ozwillo: log subprocess status, stdout and stderr on failures (#18785)

Also do not create the admin if the OIDC provider creation failed.
2017-09-19 12:17:13 +02:00 · 2017-09-19 12:17:13 +02:00 · 30bbc4e0f7
parent 450a8e2e68
commit 30bbc4e0f7
1 changed files with 44 additions and 30 deletions
--- a/hobo/contrib/ozwillo/views.py
+++ b/hobo/contrib/ozwillo/views.py
@ -36,6 +36,22 @@ from .models import OzwilloInstance
 logger = logging.getLogger(__name__)


+def check_call(args):
+    try:
+        process = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    except OSError as e:
+        logger.error('ozwillo: launching subprocess %s raised error %s', args, e)
+        return False
+    logger.debug('ozwillo: launching subprocess with pid %s : %s', process.pid, args)
+    stdoutdata, stderrdata = process.communicate()
+    if process.returncode != 0:
+        logger.error('ozwillo: subprocess %s failed returncode=%s stdout=%r stderr=%r',
+                     process.pid, process.returncode, stdoutdata, stderrdata)
+        return False
+    logger.debug('ozwillo: subprocess terminated')
+    return True
+
+
 def valid_signature_required(func):
    '''Validate Ozwillo signatures'''

@ -137,7 +153,7 @@ def ozwillo_deploy_thread(data):

    # Load user portal template
    logger.debug(u'ozwillo: loading combo template')
-    subprocess.check_call([
+    check_call([
        'sudo', '-u', 'combo',
        'combo-manage', 'tenant_command', 'import_site',
        '/etc/hobo/ozwillo/import-site-template.json',
@ -146,7 +162,7 @@ def ozwillo_deploy_thread(data):

    # Load agent portal template
    logger.debug(u'ozwillo: loading combo agent template')
-    subprocess.check_call([
+    check_call([
        'sudo', '-u', 'combo',
        'combo-manage', 'tenant_command', 'import_site',
        '/etc/hobo/ozwillo/import-site-agents.json',
@ -156,34 +172,33 @@ def ozwillo_deploy_thread(data):
    # Configure OIDC Ozwillo authentication
    logger.debug(u'ozwillo: configuring OIDC ozwillo authentication')
    domain_name = 'connexion-%s.%s' % (instance_name, settings.OZWILLO_ENV_DOMAIN)
-    subprocess.check_call([
-        'sudo', '-u', 'authentic-multitenant',
-        'authentic2-multitenant-manage', 'tenant_command', 'oidc-register-issuer',
-        '-d', domain_name,
-        '--scope', 'profile',
-        '--scope', 'email',
-        '--issuer', settings.OZWILLO_PLATEFORM,
-        '--client-id', client_id,
-        '--client-secret', client_secret,
-        '--claim-mapping', 'given_name first_name always_verified',
-        '--claim-mapping', 'family_name last_name always_verified',
-        '--ou-slug', 'default',
-        '--claim-mapping', 'email email required',
-        'Ozwillo'
-    ])
-
-    # Create admin user
-    logger.debug(u'ozwillo: creating admin user')
-    create_user_script = os.path.dirname(__file__) + '/scripts/create_user_ozwillo.py'
-    subprocess.check_call([
-        'sudo', '-u', 'authentic-multitenant',
-        'authentic2-multitenant-manage', 'tenant_command', 'runscript', '-d', domain_name,
-        create_user_script, user['email_address'], user['id'], user['name']
-    ])
+    if check_call([
+            'sudo', '-u', 'authentic-multitenant',
+            'authentic2-multitenant-manage', 'tenant_command', 'oidc-register-issuer',
+            '-d', domain_name,
+            '--scope', 'profile',
+            '--scope', 'email',
+            '--issuer', settings.OZWILLO_PLATEFORM,
+            '--client-id', client_id,
+            '--client-secret', client_secret,
+            '--claim-mapping', 'given_name first_name always_verified',
+            '--claim-mapping', 'family_name last_name always_verified',
+            '--ou-slug', 'default',
+            '--claim-mapping', 'email email required',
+            'Ozwillo'
+    ]):
+        # creation of the admin user depends upon the creation of provider
+        logger.debug(u'ozwillo: creating admin user')
+        create_user_script = os.path.dirname(__file__) + '/scripts/create_user_ozwillo.py'
+        check_call([
+            'sudo', '-u', 'authentic-multitenant',
+            'authentic2-multitenant-manage', 'tenant_command', 'runscript', '-d', domain_name,
+            create_user_script, user['email_address'], user['id'], user['name']
+        ])

    # Load passerelle template
    logger.debug(u'ozwillo: loading passerelle template')
-    subprocess.check_call([
+    check_call([
        'sudo', '-u', 'passerelle',
        'passerelle-manage', 'tenant_command', 'import_site',
        '/etc/hobo/ozwillo/import-site-passerelle.json',
@ -271,13 +286,13 @@ def ozwillo_destroy_thread(instance):

        tenant = '%s%s.%s' % (infos[0], instance_slug, settings.OZWILLO_ENV_DOMAIN)

-        subprocess.check_call([
+        check_call([
            'sudo', '-u', service_user, infos[1],
            'delete_tenant', '--force-drop', tenant
        ])

    tenant = '%s%s.%s' % (wcs[0], instance_slug, settings.OZWILLO_ENV_DOMAIN)
-    subprocess.check_call([
+    check_call([
        'sudo', '-u', 'wcs',
        wcs[1], '-f', '/etc/wcs/wcs-au-quotidien.cfg',
        'delete_tenant', '--force-drop', tenant
@ -285,4 +300,3 @@ def ozwillo_destroy_thread(instance):

    instance.delete()
    logger.debug(u'ozwillo: destroy thread finished')
-    return instance_slug