 'description': role.description, + 'emails': role.emails, + 'emails_to_members': role.emails_to_members, + } for role in get_related_roles(instance) + ], + } }) except OrganizationalUnit.DoesNotExist: pass diff --git a/hobo/agent/common/management/commands/hobo_notify.py b/hobo/agent/common/management/commands/hobo_notify.py index cf996b2..9dea18b 100644 --- a/hobo/agent/common/management/commands/hobo_notify.py +++ b/hobo/agent/common/management/commands/hobo_notify.py @@ -48,13 +48,11 @@ class Command(BaseCommand): and 'objects' in notification \ and 'audience' in notification \ and isinstance(notification['audience'], list) \ - and isinstance(notification['objects'], list) + and isinstance(notification['objects'], dict) @classmethod def check_valid_role(cls, o): - return '@type' in o \ - and o['@type'] == 'role' \ - and 'uuid' in o \ + return 'uuid' in o \ and 'name' in o \ and 'description' in o @@ -99,4 +97,5 @@ class Command(BaseCommand): if entity_id not in audience: return uuids = set() - cls.provision_role(action, notification['objects'], full=full) + object_type = notification['objects']['@type'] + getattr(cls, 'provision_' + object_type)(action, notification['objects']['data'], full=full) diff --git a/tests_authentic/test_provisionning.py b/tests_authentic/test_provisionning.py index c347890..59050da 100644 --- a/tests_authentic/test_provisionning.py +++ b/tests_authentic/test_provisionning.py @@ -27,14 +27,17 @@ def test_provision_role(tenant): assert arg['@type'] == 'provision' assert arg['full'] == True objects = arg['objects'] - assert isinstance(objects, list) - assert len(objects) == 2 + assert isinstance(objects, dict) + assert set(objects.keys()) == set(['data', '@type']) + assert objects['@type'] == 'role' + data = objects['data'] + assert isinstance(data, list) + assert len(data) == 2 like_role = 0 - for o in objects: - assert set(o.keys()) == set(['@type', 'emails_to_members', + for o in data: + assert set(o.keys()) == set(['emails_to_members', 'description', 'uuid', 'name', 'slug', 'emails']) - assert o['@type'] == 'role' assert o['emails_to_members'] == False assert o['emails'] == [] if o['uuid'] == role.uuid and o['name'] == role.name \ diff --git a/tests_multitenant/test_hobo_notify.py b/tests_multitenant/test_hobo_notify.py index be57621..56addac 100644 --- a/tests_multitenant/test_hobo_notify.py +++ b/tests_multitenant/test_hobo_notify.py @@ -17,15 +17,17 @@ def test_hobo_notify_roles(tenants): notification = { u'@type': u'provision', u'audience': [u'http://coin.com/saml/metadata'], - u'objects': [ - { - u'@type': 'role', - u'uuid': u'12345', - u'name': u'Service petite enfance', - u'slug': u'service-petite-enfance', - u'description': u'Role du service petite enfance %s' % tenant.domain_url, - } - ] + u'objects': { + u'@type': 'role', + u'data': [ + { + u'uuid': u'12345', + u'name': u'Service petite enfance', + u'slug': u'service-petite-enfance', + u'description': u'Role du service petite enfance %s' % tenant.domain_url, + } + ] + } } Command.process_notification(tenant, notification) assert Group.objects.count() == 0 @@ -37,15 +39,17 @@ def test_hobo_notify_roles(tenants): notification = { u'@type': u'provision', u'audience': [u'%s/saml/metadata' % tenant.get_base_url()], - u'objects': [ - { - u'@type': 'role', - u'uuid': u'12345', - u'name': u'Service petite enfance', - u'slug': u'service-petite-enfance', - u'description': u'Role du service petite enfance %s' % tenant.domain_url, - } - ] + u'objects': { + u'@type': 'role', + u'data': [ + { + u'uuid': u'12345', + u'name': u'Service petite enfance', + u'slug': u'service-petite-enfance', + u'description': u'Role du service petite enfance %s' % tenant.domain_url, + } + ] + } } Command.process_notification(tenant, notification) assert Group.objects.count() == 1 @@ -62,15 +66,17 @@ def test_hobo_notify_roles(tenants): u'@type': u'provision', u'full': True, u'audience': [u'%s/saml/metadata' % tenant.get_base_url()], - u'objects': [ - { - u'@type': 'role', - u'uuid': u'xyz', - u'name': u'Service état civil', - u'slug': u'service-etat-civil', - u'description': u'Role du service état civil %s' % tenant.domain_url, - } - ] + u'objects': { + u'@type': 'role', + u'data': [ + { + u'uuid': u'xyz', + u'name': u'Service état civil', + u'slug': u'service-etat-civil', + u'description': u'Role du service état civil %s' % tenant.domain_url, + } + ] + } } Command.process_notification(tenant, notification) assert Group.objects.count() == 1 @@ -86,15 +92,17 @@ def test_hobo_notify_roles(tenants): notification = { u'@type': u'deprovision', u'audience': [u'%s/saml/metadata' % tenant.get_base_url()], - u'objects': [ - { - u'@type': 'role', - u'uuid': u'xyz', - u'name': u'Service état civil', - u'slug': u'service-etat-civil', - u'description': u'Role du service état civil %s' % tenant.domain_url, - } - ] + u'objects': { + u'@type': 'role', + u'data': [ + { + u'uuid': u'xyz', + u'name': u'Service état civil', + u'slug': u'service-etat-civil', + u'description': u'Role du service état civil %s' % tenant.domain_url, + } + ] + } } Command.process_notification(tenant, notification) assert Group.objects.count() == 0 -- 2.1.4