commands: remove agents from synchonization
This commit is contained in:
parent
85c3b6f838
commit
9866c1a1af
|
@ -20,22 +20,15 @@ import datetime
|
||||||
import requests
|
import requests
|
||||||
import sys
|
import sys
|
||||||
|
|
||||||
import django.db
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.contrib.auth import get_user_model
|
|
||||||
from django.core.management.base import BaseCommand
|
from django.core.management.base import BaseCommand
|
||||||
|
|
||||||
from django_rbac.utils import get_ou_model
|
|
||||||
from authentic2.a2_rbac.utils import get_default_ou
|
|
||||||
from authentic2.utils.template import Template
|
from authentic2.utils.template import Template
|
||||||
from authentic2_auth_oidc.models import OIDCProvider, OIDCAccount
|
from authentic2_auth_oidc.models import OIDCProvider, OIDCAccount
|
||||||
|
|
||||||
|
|
||||||
class Command(BaseCommand):
|
class Command(BaseCommand):
|
||||||
def handle(self, *args, **options):
|
def handle(self, *args, **options):
|
||||||
User = get_user_model()
|
|
||||||
OU = get_ou_model()
|
|
||||||
|
|
||||||
verbose = int(options['verbosity']) > 0
|
verbose = int(options['verbosity']) > 0
|
||||||
|
|
||||||
# check all existing users
|
# check all existing users
|
||||||
|
@ -44,24 +37,24 @@ class Command(BaseCommand):
|
||||||
yield l[i:i + n]
|
yield l[i:i + n]
|
||||||
|
|
||||||
url = settings.CUT_API_BASE_URL + 'users/synchronization/'
|
url = settings.CUT_API_BASE_URL + 'users/synchronization/'
|
||||||
for provider in OIDCProvider.objects.all():
|
cut_users = OIDCProvider.objects.get(slug='cut')
|
||||||
unknown_uuids = []
|
|
||||||
auth = (provider.client_id, provider.client_secret)
|
|
||||||
for accounts in chunks(OIDCAccount.objects.filter(provider=provider), 100):
|
|
||||||
subs = [x.sub for x in accounts]
|
|
||||||
resp = requests.post(url, json={'known_uuids': subs}, auth=auth)
|
|
||||||
resp.raise_for_status()
|
|
||||||
unknown_uuids.extend(resp.json().get('unknown_uuids'))
|
|
||||||
|
|
||||||
for account in OIDCAccount.objects.filter(sub__in=unknown_uuids):
|
unknown_uuids = []
|
||||||
if verbose:
|
auth = (cut_users.client_id, cut_users.client_secret)
|
||||||
print('disabling', account.user.email, account.user.ou)
|
for accounts in chunks(OIDCAccount.objects.filter(provider=cut_users), 100):
|
||||||
account.user.email = account.user.email + '.invalid'
|
subs = [x.sub for x in accounts]
|
||||||
account.user.save()
|
resp = requests.post(url, json={'known_uuids': subs}, auth=auth)
|
||||||
OIDCAccount.objects.filter(sub__in=unknown_uuids).delete()
|
resp.raise_for_status()
|
||||||
|
unknown_uuids.extend(resp.json().get('unknown_uuids'))
|
||||||
|
|
||||||
|
for account in OIDCAccount.objects.filter(sub__in=unknown_uuids):
|
||||||
|
if verbose:
|
||||||
|
print('disabling', account.user.email, account.user.ou)
|
||||||
|
account.user.email = account.user.email + '.invalid'
|
||||||
|
account.user.save()
|
||||||
|
OIDCAccount.objects.filter(sub__in=unknown_uuids).delete()
|
||||||
|
|
||||||
# update recently modified users
|
# update recently modified users
|
||||||
cut_users = OIDCProvider.objects.get(slug='cut')
|
|
||||||
url = settings.CUT_API_BASE_URL + 'users/?modified__gt=%s' % (
|
url = settings.CUT_API_BASE_URL + 'users/?modified__gt=%s' % (
|
||||||
datetime.datetime.now() - datetime.timedelta(seconds=120)).strftime('%Y-%m-%dT%H:%M:%S')
|
datetime.datetime.now() - datetime.timedelta(seconds=120)).strftime('%Y-%m-%dT%H:%M:%S')
|
||||||
resp = requests.get(url, auth=settings.CUT_API_CREDENTIALS)
|
resp = requests.get(url, auth=settings.CUT_API_CREDENTIALS)
|
||||||
|
@ -83,55 +76,3 @@ class Command(BaseCommand):
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
pass
|
pass
|
||||||
account.user.save()
|
account.user.save()
|
||||||
|
|
||||||
# get new agents
|
|
||||||
cut_agents = OIDCProvider.objects.get(slug='cut-agents')
|
|
||||||
|
|
||||||
ou_mapping = settings.CUT_GNM_OU_MAPPING
|
|
||||||
|
|
||||||
for ou_cut_slug, ou_gnm_slug in ou_mapping.items():
|
|
||||||
ou_gnm = OU.objects.get(slug=ou_gnm_slug)
|
|
||||||
url = settings.CUT_API_BASE_URL + 'users/?ou__slug=%s' % ou_cut_slug
|
|
||||||
for cut_user_data in requests.get(url, auth=settings.CUT_API_CREDENTIALS).json()['results']:
|
|
||||||
try:
|
|
||||||
# get user with sub
|
|
||||||
user = User.objects.get(oidc_account__provider=cut_agents,
|
|
||||||
oidc_account__sub=cut_user_data['sub'])
|
|
||||||
except User.DoesNotExist:
|
|
||||||
# fallback to getting the user from its (email, ou)
|
|
||||||
try:
|
|
||||||
user = User.objects.get(email=cut_user_data['email'], ou=ou_gnm)
|
|
||||||
except User.MultipleObjectsReturned:
|
|
||||||
if verbose:
|
|
||||||
print('bad duplicated email', cut_user_data['email'])
|
|
||||||
continue
|
|
||||||
except User.DoesNotExist:
|
|
||||||
# uuid?
|
|
||||||
try:
|
|
||||||
user = User.objects.get(uuid=cut_user_data['sub'])
|
|
||||||
except User.DoesNotExist:
|
|
||||||
# at last, create new user
|
|
||||||
if verbose:
|
|
||||||
print('creating', cut_user_data['email'])
|
|
||||||
user = User()
|
|
||||||
|
|
||||||
if (user.uuid != cut_user_data['sub'] or
|
|
||||||
user.ou != ou_gnm or
|
|
||||||
user.email != cut_user_data['email'] or
|
|
||||||
user.first_name != cut_user_data['first_name'] or
|
|
||||||
user.last_name != cut_user_data['last_name']):
|
|
||||||
if verbose:
|
|
||||||
print('updating', user.email, '->', ou_gnm)
|
|
||||||
# only touch user if there are changes
|
|
||||||
user.uuid = cut_user_data['sub']
|
|
||||||
user.ou = ou_gnm
|
|
||||||
user.email = cut_user_data['email']
|
|
||||||
user.first_name = cut_user_data['first_name']
|
|
||||||
user.last_name = cut_user_data['last_name']
|
|
||||||
user.save()
|
|
||||||
|
|
||||||
try:
|
|
||||||
OIDCAccount.objects.get_or_create(provider=cut_agents, user=user, sub=cut_user_data['sub'])
|
|
||||||
except django.db.utils.IntegrityError:
|
|
||||||
if verbose:
|
|
||||||
print('oops duplicated email?', cut_user_data['email'])
|
|
||||||
|
|
Reference in New Issue