External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-03 01:38:50 -03:30
Code Issues Packages Projects Releases Wiki Activity

New feature: Add SAML users as organization admins

Browse Source
This commit is contained in:
Antony PERIGAULT
2018-05-02 15:00:39 +02:00
parent 13cd57feba
commit 9bfac4f44b
2 changed files with 36 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
awx/sso/conf.py
View File

@@ -1196,7 +1196,9 @@ register(
category_slug='saml', category_slug='saml',
placeholder=collections.OrderedDict([ placeholder=collections.OrderedDict([
('saml_attr', 'organization'), ('saml_attr', 'organization'),
('saml_admin_attr', 'organization_admin'),
('remove', True), ('remove', True),
('remove_admins', True),
]), ]),
feature_required='enterprise_auth', feature_required='enterprise_auth',
) )

54
awx/sso/pipeline.py
View File

@@ -82,6 +82,33 @@ def _update_m2m_from_expression(user, rel, expr, remove=True):
rel.remove(user) rel.remove(user)
def _update_org_from_attr(user, rel, attr, remove, remove_admins):
from awx.main.models import Organization
multiple_orgs = feature_enabled('multiple_organizations')
org_ids = []
for org_name in attr:
if multiple_orgs:
org = Organization.objects.get_or_create(name=org_name)[0]
else:
try:
org = Organization.objects.order_by('pk')[0]
except IndexError:
continue
org_ids.append(org.id)
getattr(org, rel).members.add(user)
if remove:
[o.member_role.members.remove(user) for o in
Organization.objects.filter(Q(member_role__members=user) & ~Q(id__in=org_ids))]
if remove_admins:
[o.admin_role.members.remove(user) for o in
Organization.objects.filter(Q(admin_role__members=user) & ~Q(id__in=org_ids))]
def update_user_orgs(backend, details, user=None, *args, **kwargs): def update_user_orgs(backend, details, user=None, *args, **kwargs):
''' '''
Update organization memberships for the given user based on mapping rules Update organization memberships for the given user based on mapping rules
@@ -150,32 +177,19 @@ def update_user_teams(backend, details, user=None, *args, **kwargs):
def update_user_orgs_by_saml_attr(backend, details, user=None, *args, **kwargs): def update_user_orgs_by_saml_attr(backend, details, user=None, *args, **kwargs):
if not user: if not user:
return return
from awx.main.models import Organization
from django.conf import settings from django.conf import settings
multiple_orgs = feature_enabled('multiple_organizations')
org_map = settings.SOCIAL_AUTH_SAML_ORGANIZATION_ATTR org_map = settings.SOCIAL_AUTH_SAML_ORGANIZATION_ATTR
if org_map.get('saml_attr') is None: if org_map.get('saml_attr') is None and org_map.get('saml_admin_attr') is None:
return return
remove = bool(org_map.get('remove', True))
remove_admins = bool(org_map.get('remove_admins', True))
attr_values = kwargs.get('response', {}).get('attributes', {}).get(org_map['saml_attr'], []) attr_values = kwargs.get('response', {}).get('attributes', {}).get(org_map['saml_attr'], [])
attr_admin_values = kwargs.get('response', {}).get('attributes', {}).get(org_map['saml_admin_attr'], [])
org_ids = [] _update_org_from_attr(user, "member_role", attr_values, remove, False)
_update_org_from_attr(user, "admin_role", attr_admin_values, False, remove_admins)
for org_name in attr_values:
if multiple_orgs:
org = Organization.objects.get_or_create(name=org_name)[0]
else:
try:
org = Organization.objects.order_by('pk')[0]
except IndexError:
continue
org_ids.append(org.id)
org.member_role.members.add(user)
if org_map.get('remove', True):
[o.member_role.members.remove(user) for o in
Organization.objects.filter(Q(member_role__members=user) & ~Q(id__in=org_ids))]
def update_user_teams_by_saml_attr(backend, details, user=None, *args, **kwargs): def update_user_teams_by_saml_attr(backend, details, user=None, *args, **kwargs):