External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-21 19:07:39 -02:30
Code Issues Packages Projects Releases Wiki Activity

Map users in organizations based on saml groups

Browse Source
This commit is contained in:
Antony PERIGAULT
2018-03-15 17:37:32 +01:00
committed by chris meyers
parent a955b3f947
commit 062c18efa0
1 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
awx/sso/pipeline.py
View File

@@ -54,7 +54,7 @@ def prevent_inactive_login(backend, details, user=None, *args, **kwargs):
raise AuthInactive(backend) raise AuthInactive(backend)
def _update_m2m_from_expression(user, rel, expr, remove=True): def _update_m2m_from_expression(user, rel, expr, remove=True, saml_team_names=False):
''' '''
Helper function to update m2m relationship based on user matching one or Helper function to update m2m relationship based on user matching one or
more expressions. more expressions.
@@ -70,6 +70,9 @@ def _update_m2m_from_expression(user, rel, expr, remove=True):
if isinstance(expr, (six.string_types, type(re.compile('')))): if isinstance(expr, (six.string_types, type(re.compile('')))):
expr = [expr] expr = [expr]
for ex in expr: for ex in expr:
if saml_team_names:
if ex in saml_team_names:
should_add = True
if isinstance(ex, six.string_types): if isinstance(ex, six.string_types):
if user.username == ex or user.email == ex: if user.username == ex or user.email == ex:
should_add = True should_add = True
@@ -104,16 +107,24 @@ def update_user_orgs(backend, details, user=None, *args, **kwargs):
except IndexError: except IndexError:
continue continue
team_map = backend.setting('SOCIAL_AUTH_SAML_TEAM_ATTR') or {}
saml_team_names = False
if team_map.get('saml_attr'):
saml_team_names = set(kwargs
.get('response', {})
.get('attributes', {})
.get(team_map['saml_attr'], []))
# Update org admins from expression(s). # Update org admins from expression(s).
remove = bool(org_opts.get('remove', True)) remove = bool(org_opts.get('remove', True))
admins_expr = org_opts.get('admins', None) admins_expr = org_opts.get('admins', None)
remove_admins = bool(org_opts.get('remove_admins', remove)) remove_admins = bool(org_opts.get('remove_admins', remove))
_update_m2m_from_expression(user, org.admin_role.members, admins_expr, remove_admins) _update_m2m_from_expression(user, org.admin_role.members, admins_expr, remove_admins, saml_team_names)
# Update org users from expression(s). # Update org users from expression(s).
users_expr = org_opts.get('users', None) users_expr = org_opts.get('users', None)
remove_users = bool(org_opts.get('remove_users', remove)) remove_users = bool(org_opts.get('remove_users', remove))
_update_m2m_from_expression(user, org.member_role.members, users_expr, remove_users) _update_m2m_from_expression(user, org.member_role.members, users_expr, remove_users, saml_team_names)
def update_user_teams(backend, details, user=None, *args, **kwargs): def update_user_teams(backend, details, user=None, *args, **kwargs):