143 lines
4.6 KiB
Python
143 lines
4.6 KiB
Python
import contextlib
|
|
import json
|
|
import sys
|
|
|
|
from django.db import transaction
|
|
from django.utils import six
|
|
|
|
from authentic2_idp_oidc import OIDCClient
|
|
from authentic2.a2_rbac import Role, OrganizationalUnit
|
|
from authentic2.custom_user.models import User
|
|
|
|
|
|
class DryRun(Exception):
|
|
pass
|
|
|
|
|
|
@contextlib.contextmanager
|
|
def dryrun():
|
|
try:
|
|
with transaction.atomic():
|
|
yield
|
|
except DryRun:
|
|
pass
|
|
|
|
|
|
@dryrun
|
|
def do(dry=True):
|
|
content = json.load(open(sys.argv[0]))
|
|
|
|
locality = content['locality']
|
|
|
|
print "Locality ", locality['name'],
|
|
ou, created = OrganizationalUnit.objects.get_or_create(slug=locality['slug'], defaults={'name': locality['name']})
|
|
if not created:
|
|
if ou.name != locality['name']:
|
|
ou.name = locality['name']
|
|
ou.save()
|
|
print 'UPDATED'
|
|
else:
|
|
print 'unchanged'
|
|
else:
|
|
print 'CREATED'
|
|
|
|
services = {}
|
|
|
|
content_services = content.get('services', [])
|
|
assert isinstance(content_services, list)
|
|
|
|
for service in content_services:
|
|
name = service['name']
|
|
print 'Service', name
|
|
slug = service['slug']
|
|
client_id = service['client_id']
|
|
client_secret = service['client_secret']
|
|
frontchannel_logout_uri = service['frontchannel_logout_uri']
|
|
assert isinstance(frontchannel_logout_uri, six.text_type)
|
|
post_logout_redirect_uris = service.get('post_logout_redirect_uris', [])
|
|
assert isinstance(post_logout_redirect_uris, list)
|
|
open_to_all = service.get('open_to_all', False)
|
|
redirect_uris = service.get('redirect_uris', [])
|
|
assert isinstance(redirect_uris, list)
|
|
|
|
oidc_client, created = OIDCClient.objects.get_or_create(slug=service['slug'], ou=ou, defaults={
|
|
'name': name,
|
|
'client_id': client_id,
|
|
'client_secret': client_secret,
|
|
'frontchannel_logout_uri': frontchannel_logout_uri,
|
|
'post_logout_redirect_uris': '\n'.join(post_logout_redirect_uris),
|
|
'redirect_uris': '\n'.join(redirect_uris),
|
|
})
|
|
service[slug] = {
|
|
'oidc_client': oidc_client,
|
|
}
|
|
if not created:
|
|
modified = False
|
|
for key in ('name', 'client_id', 'client_secret',
|
|
'frontchannel_logout_uri', 'post_logout_redirect_uris',
|
|
'redirect_uris'):
|
|
if getattr(oidc_client, key) != locals()[key]:
|
|
setattr(oidc_client, key, locals()[key])
|
|
modified = True
|
|
# FIXME: open_to_all
|
|
if modified:
|
|
oidc_client.save()
|
|
print 'MODIFIED'
|
|
else:
|
|
print 'unchanged'
|
|
else:
|
|
print 'CREATED'
|
|
if open_to_all:
|
|
access_role, created = Role.objects.get_or_create(
|
|
slug=slug,
|
|
ou=ou,
|
|
defaults={
|
|
'name': name,
|
|
})
|
|
if not created and access_role.name != name:
|
|
access_role.name = name
|
|
access_role.save()
|
|
service_slug[slug]['access_role'] = access_role
|
|
else:
|
|
Role.objects.filter(slug=slug, ou=ou).delete()
|
|
|
|
content_users = content.get('users', [])
|
|
assert isinstance(content_users, list)
|
|
|
|
for content_user in content_users:
|
|
for string_key in ('email', 'first_name', 'last_name', 'password', 'username'):
|
|
assert string_key in content_user, 'missing key ' + string_key
|
|
value = content_user[string_key]
|
|
assert isinstance(value, six.text_type), 'invalid type for key ' + string_key
|
|
assert value, 'missing value for key ' + string_key
|
|
locals()[string_key] = content_user[string_key]
|
|
assert password.startswith('{SSHA}')
|
|
uuid = content_user.get('uuid')
|
|
assert uuid is None or (isinstance(uuid, six.text_type) and uuid)
|
|
allowed_services = content_user.get('allowed_services', [])
|
|
assert isinstance(allowed_services, list)
|
|
|
|
defaults = {
|
|
'email': email,
|
|
'first_name': first_name,
|
|
'last_name': last_name,
|
|
'password': password,
|
|
}
|
|
if uuid is not None:
|
|
defaults['username'] = username
|
|
kwargs = {
|
|
'uuid': uuid,
|
|
'defaults': defaults,
|
|
}
|
|
else:
|
|
kwargs = {
|
|
'username': username,
|
|
'defaults': defaults,
|
|
}
|
|
user, created = User.objects.get_or_create(**kwargs)
|
|
|
|
if dry:
|
|
raise DryRun
|
|
|
|
do()
|