commands: remove agents from synchonization

src/authentic2_gnm/management/commands/sync-cut.py

@@ -20,22 +20,15 @@ import datetime
 import requests
 import sys
 
-import django.db
 from django.conf import settings
-from django.contrib.auth import get_user_model
 from django.core.management.base import BaseCommand
 
-from django_rbac.utils import get_ou_model
-from authentic2.a2_rbac.utils import get_default_ou
 from authentic2.utils.template import Template
 from authentic2_auth_oidc.models import OIDCProvider, OIDCAccount
 
 
 class Command(BaseCommand):
     def handle(self, *args, **options):
-        User = get_user_model()
-        OU = get_ou_model()
-
         verbose = int(options['verbosity']) > 0
 
         # check all existing users
@@ -44,24 +37,24 @@ class Command(BaseCommand):
                 yield l[i:i + n]
 
         url = settings.CUT_API_BASE_URL + 'users/synchronization/'
-        for provider in OIDCProvider.objects.all():
-            unknown_uuids = []
-            auth = (provider.client_id, provider.client_secret)
-            for accounts in chunks(OIDCAccount.objects.filter(provider=provider), 100):
-                subs = [x.sub for x in accounts]
-                resp = requests.post(url, json={'known_uuids': subs}, auth=auth)
-                resp.raise_for_status()
-                unknown_uuids.extend(resp.json().get('unknown_uuids'))
+        cut_users = OIDCProvider.objects.get(slug='cut')
 
-            for account in OIDCAccount.objects.filter(sub__in=unknown_uuids):
-                if verbose:
-                    print('disabling', account.user.email, account.user.ou)
-                account.user.email = account.user.email + '.invalid'
-                account.user.save()
-            OIDCAccount.objects.filter(sub__in=unknown_uuids).delete()
+        unknown_uuids = []
+        auth = (cut_users.client_id, cut_users.client_secret)
+        for accounts in chunks(OIDCAccount.objects.filter(provider=cut_users), 100):
+            subs = [x.sub for x in accounts]
+            resp = requests.post(url, json={'known_uuids': subs}, auth=auth)
+            resp.raise_for_status()
+            unknown_uuids.extend(resp.json().get('unknown_uuids'))
+
+        for account in OIDCAccount.objects.filter(sub__in=unknown_uuids):
+            if verbose:
+                print('disabling', account.user.email, account.user.ou)
+            account.user.email = account.user.email + '.invalid'
+            account.user.save()
+        OIDCAccount.objects.filter(sub__in=unknown_uuids).delete()
 
         # update recently modified users
-        cut_users = OIDCProvider.objects.get(slug='cut')
         url = settings.CUT_API_BASE_URL + 'users/?modified__gt=%s' % (
                 datetime.datetime.now() - datetime.timedelta(seconds=120)).strftime('%Y-%m-%dT%H:%M:%S')
         resp = requests.get(url, auth=settings.CUT_API_CREDENTIALS)
@@ -83,55 +76,3 @@ class Command(BaseCommand):
                 except AttributeError:
                     pass
             account.user.save()
-
-        # get new agents
-        cut_agents = OIDCProvider.objects.get(slug='cut-agents')
-
-        ou_mapping = settings.CUT_GNM_OU_MAPPING
-
-        for ou_cut_slug, ou_gnm_slug in ou_mapping.items():
-            ou_gnm = OU.objects.get(slug=ou_gnm_slug)
-            url = settings.CUT_API_BASE_URL + 'users/?ou__slug=%s' % ou_cut_slug
-            for cut_user_data in requests.get(url, auth=settings.CUT_API_CREDENTIALS).json()['results']:
-                try:
-                    # get user with sub
-                    user = User.objects.get(oidc_account__provider=cut_agents,
-                                            oidc_account__sub=cut_user_data['sub'])
-                except User.DoesNotExist:
-                    # fallback to getting the user from its (email, ou)
-                    try:
-                        user = User.objects.get(email=cut_user_data['email'], ou=ou_gnm)
-                    except User.MultipleObjectsReturned:
-                        if verbose:
-                            print('bad duplicated email', cut_user_data['email'])
-                        continue
-                    except User.DoesNotExist:
-                        # uuid?
-                        try:
-                            user = User.objects.get(uuid=cut_user_data['sub'])
-                        except User.DoesNotExist:
-                            # at last, create new user
-                            if verbose:
-                                print('creating', cut_user_data['email'])
-                            user = User()
-
-                if (user.uuid != cut_user_data['sub'] or
-                        user.ou != ou_gnm or
-                        user.email != cut_user_data['email'] or
-                        user.first_name != cut_user_data['first_name'] or
-                        user.last_name != cut_user_data['last_name']):
-                    if verbose:
-                        print('updating', user.email, '->', ou_gnm)
-                    # only touch user if there are changes
-                    user.uuid = cut_user_data['sub']
-                    user.ou = ou_gnm
-                    user.email = cut_user_data['email']
-                    user.first_name = cut_user_data['first_name']
-                    user.last_name = cut_user_data['last_name']
-                    user.save()
-
-                try:
-                    OIDCAccount.objects.get_or_create(provider=cut_agents, user=user, sub=cut_user_data['sub'])
-                except django.db.utils.IntegrityError:
-                    if verbose:
-                        print('oops duplicated email?', cut_user_data['email'])