ozwillo: log subprocess status, stdout and stderr on failures (#18785)
Also do not create the admin if the OIDC provider creation failed.
This commit is contained in:
parent
450a8e2e68
commit
30bbc4e0f7
|
@ -36,6 +36,22 @@ from .models import OzwilloInstance
|
|||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def check_call(args):
|
||||
try:
|
||||
process = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
||||
except OSError as e:
|
||||
logger.error('ozwillo: launching subprocess %s raised error %s', args, e)
|
||||
return False
|
||||
logger.debug('ozwillo: launching subprocess with pid %s : %s', process.pid, args)
|
||||
stdoutdata, stderrdata = process.communicate()
|
||||
if process.returncode != 0:
|
||||
logger.error('ozwillo: subprocess %s failed returncode=%s stdout=%r stderr=%r',
|
||||
process.pid, process.returncode, stdoutdata, stderrdata)
|
||||
return False
|
||||
logger.debug('ozwillo: subprocess terminated')
|
||||
return True
|
||||
|
||||
|
||||
def valid_signature_required(func):
|
||||
'''Validate Ozwillo signatures'''
|
||||
|
||||
|
@ -137,7 +153,7 @@ def ozwillo_deploy_thread(data):
|
|||
|
||||
# Load user portal template
|
||||
logger.debug(u'ozwillo: loading combo template')
|
||||
subprocess.check_call([
|
||||
check_call([
|
||||
'sudo', '-u', 'combo',
|
||||
'combo-manage', 'tenant_command', 'import_site',
|
||||
'/etc/hobo/ozwillo/import-site-template.json',
|
||||
|
@ -146,7 +162,7 @@ def ozwillo_deploy_thread(data):
|
|||
|
||||
# Load agent portal template
|
||||
logger.debug(u'ozwillo: loading combo agent template')
|
||||
subprocess.check_call([
|
||||
check_call([
|
||||
'sudo', '-u', 'combo',
|
||||
'combo-manage', 'tenant_command', 'import_site',
|
||||
'/etc/hobo/ozwillo/import-site-agents.json',
|
||||
|
@ -156,34 +172,33 @@ def ozwillo_deploy_thread(data):
|
|||
# Configure OIDC Ozwillo authentication
|
||||
logger.debug(u'ozwillo: configuring OIDC ozwillo authentication')
|
||||
domain_name = 'connexion-%s.%s' % (instance_name, settings.OZWILLO_ENV_DOMAIN)
|
||||
subprocess.check_call([
|
||||
'sudo', '-u', 'authentic-multitenant',
|
||||
'authentic2-multitenant-manage', 'tenant_command', 'oidc-register-issuer',
|
||||
'-d', domain_name,
|
||||
'--scope', 'profile',
|
||||
'--scope', 'email',
|
||||
'--issuer', settings.OZWILLO_PLATEFORM,
|
||||
'--client-id', client_id,
|
||||
'--client-secret', client_secret,
|
||||
'--claim-mapping', 'given_name first_name always_verified',
|
||||
'--claim-mapping', 'family_name last_name always_verified',
|
||||
'--ou-slug', 'default',
|
||||
'--claim-mapping', 'email email required',
|
||||
'Ozwillo'
|
||||
])
|
||||
|
||||
# Create admin user
|
||||
logger.debug(u'ozwillo: creating admin user')
|
||||
create_user_script = os.path.dirname(__file__) + '/scripts/create_user_ozwillo.py'
|
||||
subprocess.check_call([
|
||||
'sudo', '-u', 'authentic-multitenant',
|
||||
'authentic2-multitenant-manage', 'tenant_command', 'runscript', '-d', domain_name,
|
||||
create_user_script, user['email_address'], user['id'], user['name']
|
||||
])
|
||||
if check_call([
|
||||
'sudo', '-u', 'authentic-multitenant',
|
||||
'authentic2-multitenant-manage', 'tenant_command', 'oidc-register-issuer',
|
||||
'-d', domain_name,
|
||||
'--scope', 'profile',
|
||||
'--scope', 'email',
|
||||
'--issuer', settings.OZWILLO_PLATEFORM,
|
||||
'--client-id', client_id,
|
||||
'--client-secret', client_secret,
|
||||
'--claim-mapping', 'given_name first_name always_verified',
|
||||
'--claim-mapping', 'family_name last_name always_verified',
|
||||
'--ou-slug', 'default',
|
||||
'--claim-mapping', 'email email required',
|
||||
'Ozwillo'
|
||||
]):
|
||||
# creation of the admin user depends upon the creation of provider
|
||||
logger.debug(u'ozwillo: creating admin user')
|
||||
create_user_script = os.path.dirname(__file__) + '/scripts/create_user_ozwillo.py'
|
||||
check_call([
|
||||
'sudo', '-u', 'authentic-multitenant',
|
||||
'authentic2-multitenant-manage', 'tenant_command', 'runscript', '-d', domain_name,
|
||||
create_user_script, user['email_address'], user['id'], user['name']
|
||||
])
|
||||
|
||||
# Load passerelle template
|
||||
logger.debug(u'ozwillo: loading passerelle template')
|
||||
subprocess.check_call([
|
||||
check_call([
|
||||
'sudo', '-u', 'passerelle',
|
||||
'passerelle-manage', 'tenant_command', 'import_site',
|
||||
'/etc/hobo/ozwillo/import-site-passerelle.json',
|
||||
|
@ -271,13 +286,13 @@ def ozwillo_destroy_thread(instance):
|
|||
|
||||
tenant = '%s%s.%s' % (infos[0], instance_slug, settings.OZWILLO_ENV_DOMAIN)
|
||||
|
||||
subprocess.check_call([
|
||||
check_call([
|
||||
'sudo', '-u', service_user, infos[1],
|
||||
'delete_tenant', '--force-drop', tenant
|
||||
])
|
||||
|
||||
tenant = '%s%s.%s' % (wcs[0], instance_slug, settings.OZWILLO_ENV_DOMAIN)
|
||||
subprocess.check_call([
|
||||
check_call([
|
||||
'sudo', '-u', 'wcs',
|
||||
wcs[1], '-f', '/etc/wcs/wcs-au-quotidien.cfg',
|
||||
'delete_tenant', '--force-drop', tenant
|
||||
|
@ -285,4 +300,3 @@ def ozwillo_destroy_thread(instance):
|
|||
|
||||
instance.delete()
|
||||
logger.debug(u'ozwillo: destroy thread finished')
|
||||
return instance_slug
|
||||
|
|
Loading…
Reference in New Issue