External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-16 04:10:44 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1576 from aperigault/devel

Browse Source 
Map users in organizations based on saml groups
This commit is contained in:
Chris Meyers 2018-07-13 09:03:32 -04:00 committed by GitHub
commit 38de79b81f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 39 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
awx/sso/conf.py
View File

@ -1196,7 +1196,9 @@ register(
category_slug='saml',
placeholder=collections.OrderedDict([
('saml_attr', 'organization'),
('saml_admin_attr', 'organization_admin'),
('remove', True),
('remove_admins', True),
]),
feature_required='enterprise_auth',
)

54
awx/sso/pipeline.py
View File

@ -82,6 +82,33 @@ def _update_m2m_from_expression(user, rel, expr, remove=True):
rel.remove(user)
def _update_org_from_attr(user, rel, attr, remove, remove_admins):
from awx.main.models import Organization
multiple_orgs = feature_enabled('multiple_organizations')
org_ids = []
for org_name in attr:
if multiple_orgs:
org = Organization.objects.get_or_create(name=org_name)[0]
else:
try:
org = Organization.objects.order_by('pk')[0]
except IndexError:
continue
org_ids.append(org.id)
getattr(org, rel).members.add(user)
if remove:
[o.member_role.members.remove(user) for o in
Organization.objects.filter(Q(member_role__members=user) & ~Q(id__in=org_ids))]
if remove_admins:
[o.admin_role.members.remove(user) for o in
Organization.objects.filter(Q(admin_role__members=user) & ~Q(id__in=org_ids))]
def update_user_orgs(backend, details, user=None, *args, **kwargs):
'''
Update organization memberships for the given user based on mapping rules
@ -150,32 +177,19 @@ def update_user_teams(backend, details, user=None, *args, **kwargs):
def update_user_orgs_by_saml_attr(backend, details, user=None, *args, **kwargs):
if not user:
return
from awx.main.models import Organization
from django.conf import settings
multiple_orgs = feature_enabled('multiple_organizations')
org_map = settings.SOCIAL_AUTH_SAML_ORGANIZATION_ATTR
if org_map.get('saml_attr') is None:
if org_map.get('saml_attr') is None and org_map.get('saml_admin_attr') is None:
return
remove = bool(org_map.get('remove', True))
remove_admins = bool(org_map.get('remove_admins', True))
attr_values = kwargs.get('response', {}).get('attributes', {}).get(org_map['saml_attr'], [])
attr_admin_values = kwargs.get('response', {}).get('attributes', {}).get(org_map['saml_admin_attr'], [])
org_ids = []
for org_name in attr_values:
if multiple_orgs:
org = Organization.objects.get_or_create(name=org_name)[0]
else:
try:
org = Organization.objects.order_by('pk')[0]
except IndexError:
continue
org_ids.append(org.id)
org.member_role.members.add(user)
if org_map.get('remove', True):
[o.member_role.members.remove(user) for o in
Organization.objects.filter(Q(member_role__members=user) & ~Q(id__in=org_ids))]
_update_org_from_attr(user, "member_role", attr_values, remove, False)
_update_org_from_attr(user, "admin_role", attr_admin_values, False, remove_admins)
def update_user_teams_by_saml_attr(backend, details, user=None, *args, **kwargs):

3
awx/sso/tests/functional/test_pipeline.py
View File

@ -149,6 +149,7 @@ class TestSAMLAttr():
'idp_name': u'idp',
'attributes': {
'memberOf': ['Default1', 'Default2'],
'admins': ['Default3'],
'groups': ['Blue', 'Red'],
'User.email': ['cmeyers@redhat.com'],
'User.LastName': ['Meyers'],
@ -176,7 +177,9 @@ class TestSAMLAttr():
class MockSettings():
SOCIAL_AUTH_SAML_ORGANIZATION_ATTR = {
'saml_attr': 'memberOf',
'saml_admin_attr': 'admins',
'remove': True,
'remove_admins': True,
}
SOCIAL_AUTH_SAML_TEAM_ATTR = {
'saml_attr': 'groups',