start with some runscripts
This commit is contained in:
commit
498824172a
|
@ -0,0 +1,142 @@
|
|||
import contextlib
|
||||
import json
|
||||
import sys
|
||||
|
||||
from django.db import transaction
|
||||
from django.utils import six
|
||||
|
||||
from authentic2_idp_oidc import OIDCClient
|
||||
from authentic2.a2_rbac import Role, OrganizationalUnit
|
||||
from authentic2.custom_user.models import User
|
||||
|
||||
|
||||
class DryRun(Exception):
|
||||
pass
|
||||
|
||||
|
||||
@contextlib.contextmanager
|
||||
def dryrun():
|
||||
try:
|
||||
with transaction.atomic():
|
||||
yield
|
||||
except DryRun:
|
||||
pass
|
||||
|
||||
|
||||
@dryrun
|
||||
def do(dry=True):
|
||||
content = json.load(open(sys.argv[0]))
|
||||
|
||||
locality = content['locality']
|
||||
|
||||
print "Locality ", locality['name'],
|
||||
ou, created = OrganizationalUnit.objects.get_or_create(slug=locality['slug'], defaults={'name': locality['name']})
|
||||
if not created:
|
||||
if ou.name != locality['name']:
|
||||
ou.name = locality['name']
|
||||
ou.save()
|
||||
print 'UPDATED'
|
||||
else:
|
||||
print 'unchanged'
|
||||
else:
|
||||
print 'CREATED'
|
||||
|
||||
services = {}
|
||||
|
||||
content_services = content.get('services', [])
|
||||
assert isinstance(content_services, list)
|
||||
|
||||
for service in content_services:
|
||||
name = service['name']
|
||||
print 'Service', name
|
||||
slug = service['slug']
|
||||
client_id = service['client_id']
|
||||
client_secret = service['client_secret']
|
||||
frontchannel_logout_uri = service['frontchannel_logout_uri']
|
||||
assert isinstance(frontchannel_logout_uri, six.text_type)
|
||||
post_logout_redirect_uris = service.get('post_logout_redirect_uris', [])
|
||||
assert isinstance(post_logout_redirect_uris, list)
|
||||
open_to_all = service.get('open_to_all', False)
|
||||
redirect_uris = service.get('redirect_uris', [])
|
||||
assert isinstance(redirect_uris, list)
|
||||
|
||||
oidc_client, created = OIDCClient.objects.get_or_create(slug=service['slug'], ou=ou, defaults={
|
||||
'name': name,
|
||||
'client_id': client_id,
|
||||
'client_secret': client_secret,
|
||||
'frontchannel_logout_uri': frontchannel_logout_uri,
|
||||
'post_logout_redirect_uris': '\n'.join(post_logout_redirect_uris),
|
||||
'redirect_uris': '\n'.join(redirect_uris),
|
||||
})
|
||||
service[slug] = {
|
||||
'oidc_client': oidc_client,
|
||||
}
|
||||
if not created:
|
||||
modified = False
|
||||
for key in ('name', 'client_id', 'client_secret',
|
||||
'frontchannel_logout_uri', 'post_logout_redirect_uris',
|
||||
'redirect_uris'):
|
||||
if getattr(oidc_client, key) != locals()[key]:
|
||||
setattr(oidc_client, key, locals()[key])
|
||||
modified = True
|
||||
# FIXME: open_to_all
|
||||
if modified:
|
||||
oidc_client.save()
|
||||
print 'MODIFIED'
|
||||
else:
|
||||
print 'unchanged'
|
||||
else:
|
||||
print 'CREATED'
|
||||
if open_to_all:
|
||||
access_role, created = Role.objects.get_or_create(
|
||||
slug=slug,
|
||||
ou=ou,
|
||||
defaults={
|
||||
'name': name,
|
||||
})
|
||||
if not created and access_role.name != name:
|
||||
access_role.name = name
|
||||
access_role.save()
|
||||
service_slug[slug]['access_role'] = access_role
|
||||
else:
|
||||
Role.objects.filter(slug=slug, ou=ou).delete()
|
||||
|
||||
content_users = content.get('users', [])
|
||||
assert isinstance(content_users, list)
|
||||
|
||||
for content_user in content_users:
|
||||
for string_key in ('email', 'first_name', 'last_name', 'password', 'username'):
|
||||
assert string_key in content_user, 'missing key ' + string_key
|
||||
value = content_user[string_key]
|
||||
assert isinstance(value, six.text_type), 'invalid type for key ' + string_key
|
||||
assert value, 'missing value for key ' + string_key
|
||||
locals()[string_key] = content_user[string_key]
|
||||
assert password.startswith('{SSHA}')
|
||||
uuid = content_user.get('uuid')
|
||||
assert uuid is None or (isinstance(uuid, six.text_type) and uuid)
|
||||
allowed_services = content_user.get('allowed_services', [])
|
||||
assert isinstance(allowed_services, list)
|
||||
|
||||
defaults = {
|
||||
'email': email,
|
||||
'first_name': first_name,
|
||||
'last_name': last_name,
|
||||
'password': password,
|
||||
}
|
||||
if uuid is not None:
|
||||
defaults['username'] = username
|
||||
kwargs = {
|
||||
'uuid': uuid,
|
||||
'defaults': defaults,
|
||||
}
|
||||
else:
|
||||
kwargs = {
|
||||
'username': username,
|
||||
'defaults': defaults,
|
||||
}
|
||||
user, created = User.objects.get_or_create(**kwargs)
|
||||
|
||||
if dry:
|
||||
raise DryRun
|
||||
|
||||
do()
|
Loading…
Reference in New Issue