mirror of
https://github.com/ansible/awx.git
synced 2026-04-10 20:49:24 -02:30
Merge pull request #3623 from wenottingham/hello-you-are-being-audited
Allow mapping org auditors where we map org admins. Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
This commit is contained in:
softwarefactory-project-zuul[bot]
GitHub
@@ -369,6 +369,10 @@ def on_populate_user(sender, **kwargs):
|
|||||||
remove_admins = bool(org_opts.get('remove_admins', remove))
|
remove_admins = bool(org_opts.get('remove_admins', remove))
|
||||||
_update_m2m_from_groups(user, ldap_user, org.admin_role.members, admins_opts,
|
_update_m2m_from_groups(user, ldap_user, org.admin_role.members, admins_opts,
|
||||||
remove_admins)
|
remove_admins)
|
||||||
|
auditors_opts = org_opts.get('auditors', None)
|
||||||
|
remove_auditors = bool(org_opts.get('remove_auditors', remove))
|
||||||
|
_update_m2m_from_groups(user, ldap_user, org.auditor_role.members, auditors_opts,
|
||||||
|
remove_auditors)
|
||||||
users_opts = org_opts.get('users', None)
|
users_opts = org_opts.get('users', None)
|
||||||
remove_users = bool(org_opts.get('remove_users', remove))
|
remove_users = bool(org_opts.get('remove_users', remove))
|
||||||
_update_m2m_from_groups(user, ldap_user, org.member_role.members, users_opts,
|
_update_m2m_from_groups(user, ldap_user, org.member_role.members, users_opts,
|
||||||
|
|||||||
@@ -53,6 +53,7 @@ SOCIAL_AUTH_ORGANIZATION_MAP_PLACEHOLDER = collections.OrderedDict([
|
|||||||
])),
|
])),
|
||||||
('Test Org', collections.OrderedDict([
|
('Test Org', collections.OrderedDict([
|
||||||
('admins', ['admin@example.com']),
|
('admins', ['admin@example.com']),
|
||||||
|
('auditors', ['auditor@example.com']),
|
||||||
('users', True),
|
('users', True),
|
||||||
])),
|
])),
|
||||||
('Test Org 2', collections.OrderedDict([
|
('Test Org 2', collections.OrderedDict([
|
||||||
@@ -379,6 +380,7 @@ def _register_ldap(append=None):
|
|||||||
placeholder=collections.OrderedDict([
|
placeholder=collections.OrderedDict([
|
||||||
('Test Org', collections.OrderedDict([
|
('Test Org', collections.OrderedDict([
|
||||||
('admins', 'CN=Domain Admins,CN=Users,DC=example,DC=com'),
|
('admins', 'CN=Domain Admins,CN=Users,DC=example,DC=com'),
|
||||||
|
('auditors', 'CN=Domain Auditors,CN=Users,DC=example,DC=com'),
|
||||||
('users', ['CN=Domain Users,CN=Users,DC=example,DC=com']),
|
('users', ['CN=Domain Users,CN=Users,DC=example,DC=com']),
|
||||||
('remove_users', True),
|
('remove_users', True),
|
||||||
('remove_admins', True),
|
('remove_admins', True),
|
||||||
@@ -1170,8 +1172,10 @@ register(
|
|||||||
placeholder=collections.OrderedDict([
|
placeholder=collections.OrderedDict([
|
||||||
('saml_attr', 'organization'),
|
('saml_attr', 'organization'),
|
||||||
('saml_admin_attr', 'organization_admin'),
|
('saml_admin_attr', 'organization_admin'),
|
||||||
|
('saml_auditor_attr', 'organization_auditor'),
|
||||||
('remove', True),
|
('remove', True),
|
||||||
('remove_admins', True),
|
('remove_admins', True),
|
||||||
|
('remove_auditors', True),
|
||||||
]),
|
]),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|||||||
@@ -532,8 +532,10 @@ class LDAPSingleOrganizationMapField(HybridDictField):
|
|||||||
|
|
||||||
admins = LDAPDNMapField(allow_null=True, required=False)
|
admins = LDAPDNMapField(allow_null=True, required=False)
|
||||||
users = LDAPDNMapField(allow_null=True, required=False)
|
users = LDAPDNMapField(allow_null=True, required=False)
|
||||||
|
auditors = LDAPDNMapField(allow_null=True, required=False)
|
||||||
remove_admins = fields.BooleanField(required=False)
|
remove_admins = fields.BooleanField(required=False)
|
||||||
remove_users = fields.BooleanField(required=False)
|
remove_users = fields.BooleanField(required=False)
|
||||||
|
