mirror of
https://github.com/ansible/awx.git
synced 2026-05-16 05:47:38 -02:30
introspect ldap group types for param validation
* Instead of keeping a hard-coded mapping of valid args for each ldap group type; introspect the subclass to determine valid/invalid fields
This commit is contained in:
chris meyers
@@ -11,7 +11,6 @@ import django_auth_ldap.config
|
|||||||
from django_auth_ldap.config import (
|
from django_auth_ldap.config import (
|
||||||
LDAPSearch,
|
LDAPSearch,
|
||||||
LDAPSearchUnion,
|
LDAPSearchUnion,
|
||||||
LDAPGroupType,
|
|
||||||
)
|
)
|
||||||
|
|
||||||
# This must be imported so get_subclasses picks it up
|
# This must be imported so get_subclasses picks it up
|
||||||
@@ -32,6 +31,18 @@ def get_subclasses(cls):
|
|||||||
yield subclass
|
yield subclass
|
||||||
|
|
||||||
|
|
||||||
|
def find_class_in_modules(class_name):
|
||||||
|
'''
|
||||||
|
Used to find ldap subclasses by string
|
||||||
|
'''
|
||||||
|
module_search_space = [django_auth_ldap.config, awx.sso.ldap_group_types]
|
||||||
|
for m in module_search_space:
|
||||||
|
cls = getattr(m, class_name, None)
|
||||||
|
if cls:
|
||||||
|
return cls
|
||||||
|
return None
|
||||||
|
|
||||||
|
|
||||||
class DependsOnMixin():
|
class DependsOnMixin():
|
||||||
def get_depends_on(self):
|
def get_depends_on(self):
|
||||||
"""
|
"""
|
||||||
@@ -349,14 +360,6 @@ class LDAPUserAttrMapField(fields.DictField):
|
|||||||
return data
|
return data
|
||||||
|
|
||||||
|
|
||||||
VALID_GROUP_TYPE_PARAMS_MAP = {
|
|
||||||
'LDAPGroupType': ['name_attr'],
|
|
||||||
'MemberDNGroupType': ['name_attr', 'member_attr'],
|
|
||||||
'PosixUIDGroupType': ['name_attr', 'ldap_group_user_attr'],
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
class LDAPGroupTypeField(fields.ChoiceField, DependsOnMixin):
|
class LDAPGroupTypeField(fields.ChoiceField, DependsOnMixin):
|
||||||
|
|
||||||
default_error_messages = {
|
default_error_messages = {
|
||||||
@@ -376,14 +379,6 @@ class LDAPGroupTypeField(fields.ChoiceField, DependsOnMixin):
|
|||||||
return value.__class__.__name__
|
return value.__class__.__name__
|
||||||
|
|
||||||
def to_internal_value(self, data):
|
def to_internal_value(self, data):
|
||||||
def find_class_in_modules(class_name):
|
|
||||||
module_search_space = [django_auth_ldap.config, awx.sso.ldap_group_types]
|
|
||||||
for m in module_search_space:
|
|
||||||
cls = getattr(m, class_name, None)
|
|
||||||
if cls:
|
|
||||||
return cls
|
|
||||||
return None
|
|
||||||
|
|
||||||
data = super(LDAPGroupTypeField, self).to_internal_value(data)
|
data = super(LDAPGroupTypeField, self).to_internal_value(data)
|
||||||
if not data:
|
if not data:
|
||||||
return None
|
return None
|
||||||
@@ -399,17 +394,9 @@ class LDAPGroupTypeField(fields.ChoiceField, DependsOnMixin):
|
|||||||
# MemberDNGroupType was the only group type, of the underlying lib, that
|
# MemberDNGroupType was the only group type, of the underlying lib, that
|
||||||
# took a parameter.
|
# took a parameter.
|
||||||
params_sanitized = dict()
|
params_sanitized = dict()
|
||||||
if isinstance(cls, LDAPGroupType):
|
for attr in inspect.getargspec(cls.__init__).args[1:]:
|
||||||
for k in VALID_GROUP_TYPE_PARAMS_MAP['LDAPGroupType']:
|
if attr in params:
|
||||||
if k in params:
|
params_sanitized[attr] = params[attr]
|
||||||
params_sanitized['name_attr'] = params['name_attr']
|
|
||||||
|
|
||||||
if data.endswith('MemberDNGroupType'):
|
|
||||||
params.setdefault('member_attr', 'member')
|
|
||||||
params_sanitized['member_attr'] = params['member_attr']
|
|
||||||
elif data.endswith('PosixUIDGroupType'):
|
|
||||||
params.setdefault('ldap_group_user_attr', 'uid')
|
|
||||||
params_sanitized['ldap_group_user_attr'] = params['ldap_group_user_attr']
|
|
||||||
|
|
||||||
return cls(**params_sanitized)
|
return cls(**params_sanitized)
|
||||||
|
|
||||||
@@ -425,7 +412,13 @@ class LDAPGroupTypeParamsField(fields.DictField, DependsOnMixin):
|
|||||||
return value
|
return value
|
||||||
group_type_str = self.get_depends_on()
|
group_type_str = self.get_depends_on()
|
||||||
group_type_str = group_type_str or ''
|
group_type_str = group_type_str or ''
|
||||||
invalid_keys = (set(value.keys()) - set(VALID_GROUP_TYPE_PARAMS_MAP.get(group_type_str, 'LDAPGroupType')))
|
|
||||||
|
group_type_cls = find_class_in_modules(group_type_str)
|
||||||
|
if not group_type_cls:
|
||||||
|
# Fail safe
|
||||||
|
return {}
|
||||||
|
|
||||||
|
invalid_keys = set(value.keys()) - set(inspect.getargspec(group_type_cls.__init__).args[1:])
|
||||||
if invalid_keys:
|
if invalid_keys:
|
||||||
keys_display = json.dumps(list(invalid_keys)).lstrip('[').rstrip(']')
|
keys_display = json.dumps(list(invalid_keys)).lstrip('[').rstrip(']')
|
||||||
self.fail('invalid_keys', invalid_keys=keys_display)
|
self.fail('invalid_keys', invalid_keys=keys_display)
|
||||||
|
|||||||
@@ -13,10 +13,9 @@ from django_auth_ldap.config import LDAPGroupType
|
|||||||
|
|
||||||
class PosixUIDGroupType(LDAPGroupType):
|
class PosixUIDGroupType(LDAPGroupType):
|
||||||
|
|
||||||
def __init__(self, ldap_group_user_attr, *args, **kwargs):
|
def __init__(self, name_attr='cn', ldap_group_user_attr='uid'):
|
||||||
super(PosixUIDGroupType, self).__init__(*args, **kwargs)
|
|
||||||
|
|
||||||
self.ldap_group_user_attr = ldap_group_user_attr
|
self.ldap_group_user_attr = ldap_group_user_attr
|
||||||
|
super(PosixUIDGroupType, self).__init__(name_attr)
|
||||||
|
|
||||||
"""
|
"""
|
||||||
An LDAPGroupType subclass that handles non-standard DS.
|
An LDAPGroupType subclass that handles non-standard DS.
|
||||||
|
|||||||
Reference in New Issue
Block a user