remove_auditors = fields.BooleanField(required=False)
|
||||||
|
|
||||||
child = _Forbidden()
|
child = _Forbidden()
|
||||||
|
|
||||||
@@ -729,6 +731,8 @@ class SAMLOrgAttrField(HybridDictField):
|
|||||||
saml_attr = fields.CharField(required=False, allow_null=True)
|
saml_attr = fields.CharField(required=False, allow_null=True)
|
||||||
remove_admins = fields.BooleanField(required=False)
|
remove_admins = fields.BooleanField(required=False)
|
||||||
saml_admin_attr = fields.CharField(required=False, allow_null=True)
|
saml_admin_attr = fields.CharField(required=False, allow_null=True)
|
||||||
|
remove_auditors = fields.BooleanField(required=False)
|
||||||
|
saml_auditor_attr = fields.CharField(required=False, allow_null=True)
|
||||||
|
|
||||||
child = _Forbidden()
|
child = _Forbidden()
|
||||||
|
|
||||||
|
|||||||
@@ -151,17 +151,20 @@ def update_user_orgs_by_saml_attr(backend, details, user=None, *args, **kwargs):
|
|||||||
return
|
return
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
org_map = settings.SOCIAL_AUTH_SAML_ORGANIZATION_ATTR
|
org_map = settings.SOCIAL_AUTH_SAML_ORGANIZATION_ATTR
|
||||||
if org_map.get('saml_attr') is None and org_map.get('saml_admin_attr') is None:
|
if org_map.get('saml_attr') is None and org_map.get('saml_admin_attr') is None and org_map.get('saml_auditor_attr') is None:
|
||||||
return
|
return
|
||||||
|
|
||||||
remove = bool(org_map.get('remove', True))
|
remove = bool(org_map.get('remove', True))
|
||||||
remove_admins = bool(org_map.get('remove_admins', True))
|
remove_admins = bool(org_map.get('remove_admins', True))
|
||||||
|
remove_auditors = bool(org_map.get('remove_auditors', True))
|
||||||
|
|
||||||
attr_values = kwargs.get('response', {}).get('attributes', {}).get(org_map['saml_attr'], [])
|
attr_values = kwargs.get('response', {}).get('attributes', {}).get(org_map['saml_attr'], [])
|
||||||
attr_admin_values = kwargs.get('response', {}).get('attributes', {}).get(org_map['saml_admin_attr'], [])
|
attr_admin_values = kwargs.get('response', {}).get('attributes', {}).get(org_map['saml_admin_attr'], [])
|
||||||
|
attr_auditor_values = kwargs.get('response', {}).get('attributes', {}).get(org_map['saml_auditor_attr'], [])
|
||||||
|
|
||||||
_update_org_from_attr(user, "member_role", attr_values, remove, False)
|
_update_org_from_attr(user, "member_role", attr_values, remove, False)
|
||||||
_update_org_from_attr(user, "admin_role", attr_admin_values, False, remove_admins)
|
_update_org_from_attr(user, "admin_role", attr_admin_values, False, remove_admins)
|
||||||
|
_update_org_from_attr(user, "auditor_role", attr_auditor_values, False, remove_auditors)
|
||||||
|
|
||||||
|
|
||||||
def update_user_teams_by_saml_attr(backend, details, user=None, *args, **kwargs):
|
def update_user_teams_by_saml_attr(backend, details, user=None, *args, **kwargs):
|
||||||
|
|||||||
@@ -150,6 +150,7 @@ class TestSAMLAttr():
|
|||||||
'attributes': {
|
'attributes': {
|
||||||
'memberOf': ['Default1', 'Default2'],
|
'memberOf': ['Default1', 'Default2'],
|
||||||
'admins': ['Default3'],
|
'admins': ['Default3'],
|
||||||
|
'auditors': ['Default4'],
|
||||||
'groups': ['Blue', 'Red'],
|
'groups': ['Blue', 'Red'],
|
||||||
'User.email': ['cmeyers@redhat.com'],
|
'User.email': ['cmeyers@redhat.com'],
|
||||||
'User.LastName': ['Meyers'],
|
'User.LastName': ['Meyers'],
|
||||||
@@ -178,6 +179,7 @@ class TestSAMLAttr():
|
|||||||
SOCIAL_AUTH_SAML_ORGANIZATION_ATTR = {
|
SOCIAL_AUTH_SAML_ORGANIZATION_ATTR = {
|
||||||
'saml_attr': 'memberOf',
|
'saml_attr': 'memberOf',
|
||||||
'saml_admin_attr': 'admins',
|
'saml_admin_attr': 'admins',
|
||||||
|
'saml_auditor_attr': 'auditors',
|
||||||
'remove': True,
|
'remove': True,
|
||||||
'remove_admins': True,
|
'remove_admins': True,
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user